Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add docker release to the full release process #963

Merged
merged 33 commits into from
Apr 15, 2024
Merged
Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
35bd77c
add docker release to the full release process for final releases
mikealfare Apr 3, 2024
0823451
changelog
mikealfare Apr 3, 2024
ed33b0c
add Dockerfile
mikealfare Apr 3, 2024
a1c0a0b
Merge branch 'main' into config/docker-release
mikealfare Apr 5, 2024
50a27de
simplify dockerfile
mikealfare Apr 5, 2024
08af6ec
Merge remote-tracking branch 'origin/config/docker-release' into conf…
mikealfare Apr 5, 2024
cf97d67
simplify dockerfile
mikealfare Apr 5, 2024
a962d6a
move dev dockerfile into main dockerfile
mikealfare Apr 10, 2024
402077c
add docker to dependabot config
mikealfare Apr 10, 2024
5cd975b
resolve release.yml feedback
mikealfare Apr 11, 2024
383cf7e
add clarifying comments, distinguishing the dev and prod docker images
mikealfare Apr 11, 2024
c604acd
Merge branch 'main' into config/docker-release
mikealfare Apr 11, 2024
3464e27
docker linter updates
mikealfare Apr 11, 2024
5a9518f
Merge remote-tracking branch 'origin/config/docker-release' into conf…
mikealfare Apr 11, 2024
6083d88
update dev Dockerfile
mikealfare Apr 12, 2024
e706641
add version pins to Dockerfile
mikealfare Apr 12, 2024
17ee3e1
add and update make recipes for both versions
mikealfare Apr 12, 2024
818c80f
address wiz linter recommendations
mikealfare Apr 12, 2024
ae8b883
pin dev docker to py3.8
mikealfare Apr 12, 2024
a7fef7f
point to dev branch for docker release - revert this
mikealfare Apr 12, 2024
6d83dc2
update release title
mikealfare Apr 12, 2024
a07f853
point back to main
mikealfare Apr 12, 2024
2335ddc
Merge branch 'refs/heads/main' into config/docker-release
mikealfare Apr 12, 2024
d11a563
remove platform build arg, pin python deps, update repo ref to commit…
mikealfare Apr 12, 2024
8ab5be1
docker release requires the github release tag
mikealfare Apr 12, 2024
6996383
point to dev branch - revert this
mikealfare Apr 12, 2024
d14e119
remove unused build arg
mikealfare Apr 13, 2024
cb1f580
remove unused docker run
mikealfare Apr 13, 2024
8e467e6
update readme to align with the new container
mikealfare Apr 13, 2024
26afa2a
update build arg in test
mikealfare Apr 13, 2024
351df92
remove defaulted package name for docker release
mikealfare Apr 15, 2024
a3fe51f
point back to main
mikealfare Apr 15, 2024
36a5a56
remove changie entry
mikealfare Apr 15, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .changes/unreleased/Under the Hood-20240402-232851.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
kind: Under the Hood
body: Automate the Docker release as part of the PyPI release
time: 2024-04-02T23:28:51.524626-04:00
custom:
Author: mikealfare
Issue: "963"
5 changes: 5 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,8 @@ updates:
schedule:
interval: "daily"
rebase-strategy: "disabled"
- package-ecosystem: "docker"
directory: "/docker"
schedule:
interval: "weekly"
rebase-strategy: "disabled"
29 changes: 28 additions & 1 deletion .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@
#
# **when?**
# This workflow can be run manually on demand or can be called by other workflows
name: Release to GitHub and PyPI
name: "Release to GitHub, PyPI & Docker"
run-name: "Release ${{ inputs.version_number }} to GitHub, PyPI & Docker"

on:
workflow_dispatch:
Expand Down Expand Up @@ -208,6 +209,31 @@ jobs:
PYPI_API_TOKEN: ${{ secrets.PYPI_API_TOKEN }}
TEST_PYPI_API_TOKEN: ${{ secrets.TEST_PYPI_API_TOKEN }}

