mitchellh.com / tack
Stitch any CI into Tangled
151
fork

Configure Feed

Select the types of activity you want to include in your feed.

build: add Docker image CI smoke test #16

open opened by
mitchellh.com targeting main from push-unqpnvkxlrnp

Fixes #3

Add a community Dockerfile for tack and cover it in Buildkite so it does not drift unnoticed. The Docker build uses the Go version pinned by go.mod, installs CA certificates in a slim Debian runtime image, and keeps common local artifacts out of the Docker build context.

The new Buildkite step builds the image and runs tack -h, matching the existing Nix package smoke test without requiring runtime configuration, credentials, or external services.

Labels

None yet.

assignee

None yet.

Participants 1
AT URI
at://did:plc:onu3oqfahfubgbetlr4giknc/sh.tangled.repo.pull/3ml7ixg5shq22
+45
Diff #1
+14
.buildkite/pipeline.yml
··· 31 31 command: | 32 32 nix build .#tack 33 33 ./result/bin/tack -h 34 + 35 + - label: ":docker: image build & smoke" 36 + # Keep the community Dockerfile from drifting away from the real build. 37 + # The image smoke test mirrors the Nix package smoke test: `tack -h` exits 38 + # before env-var validation, so it proves the container starts without 39 + # needing a database, Tangled credentials, or a live HTTP listener. 40 + # 41 + # Buildkite's Docker builder may be a remote BuildKit driver, so `--load` 42 + # makes the tagged image available to the local daemon for `docker run`. 43 + # `--quiet` also keeps the layer transfer logs below Buildkite's display 44 + # limit while still surfacing a failing Dockerfile command. 45 + command: | 46 + docker build --pull --load --quiet --file docker/tack.Dockerfile --tag tack:ci . 47 + docker run --rm tack:ci /app/bin/tack -h
+6
.dockerignore
··· 1 + .git 2 + .jj 3 + .direnv 4 + result 5 + tack 6 + tack.db*
+25
docker/tack.Dockerfile
··· 1 + FROM golang:1.25.7-trixie AS build 2 + 3 + WORKDIR /app 4 + 5 + # Keep dependency downloads in their own layer so ordinary source edits do not 6 + # force Docker users to redownload the full module graph every rebuild. 7 + COPY go.mod go.sum ./ 8 + RUN go mod download 9 + 10 + COPY . . 11 + RUN go build -o /app/bin/tack . 12 + 13 + FROM debian:trixie-slim AS run 14 + 15 + ARG DEBIAN_FRONTEND=noninteractive 16 + 17 + # Tack talks to HTTPS endpoints at runtime; the slim Debian base intentionally 18 + # omits the CA bundle, so install only that and drop apt's transient indexes. 19 + RUN apt-get update \ 20 + && apt-get install -y --no-install-recommends ca-certificates \ 21 + && rm -rf /var/lib/apt/lists/* 22 + 23 + COPY --from=build /app/bin/tack /app/bin/tack 24 + 25 + CMD ["/app/bin/tack"]

History

2 rounds 0 comments
sign up or login to add to the discussion
mitchellh.com submitted #1
interdiff
1 commit
expand
06fa7d21
build: add Docker image CI smoke test
merge conflicts detected
expand
  • .buildkite/pipeline.yml:31
expand 0 comments
mitchellh.com submitted #0
diff
1 commit
expand
fdbf3fc0
build: add Docker image CI smoke test
expand 0 comments