From 4ad7becd53dd2565996b2becc1c9039aa6dec0cc Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Sat, 21 Jun 2025 13:17:29 +0000 Subject: [PATCH 01/11] chore: remove unnecessary copy statements --- .devcontainer/cpp/Dockerfile | 12 ++++++------ .devcontainer/rust/Dockerfile | 8 ++++---- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index 96f283c7..2bff7fb5 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -15,9 +15,9 @@ HEALTHCHECK NONE SHELL ["/bin/bash", "-o", "pipefail", "-c"] # Install the base system with all tool dependencies -COPY .devcontainer/cpp/apt-requirements-base.json /tmp/apt-requirements-base.json # hadolint ignore=DL3008 -RUN apt-get update && apt-get install -y --no-install-recommends jq \ +RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-base.json,target=/tmp/apt-requirements-base.json \ + apt-get update && apt-get install -y --no-install-recommends jq \ && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-base.json | xargs apt-get install -y --no-install-recommends \ && rm /tmp/apt-requirements-base.json \ && rm -rf /var/lib/apt/lists/* @@ -27,8 +27,8 @@ RUN wget -qO /usr/local/share/ca-certificates/Cisco_Umbrella_Root_CA.crt https:/ && update-ca-certificates # Install some tools via pip to get more recent versions -COPY .devcontainer/cpp/requirements.txt /tmp/requirements.txt -RUN python3 -m pip install --break-system-packages --require-hashes --no-cache-dir -r /tmp/requirements.txt \ +RUN --mount=type=bind,source=.devcontainer/cpp/requirements.txt,target=/tmp/requirements.txt \ + python3 -m pip install --break-system-packages --require-hashes --no-cache-dir -r /tmp/requirements.txt \ && rm -rf /tmp/requirements.txt # Set default environment options for CMake and ccache @@ -39,9 +39,9 @@ ENV CONAN_HOME=/opt/conan ENV CPM_SOURCE_CACHE=/cache/.cpm-cache # Install clang toolchain and mull mutation testing framework -COPY .devcontainer/cpp/apt-requirements-clang.json /tmp/apt-requirements-clang.json # hadolint ignore=SC1091 -RUN wget -qO - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --dearmor -o /usr/share/keyrings/llvm-snapshot-keyring.gpg \ +RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-clang.json,target=/tmp/apt-requirements-clang.json \ + wget -qO - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --dearmor -o /usr/share/keyrings/llvm-snapshot-keyring.gpg \ && wget -qO - https://dl.cloudsmith.io/public/mull-project/mull-stable/gpg.41DB35380DE6BD6F.key | gpg --dearmor -o /usr/share/keyrings/mull-project-mull-stable-archive-keyring.gpg \ && UBUNTU_CODENAME=$(. /etc/os-release; echo "${UBUNTU_CODENAME/*, /}") \ && echo "deb [signed-by=/usr/share/keyrings/llvm-snapshot-keyring.gpg] http://apt.llvm.org/${UBUNTU_CODENAME}/ llvm-toolchain-${UBUNTU_CODENAME}-${CLANG_VERSION} main" | tee /etc/apt/sources.list.d/llvm.list > /dev/null \ diff --git a/.devcontainer/rust/Dockerfile b/.devcontainer/rust/Dockerfile index c2e71978..fb92a674 100644 --- a/.devcontainer/rust/Dockerfile +++ b/.devcontainer/rust/Dockerfile @@ -11,9 +11,9 @@ HEALTHCHECK NONE SHELL ["/bin/bash", "-o", "pipefail", "-c"] # Install the base system with all tool dependencies -COPY .devcontainer/rust/apt-requirements-base.json /tmp/apt-requirements-base.json # hadolint ignore=DL3008 -RUN apt-get update && apt-get install -y --no-install-recommends jq \ +RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-base.json,target=/tmp/apt-requirements-base.json \ + apt-get update && apt-get install -y --no-install-recommends jq \ && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-base.json | xargs apt-get install -y --no-install-recommends \ && rm /tmp/apt-requirements-base.json \ && rm -rf /var/lib/apt/lists/* @@ -23,7 +23,8 @@ RUN wget -qO /usr/local/share/ca-certificates/Cisco_Umbrella_Root_CA.crt https:/ && update-ca-certificates # Install rust -ENV CARGO_HOME=/usr/local/cargo \ +ENV ENV BINSTALL_DISABLE_TELEMETRY=true \ + CARGO_HOME=/usr/local/cargo \ RUSTUP_HOME=/usr/local/rustup \ PATH=/usr/local/cargo/bin:"$PATH" RUN rustup set profile minimal \ @@ -45,7 +46,6 @@ RUN batstmp="$(mktemp -d /tmp/bats-core-${BATS_VERSION}.XXXX)" \ RUN update-alternatives --install /usr/bin/cc cc /usr/bin/gcc-14 20 \ && cp /etc/skel/.bashrc /root/.bashrc -ENV BINSTALL_DISABLE_TELEMETRY=true # Install additional rust tools RUN wget -qO - "https://github.com/cargo-bins/cargo-binstall/releases/download/v${CARGO_BINSTALL_VERSION}/cargo-binstall-$(uname -m)-unknown-linux-gnu.tgz" | tar xz -C "/usr/bin" \ && cargo-binstall -y --locked cargo-binutils@0.3.6 cargo-mutants@25.0.0 flip-link@0.1.10 \ From 52840e9a0dd113bcd207da15e6a9413eafe6d1ec Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Sat, 21 Jun 2025 13:30:06 +0000 Subject: [PATCH 02/11] chore: don't remove bind mounted files --- .devcontainer/cpp/Dockerfile | 5 +---- .devcontainer/rust/Dockerfile | 1 - 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index 2bff7fb5..042020f9 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -19,7 +19,6 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-base.json,target=/tmp/apt-requirements-base.json \ apt-get update && apt-get install -y --no-install-recommends jq \ && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-base.json | xargs apt-get install -y --no-install-recommends \ - && rm /tmp/apt-requirements-base.json \ && rm -rf /var/lib/apt/lists/* # Include the Cisco Umbrella PKI Root @@ -28,8 +27,7 @@ RUN wget -qO /usr/local/share/ca-certificates/Cisco_Umbrella_Root_CA.crt https:/ # Install some tools via pip to get more recent versions RUN --mount=type=bind,source=.devcontainer/cpp/requirements.txt,target=/tmp/requirements.txt \ - python3 -m pip install --break-system-packages --require-hashes --no-cache-dir -r /tmp/requirements.txt \ - && rm -rf /tmp/requirements.txt + python3 -m pip install --break-system-packages --require-hashes --no-cache-dir -r /tmp/requirements.txt # Set default environment options for CMake and ccache ENV CCACHE_DIR=/cache/.ccache @@ -49,7 +47,6 @@ RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-clang.json,targe && echo -e 'Package: *\nPin: origin "apt.llvm.org"\nPin-Priority: 1000' > /etc/apt/preferences \ && apt-get update \ && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-clang.json | xargs apt-get install -y --no-install-recommends \ - && rm /tmp/apt-requirements* \ && rm -rf /var/lib/apt/lists/* ENV PATH="$PATH:/usr/lib/llvm-${CLANG_VERSION}/bin" diff --git a/.devcontainer/rust/Dockerfile b/.devcontainer/rust/Dockerfile index fb92a674..3dcd26e6 100644 --- a/.devcontainer/rust/Dockerfile +++ b/.devcontainer/rust/Dockerfile @@ -15,7 +15,6 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-base.json,target=/tmp/apt-requirements-base.json \ apt-get update && apt-get install -y --no-install-recommends jq \ && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-base.json | xargs apt-get install -y --no-install-recommends \ - && rm /tmp/apt-requirements-base.json \ && rm -rf /var/lib/apt/lists/* # Include the Cisco Umbrella PKI Root From ef745ddff717efe039954a4e86f09bc5eddcd8c7 Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Sat, 21 Jun 2025 13:45:41 +0000 Subject: [PATCH 03/11] chore: fix copy paste haste, thanks copilot --- .devcontainer/cpp/Dockerfile | 10 +++++----- .devcontainer/rust/Dockerfile | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index 042020f9..6e27005a 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -30,11 +30,11 @@ RUN --mount=type=bind,source=.devcontainer/cpp/requirements.txt,target=/tmp/req python3 -m pip install --break-system-packages --require-hashes --no-cache-dir -r /tmp/requirements.txt # Set default environment options for CMake and ccache -ENV CCACHE_DIR=/cache/.ccache -ENV CMAKE_EXPORT_COMPILE_COMMANDS="On" -ENV CMAKE_GENERATOR="Ninja" -ENV CONAN_HOME=/opt/conan -ENV CPM_SOURCE_CACHE=/cache/.cpm-cache +ENV CCACHE_DIR=/cache/.ccache \ + CMAKE_EXPORT_COMPILE_COMMANDS="On" \ + CMAKE_GENERATOR="Ninja" \ + CONAN_HOME=/opt/conan \ + CPM_SOURCE_CACHE=/cache/.cpm-cache # Install clang toolchain and mull mutation testing framework # hadolint ignore=SC1091 diff --git a/.devcontainer/rust/Dockerfile b/.devcontainer/rust/Dockerfile index 3dcd26e6..979d48a0 100644 --- a/.devcontainer/rust/Dockerfile +++ b/.devcontainer/rust/Dockerfile @@ -12,7 +12,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"] # Install the base system with all tool dependencies # hadolint ignore=DL3008 -RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-base.json,target=/tmp/apt-requirements-base.json \ +RUN --mount=type=bind,source=.devcontainer/rust/apt-requirements-base.json,target=/tmp/apt-requirements-base.json \ apt-get update && apt-get install -y --no-install-recommends jq \ && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-base.json | xargs apt-get install -y --no-install-recommends \ && rm -rf /var/lib/apt/lists/* @@ -22,7 +22,7 @@ RUN wget -qO /usr/local/share/ca-certificates/Cisco_Umbrella_Root_CA.crt https:/ && update-ca-certificates # Install rust -ENV ENV BINSTALL_DISABLE_TELEMETRY=true \ +ENV BINSTALL_DISABLE_TELEMETRY=true \ CARGO_HOME=/usr/local/cargo \ RUSTUP_HOME=/usr/local/rustup \ PATH=/usr/local/cargo/bin:"$PATH" From 4a2668416d5b4bf00e99142ae6125d3dd91ed2bd Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Sat, 21 Jun 2025 16:36:21 +0000 Subject: [PATCH 04/11] chore: use bind mount for apt cache --- .devcontainer/cpp/Dockerfile | 15 +++++++++------ .devcontainer/rust/Dockerfile | 5 +++-- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index 6e27005a..9078ab03 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -17,9 +17,10 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"] # Install the base system with all tool dependencies # hadolint ignore=DL3008 RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-base.json,target=/tmp/apt-requirements-base.json \ + --mount=type=cache,target=/var/cache/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ apt-get update && apt-get install -y --no-install-recommends jq \ - && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-base.json | xargs apt-get install -y --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* + && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-base.json | xargs apt-get install -y --no-install-recommends # Include the Cisco Umbrella PKI Root RUN wget -qO /usr/local/share/ca-certificates/Cisco_Umbrella_Root_CA.crt