is-docker-release:
mikealfare marked this conversation as resolved.
Show resolved Hide resolved
name: "Is Docker Release"
runs-on: ubuntu-latest
needs: [pypi-release]
outputs:
is-docker-release: ${{ steps.semver.outputs.is-pre-release == 0 }}
steps:
- name: "Audit version to determine if it is a pre-release"
id: semver
uses: dbt-labs/actions/[email protected]
with:
version: ${{ inputs.version_number }}

docker-release:
name: "Docker Release"
needs: [is-docker-release]
if: ${{ needs.is-docker-release.outputs.is-docker-release }}
permissions:
packages: write
uses: dbt-labs/dbt-release/.github/workflows/release-docker.yml@main
with:
package: "dbt-snowflake"
mikealfare marked this conversation as resolved.
Show resolved Hide resolved
version_number: ${{ inputs.version_number }}
test_run: ${{ inputs.test_run }}

slack-notification:
name: Slack Notification
if: ${{ failure() && (!inputs.test_run || inputs.nightly_release) }}
Expand All @@ -218,6 +244,7 @@ jobs:
build-test-package,
github-release,
pypi-release,
docker-release,
]

uses: dbt-labs/dbt-release/.github/workflows/slack-post-notification.yml@main
Expand Down
31 changes: 13 additions & 18 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -66,32 +66,27 @@ help: ## Show this help message.
@echo 'targets:'
@grep -E '^[7+a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'

.PHONY: ubuntu
ubuntu:
docker build -f docker/Dockerfile -t dbt-snowflake-dev .
docker run --rm -it --name dbt-snowflake-dev -v $(shell pwd):/opt/code dbt-snowflake-dev

.PHONY: ubuntu-py38
ubuntu-py38:
docker build -f docker_dev/ubuntu.Dockerfile -t dbt-snowflake-ubuntu-py38 . --build-arg version=3.8
docker run --rm -it --name dbt-snowflake-ubuntu-py38 -v $(shell pwd):/opt/code dbt-snowflake-ubuntu-py38
docker build -f docker/Dockerfile -t dbt-snowflake-dev . --build-arg py_version=3.8
docker run --rm -it --name dbt-snowflake-dev -v $(shell pwd):/opt/code dbt-snowflake-dev

.PHONY: ubuntu-py39
ubuntu-py39:
docker build -f docker_dev/ubuntu.Dockerfile -t dbt-snowflake-ubuntu-py39 . --build-arg version=3.9
docker run --rm -it --name dbt-snowflake-ubuntu-py39 -v $(shell pwd):/opt/code dbt-snowflake-ubuntu-py39
docker build -f docker/Dockerfile -t dbt-snowflake-dev . --build-arg py_version=3.9
docker run --rm -it --name dbt-snowflake-dev -v $(shell pwd):/opt/code dbt-snowflake-dev

.PHONY: ubuntu-py310
ubuntu-py310:
docker build -f docker_dev/ubuntu.Dockerfile -t dbt-snowflake-ubuntu-py310 . --build-arg version=3.10
docker run --rm -it --name dbt-snowflake-ubuntu-py310 -v $(shell pwd):/opt/code dbt-snowflake-ubuntu-py310
docker build -f docker/Dockerfile -t dbt-snowflake-dev . --build-arg py_version=3.10
docker run --rm -it --name dbt-snowflake-dev -v $(shell pwd):/opt/code dbt-snowflake-dev

.PHONY: ubuntu-py311
ubuntu-py311:
docker build -f docker_dev/ubuntu.Dockerfile -t dbt-snowflake-ubuntu-py311 . --build-arg version=3.11
docker run --rm -it --name dbt-snowflake-ubuntu-py311 -v $(shell pwd):/opt/code dbt-snowflake-ubuntu-py311

.PHONY: debian-py38
debian-py38:
docker build -f docker/debian-py38.Dockerfile -t dbt-snowflake-debian-py38 . --build-arg version=3.8.15
docker run --rm -it --name dbt-snowflake-debian-py38 -v $(shell pwd):/opt/code dbt-snowflake-debian-py38

