use tools_image for AWS CLI to avoid need for ENTRYPOINT override

chanzuckerberg · May 8, 2021 · 4326c83 · 4326c83
1 parent a2e6d5d
commit 4326c83
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 10 deletions.
diff --git a/WDL/runtime/config_templates/default.cfg b/WDL/runtime/config_templates/default.cfg
@@ -110,7 +110,7 @@ disable_patterns = ["*.php", "*.aspx"]
 
 [download_aria2c]
 # see: https://github.com/chanzuckerberg/miniwdl/tree/main/tools_image
-docker = ghcr.io/chanzuckerberg/miniwdl_tools:Id_sha256_6c24be577fd8ad352c5f4f7729858a16a2c514bf479e42c7dc33618d57ac694a
+docker = ghcr.io/chanzuckerberg/miniwdl_tools:Id_sha256_2bd1d7f33d176b1df220a1d69eff2329b3aeacc0d01ab0b7c879e7cf7001c095
 
 
 [download_awscli]
@@ -122,13 +122,13 @@ docker = ghcr.io/chanzuckerberg/miniwdl_tools:Id_sha256_6c24be577fd8ad352c5f4f77
 #                 EC2 instance profile is available.
 # Failing all of the above, public S3 URIs can always be used.
 host_credentials = false
-# current version from https://hub.docker.com/r/amazon/aws-cli/tags?page=1&ordering=last_updated
-docker = amazon/aws-cli:2.1.38
+# see: https://github.com/chanzuckerberg/miniwdl/tree/main/tools_image
+docker = ghcr.io/chanzuckerberg/miniwdl_tools:Id_sha256_2bd1d7f33d176b1df220a1d69eff2329b3aeacc0d01ab0b7c879e7cf7001c095
 
 
 [download_gsutil]
 # current version from https://github.com/GoogleCloudPlatform/cloud-sdk-docker/releases
-docker = gcr.io/google.com/cloudsdktool/cloud-sdk:336.0.0-slim
+docker = gcr.io/google.com/cloudsdktool/cloud-sdk:339.0.0-slim
 
 
 [call_cache]

diff --git a/requirements.txt b/requirements.txt
@@ -2,7 +2,7 @@
 # for miniwdl development are listed in requirements.dev.txt.
 setuptools>=39.1.0
 importlib-metadata>=1.0.0
-regex>=v39.0.1
+regex>=2020.4.4
 xdg>=2.0.0
 docker>=3.4.0
 PyYAML~=5.4

diff --git a/tools_image/Dockerfile b/tools_image/Dockerfile
@@ -1,2 +1,11 @@
 FROM ubuntu:20.04
-RUN apt-get -qq update && DEBIAN_FRONTEND=noninteractive apt-get -qq install -y aria2
+RUN apt-get -qq update && DEBIAN_FRONTEND=noninteractive apt-get -qq install -y aria2 wget zip
+# Add AWS CLI v2. We'd prefer to use AWS' official image, but it sets ENTRYPOINT which some
+# container backends can't override (like...AWS Batch).
+RUN mkdir /tmp/awscli && cd /tmp/awscli \
+    && wget -nv https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip \
+    && unzip -q awscli-*.zip \
+    && aws/install
+# clean up for squash
+RUN apt-get clean && rm -rf /tmp/awscli \
+    && aria2c --version && aws --version
diff --git a/tools_image/README.md b/tools_image/README.md
@@ -4,17 +4,18 @@ This subdirectory is the recipe for a Docker image bundling tools that miniwdl u
 
 For example, the image bundles [aria2c](https://aria2.github.io/), which miniwdl uses to download large input files supplied as URLs (without requiring end-users to install extra OS packages). Miniwdl synthesizes a WDL task with this image, which inputs the URL and outputs the desired file. The image is served publicly from GitHub Container Registry, referenced in the miniwdl configuration defaults (where it can be overridden if necessary).
 
-This image doesn't change often, so we build it manually. First, authenticate your local `docker` CLI to GitHub Container Registry ([instructions](https://docs.github.com/en/packages/guides/pushing-and-pulling-docker-images#authenticating-to-github-container-registry)) using a Personal Access Token *with SSO enabled* for the `chanzuckerberg` organization. Then,
+This image doesn't change often, so we build it manually. First, authenticate your local `docker` CLI to GitHub Container Registry ([instructions](https://docs.github.com/en/packages/guides/pushing-and-pulling-docker-images#authenticating-to-github-container-registry)) using a Personal Access Token *with SSO enabled* for the `chanzuckerberg` organization. [Enable docker build -squash](https://stackoverflow.com/a/44346323/13393076) and,
 
 ```
-docker build --no-cache -t miniwdl_tools:latest tools_image/
+docker pull ubuntu:20.04
+docker build --no-cache --squash -t miniwdl_tools:latest tools_image/
 TAG=$(docker inspect miniwdl_tools:latest | jq -r .[0].Id | tr ':' '_' \
       | xargs printf 'ghcr.io/chanzuckerberg/miniwdl_tools:Id_%s')
 docker tag miniwdl_tools:latest $TAG
 docker push $TAG
 echo $TAG
 ```
 
-This tags the image based on its content-digest "Image ID" to help pulling the exact intended image. (The Image ID is *not* the "Repo Digest", which is another way of achieving that.)
+This tags the image based on its content-digest "Image ID" to help pulling the exact intended image. (The Image ID is *not* the "Repo Digest", another pull handle which however depends on the registry as well as the image content.)
 
-Lastly, update references to this image in [default.cfg](https://github.com/chanzuckerberg/miniwdl/blob/main/WDL/runtime/config_templates/default.cfg).
+Lastly, update references to this image in [default.cfg](https://github.com/chanzuckerberg/miniwdl/blob/main/WDL/runtime/config_templates/default.cfg) and run the test suite.