From 7a41eb5adde468a263595b5e47e778dd2c27ce0c Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Tue, 23 Aug 2022 09:12:47 -0400 Subject: [PATCH 01/46] feat(build): Install libxmlsec1-dev with heroku-buildpack-apt In order to install Python's xmlsec package we first need to install this library. This configures Heroku's Apt Buildpack: https://github.com/heroku/heroku-buildpack-apt --- Aptfile | 1 + 1 file changed, 1 insertion(+) create mode 100644 Aptfile diff --git a/Aptfile b/Aptfile new file mode 100644 index 00000000000000..42c88c55349a69 --- /dev/null +++ b/Aptfile @@ -0,0 +1 @@ +libxmlsec1-dev From 02af4dc5eb8baf40dede002338794f4e1d527640 Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Tue, 23 Aug 2022 09:34:51 -0400 Subject: [PATCH 02/46] Requirements for uwsgi --- Aptfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Aptfile b/Aptfile index 42c88c55349a69..22669cef58ccfa 100644 --- a/Aptfile +++ b/Aptfile @@ -1 +1,6 @@ +# This file is used by Heroku's Apt buildpack +# Needed for xmlsec libxmlsec1-dev +# Needed for uwsgi; see Docker file +gcc +wget From 06038a0d1344691568b52c24ac858d127de7ae9d Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Tue, 23 Aug 2022 09:42:10 -0400 Subject: [PATCH 03/46] Temporarily use runtime.txt and later use setup.py --- runtime.txt | 1 + 1 file changed, 1 insertion(+) create mode 100644 runtime.txt diff --git a/runtime.txt b/runtime.txt new file mode 100644 index 00000000000000..5b3694c1c85a6d --- /dev/null +++ b/runtime.txt @@ -0,0 +1 @@ +python-3.8.13 From c7b533addb0c7527ed0c08e7bc6eabf11cecb279 Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Tue, 23 Aug 2022 10:30:58 -0400 Subject: [PATCH 04/46] feat(build): Switch back to containers rather than buildpacks It requires a lot of customizations and it's slow. Let's debug the Docker container! --- Aptfile | 6 ------ heroku.yml | 5 +++++ runtime.txt | 1 - 3 files changed, 5 insertions(+), 7 deletions(-) delete mode 100644 Aptfile create mode 100644 heroku.yml delete mode 100644 runtime.txt diff --git a/Aptfile b/Aptfile deleted file mode 100644 index 22669cef58ccfa..00000000000000 --- a/Aptfile +++ /dev/null @@ -1,6 +0,0 @@ -# This file is used by Heroku's Apt buildpack -# Needed for xmlsec -libxmlsec1-dev -# Needed for uwsgi; see Docker file -gcc -wget diff --git a/heroku.yml b/heroku.yml new file mode 100644 index 00000000000000..8b3e43d6dd77c3 --- /dev/null +++ b/heroku.yml @@ -0,0 +1,5 @@ +build: + docker: + web: docker/Dockerfile +run: + web: sentry run web diff --git a/runtime.txt b/runtime.txt deleted file mode 100644 index 5b3694c1c85a6d..00000000000000 --- a/runtime.txt +++ /dev/null @@ -1 +0,0 @@ -python-3.8.13 From ad08efb3876441364e9e40df58ff9aa9711c9f0d Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Tue, 23 Aug 2022 11:08:26 -0400 Subject: [PATCH 05/46] feat(build): Allow building Sentry Docker image from local checkout Cloud builds place wheels in a `/dist` directory in order to speed up pip installation --- .dockerignore | 3 +++ docker/Dockerfile | 7 +++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.dockerignore b/.dockerignore index 2225cfac84cf53..213a278575a4f7 100644 --- a/.dockerignore +++ b/.dockerignore @@ -6,3 +6,6 @@ !/yarn.lock !/dist/requirements-frozen.txt !/dist/*.whl +# When building without a dist cache +!/requirements-frozen.txt +!/*.whl diff --git a/docker/Dockerfile b/docker/Dockerfile index 59a6326e4030cd..9aad67396e1f68 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,4 +1,7 @@ FROM python:3.8.13-slim-bullseye +# The Cloud build uses /dist as a place to cache wheels and others +# For building locally you can use --build-arg DIST_DIR=. from the checkout +ARG DIST_DIR=/dist LABEL maintainer="oss@sentry.io" LABEL org.opencontainers.image.title="Sentry" @@ -48,7 +51,7 @@ ENV \ GRPC_POLL_STRATEGY=epoll1 # Install dependencies first to leverage Docker layer caching. -COPY /dist/requirements-frozen.txt /tmp/requirements-frozen.txt +COPY ${DIST_DIR}/requirements-frozen.txt /tmp/requirements-frozen.txt RUN set -x \ && buildDeps="" \ # uwsgi @@ -103,7 +106,7 @@ RUN set -x \ && python -c 'import maxminddb.extension; maxminddb.extension.Reader' \ && mkdir -p $SENTRY_CONF -COPY /dist/*.whl /tmp/dist/ +COPY ${DIST_DIR}/*.whl /tmp/dist/ RUN pip install /tmp/dist/*.whl --no-deps && pip check && rm -rf /tmp/dist RUN sentry help | sed '1,/Commands:/d' | awk '{print $1}' > /sentry-commands.txt From c38b5b0173e19ce5b66bf78836cee9c6f01103e7 Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Tue, 23 Aug 2022 11:15:16 -0400 Subject: [PATCH 06/46] Simplify local Docker build --- docker/Dockerfile | 3 +-- docker/cloudbuild.yaml | 2 ++ 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 9aad67396e1f68..da3665fa055363 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,7 +1,6 @@ FROM python:3.8.13-slim-bullseye # The Cloud build uses /dist as a place to cache wheels and others -# For building locally you can use --build-arg DIST_DIR=. from the checkout -ARG DIST_DIR=/dist +ARG DIST_DIR=. LABEL maintainer="oss@sentry.io" LABEL org.opencontainers.image.title="Sentry" diff --git a/docker/cloudbuild.yaml b/docker/cloudbuild.yaml index 6f99dce91e5fa7..033221a6e1e5fa 100644 --- a/docker/cloudbuild.yaml +++ b/docker/cloudbuild.yaml @@ -27,6 +27,8 @@ steps: '--use-new-run', '--build-arg', 'SOURCE_COMMIT=$COMMIT_SHA', + '--build-arg', + '/dist', '--destination=us.gcr.io/$PROJECT_ID/sentry:$COMMIT_SHA', '-f', './docker/Dockerfile', From 8674e211362c5fff92f1b4fa15c0722f1c937aad Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Tue, 23 Aug 2022 12:10:46 -0400 Subject: [PATCH 07/46] Skip two steps --- docker/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index da3665fa055363..ff72140c504c2a 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -105,8 +105,8 @@ RUN set -x \ && python -c 'import maxminddb.extension; maxminddb.extension.Reader' \ && mkdir -p $SENTRY_CONF -COPY ${DIST_DIR}/*.whl /tmp/dist/ -RUN pip install /tmp/dist/*.whl --no-deps && pip check && rm -rf /tmp/dist +# COPY /dist/*.whl /tmp/dist/ +# RUN pip install /tmp/dist/*.whl --no-deps && pip check && rm -rf /tmp/dist RUN sentry help | sed '1,/Commands:/d' | awk '{print $1}' > /sentry-commands.txt COPY ./docker/sentry.conf.py ./docker/config.yml $SENTRY_CONF/ From 00a359da0263ee0e1927b10435afab340b24b99a Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Tue, 23 Aug 2022 12:59:39 -0400 Subject: [PATCH 08/46] Try again --- .dockerignore | 3 +-- docker/Dockerfile | 3 ++- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.dockerignore b/.dockerignore index 213a278575a4f7..b6b3e7004c04dc 100644 --- a/.dockerignore +++ b/.dockerignore @@ -7,5 +7,4 @@ !/dist/requirements-frozen.txt !/dist/*.whl # When building without a dist cache -!/requirements-frozen.txt -!/*.whl +!requirements-frozen.txt diff --git a/docker/Dockerfile b/docker/Dockerfile index ff72140c504c2a..e26f11b08feb4e 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -49,8 +49,9 @@ ENV \ # grpcio>1.30.0 requires this, see requirements.txt for more detail. GRPC_POLL_STRATEGY=epoll1 +COPY requirements-frozen.txt /tmp/requirements-frozen.txt # Install dependencies first to leverage Docker layer caching. -COPY ${DIST_DIR}/requirements-frozen.txt /tmp/requirements-frozen.txt +# COPY ${DIST_DIR}/requirements-frozen.txt /tmp/requirements-frozen.txt RUN set -x \ && buildDeps="" \ # uwsgi From b14330abba38236cf42d312ce65201a2da529195 Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Tue, 23 Aug 2022 13:05:26 -0400 Subject: [PATCH 09/46] Start from blank slate --- Dockerfile | 2 ++ heroku.yml | 4 +--- 2 files changed, 3 insertions(+), 3 deletions(-) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000000000..6bd9b1e9f56b11 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,2 @@ +FROM python:3.8.13-slim-bullseye +COPY requirements-frozen.txt /tmp/requirements-frozen.txt diff --git a/heroku.yml b/heroku.yml index 8b3e43d6dd77c3..8eec25b9c99a95 100644 --- a/heroku.yml +++ b/heroku.yml @@ -1,5 +1,3 @@ build: docker: - web: docker/Dockerfile -run: - web: sentry run web + web: Dockerfile From bb583634a25adf689e4c30269763f2a47ac7b62c Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Tue, 23 Aug 2022 13:10:03 -0400 Subject: [PATCH 10/46] A bit more Docker --- Dockerfile | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/Dockerfile b/Dockerfile index 6bd9b1e9f56b11..900b4fc44f393b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,2 +1,68 @@ FROM python:3.8.13-slim-bullseye +# Sane defaults for pip +ENV \ + PIP_NO_CACHE_DIR=1 \ + PIP_DISABLE_PIP_VERSION_CHECK=1 \ + # Sentry config params + SENTRY_CONF=/etc/sentry + COPY requirements-frozen.txt /tmp/requirements-frozen.txt + +RUN set -x \ + && buildDeps="" \ + # uwsgi + && buildDeps="$buildDeps \ + gcc \ + wget \ + " \ + # maxminddb + && buildDeps="$buildDeps \ + libmaxminddb-dev \ + "\ + # xmlsec + && buildDeps="$buildDeps \ + libxmlsec1-dev \ + pkg-config \ + " \ + && apt-get update \ + && apt-get install -y --no-install-recommends $buildDeps \ + && pip install -r /tmp/requirements-frozen.txt \ + && mkdir /tmp/uwsgi-dogstatsd \ + && wget -O - https://github.com/eventbrite/uwsgi-dogstatsd/archive/filters-and-tags.tar.gz | \ + tar -xzf - -C /tmp/uwsgi-dogstatsd --strip-components=1 \ + && UWSGI_NEED_PLUGIN="" uwsgi --build-plugin /tmp/uwsgi-dogstatsd \ + && mkdir -p /var/lib/uwsgi \ + && mv dogstatsd_plugin.so /var/lib/uwsgi/ \ + && rm -rf /tmp/requirements-frozen.txt /tmp/uwsgi-dogstatsd .uwsgi_plugins_builder \ + && apt-get purge -y --auto-remove $buildDeps \ + # We install run-time dependencies strictly after + # build dependencies to prevent accidental collusion. + # These are also installed last as they are needed + # during container run and can have the same deps w/ + # build deps such as maxminddb. + && apt-get install -y --no-install-recommends \ + # pillow + libjpeg-dev \ + # rust bindings + libffi-dev \ + # maxminddb bindings + libmaxminddb-dev \ + # SAML needs these run-time + libxmlsec1-dev \ + libxslt-dev \ + # pyyaml needs this run-time + libyaml-dev \ + # other + pkg-config \ + \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* \ + # Fully verify that the C extension is correctly installed, it unfortunately + # requires a full check into maxminddb.extension.Reader + && python -c 'import maxminddb.extension; maxminddb.extension.Reader' \ + && mkdir -p $SENTRY_CONF + + + +COPY ./docker/sentry.conf.py ./docker/config.yml $SENTRY_CONF/ +CMD ["sentry", "run", "web"] From 974cf37f37eab2ff288aa8a166fbc5c66726b397 Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Tue, 23 Aug 2022 13:41:29 -0400 Subject: [PATCH 11/46] Add a bunch more --- Dockerfile | 163 +++++++++++++++++++++++++++++----------------- docker/Dockerfile | 3 +- 2 files changed, 106 insertions(+), 60 deletions(-) diff --git a/Dockerfile b/Dockerfile index 900b4fc44f393b..2847144fb93d28 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,68 +1,115 @@ FROM python:3.8.13-slim-bullseye +# The Cloud build uses /dist as a place to cache wheels and others +ARG DIST_DIR=. + +LABEL maintainer="oss@sentry.io" +LABEL org.opencontainers.image.title="Sentry" +LABEL org.opencontainers.image.description="Sentry runtime image" +LABEL org.opencontainers.image.url="https://sentry.io/" +LABEL org.opencontainers.image.documentation="https://develop.sentry.dev/self-hosted/" +LABEL