.PHONY: dev-env-default
dev-env-default:
docker build -f docker/dev-env-default.Dockerfile -t dbt-snowflake-dev-env-default .
docker run --rm -it --name dbt-snowflake-dev-env-default -v $(shell pwd):/opt/code dbt-snowflake-dev-env-default
docker build -f docker/Dockerfile -t dbt-snowflake-dev . --build-arg py_version=3.11
docker run --rm -it --name dbt-snowflake-dev -v $(shell pwd):/opt/code dbt-snowflake-dev
61 changes: 61 additions & 0 deletions docker/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
ARG build_for=linux/amd64
ARG py_version=3.10.7
ARG dbt_snowflake_ref=dbt-snowflake@main


FROM --platform=$build_for python:$py_version-slim-bullseye as base

Check warning on line 6 in docker/Dockerfile

View check run for this annotation

Wiz Inc. (266a8a9c32) / Wiz IaC Scanner

Using Platform Flag with FROM Command

Rule ID: c5e5995a-7d8e-4fbb-8dce-880a79438927 Severity: Medium Resource: FROM={{--platform=$build_for python:$py_version-slim-bullseye as base}}.{{FROM --platform=$build_for python:$py_version-slim-bullseye as base}} Don't use '--platform' flag with FROM
Raw output
Expected: FROM={{--platform=$build_for python:$py_version-slim-bullseye as base}}.{{FROM --platform=$build_for python:$py_version-slim-bullseye as base}} shouldn't use the flag '--platform'
Found: FROM={{--platform=$build_for python:$py_version-slim-bullseye as base}}.{{FROM --platform=$build_for python:$py_version-slim-bullseye as base}} uses the flag '--platform'

RUN apt-get update \

Check warning on line 8 in docker/Dockerfile

View check run for this annotation

Wiz Inc. (266a8a9c32) / Wiz IaC Scanner

Apt Get Install Pin Version Not Defined

Rule ID: 8dabde7b-ee7e-440a-8b59-73636b0cfda5 Severity: Medium Resource: FROM={{--platform=$build_for python:$py_version-slim-bullseye as base}}.RUN={{apt-get update && apt-get dist-upgrade -y && apt-get install -y --no-install-recommends git ssh-client software-properties-common make build-essential ca-certificates libpq-dev && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*}} When installing a package, its pin version should be defined
Raw output
Expected: Package 'ca-certificates' has version defined
Found: Package 'ca-certificates' does not have version defined

Check warning on line 8 in docker/Dockerfile

View check run for this annotation

Wiz Inc. (266a8a9c32) / Wiz IaC Scanner

Apt Get Install Pin Version Not Defined

Rule ID: 8dabde7b-ee7e-440a-8b59-73636b0cfda5 Severity: Medium Resource: FROM={{--platform=$build_for python:$py_version-slim-bullseye as base}}.RUN={{apt-get update && apt-get dist-upgrade -y && apt-get install -y --no-install-recommends git ssh-client software-properties-common make build-essential ca-certificates libpq-dev && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*}} When installing a package, its pin version should be defined
Raw output
Expected: Package 'git' has version defined
Found: Package 'git' does not have version defined

Check warning on line 8 in docker/Dockerfile

View check run for this annotation

Wiz Inc. (266a8a9c32) / Wiz IaC Scanner

Apt Get Install Pin Version Not Defined

Rule ID: 8dabde7b-ee7e-440a-8b59-73636b0cfda5 Severity: Medium Resource: FROM={{--platform=$build_for python:$py_version-slim-bullseye as base}}.RUN={{apt-get update && apt-get dist-upgrade -y && apt-get install -y --no-install-recommends git ssh-client software-properties-common make build-essential ca-certificates libpq-dev && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*}} When installing a package, its pin version should be defined
Raw output
Expected: Package 'libpq-dev' has version defined
Found: Package 'libpq-dev' does not have version defined

