1276409 - Refactor lint image to use ubuntu rather than node as a base

Status: RESOLVED FIXED

(Taskcluster Graveyard :: Docker Images, defect)

Description

[Andrew Halberstadt [:ahal]]

I want to re-use this image for other (non-eslint) jobs as well. Using ubuntu as a starting point seems a bit cleaner than the node image. I'll also refactor the setup a bit to use tooltool to install e.g taskcluster-vcs rather than hitting the net with npm.

Comment 1

[Andrew Halberstadt [:ahal]]

Attachment: MozReview Request: Bug 1276409 - Use a generic ubuntu image as a base for the lint image, r?dustin

The ES job uses an image based on the official node image. While this was convenient
for eslint, it is a bit less convenient for other things. I want to use this image
for all lint jobs, and switching the base to a generic ubuntu image seems a bit cleaner.

I chose 16.04 for no good reason other than it is the most recent, and we might as well.
Node v4.4.5 and taskcluster-vcs have been uploaded to tooltool.

Review commit: https://reviewboard.mozilla.org/r/56064/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/56064/

Comment 2

[Andrew Halberstadt [:ahal]]

Sorry for the churn, forgot to amend the bug number in my commit message. Here's a working try run:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=692183ed19b4e029de687b22f441721c9e099357

Mossop, I figured you don't want to be the maintainer of this anymore seeing as it will soon be used for more than just eslint. Please let me know if you still want to maintain it.

Comment 3

[Dustin J. Mitchell [:dustin] (he/him)]

Comment on attachment 8757660 [details]
MozReview Request: Bug 1276409 - Use a generic ubuntu image as a base for the lint image, r?dustin

https://reviewboard.mozilla.org/r/56064/#review52738

::: testing/docker/lint/system-setup.sh:39
(Diff revision 1)
> +[
> +{
> +    "size": 8310316,
> +    "digest": "95f4fa3d9b215348393dfac4a1c5eff72e9ef85dca38eb69cc8e6c1fe5aada0136c3b182dc04ed5c19fb69f0ac7df85d9c4045b9eb382fcb545b0ccacfece25b",
> +    "algorithm": "sha512",
> +    "filename": "node-v4.4.5-linux-x64.tar.xz"

This, and tc-vcs below, do not necessarily need to be stored in tooltool.  Docker image builds need to be safe against injection of malicious software (so, checking the hash), but not necessarily fast or depending only on Mozilla infrastructure.

Since this is already on tooltool and working, we might as well keep it, but please add a comment here indicating to the next person to modify this file that there is another alternative (maybe just point to this bug comment?)

(apologies for reproducing what I said on bug 1273634 - that's what I get for reviewing on a Sunday)

Comment 4

[Andrew Halberstadt [:ahal]]

Ah good to know. So basically manually run sha512sum on the downloaded file and hardcode that into system-setup.sh? How would you recommend handling tc-vcs, previously it was being installed via npm and wasn't checking any hashes. The tarball with all dependencies doesn't exist anywhere (afaik) so tooltool seems to make sense for that at least.

Also, how concerned should I be about unnecessary stuff on tooltool? I uploaded a tar.xz version of tc-vcs that I didn't end up using. Is there a way to delete it?

Comment 5

[Andrew Halberstadt [:ahal]]

Comment on attachment 8757660 [details]
MozReview Request: Bug 1276409 - Use a generic ubuntu image as a base for the lint image, r?dustin

Review request updated; see interdiff: https://reviewboard.mozilla.org/r/56064/diff/1-2/

Comment 6

[Pulsebot]

https://hg.mozilla.org/integration/mozilla-inbound/rev/45beb943c93e

Comment 7

[Dustin J. Mitchell [:dustin] (he/him)]

Yeah, this may be the best solution for tc-vcs, since the whole blob is not available anywhere else.  npm's security is .. not the greatest :(

There's no deleting from tooltool, by design, so don't worry about it.

Comment 8

[Carsten Book [:Tomcat]]

https://hg.mozilla.org/mozilla-central/rev/45beb943c93e