GitHub Actions: build outside vs inside container?

Let’s say we’re using GitHub Actions to build and publish a container image of our app. I’m gonna pick ASP.NET Core as the app’s tech stack here, although that shouldn’t matter much.

There are two different approaches I’d like to discuss:

1. “Build outside”: build/compile app in GitHub Actions runner, copy output into container image

For example, our GitHub Actions workflow file could look like this…

name: build-outside
on: [push]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout repo
      uses: actions/checkout@v2
    - name: Setup .NET Core
      uses: actions/setup-dotnet@v1
    - name: .NET Publish
      run: dotnet publish --configuration Release --nologo -p:CI=true -o $GITHUB_WORKSPACE/buildOutput src
    - name: Build and push Docker image
      uses: docker/build-push-action@v1
      with:
        username: ${{ secrets.DOCKERHUB_USERNAME }}
        password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
        repository: ${{ format('{0}/build-outside-test', secrets.DOCKERHUB_USERNAME) }}
        tags: latest

… and there’s a simple Dockerfile like this:

FROM mcr.microsoft.com/dotnet/core/aspnet:latest
WORKDIR /app
COPY buildOutput /app
ENTRYPOINT ["dotnet", "MyTestApp.dll"]

2. “Build inside”: build in one container, copy output to another container image

In this case, the workflow file is shorter…

name: build-inside
on: [push]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout repo
      uses: actions/checkout@v2
    - name: Build and push Docker image
      uses: docker/build-push-action@v1
      with:
        dockerfile: Dockerfile_build_inside
        username: ${{ secrets.DOCKERHUB_USERNAME }}
        password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
        repository: ${{ format('{0}/build-inside-test', secrets.DOCKERHUB_USERNAME) }}
        tags: latest

… whereas the Dockerfile is longer, as this is now where we’re building the app itself and the final container image:

FROM mcr.microsoft.com/dotnet/core/sdk:latest AS build
WORKDIR /src
COPY src /src
RUN dotnet publish --configuration Release --nologo -p:CI=true -o ./buildOutput

FROM mcr.microsoft.com/dotnet/core/aspnet:latest AS runtime
WORKDIR /app
COPY --from=build /src/buildOutput ./
ENTRYPOINT ["dotnet", "MyTestApp.dll"]

Aside: in case you’re not familiar with multi-stage
builds
,
note the two FROM statements in that second Dockerfile. We’re
building in a first, temporary container, and then copying only the
build output into the final (runtime-optimized) container image.

Note that this second approach is explicitly recommended in the official ASP.NET Core documentation.

Trade-offs

I’ve confirmed that both approaches work and produce a working container image. Notably, build checks on pull requests “just work”™ with both approaches:

enter image description here

Now stepping away from this concrete example, here’s my current thinking on the advantages of each approach in general:

  1. Build outside:
  • Build can leverage Marketplace Actions
  • If build is complex and consists of several steps, it might be beneficial to set it up using GitHub Actions primitives – i.e. a series of jobs/tasks. That way, we can leave it to GH to optimize the build, allocate additional resources as needed, run jobs in parallel etc.
  • A little easier to inspect build failures (UI will show exactly which step failed)
  • No need to download 2nd container image during build, hence maybe saving a little bit of network bandwidth
  1. Build inside:
  • Exact, deterministic build output
  • Full control over build environment; independent of build runner
  • Container build can also run on local dev machines, producing same exact output

Questions

  1. Am I accurately describing the advantages of the two approaches?

  2. Are there any other aspects of building inside vs outside a container, specifically in GitHub Actions, which are worth mentioning?

Go to Source
Author: Max

New to Linux, I’m getting this recurring error “ERROR “update-grub” returned an error: exit status 1 ” please advise

I get this error when trying to update my system, all appears to be functioning, but I am new to Linux so I may be missing something

