Build checks in container #1012
Conversation
chrisplo
changed the title
chrisplo
changed the title
Makefile
Outdated
| tar: compile-with-docker | ||
| docker run --rm netplugin-build:$(NETPLUGIN_CONTAINER_TAG) \ | ||
| -C /go/src/github.com/contiv/netplugin netplugin-version \ | ||
| | tar -x netplugin-version |
There was a problem hiding this comment.
Please use docker cp here. Piping can break if there's any Docker regression.
There was a problem hiding this comment.
From the docs: docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-
At this point there has never been a container, only an image, so there is no way I could use docker cp (without docker run, then docker cp, then docker rm)
There was a problem hiding this comment.
@chrisplo: You can use docker create to create a container without running. You can remove it with docker rm.
Relying on the stdout isn't recommended. There have been regressions in the past with relying on piping from stdout and piping via stdin.
There was a problem hiding this comment.
cool, I'll update with create/cp
There was a problem hiding this comment.
actually did this in #1008, and removed this section as we don't depend on it for this PR
Makefile
Outdated
| docker run --rm netplugin-build:$(NETPLUGIN_CONTAINER_TAG) \ | ||
| -C /go/src/github.com/contiv/netplugin netplugin-version \ | ||
| | tar -x netplugin-version | ||
| docker run --rm netplugin-build:$(NETPLUGIN_CONTAINER_TAG) \ |
There was a problem hiding this comment.
This is the same as above - it should be done using docker cp.
There was a problem hiding this comment.
did this in #1008, and removed this section as we don't depend on it for this PR
scripts/code_checks.sh
Outdated
| @@ -0,0 +1,19 @@ | |||
| #!/bin/bash | |||
There was a problem hiding this comment.
Please keep using the Makefile checks for now. This script would get blown away soon.
Dockerfile-check
Outdated
| WORKDIR /go/src/github.com/contiv/netplugin/ | ||
| ENTRYPOINT ["/code_checks.sh"] | ||
|
|
||
| RUN go get github.com/tools/godep github.com/aktau/github-release \ |
There was a problem hiding this comment.
Please use https://github.com/contiv/netplugin/blob/master/scripts/deps by invoking the right Makefile target.
chrisplo
changed the title
chrisplo
force-pushed
the
build_checks_in_container
branch
2 times, most recently
from
01da373 to
8b4fa20
Compare
chrisplo
changed the title
Dockerfile-check
Outdated
| @@ -0,0 +1,15 @@ | |||
| ARG TAG=latest | |||
There was a problem hiding this comment.
General comments on this file:
We do something similar already in auth_proxy, take a look at Dockerfile.checks
In general, we want to COPY in the code to be checked as one of the last operations in the Dockerfile (for caching reasons). Bindmounting + SELinux = nightmare land, and it also prevents the use of docker-machine in general
There was a problem hiding this comment.
COPY is at the end, though this ARG was leftover from an earlier incantation (for FROM) I'll remove
There was a problem hiding this comment.
Right, you're COPYing in the script, that's fine...
What I'm saying is we need to COPY in all the code to be checked, e.g.,:
COPY ./ /go/src/github.com/contiv/netpluginWe shouldn't use a bindmount on line 95 in Makefile
scripts/code_checks.sh
Outdated
| @@ -0,0 +1,19 @@ | |||
| #!/bin/bash | |||
There was a problem hiding this comment.
Unrelated to whatever script we end up using, these tools are slooooooow unless you exclude vendor. PTAL at https://github.com/contiv/auth_proxy/blob/6340df9b07a1723e2419069ebb5c0d5be6850a2e/scripts/checks_in_container.sh#L10-L11
There was a problem hiding this comment.
agreed, I borrowed PKG_DIRS which already filtered out vendor
EXCLUDE_DIRS := bin docs Godeps scripts vagrant vendor install
PKG_DIRS :=
chrisplo
force-pushed
the
build_checks_in_container
branch
from
8b4fa20 to
fda2c9a
Compare
Dockerfile-check
Outdated
|
|
||
| WORKDIR /go/src/github.com/contiv/netplugin/ | ||
|
|
||
| RUN go get github.com/tools/godep github.com/aktau/github-release \ |
There was a problem hiding this comment.
Is github.com/aktau/github-release here intentionally? 😄
There was a problem hiding this comment.
was copied, removed!
chrisplo
force-pushed
the
build_checks_in_container
branch
from
fda2c9a to
bc62324
Compare
Before the only option was to spin up a VM to run code checks, which is expensive in terms of time. Add Dockerfile-check to provide a container build for a runtime environment that supports go tool vet, gofmt, and golint Add script 'code_checks_in_docker.sh' intended to be run inside the Dockerfile-check container that runs `make checks` which in turn runs a variety of go code checks against packages passed in. Checks are reordered so more severe issues (e.g. functional) are resolved before less severe ones (e.g. formatting). Some checks are upated to be simpler and faster because the command accept multiple directories and recurse automatically. Drive-by: * removed some trailing whitespace * added more exclusions in dockerignore * variables for go check commands not needed, they are only refernced once and require a visual lookup to find what the command actually is Signed-off-by: Chris Plock <[email protected]>
|
@unclejack PTAL and merge if it looks good to you |
|
build pr |
|
LGTM, thx for fixing vet/lint/fmt. |
|
build PR |
1 similar comment
|
build PR |
Before the only option was to spin up a VM to run code checks, which is
expensive in terms of time.
Add Dockerfile-check to provide a container build for a runtime
environment that supports go tool vet, gofmt, and golint
Add script 'code_checks_in_docker.sh' intended to be run inside the
Dockerfile-check container that runs
make checkswhich in turn runs avariety of go code checks against packages passed in.
Checks are reordered so more severe issues (e.g. functional) are
resolved before less severe ones (e.g. formatting).
Some checks are upated to be simpler and faster because the command
accept multiple directories and recurse automatically.
Drive-by:
once and require a visual lookup to find what the command actually
is
Signed-off-by: Chris Plock [email protected]