Check warning on line 8 in docker/Dockerfile

View check run for this annotation

Wiz Inc. (266a8a9c32) / Wiz IaC Scanner

Apt Get Install Pin Version Not Defined

Rule ID: 8dabde7b-ee7e-440a-8b59-73636b0cfda5 Severity: Medium Resource: FROM={{--platform=$build_for python:$py_version-slim-bullseye as base}}.RUN={{apt-get update && apt-get dist-upgrade -y && apt-get install -y --no-install-recommends git ssh-client software-properties-common make build-essential ca-certificates libpq-dev && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*}} When installing a package, its pin version should be defined
Raw output
Expected: Package 'software-properties-common' has version defined
Found: Package 'software-properties-common' does not have version defined

Check warning on line 8 in docker/Dockerfile

View check run for this annotation

Wiz Inc. (266a8a9c32) / Wiz IaC Scanner

Apt Get Install Pin Version Not Defined

Rule ID: 8dabde7b-ee7e-440a-8b59-73636b0cfda5 Severity: Medium Resource: FROM={{--platform=$build_for python:$py_version-slim-bullseye as base}}.RUN={{apt-get update && apt-get dist-upgrade -y && apt-get install -y --no-install-recommends git ssh-client software-properties-common make build-essential ca-certificates libpq-dev && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*}} When installing a package, its pin version should be defined
Raw output
Expected: Package 'ssh-client' has version defined
Found: Package 'ssh-client' does not have version defined

Check warning on line 8 in docker/Dockerfile

View check run for this annotation

Wiz Inc. (266a8a9c32) / Wiz IaC Scanner

Apt Get Install Pin Version Not Defined

Rule ID: 8dabde7b-ee7e-440a-8b59-73636b0cfda5 Severity: Medium Resource: FROM={{--platform=$build_for python:$py_version-slim-bullseye as base}}.RUN={{apt-get update && apt-get dist-upgrade -y && apt-get install -y --no-install-recommends git ssh-client software-properties-common make build-essential ca-certificates libpq-dev && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*}} When installing a package, its pin version should be defined
Raw output
Expected: Package 'make' has version defined
Found: Package 'make' does not have version defined

Check warning on line 8 in docker/Dockerfile

View check run for this annotation

Wiz Inc. (266a8a9c32) / Wiz IaC Scanner

Apt Get Install Pin Version Not Defined

Rule ID: 8dabde7b-ee7e-440a-8b59-73636b0cfda5 Severity: Medium Resource: FROM={{--platform=$build_for python:$py_version-slim-bullseye as base}}.RUN={{apt-get update && apt-get dist-upgrade -y && apt-get install -y --no-install-recommends git ssh-client software-properties-common make build-essential ca-certificates libpq-dev && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*}} When installing a package, its pin version should be defined
Raw output
Expected: Package 'build-essential' has version defined
Found: Package 'build-essential' does not have version defined
&& apt-get dist-upgrade -y \
&& apt-get install -y --no-install-recommends \
git \
ssh-client \
software-properties-common \
make \
build-essential \
ca-certificates \
libpq-dev \
&& apt-get clean \
&& rm -rf \
/var/lib/apt/lists/* \
/tmp/* \
/var/tmp/*

ENV PYTHONIOENCODING=utf-8
ENV LANG=C.UTF-8

RUN python -m pip install --upgrade pip setuptools wheel --no-cache-dir


mikealfare marked this conversation as resolved.
Show resolved Hide resolved
FROM base as dbt-snowflake

WORKDIR /usr/app/dbt/
ENTRYPOINT ["dbt"]

RUN python -m pip install --no-cache-dir "dbt-snowflake @ git+https://github.com/dbt-labs/${dbt_snowflake_ref}"

