Add 3.x docker images (#572)

farost · krishnangovindraj · web-flow · commit ab777bf067b1 · 2025-05-01T10:38:17.000+01:00
## Usage and product changes Add a base Ubuntu image with CA certificates preinstalled for TypeDB 3.x. ## Motivation TypeDB Docker image required a stable base image with [CA certificates](typedb/typedb#7414). ## Implementation Split Ubuntu images into `2.x` (the old image with JVM) and `3.x`. Introduce a `VERSION` file for the images to easily match multiple arch-specific images and the TypeDB Server requiring it. Other reasoning for decisions is described in `README`s. Now, to update all 3.x images, except for the environment setup, you can just update the `VERSION` file locally and run a single script, which will do the whole work. --------- Co-authored-by: Krishnan Govindraj <krishnan@typedb.com>
diff --git a/images/docker/BUILD b/images/docker/BUILD
@@ -0,0 +1,14 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+load("//tool/checkstyle:rules.bzl", "checkstyle_test")
+exports_files(["assemble-docker.sh", "deploy-docker.sh"])
+
+checkstyle_test(
+    name = "checkstyle",
+    include = glob(["*"]),
+    exclude = glob(["*.md"]),
+    license_type = "mpl-header",
+    size = "small",
+)
diff --git a/images/docker/README.md b/images/docker/README.md
@@ -0,0 +1,11 @@
+# TypeDB Docker Images
+
+TypeDB uses custom Docker images for different applications.
+
+These images can be created using image layers through Bazel rules (e.g., `docker_container_run_and_commit`), but we’ve
+encountered OS-specific issues — presumably due to missing hidden parameters in the generated images. Additionally, we
+don’t expect the base images to change frequently. Therefore, it’s more reliable to prepare them once and store them in
+a separate repository.
+
+Currently, there are multiple Ubuntu-based images with the required dependencies for both Java-based and
+Rust-based [TypeDB servers](https://github.com/typedb/typedb).
diff --git a/images/docker/assemble-docker.sh b/images/docker/assemble-docker.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+set -ex
+
+# Usage: ./assemble-docker.sh Dockerfile.amd64 amd64 3.1.0 typedb ubuntu
+
+DOCKERFILE=$(realpath $1)
+PLATFORM=$2
+TAG=$(cat $3)
+DOCKER_ORG=$4
+DOCKER_REPO=$5
+FULL_TAG="${DOCKER_ORG}/${DOCKER_REPO}:${TAG}"
+echo "Assembling image for ${PLATFORM}: ${FULL_TAG}"
+docker buildx build --platform "linux/${PLATFORM}" --load -f $DOCKERFILE -t "${FULL_TAG}" .
+echo "Successfully assembled ${FULL_TAG}"
diff --git a/images/docker/deploy-docker.sh b/images/docker/deploy-docker.sh
@@ -3,12 +3,15 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at https://mozilla.org/MPL/2.0/.
 
-
 set -ex
 
-DOCKER_VERSION_LIB=$1
-DOCKER_VERSION=`$DOCKER_VERSION_LIB`
+# Usage: ./deploy-docker.sh amd64 3.1.0 typedb ubuntu
+
+TAG=$(cat $1)
 DOCKER_ORG=$2
 DOCKER_REPO=$3
+TAG="${DOCKER_ORG}/${DOCKER_REPO}:${TAG}"
 