org.opencontainers.image.vendor="Functional Software, Inc." +LABEL org.opencontainers.image.authors="oss@sentry.io" + +# add our user and group first to make sure their IDs get assigned consistently +RUN groupadd -r sentry && useradd -r -m -g sentry sentry + +ENV GOSU_VERSION=1.12 \ + GOSU_SHA256=0f25a21cf64e58078057adc78f38705163c1d564a959ff30a891c31917011a54 \ + TINI_VERSION=0.19.0 \ + TINI_SHA256=93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c + + +RUN set -x \ + && buildDeps=" \ + wget \ + " \ + && apt-get update && apt-get install -y --no-install-recommends $buildDeps \ + && rm -rf /var/lib/apt/lists/* \ + # grab gosu for easy step-down from root + && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-amd64" \ + && echo "$GOSU_SHA256 /usr/local/bin/gosu" | sha256sum --check --status \ + && chmod +x /usr/local/bin/gosu \ + # grab tini for signal processing and zombie killing + && wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$TINI_VERSION/tini-amd64" \ + && echo "$TINI_SHA256 /usr/local/bin/tini" | sha256sum --check --status \ + && chmod +x /usr/local/bin/tini \ + && apt-get purge -y --auto-remove $buildDeps + # Sane defaults for pip ENV \ - PIP_NO_CACHE_DIR=1 \ - PIP_DISABLE_PIP_VERSION_CHECK=1 \ - # Sentry config params - SENTRY_CONF=/etc/sentry + PIP_NO_CACHE_DIR=1 \ + PIP_DISABLE_PIP_VERSION_CHECK=1 \ + # Sentry config params + SENTRY_CONF=/etc/sentry \ + # Disable some unused uWSGI features, saving dependencies + # Thank to https://stackoverflow.com/a/25260588/90297 + UWSGI_PROFILE_OVERRIDE=ssl=false;xml=false;routing=false \ + # UWSGI dogstatsd plugin + UWSGI_NEED_PLUGIN=/var/lib/uwsgi/dogstatsd \ + # grpcio>1.30.0 requires this, see requirements.txt for more detail. + GRPC_POLL_STRATEGY=epoll1 COPY requirements-frozen.txt /tmp/requirements-frozen.txt RUN set -x \ - && buildDeps="" \ - # uwsgi - && buildDeps="$buildDeps \ - gcc \ - wget \ - " \ - # maxminddb - && buildDeps="$buildDeps \ - libmaxminddb-dev \ - "\ - # xmlsec - && buildDeps="$buildDeps \ - libxmlsec1-dev \ - pkg-config \ - " \ - && apt-get update \ - && apt-get install -y --no-install-recommends $buildDeps \ - && pip install -r /tmp/requirements-frozen.txt \ - && mkdir /tmp/uwsgi-dogstatsd \ - && wget -O - https://github.com/eventbrite/uwsgi-dogstatsd/archive/filters-and-tags.tar.gz | \ - tar -xzf - -C /tmp/uwsgi-dogstatsd --strip-components=1 \ - && UWSGI_NEED_PLUGIN="" uwsgi --build-plugin /tmp/uwsgi-dogstatsd \ - && mkdir -p /var/lib/uwsgi \ - && mv dogstatsd_plugin.so /var/lib/uwsgi/ \ - && rm -rf /tmp/requirements-frozen.txt /tmp/uwsgi-dogstatsd .uwsgi_plugins_builder \ - && apt-get purge -y --auto-remove $buildDeps \ - # We install run-time dependencies strictly after - # build dependencies to prevent accidental collusion. - # These are also installed last as they are needed - # during container run and can have the same deps w/ - # build deps such as maxminddb. - && apt-get install -y --no-install-recommends \ - # pillow - libjpeg-dev \ - # rust bindings - libffi-dev \ - # maxminddb bindings - libmaxminddb-dev \ - # SAML needs these run-time - libxmlsec1-dev \ - libxslt-dev \ - # pyyaml needs this run-time - libyaml-dev \ - # other - pkg-config \ - \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* \ - # Fully verify that the C extension is correctly installed, it unfortunately - # requires a full check into maxminddb.extension.Reader - && python -c 'import maxminddb.extension; maxminddb.extension.Reader' \ - && mkdir -p $SENTRY_CONF - + && buildDeps="" \ + # uwsgi + && buildDeps="$buildDeps \ + gcc \ + wget \ + " \ + # psycopg2-binary + && buildDeps="$buildDeps \ + libpq-dev \ + "\ + # maxminddb + && buildDeps="$buildDeps \ + libmaxminddb-dev \ + "\ + # xmlsec + && buildDeps="$buildDeps \ + libxmlsec1-dev \ + pkg-config \ + " \ + && apt-get update \ + && apt-get install -y --no-install-recommends $buildDeps \ + && pip install -r /tmp/requirements-frozen.txt \ + && mkdir /tmp/uwsgi-dogstatsd \ + && wget -O - https://github.com/eventbrite/uwsgi-dogstatsd/archive/filters-and-tags.tar.gz | \ + tar -xzf - -C /tmp/uwsgi-dogstatsd --strip-components=1 \ + && UWSGI_NEED_PLUGIN="" uwsgi --build-plugin /tmp/uwsgi-dogstatsd \ + && mkdir -p /var/lib/uwsgi \ + && mv dogstatsd_plugin.so /var/lib/uwsgi/ \ + && rm -rf /tmp/requirements-frozen.txt /tmp/uwsgi-dogstatsd .uwsgi_plugins_builder \ + && apt-get purge -y --auto-remove $buildDeps \ + # We install run-time dependencies strictly after + # build dependencies to prevent accidental collusion. + # These are also installed last as they are needed + # during container run and can have the same deps w/ + # build deps such as maxminddb. + && apt-get install -y --no-install-recommends \ + # pillow + libjpeg-dev \ + # rust bindings + libffi-dev \ + # maxminddb bindings + libmaxminddb-dev \ + # SAML needs these run-time + libxmlsec1-dev \ + libxslt-dev \ + # pyyaml needs this run-time + libyaml-dev \ + # other + pkg-config \ + \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* \ + # Fully verify that the C extension is correctly installed, it unfortunately + # requires a full check into maxminddb.extension.Reader + && python -c 'import maxminddb.extension; maxminddb.extension.Reader' \ + && mkdir -p $SENTRY_CONF +RUN sentry help | sed '1,/Commands:/d' | awk '{print $1}' > /sentry-commands.txt COPY ./docker/sentry.conf.py ./docker/config.yml $SENTRY_CONF/ -CMD ["sentry", "run", "web"] +CMD ["run", "web"] diff --git a/docker/Dockerfile b/docker/Dockerfile index e26f11b08feb4e..547fa269c07418 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -50,8 +50,7 @@ ENV \ GRPC_POLL_STRATEGY=epoll1 COPY requirements-frozen.txt /tmp/requirements-frozen.txt -# Install dependencies first to leverage Docker layer caching. -# COPY ${DIST_DIR}/requirements-frozen.txt /tmp/requirements-frozen.txt + RUN set -x \ && buildDeps="" \ # uwsgi From 3b70c0a069672a78a39eb31b71fde239f7f1e20d Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Tue, 23 Aug 2022 13:47:00 -0400 Subject: [PATCH 12/46] Add missing parts --- Dockerfile | 6 ++++++ docker/docker-entrypoint.sh | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 2847144fb93d28..c4af2c22f9308d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -112,4 +112,10 @@ RUN set -x \ RUN sentry help | sed '1,/Commands:/d' | awk '{print $1}' > /sentry-commands.txt COPY ./docker/sentry.conf.py ./docker/config.yml $SENTRY_CONF/ +COPY ./docker/docker-entrypoint.sh / + +EXPOSE 9000 +VOLUME /data + +ENTRYPOINT exec /docker-entrypoint.sh "$0" "$@" CMD ["run", "web"] diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh index 2f0eb6c7d8196d..057d305792c594 100755 --- a/docker/docker-entrypoint.sh +++ b/docker/docker-entrypoint.sh @@ -1,6 +1,6 @@ #!/bin/bash -set -e +set -ex # first check if we're passing flags, if so # prepend with sentry From c6a8a94630bbe85d68653c8111e1b5a7912ec08f Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Tue, 23 Aug 2022 15:20:47 -0400 Subject: [PATCH 13/46] Remove --- Dockerfile | 121 ----------------------------------------------------- heroku.yml | 3 -- 2 files changed, 124 deletions(-) delete mode 100644 Dockerfile delete mode 100644 heroku.yml diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index c4af2c22f9308d..00000000000000 --- a/Dockerfile +++ /dev/null @@ -1,121 +0,0 @@ -FROM python:3.8.13-slim-bullseye -# The Cloud build uses /dist as a place to cache wheels and others -ARG DIST_DIR=. - -LABEL maintainer="oss@sentry.io" -LABEL org.opencontainers.image.title="Sentry" -LABEL org.opencontainers.image.description="Sentry runtime image" -LABEL org.opencontainers.image.url="https://sentry.io/" -LABEL org.opencontainers.image.documentation="https://develop.sentry.dev/self-hosted/" -LABEL org.opencontainers.image.vendor="Functional Software, Inc." -LABEL org.opencontainers.image.authors="oss@sentry.io" - -# add our user and group first to make sure their IDs get assigned consistently -RUN groupadd -r sentry && useradd -r -m -g sentry sentry - -ENV GOSU_VERSION=1.12 \ - GOSU_SHA256=0f25a21cf64e58078057adc78f38705163c1d564a959ff30a891c31917011a54 \ - TINI_VERSION=0.19.0 \ - TINI_SHA256=93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c - - -RUN set -x \ - && buildDeps=" \ - wget \ - " \ - && apt-get update && apt-get install -y --no-install-recommends $buildDeps \ - && rm -rf /var/lib/apt/lists/* \ - # grab gosu for easy step-down from root - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-amd64" \ - && echo "$GOSU_SHA256 /usr/local/bin/gosu" | sha256sum --check --status \ - && chmod +x /usr/local/bin/gosu \ - # grab tini for signal processing and zombie killing - && wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$TINI_VERSION/tini-amd64" \ - && echo "$TINI_SHA256 /usr/local/bin/tini" | sha256sum --check --status \ - && chmod +x /usr/local/bin/tini \ - && apt-get purge -y --auto-remove $buildDeps - -# Sane defaults for pip -ENV \ - PIP_NO_CACHE_DIR=1 \ - PIP_DISABLE_PIP_VERSION_CHECK=1 \ - # Sentry config params - SENTRY_CONF=/etc/sentry \ - # Disable some unused uWSGI features, saving dependencies - # Thank to https://stackoverflow.com/a/25260588/90297 - UWSGI_PROFILE_OVERRIDE=ssl=false;xml=false;routing=false \ - # UWSGI dogstatsd plugin - UWSGI_NEED_PLUGIN=/var/lib/uwsgi/dogstatsd \ - # grpcio>1.30.0 requires this, see requirements.txt for more detail. - GRPC_POLL_STRATEGY=epoll1 - -COPY requirements-frozen.txt /tmp/requirements-frozen.txt - -RUN set -x \ - && buildDeps="" \ - # uwsgi - && buildDeps="$buildDeps \ - gcc \ - wget \ - " \ - # psycopg2-binary - && buildDeps="$buildDeps \ - libpq-dev \ - "\ - # maxminddb - && buildDeps="$buildDeps \ - libmaxminddb-dev \ - "\ - # xmlsec - && buildDeps="$buildDeps \ - libxmlsec1-dev \ - pkg-config \ - " \ - && apt-get update \ - && apt-get install -y --no-install-recommends $buildDeps \ - && pip install -r /tmp/requirements-frozen.txt \ - && mkdir /tmp/uwsgi-dogstatsd \ - && wget -O - https://github.com/eventbrite/uwsgi-dogstatsd/archive/filters-and-tags.tar.gz | \ - tar -xzf - -C /tmp/uwsgi-dogstatsd --strip-components=1 \ - && UWSGI_NEED_PLUGIN="" uwsgi --build-plugin /tmp/uwsgi-dogstatsd \ - && mkdir -p /var/lib/uwsgi \ - && mv dogstatsd_plugin.so /var/lib/uwsgi/ \ - && rm -rf /tmp/requirements-frozen.txt /tmp/uwsgi-dogstatsd .uwsgi_plugins_builder \ - && apt-get purge -y --auto-remove $buildDeps \ - # We install run-time dependencies strictly after - # build dependencies to prevent accidental collusion. - # These are also installed last as they are needed - # during container run and can have the same deps w/ - # build deps such as maxminddb. - && apt-get install -y --no-install-recommends \ - # pillow - libjpeg-dev \ - # rust bindings - libffi-dev \ - # maxminddb bindings - libmaxminddb-dev \ - # SAML needs these run-time - libxmlsec1-dev \ - libxslt-dev \ - # pyyaml needs this run-time - libyaml-dev \ - # other - pkg-config \ - \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* \ - # Fully verify that the C extension is correctly installed, it unfortunately - # requires a full check into maxminddb.extension.Reader - && python -c 'import maxminddb.extension; maxminddb.extension.Reader' \ - && mkdir -p $SENTRY_CONF - -RUN sentry help | sed '1,/Commands:/d' | awk '{print $1}' > /sentry-commands.txt - -COPY ./docker/sentry.conf.py ./docker/config.yml $SENTRY_CONF/ -COPY ./docker/docker-entrypoint.sh / - -EXPOSE 9000 -VOLUME /data - -ENTRYPOINT exec /docker-entrypoint.sh "$0" "$@" -CMD ["run", "web"] diff --git a/heroku.yml b/heroku.yml deleted file mode 100644 index 8eec25b9c99a95..00000000000000 --- a/heroku.yml +++ /dev/null @@ -1,3 +0,0 @@ -build: - docker: - web: Dockerfile From 37f5c9fcafcff3ace85c8c3f62fd8649774c27e8 Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Tue, 23 Aug 2022 15:21:52 -0400 Subject: [PATCH 14/46] Minor fix --- docker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 547fa269c07418..9f6b2893593131 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -49,7 +49,7 @@ ENV \ # grpcio>1.30.0 requires this, see requirements.txt for more detail. GRPC_POLL_STRATEGY=epoll1 -COPY requirements-frozen.txt /tmp/requirements-frozen.txt +COPY ${DIST_DIR}/requirements-frozen.txt /tmp/requirements-frozen.txt RUN set -x \ && buildDeps="" \ From 6d3122a6a38bb9f2ca4e6b799f8cce65ea8f3106 Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Tue, 23 Aug 2022 15:23:38 -0400 Subject: [PATCH 15/46] Build deps for psycopg2-binary --- docker/Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker/Dockerfile b/docker/Dockerfile index 9f6b2893593131..50eddfe545ab00 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -58,6 +58,10 @@ RUN set -x \ gcc \ wget \ " \ + # psycopg2-binary + && buildDeps="$buildDeps \ + libpq-dev \ + " \ # maxminddb && buildDeps="$buildDeps \ libmaxminddb-dev \ From 692c00130afff576e3c17b0b426b074f5de08b50 Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Wed, 24 Aug 2022 12:28:38 -0400 Subject: [PATCH 16/46] Create image that uses for Heroku --- docker/heroku.web.dockerfile | 6 ++++++ heroku.yml | 3 +++ 2 files changed, 9 insertions(+) create mode 100644 docker/heroku.web.dockerfile create mode 100644 heroku.yml diff --git a/docker/heroku.web.dockerfile b/docker/heroku.web.dockerfile new file mode 100644 index 00000000000000..9df9e26adf2157 --- /dev/null +++ b/docker/heroku.web.dockerfile @@ -0,0 +1,6 @@ +# This Docker file simply modifies the CMD parameter to support +# the $PORT usage in Heroku. +FROM getsentry/sentry:nightly +# Heroku use $PORT, thus, it will overwrite this +ENV PORT="8000" +CMD sentry run web --bind $PORT diff --git a/heroku.yml b/heroku.yml new file mode 100644 index 00000000000000..e444110a3689dc --- /dev/null +++ b/heroku.yml @@ -0,0 +1,3 @@ +build: + docker: + web: docker/heroku.web.dockerfile From 31a3108abfd2105c714fef85ad4ac9d086905c45 Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Wed, 24 Aug 2022 12:36:44 -0400 Subject: [PATCH 17/46] Use 0.0.0.0 --- docker/heroku.web.dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/heroku.web.dockerfile b/docker/heroku.web.dockerfile index 9df9e26adf2157..b6af86ecc1a919 100644 --- a/docker/heroku.web.dockerfile +++ b/docker/heroku.web.dockerfile @@ -3,4 +3,4 @@ FROM getsentry/sentry:nightly # Heroku use $PORT, thus, it will overwrite this ENV PORT="8000" -CMD sentry run web --bind $PORT +CMD sentry run web --bind 0.0.0.0:$PORT From c6d568133c291d93a3e64c6c7e93b0b8728d2d89 Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Wed, 24 Aug 2022 12:48:52 -0400 Subject: [PATCH 18/46] Try non-root user --- docker/heroku.web.dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker/heroku.web.dockerfile b/docker/heroku.web.dockerfile index b6af86ecc1a919..479739911a7369 100644 --- a/docker/heroku.web.dockerfile +++ b/docker/heroku.web.dockerfile @@ -1,6 +1,8 @@ # This Docker file simply modifies the CMD parameter to support # the $PORT usage in Heroku. FROM getsentry/sentry:nightly +RUN adduser sentry_user +USER sentry_user # Heroku use $PORT, thus, it will overwrite this ENV PORT="8000" CMD sentry run web --bind 0.0.0.0:$PORT From 6ff21c9bf60810f6274efaacc08e4c6a5764aff3 Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Wed, 24 Aug 2022 13:43:58 -0400 Subject: [PATCH 19/46] Try using gunicorn --- docker/heroku.web.dockerfile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docker/heroku.web.dockerfile b/docker/heroku.web.dockerfile index 479739911a7369..3ce0348e482f96 100644 --- a/docker/heroku.web.dockerfile +++ b/docker/heroku.web.dockerfile @@ -1,8 +1,13 @@ # This Docker file simply modifies the CMD parameter to support # the $PORT usage in Heroku. FROM getsentry/sentry:nightly +RUN pip install gunicorn + +ENV SENTRY_LOG_LEVEL=DEBUG +# add and run as non-root user RUN adduser sentry_user USER sentry_user # Heroku use $PORT, thus, it will overwrite this ENV PORT="8000" -CMD sentry run web --bind 0.0.0.0:$PORT +# run gunicorn +CMD gunicorn sentry.wsgi:application --bind 0.0.0.0:$PORT From 5cb4537c93fcd62c27bb7a72b4ff01a7075c7479 Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Wed, 24 Aug 2022 18:35:16 -0400 Subject: [PATCH 20/46] Go away from gunicorn --- docker/heroku.web.dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docker/heroku.web.dockerfile b/docker/heroku.web.dockerfile index 3ce0348e482f96..c2f607215b5fdc 100644 --- a/docker/heroku.web.dockerfile +++ b/docker/heroku.web.dockerfile @@ -1,7 +1,6 @@ # This Docker file simply modifies the CMD parameter to support # the $PORT usage in Heroku. FROM getsentry/sentry:nightly -RUN pip install gunicorn ENV SENTRY_LOG_LEVEL=DEBUG # add and run as non-root user @@ -10,4 +9,4 @@ USER sentry_user # Heroku use $PORT, thus, it will overwrite this ENV PORT="8000" # run gunicorn -CMD gunicorn sentry.wsgi:application --bind 0.0.0.0:$PORT +CMD sentry run web --bind 0.0.0.0:$PORT From 6621020deecd0d387782c6affbb61956d3712e71 Mon Sep 17 00:00:00 2001 From: Armen Date: Thu, 25 Aug 2022 09:25:46 -0400 Subject: [PATCH 21/46] Try using a worker --- docker/heroku.web.dockerfile | 2 +- heroku.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/heroku.web.dockerfile b/docker/heroku.web.dockerfile index c2f607215b5fdc..b1d544c71958fe 100644 --- a/docker/heroku.web.dockerfile +++ b/docker/heroku.web.dockerfile @@ -8,5 +8,5 @@ RUN adduser sentry_user USER sentry_user # Heroku use $PORT, thus, it will overwrite this ENV PORT="8000" -# run gunicorn + CMD sentry run web --bind 0.0.0.0:$PORT diff --git a/heroku.yml b/heroku.yml index e444110a3689dc..99c815e2aedbef 100644 --- a/heroku.yml +++ b/heroku.yml @@ -1,3 +1,3 @@ build: docker: - web: docker/heroku.web.dockerfile + worker: docker/heroku.web.dockerfile From 30ec37e7fd8a79852f5b867a2238e40311fd68bc Mon Sep 17 00:00:00 2001 From: Armen Date: Thu, 25 Aug 2022 09:41:16 -0400 Subject: [PATCH 22/46] Less layers --- docker/heroku.web.latest.dockerfile | 83 +++++++++++++++++++++++++++++ heroku.yml | 2 +- 2 files changed, 84 insertions(+), 1 deletion(-) create mode 100644 docker/heroku.web.latest.dockerfile diff --git a/docker/heroku.web.latest.dockerfile b/docker/heroku.web.latest.dockerfile new file mode 100644 index 00000000000000..18044b2ae3ea6f --- /dev/null +++ b/docker/heroku.web.latest.dockerfile @@ -0,0 +1,83 @@ +FROM python:3.8.13-slim-bullseye + +# Sane defaults for pip +ENV \ + PIP_NO_CACHE_DIR=1 \ + PIP_DISABLE_PIP_VERSION_CHECK=1 \ + # Sentry config params + SENTRY_CONF=/etc/sentry \ + # Disable some unused uWSGI features, saving dependencies + # Thank to https://stackoverflow.com/a/25260588/90297 + UWSGI_PROFILE_OVERRIDE=ssl=false;xml=false;routing=false \ + # UWSGI dogstatsd plugin + UWSGI_NEED_PLUGIN=/var/lib/uwsgi/dogstatsd \ + # grpcio>1.30.0 requires this, see requirements.txt for more detail. + GRPC_POLL_STRATEGY=epoll1 + +COPY ./requirements-frozen.txt /tmp/requirements-frozen.txt + +RUN set -x \ + && buildDeps="" \ + # uwsgi + && buildDeps="$buildDeps \ + gcc \ + wget \ + " \ + # psycopg2-binary + && buildDeps="$buildDeps \ + libpq-dev \ + " \ + # maxminddb + && buildDeps="$buildDeps \ + libmaxminddb-dev \ + "\ + # xmlsec + && buildDeps="$buildDeps \ + libxmlsec1-dev \ + pkg-config \ + " \ + && apt-get update \ + && apt-get install -y --no-install-recommends $buildDeps \ + && pip install -r /tmp/requirements-frozen.txt \ + && mkdir /tmp/uwsgi-dogstatsd \ + && wget -O - https://github.com/eventbrite/uwsgi-dogstatsd/archive/filters-and-tags.tar.gz | \ + tar -xzf - -C /tmp/uwsgi-dogstatsd --strip-components=1 \ + && UWSGI_NEED_PLUGIN="" uwsgi --build-plugin /tmp/uwsgi-dogstatsd \ + && mkdir -p /var/lib/uwsgi \ + && mv dogstatsd_plugin.so /var/lib/uwsgi/ \ + && rm -rf /tmp/requirements-frozen.txt /tmp/uwsgi-dogstatsd .uwsgi_plugins_builder \ + && apt-get purge -y --auto-remove $buildDeps \ + # We install run-time dependencies strictly after + # build dependencies to prevent accidental collusion. + # These are also installed last as they are needed + # during container run and can have the same deps w/ + # build deps such as maxminddb. + && apt-get install -y --no-install-recommends \ + # pillow + libjpeg-dev \ + # rust bindings + libffi-dev \ + # maxminddb bindings + libmaxminddb-dev \ + # SAML needs these run-time + libxmlsec1-dev \ + libxslt-dev \ + # pyyaml needs this run-time + libyaml-dev \ + # other + pkg-config \ + \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* \ + # Fully verify that the C extension is correctly installed, it unfortunately + # requires a full check into maxminddb.extension.Reader + && python -c 'import maxminddb.extension; maxminddb.extension.Reader' \ + && mkdir -p $SENTRY_CONF + +COPY ./docker/sentry.conf.py ./docker/config.yml $SENTRY_CONF/ +COPY ./docker/docker-entrypoint.sh / +ENTRYPOINT exec /docker-entrypoint.sh "$0" "$@" +# Heroku use $PORT, thus, it will overwrite this +ENV PORT="8000" + +CMD sentry run web --bind 0.0.0.0:$PORT diff --git a/heroku.yml b/heroku.yml index 99c815e2aedbef..b21299dda5c5f4 100644 --- a/heroku.yml +++ b/heroku.yml @@ -1,3 +1,3 @@ build: docker: - worker: docker/heroku.web.dockerfile + web: docker/heroku.web.latest.dockerfile From f6aafc76d70642996b4eeac6069df4cdc8b83a31 Mon Sep 17 00:00:00 2001 From: Armen Date: Thu, 25 Aug 2022 09:48:13 -0400 Subject: [PATCH 23/46] Try again --- .dockerignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.dockerignore b/.dockerignore index b6b3e7004c04dc..81f574248228bf 100644 --- a/.dockerignore +++ b/.dockerignore @@ -7,4 +7,4 @@ !/dist/requirements-frozen.txt !/dist/*.whl # When building without a dist cache -!requirements-frozen.txt +!/requirements-frozen.txt From 7ee1dcbdc9e18e37cfcd2294a62ae07e514c47a3 Mon Sep 17 00:00:00 2001 From: Armen Date: Thu, 25 Aug 2022 09:50:30 -0400 Subject: [PATCH 24/46] Remove Docker ignore for now --- .dockerignore | 10 --- docker/heroku.web.latest.dockerfile | 134 ++++++++++++++-------------- 2 files changed, 67 insertions(+), 77 deletions(-) delete mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore deleted file mode 100644 index 81f574248228bf..00000000000000 --- a/.dockerignore +++ /dev/null @@ -1,10 +0,0 @@ -# Ignore everything -* - -!/docker -!/package.json -!/yarn.lock -!/dist/requirements-frozen.txt -!/dist/*.whl -# When building without a dist cache -!