Check warning on line 35 in docker/Dockerfile

View check run for this annotation

Wiz Inc. (266a8a9c32) / Wiz IaC Scanner

Unpinned Package Version in Pip Install

Rule ID: 1f0d05d7-8caf-4f04-bc60-332d472de5a9 Severity: Medium Resource: FROM={{base as dbt-snowflake}}.{{RUN python -m pip install --no-cache-dir "dbt-snowflake @ git+https://github.com/dbt-labs/${dbt_snowflake_ref}"}} Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes
Raw output
Expected: RUN instruction with 'pip/pip3 install <package>' should use package pinning form 'pip/pip3 install <package>=<version>'
Found: RUN instruction python -m pip install --no-cache-dir "dbt-snowflake @ git+https://github.com/dbt-labs/dbt-snowflake@main" does not use package pinning form


FROM base as dbt-snowflake-dev

Check failure on line 38 in docker/Dockerfile

View check run for this annotation

Wiz Inc. (266a8a9c32) / Wiz IaC Scanner

Missing User Instruction

Rule ID: e54afcf9-dc71-484a-8967-d930e3044062 Severity: High Resource: FROM={{base as dbt-snowflake-dev}} A user should be specified in the dockerfile, otherwise the image will run as root
Raw output
Expected: The 'Dockerfile' should contain the 'USER' instruction
Found: The 'Dockerfile' does not contain any 'USER' instruction

Check notice on line 38 in docker/Dockerfile

View check run for this annotation

Wiz Inc. (266a8a9c32) / Wiz IaC Scanner

Healthcheck Instruction Missing

Rule ID: db295f99-0fff-4e7b-9906-ec2a057f384b Severity: Low Resource: FROM={{base as dbt-snowflake-dev}} Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
Raw output
Expected: Dockerfile should contain instruction 'HEALTHCHECK'
Found: Dockerfile doesn't contain instruction 'HEALTHCHECK'
mikealfare marked this conversation as resolved.
Show resolved Hide resolved

RUN apt-get update && \

Check warning on line 40 in docker/Dockerfile

View check run for this annotation

Wiz Inc. (266a8a9c32) / Wiz IaC Scanner

Apt Get Install Pin Version Not Defined

Rule ID: 8dabde7b-ee7e-440a-8b59-73636b0cfda5 Severity: Medium Resource: FROM={{base as dbt-snowflake-dev}}.RUN={{apt-get update && apt-get install -y --no-install-recommends git-all libbz2-dev libffi-dev libgdbm-dev libncurses5-dev libnss3-dev libreadline-dev libsqlite3-dev libssl-dev wget zlib1g-dev}} When installing a package, its pin version should be defined
Raw output
Expected: Package 'zlib1g-dev' has version defined
Found: Package 'zlib1g-dev' does not have version defined

Check warning on line 40 in docker/Dockerfile

View check run for this annotation

Wiz Inc. (266a8a9c32) / Wiz IaC Scanner

Apt Get Install Pin Version Not Defined

Rule ID: 8dabde7b-ee7e-440a-8b59-73636b0cfda5 Severity: Medium Resource: FROM={{base as dbt-snowflake-dev}}.RUN={{apt-get update && apt-get install -y --no-install-recommends git-all libbz2-dev libffi-dev libgdbm-dev libncurses5-dev libnss3-dev libreadline-dev libsqlite3-dev libssl-dev wget zlib1g-dev}} When installing a package, its pin version should be defined
Raw output
Expected: Package 'libbz2-dev' has version defined
Found: Package 'libbz2-dev' does not have version defined

Check warning on line 40 in docker/Dockerfile

View check run for this annotation

Wiz Inc. (266a8a9c32) / Wiz IaC Scanner

Apt Get Install Pin Version Not Defined

Rule ID: 8dabde7b-ee7e-440a-8b59-73636b0cfda5 Severity: Medium Resource: FROM={{base as dbt-snowflake-dev}}.RUN={{apt-get update && apt-get install -y --no-install-recommends git-all libbz2-dev libffi-dev libgdbm-dev libncurses5-dev libnss3-dev libreadline-dev libsqlite3-dev libssl-dev wget zlib1g-dev}} When installing a package, its pin version should be defined
Raw output
Expected: Package 'libffi-dev' has version defined
Found: Package 'libffi-dev' does not have version defined

