diff --git a/.dockerignore b/.dockerignore index e09923a..b1c5c35 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,6 +1,8 @@ # Git .git .gitignore +.gitattributes +.github/ # Python __pycache__/ @@ -24,11 +26,31 @@ wheels/ .installed.cfg *.egg MANIFEST +.pytest_cache/ +.mypy_cache/ +.ruff_cache/ +.tox/ # Virtual environments venv/ env/ ENV/ +.venv/ + +# Node.js +node_modules/ +npm-debug.log +yarn-error.log +.npm/ +package-lock.json + +# Go +/bin/ +/vendor/ + +# Rust +target/ +Cargo.lock # IDE .vscode/ @@ -40,6 +62,7 @@ ENV/ # OS .DS_Store Thumbs.db +.env* # Logs *.log @@ -48,13 +71,17 @@ logs/ # Test coverage .coverage htmlcov/ -.pytest_cache/ +coverage/ + +# CI/CD +.gitlab-ci.yml +.travis.yml +azure-pipelines.yml -# Environment files -.env -.env.local -.env.prod -.env.staging +# Documentation (optional—comment out if needed in build context) +# docs/ +# *.md +# README* # Documentation docs/ @@ -93,9 +120,6 @@ data/ uploads/ temp/ -# Node modules (if any) -node_modules/ - # Temporary files *.tmp diff --git a/docker/nodejs.Dockerfile b/docker/nodejs.Dockerfile index 5940728..2f3d48a 100644 --- a/docker/nodejs.Dockerfile +++ b/docker/nodejs.Dockerfile @@ -12,7 +12,7 @@ ARG VCS_REF ################################ # Builder stage - install packages with native addons ################################ -FROM dhi.io/node:25.4-debian13-dev AS builder +FROM dhi.io/node:26.1-debian13-dev AS builder SHELL ["/bin/bash", "-o", "pipefail", "-c"] @@ -38,7 +38,7 @@ RUN --mount=type=cache,target=/root/.npm \ ################################ # Runtime dependencies stage ################################ -FROM dhi.io/node:25.4-debian13-dev AS runtime-deps +FROM dhi.io/node:26.1-debian13-dev AS runtime-deps SHELL ["/bin/bash", "-o", "pipefail", "-c"] @@ -54,7 +54,7 @@ RUN mkdir -p /usr/lib/x86_64-linux-gnu /usr/lib/aarch64-linux-gnu /mnt/data && \ ################################ # Final stage - minimal runtime image ################################ -FROM dhi.io/node:25.4-debian13 AS final +FROM dhi.io/node:26.1-debian13 AS final ARG BUILD_DATE ARG VERSION diff --git a/docker/php.Dockerfile b/docker/php.Dockerfile index c4cdaad..2614e03 100644 --- a/docker/php.Dockerfile +++ b/docker/php.Dockerfile @@ -3,7 +3,7 @@ # PHP version configuration - single source of truth # These must be declared before any FROM to be available in all stages. -ARG PHP_VERSION=8.5.3 +ARG PHP_VERSION=8.5.6 ARG PHP_MAJOR=8.5 ARG DEBIAN_VERSION=debian13 diff --git a/docker/requirements/java-deps.txt b/docker/requirements/java-deps.txt index 7b9754d..682c8f7 100644 --- a/docker/requirements/java-deps.txt +++ b/docker/requirements/java-deps.txt @@ -7,7 +7,7 @@ https://repo1.maven.org/maven2/org/apache/commons/commons-csv/1.10.0/commons-csv https://repo1.maven.org/maven2/org/apache/commons/commons-lang3/3.14.0/commons-lang3-3.14.0.jar 7b96bf3ee68949abb5bc465559ac270e0551596fa34523fddf890ec418dde13c https://repo1.maven.org/maven2/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1.jar 1e56d7b058d28b65abd256b8458e3885b674c1d588fa43cd7d1cbb9c7ef2b308 https://repo1.maven.org/maven2/org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar 1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1 -https://repo1.maven.org/maven2/org/apache/commons/commons-compress/1.25.0/commons-compress-1.25.0.jar d0ec8014ebbb0749f471803122b21796afddf2e98e194e4374622e5fbaf69f49 +https://repo1.maven.org/maven2/org/apache/commons/commons-compress/1.27.1/commons-compress-1.27.1.jar 293d80f54b536b74095dcd7ea3cf0a29bbfc3402519281332495f4420d370d16 https://repo1.maven.org/maven2/org/apache/commons/commons-text/1.11.0/commons-text-1.11.0.jar 2acf30a070b19163d5a480eae411a281341e870020e3534c6d5d4c8472739e30 # Jackson JSON https://repo1.maven.org/maven2/com/fasterxml/jackson/core/jackson-core/2.16.0/jackson-core-2.16.0.jar 66e2cde4cc7e565d5fce2a2998b64e991777bf9fad4d220735c525fd8d01c31a @@ -19,8 +19,8 @@ https://repo1.maven.org/maven2/org/apache/poi/poi-ooxml/5.2.5/poi-ooxml-5.2.5.ja https://repo1.maven.org/maven2/org/apache/poi/poi-ooxml-lite/5.2.5/poi-ooxml-lite-5.2.5.jar 6d4ce6736c422c52e47ffbfa08c784e1b8c188efb69583ac001a0ab16022d774 https://repo1.maven.org/maven2/org/apache/xmlbeans/xmlbeans/5.2.0/xmlbeans-5.2.0.jar 5a344f323c049b7024edd39bbd58a38e77eb44218aad2794879e7f4ac3ca1de1 # Apache PDFBox -https://repo1.maven.org/maven2/org/apache/pdfbox/pdfbox/3.0.1/pdfbox-3.0.1.jar 2b7a9f1fe4ba1aa76a1408ad2d47a906cee4925d61ba306dec543637a1cb7c8c -https://repo1.maven.org/maven2/org/apache/pdfbox/fontbox/3.0.1/fontbox-3.0.1.jar 9d2c2d38449299cd0d821a2f6f65671433251448d3df579faffd0f87361c7c7e +https://repo1.maven.org/maven2/org/apache/pdfbox/pdfbox/3.0.4/pdfbox-3.0.4.jar 09a0ff27d6f84a1dc40060cb0a01decf2ad4ef91c36bc91b9836c254be8aae45 +https://repo1.maven.org/maven2/org/apache/pdfbox/fontbox/3.0.4/fontbox-3.0.4.jar 2deec6232f5d6d3b31276592d31680ae9722af57d24cb0f76da70e2ba0e99e12 # Google Guava https://repo1.maven.org/maven2/com/google/guava/guava/33.0.0-jre/guava-33.0.0-jre.jar f4d85c3e4d411694337cb873abea09b242b664bb013320be6105327c45991537 # Gson (alternative JSON) diff --git a/docker/requirements/python-utilities.txt b/docker/requirements/python-utilities.txt index 171c571..b0c214a 100644 --- a/docker/requirements/python-utilities.txt +++ b/docker/requirements/python-utilities.txt @@ -1,6 +1,6 @@ # Cryptography and security bcrypt>=4.2.1 -cryptography>=44.0.0 +cryptography>=44.0.1 passlib>=1.7.4 pycryptodome>=3.21.0 PyNaCl>=1.5.0 diff --git a/docker/rust.Dockerfile b/docker/rust.Dockerfile index a62f658..5b7a9cb 100644 --- a/docker/rust.Dockerfile +++ b/docker/rust.Dockerfile @@ -11,7 +11,7 @@ FROM ${RUNNER_IMAGE} AS runner ################################ # Builder stage - compile crate dependencies ################################ -FROM dhi.io/rust:1.93-debian13-dev AS builder +FROM dhi.io/rust:1.95.0-debian13-dev AS builder SHELL ["/bin/bash", "-o", "pipefail", "-c"] @@ -48,7 +48,7 @@ RUN rm -rf /tmp/rust-cache/src /tmp/rust-cache/Cargo.toml /tmp/rust-cache/Cargo. ################################ # Final stage - runtime only ################################ -FROM dhi.io/rust:1.93-debian13-dev AS final +FROM dhi.io/rust:1.95.0-debian13-dev AS final ARG BUILD_DATE ARG VERSION @@ -60,13 +60,17 @@ LABEL org.opencontainers.image.title="KubeCodeRun Rust Environment" \ org.opencontainers.image.created="${BUILD_DATE}" \ org.opencontainers.image.revision="${VCS_REF}" -# Runtime libraries only - no -dev packages (reduced attack surface) +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +# Runtime libraries only - pre-compiled crates link against these # These are linked by the pre-compiled crates: image, plotters (freetype/fontconfig) RUN apt-get update && \ DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ libssl3t64 \ libfontconfig1 \ libfreetype6 \ + && apt-get autoremove -y \ + && apt-get clean \ && rm -rf /var/lib/apt/lists/* # Copy entire cargo home (registry, config, env) and pre-compiled target diff --git a/scripts/build-images.sh b/scripts/build-images.sh index eec4b88..becadb9 100755 --- a/scripts/build-images.sh +++ b/scripts/build-images.sh @@ -20,7 +20,7 @@ # DHI_PASSWORD Password for dhi.io registry login # # Examples: -# ./scripts/build-images.sh # Build all images in parallel +# ./scripts/build-images.sh # Build all images in parallel (linux/amd64) # ./scripts/build-images.sh go # Build only the go image with full output # ./scripts/build-images.sh --no-cache rust # Build rust image without cache @@ -34,6 +34,7 @@ DOCKER_DIR="$PROJECT_ROOT/docker" TAG="latest" PREFIX="kcr" # Local image prefix to avoid conflicts with official images REGISTRY="" # When set, overrides PREFIX (for pushing to registries) +PLATFORM="linux/amd64" # Target platform for builds PUSH=false