ben@ben-laptop:~$ sudo apt -y upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
The following package was automatically installed and is no longer required:
  libllvm9
Use 'sudo apt autoremove' to remove it.
0 to upgrade, 0 to newly install, 0 to remove and 0 not to upgrade.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Requesting to save current system state
Successfully saved as "autozsys_k3262n"
Setting up linux-image-5.4.0-40-generic (5.4.0-40.44) ...
Processing triggers for linux-image-5.4.0-40-generic (5.4.0-40.44) ...
/etc/kernel/postinst.d/initramfs-tools:
update-initramfs: Generating /boot/initrd.img-5.4.0-40-generic
I: The initramfs will attempt to resume from /dev/sda2
I: (UUID=a9642385-eacc-4155-b29f-90ba3692f639)
I: Set the RESUME variable to override this.
/etc/kernel/postinst.d/zz-update-grub:
/usr/sbin/grub-probe: error: failed to get canonical path of `bpool/BOOT/ubuntu_0qqeus'.
run-parts: /etc/kernel/postinst.d/zz-update-grub exited with return code 1
dpkg: error processing package linux-image-5.4.0-40-generic (--configure):
 installed linux-image-5.4.0-40-generic package post-installation script s
ubprocess returned error exit status 1
Errors were encountered while processing:
 linux-image-5.4.0-40-generic
ZSys is adding automatic system snapshot to GRUB menu
ERROR "update-grub" returned an error: exit status 1 
E: Sub-process /usr/bin/dpkg returned an error code (1)

If I run update-grub by itself I get

ben@ben-laptop:~$ sudo update-grub [sudo] password for
ben:  /usr/sbin/grub-probe: error: failed to get canonical path of
`bpool/BOOT/ubuntu_0qqeus'. 

Go to Source
Author: BenScoobert

How can I display Only the first Array/Object?

By using WordPress REST Api

./wp/v2/users/?_fields=id&orderby=id&order=desc

Result

[{“id”:13},{“id”:12},{“id”:11},{“id”:10},{“id”:9},{“id”:8},{“id”:6},{“id”:5},{“id”:4},{“id”:3}]

What I want?

I just want to display [{“id”:13},
Means, I want to limit it to only 1 array Using REST API. Any one have solution on this?

Go to Source
Author: Muhaza

ls -h command in mac osx Catalina 10.15.2 not working

I’m a newbie and this is probably a very newbie question be forewarned. When using terminal in zsh mode, entering ls -h does not output the expected result. Instead I receive an output as if I just entered ls without the -h. What could be the cause of this? Does ls -h not function the same in zsh mode?

Go to Source
Author: zaddy

Two apache servers on same machine with same port

I have a self hosted apache website with php and mysql on my Raspberry Pi. Now I need to make another one for my new domain but I have no other computer to run the server on. Is there a way for me to run the server on the same machine, with the same port? If not, how may I alter the port so there is no need for me to type example.com:portnumber. I need it to be example.com.

Go to Source
Author: James B. Reese

Unable to create role on AWS RDS postgresql database

I’m trying to create a read-only user on an AWS RDS PostgreSQL database. I am logging in using psql, with the default user that was created in the RDS dashboard when I created the database. Yesterday I was able to create a role called readonly, but I realized I did not add some parameters I wanted to add such as NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION so I deleted the role. Then I went to create the role again and the operation timed out with a weird error, so I disconnected.

Well today when I tried to log in with the same user and create a role with command CREATE ROLE readonly;, I get: ERROR: permission denied to create role. I ran the command l and see this (I am myuser for example):

aws_pgadmin=CTc/aws_pgadmin+
myuser=CTc/aws_pgadmin

Any tips on how to resolve this? Do you think I triggered some kind of security protection so I am no longer allowed to create a role?

Go to Source
Author: caseym

GitHub Pages error with workflow file environment variables

Does anyone know how to provide environment variables to a live site on GitHub Pages?

I am trying to deploy my site to GitHub Pages and use environment variables that I have entered in the secrets setting on GitHub but am getting errors with my .yaml workflow file. The site works without the use of a workflow at all but the user needs to enter in the environment variables and I would change it so that is not necessary and the documentation I found on GitHub says that you can do this through the use of workflows so I have tried to implement one but can’t seem to figure it out.

Most of this code is taken from other sites that I have commented in the file and show working examples, but I am getting a lot of errors when I try to replicate various examples like:

  • “There was an error initializing the repository: Branch is required.”
  • “Failed to download action ‘https://api.github.com/repos/spk2dc/github-pages-deploy-action/tarball/releases/v3’. Error Response status code does not indicate success: 404 (Not Found).”
name: Deploy to GitHub Pages
on:
  push:
    branches:
      - master
jobs:
  deploy:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node-version: [13.2.0]
    steps:
      - name: Checkout
        uses: actions/checkout@master

      - name: Deploy to production
        uses: JamesIves/github-pages-deploy-action@releases/v3
        env:
          BUILD_PATH: public
          BRANCH: master # The branch the action should deploy to.
          GITHUB_PAGE_NAME: spk2dc.github.io
          PA_TOKEN: ${{ secrets.PA_TOKEN }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN_KEY }}
          CLIENT_ID: ${{ secrets.CLIENT_ID }}
          CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
          

