From c165e82c78d616473617bf6936d996ee3f06a706 Mon Sep 17 00:00:00 2001 From: Fabien Boucher Date: Thu, 5 Oct 2023 11:10:18 +0000 Subject: [PATCH] container-image: provide a Monocle container based on UBI 8 The Monocle build is done with ghc 9.4.6 Using 9.6.x was made difficult due to dependencies requierments issues. This patch includes changes: - Remove usage of `isLowerCase` as only available in base >= 4.18 - Add some overrides in cabal-override.project - Cap effectful-core to monocle.cabal to match the version used via Nix. 2.3.0.0 brings functions type changes. --- DockerfileUBI | 108 +++++++++++++++++++++++++++++++++++++++++ cabal-override.project | 33 +++++++++++-- monocle.cabal | 8 +-- src/Monocle/Config.hs | 4 +- 4 files changed, 143 insertions(+), 10 deletions(-) create mode 100644 DockerfileUBI diff --git a/DockerfileUBI b/DockerfileUBI new file mode 100644 index 000000000..ff83d1f07 --- /dev/null +++ b/DockerfileUBI @@ -0,0 +1,108 @@ +# Monocle. +# Copyright (C) 2023 Monocle authors +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +# This Container file builds an an alternative image based on the Universal Base Image +# maintained by Red Hat. This Monocle build might be slightly different than +# the build from the official Monocle base image based on Nix (ghc version and some +# dependencies version might differ). + + +##### Monocle binary build ##### + +FROM registry.access.redhat.com/ubi8/ubi as ubi-builder + +# Install gpg keys +RUN gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 7D1E8AFD1D4A16D71FADA2F2CCC85C0E40C06A8C +RUN gpg --batch --keyserver keyserver.ubuntu.com --recv-keys FE5AB6C91FEA597C3B31180B73EDE9E8CFBAEF01 +RUN gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 88B57FCF7DB53B4DB3BFA4B1588764FBE22D19C4 +RUN gpg --batch --keyserver keyserver.ubuntu.com --recv-keys EAF2A9A722C0C96F2B431CA511AAD8CEDEE0CAEF + +# Install ghcup +RUN \ + curl https://downloads.haskell.org/~ghcup/x86_64-linux-ghcup > /usr/bin/ghcup && \ + chmod +x /usr/bin/ghcup && \ + ghcup config set gpg-setting GPGStrict + +# Install build deps for ghcup +RUN dnf install -y \ + make \ + gcc \ + gcc-c++ + + +ARG GHC=9.4.6 +ARG CABAL=latest + +# Install GHC and cabal +RUN \ + ghcup -v install ghc --isolate /usr/local --force ${GHC} && \ + ghcup -v install cabal --isolate /usr/local/bin --force ${CABAL} + +# Install build deps for Monocle +RUN dnf install -y \ + git \ + openssl-devel \ + gmp-devel \ + ncurses-devel \ + ncurses-compat-libs \ + zlib-devel + +# Copy source tree +COPY . /build + +# Build Monocle +RUN cd /build && \ + cabal update && \ + cabal build --project-file=cabal-override.project && \ + cp $(find dist-newstyle/build/*/*/*/*/monocle/build/ -name monocle -type f) / + +##### Monocle Web UI build ##### + +FROM registry.fedoraproject.org/fedora:35 as web-builder + +RUN dnf update -y && dnf install -y nodejs git + +# set working directory +WORKDIR /monocle-webapp +ENV PATH /monocle-webapp/node_modules/.bin:$PATH + +# copy files to install js modules +COPY web/package.json /monocle-webapp/ +COPY web/bsconfig.json /monocle-webapp/ +COPY web/package-lock.json /monocle-webapp/ + +# install dependencies +RUN npm install + +# copy source files +COPY web/build.js /monocle-webapp/ +COPY web/public /monocle-webapp/public/ +COPY web/src /monocle-webapp/src/ + +# install dependencies (sed is ugly hack to make warning errors) +RUN sed -e 's|-bs-no-version-header|-bs-no-version-header", "-warn-error -a+5+6+27+101+109|' -i bsconfig.json && npm run build + +##### Setup