NO_CACHE="" SEQUENTIAL=false @@ -193,7 +194,7 @@ build_image() { # shellcheck disable=SC2086 build_output=$(docker build \ - --platform linux/amd64 \ + --platform "$PLATFORM" \ $NO_CACHE \ --build-arg VERSION="$TAG" \ --build-arg BUILD_DATE="$build_date" \ @@ -286,7 +287,7 @@ build_single_image() { vcs_ref=$(git -C "$PROJECT_ROOT" rev-parse --short HEAD 2>/dev/null || echo "unknown") # shellcheck disable=SC2086 docker build \ - --platform linux/amd64 \ + --platform "$PLATFORM" \ $NO_CACHE \ --build-arg VERSION="$TAG" \ --build-arg BUILD_DATE="$build_date" \ @@ -341,6 +342,7 @@ main() { echo "║ KubeCodeRun Docker Image Builder ║" echo "╠══════════════════════════════════════════════════════════╣" echo "║ Tag: ${TAG}" + echo "║ Platform: ${PLATFORM}" if [[ -n "$REGISTRY" ]]; then echo "║ Registry: ${REGISTRY}" fi diff --git a/scripts/validate-multiarch-builds.sh b/scripts/validate-multiarch-builds.sh new file mode 100755 index 0000000..b18b16e --- /dev/null +++ b/scripts/validate-multiarch-builds.sh @@ -0,0 +1,92 @@ +#!/usr/bin/env bash +# Validate multi-arch Docker builds for modified Dockerfiles. +# Uses the multiarch-builder (BuildKit) — no push, no local load. +# Cleans up any locally loaded test images after validation. +# +# Usage: ./scripts/validate-multiarch-builds.sh [branch] +# branch: feat-shell-languages | feat-csharp-support | chore-dockerfiles-upgrade +# (defaults to current branch) + +set -euo pipefail + +BUILDER="multiarch-builder" +REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" +CURRENT_BRANCH="$(git -C "$REPO_ROOT" rev-parse --abbrev-ref HEAD)" +TARGET_BRANCH="${1:-$CURRENT_BRANCH}" + +# Colours +GREEN='\033[0;32m' +RED='\033[0;31m' +YELLOW='\033[1;33m' +NC='\033[0m' + +pass() { echo -e "${GREEN}✓ PASS${NC} $*"; } +fail() { echo -e "${RED}✗ FAIL${NC} $*"; FAILED+=("$*"); } +info() { echo -e "${YELLOW}→${NC} $*"; } + +FAILED=() + +build_test() { + local dockerfile="$1" + local platform="$2" + local label="$3" + + info "Building $label ($platform) …" + if docker buildx build \ + --builder "$BUILDER" \ + --platform "$platform" \ + --file "$REPO_ROOT/docker/${dockerfile}" \ + --output "type=image,push=false" \ + "$REPO_ROOT/docker" 2>&1; then + pass "$label ($platform)" + else + fail "$label ($platform)" + fi +} + +echo "========================================" +echo " KubeCodeRun multi-arch build validator" +echo " Branch: $TARGET_BRANCH" +echo "========================================" +echo + +# ── feat-shell-languages ──────────────────────────────────────────────────── +if [[ "$TARGET_BRANCH" == "feat-shell-languages" ]]; then + info "Checking out $TARGET_BRANCH …" + git -C "$REPO_ROOT" checkout "$TARGET_BRANCH" + + build_test "shell.Dockerfile" "linux/amd64" "shell" + build_test "shell.Dockerfile" "linux/arm64" "shell" +fi + +# ── feat-csharp-support ───────────────────────────────────────────────────── +if [[ "$TARGET_BRANCH" == "feat-csharp-support" ]]; then + info "Checking out $TARGET_BRANCH …" + git -C "$REPO_ROOT" checkout "$TARGET_BRANCH" + + build_test "csharp.Dockerfile" "linux/amd64" "csharp" + build_test "csharp.Dockerfile" "linux/arm64" "csharp" +fi + +# ── chore-dockerfiles-upgrade ─────────────────────────────────────────────── +if [[ "$TARGET_BRANCH" == "chore-dockerfiles-upgrade" ]]; then + info "Checking out $TARGET_BRANCH …" + git -C "$REPO_ROOT" checkout "$TARGET_BRANCH" + + build_test "nodejs.Dockerfile" "linux/amd64" "nodejs" + build_test "php.Dockerfile" "linux/amd64" "php" + build_test "rust.Dockerfile" "linux/amd64" "rust" +fi + +# ── summary ───────────────────────────────────────────────────────────────── +echo +echo "========================================" +if [[ ${#FAILED[@]} -eq 0 ]]; then + echo -e "${GREEN}All builds passed.${NC}" +else + echo -e "${RED}${#FAILED[@]} build(s) failed:${NC}" + for f in "${FAILED[@]}"; do + echo " - $f" + done + exit 1 +fi