/requirements-frozen.txt diff --git a/docker/heroku.web.latest.dockerfile b/docker/heroku.web.latest.dockerfile index 18044b2ae3ea6f..2d9328243f090e 100644 --- a/docker/heroku.web.latest.dockerfile +++ b/docker/heroku.web.latest.dockerfile @@ -2,77 +2,77 @@ FROM python:3.8.13-slim-bullseye # Sane defaults for pip ENV \ - PIP_NO_CACHE_DIR=1 \ - PIP_DISABLE_PIP_VERSION_CHECK=1 \ - # Sentry config params - SENTRY_CONF=/etc/sentry \ - # Disable some unused uWSGI features, saving dependencies - # Thank to https://stackoverflow.com/a/25260588/90297 - UWSGI_PROFILE_OVERRIDE=ssl=false;xml=false;routing=false \ - # UWSGI dogstatsd plugin - UWSGI_NEED_PLUGIN=/var/lib/uwsgi/dogstatsd \ - # grpcio>1.30.0 requires this, see requirements.txt for more detail. - GRPC_POLL_STRATEGY=epoll1 + PIP_NO_CACHE_DIR=1 \ + PIP_DISABLE_PIP_VERSION_CHECK=1 \ + # Sentry config params + SENTRY_CONF=/etc/sentry \ + # Disable some unused uWSGI features, saving dependencies + # Thank to https://stackoverflow.com/a/25260588/90297 + UWSGI_PROFILE_OVERRIDE=ssl=false;xml=false;routing=false \ + # UWSGI dogstatsd plugin + UWSGI_NEED_PLUGIN=/var/lib/uwsgi/dogstatsd \ + # grpcio>1.30.0 requires this, see requirements.txt for more detail. + GRPC_POLL_STRATEGY=epoll1 COPY ./requirements-frozen.txt /tmp/requirements-frozen.txt RUN set -x \ - && buildDeps="" \ - # uwsgi - && buildDeps="$buildDeps \ - gcc \ - wget \ - " \ - # psycopg2-binary - && buildDeps="$buildDeps \ - libpq-dev \ - " \ - # maxminddb - && buildDeps="$buildDeps \ - libmaxminddb-dev \ - "\ - # xmlsec - && buildDeps="$buildDeps \ - libxmlsec1-dev \ - pkg-config \ - " \ - && apt-get update \ - && apt-get install -y --no-install-recommends $buildDeps \ - && pip install -r /tmp/requirements-frozen.txt \ - && mkdir /tmp/uwsgi-dogstatsd \ - && wget -O - https://github.com/eventbrite/uwsgi-dogstatsd/archive/filters-and-tags.tar.gz | \ - tar -xzf - -C /tmp/uwsgi-dogstatsd --strip-components=1 \ - && UWSGI_NEED_PLUGIN="" uwsgi --build-plugin /tmp/uwsgi-dogstatsd \ - && mkdir -p /var/lib/uwsgi \ - && mv dogstatsd_plugin.so /var/lib/uwsgi/ \ - && rm -rf /tmp/requirements-frozen.txt /tmp/uwsgi-dogstatsd .uwsgi_plugins_builder \ - && apt-get purge -y --auto-remove $buildDeps \ - # We install run-time dependencies strictly after - # build dependencies to prevent accidental collusion. - # These are also installed last as they are needed - # during container run and can have the same deps w/ - # build deps such as maxminddb. - && apt-get install -y --no-install-recommends \ - # pillow - libjpeg-dev \ - # rust bindings - libffi-dev \ - # maxminddb bindings - libmaxminddb-dev \ - # SAML needs these run-time - libxmlsec1-dev \ - libxslt-dev \ - # pyyaml needs this run-time - libyaml-dev \ - # other - pkg-config \ - \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* \ - # Fully verify that the C extension is correctly installed, it unfortunately - # requires a full check into maxminddb.extension.Reader - && python -c 'import maxminddb.extension; maxminddb.extension.Reader' \ - && mkdir -p $SENTRY_CONF + && buildDeps="" \ + # uwsgi + && buildDeps="$buildDeps \ + gcc \ + wget \ + " \ + # psycopg2-binary + && buildDeps="$buildDeps \ + libpq-dev \ + " \ + # maxminddb + && buildDeps="$buildDeps \ + libmaxminddb-dev \ + "\ + # xmlsec + && buildDeps="$buildDeps \ + libxmlsec1-dev \ + pkg-config \ + " \ + && apt-get update \ + && apt-get install -y --no-install-recommends $buildDeps \ + && pip install -r /tmp/requirements-frozen.txt \ + && mkdir /tmp/uwsgi-dogstatsd \ + && wget -O - https://github.com/eventbrite/uwsgi-dogstatsd/archive/filters-and-tags.tar.gz | \ + tar -xzf - -C /tmp/uwsgi-dogstatsd --strip-components=1 \ + && UWSGI_NEED_PLUGIN="" uwsgi --build-plugin /tmp/uwsgi-dogstatsd \ + && mkdir -p /var/lib/uwsgi \ + && mv dogstatsd_plugin.so /var/lib/uwsgi/ \ + && rm -rf /tmp/requirements-frozen.txt /tmp/uwsgi-dogstatsd .uwsgi_plugins_builder \ + && apt-get purge -y --auto-remove $buildDeps \ + # We install run-time dependencies strictly after + # build dependencies to prevent accidental collusion. + # These are also installed last as they are needed + # during container run and can have the same deps w/ + # build deps such as maxminddb. + && apt-get install -y --no-install-recommends \ + # pillow + libjpeg-dev \ + # rust bindings + libffi-dev \ + # maxminddb bindings + libmaxminddb-dev \ + # SAML needs these run-time + libxmlsec1-dev \ + libxslt-dev \ + # pyyaml needs this run-time + libyaml-dev \ + # other + pkg-config \ + \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* \ + # Fully verify that the C extension is correctly installed, it unfortunately + # requires a full check into maxminddb.extension.Reader + && python -c 'import maxminddb.extension; maxminddb.extension.Reader' \ + && mkdir -p $SENTRY_CONF COPY ./docker/sentry.conf.py ./docker/config.yml $SENTRY_CONF/ COPY ./docker/docker-entrypoint.sh / From 163b2c59adcd584134aa4240b57829d0036d568a Mon Sep 17 00:00:00 2001 From: Armen Date: Thu, 25 Aug 2022 09:53:34 -0400 Subject: [PATCH 25/46] It has something to do with the Docker build context --- docker/heroku.web.latest.dockerfile => Dockerfile | 0 heroku.yml | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename docker/heroku.web.latest.dockerfile => Dockerfile (100%) diff --git a/docker/heroku.web.latest.dockerfile b/Dockerfile similarity index 100% rename from docker/heroku.web.latest.dockerfile rename to Dockerfile diff --git a/heroku.yml b/heroku.yml index b21299dda5c5f4..8eec25b9c99a95 100644 --- a/heroku.yml +++ b/heroku.yml @@ -1,3 +1,3 @@ build: docker: - web: docker/heroku.web.latest.dockerfile + web: Dockerfile From c31fbf37b3343f25b71cb84ff4c9b73233141158 Mon Sep 17 00:00:00 2001 From: Armen Date: Thu, 25 Aug 2022 11:11:08 -0400 Subject: [PATCH 26/46] Make it similar and remove labels --- Dockerfile | 37 +++++++++++++++++++++++++++++++++---- docker/docker-entrypoint.sh | 2 +- 2 files changed, 34 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2d9328243f090e..3dcafdcb26481a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,31 @@ FROM python:3.8.13-slim-bullseye +# The Cloud build uses /dist as a place to cache wheels and others +ARG DIST_DIR=. + +# add our user and group first to make sure their IDs get assigned consistently +RUN groupadd -r sentry && useradd -r -m -g sentry sentry + +ENV GOSU_VERSION=1.12 \ + GOSU_SHA256=0f25a21cf64e58078057adc78f38705163c1d564a959ff30a891c31917011a54 \ + TINI_VERSION=0.19.0 \ + TINI_SHA256=93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c + + +RUN set -x \ + && buildDeps=" \ + wget \ + " \ + && apt-get update && apt-get install -y --no-install-recommends $buildDeps \ + && rm -rf /var/lib/apt/lists/* \ + # grab gosu for easy step-down from root + && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-amd64" \ + && echo "$GOSU_SHA256 /usr/local/bin/gosu" | sha256sum --check --status \ + && chmod +x /usr/local/bin/gosu \ + # grab tini for signal processing and zombie killing + && wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$TINI_VERSION/tini-amd64" \ + && echo "$TINI_SHA256 /usr/local/bin/tini" | sha256sum --check --status \ + && chmod +x /usr/local/bin/tini \ + && apt-get purge -y --auto-remove $buildDeps # Sane defaults for pip ENV \ @@ -14,7 +41,7 @@ ENV \ # grpcio>1.30.0 requires this, see requirements.txt for more detail. GRPC_POLL_STRATEGY=epoll1 -COPY ./requirements-frozen.txt /tmp/requirements-frozen.txt +COPY ${DIST_DIR}/requirements-frozen.txt /tmp/requirements-frozen.txt RUN set -x \ && buildDeps="" \ @@ -74,10 +101,12 @@ RUN set -x \ && python -c 'import maxminddb.extension; maxminddb.extension.Reader' \ && mkdir -p $SENTRY_CONF +# XXX: Cheat +RUN pip install sentry +RUN sentry help | sed '1,/Commands:/d' | awk '{print $1}' > /sentry-commands.txt + COPY ./docker/sentry.conf.py ./docker/config.yml $SENTRY_CONF/ COPY ./docker/docker-entrypoint.sh / -ENTRYPOINT exec /docker-entrypoint.sh "$0" "$@" -# Heroku use $PORT, thus, it will overwrite this -ENV PORT="8000" +ENTRYPOINT exec /docker-entrypoint.sh "$0" "$@" CMD sentry run web --bind 0.0.0.0:$PORT diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh index 057d305792c594..2f0eb6c7d8196d 100755 --- a/docker/docker-entrypoint.sh +++ b/docker/docker-entrypoint.sh @@ -1,6 +1,6 @@ #!/bin/bash -set -ex +set -e # first check if we're passing flags, if so # prepend with sentry From 5da94f19a671b0262aeec95b8c97f3dfccba2d45 Mon Sep 17 00:00:00 2001 From: Armen Date: Thu, 25 Aug 2022 11:15:52 -0400 Subject: [PATCH 27/46] Lower the number of layers --- Dockerfile | 57 +++++++++++++++++++++++------------------------------- 1 file changed, 24 insertions(+), 33 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3dcafdcb26481a..0b8d9ccf3d0ce4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,34 +1,14 @@ FROM python:3.8.13-slim-bullseye -# The Cloud build uses /dist as a place to cache wheels and others -ARG DIST_DIR=. # add our user and group first to make sure their IDs get assigned consistently RUN groupadd -r sentry && useradd -r -m -g sentry sentry -ENV GOSU_VERSION=1.12 \ - GOSU_SHA256=0f25a21cf64e58078057adc78f38705163c1d564a959ff30a891c31917011a54 \ - TINI_VERSION=0.19.0 \ - TINI_SHA256=93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c - - -RUN set -x \ - && buildDeps=" \ - wget \ - " \ - && apt-get update && apt-get install -y --no-install-recommends $buildDeps \ - && rm -rf /var/lib/apt/lists/* \ - # grab gosu for easy step-down from root - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-amd64" \ - && echo "$GOSU_SHA256 /usr/local/bin/gosu" | sha256sum --check --status \ - && chmod +x /usr/local/bin/gosu \ - # grab tini for signal processing and zombie killing - && wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$TINI_VERSION/tini-amd64" \ - && echo "$TINI_SHA256 /usr/local/bin/tini" | sha256sum --check --status \ - && chmod +x /usr/local/bin/tini \ - && apt-get purge -y --auto-remove $buildDeps - # Sane defaults for pip ENV \ + GOSU_VERSION=1.12 \ + GOSU_SHA256=0f25a21cf64e58078057adc78f38705163c1d564a959ff30a891c31917011a54 \ + TINI_VERSION=0.19.0 \ + TINI_SHA256=93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c \ PIP_NO_CACHE_DIR=1 \ PIP_DISABLE_PIP_VERSION_CHECK=1 \ # Sentry config params @@ -41,10 +21,24 @@ ENV \ # grpcio>1.30.0 requires this, see requirements.txt for more detail. GRPC_POLL_STRATEGY=epoll1 -COPY ${DIST_DIR}/requirements-frozen.txt /tmp/requirements-frozen.txt +COPY ./requirements-frozen.txt /tmp/requirements-frozen.txt RUN set -x \ && buildDeps="" \ + buildDeps=" \ + wget \ + " \ + && apt-get update && apt-get install -y --no-install-recommends $buildDeps \ + && rm -rf /var/lib/apt/lists/* \ + # grab gosu for easy step-down from root + && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-amd64" \ + && echo "$GOSU_SHA256 /usr/local/bin/gosu" | sha256sum --check --status \ + && chmod +x /usr/local/bin/gosu \ + # grab tini for signal processing and zombie killing + && wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$TINI_VERSION/tini-amd64" \ + && echo "$TINI_SHA256 /usr/local/bin/tini" | sha256sum --check --status \ + && chmod +x /usr/local/bin/tini \ + && apt-get purge -y --auto-remove $buildDeps \ # uwsgi && buildDeps="$buildDeps \ gcc \ @@ -99,14 +93,11 @@ RUN set -x \ # Fully verify that the C extension is correctly installed, it unfortunately # requires a full check into maxminddb.extension.Reader && python -c 'import maxminddb.extension; maxminddb.extension.Reader' \ - && mkdir -p $SENTRY_CONF - -# XXX: Cheat -RUN pip install sentry -RUN sentry help | sed '1,/Commands:/d' | awk '{print $1}' > /sentry-commands.txt + && mkdir -p $SENTRY_CONF \ + && pip install sentry \ + && sentry help | sed '1,/Commands:/d' | awk '{print $1}' > /sentry-commands.txt -COPY ./docker/sentry.conf.py ./docker/config.yml $SENTRY_CONF/ -COPY ./docker/docker-entrypoint.sh / +COPY ./docker/sentry.conf.py ./docker/config.yml ./docker/docker-entrypoint.sh $SENTRY_CONF/ -ENTRYPOINT exec /docker-entrypoint.sh "$0" "$@" +ENTRYPOINT exec $SENTRY_CONF/docker-entrypoint.sh "$0" "$@" CMD sentry run web --bind 0.0.0.0:$PORT From 7065b68e780b40f433579fc1d73ee5c8a39a526b Mon Sep 17 00:00:00 2001 From: Armen Date: Fri, 26 Aug 2022 09:16:07 -0400 Subject: [PATCH 28/46] Sorted --- requirements-base.txt | 70 +++++++++++++------------------------ requirements-dev-frozen.txt | 16 ++++----- requirements-frozen.txt | 16 ++++----- 3 files changed, 38 insertions(+), 64 deletions(-) diff --git a/requirements-base.txt b/requirements-base.txt index e9829d48c182ca..0a2b4327d0c809 100644 --- a/requirements-base.txt +++ b/requirements-base.txt @@ -1,102 +1,80 @@ +Django>=2.2.28 +Pillow>=9.2.0 +PyJWT>=2.4.0 +PyYAML>=5.4 beautifulsoup4>=4.7.1 +billiard>=3.6.4 boto3>=1.22.12 botocore>=1.25.12 +brotli>=1.0.9 celery>=4.4.7 +cffi>=1.15.0 click>=8.0.4 confluent-kafka>=1.9.2 croniter>=0.3.37 +cryptography>=3.4.8 +cssselect>=1.0.3 +cssutils>=2.4.0 datadog>=0.29.3 django-crispy-forms>=1.14.0 django-pg-zero-downtime-migrations>=0.11 -Django>=2.2.28 djangorestframework>=3.12.4 drf-spectacular>=0.22.1 email-reply-parser>=0.5.12 +fido2>=0.9.2 google-api-core>=1.32.0 google-auth>=1.24.0 google-cloud-bigtable>=1.6.1 google-cloud-core>=1.5.0 -googleapis-common-protos>=1.56.2 -google-cloud-pubsub>=2.2.0 -google-cloud-storage>=1.35.0 google-cloud-functions>=1.8.0 +google-cloud-pubsub>=2.2.0 google-cloud-spanner>=3.17.0 +google-cloud-storage>=1.35.0 google-crc32c>=1.3.0 +googleapis-common-protos>=1.56.2 +grpcio>=1.47.0 +hiredis>=0.3.1 isodate>=0.6.1 jsonschema>=3.2.0 +kombu>=4.6.11 lxml>=4.6.5 maxminddb>=2.0.3 mistune>=2.0.3 mmh3>=3.0.0 +msgpack>=1.0.4 packaging>=21.3 parsimonious>=0.8.0 petname>=2.6 +phabricator>=0.7.0 phonenumberslite>=8.12.0 -Pillow>=9.2.0 progressbar2>=3.41.0 -python-rapidjson>=1.4 psycopg2-binary>=2.8.6 -PyJWT>=2.4.0 python-dateutil>=2.8.1 python-memcached>=1.59 +python-rapidjson>=1.4 python-u2flib-server>=5.0.0 -fido2>=0.9.2 python3-saml>=1.14.0 -PyYAML>=5.4 rb>=1.9.0 redis-py-cluster>=2.1.0 redis>=3.4.1 requests-oauthlib>=1.2.0 requests>=2.25.1 -# [start] jsonschema format validators rfc3339-validator>=0.1.2 rfc3986-validator>=0.1.1 -# [end] jsonschema format validators +selenium>=4.1.5 sentry-arroyo>=1.0.3 sentry-relay>=0.8.13 sentry-sdk>=1.9.5 -snuba-sdk>=1.0.1 simplejson>=3.17.6 +snuba-sdk>=1.0.1 +sqlparse>=0.2.4,<=0.3.0 statsd>=3.3 structlog>=21.1.0 symbolic>=8.7.1 toronado>=0.1.0 typing-extensions>=3.10.0.2 +uWSGI==2.0.20.0 ua-parser>=0.10.0 unidiff>=0.7.4 urllib3[brotli]>=1.26.9 -brotli>=1.0.9 -# See if we can remove LDFLAGS from lib.sh -# https://github.com/getsentry/sentry/pull/30094 -uWSGI==2.0.20.0 zstandard>=0.18.0 - -msgpack>=1.0.4 -cryptography>=3.4.8 - -# celery -billiard>=3.6.4 -kombu>=4.6.11 - -# Note, grpcio>1.30.0 requires setting GRPC_POLL_STRATEGY=epoll1 -# See https://github.com/grpc/grpc/issues/23796 and -# https://github.com/grpc/grpc/blob/v1.35.x/doc/core/grpc-polling-engines.md#polling-engine-implementations-in-grpc -grpcio>=1.47.0 - -# not directly used, but provides a speedup for redis -hiredis>=0.3.1 - -# not directly used, but pinned for at least semaphore/symbolic -cffi>=1.15.0 - -# not directly used, but pinned for toronado because it doesn't pin these -cssutils>=2.4.0 -cssselect>=1.0.3 - -# sentry-plugins specific dependencies -phabricator>=0.7.0 - -# test dependencies, but unable to move to requirements-test until -# sentry.utils.pytest and sentry.testutils are moved to tests/ -selenium>=4.1.5 -sqlparse>=0.2.4,<=0.3.0 diff --git a/requirements-dev-frozen.txt b/requirements-dev-frozen.txt index 03f47973357d97..7eb44189d352ef 100644 --- a/requirements-dev-frozen.txt +++ b/requirements-dev-frozen.txt @@ -23,8 +23,7 @@ croniter==0.3.37 cryptography==37.0.2 cssselect==1.0.3 cssutils==2.4.0 -datadog==0.29.3 -decorator==5.1.1 +datadog==0.44.0 dictpath==0.1.3 distlib==0.3.4 django==2.2.28 @@ -56,7 +55,7 @@ googleapis-common-protos==1.56.2 grpc-google-iam-v1==0.12.4 grpcio==1.47.0 h11==0.13.0 -hiredis==0.3.1 +hiredis==2.0.0 honcho==1.0.0 identify==2.5.1 idna==2.10 @@ -70,7 +69,7 @@ kombu==4.6.11 lazy-object-proxy==1.7.1 libcst==0.4.3 lxml==4.6.5 -maxminddb==2.0.3 +maxminddb==2.2.0 mccabe==0.7.0 milksnake==0.1.5 mistune==2.0.4 @@ -112,7 +111,6 @@ pycodestyle==2.9.0 pycparser==2.21 pyflakes==2.5.0 pyjwt==2.4.0 -pyopenssl==22.0.0 pyparsing==3.0.9 pyrsistent==0.18.1 pysocks==1.7.1 @@ -138,11 +136,11 @@ redis-py-cluster==2.1.0 requests==2.25.1 requests-oauthlib==1.2.0 responses==0.21.0 -rfc3339-validator==0.1.2 +rfc3339-validator==0.1.4 rfc3986-validator==0.1.1 rsa==4.8 s3transfer==0.5.2 -selenium==4.3.0 +selenium==4.4.3 sentry-arroyo==1.0.3 sentry-relay==0.8.13 sentry-sdk==1.9.5 @@ -153,7 +151,7 @@ snuba-sdk==1.0.1 sortedcontainers==2.4.0 soupsieve==2.3.2.post1 sqlparse==0.3.0 -statsd==3.3 +statsd==3.3.0 structlog==21.1.0 symbolic==8.7.1 tokenize-rt==4.2.1 @@ -181,7 +179,7 @@ websocket-client==1.3.2 werkzeug==2.1.2 wheel==0.37.1 wrapt==1.14.1 -wsproto==1.1.0 +wsproto==1.2.0 xmlsec==1.3.11 zstandard==0.18.0 diff --git a/requirements-frozen.txt b/requirements-frozen.txt index a2852c277c760a..5c84914088423e 100644 --- a/requirements-frozen.txt +++ b/requirements-frozen.txt @@ -19,8 +19,7 @@ croniter==0.3.37 cryptography==37.0.2 cssselect==1.0.3 cssutils==2.4.0 -datadog==0.29.3 -decorator==5.1.1 +datadog==0.44.0 django==2.2.28 django-crispy-forms==1.14.0 django-pg-zero-downtime-migrations==0.11 @@ -42,7 +41,7 @@ googleapis-common-protos==1.56.2 grpc-google-iam-v1==0.12.4 grpcio==1.47.0 h11==0.13.0 -hiredis==0.3.1 +hiredis==2.0.0 idna==2.10 inflection==0.5.1 isodate==0.6.1 @@ -51,7 +50,7 @@ jsonschema==3.2.0 kombu==4.6.11 libcst==0.4.3 lxml==4.6.5 -maxminddb==2.0.3 +maxminddb==2.2.0 milksnake==0.1.5 mistune==2.0.4 mmh3==3.0.0 @@ -74,7 +73,6 @@ pyasn1==0.4.5 pyasn1-modules==0.2.4 pycparser==2.21 pyjwt==2.4.0 -pyopenssl==22.0.0 pyparsing==3.0.9 pyrsistent==0.18.1 pysocks==1.7.1 @@ -91,11 +89,11 @@ redis==3.4.1 redis-py-cluster==2.1.0 requests==2.25.1 requests-oauthlib==1.2.0 -rfc3339-validator==0.1.2 +rfc3339-validator==0.1.4 rfc3986-validator==0.1.1 rsa==4.8 s3transfer==0.5.2 -selenium==4.3.0 +selenium==4.4.3 sentry-arroyo==1.0.3 sentry-relay==0.8.13 sentry-sdk==1.9.5 @@ -106,7 +104,7 @@ snuba-sdk==1.0.1 sortedcontainers==2.4.0 soupsieve==2.3.2.post1 sqlparse==0.3.0 -statsd==3.3 +statsd==3.3.0 structlog==21.1.0 symbolic==8.7.1 toronado==0.1.0 @@ -120,7 +118,7 @@ uritemplate==4.1.1 urllib3==1.26.11 uwsgi==2.0.20.0 vine==1.3.0 -wsproto==1.1.0 +wsproto==1.2.0 xmlsec==1.3.11 zstandard==0.18.0 From 3280c16deff9184f1766461ae42e44cf396a4204 Mon Sep 17 00:00:00 2001 From: Armen Date: Fri, 26 Aug 2022 09:23:00 -0400 Subject: [PATCH 29/46] Only dependencies for web runner --- requirements-base.txt | 27 ++++----------------------- requirements-dev-frozen.txt | 7 ------- requirements-frozen.txt | 7 ------- 3 files changed, 4 insertions(+), 37 deletions(-) diff --git a/requirements-base.txt b/requirements-base.txt index 0a2b4327d0c809..4b61fb732f478c 100644 --- a/requirements-base.txt +++ b/requirements-base.txt @@ -3,19 +3,10 @@ Pillow>=9.2.0 PyJWT>=2.4.0 PyYAML>=5.4 beautifulsoup4>=4.7.1 -billiard>=3.6.4 boto3>=1.22.12 -botocore>=1.25.12 -brotli>=1.0.9 celery>=4.4.7 -cffi>=1.15.0 click>=8.0.4 -confluent-kafka>=1.9.2 croniter>=0.3.37 -cryptography>=3.4.8 -cssselect>=1.0.3 -cssutils>=2.4.0 -datadog>=0.29.3 django-crispy-forms>=1.14.0 django-pg-zero-downtime-migrations>=0.11 djangorestframework>=3.12.4 @@ -32,17 +23,12 @@ google-cloud-spanner>=3.17.0 google-cloud-storage>=1.35.0 google-crc32c>=1.3.0 googleapis-common-protos>=1.56.2 -grpcio>=1.47.0 hiredis>=0.3.1 -isodate>=0.6.1 -jsonschema>=3.2.0 -kombu>=4.6.11 lxml>=4.6.5 maxminddb>=2.0.3 mistune>=2.0.3 mmh3>=3.0.0 msgpack>=1.0.4 -packaging>=21.3 parsimonious>=0.8.0 petname>=2.6 phabricator>=0.7.0 @@ -50,25 +36,18 @@ phonenumberslite>=8.12.0 progressbar2>=3.41.0 psycopg2-binary>=2.8.6 python-dateutil>=2.8.1 -python-memcached>=1.59 python-rapidjson>=1.4 python-u2flib-server>=5.0.0 python3-saml>=1.14.0 rb>=1.9.0 redis-py-cluster>=2.1.0 -redis>=3.4.1 requests-oauthlib>=1.2.0 requests>=2.25.1 -rfc3339-validator>=0.1.2 -rfc3986-validator>=0.1.1 -selenium>=4.1.5 sentry-arroyo>=1.0.3 sentry-relay>=0.8.13 sentry-sdk>=1.9.5 simplejson>=3.17.6 snuba-sdk>=1.0.1 -sqlparse>=0.2.4,<=0.3.0 -statsd>=3.3 structlog>=21.1.0 symbolic>=8.7.1 toronado>=0.1.0 @@ -76,5 +55,7 @@ typing-extensions>=3.10.0.2 uWSGI==2.0.20.0 ua-parser>=0.10.0 unidiff>=0.7.4 -urllib3[brotli]>=1.26.9 -zstandard>=0.18.0 + +# test dependencies, but unable to move to requirements-test until +# sentry.utils.pytest and sentry.testutils are moved to tests/ +selenium>=4.1.5 diff --git a/requirements-dev-frozen.txt b/requirements-dev-frozen.txt index 7eb44189d352ef..bfbbb2844b6b4b 100644 --- a/requirements-dev-frozen.txt +++ b/requirements-dev-frozen.txt @@ -8,7 +8,6 @@ billiard==3.6.4.0 black==22.3.0 boto3==1.22.12 botocore==1.25.12 -brotli==1.0.9 build==0.8.0 cachetools==4.2.4 celery==4.4.7 @@ -23,7 +22,6 @@ croniter==0.3.37 cryptography==37.0.2 cssselect==1.0.3 cssutils==2.4.0 -datadog==0.44.0 dictpath==0.1.3 distlib==0.3.4 django==2.2.28 @@ -122,7 +120,6 @@ pytest-rerunfailures==9.1.1 pytest-sentry==0.1.9 pytest-xdist==2.4.0 python-dateutil==2.8.1 -python-memcached==1.59 python-rapidjson==1.4 python-u2flib-server==5.0.0 python-utils==3.3.3 @@ -136,8 +133,6 @@ redis-py-cluster==2.1.0 requests==2.25.1 requests-oauthlib==1.2.0 responses==0.21.0 -rfc3339-validator==0.1.4 -rfc3986-validator==0.1.1 rsa==4.8 s3transfer==0.5.2 selenium==4.4.3 @@ -151,7 +146,6 @@ snuba-sdk==1.0.1 sortedcontainers==2.4.0 soupsieve==2.3.2.post1 sqlparse==0.3.0 -statsd==3.3.0 structlog==21.1.0 symbolic==8.7.1 tokenize-rt==4.2.1 @@ -181,7 +175,6 @@ wheel==0.37.1 wrapt==1.14.1 wsproto==1.2.0 xmlsec==1.3.11 -zstandard==0.18.0 # The following packages are considered to be unsafe in a requirements file: pip==22.1.2 diff --git a/requirements-frozen.txt b/requirements-frozen.txt index 5c84914088423e..9c0584cc300962 100644 --- a/requirements-frozen.txt +++ b/requirements-frozen.txt @@ -7,7 +7,6 @@ beautifulsoup4==4.7.1 billiard==3.6.4.0 boto3==1.22.12 botocore==1.25.12 -brotli==1.0.9 cachetools==4.2.4 celery==4.4.7 certifi==2022.5.18.1 @@ -19,7 +18,6 @@ croniter==0.3.37 cryptography==37.0.2 cssselect==1.0.3 cssutils==2.4.0 -datadog==0.44.0 django==2.2.28 django-crispy-forms==1.14.0 django-pg-zero-downtime-migrations==0.11 @@ -77,7 +75,6 @@ pyparsing==3.0.9 pyrsistent==0.18.1 pysocks==1.7.1 python-dateutil==2.8.1 -python-memcached==1.59 python-rapidjson==1.4 python-u2flib-server==5.0.0 python-utils==3.3.3 @@ -89,8 +86,6 @@ redis==3.4.1 redis-py-cluster==2.1.0 requests==2.25.1 requests-oauthlib==1.2.0 -rfc3339-validator==0.1.4 -rfc3986-validator==0.1.1 rsa==4.8 s3transfer==0.5.2 selenium==4.4.3 @@ -104,7 +99,6 @@ snuba-sdk==1.0.1 sortedcontainers==2.4.0 soupsieve==2.3.2.post1 sqlparse==0.3.0 -statsd==3.3.0 structlog==21.1.0 symbolic==8.7.1 toronado==0.1.0 @@ -120,7 +114,6 @@ uwsgi==2.0.20.0 vine==1.3.0 wsproto==1.2.0 xmlsec==1.3.11 -zstandard==0.18.0 # The following packages are considered to be unsafe in a requirements file: setuptools==56.0.0 From bb890dde0806eab62a09d65f6a8d6fa39088ed36 Mon Sep 17 00:00:00 2001 From: Armen Date: Fri, 26 Aug 2022 09:45:49 -0400 Subject: [PATCH 30/46] Fix Docker build --- Dockerfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 0b8d9ccf3d0ce4..ef8f386a78ba80 100644 --- a/Dockerfile +++ b/Dockerfile @@ -60,6 +60,8 @@ RUN set -x \ && apt-get update \ && apt-get install -y --no-install-recommends $buildDeps \ && pip install -r /tmp/requirements-frozen.txt \ + # HACK: Since we can't install from /dist + && pip install sentry \ && mkdir /tmp/uwsgi-dogstatsd \ && wget -O - https://github.com/eventbrite/uwsgi-dogstatsd/archive/filters-and-tags.tar.gz | \ tar -xzf - -C /tmp/uwsgi-dogstatsd --strip-components=1 \ @@ -94,10 +96,11 @@ RUN set -x \ # requires a full check into maxminddb.extension.Reader && python -c 'import maxminddb.extension; maxminddb.extension.Reader' \ && mkdir -p $SENTRY_CONF \ - && pip install sentry \ && sentry help | sed '1,/Commands:/d' | awk '{print $1}' > /sentry-commands.txt COPY ./docker/sentry.conf.py ./docker/config.yml ./docker/docker-entrypoint.sh $SENTRY_CONF/ ENTRYPOINT exec $SENTRY_CONF/docker-entrypoint.sh "$0" "$@" +# Heroku use $PORT, thus, it will overwrite this +ENV PORT="8000" CMD sentry run web --bind 0.0.0.0:$PORT From edd5889b3f79de0ef531d06b5ae22d798dceab01 Mon Sep 17 00:00:00 2001 From: Armen Date: Fri, 26 Aug 2022 09:59:33 -0400 Subject: [PATCH 31/46] Lower hiredis version --- requirements-base.txt | 2 +- requirements-dev-frozen.txt | 2 +- requirements-frozen.