https://www.cisco.com/security/pki/certs/ciscoumbrellaroot.pem \ @@ -39,6 +40,8 @@ ENV CCACHE_DIR=/cache/.ccache \ # Install clang toolchain and mull mutation testing framework # hadolint ignore=SC1091 RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-clang.json,target=/tmp/apt-requirements-clang.json \ + --mount=type=cache,target=/var/cache/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ wget -qO - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --dearmor -o /usr/share/keyrings/llvm-snapshot-keyring.gpg \ && wget -qO - https://dl.cloudsmith.io/public/mull-project/mull-stable/gpg.41DB35380DE6BD6F.key | gpg --dearmor -o /usr/share/keyrings/mull-project-mull-stable-archive-keyring.gpg \ && UBUNTU_CODENAME=$(. /etc/os-release; echo "${UBUNTU_CODENAME/*, /}") \ @@ -46,8 +49,7 @@ RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-clang.json,targe && echo "deb [signed-by=/usr/share/keyrings/mull-project-mull-stable-archive-keyring.gpg] https://dl.cloudsmith.io/public/mull-project/mull-stable/deb/ubuntu ${UBUNTU_CODENAME} main" | tee /etc/apt/sources.list.d/mull-project-mull-stable.list > /dev/null \ && echo -e 'Package: *\nPin: origin "apt.llvm.org"\nPin-Priority: 1000' > /etc/apt/preferences \ && apt-get update \ - && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-clang.json | xargs apt-get install -y --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* + && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-clang.json | xargs apt-get install -y --no-install-recommends ENV PATH="$PATH:/usr/lib/llvm-${CLANG_VERSION}/bin" # Install arm-gcc toolchain @@ -81,6 +83,8 @@ RUN wget -qO - https://github.com/ccache/ccache/archive/refs/tags/v${CCACHE_VERS # Install include-what-you-use (iwyu) from source # hadolint ignore=DL3008 RUN --mount=type=cache,target=/root/.ccache,sharing=locked \ + --mount=type=cache,target=/var/cache/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ apt-get update && apt-get install -y --no-install-recommends libclang-${CLANG_VERSION}-dev llvm-${CLANG_VERSION}-dev \ && wget -qO - https://github.com/include-what-you-use/include-what-you-use/archive/refs/tags/${INCLUDE_WHAT_YOU_USE_VERSION}.tar.gz | tar xz -C /tmp \ && CC=clang CXX=clang++ cmake -DCMAKE_C_COMPILER_LAUNCHER=ccache -DCMAKE_CXX_COMPILER_LAUNCHER=ccache -S /tmp/include-what-you-use-${INCLUDE_WHAT_YOU_USE_VERSION} -B /tmp/include-what-you-use-${INCLUDE_WHAT_YOU_USE_VERSION}/build \ @@ -88,8 +92,7 @@ RUN --mount=type=cache,target=/root/.ccache,sharing=locked \ && rm -rf /tmp/include-what-you-use-${INCLUDE_WHAT_YOU_USE_VERSION} \ && apt-get purge -y libclang-${CLANG_VERSION}-dev llvm-${CLANG_VERSION}-dev libsqlite3-dev \ && apt-get autoremove -y \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* + && apt-get clean # Update all tool alternatives to the correct version # and patch root's bashrc to include bash-completion diff --git a/.devcontainer/rust/Dockerfile b/.devcontainer/rust/Dockerfile index 979d48a0..3ca15cd4 100644 --- a/.devcontainer/rust/Dockerfile +++ b/.devcontainer/rust/Dockerfile @@ -13,9 +13,10 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"] # Install the base system with all tool dependencies # hadolint ignore=DL3008 RUN --mount=type=bind,source=.devcontainer/rust/apt-requirements-base.json,target=/tmp/apt-requirements-base.json \ + --mount=type=cache,target=/var/cache/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ apt-get update && apt-get install -y --no-install-recommends jq \ - && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-base.json | xargs apt-get install -y --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* + && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-base.json | xargs apt-get install -y --no-install-recommends # Include the Cisco Umbrella PKI Root RUN wget -qO /usr/local/share/ca-certificates/Cisco_Umbrella_Root_CA.crt https://www.cisco.com/security/pki/certs/ciscoumbrellaroot.pem \ From 86ddc02bb4de51cc2f24e00f08f8b138ba59695a Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Sat, 21 Jun 2025 16:38:05 +0000 Subject: [PATCH 05/11] chore: get rid of shellcheck ignore Don't source /etc/os-release but grep the value we want from it --- .devcontainer/cpp/Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index 9078ab03..fe56d8e4 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -38,13 +38,12 @@ ENV CCACHE_DIR=/cache/.ccache \ CPM_SOURCE_CACHE=/cache/.cpm-cache # Install clang toolchain and mull mutation testing framework -# hadolint ignore=SC1091 RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-clang.json,target=/tmp/apt-requirements-clang.json \ --mount=type=cache,target=/var/cache/apt,sharing=locked \ --mount=type=cache,target=/var/lib/apt,sharing=locked \ wget -qO - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --dearmor -o /usr/share/keyrings/llvm-snapshot-keyring.gpg \ && wget -qO - https://dl.cloudsmith.io/public/mull-project/mull-stable/gpg.41DB35380DE6BD6F.key | gpg --dearmor -o /usr/share/keyrings/mull-project-mull-stable-archive-keyring.gpg \ - && UBUNTU_CODENAME=$(. /etc/os-release; echo "${UBUNTU_CODENAME/*, /}") \ + && UBUNTU_CODENAME=$(grep '^UBUNTU_CODENAME=' /etc/os-release | cut -d= -f2) \ && echo "deb [signed-by=/usr/share/keyrings/llvm-snapshot-keyring.gpg] http://apt.llvm.org/${UBUNTU_CODENAME}/ llvm-toolchain-${UBUNTU_CODENAME}-${CLANG_VERSION} main" | tee /etc/apt/sources.list.d/llvm.list > /dev/null \ && echo "deb [signed-by=/usr/share/keyrings/mull-project-mull-stable-archive-keyring.gpg] https://dl.cloudsmith.io/public/mull-project/mull-stable/deb/ubuntu ${UBUNTU_CODENAME} main" | tee /etc/apt/sources.list.d/mull-project-mull-stable.list > /dev/null \ && echo -e 'Package: *\nPin: origin "apt.llvm.org"\nPin-Priority: 1000' > /etc/apt/preferences \ From faac07ae2619dd3777073a9ac2ff342061520b0e Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Sat, 21 Jun 2025 16:56:48 +0000 Subject: [PATCH 06/11] chore: remove sqlite3 cleanup it's not installed anyway --- .devcontainer/cpp/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index fe56d8e4..375e8c8d 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -89,7 +89,7 @@ RUN --mount=type=cache,target=/root/.ccache,sharing=locked \ && CC=clang CXX=clang++ cmake -DCMAKE_C_COMPILER_LAUNCHER=ccache -DCMAKE_CXX_COMPILER_LAUNCHER=ccache -S /tmp/include-what-you-use-${INCLUDE_WHAT_YOU_USE_VERSION} -B /tmp/include-what-you-use-${INCLUDE_WHAT_YOU_USE_VERSION}/build \ && cmake --build /tmp/include-what-you-use-${INCLUDE_WHAT_YOU_USE_VERSION}/build --target install \ && rm -rf /tmp/include-what-you-use-${INCLUDE_WHAT_YOU_USE_VERSION} \ - && apt-get purge -y libclang-${CLANG_VERSION}-dev llvm-${CLANG_VERSION}-dev libsqlite3-dev \ + && apt-get purge -y libclang-${CLANG_VERSION}-dev llvm-${CLANG_VERSION}-dev \ && apt-get autoremove -y \ && apt-get clean From 3e8316d43b2c84931d8d8f96ffcf57834e879bfc Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Thu, 26 Jun 2025 13:02:37 +0000 Subject: [PATCH 07/11] chore: prevent more unnecessary files in the output images --- .devcontainer/cpp/Dockerfile | 3 +++ .devcontainer/rust/Dockerfile | 1 + 2 files changed, 4 insertions(+) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index 9b2f25cd..12d34b9d 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -18,6 +18,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-base.json,target=/tmp/apt-requirements-base.json \ --mount=type=cache,target=/var/cache/apt,sharing=locked \ --mount=type=cache,target=/var/lib/apt,sharing=locked \ + --mount=type=cache,target=/var/log,sharing=locked \ apt-get update && apt-get install -y --no-install-recommends jq \ && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-base.json | xargs apt-get install -y --no-install-recommends @@ -40,6 +41,8 @@ ENV CCACHE_DIR=/cache/.ccache \ RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-clang.json,target=/tmp/apt-requirements-clang.json \ --mount=type=cache,target=/var/cache/apt,sharing=locked \ --mount=type=cache,target=/var/lib/apt,sharing=locked \ + --mount=type=cache,target=/var/log,sharing=locked \ + --mount=type=cache,target=/tmp,sharing=locked \ wget -qO - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --dearmor -o /usr/share/keyrings/llvm-snapshot-keyring.gpg \ && wget -qO - https://dl.cloudsmith.io/public/mull-project/mull-stable/gpg.41DB35380DE6BD6F.key | gpg --dearmor -o /usr/share/keyrings/mull-project-mull-stable-archive-keyring.gpg \ && UBUNTU_CODENAME=$(grep '^UBUNTU_CODENAME=' /etc/os-release | cut -d= -f2) \ diff --git a/.devcontainer/rust/Dockerfile b/.devcontainer/rust/Dockerfile index ee7ff67c..529e229a 100644 --- a/.devcontainer/rust/Dockerfile +++ b/.devcontainer/rust/Dockerfile @@ -15,6 +15,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN --mount=type=bind,source=.devcontainer/rust/apt-requirements-base.json,target=/tmp/apt-requirements-base.json \ --mount=type=cache,target=/var/cache/apt,sharing=locked \ --mount=type=cache,target=/var/lib/apt,sharing=locked \ + --mount=type=cache,target=/var/log,sharing=locked \ apt-get update && apt-get install -y --no-install-recommends jq \ && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-base.json | xargs apt-get install -y --no-install-recommends From ace0d93dea4f025a3f8ac379ebd93abde03ed658 Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Thu, 26 Jun 2025 13:12:48 +0000 Subject: [PATCH 08/11] chore: change mode of tmp cache mount --- .devcontainer/cpp/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index 12d34b9d..8c263554 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -42,7 +42,7 @@ RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-clang.json,targe --mount=type=cache,target=/var/cache/apt,sharing=locked \ --mount=type=cache,target=/var/lib/apt,sharing=locked \ --mount=type=cache,target=/var/log,sharing=locked \ - --mount=type=cache,target=/tmp,sharing=locked \ + --mount=type=cache,target=/tmp,sharing=locked,mode=1777 \ wget -qO - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --dearmor -o /usr/share/keyrings/llvm-snapshot-keyring.gpg \ && wget -qO - https://dl.cloudsmith.io/public/mull-project/mull-stable/gpg.41DB35380DE6BD6F.key | gpg --dearmor -o /usr/share/keyrings/mull-project-mull-stable-archive-keyring.gpg \ && UBUNTU_CODENAME=$(grep '^UBUNTU_CODENAME=' /etc/os-release | cut -d= -f2) \ From 351ed98dd6e02a6d8afb312add3c7e94c21a3845 Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Thu, 26 Jun 2025 13:30:12 +0000 Subject: [PATCH 09/11] chore: fix issue with numfmt and negative numbers --- .../actions/container-size-diff/container-size-diff.