-docker push $DOCKER_ORG/$DOCKER_REPO:$DOCKER_VERSION
+echo "Deploying image: ${TAG}"
+docker push "${TAG}"
+echo "Successfully pushed ${TAG}"
diff --git a/images/docker/ubuntu-2x/BUILD b/images/docker/ubuntu-2x/BUILD
@@ -0,0 +1,62 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+
+load("//images/docker/ubuntu-2x:deployment.bzl", deployment_docker = "deployment")
+load("//tool/checkstyle:rules.bzl", "checkstyle_test")
+
+# Gen-rules to generate <VERSION>-<PLATFORM> as tag
+genrule(
+    name = "tag-amd64",
+    srcs = [":VERSION"],
+    outs = ["tag-amd64.txt"],
+    cmd = "cat $(location :VERSION) | tr -d '\n' > $(location tag-amd64.txt) && echo \"-amd64\" >> $(location tag-amd64.txt)",
+)
+
+genrule(
+    name = "tag-arm64",
+    srcs = [":VERSION"],
+    outs = ["tag-arm64.txt"],
+    cmd = "cat $(location :VERSION) | tr -d '\n' > $(location tag-arm64.txt) && echo \"-arm64\" >> $(location tag-arm64.txt)",
+)
+
+sh_binary(
+    name = "assemble-docker-amd64",
+    srcs = ["//images/docker:assemble-docker.sh"],
+    data = ["Dockerfile.amd64", "VERSION", "tag-amd64"],
+    deps = [":tag-amd64"],
+    args = ["$(location Dockerfile.amd64)", "amd64", "$(location :tag-amd64)", deployment_docker["docker.organisation"], deployment_docker["docker.repository"]]
+)
+
+sh_binary(
+    name = "assemble-docker-arm64",
+    srcs = ["//images/docker:assemble-docker.sh"],
+    data = ["Dockerfile.arm64", "VERSION", "tag-arm64"],
+    deps = [":tag-arm64"],
+    args = ["$(location Dockerfile.arm64)", "arm64", "$(location :tag-arm64)", deployment_docker["docker.organisation"], deployment_docker["docker.repository"]]
+)
+
+sh_binary(
+    name = "deploy-docker-amd64",
+    deps = [],
+    srcs = ["//images/docker:deploy-docker.sh"],
+    data = ["VERSION", "tag-amd64"],
+    args = ["$(location :tag-amd64)", deployment_docker["docker.organisation"], deployment_docker["docker.repository"]]
+)
+
+sh_binary(
+    name = "deploy-docker-arm64",
+    deps = [],
+    srcs = ["//images/docker:deploy-docker.sh"],
+    data = ["VERSION", "tag-arm64"],
+    args = ["$(location :tag-arm64)", deployment_docker["docker.organisation"], deployment_docker["docker.repository"]]
+)
+
+checkstyle_test(
+    name = "checkstyle",
+    include = glob(["*"]),
+    exclude = glob(["*.md", "VERSION"]),
+    license_type = "mpl-header",
+    size = "small",
+)
diff --git a/images/docker/ubuntu-2x/Dockerfile.amd64 b/images/docker/ubuntu-2x/Dockerfile.amd64
@@ -3,5 +3,5 @@
 # file, You can obtain one at https://mozilla.org/MPL/2.0/.
 
 
-FROM ubuntu:focal-20210723
+FROM ubuntu@sha256:1e48201ccc2ab83afc435394b3bf70af0fa0055215c1e26a5da9b50a1ae367c9
 RUN apt-get -y update && apt-get install -y openjdk-11-jre-headless && rm -rf /var/lib/apt/lists
diff --git a/images/docker/ubuntu-2x/Dockerfile.arm64 b/images/docker/ubuntu-2x/Dockerfile.arm64
@@ -1,7 +1,7 @@
-#!/usr/bin/env bash
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at https://mozilla.org/MPL/2.0/.
 
