From e3b17ae090704a6b03179a87843282a268b7ec2c Mon Sep 17 00:00:00 2001 From: Joshua Li Date: Tue, 14 Oct 2025 13:28:57 -0700 Subject: [PATCH 01/15] replace assembly with single call to composite action --- .github/workflows/image.yml | 112 ++++++++++++------------------------ Dockerfile | 4 +- 2 files changed, 41 insertions(+), 75 deletions(-) diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml index 18ed92e12..b76a90ee9 100644 --- a/.github/workflows/image.yml +++ b/.github/workflows/image.yml @@ -88,6 +88,12 @@ jobs: cargo build --release --locked --target="${RUST_TARGET}" --features="${FEATURES}" mv "target/${RUST_TARGET}/release/symbolicator" ./symbolicator + - name: Upload Binary + uses: actions/upload-artifact@v4 + with: + name: symbolicator-binary@${{ matrix.arch }} + path: ./binaries/linux/${{ matrix.arch }}/symbolicator + - name: Split debug info run: | mkdir -p "/tmp/debug-info/" @@ -112,9 +118,9 @@ jobs: - name: Prepare Docker Context run: | - mkdir docker-ctx + mkdir -p docker-ctx/binaries/linux/${{ matrix.arch }} cp Dockerfile docker-ctx/ - mv symbolicator docker-ctx/ + mv symbolicator docker-ctx/binaries/linux/${{ matrix.arch }} - name: Build Image uses: docker/build-push-action@v6 @@ -131,94 +137,52 @@ jobs: name: symbolicator-image@${{ matrix.arch }} path: /tmp/symbolicator-${{ matrix.arch }}.tar - assemble-ghcr: + assemble: needs: [build-setup, build-image] if: "needs.build-setup.outputs.full_ci == 'true'" - name: Assemble for Github Container Registry + name: Assemble runs-on: ubuntu-latest permissions: - packages: write - - env: - IMAGE: "ghcr.io/getsentry/symbolicator" + packages: write # required for GHCR + contents: read + id-token: write # required for GAR steps: - - name: Docker Login - run: docker login --username '${{ github.actor }}' --password-stdin ghcr.io <<< "$GHCR_TOKEN" - env: - GHCR_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Download Images + - name: Download Binaries uses: actions/download-artifact@v5 with: - pattern: symbolicator-image@* - path: /tmp + pattern: symbolicator-binary@* + path: /tmp/docker-ctx merge-multiple: true - - &assemble - name: Assemble and Push Images + - name: Prepare Docker Context run: | - set -x - - IMAGES=() - for image in /tmp/symbolicator-*.tar; do - NAME="$(basename $image .tar)" - ARCH="${NAME#*-}" - TARGET="${IMAGE}:${{ github.sha }}-${ARCH}" - - docker load --input "${image}" - docker tag "${NAME}" "${TARGET}" - docker push "${TARGET}" + cp Dockerfile /tmp/docker-ctx - IMAGES+=("${TARGET}") - done + # If action-build-and-push-images supports passing in a docker tar, + # then we can reuse the image artifact rather than this workaround + # (thankfully the build amounts to just a cp, wouldn't be doing this + # if the build was more complicated as we're building twice) - docker buildx imagetools create -t "${IMAGE}:${{ github.sha }}" "${IMAGES[@]}" - - if [[ "${{ github.ref_name }}" == "master" ]]; then - docker buildx imagetools create -t "${IMAGE}:nightly" "${IMAGE}:${{ github.sha }}" - fi - - assemble-ar: - needs: [build-setup, build-image] - if: "needs.build-setup.outputs.full_ci == 'true'" - - name: Assemble for Google Artifact Registry - runs-on: ubuntu-latest - - permissions: - contents: read - id-token: write - - env: - IMAGE: "us-central1-docker.pkg.dev/sentryio/symbolicator/image" - - steps: - - name: Google Auth - id: auth - uses: google-github-actions/auth@v3 + - name: Build and push images + if: "needs.build-setup.outputs.full_ci == 'true'" + uses: getsentry/action-build-and-push-images@b172ab61a5f7eabd58bd42ce231b517e79947c01 with: - workload_identity_provider: projects/868781662168/locations/global/workloadIdentityPools/prod-github/providers/github-oidc-pool - service_account: gha-gcr-push@sac-prod-sa.iam.gserviceaccount.com - - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v3 - with: - version: ">= 390.0.0" - - - name: Configure Docker - run: gcloud