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/actions/container-size-diff/container-size-diff.sh b/.github/actions/container-size-diff/container-size-diff.sh index 3a914e83..1b378c38 100755 --- a/.github/actions/container-size-diff/container-size-diff.sh +++ b/.github/actions/container-size-diff/container-size-diff.sh @@ -5,6 +5,12 @@ set -Eeuo pipefail FROM_CONTAINER=${1:?} TO_CONTAINER=${2:?} +format_size() { + local SIZE=${1:?} + + numfmt --to iec --format '%.2f' -- "${size}" +} + get_sizes_from_manifest() { local CONTAINER=${1:?} declare -Ag ${2:?} @@ -60,5 +66,5 @@ do ICON="🔄" fi - echo "| ${PLATFORM} | $(numfmt --to iec --format '%.2f' ${FROM_SIZE}) | $(numfmt --to iec --format '%.2f' ${TO_SIZE}) | $(numfmt --to iec --format '%.2f' ${DELTA}) (${PERCENT_CHANGE}%) | ${ICON} |" + echo "| ${PLATFORM} | $(format_size ${FROM_SIZE}) | $(format_size ${TO_SIZE}) | $(format_size ${DELTA}) (${PERCENT_CHANGE}%) | ${ICON} |" done From c7317b5e143cc3a562252b291c20b2c5c88f22bb Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Thu, 26 Jun 2025 13:44:28 +0000 Subject: [PATCH 10/11] chore: prevent image pollution with log information --- .devcontainer/cpp/Dockerfile | 3 ++- .devcontainer/rust/Dockerfile | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index 8c263554..50e1fb44 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -92,7 +92,8 @@ RUN --mount=type=cache,target=/root/.ccache,sharing=locked \ # Update all tool alternatives to the correct version # and patch root's bashrc to include bash-completion -RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-14 10 \ +RUN --mount=type=cache,target=/var/log,sharing=locked \ + update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-14 10 \ --slave /usr/bin/g++ g++ /usr/bin/g++-14 \ --slave /usr/bin/gcov gcov /usr/bin/gcov-14 \ && update-alternatives --install /usr/bin/cc cc /usr/bin/gcc-14 10 \ diff --git a/.devcontainer/rust/Dockerfile b/.devcontainer/rust/Dockerfile index 529e229a..854cf32b 100644 --- a/.devcontainer/rust/Dockerfile +++ b/.devcontainer/rust/Dockerfile @@ -44,7 +44,8 @@ RUN batstmp="$(mktemp -d /tmp/bats-core-${BATS_VERSION}.XXXX)" \ # Update all tool alternatives to the correct version # and patch root's bashrc to include bash-completion -RUN update-alternatives --install /usr/bin/cc cc /usr/bin/gcc-14 20 \ +RUN --mount=type=cache,target=/var/log,sharing=locked \ + update-alternatives --install /usr/bin/cc cc /usr/bin/gcc-14 20 \ && cp /etc/skel/.bashrc /root/.bashrc # Install additional rust tools From d4dc94459077ddc7b882153ae33a03201c1866eb Mon Sep 17 00:00:00 2001 From: Ron <45816308+rjaegers@users.noreply.github.com> Date: Thu, 26 Jun 2025 13:47:03 +0000 Subject: [PATCH 11/11] chore: fix size script (again) --- .github/actions/container-size-diff/container-size-diff.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/container-size-diff/container-size-diff.sh b/.github/actions/container-size-diff/container-size-diff.sh index 1b378c38..91043d60 100755 --- a/.github/actions/container-size-diff/container-size-diff.sh +++ b/.github/actions/container-size-diff/container-size-diff.sh @@ -8,7 +8,7 @@ TO_CONTAINER=${2:?} format_size() { local SIZE=${1:?} - numfmt --to iec --format '%.2f' -- "${size}" + numfmt --to iec --format '%.2f' -- "${SIZE}" } get_sizes_from_manifest() {