ci: add Docker images with Datadog profiler (#185)

* ci: add Docker images with Datadog profiler

* ci: use `inputs` instead + try to add test job

* ci: install node modules + add name to job

* ci: try to fix test image step

* ci: remove tests on Docker image + small improvements

* ci: fix digest error

* fix(debian dockerfile): also use a condition to fetch the correct ddprof

Author: GuillaumeDecMeetsMore

.github/workflows/_build-and-merge-docker.yml

@@ -9,10 +9,14 @@ on:
       distro:
         required: true
         type: string
+      with_datadog_profiling:
+        required: true
+        type: boolean
 
-# Taken from https://docs.docker.com/build/ci/github-actions/multi-platform/#distribute-build-across-multiple-runners
+# Adapted from https://docs.docker.com/build/ci/github-actions/multi-platform/#distribute-build-across-multiple-runners
 jobs:
   build-docker:
+    name: Build Docker image for ${{ inputs.distro }} on ${{ matrix.platform }} (DD ${{ inputs.with_datadog_profiling }})
     # We use a custom runner for ARM64 builds.
     runs-on: ${{ matrix.platform == 'linux/amd64' && 'ubuntu-22.04' || 'ubuntu-22.04-arm' }}
     strategy:
@@ -26,6 +30,7 @@ jobs:
       packages: write
     env:
       DATABASE_URL: postgresql://postgres:postgres@localhost/nittei
+
     steps:
       - name: Prepare
         run: |
@@ -60,12 +65,11 @@ jobs:
         id: build
         uses: docker/build-push-action@v6
         with:
-          file: "./${{ inputs.distro }}.Dockerfile"
+          file: "./${{ inputs.distro }}${{ inputs.with_datadog_profiling && 'WithDD' || '' }}.Dockerfile"
           platforms: ${{ matrix.platform }}
-          # This is for the Alpine image
+          # Handle the correct arch
           build-args: |
             ARCH=${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}
-          labels: ${{ steps.meta.outputs.labels }}
           outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true
 
       - name: Export digest
@@ -77,7 +81,7 @@ jobs:
       - name: Upload digest
         uses: actions/upload-artifact@v4
         with:
-          name: digests-${{ inputs.distro }}-${{ env.PLATFORM_PAIR }}
+          name: digests-${{ inputs.distro }}-${{ inputs.with_datadog_profiling }}-${{ env.PLATFORM_PAIR }}
           path: /tmp/digests/*
           if-no-files-found: error
           retention-days: 1
@@ -91,7 +95,7 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           path: /tmp/digests
-          pattern: digests-${{ inputs.distro }}-*
+          pattern: digests-${{ inputs.distro }}-${{ inputs.with_datadog_profiling }}-*
           merge-multiple: true
 
       - name: Set up Docker Buildx
@@ -109,14 +113,34 @@ jobs:
           VERSION=${GITHUB_REF#refs/*/}
           echo "VERSION=${VERSION:1}" >> $GITHUB_ENV
 
+      - name: Set Docker tags
+        id: set-tags
+        run: |
+          # For debian: latest, debian, 1.0.0
+          # For debian with DD: dd-latest, debian-dd, dd-1.0.0
+          # For alpine: alpine-latest, alpine, alpine-1.0.0
+          # For alpine with DD: alpine-dd-latest, alpine-dd, alpine-dd-1.0.0
+
+          if [[ "${{ inputs.distro }}" == "debian" ]]; then
+            if [[ "${{ inputs.with_datadog_profiling }}" == "true" ]]; then
+              echo "TAGS=dd-latest, debian-dd, dd-${{ env.VERSION }}" >> $GITHUB_ENV
+            else
+              echo "TAGS=latest, debian, ${{ env.VERSION }}" >> $GITHUB_ENV
+            fi
+          elif [[ "${{ inputs.distro }}" == "alpine" ]]; then
+            if [[ "${{ inputs.with_datadog_profiling }}" == "true" ]]; then
+              echo "TAGS=alpine-dd-latest, alpine-dd, alpine-dd-${{ env.VERSION }}" >> $GITHUB_ENV
+            else
+              echo "TAGS=alpine-latest, alpine, alpine-${{ env.VERSION }}" >> $GITHUB_ENV
+            fi
+          fi
+
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY_IMAGE }}
-          # For debian: latest, debian, 1.0.0
-          # For alpine: alpine, alpine-1.0.0
-          tags: ${{ inputs.distro == 'debian' && format('latest, debian, {0}', env.VERSION) || format('alpine, alpine-{0}', env.VERSION) }}
+          tags: ${{ env.TAGS }}
 
       - name: Create manifest list and push
         working-directory: /tmp/digests

.github/workflows/release.yml

@@ -15,12 +15,28 @@ jobs:
     uses: ./.github/workflows/_build-and-merge-docker.yml
     with:
       distro: debian
+      with_datadog_profiling: false
     secrets: inherit
 
   alpine-build-and-merge-docker:
     uses: ./.github/workflows/_build-and-merge-docker.yml
     with:
       distro: alpine
+      with_datadog_profiling: false
+    secrets: inherit
+
+  debian-dd-build-and-merge-docker:
+    uses: ./.github/workflows/_build-and-merge-docker.yml
+    with:
+      distro: debian
+      with_datadog_profiling: true
+    secrets: inherit
+
+  alpine-dd-build-and-merge-docker:
+    uses: ./.github/workflows/_build-and-merge-docker.yml
+    with:
+      distro: alpine
+      with_datadog_profiling: true
     secrets: inherit
 