auth configure-docker us-central1-docker.pkg.dev - - - name: Download Images - uses: actions/download-artifact@v5 - with: - pattern: symbolicator-image@* - path: /tmp - merge-multiple: true - - - *assemble + image_name: 'symbolicator' + platforms: linux/amd64,linux/arm64 + build_context: '/tmp/docker-ctx' + publish_on_pr: true # TEMPORARY FOR TESTING + ghcr: true + google_ar: true + # note: nightly will only be tagged if on default branch + tag_nightly: true + # on GAR we expect latest tags, nightly is canonically only a GHCR thing for us + tag_latest: true + google_ar_image_name: us-central1-docker.pkg.dev/sentryio/symbolicator/image + google_workload_identity_provider: projects/868781662168/locations/global/workloadIdentityPools/prod-github/providers/github-oidc-pool + google_service_account: gha-gcr-push@sac-prod-sa.iam.gserviceaccount.com gocd-artifacts: needs: [build-setup, build-image] diff --git a/Dockerfile b/Dockerfile index 082df4a87..8aa7e08f1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,9 @@ COPY --from=gcr.io/distroless/cc-debian12:nonroot --chown=nonroot:nonroot /home/ VOLUME ["/etc/symbolicator", "/data"] EXPOSE 3021 -ARG BINARY=./symbolicator +ARG TARGETPLATFORM + +ARG BINARY=./binaries/$TARGETPLATFORM/symbolicator COPY ${BINARY} /bin/symbolicator ENTRYPOINT ["/bin/symbolicator"] From 4d190ff16995f4b7d5c5ac34cb446dd5841b1d70 Mon Sep 17 00:00:00 2001 From: Joshua Li Date: Tue, 14 Oct 2025 14:21:41 -0700 Subject: [PATCH 02/15] fix paths --- .github/workflows/image.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml index b76a90ee9..e4f16f2c7 100644 --- a/.github/workflows/image.yml +++ b/.github/workflows/image.yml @@ -86,16 +86,19 @@ jobs: - name: Build Binary run: | cargo build --release --locked --target="${RUST_TARGET}" --features="${FEATURES}" - mv "target/${RUST_TARGET}/release/symbolicator" ./symbolicator + mkdir -p /tmp/linux/${{ matrix.arch }} + mv "target/${RUST_TARGET}/release/symbolicator" /tmp/linux/${{ matrix.arch }}/symbolicator - name: Upload Binary uses: actions/upload-artifact@v4 with: name: symbolicator-binary@${{ matrix.arch }} - path: ./binaries/linux/${{ matrix.arch }}/symbolicator + path: /tmp/linux/${{ matrix.arch }}/symbolicator - name: Split debug info run: | + mv /tmp/linux/${{ matrix.arch }}/symbolicator symbolicator + mkdir -p "/tmp/debug-info/" llvm-objcopy --only-keep-debug symbolicator{,.debug} @@ -160,6 +163,7 @@ jobs: - name: Prepare Docker Context run: | cp Dockerfile /tmp/docker-ctx + mv /tmp/linux /tmp/docker-ctx # If action-build-and-push-images supports passing in a docker tar, # then we can reuse the image artifact rather than this workaround From 584358ed4df7225f0bbba9db5d0e99b8f0d62b8b Mon Sep 17 00:00:00 2001 From: Joshua Li Date: Tue, 14 Oct 2025 14:36:21 -0700 Subject: [PATCH 03/15] fix --- .github/workflows/image.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml index e4f16f2c7..6c3eca945 100644 --- a/.github/workflows/image.yml +++ b/.github/workflows/image.yml @@ -153,6 +153,8 @@ jobs: id-token: write # required for GAR steps: + - uses: actions/checkout@v5 + - name: Download Binaries uses: actions/download-artifact@v5 with: From 5937a551aa9ba93fcd04853823d83a8c0bd9c2af Mon Sep 17 00:00:00 2001 From: Joshua Li Date: Tue, 14 Oct 2025 14:46:52 -0700 Subject: [PATCH 04/15] debug --- .github/workflows/image.