final image ##### + +FROM registry.access.redhat.com/ubi8/ubi + +COPY --from=ubi-builder /monocle /bin/ +COPY --from=web-builder /monocle-webapp/build /usr/share/monocle/webapp/ + +# Ensure runtime commands +RUN dnf install -y curl && \ + dnf clean all && \ + rm -rf /var/cache/yum \ No newline at end of file diff --git a/cabal-override.project b/cabal-override.project index ecefbc8ef..9b3808942 100644 --- a/cabal-override.project +++ b/cabal-override.project @@ -3,8 +3,33 @@ package proto3-suite packages: . --- Enable bytestring-11 +-- dhall expects aeson < 2.2 +constraints: aeson < 2.2 + +source-repository-package + type: git + location: https://github.com/awakesecurity/proto3-suite + tag: 88ca7ae30f3ab45a1ca09e348cbeb2c0afac2bb5 + +source-repository-package + type: git + location: https://github.com/awakesecurity/proto3-wire + tag: 6dcc557fc9d3ffcbfe45c6bea4969830f9e0de9c + +source-repository-package + type: git + location: https://github.com/softwarefactory-project/gerrit-haskell + tag: daa44c450f819f3af2879099ec065c1efb973ef8 + +-- Need Relax bounds: servant, servant-server +source-repository-package + type: git + location: https://github.com/haskell-servant/servant-lucid + tag: 28faa2b57ab01b105c35f30908630900f55b5576 + +-- Need Relax bounds: default base version due to ghc version source-repository-package - type: git - location: https://github.com/klangner/text-time - tag: 1ff65c2c8845e3fdd99900054f0596818a95c316 + type: git + location: https://github.com/well-typed/cborg + tag: c8013b3474d876f4da56c869d57e3f3ac7f42dc6 + subdir: cborg-json diff --git a/monocle.cabal b/monocle.cabal index 4a666f89d..7f111384c 100644 --- a/monocle.cabal +++ b/monocle.cabal @@ -108,7 +108,7 @@ common codegen , containers >= 0.6 , deepseq >= 1.4 , proto3-suite >= 0.5.0 - , proto3-wire >= 1.2.0 + , proto3-wire >= 1.4.0 , text , vector >= 0.12 @@ -137,7 +137,7 @@ library , dhall-yaml >= 1.2 , directory , either >= 5 - , effectful + , effectful < 2.3.0.0 , effectful-core -- , effectful-plugin , envparse >= 0.4 @@ -152,7 +152,7 @@ library , http-client >= 0.6 , http-client-openssl >= 0.3 , http-mock >= 0.1 - , http-types >=0.12 + , http-types >= 0.12 , json-syntax >= 0.2 , jose >= 0.9 , list-t @@ -170,7 +170,7 @@ library , parser-combinators >= 1.2 , prometheus-client >= 1.0 , prometheus-metrics-ghc >= 1.0 - , proto3-suite >= 0.5.0 + , proto3-suite >= 0.6.0 , qq-literals , relude >= 1.0 , retry-effectful diff --git a/src/Monocle/Config.hs b/src/Monocle/Config.hs index 9fc668361..8e9442c18 100644 --- a/src/Monocle/Config.hs +++ b/src/Monocle/Config.hs @@ -87,7 +87,7 @@ module Monocle.Config ( import Data.Aeson qualified as Aeson import Data.ByteString qualified as BS -import Data.Char (isLetter, isLowerCase) +import Data.Char (isLetter, isLower) import Data.Either.Validation (Validation (Failure, Success)) import Data.Map qualified as Map import Data.Text qualified as T @@ -502,7 +502,7 @@ mkIndexName name = do let check explanation p = if p then Right () else Left explanation check "Is empty" $ not $ T.null name check "Is longer than 255 bytes" $ BS.length (T.encodeUtf8 name) < 256 - check "Contains uppercase letter(s)" $ T.all (\x -> not (isLetter x) || isLowerCase x) name + check "Contains uppercase letter(s)" $ T.all (\x -> not (isLetter x) || isLower x) name check "Includes [\\/*?\"<>| ,#:]" $ T.all (flip @_ @String notElem "\\/*?\"<>| ,#:") name check "Is (.|..)" $ notElem name [".", ".."] check "Starts with [-_+.]" $ maybe False (flip @_ @String notElem "-_+." . fst) $ T.uncons name