marco/plugin-barman-cloud
1
0
Fork 0
mirror of https://github.com/cloudnative-pg/plugin-barman-cloud.git synced 2026-03-09 20:22:20 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
883ba6aa24
plugin-barman-cloud/containers/Dockerfile.sidecar
Marco Nenciarini 883ba6aa24
fix: use wheel-based build to fix bytecode staleness 
The sidecar uses a read-only filesystem which prevents Python from
creating bytecode at runtime. The previous approach pre-compiled
bytecode in a separate base image, but timestamps were corrupted
when files were copied between Docker stages, causing Python to
mark the bytecode as stale and recompile on every invocation.

This change builds Python dependencies as wheels in a pythonbuilder
stage using BuildKit cache mounts, then installs them in the final
python:3.13-slim-trixie stage using a bind mount. Wheels include
pre-compiled bytecode with correct timestamps. The bind mount keeps
wheels out of final layers, and the distroless complexity is
eliminated.

After wheel installation, we run compileall to ensure all Python
bytecode is freshly compiled with correct timestamps, preventing
any stale bytecode from remaining in the final image.

The separate barmanbase image, its workflow, and related Renovate
configuration are no longer needed and have been removed.

Closes #711
Closes #735

Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
2026-01-28 19:45:38 +01:00

91 lines
3.1 KiB
Docker
Raw Blame History

# Sidecar
# The container needs to provide and build two components:
# * barman-cloud
# * instance plugin
# Both components are built before going into the final container
# Build the manager binary
FROM --platform=$BUILDPLATFORM golang:1.25.6 AS gobuilder
ARG TARGETOS
ARG TARGETARCH
WORKDIR /workspace
# Copy the Go Modules manifests
COPY ../go.mod go.mod
COPY ../go.sum go.sum
# cache deps before building and copying source so that we don't need to re-download as much
# and so that source changes don't invalidate our downloaded layer
RUN go mod download
ENV GOCACHE=/root/.cache/go-build
ENV GOMODCACHE=/go/pkg/mod
# Copy the go source
COPY ../cmd/manager/main.go cmd/manager/main.go
COPY ../api/ api/
COPY ../internal/ internal/
# Build
# the GOARCH has not a default value to allow the binary be built according to the host where the command
# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO
# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache/go-build \
CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager cmd/manager/main.go
# Build wheel files for Python dependencies
FROM python:3.13-slim-trixie AS pythonbuilder
WORKDIR /build
# Install build dependencies
RUN apt-get update && \
apt-get install -y --no-install-recommends \
postgresql-common \
build-essential && \
/usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y && \
apt-get install -y --no-install-recommends libpq-dev
# Copy requirements
COPY containers/sidecar-requirements.txt .
# Build wheels with pip cache mount
RUN --mount=type=cache,target=/root/.cache/pip \
pip wheel --wheel-dir=/wheels -r sidecar-requirements.txt
# Final sidecar image
FROM python:3.13-slim-trixie
ENV SUMMARY="CloudNativePG Barman plugin" \
DESCRIPTION="Container image that provides the barman-cloud sidecar"
LABEL summary="$SUMMARY" \
description="$DESCRIPTION" \
io.k8s.display-name="$SUMMARY" \
io.k8s.description="$DESCRIPTION" \
name="CloudNativePG Barman plugin sidecar" \
vendor="CloudNativePG Contributors" \
url="https://cloudnative-pg.io/" \
version="" \
release="1"
# Install runtime dependencies
RUN apt-get update && \
apt-get install -y --no-install-recommends \
postgresql-common && \
/usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y && \
apt-get install -y --no-install-recommends libpq5 && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
# Install wheels using bind mount (wheels not included in final layers)
# and ensure all Python bytecode is freshly compiled with correct timestamps
RUN --mount=type=bind,from=pythonbuilder,source=/wheels,target=/wheels \
pip install --no-cache-dir /wheels/*.whl && \
python -m compileall -q
# Copy Go manager binary
COPY --from=gobuilder /workspace/manager /manager
USER 26:26
ENTRYPOINT ["/manager"]
Reference in New Issue View Git Blame Copy Permalink