   # We don't use the Rust client for now

Dockerfile

@@ -32,4 +32,4 @@ ENV APP_NAME=${APP_NAME}
 
 COPY --from=builder /${APP_NAME} /${APP_NAME}
 
-CMD /${APP_NAME}
+CMD ["/bin/sh", "-c", "exec /${APP_NAME}"]

alpine.Dockerfile

@@ -0,0 +1,49 @@
+# This Dockerfile is based on the alpine.Dockerfile and adds the ddprof tool to the image.
+#
+# Usage:
+# docker buildx build -f alpineWithDD.Dockerfile -t image:tag --build-arg='ARCH=x86_64' --platform linux/amd64 .
+# docker buildx build -f alpineWithDD.Dockerfile -t image:tag --build-arg='ARCH=aarch64' --platform linux/arm64 .
+
+ARG ARCH=x86_64
+FROM messense/rust-musl-cross:${ARCH}-musl AS builder
+
+ARG ARCH=x86_64
+ARG APP_NAME=nittei
+ARG RUST_VERSION=1.84.0
+
+# Install and set the specific Rust version
+RUN rustup install ${RUST_VERSION} && rustup default ${RUST_VERSION}
+
+# Install the musl target for the correct architecture
+RUN rustup target add ${ARCH}-unknown-linux-musl
+
+# Verify the Rust and target setup
+RUN rustc --version && rustup show
+
+# Copy source code from previous stage
+COPY . .
+
+# Build application
+RUN cargo build --release --target ${ARCH}-unknown-linux-musl && \
+  cp ./target/${ARCH}-unknown-linux-musl/release/${APP_NAME} /${APP_NAME}
+
+# Install ddprof
+RUN ARCH_IN_URL=$(case "${ARCH}" in \
+  x86_64) echo "amd64" ;; \
+  aarch64) echo "arm64" ;; \
+  *) echo "unsupported-arch" && exit 1 ;; \
+  esac) && \
+  curl -Lo ddprof-linux.tar.xz https://github.com/DataDog/ddprof/releases/latest/download/ddprof-${ARCH_IN_URL}-linux.tar.xz && \
+  tar xvf ddprof-linux.tar.xz && \
+  mv ddprof/bin/ddprof /ddprof
+
+#Create a new stage with a minimal image
+FROM alpine:3.20.3
+
+ARG APP_NAME=nittei
+ENV APP_NAME=${APP_NAME}
+
+COPY --from=builder /${APP_NAME} /${APP_NAME}
+COPY --from=builder /ddprof /ddprof
+
+CMD ["/bin/sh", "-c", "exec /ddprof /${APP_NAME}"]

alpineWithDD.Dockerfile

@@ -0,0 +1,68 @@
+# This Dockerfile is based on the debian.Dockerfile and adds the ddprof tool to the image.
+
+# Usage:
+# docker buildx build -f debianWithDD.Dockerfile -t image:tag --build-arg='ARCH=x86_64' --platform linux/amd64 .
+# docker buildx build -f debianWithDD.Dockerfile -t image:tag --build-arg='ARCH=aarch64' --platform linux/arm64 .
+
+ARG RUST_VERSION=1.84.0
+ARG APP_NAME=nittei
+ARG ARCH=x86_64
+
+FROM rust:${RUST_VERSION}-slim AS builder
+
+ARG ARCH=x86_64
+ARG APP_NAME
+
+WORKDIR /app/${APP_NAME}
+
+RUN apt update \
+  && apt install -y --no-install-recommends curl openssl ca-certificates pkg-config build-essential libssl-dev \
+  && apt clean \
+  && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+RUN --mount=type=bind,source=bins,target=/app/${APP_NAME}/bins \
+  --mount=type=bind,source=crates,target=/app/${APP_NAME}/crates \
+  --mount=type=bind,source=clients,target=/app/${APP_NAME}/clients \
+  --mount=type=bind,source=Cargo.toml,target=Cargo.toml \
+  --mount=type=bind,source=Cargo.lock,target=Cargo.lock \
+  --mount=type=cache,target=/app/${APP_NAME}/target/ \
+  --mount=type=cache,target=/usr/local/cargo/git/db \
+  --mount=type=cache,target=/usr/local/cargo/registry/ \
+  cargo build --locked --release && \
+  cp ./target/release/$APP_NAME /bin/server
+
+# Install ddprof
+RUN ARCH_IN_URL=$(case "${ARCH}" in \
+  x86_64) echo "amd64" ;; \
+  aarch64) echo "arm64" ;; \
+  *) echo "unsupported-arch" && exit 1 ;; \
+  esac) && \
+  curl -Lo ddprof-linux.tar.xz https://github.com/DataDog/ddprof/releases/latest/download/ddprof-${ARCH_IN_URL}-linux.tar.xz && \
+  tar xvf ddprof-linux.tar.xz && \
+  mv ddprof/bin/ddprof /ddprof
+
+FROM debian:stable-slim
+
+# Enable backtraces
+ENV RUST_BACKTRACE=1
+
+RUN apt update \
+  && apt install -y openssl ca-certificates \
+  && apt clean \
+  && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+ARG UID=10001
+RUN adduser \
+  --disabled-password \
+  --gecos "" \
+  --home "/nonexistent" \
+  --shell "/sbin/nologin" \
+  --no-create-home \
+  --uid "${UID}" \
+  appuser
+USER appuser
+
+COPY --from=builder /bin/server /bin/
+COPY --from=builder /ddprof /ddprof
+
+CMD ["/ddprof", "/bin/server"]