Add explicit docker-entrypoint to comply with official image rules #10
Conversation
|
To shrink the image further, dropbear-ssh could be used instead of openssh-client; (12kb vs 3mb) sadly, the known-hosts file's are not entirely compatible I think. The hostnames are hashed on later versions of openssh-client. The same problem of course applies when mixing older/newer versions of openssh-client's so not sure how much of a dealbreaker that would be ... Maybe with a -slim variant dropbear-ssh would be more favorable? |
docker-entrypoint.sh
Outdated
|
|
||
| # run command if it is not starting with a "-", is not a git subcommand and is an executable in PATH | ||
| if [ "$#" -gt 0 -a "${1#-}" == "$1" -a ! -x "/usr/libexec/git-core/git-$1" ] && which "$1" > /dev/null 2>&1 ; then | ||
| exec "$@" |
|
Thanks for the review @oliv3r. I added all your suggested changes. I think your slim variant is also a good idea. Maybe it would make sense to provide a "openssh" and a "dropbear" variant/tag, and make the "openssh" variant also the "latest". The Readme could then add an explanation, that there are differences in the known hosts format, and that the dropbear variant is smaller. |
|
Yeah, thinking about the slim variant, it should probably even leave out the ssh client, as not everybody may need it (with CI, you can just as easily use https for example. The normal one, would have a full blown openssh-client (+latest) as you suggest, and then the 'light (-dropbear or -light?) could have dropbear instead. As for 'regular' users they almost always will just use the 'latest' which will have the normal openssh-client. But lets get this PR merged first, it's been idling since dec. 2018 and it's brother since sept. |
|
P.S. I do recommend doing a git rebase -i origin/master on your branch, squash or fixup the edits and then push -f so that we keep a clean commit history. |
l-lotz
force-pushed
the
master
branch
2 times, most recently
from
1978d87 to
4a56619
Compare
|
@oliv3r I cleaned up the git history. |
|
Do we know if there's a publicly available docker build of this branch when you guys are making commits? I can make my system pull it and test it if there is. |
|
I've created lilotz/git on dockerhub to build from my branch. |
|
and I did @ https://hub.docker.com/r/olliver/alpine-git but I think l-lotz's build is probably more up to date :) |
|
Not sure what the official image rules stance is of VOLUME, but I was having trouble with it (btrfs, I know, my own fault). But what is the advantage and purpose of having the VOLUME in this container? The workdir I can understand somewhat, so that the we use a guaranteed dir, but the VOLUME I'm not sure the purpose. You still have to volume mount files to get into the image, if you use -v :/git you are copying/storing the files in the volume (to what end) when all you want is to use the git commands. So for a normal user it makes no little sense, for a CI it adds no value at all. So in that line, would it make sense to remove the VOLUME from the Dockerfile as part of this PR to be a more compliant container? |
docker-entrypoint.sh
Outdated
| set -e | ||
|
|
||
| # run command if it is not starting with a "-", is not a git subcommand and is an executable in PATH | ||
| if [ "${#}" -gt 0 -a "${1#-}" == "${1}" -a ! -x "/usr/libexec/git-core/git-${1}" ] && which "${1}" > /dev/null 2>&1 ; then |
There was a problem hiding this comment.
i should have mentioned this before, but as I forgot to run this script through shellcheck.net, it also mentions a few minor issues here.
command -v is preferred over which
== is undefined in POSIX sh
and
&& is preferred over -a.
| if [ "${#}" -gt 0 -a "${1#-}" == "${1}" -a ! -x "/usr/libexec/git-core/git-${1}" ] && which "${1}" > /dev/null 2>&1 ; then | |
| if [ "${#}" -gt "0" ] && \ | |
| [ "${1#-}" = "${1}" ] && \ | |
| [ ! -x "/usr/libexec/git-core/git-${1}" ] && \ | |
| command -v "${1}"; then |
docker-entrypoint.sh
Outdated
| exec "${@}" | ||
| else | ||
| # else default to run command with git | ||
| exec git "${@}" |
There was a problem hiding this comment.
for alignment consistency probably a good idea to also indent with 4 to stay in sync with the code above.
|
any update on this? |
l-lotz
force-pushed
the
master
branch
2 times, most recently
from
0bf7572 to
f890cbf
Compare
|
@oliv3r I included your suggestions |
|
@l-lotz thanks :) but the maintainer is not moving forward much is it? |
|
@oliv3r & @l-lotz Apologies for the intermittent interations on this. These changes look like they cover everything they need to to address the issue #8 , plus, as far as I can tell it's backwards compatible. @ozbillwang - With regards to your comments, I don't understand what you're saying, are you saying you won't merge this until you find a way to unit test? |
|
@muppet3000 I think it would make sense to still have access to the old version, but I would use some kind of versioning schema to be able to keep a specific version, even when "stable" or "previous" changes. To be fair, compared to the changes in this pull request, the last change was rather small. |
|
@muppet3000 having the old one as previous/stable makes sense. From what I can see, there should not be (m)any backwards compatibility breaking changes. I've created #14 to add overall unit tests to ensure future stability. |
|
@l-lotz could you rebase from master? |
|
@ozbillwang I've rebased it. |
|
This did not work for me as is. PR in upstream l-lotz#1 |
This is based on #9 with a more sophisticated check, but without the ".travis.yml" and "Makefile". Also changed install of "openssh" to "openssh-client" to only install the client.