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements-base.txt b/requirements-base.txt index 4b61fb732f478c..d712ef8bb774a3 100644 --- a/requirements-base.txt +++ b/requirements-base.txt @@ -23,7 +23,7 @@ google-cloud-spanner>=3.17.0 google-cloud-storage>=1.35.0 google-crc32c>=1.3.0 googleapis-common-protos>=1.56.2 -hiredis>=0.3.1 +hiredis==0.3.1 lxml>=4.6.5 maxminddb>=2.0.3 mistune>=2.0.3 diff --git a/requirements-dev-frozen.txt b/requirements-dev-frozen.txt index bfbbb2844b6b4b..34e3c025754d7f 100644 --- a/requirements-dev-frozen.txt +++ b/requirements-dev-frozen.txt @@ -53,7 +53,7 @@ googleapis-common-protos==1.56.2 grpc-google-iam-v1==0.12.4 grpcio==1.47.0 h11==0.13.0 -hiredis==2.0.0 +hiredis==0.3.1 honcho==1.0.0 identify==2.5.1 idna==2.10 diff --git a/requirements-frozen.txt b/requirements-frozen.txt index 9c0584cc300962..f67e352ec358b7 100644 --- a/requirements-frozen.txt +++ b/requirements-frozen.txt @@ -39,7 +39,7 @@ googleapis-common-protos==1.56.2 grpc-google-iam-v1==0.12.4 grpcio==1.47.0 h11==0.13.0 -hiredis==2.0.0 +hiredis==0.3.1 idna==2.10 inflection==0.5.1 isodate==0.6.1 From 14eda837c60f3b438bd524dc41137022437033f9 Mon Sep 17 00:00:00 2001 From: Armen Date: Fri, 26 Aug 2022 10:11:53 -0400 Subject: [PATCH 32/46] Add zstandard --- requirements-base.txt | 1 + requirements-dev-frozen.txt | 1 + requirements-frozen.txt | 1 + 3 files changed, 3 insertions(+) diff --git a/requirements-base.txt b/requirements-base.txt index d712ef8bb774a3..8c1fefba9735a0 100644 --- a/requirements-base.txt +++ b/requirements-base.txt @@ -55,6 +55,7 @@ typing-extensions>=3.10.0.2 uWSGI==2.0.20.0 ua-parser>=0.10.0 unidiff>=0.7.4 +zstandard==0.18.0 # test dependencies, but unable to move to requirements-test until # sentry.utils.pytest and sentry.testutils are moved to tests/ diff --git a/requirements-dev-frozen.txt b/requirements-dev-frozen.txt index 34e3c025754d7f..33fb121d11b014 100644 --- a/requirements-dev-frozen.txt +++ b/requirements-dev-frozen.txt @@ -175,6 +175,7 @@ wheel==0.37.1 wrapt==1.14.1 wsproto==1.2.0 xmlsec==1.3.11 +zstandard==0.18.0 # The following packages are considered to be unsafe in a requirements file: pip==22.1.2 diff --git a/requirements-frozen.txt b/requirements-frozen.txt index f67e352ec358b7..b838922c66cd6a 100644 --- a/requirements-frozen.txt +++ b/requirements-frozen.txt @@ -114,6 +114,7 @@ uwsgi==2.0.20.0 vine==1.3.0 wsproto==1.2.0 xmlsec==1.3.11 +zstandard==0.18.0 # The following packages are considered to be unsafe in a requirements file: setuptools==56.0.0 From 911baa5ded242ae6573f57b2f95994baa9d00cb0 Mon Sep 17 00:00:00 2001 From: Armen Date: Fri, 26 Aug 2022 10:19:11 -0400 Subject: [PATCH 33/46] Tweak --- requirements-base.txt | 1 + requirements-dev-frozen.txt | 1 + requirements-frozen.txt | 1 + 3 files changed, 3 insertions(+) diff --git a/requirements-base.txt b/requirements-base.txt index 8c1fefba9735a0..0c51afcb98edb3 100644 --- a/requirements-base.txt +++ b/requirements-base.txt @@ -56,6 +56,7 @@ uWSGI==2.0.20.0 ua-parser>=0.10.0 unidiff>=0.7.4 zstandard==0.18.0 +statsd==3.3 # test dependencies, but unable to move to requirements-test until # sentry.utils.pytest and sentry.testutils are moved to tests/ diff --git a/requirements-dev-frozen.txt b/requirements-dev-frozen.txt index 33fb121d11b014..10bfa9f71f9548 100644 --- a/requirements-dev-frozen.txt +++ b/requirements-dev-frozen.txt @@ -146,6 +146,7 @@ snuba-sdk==1.0.1 sortedcontainers==2.4.0 soupsieve==2.3.2.post1 sqlparse==0.3.0 +statsd==3.3 structlog==21.1.0 symbolic==8.7.1 tokenize-rt==4.2.1 diff --git a/requirements-frozen.txt b/requirements-frozen.txt index b838922c66cd6a..8011959190d3d1 100644 --- a/requirements-frozen.txt +++ b/requirements-frozen.txt @@ -99,6 +99,7 @@ snuba-sdk==1.0.1 sortedcontainers==2.4.0 soupsieve==2.3.2.post1 sqlparse==0.3.0 +statsd==3.3 structlog==21.1.0 symbolic==8.7.1 toronado==0.1.0 From c03880d198e68aeae36271fa0b47af5004603ff5 Mon Sep 17 00:00:00 2001 From: Armen Date: Fri, 26 Aug 2022 10:24:48 -0400 Subject: [PATCH 34/46] Try exec form --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ef8f386a78ba80..09948e5075aa11 100644 --- a/Dockerfile +++ b/Dockerfile @@ -103,4 +103,4 @@ COPY ./docker/sentry.conf.py ./docker/config.yml ./docker/docker-entrypoint.sh $ ENTRYPOINT exec $SENTRY_CONF/docker-entrypoint.sh "$0" "$@" # Heroku use $PORT, thus, it will overwrite this ENV PORT="8000" -CMD sentry run web --bind 0.0.0.0:$PORT +CMD ["sh", "-c", "sentry run web --bind 0.0.0.0:$PORT"] From 5aee651f66dff2fb0c9209f7056f45098158dcd6 Mon Sep 17 00:00:00 2001 From: Armen Date: Fri, 26 Aug 2022 10:37:24 -0400 Subject: [PATCH 35/46] Try this --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 09948e5075aa11..14e476f3e0a56d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -102,5 +102,5 @@ COPY ./docker/sentry.conf.py ./docker/config.yml ./docker/docker-entrypoint.sh $ ENTRYPOINT exec $SENTRY_CONF/docker-entrypoint.sh "$0" "$@" # Heroku use $PORT, thus, it will overwrite this -ENV PORT="8000" -CMD ["sh", "-c", "sentry run web --bind 0.0.0.0:$PORT"] +ENV PORT 8000 +CMD ["sh", "-c", "sentry run web --bind 0.0.0.0:${PORT}"] From 2b55eb153b11e64caee4051e994fecf953a7dbcb Mon Sep 17 00:00:00 2001 From: Armen Date: Fri, 26 Aug 2022 10:43:16 -0400 Subject: [PATCH 36/46] Try again --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 14e476f3e0a56d..f22972aec3c933 100644 --- a/Dockerfile +++ b/Dockerfile @@ -102,5 +102,5 @@ COPY ./docker/sentry.conf.py ./docker/config.yml ./docker/docker-entrypoint.sh $ ENTRYPOINT exec $SENTRY_CONF/docker-entrypoint.sh "$0" "$@" # Heroku use $PORT, thus, it will overwrite this -ENV PORT 8000 -CMD ["sh", "-c", "sentry run web --bind 0.0.0.0:${PORT}"] +ENV PORT="8000" +CMD sentry run web --bind :$PORT From 9b6925b7f2119f52cc0190b47e7f10dd403190c3 Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Fri, 26 Aug 2022 12:43:07 -0400 Subject: [PATCH 37/46] Add a release step --- heroku.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/heroku.yml b/heroku.yml index 8eec25b9c99a95..22b3ec315dd496 100644 --- a/heroku.yml +++ b/heroku.yml @@ -1,3 +1,7 @@ build: docker: web: Dockerfile +release: + image: web + command: + - sentry upgrade From b2ac94b9db47a2c1fde7626498b27737ec774c52 Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Fri, 26 Aug 2022 16:11:11 -0400 Subject: [PATCH 38/46] confluent-kafka --- Dockerfile | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Dockerfile b/Dockerfile index f22972aec3c933..b71e18a6bbb0b0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -57,8 +57,17 @@ RUN set -x \ libxmlsec1-dev \ pkg-config \ " \ + # confluent-kafka + && buildDeps="$buildDeps \ + gcc git libssl-dev g++ make \ + " \ && apt-get update \ && apt-get install -y --no-install-recommends $buildDeps \ + # confluent-kafka + && cd /tmp && git clone https://github.com/edenhill/librdkafka.git \ + && cd librdkafka && git checkout tags/v1.9.0 \ + && ./configure && make && make install \ + && cd ../ && rm -rf librdkafka \ && pip install -r /tmp/requirements-frozen.txt \ # HACK: Since we can't install from /dist && pip install sentry \ From ad2719ca097230040e28916ed3f9fee4ff451dde Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Fri, 26 Aug 2022 16:18:43 -0400 Subject: [PATCH 39/46] Use our own built packages --- Dockerfile | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index b71e18a6bbb0b0..2f66ae0edb7d75 100644 --- a/Dockerfile +++ b/Dockerfile @@ -57,17 +57,10 @@ RUN set -x \ libxmlsec1-dev \ pkg-config \ " \ - # confluent-kafka - && buildDeps="$buildDeps \ - gcc git libssl-dev g++ make \ - " \ && apt-get update \ && apt-get install -y --no-install-recommends $buildDeps \ - # confluent-kafka - && cd /tmp && git clone https://github.com/edenhill/librdkafka.git \ - && cd librdkafka && git checkout tags/v1.9.0 \ - && ./configure && make && make install \ - && cd ../ && rm -rf librdkafka \ + # Using our build packages + && pip install --index-url https://pypi.devinfra.sentry.io/simple confluent-kafka==1.9.2 psycopg2-binary==2.8.6 \ && pip install -r /tmp/requirements-frozen.txt \ # HACK: Since we can't install from /dist && pip install sentry \ From 8229116d5cc33f1a25e2a28edf63e6f0c27ce4de Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Fri, 26 Aug 2022 16:20:34 -0400 Subject: [PATCH 40/46] Restore --- .dockerignore | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 00000000000000..2225cfac84cf53 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,8 @@ +# Ignore everything +* + +!/docker +!/package.json +!/yarn.lock +!/dist/requirements-frozen.txt +!/dist/*.whl From 39f135b33aba1521e0d7a264382acca013f62171 Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Fri, 26 Aug 2022 16:23:29 -0400 Subject: [PATCH 41/46] Ignore frozen --- .dockerignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.dockerignore b/.dockerignore index 2225cfac84cf53..f895335080a589 100644 --- a/.dockerignore +++ b/.dockerignore @@ -6,3 +6,5 @@ !/yarn.lock !/dist/requirements-frozen.txt !/dist/*.whl +# To allow local builds +!