 
-echo "$(git -C $BUILD_WORKSPACE_DIRECTORY rev-parse HEAD)"
+FROM ubuntu@sha256:c0dd38485ed8b6e149d2fc935d1c61a3b750cda3b3eace0ad6df4abe33fa2b90
+RUN apt-get -y update && apt-get install -y openjdk-11-jre-headless && rm -rf /var/lib/apt/lists
diff --git a/images/docker/ubuntu-2x/README.md b/images/docker/ubuntu-2x/README.md
@@ -0,0 +1,24 @@
+# TypeDB Ubuntu 2.x Images
+
+These images are prepared for TypeDB 2.x and contain all the required dependencies like JVM.
+
+Images are prepared for two base architectures: `arm64` and `amd64`. Images are tagged based on the current `VERSION` and Git commit SHA.
+
+## Usage
+
+### Setup
+
+Images are assembled and deployed from local machines with [Docker](https://www.docker.com/get-started/).
+
+To authenticate before starting the work, use:
+
+```shell
+docker login
+```
+
+### Execution
+
+Using a suitable OS and architecture, use `bazel run //images/docker/ubuntu-2x:<target>`.
+
+If Bazel rules do not work on your machine, run `assemble-docker.sh` and `deploy-docker.sh` manually, providing all the required arguments. See `BUILD` for
+passed arguments examples.
diff --git a/images/docker/ubuntu-2x/VERSION b/images/docker/ubuntu-2x/VERSION
@@ -0,0 +1 @@
+2.29.0
diff --git a/images/docker/ubuntu-2x/deployment.bzl b/images/docker/ubuntu-2x/deployment.bzl
diff --git a/images/docker/ubuntu-3x/BUILD b/images/docker/ubuntu-3x/BUILD
@@ -0,0 +1,62 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at https://mozilla.org/MPL/2.0/.
+load("//tool/checkstyle:rules.bzl", "checkstyle_test")
+
+# Same repository as 2.x images.
+load("//images/docker/ubuntu-2x:deployment.bzl", deployment_docker = "deployment")
+
+# Gen-rules to generate <VERSION>-<PLATFORM> as tag
+genrule(
+    name = "tag-amd64",
+    srcs = [":VERSION"],
+    outs = ["tag-amd64.txt"],
+    cmd = "cat $(location :VERSION) | tr -d '\n' > $(location tag-amd64.txt) && echo \"-amd64\" >> $(location tag-amd64.txt)",
+)
+
+genrule(
+    name = "tag-arm64",
+    srcs = [":VERSION"],
+    outs = ["tag-arm64.txt"],
+    cmd = "cat $(location :VERSION) | tr -d '\n' > $(location tag-arm64.txt) && echo \"-arm64\" >> $(location tag-arm64.txt)",
+)
+
+sh_binary(
+    name = "assemble-docker-amd64",
+    srcs = ["//images/docker:assemble-docker.sh"],
+    data = ["Dockerfile.amd64", "VERSION", "tag-amd64"],
+    deps = [],
+    args = ["$(location Dockerfile.amd64)", "amd64", "$(location :tag-amd64)", deployment_docker["docker.organisation"], deployment_docker["docker.repository"]]
+)
+
+sh_binary(
+    name = "assemble-docker-arm64",
+    srcs = ["//images/docker:assemble-docker.sh"],
+    data = ["Dockerfile.arm64", "VERSION", "tag-arm64"],
+    deps = [],
+    args = ["$(location Dockerfile.arm64)", "arm64", "$(location :tag-arm64)", deployment_docker["docker.organisation"], deployment_docker["docker.repository"]]
+)
+
+sh_binary(
+    name = "deploy-docker-amd64",
+    deps = [],
+    srcs = ["//images/docker:deploy-docker.sh"],
+    data = ["VERSION", "tag-amd64"],
+    args = ["$(location :tag-amd64)", deployment_docker["docker.organisation"], deployment_docker["docker.repository"]]
+)
+
+sh_binary(
+    name = "deploy-docker-arm64",
+    deps = [],
+    srcs = ["//images/docker:deploy-docker.sh"],
+    data = ["VERSION", "tag-arm64"],
+    args = ["$(location :tag-arm64)", deployment_docker["docker.organisation"], deployment_docker["docker.repository"]]
+)
+
+checkstyle_test(
+    name = "checkstyle",
+    include = glob(["*"]),
+    exclude = glob(["*.md", "VERSION"]),
+    license_type = "mpl-header",
+    size = "small",
+)
diff --git a/images/docker/ubuntu-3x/Dockerfile.amd64 b/images/docker/ubuntu-3x/Dockerfile.amd64
@@ -1,14 +1,6 @@
-#!/usr/bin/env bash
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at https://mozilla.org/MPL/2.0/.
 