Check warning on line 40 in docker/Dockerfile

View check run for this annotation

Wiz Inc. (266a8a9c32) / Wiz IaC Scanner

Apt Get Install Pin Version Not Defined

Rule ID: 8dabde7b-ee7e-440a-8b59-73636b0cfda5 Severity: Medium Resource: FROM={{base as dbt-snowflake-dev}}.RUN={{apt-get update && apt-get install -y --no-install-recommends git-all libbz2-dev libffi-dev libgdbm-dev libncurses5-dev libnss3-dev libreadline-dev libsqlite3-dev libssl-dev wget zlib1g-dev}} When installing a package, its pin version should be defined
Raw output
Expected: Package 'libncurses5-dev' has version defined
Found: Package 'libncurses5-dev' does not have version defined

Check warning on line 40 in docker/Dockerfile

View check run for this annotation

Wiz Inc. (266a8a9c32) / Wiz IaC Scanner

Apt Get Install Pin Version Not Defined

Rule ID: 8dabde7b-ee7e-440a-8b59-73636b0cfda5 Severity: Medium Resource: FROM={{base as dbt-snowflake-dev}}.RUN={{apt-get update && apt-get install -y --no-install-recommends git-all libbz2-dev libffi-dev libgdbm-dev libncurses5-dev libnss3-dev libreadline-dev libsqlite3-dev libssl-dev wget zlib1g-dev}} When installing a package, its pin version should be defined
Raw output
Expected: Package 'wget' has version defined
Found: Package 'wget' does not have version defined

Check warning on line 40 in docker/Dockerfile

View check run for this annotation

Wiz Inc. (266a8a9c32) / Wiz IaC Scanner

Apt Get Install Pin Version Not Defined

Rule ID: 8dabde7b-ee7e-440a-8b59-73636b0cfda5 Severity: Medium Resource: FROM={{base as dbt-snowflake-dev}}.RUN={{apt-get update && apt-get install -y --no-install-recommends git-all libbz2-dev libffi-dev libgdbm-dev libncurses5-dev libnss3-dev libreadline-dev libsqlite3-dev libssl-dev wget zlib1g-dev}} When installing a package, its pin version should be defined
Raw output
Expected: Package 'libnss3-dev' has version defined
Found: Package 'libnss3-dev' does not have version defined

Check warning on line 40 in docker/Dockerfile

View check run for this annotation

Wiz Inc. (266a8a9c32) / Wiz IaC Scanner

Apt Get Install Pin Version Not Defined

Rule ID: 8dabde7b-ee7e-440a-8b59-73636b0cfda5 Severity: Medium Resource: FROM={{base as dbt-snowflake-dev}}.RUN={{apt-get update && apt-get install -y --no-install-recommends git-all libbz2-dev libffi-dev libgdbm-dev libncurses5-dev libnss3-dev libreadline-dev libsqlite3-dev libssl-dev wget zlib1g-dev}} When installing a package, its pin version should be defined
Raw output
Expected: Package 'libreadline-dev' has version defined
Found: Package 'libreadline-dev' does not have version defined

Check warning on line 40 in docker/Dockerfile

View check run for this annotation

Wiz Inc. (266a8a9c32) / Wiz IaC Scanner

Apt Get Install Pin Version Not Defined

Rule ID: 8dabde7b-ee7e-440a-8b59-73636b0cfda5 Severity: Medium Resource: FROM={{base as dbt-snowflake-dev}}.RUN={{apt-get update && apt-get install -y --no-install-recommends git-all libbz2-dev libffi-dev libgdbm-dev libncurses5-dev libnss3-dev libreadline-dev libsqlite3-dev libssl-dev wget zlib1g-dev}} When installing a package, its pin version should be defined
Raw output
Expected: Package 'libsqlite3-dev' has version defined
Found: Package 'libsqlite3-dev' does not have version defined

