Closed Bug 1276409 Opened 4 years ago Closed 4 years ago

Refactor lint image to use ubuntu rather than node as a base


(Taskcluster Graveyard :: Docker Images, defect)

Not set


(Not tracked)



(Reporter: ahal, Assigned: ahal)




(1 file)

I want to re-use this image for other (non-eslint) jobs as well. Using ubuntu as a starting point seems a bit cleaner than the node image. I'll also refactor the setup a bit to use tooltool to install e.g taskcluster-vcs rather than hitting the net with npm.
The ES job uses an image based on the official node image. While this was convenient
for eslint, it is a bit less convenient for other things. I want to use this image
for all lint jobs, and switching the base to a generic ubuntu image seems a bit cleaner.

I chose 16.04 for no good reason other than it is the most recent, and we might as well.
Node v4.4.5 and taskcluster-vcs have been uploaded to tooltool.

Review commit:
See other reviews:
Attachment #8757660 - Flags: review?(dustin)
Sorry for the churn, forgot to amend the bug number in my commit message. Here's a working try run:

Mossop, I figured you don't want to be the maintainer of this anymore seeing as it will soon be used for more than just eslint. Please let me know if you still want to maintain it.
Assignee: nobody → ahalberstadt
Comment on attachment 8757660 [details]
MozReview Request: Bug 1276409 - Use a generic ubuntu image as a base for the lint image, r?dustin

::: testing/docker/lint/
(Diff revision 1)
> +[
> +{
> +    "size": 8310316,
> +    "digest": "95f4fa3d9b215348393dfac4a1c5eff72e9ef85dca38eb69cc8e6c1fe5aada0136c3b182dc04ed5c19fb69f0ac7df85d9c4045b9eb382fcb545b0ccacfece25b",
> +    "algorithm": "sha512",
> +    "filename": "node-v4.4.5-linux-x64.tar.xz"

This, and tc-vcs below, do not necessarily need to be stored in tooltool.  Docker image builds need to be safe against injection of malicious software (so, checking the hash), but not necessarily fast or depending only on Mozilla infrastructure.

Since this is already on tooltool and working, we might as well keep it, but please add a comment here indicating to the next person to modify this file that there is another alternative (maybe just point to this bug comment?)

(apologies for reproducing what I said on bug 1273634 - that's what I get for reviewing on a Sunday)
Attachment #8757660 - Flags: review?(dustin) → review+
Ah good to know. So basically manually run sha512sum on the downloaded file and hardcode that into How would you recommend handling tc-vcs, previously it was being installed via npm and wasn't checking any hashes. The tarball with all dependencies doesn't exist anywhere (afaik) so tooltool seems to make sense for that at least.

Also, how concerned should I be about unnecessary stuff on tooltool? I uploaded a tar.xz version of tc-vcs that I didn't end up using. Is there a way to delete it?
Flags: needinfo?(dustin)
Comment on attachment 8757660 [details]
MozReview Request: Bug 1276409 - Use a generic ubuntu image as a base for the lint image, r?dustin

Review request updated; see interdiff:
Yeah, this may be the best solution for tc-vcs, since the whole blob is not available anywhere else.  npm's security is .. not the greatest :(

There's no deleting from tooltool, by design, so don't worry about it.
Flags: needinfo?(dustin)
Closed: 4 years ago
Resolution: --- → FIXED
Product: Taskcluster → Taskcluster Graveyard
You need to log in before you can comment on or make changes to this bug.