-
-set -ex
-
-DOCKER_VERSION_LIB=$2
-DOCKER_VERSION=`$DOCKER_VERSION_LIB`
-DOCKER_ORG=$3
-DOCKER_REPO=$4
-
-docker build -f $1 -t $DOCKER_ORG/$DOCKER_REPO:$DOCKER_VERSION .
+FROM ubuntu@sha256:3d1556a8a18cf5307b121e0a98e93f1ddf1f3f8e092f1fddfd941254785b95d7
+RUN apt-get -y update && apt-get install -y --no-install-recommends ca-certificates && rm -rf /var/lib/apt/lists
diff --git a/images/docker/ubuntu-3x/Dockerfile.arm64 b/images/docker/ubuntu-3x/Dockerfile.arm64
@@ -0,0 +1,6 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+FROM ubuntu@sha256:7c75ab2b0567edbb9d4834a2c51e462ebd709740d1f2c40bcd23c56e974fe2a8
+RUN apt-get -y update && apt-get install -y --no-install-recommends ca-certificates && rm -rf /var/lib/apt/lists
diff --git a/images/docker/ubuntu-3x/README.md b/images/docker/ubuntu-3x/README.md
@@ -0,0 +1,29 @@
+# TypeDB Ubuntu 3.x Images
+
+These images are prepared for TypeDB 3.x and contain a default SSL configuration.
+
+Images are prepared for two base architectures: `arm64` and `amd64`. Images are tagged based on the current `VERSION` and Git commit SHA.
+
+## Usage
+
+### Setup
+
+Images are assembled and deployed from local machines with [Docker](https://www.docker.com/get-started/).
+
+To authenticate before starting the work, use:
+
+```shell
+docker login
+```
+
+### Execution
+
+Using a suitable OS and architecture, use `bazel run //images/docker/ubuntu-3x:<target>`.
+
+If Bazel rules do not work on your machine, run `assemble-docker.sh` and `deploy-docker.sh` manually, providing all the required arguments, or `assemble-deploy-all.sh` for a fast update for all versions. See `BUILD` for
+passed arguments examples.
+
+#### Separate steps
+
+Use `assemble-docker.sh` and `deploy-docker.sh` separately if needed. See comments and `assemble-deploy-all.sh` for
+usage examples.
diff --git a/images/docker/ubuntu-3x/VERSION b/images/docker/ubuntu-3x/VERSION
@@ -0,0 +1 @@
+3.2.0
diff --git a/images/docker/ubuntu-3x/assemble-deploy-all.sh b/images/docker/ubuntu-3x/assemble-deploy-all.sh
@@ -0,0 +1,45 @@
+#!/usr/bin/env bash
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+set -ex
+
+# Usage: ./assemble-deploy-all.sh
+
+VERSION_FILE="./VERSION"
+
+if [[ ! -f "${VERSION_FILE}" ]]; then
+  echo "VERSION file not found"
+  exit 1
+fi
+
+VERSION=$(<"$VERSION_FILE")
+VERSION=$(echo "$VERSION" | tr -d '[:space:]')
+
+if [[ -z "$VERSION" ]]; then
+  echo "VERSION file is invalid"
+  exit 1
+fi
+
+echo "Preparing images for version ${VERSION}"
+
+DOCKER_ORG=typedb
+DOCKER_REPO=ubuntu
+PLATFORMS=("amd64" "arm64") # Update `docker manifest` commands below if it's changed
+
+for ARCH in "${PLATFORMS[@]}"; do
+  ASSEMBLE_TARGET="//images/docker/ubuntu-3x:assemble-docker-${ARCH}"
+  DEPLOY_TARGET="//images/docker/ubuntu-3x:deploy-docker-${ARCH}"
+  bazel run $ASSEMBLE_TARGET
+  bazel run $DEPLOY_TARGET
+done
+
+TAG="${DOCKER_ORG}/${DOCKER_REPO}:${VERSION}"
+echo "Creating ${TAG} multi-arch manifest"
+docker manifest create "${TAG}" \
+  --amend "${TAG}-amd64" \
+  --amend "${TAG}-arm64"
+docker manifest push "${TAG}"
+
+echo "Success"
diff --git a/images/docker/ubuntu/BUILD b/images/docker/ubuntu/BUILD