Check warning on line 40 in docker/Dockerfile

View check run for this annotation

Wiz Inc. (266a8a9c32) / Wiz IaC Scanner

Apt Get Install Pin Version Not Defined

Rule ID: 8dabde7b-ee7e-440a-8b59-73636b0cfda5 Severity: Medium Resource: FROM={{base as dbt-snowflake-dev}}.RUN={{apt-get update && apt-get install -y --no-install-recommends git-all libbz2-dev libffi-dev libgdbm-dev libncurses5-dev libnss3-dev libreadline-dev libsqlite3-dev libssl-dev wget zlib1g-dev}} When installing a package, its pin version should be defined
Raw output
Expected: Package 'git-all' has version defined
Found: Package 'git-all' does not have version defined

Check warning on line 40 in docker/Dockerfile

View check run for this annotation

Wiz Inc. (266a8a9c32) / Wiz IaC Scanner

Apt Get Install Pin Version Not Defined

Rule ID: 8dabde7b-ee7e-440a-8b59-73636b0cfda5 Severity: Medium Resource: FROM={{base as dbt-snowflake-dev}}.RUN={{apt-get update && apt-get install -y --no-install-recommends git-all libbz2-dev libffi-dev libgdbm-dev libncurses5-dev libnss3-dev libreadline-dev libsqlite3-dev libssl-dev wget zlib1g-dev}} When installing a package, its pin version should be defined
Raw output
Expected: Package 'libgdbm-dev' has version defined
Found: Package 'libgdbm-dev' does not have version defined

Check warning on line 40 in docker/Dockerfile

View check run for this annotation

Wiz Inc. (266a8a9c32) / Wiz IaC Scanner

Apt Get Install Pin Version Not Defined

Rule ID: 8dabde7b-ee7e-440a-8b59-73636b0cfda5 Severity: Medium Resource: FROM={{base as dbt-snowflake-dev}}.RUN={{apt-get update && apt-get install -y --no-install-recommends git-all libbz2-dev libffi-dev libgdbm-dev libncurses5-dev libnss3-dev libreadline-dev libsqlite3-dev libssl-dev wget zlib1g-dev}} When installing a package, its pin version should be defined
Raw output
Expected: Package 'libssl-dev' has version defined
Found: Package 'libssl-dev' does not have version defined

Check notice on line 40 in docker/Dockerfile

View check run for this annotation

Wiz Inc. (266a8a9c32) / Wiz IaC Scanner

Apt Get Install Lists Were Not Deleted

Rule ID: ac6dfbf3-214a-4139-b5d5-0afe45dd2b3c Severity: None Resource: FROM={{base as dbt-snowflake-dev}}.RUN={{apt-get update && apt-get install -y --no-install-recommends git-all libbz2-dev libffi-dev libgdbm-dev libncurses5-dev libnss3-dev libreadline-dev libsqlite3-dev libssl-dev wget zlib1g-dev}} After using apt-get install, it is needed to delete apt-get lists
Raw output
Expected: After using apt-get install, the apt-get lists should be deleted
Found: After using apt-get install, the apt-get lists were not deleted
apt-get install -y --no-install-recommends \
git-all \
libbz2-dev \
libffi-dev \
libgdbm-dev \
libncurses5-dev \
libnss3-dev \
libreadline-dev \
libsqlite3-dev \
libssl-dev \
wget \
zlib1g-dev

# setup mount for local code
WORKDIR /opt/code
VOLUME /opt/code

ENTRYPOINT python -m pip install --no-cache-dir -e . -r dev-requirements.txt \

Check warning on line 58 in docker/Dockerfile

View check run for this annotation

Wiz Inc. (266a8a9c32) / Wiz IaC Scanner

Not Using JSON In CMD And ENTRYPOINT Arguments

Rule ID: 7daa1e00-cbdb-4d17-b012-bf3a167f1fd5 Severity: Medium Resource: FROM={{base as dbt-snowflake-dev}}.{{ENTRYPOINT python -m pip install --no-cache-dir -e . -r dev-requirements.txt && pre-commit install}} Ensure that we are using JSON in the CMD and ENTRYPOINT Arguments
Raw output
Expected: FROM={{base as dbt-snowflake-dev}}.{{ENTRYPOINT python -m pip install --no-cache-dir -e . -r dev-requirements.txt   && pre-commit install}} is in the JSON Notation
Found: FROM={{base as dbt-snowflake-dev}}.{{ENTRYPOINT python -m pip install --no-cache-dir -e . -r dev-requirements.txt   && pre-commit install}} isn't in the JSON Notation
&& pre-commit install