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml index 6c3eca945..4d00a6680 100644 --- a/.github/workflows/image.yml +++ b/.github/workflows/image.yml @@ -165,7 +165,8 @@ jobs: - name: Prepare Docker Context run: | cp Dockerfile /tmp/docker-ctx - mv /tmp/linux /tmp/docker-ctx + ls -lah /tmp/docker-ctx + mv /tmp/docker-ctx/tmp/linux /tmp/docker-ctx/linux # If action-build-and-push-images supports passing in a docker tar, # then we can reuse the image artifact rather than this workaround From 1a6ce940e239bc96a46291ea128efaaeef4078d8 Mon Sep 17 00:00:00 2001 From: Joshua Li Date: Tue, 14 Oct 2025 14:58:55 -0700 Subject: [PATCH 05/15] debug --- .github/workflows/image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml index 4d00a6680..25dedced8 100644 --- a/.github/workflows/image.yml +++ b/.github/workflows/image.yml @@ -160,12 +160,12 @@ jobs: with: pattern: symbolicator-binary@* path: /tmp/docker-ctx - merge-multiple: true - name: Prepare Docker Context run: | cp Dockerfile /tmp/docker-ctx ls -lah /tmp/docker-ctx + tree /tmp/docker-ctx || true mv /tmp/docker-ctx/tmp/linux /tmp/docker-ctx/linux # If action-build-and-push-images supports passing in a docker tar, From 2dc729a034610f4e21cc18b888cf8a8c39b76377 Mon Sep 17 00:00:00 2001 From: Joshua Li Date: Tue, 14 Oct 2025 16:30:31 -0700 Subject: [PATCH 06/15] fix --- .github/workflows/image.yml | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml index 25dedced8..6ef394e0b 100644 --- a/.github/workflows/image.yml +++ b/.github/workflows/image.yml @@ -87,18 +87,16 @@ jobs: run: | cargo build --release --locked --target="${RUST_TARGET}" --features="${FEATURES}" mkdir -p /tmp/linux/${{ matrix.arch }} - mv "target/${RUST_TARGET}/release/symbolicator" /tmp/linux/${{ matrix.arch }}/symbolicator + mv "target/${RUST_TARGET}/release/symbolicator" ./symbolicator - name: Upload Binary uses: actions/upload-artifact@v4 with: - name: symbolicator-binary@${{ matrix.arch }} - path: /tmp/linux/${{ matrix.arch }}/symbolicator + name: symbolicator-binary-${{ matrix.arch }} + path: ./symbolicator - name: Split debug info run: | - mv /tmp/linux/${{ matrix.arch }}/symbolicator symbolicator - mkdir -p "/tmp/debug-info/" llvm-objcopy --only-keep-debug symbolicator{,.debug} @@ -158,15 +156,15 @@ jobs: - name: Download Binaries uses: actions/download-artifact@v5 with: - pattern: symbolicator-binary@* + pattern: symbolicator-binary-* path: /tmp/docker-ctx - name: Prepare Docker Context run: | cp Dockerfile /tmp/docker-ctx - ls -lah /tmp/docker-ctx - tree /tmp/docker-ctx || true - mv /tmp/docker-ctx/tmp/linux /tmp/docker-ctx/linux + mkdir -p /tmp/docker-ctx/binaries/linux/amd64 /tmp/docker-ctx/binaries/linux/arm64 + mv /tmp/docker-ctx/symbolicator-binary-amd64/symbolicator /tmp/docker-ctx/binaries/linux/amd64 + mv /tmp/docker-ctx/symbolicator-binary-arm64/symbolicator /tmp/docker-ctx/binaries/linux/arm64 # If action-build-and-push-images supports passing in a docker tar, # then we can reuse the image artifact rather than this workaround From 2b9bd8159c847258a36f138874517e92ebe91436 Mon Sep 17 00:00:00 2001 From: Joshua Li Date: Tue, 14 Oct 2025 16:37:37 -0700 Subject: [PATCH 07/15] use getsentry/action-build-and-push-images to only build the tar --- .github/workflows/image.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml index 6ef394e0b..4498154cc 100644 --- a/.github/workflows/image.yml +++ b/.github/workflows/image.yml @@ -124,13 +124,14 @@ jobs: mv symbolicator docker-ctx/binaries/linux/${{ matrix.arch }} - name: Build Image - uses: docker/build-push-action@v6 + uses: getsentry/action-build-and-push-images@b172ab61a5f7eabd58bd42ce231b517e79947c01 with: - context: docker-ctx/ + image_name: 'symbolicator' platforms: linux/${{ matrix.arch }} - tags: symbolicator-${{ matrix.arch }} + build_context: 'docker-ctx' + ghcr: false + google_ar: false outputs: type=docker,dest=/tmp/symbolicator-${{ matrix.arch }}.tar - push: false - name: Upload Image uses: actions/upload-artifact@v4 From d9925bc63db692657ceb14ea29d745dcf389c953 Mon Sep 17 00:00:00 2001 From: Joshua Li Date: Tue, 14 Oct 2025 16:47:56 -0700 Subject: [PATCH 08/15] cleanup --- .github/workflows/image.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml index 4498154cc..a4ed24dc5 100644 --- a/.github/workflows/image.yml +++ b/.github/workflows/image.yml @@ -86,7 +86,6 @@ jobs: - name: Build Binary run: | cargo build --release --locked --target="${RUST_TARGET}" --features="${FEATURES}" - mkdir -p /tmp/linux/${{ matrix.arch }} mv "target/${RUST_TARGET}/release/symbolicator" ./symbolicator - name: Upload Binary From 01cae28111c6c114a73f83f2ec3bcbd9d5ddb2b8 Mon Sep 17 00:00:00 2001 From: Joshua Li Date: Wed, 15 Oct 2025 15:15:50 -0700 Subject: [PATCH 09/15] fix self hosted --- .github/workflows/image.