Skip to content

Latest commit

 

History

History
81 lines (55 loc) · 2.72 KB

DEVELOPERS.md

File metadata and controls

81 lines (55 loc) · 2.72 KB

Basics

Each major version has its configuration in a subdirectory named after the version, e.g. ./v1/ has all the configuration for the v1 image.

Inside each version's directory there are 4 main files:

  • env: environment variables used to parameterise the Docker/docker-compose files:
    • BASE: the base Ubuntu version to build from, e.g. 22.04
    • MAJOR_VERSION: this shoud match the directory name.
  • dependencies.txt: the Ubuntu packages that need to be installed
  • build-dependencies.txt: the Ubuntu package needed to build any dependencies (these will not be included in the final image).
  • requirements.in: the list of packages to install (without version specfiers, unless needed for some reason).

There will also be two autogenerated files:

  • requirements.txt: the fully pinned set of python dependences generated with pip-compile.
  • packages.md: generated user facing documentation of package versions

Use just to build and test image versions:

just build v2
just test v2

ESM Packages on 20.04 images

We still support the older python:v1, but it is based on Ubuntu 20.04, which has reached EOL for security upgrades. So we have enabled ESM via Ubuntu Pro for these images.

This means that you do need a valid UBUNTU_PRO_TOKEN environment variable to build these images.

Add a new package to existing version

  • Add the new package without version specifier to all relevant version's requirement.in files
  • For each version, do the following:
    • Run just update $VERSION. This will update pacakges, then build and test the new image.
    • If the build fails, depending on the error message:
      • you may need to add a new system package to dependencies.txt
      • you may need to add a new build dependency package to build-dependencies.txt
      • you may need to finesse the tests for poorly packaged libraries: see BAD_PACKAGES
    • Inspect the changes to requirements.txt
      • ensure no pre-existing package has been updated by this change.

Create a new version

TODO, but basically, cp -a v$N v${N+1} and edit.

You will also need to configure appropriate security alerting rules as described here: https://github.com/opensafely-core/security/issues/30

Publishing

![WARNING] By default, these images are published via CI, so only do this if you know you need to, e.g. testing publishing a new version

To publish a version locally, you will need to be logged in to ghcr.io with the right permissions (docker login ghcr.io)

By default, this command is a dry run, and will show you the commands it will run:

just publish $version

To run for real, pass true:

just publish $version true