ENV PYTHONUNBUFFERED=1
70 changes: 70 additions & 0 deletions docker/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
# Docker for dbt
This docker file is suitable for building dbt Docker images locally or using with CI/CD to automate populating a container registry.


## Building an image:
This Dockerfile can create images for the following target: `dbt-snowflake`

In order to build a new image, run the following docker command.
```shell
docker build --tag <your_image_name> --target dbt-snowflake <path/to/dockerfile>
```
---
> **Note:** Docker must be configured to use [BuildKit](https://docs.docker.com/develop/develop-images/build_enhancements/) in order for images to build properly!

---

By default the images will be populated with the most recent release of `dbt-snowflake`. If you need to use a different version you can specify it by git ref using the `--build-arg` flag:
```shell
docker build --tag <your_image_name> \
--target dbt-snowflake \
--build-arg dbt_snowflake_ref=<git_ref> \
<path/to/dockerfile>
```

### Examples:
To build an image named "my-dbt" that supports Snowflake using the latest releases:
```shell
cd dbt-core/docker
docker build --tag my-dbt --target dbt-snowflake .
```

To build an image named "my-other-dbt" that supports Snowflake using the adapter version 1.0.0b1:
```shell
cd dbt-core/docker
docker build \
--tag my-other-dbt \
--target dbt-snowflake \
--build-arg [email protected] \
.
```

## Special cases
There are a few special cases worth noting:

* If you need to build against another architecture (linux/arm64 in this example) you can override the `build_for` build arg:
```shell
docker build --tag my_dbt \
--target dbt-snowflake \
--build-arg build_for=linux/arm64 \
<path/to/dockerfile>
```

Supported architectures can be found in the python docker [dockerhub page](https://hub.docker.com/_/python).

## Running an image in a container:
The `ENTRYPOINT` for this Dockerfile is the command `dbt` so you can bind-mount your project to `/usr/app` and use dbt as normal:
```shell
docker run \
--network=host \
--mount type=bind,source=path/to/project,target=/usr/app \
--mount type=bind,source=path/to/profiles.yml,target=/root/.dbt/profiles.yml \
my-dbt \
ls
```
---
**Notes:**
* Bind-mount sources _must_ be an absolute path
* You may need to make adjustments to the docker networking setting depending on the specifics of your data warehouse/database host.

---
22 changes: 22 additions & 0 deletions docker/test.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# - VERY rudimentary test script to run latest + specific branch image builds and test them all by running `--version`
# TODO: create a real test suite

clear \
&& echo "\n\n"\
"########################################\n"\
"##### Testing dbt-snowflake latest #####\n"\
"########################################\n"\
&& docker build --tag dbt-snowflake \
--target dbt-snowflake \
docker \
&& docker run dbt-snowflake --version \
\
&& echo "\n\n"\
"#########################################\n"\
"##### Testing dbt-snowflake-1.0.0b1 #####\n"\
"#########################################\n"\
&& docker build --tag dbt-snowflake-1.0.0b1 \
--target dbt-snowflake \
--build-arg [email protected] \
docker \
&& docker run dbt-snowflake-1.0.0b1 --version
5 changes: 0 additions & 5 deletions docker_dev/README.md

This file was deleted.

49 changes: 0 additions & 49 deletions docker_dev/debian.Dockerfile

This file was deleted.

25 changes: 0 additions & 25 deletions docker_dev/dev-env-default.Dockerfile

This file was deleted.

Loading
Loading