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml index a4ed24dc5..cf0980c61 100644 --- a/.github/workflows/image.yml +++ b/.github/workflows/image.yml @@ -136,6 +136,7 @@ jobs: uses: actions/upload-artifact@v4 with: name: symbolicator-image@${{ matrix.arch }} + tags: symbolicator-${{ matrix.arch }} path: /tmp/symbolicator-${{ matrix.arch }}.tar assemble: @@ -170,12 +171,13 @@ jobs: # then we can reuse the image artifact rather than this workaround # (thankfully the build amounts to just a cp, wouldn't be doing this # if the build was more complicated as we're building twice) - - name: Build and push images if: "needs.build-setup.outputs.full_ci == 'true'" uses: getsentry/action-build-and-push-images@b172ab61a5f7eabd58bd42ce231b517e79947c01 with: image_name: 'symbolicator' + # Please note that multiplatform builds like this are only feasible in this case + # because the docker build essentially amounts to copying files, not compiling. platforms: linux/amd64,linux/arm64 build_context: '/tmp/docker-ctx' publish_on_pr: true # TEMPORARY FOR TESTING From 1f13b83f7785ed3f687638bae1ca289fd6dbf335 Mon Sep 17 00:00:00 2001 From: Joshua Li Date: Wed, 15 Oct 2025 15:16:29 -0700 Subject: [PATCH 10/15] devenv pin_gha image.yml --- .github/workflows/image.yml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml index cf0980c61..117a66a10 100644 --- a/.github/workflows/image.yml +++ b/.github/workflows/image.yml @@ -61,7 +61,7 @@ jobs: }')[matrix.arch] }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 with: submodules: recursive @@ -77,7 +77,7 @@ jobs: - name: Install sentry-cli run: curl -sL https://sentry.io/get-cli/ | bash - - uses: swatinem/rust-cache@v2 + - uses: swatinem/rust-cache@7939da402645ba29a2df566723491a2c856e8f8a # v2 if: ${{ !startsWith(github.ref_name, 'release/') }} with: key: ${{ github.job }} @@ -89,7 +89,7 @@ jobs: mv "target/${RUST_TARGET}/release/symbolicator" ./symbolicator - name: Upload Binary - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: symbolicator-binary-${{ matrix.arch }} path: ./symbolicator @@ -108,13 +108,13 @@ jobs: mv "${SOURCE_BUNDLE}" /tmp/debug-info/symbolicator-${{ matrix.arch }}.src.zip - name: Upload Debug Info - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: symbolicator-debug@${{ matrix.arch }} path: /tmp/debug-info/* - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3 - name: Prepare Docker Context run: | @@ -133,7 +133,7 @@ jobs: outputs: type=docker,dest=/tmp/symbolicator-${{ matrix.arch }}.tar - name: Upload Image - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: symbolicator-image@${{ matrix.arch }} tags: symbolicator-${{ matrix.arch }} @@ -152,10 +152,10 @@ jobs: id-token: write # required for GAR steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - name: Download Binaries - uses: actions/download-artifact@v5 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5 with: pattern: symbolicator-binary-* path: /tmp/docker-ctx @@ -205,17 +205,17 @@ jobs: steps: - name: Google Auth id: auth - uses: google-github-actions/auth@v3 + uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3 with: workload_identity_provider: projects/868781662168/locations/global/workloadIdentityPools/prod-github/providers/github-oidc-pool service_account: gha-gcr-push@sac-prod-sa.iam.gserviceaccount.com - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v3 + uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3 with: version: ">= 390.0.0" - - uses: actions/download-artifact@v5 + - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5 with: pattern: "symbolicator-debug@*" path: /tmp/debug-info/ @@ -232,7 +232,7 @@ jobs: steps: - name: Download Docker Image - uses: actions/download-artifact@v5 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5 with: pattern: symbolicator-image@amd64 path: /tmp @@ -241,7 +241,7 @@ jobs: run: docker load --input /tmp/symbolicator-amd64.tar - name: Run Sentry self-hosted e2e CI - uses: getsentry/self-hosted@master + uses: getsentry/self-hosted@6ae40d837a78c2968a28acf952b1beb9911237f8 # master with: project_name: symbolicator image_url: symbolicator-amd64 From d9fdb5b571e058deca0d4d57537caca764929d55 Mon Sep 17 00:00:00 2001 From: Joshua Li Date: Thu, 16 Oct 2025 13:14:17 -0700 Subject: [PATCH 11/15] lets just use symbolicator name --- .github/workflows/image.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml index 117a66a10..7cdfe89fa 100644 --- a/.github/workflows/image.yml +++ b/.github/workflows/image.yml @@ -136,7 +136,6 @@ jobs: uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: symbolicator-image@${{ matrix.arch }} - tags: symbolicator-${{ matrix.arch }} path: /tmp/symbolicator-${{ matrix.arch }}.tar assemble: @@ -238,11 +237,13 @@ jobs: path: /tmp - name: Load Docker Image - run: docker load --input /tmp/symbolicator-amd64.tar + run: | + docker load --input /tmp/symbolicator-amd64.tar + docker image ls - name: Run Sentry self-hosted e2e CI uses: getsentry/self-hosted@6ae40d837a78c2968a28acf952b1beb9911237f8 # master with: project_name: symbolicator - image_url: symbolicator-amd64 + image_url: symbolicator CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} From 68bf56d5b720909db5a546811196701ba2c92f9a Mon Sep 17 00:00:00 2001 From: Joshua Li Date: Thu, 16 Oct 2025 13:55:53 -0700 Subject: [PATCH 12/15] will this work --- .github/workflows/image.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml index 7cdfe89fa..d6eb61d77 100644 --- a/.github/workflows/image.yml +++ b/.github/workflows/image.yml @@ -126,6 +126,7 @@ jobs: uses: getsentry/action-build-and-push-images@b172ab61a5f7eabd58bd42ce231b517e79947c01 with: image_name: 'symbolicator' + tags: 'symbolicator-self-hosted' platforms: linux/${{ matrix.arch }} build_context: 'docker-ctx' ghcr: false @@ -245,5 +246,5 @@ jobs: uses: getsentry/self-hosted@6ae40d837a78c2968a28acf952b1beb9911237f8 # master with: project_name: symbolicator - image_url: symbolicator + image_url: symbolicator-self-hosted CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} From 19ae58ee059ce1ba15ba52ec036176ed2fe72274 Mon Sep 17 00:00:00 2001 From: Joshua Li Date: Thu, 16 Oct 2025 14:23:59 -0700 Subject: [PATCH 13/15] make sure its executable --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 8aa7e08f1..00ccba84b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,6 +9,6 @@ EXPOSE 3021 ARG TARGETPLATFORM ARG BINARY=./binaries/$TARGETPLATFORM/symbolicator -COPY ${BINARY} /bin/symbolicator +COPY --chmod=0755 ${BINARY} /bin/symbolicator ENTRYPOINT ["/bin/symbolicator"] From 06e8bc18243528df606c3ba33787e9338ce57e77 Mon Sep 17 00:00:00 2001 From: Joshua Li Date: Thu, 16 Oct 2025 14:24:49 -0700 Subject: [PATCH 14/15] sanity check --- Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Dockerfile b/Dockerfile index 00ccba84b..ab3509711 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,4 +11,7 @@ ARG TARGETPLATFORM ARG BINARY=./binaries/$TARGETPLATFORM/symbolicator COPY --chmod=0755 ${BINARY} /bin/symbolicator +# sanity check +RUN /bin/symbolicator + ENTRYPOINT ["/bin/symbolicator"] From 990e9c1dae89a9b8f66686d2ad558acd0e25fd51 Mon Sep 17 00:00:00 2001 From: Joshua Li Date: Thu, 16 Oct 2025 14:43:26 -0700 Subject: [PATCH 15/15] bypass the shell --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ab3509711..3ffc9f81c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,6 +12,6 @@ ARG BINARY=./binaries/$TARGETPLATFORM/symbolicator COPY --chmod=0755 ${BINARY} /bin/symbolicator # sanity check -RUN /bin/symbolicator +RUN ["/bin/symbolicator", "help"] ENTRYPOINT ["/bin/symbolicator"]