###### source: https://github.com/marketplace/actions/deploy-your-app-to-github-pages ######
###### source: https://stackoverflow.com/questions/53648652/how-to-use-environment-variables-in-github-page ######
###### source: https://dev.to/pierresaid/deploy-node-projects-to-github-pages-with-github-actions-4jco ######
###### source: https://github.com/marketplace/actions/deploy-to-github-pages ######

Go to Source
Author: Senthil Kannan

Infinite loop when trying to launch a symbolic-link to a bash script

I am trying to create a symbolic-link by using:

$ ln -s path/to/foo.sh ~/.local/bin/foo

To the following bashscript:

# foo.sh

  1 #!/usr/bin/env bash
  2  appname=`basename $0 | sed s,.sh$,,`
  3 
  4  dirname=`dirname $0`
  5  tmp="${dirname#?}"
  6 
  7  if [ "${dirname%$tmp}" != "/" ]; then
  8  dirname=$PWD/$dirname
  9  fi
 10  LD_LIBRARY_PATH=$dirname
 11  export LD_LIBRARY_PATH
 12  $dirname/$appname $*

I dont understand why i get the following error, when I try to launch, script above, from the symbolic link:

bash: warning: shell level (1000) too high, resetting to 1

Go to Source
Author: z3r0p1r

Can’t connect to SSH on private IP through VPN gateway

Morning, everyone,

I’ve been having a strange problem for a few hours. I was SSH connected on my Azure virtual machine and my SSH connection suddenly froze (without disconnecting). I closed my shell and restarted my SSH session without success. I checked the NSGs with neighboring machines I connect well to, the NSGs are almost identical. I tried to reboot the machine, redeploy the machine, reset the SSH configuration, reset the user account, without success too. I can easily connect to other machines on the same subnet. I can connect on public IP. I feel like there’s a problem between the VPN gateway and the private IP… Any ideas?

Thank you

Note : I have the following entry in the health status :

Unavailable
At samedi 4 juillet 2020 à 3:15:32 PM UTC+4, the Azure monitoring system received the following information regarding your Virtual machine:
Your virtual machine is unavailable. We’re working to automatically recover your virtual machine and to determine the source of the problem. No additional action is required from you at this time.
Recommended Steps
Check back here for status updates
Redeploy this virtual machine to a different host server

Go to Source
Author: Bruno Carnazzi

Bash Shell “onecmd” Option Usage Purpose

I read on man page, but I don’t understand the purpose of bash’s onecmd option. If I use the set -o onecmd command, the shell immediately exits. My expectation is for it to wait for me to enter one more command before exiting, but this does not happen.

So is this option just like the exit command?

Why does bash provide this option?

Can someone give me an example of how to properly use this option?

Go to Source
Author: testter

Composite multicolumn index for geopoint range and numeric range query

I am building an app where the server needs to select rows based on some criteria/filters. One of them is the location of the user and the radius at which the user want’s to see posts and other filters such date range and filter for a value of another column. This is going to be for an ad-hoc event discovery app.

I have read about PostGIS, its geometry,geography types and I know there is a native point datatype. Based on this answer I understood that it is better to order from equality to range columns, even though I feel like geo point column should be the first.

Suppose the following few rows of a simplified events table (disregard the validity position data):

id  event_title                  event_position   event_type  is_public  start_date
    (varchar)                    (point lat/lon)  (smallint)  (boolean)  (timestamptz)
--  ---------------------------  ---------------  ---------   ---------  ----
 1  "John's Party"               (122,35)         0           0          2020-07-05
 2  "Revolution then Starbucks"  (123,30)         1           1          2020-07-06
 3  "Study for math exam"        (120,36)         2           1          2020-07-07
 4  "Party after exam"           (120,36)         1           1          2020-07-08
 5  "Hiking next to the city"    (95,40)          3           1          2020-07-09
 6  "Football match"             (-42,31)         4           1          2020-07-10

Imagine the table contains several thousand records at least, obviously not only 6.

So in this table a user would be able to query public events close to (122,34) by 100km (suppose first three rows fall into this area) and of event types 0, 1 or 2 falling between dates 2020-07-05 and 2020-07-07. The user would get the rows with ID 2 and 3.

This is the query I want to optimize with an appropriate index. My question is, how is it possible to create such an index? I thought about GiST or GIN index but not sure how these could help. Thanks!

Go to Source
Author: Najib