/requirements-frozen.txt From d5ab4c27d03e88219698528537103e5b4672fe22 Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Fri, 26 Aug 2022 16:31:08 -0400 Subject: [PATCH 42/46] Restore Dockerfile --- docker/Dockerfile | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 50eddfe545ab00..59a6326e4030cd 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,6 +1,4 @@ FROM python:3.8.13-slim-bullseye -# The Cloud build uses /dist as a place to cache wheels and others -ARG DIST_DIR=. LABEL maintainer="oss@sentry.io" LABEL org.opencontainers.image.title="Sentry" @@ -49,8 +47,8 @@ ENV \ # grpcio>1.30.0 requires this, see requirements.txt for more detail. GRPC_POLL_STRATEGY=epoll1 -COPY ${DIST_DIR}/requirements-frozen.txt /tmp/requirements-frozen.txt - +# Install dependencies first to leverage Docker layer caching. +COPY /dist/requirements-frozen.txt /tmp/requirements-frozen.txt RUN set -x \ && buildDeps="" \ # uwsgi @@ -58,10 +56,6 @@ RUN set -x \ gcc \ wget \ " \ - # psycopg2-binary - && buildDeps="$buildDeps \ - libpq-dev \ - " \ # maxminddb && buildDeps="$buildDeps \ libmaxminddb-dev \ @@ -109,8 +103,8 @@ RUN set -x \ && python -c 'import maxminddb.extension; maxminddb.extension.Reader' \ && mkdir -p $SENTRY_CONF -# COPY /dist/*.whl /tmp/dist/ -# RUN pip install /tmp/dist/*.whl --no-deps && pip check && rm -rf /tmp/dist +COPY /dist/*.whl /tmp/dist/ +RUN pip install /tmp/dist/*.whl --no-deps && pip check && rm -rf /tmp/dist RUN sentry help | sed '1,/Commands:/d' | awk '{print $1}' > /sentry-commands.txt COPY ./docker/sentry.conf.py ./docker/config.yml $SENTRY_CONF/ From 285b9bb1a55ce794ae20e58e61e4f205b845fdcb Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Fri, 26 Aug 2022 16:31:37 -0400 Subject: [PATCH 43/46] Restore file --- docker/cloudbuild.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/docker/cloudbuild.yaml b/docker/cloudbuild.yaml index 033221a6e1e5fa..6f99dce91e5fa7 100644 --- a/docker/cloudbuild.yaml +++ b/docker/cloudbuild.yaml @@ -27,8 +27,6 @@ steps: '--use-new-run', '--build-arg', 'SOURCE_COMMIT=$COMMIT_SHA', - '--build-arg', - '/dist', '--destination=us.gcr.io/$PROJECT_ID/sentry:$COMMIT_SHA', '-f', './docker/Dockerfile', From d3ea70d2f4c7a9b63e02d1e2f5dc7d7fce4eb1ec Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Fri, 26 Aug 2022 16:32:38 -0400 Subject: [PATCH 44/46] Restore more --- docker/heroku.web.dockerfile | 12 ------ heroku.yml | 7 ---- requirements-base.txt | 71 ++++++++++++++++++++++++++++-------- requirements-dev-frozen.txt | 13 +++++-- requirements-frozen.txt | 13 +++++-- 5 files changed, 75 insertions(+), 41 deletions(-) delete mode 100644 docker/heroku.web.dockerfile delete mode 100644 heroku.yml diff --git a/docker/heroku.web.dockerfile b/docker/heroku.web.dockerfile deleted file mode 100644 index b1d544c71958fe..00000000000000 --- a/docker/heroku.web.dockerfile +++ /dev/null @@ -1,12 +0,0 @@ -# This Docker file simply modifies the CMD parameter to support -# the $PORT usage in Heroku. -FROM getsentry/sentry:nightly - -ENV SENTRY_LOG_LEVEL=DEBUG -# add and run as non-root user -RUN adduser sentry_user -USER sentry_user -# Heroku use $PORT, thus, it will overwrite this -ENV PORT="8000" - -CMD sentry run web --bind 0.0.0.0:$PORT diff --git a/heroku.yml b/heroku.yml deleted file mode 100644 index 22b3ec315dd496..00000000000000 --- a/heroku.yml +++ /dev/null @@ -1,7 +0,0 @@ -build: - docker: - web: Dockerfile -release: - image: web - command: - - sentry upgrade diff --git a/requirements-base.txt b/requirements-base.txt index 0c51afcb98edb3..e9829d48c182ca 100644 --- a/requirements-base.txt +++ b/requirements-base.txt @@ -1,63 +1,102 @@ -Django>=2.2.28 -Pillow>=9.2.0 -PyJWT>=2.4.0 -PyYAML>=5.4 beautifulsoup4>=4.7.1 boto3>=1.22.12 +botocore>=1.25.12 celery>=4.4.7 click>=8.0.4 +confluent-kafka>=1.9.2 croniter>=0.3.37 +datadog>=0.29.3 django-crispy-forms>=1.14.0 django-pg-zero-downtime-migrations>=0.11 +Django>=2.2.28 djangorestframework>=3.12.4 drf-spectacular>=0.22.1 email-reply-parser>=0.5.12 -fido2>=0.9.2 google-api-core>=1.32.0 google-auth>=1.24.0 google-cloud-bigtable>=1.6.1 google-cloud-core>=1.5.0 -google-cloud-functions>=1.8.0 +googleapis-common-protos>=1.56.2 google-cloud-pubsub>=2.2.0 -google-cloud-spanner>=3.17.0 google-cloud-storage>=1.35.0 +google-cloud-functions>=1.8.0 +google-cloud-spanner>=3.17.0 google-crc32c>=1.3.0 -googleapis-common-protos>=1.56.2 -hiredis==0.3.1 +isodate>=0.6.1 +jsonschema>=3.2.0 lxml>=4.6.5 maxminddb>=2.0.3 mistune>=2.0.3 mmh3>=3.0.0 -msgpack>=1.0.4 +packaging>=21.3 parsimonious>=0.8.0 petname>=2.6 -phabricator>=0.7.0 phonenumberslite>=8.12.0 +Pillow>=9.2.0 progressbar2>=3.41.0 +python-rapidjson>=1.4 psycopg2-binary>=2.8.6 +PyJWT>=2.4.0 python-dateutil>=2.8.1 -python-rapidjson>=1.4 +python-memcached>=1.59 python-u2flib-server>=5.0.0 +fido2>=0.9.2 python3-saml>=1.14.0 +PyYAML>=5.4 rb>=1.9.0 redis-py-cluster>=2.1.0 +redis>=3.4.1 requests-oauthlib>=1.2.0 requests>=2.25.1 +# [start] jsonschema format validators +rfc3339-validator>=0.1.2 +rfc3986-validator>=0.1.1 +# [end] jsonschema format validators sentry-arroyo>=1.0.3 sentry-relay>=0.8.13 sentry-sdk>=1.9.5 -simplejson>=3.17.6 snuba-sdk>=1.0.1 +simplejson>=3.17.6 +statsd>=3.3 structlog>=21.1.0 symbolic>=8.7.1 toronado>=0.1.0 typing-extensions>=3.10.0.2 -uWSGI==2.0.20.0 ua-parser>=0.10.0 unidiff>=0.7.4 -zstandard==0.18.0 -statsd==3.3 +urllib3[brotli]>=1.26.9 +brotli>=1.0.9 +# See if we can remove LDFLAGS from lib.sh +# https://github.com/getsentry/sentry/pull/30094 +uWSGI==2.0.20.0 +zstandard>=0.18.0 + +msgpack>=1.0.4 +cryptography>=3.4.8 + +# celery +billiard>=3.6.4 +kombu>=4.6.11 + +# Note, grpcio>1.30.0 requires setting GRPC_POLL_STRATEGY=epoll1 +# See https://github.com/grpc/grpc/issues/23796 and +# https://github.com/grpc/grpc/blob/v1.35.x/doc/core/grpc-polling-engines.md#polling-engine-implementations-in-grpc +grpcio>=1.47.0 + +# not directly used, but provides a speedup for redis +hiredis>=0.3.1 + +# not directly used, but pinned for at least semaphore/symbolic +cffi>=1.15.0 + +# not directly used, but pinned for toronado because it doesn't pin these +cssutils>=2.4.0 +cssselect>=1.0.3 + +# sentry-plugins specific dependencies +phabricator>=0.7.0 # test dependencies, but unable to move to requirements-test until # sentry.utils.pytest and sentry.testutils are moved to tests/ selenium>=4.1.5 +sqlparse>=0.2.4,<=0.3.0 diff --git a/requirements-dev-frozen.txt b/requirements-dev-frozen.txt index 10bfa9f71f9548..03f47973357d97 100644 --- a/requirements-dev-frozen.txt +++ b/requirements-dev-frozen.txt @@ -8,6 +8,7 @@ billiard==3.6.4.0 black==22.3.0 boto3==1.22.12 botocore==1.25.12 +brotli==1.0.9 build==0.8.0 cachetools==4.2.4 celery==4.4.7 @@ -22,6 +23,8 @@ croniter==0.3.37 cryptography==37.0.2 cssselect==1.0.3 cssutils==2.4.0 +datadog==0.29.3 +decorator==5.1.1 dictpath==0.1.3 distlib==0.3.4 django==2.2.28 @@ -67,7 +70,7 @@ kombu==4.6.11 lazy-object-proxy==1.7.1 libcst==0.4.3 lxml==4.6.5 -maxminddb==2.2.0 +maxminddb==2.0.3 mccabe==0.7.0 milksnake==0.1.5 mistune==2.0.4 @@ -109,6 +112,7 @@ pycodestyle==2.9.0 pycparser==2.21 pyflakes==2.5.0 pyjwt==2.4.0 +pyopenssl==22.0.0 pyparsing==3.0.9 pyrsistent==0.18.1 pysocks==1.7.1 @@ -120,6 +124,7 @@ pytest-rerunfailures==9.1.1 pytest-sentry==0.1.9 pytest-xdist==2.4.0 python-dateutil==2.8.1 +python-memcached==1.59 python-rapidjson==1.4 python-u2flib-server==5.0.0 python-utils==3.3.3 @@ -133,9 +138,11 @@ redis-py-cluster==2.1.0 requests==2.25.1 requests-oauthlib==1.2.0 responses==0.21.0 +rfc3339-validator==0.1.2 +rfc3986-validator==0.1.1 rsa==4.8 s3transfer==0.5.2 -selenium==4.4.3 +selenium==4.3.0 sentry-arroyo==1.0.3 sentry-relay==0.8.13 sentry-sdk==1.9.5 @@ -174,7 +181,7 @@ websocket-client==1.3.2 werkzeug==2.1.2 wheel==0.37.1 wrapt==1.14.1 -wsproto==1.2.0 +wsproto==1.1.0 xmlsec==1.3.11 zstandard==0.18.0 diff --git a/requirements-frozen.txt b/requirements-frozen.txt index 8011959190d3d1..a2852c277c760a 100644 --- a/requirements-frozen.txt +++ b/requirements-frozen.txt @@ -7,6 +7,7 @@ beautifulsoup4==4.7.1 billiard==3.6.4.0 boto3==1.22.12 botocore==1.25.12 +brotli==1.0.9 cachetools==4.2.4 celery==4.4.7 certifi==2022.5.18.1 @@ -18,6 +19,8 @@ croniter==0.3.37 cryptography==37.0.2 cssselect==1.0.3 cssutils==2.4.0 +datadog==0.29.3 +decorator==5.1.1 django==2.2.28 django-crispy-forms==1.14.0 django-pg-zero-downtime-migrations==0.11 @@ -48,7 +51,7 @@ jsonschema==3.2.0 kombu==4.6.11 libcst==0.4.3 lxml==4.6.5 -maxminddb==2.2.0 +maxminddb==2.0.3 milksnake==0.1.5 mistune==2.0.4 mmh3==3.0.0 @@ -71,10 +74,12 @@ pyasn1==0.4.5 pyasn1-modules==0.2.4 pycparser==2.21 pyjwt==2.4.0 +pyopenssl==22.0.0 pyparsing==3.0.9 pyrsistent==0.18.1 pysocks==1.7.1 python-dateutil==2.8.1 +python-memcached==1.59 python-rapidjson==1.4 python-u2flib-server==5.0.0 python-utils==3.3.3 @@ -86,9 +91,11 @@ redis==3.4.1 redis-py-cluster==2.1.0 requests==2.25.1 requests-oauthlib==1.2.0 +rfc3339-validator==0.1.2 +rfc3986-validator==0.1.1 rsa==4.8 s3transfer==0.5.2 -selenium==4.4.3 +selenium==4.3.0 sentry-arroyo==1.0.3 sentry-relay==0.8.13 sentry-sdk==1.9.5 @@ -113,7 +120,7 @@ uritemplate==4.1.1 urllib3==1.26.11 uwsgi==2.0.20.0 vine==1.3.0 -wsproto==1.2.0 +wsproto==1.1.0 xmlsec==1.3.11 zstandard==0.18.0 From 24f48f23e599b3691c88bddd09f783ac69575c4a Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Fri, 26 Aug 2022 16:33:31 -0400 Subject: [PATCH 45/46] Move --- Dockerfile | 108 ---------------------------------------------- docker/Dockerfile | 83 +++++++++++++++-------------------- 2 files changed, 34 insertions(+), 157 deletions(-) delete mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 2f66ae0edb7d75..00000000000000 --- a/Dockerfile +++ /dev/null @@ -1,108 +0,0 @@ -FROM python:3.8.13-slim-bullseye - -# add our user and group first to make sure their IDs get assigned consistently -RUN groupadd -r sentry && useradd -r -m -g sentry sentry - -# Sane defaults for pip -ENV \ - GOSU_VERSION=1.12 \ - GOSU_SHA256=0f25a21cf64e58078057adc78f38705163c1d564a959ff30a891c31917011a54 \ - TINI_VERSION=0.19.0 \ - TINI_SHA256=93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c \ - PIP_NO_CACHE_DIR=1 \ - PIP_DISABLE_PIP_VERSION_CHECK=1 \ - # Sentry config params - SENTRY_CONF=/etc/sentry \ - # Disable some unused uWSGI features, saving dependencies - # Thank to https://stackoverflow.com/a/25260588/90297 - UWSGI_PROFILE_OVERRIDE=ssl=false;xml=false;routing=false \ - # UWSGI dogstatsd plugin - UWSGI_NEED_PLUGIN=/var/lib/uwsgi/dogstatsd \ - # grpcio>1.30.0 requires this, see requirements.txt for more detail. - GRPC_POLL_STRATEGY=epoll1 - -COPY ./requirements-frozen.txt /tmp/requirements-frozen.txt - -RUN set -x \ - && buildDeps="" \ - buildDeps=" \ - wget \ - " \ - && apt-get update && apt-get install -y --no-install-recommends $buildDeps \ - && rm -rf /var/lib/apt/lists/* \ - # grab gosu for easy step-down from root - && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-amd64" \ - && echo "$GOSU_SHA256 /usr/local/bin/gosu" | sha256sum --check --status \ - && chmod +x /usr/local/bin/gosu \ - # grab tini for signal processing and zombie killing - && wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$TINI_VERSION/tini-amd64" \ - && echo "$TINI_SHA256 /usr/local/bin/tini" | sha256sum --check --status \ - && chmod +x /usr/local/bin/tini \ - && apt-get purge -y --auto-remove $buildDeps \ - # uwsgi - && buildDeps="$buildDeps \ - gcc \ - wget \ - " \ - # psycopg2-binary - && buildDeps="$buildDeps \ - libpq-dev \ - " \ - # maxminddb - && buildDeps="$buildDeps \ - libmaxminddb-dev \ - "\ - # xmlsec - && buildDeps="$buildDeps \ - libxmlsec1-dev \ - pkg-config \ - " \ - && apt-get update \ - && apt-get install -y --no-install-recommends $buildDeps \ - # Using our build packages - && pip install --index-url https://pypi.devinfra.sentry.io/simple confluent-kafka==1.9.2 psycopg2-binary==2.8.6 \ - && pip install -r /tmp/requirements-frozen.txt \ - # HACK: Since we can't install from /dist - && pip install sentry \ - && mkdir /tmp/uwsgi-dogstatsd \ - && wget -O - https://github.com/eventbrite/uwsgi-dogstatsd/archive/filters-and-tags.tar.gz | \ - tar -xzf - -C /tmp/uwsgi-dogstatsd --strip-components=1 \ - && UWSGI_NEED_PLUGIN="" uwsgi --build-plugin /tmp/uwsgi-dogstatsd \ - && mkdir -p /var/lib/uwsgi \ - && mv dogstatsd_plugin.so /var/lib/uwsgi/ \ - && rm -rf /tmp/requirements-frozen.txt /tmp/uwsgi-dogstatsd .uwsgi_plugins_builder \ - && apt-get purge -y --auto-remove $buildDeps \ - # We install run-time dependencies strictly after - # build dependencies to prevent accidental collusion. - # These are also installed last as they are needed - # during container run and can have the same deps w/ - # build deps such as maxminddb. - && apt-get install -y --no-install-recommends \ - # pillow - libjpeg-dev \ - # rust bindings - libffi-dev \ - # maxminddb bindings - libmaxminddb-dev \ - # SAML needs these run-time - libxmlsec1-dev \ - libxslt-dev \ - # pyyaml needs this run-time - libyaml-dev \ - # other - pkg-config \ - \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* \ - # Fully verify that the C extension is correctly installed, it unfortunately - # requires a full check into maxminddb.extension.Reader - && python -c 'import maxminddb.extension; maxminddb.extension.Reader' \ - && mkdir -p $SENTRY_CONF \ - && sentry help | sed '1,/Commands:/d' | awk '{print $1}' > /sentry-commands.txt - -COPY ./docker/sentry.conf.py ./docker/config.yml ./docker/docker-entrypoint.sh $SENTRY_CONF/ - -ENTRYPOINT exec $SENTRY_CONF/docker-entrypoint.sh "$0" "$@" -# Heroku use $PORT, thus, it will overwrite this -ENV PORT="8000" -CMD sentry run web --bind :$PORT diff --git a/docker/Dockerfile b/docker/Dockerfile index 59a6326e4030cd..2f66ae0edb7d75 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,24 +1,31 @@ FROM python:3.8.13-slim-bullseye -LABEL maintainer="oss@sentry.io" -LABEL org.opencontainers.image.title="Sentry" -LABEL org.opencontainers.image.description="Sentry runtime image" -LABEL org.opencontainers.image.url="https://sentry.io/" -LABEL org.opencontainers.image.documentation="https://develop.sentry.dev/self-hosted/" -LABEL org.opencontainers.image.vendor="Functional Software, Inc." -LABEL org.opencontainers.image.authors="oss@sentry.io" - # add our user and group first to make sure their IDs get assigned consistently RUN groupadd -r sentry && useradd -r -m -g sentry sentry -ENV GOSU_VERSION=1.12 \ +# Sane defaults for pip +ENV \ + GOSU_VERSION=1.12 \ GOSU_SHA256=0f25a21cf64e58078057adc78f38705163c1d564a959ff30a891c31917011a54 \ TINI_VERSION=0.19.0 \ - TINI_SHA256=93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c + TINI_SHA256=93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c \ + PIP_NO_CACHE_DIR=1 \ + PIP_DISABLE_PIP_VERSION_CHECK=1 \ + # Sentry config params + SENTRY_CONF=/etc/sentry \ + # Disable some unused uWSGI features, saving dependencies + # Thank to https://stackoverflow.com/a/25260588/90297 + UWSGI_PROFILE_OVERRIDE=ssl=false;xml=false;routing=false \ + # UWSGI dogstatsd plugin + UWSGI_NEED_PLUGIN=/var/lib/uwsgi/dogstatsd \ + # grpcio>1.30.0 requires this, see requirements.txt for more detail. + GRPC_POLL_STRATEGY=epoll1 +COPY ./requirements-frozen.txt /tmp/requirements-frozen.txt RUN set -x \ - && buildDeps=" \ + && buildDeps="" \ + buildDeps=" \ wget \ " \ && apt-get update && apt-get install -y --no-install-recommends $buildDeps \ @@ -31,31 +38,16 @@ RUN set -x \ && wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$TINI_VERSION/tini-amd64" \ && echo "$TINI_SHA256 /usr/local/bin/tini" | sha256sum --check --status \ && chmod +x /usr/local/bin/tini \ - && apt-get purge -y --auto-remove $buildDeps - -# Sane defaults for pip -ENV \ - PIP_NO_CACHE_DIR=1 \ - PIP_DISABLE_PIP_VERSION_CHECK=1 \ - # Sentry config params - SENTRY_CONF=/etc/sentry \ - # Disable some unused uWSGI features, saving dependencies - # Thank to https://stackoverflow.com/a/25260588/90297 - UWSGI_PROFILE_OVERRIDE=ssl=false;xml=false;routing=false \ - # UWSGI dogstatsd plugin - UWSGI_NEED_PLUGIN=/var/lib/uwsgi/dogstatsd \ - # grpcio>1.30.0 requires this, see requirements.txt for more detail. - GRPC_POLL_STRATEGY=epoll1 - -# Install dependencies first to leverage Docker layer caching. -COPY /dist/requirements-frozen.txt /tmp/requirements-frozen.txt -RUN set -x \ - && buildDeps="" \ + && apt-get purge -y --auto-remove $buildDeps \ # uwsgi && buildDeps="$buildDeps \ gcc \ wget \ " \ + # psycopg2-binary + && buildDeps="$buildDeps \ + libpq-dev \ + " \ # maxminddb && buildDeps="$buildDeps \ libmaxminddb-dev \ @@ -67,7 +59,11 @@ RUN set -x \ " \ && apt-get update \ && apt-get install -y --no-install-recommends $buildDeps \ + # Using our build packages + && pip install --index-url https://pypi.devinfra.sentry.io/simple confluent-kafka==1.9.2 psycopg2-binary==2.8.6 \ && pip install -r /tmp/requirements-frozen.txt \ + # HACK: Since we can't install from /dist + && pip install sentry \ && mkdir /tmp/uwsgi-dogstatsd \ && wget -O - https://github.com/eventbrite/uwsgi-dogstatsd/archive/filters-and-tags.tar.gz | \ tar -xzf - -C /tmp/uwsgi-dogstatsd --strip-components=1 \ @@ -101,23 +97,12 @@ RUN set -x \ # Fully verify that the C extension is correctly installed, it unfortunately # requires a full check into maxminddb.extension.Reader && python -c 'import maxminddb.extension; maxminddb.extension.Reader' \ - && mkdir -p $SENTRY_CONF - -COPY /dist/*.whl /tmp/dist/ -RUN pip install /tmp/dist/*.whl --no-deps && pip check && rm -rf /tmp/dist -RUN sentry help | sed '1,/Commands:/d' | awk '{print $1}' > /sentry-commands.txt - -COPY ./docker/sentry.conf.py ./docker/config.yml $SENTRY_CONF/ -COPY ./docker/docker-entrypoint.sh / - -EXPOSE 9000 -VOLUME /data + && mkdir -p $SENTRY_CONF \ + && sentry help | sed '1,/Commands:/d' | awk '{print $1}' > /sentry-commands.txt -ENTRYPOINT exec /docker-entrypoint.sh "$0" "$@" -CMD ["run", "web"] +COPY ./docker/sentry.conf.py ./docker/config.yml ./docker/docker-entrypoint.sh $SENTRY_CONF/ -ARG SOURCE_COMMIT -ENV SENTRY_BUILD=${SOURCE_COMMIT:-unknown} -LABEL org.opencontainers.image.revision=$SOURCE_COMMIT -LABEL org.opencontainers.image.source="https://github.com/getsentry/sentry/tree/${SOURCE_COMMIT:-master}/" -LABEL org.opencontainers.image.licenses="https://github.com/getsentry/sentry/blob/${SOURCE_COMMIT:-master}/LICENSE" +ENTRYPOINT exec $SENTRY_CONF/docker-entrypoint.sh "$0" "$@" +# Heroku use $PORT, thus, it will overwrite this +ENV PORT="8000" +CMD sentry run web --bind :$PORT From febe0e3256a2dae59ced8c07ac8f5f4d4909130d Mon Sep 17 00:00:00 2001 From: Armen Zambrano G Date: Fri, 26 Aug 2022 16:37:21 -0400 Subject: [PATCH 46/46] Reducing differences --- docker/Dockerfile | 86 ++++++++++++++++++++++++++---------------- docker/cloudbuild.yaml | 2 + 2 files changed, 56 insertions(+), 32 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 2f66ae0edb7d75..5f06b9570d1080 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,31 +1,26 @@ FROM python:3.8.13-slim-bullseye +# The Cloud build uses /dist as a place to cache wheels and others +ARG DIST_DIR=. + +LABEL maintainer="oss@sentry.io" +LABEL org.opencontainers.image.title="Sentry" +LABEL org.opencontainers.image.description="Sentry runtime image" +LABEL org.opencontainers.image.url="https://sentry.io/" +LABEL org.opencontainers.image.documentation="https://develop.sentry.dev/self-hosted/" +LABEL org.opencontainers.image.vendor="Functional Software, Inc." +LABEL org.opencontainers.image.authors="oss@sentry.io" # add our user and group first to make sure their IDs get assigned consistently RUN groupadd -r sentry && useradd -r -m -g sentry sentry -# Sane defaults for pip -ENV \ - GOSU_VERSION=1.12 \ +ENV GOSU_VERSION=1.12 \ GOSU_SHA256=0f25a21cf64e58078057adc78f38705163c1d564a959ff30a891c31917011a54 \ TINI_VERSION=0.19.0 \ - TINI_SHA256=93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c \ - PIP_NO_CACHE_DIR=1 \ - PIP_DISABLE_PIP_VERSION_CHECK=1 \ - # Sentry config params - SENTRY_CONF=/etc/sentry \ - # Disable some unused uWSGI features, saving dependencies - # Thank to https://stackoverflow.com/a/25260588/90297 - UWSGI_PROFILE_OVERRIDE=ssl=false;xml=false;routing=false \ - # UWSGI dogstatsd plugin - UWSGI_NEED_PLUGIN=/var/lib/uwsgi/dogstatsd \ - # grpcio>1.30.0 requires this, see requirements.txt for more detail. - GRPC_POLL_STRATEGY=epoll1 + TINI_SHA256=93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c -COPY ./requirements-frozen.txt /tmp/requirements-frozen.txt RUN set -x \ - && buildDeps="" \ - buildDeps=" \ + && buildDeps=" \ wget \ " \ && apt-get update && apt-get install -y --no-install-recommends $buildDeps \ @@ -38,16 +33,31 @@ RUN set -x \ && wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$TINI_VERSION/tini-amd64" \ && echo "$TINI_SHA256 /usr/local/bin/tini" | sha256sum --check --status \ && chmod +x /usr/local/bin/tini \ - && apt-get purge -y --auto-remove $buildDeps \ + && apt-get purge -y --auto-remove $buildDeps + +# Sane defaults for pip +ENV \ + PIP_NO_CACHE_DIR=1 \ + PIP_DISABLE_PIP_VERSION_CHECK=1 \ + # Sentry config params + SENTRY_CONF=/etc/sentry \ + # Disable some unused uWSGI features, saving dependencies + # Thank to https://stackoverflow.com/a/25260588/90297 + UWSGI_PROFILE_OVERRIDE=ssl=false;xml=false;routing=false \ + # UWSGI dogstatsd plugin + UWSGI_NEED_PLUGIN=/var/lib/uwsgi/dogstatsd \ + # grpcio>1.30.0 requires this, see requirements.txt for more detail. + GRPC_POLL_STRATEGY=epoll1 + +# Install dependencies first to leverage Docker layer caching. +COPY ${DIST_DIR}/requirements-frozen.txt /tmp/requirements-frozen.txt +RUN set -x \ + && buildDeps="" \ # uwsgi && buildDeps="$buildDeps \ gcc \ wget \ " \ - # psycopg2-binary - && buildDeps="$buildDeps \ - libpq-dev \ - " \ # maxminddb && buildDeps="$buildDeps \ libmaxminddb-dev \ @@ -59,10 +69,10 @@ RUN set -x \ " \ && apt-get update \ && apt-get install -y --no-install-recommends $buildDeps \ - # Using our build packages + # HACK: Using our own builds of these && pip install --index-url https://pypi.devinfra.sentry.io/simple confluent-kafka==1.9.2 psycopg2-binary==2.8.6 \ && pip install -r /tmp/requirements-frozen.txt \ - # HACK: Since we can't install from /dist + # HACK: Installing Sentry here since we don't have access to wheels in /dist && pip install sentry \ && mkdir /tmp/uwsgi-dogstatsd \ && wget -O - https://github.com/eventbrite/uwsgi-dogstatsd/archive/filters-and-tags.tar.gz | \ @@ -97,12 +107,24 @@ RUN set -x \ # Fully verify that the C extension is correctly installed, it unfortunately # requires a full check into maxminddb.extension.Reader && python -c 'import maxminddb.extension; maxminddb.extension.Reader' \ - && mkdir -p $SENTRY_CONF \ - && sentry help | sed '1,/Commands:/d' | awk '{print $1}' > /sentry-commands.txt + && mkdir -p $SENTRY_CONF + +# HACK: We do not have access to /dist; doing pip install sentry up above +# COPY /dist/*.whl /tmp/dist/ +# RUN pip install /tmp/dist/*.whl --no-deps && pip check && rm -rf /tmp/dist +RUN sentry help | sed '1,/Commands:/d' | awk '{print $1}' > /sentry-commands.txt + +COPY ./docker/sentry.conf.py ./docker/config.yml $SENTRY_CONF/ +COPY ./docker/docker-entrypoint.sh / + +EXPOSE 9000 +VOLUME /data -COPY ./docker/sentry.conf.py ./docker/config.yml ./docker/docker-entrypoint.sh $SENTRY_CONF/ +ENTRYPOINT exec /docker-entrypoint.sh "$0" "$@" +CMD ["run", "web"] -ENTRYPOINT exec $SENTRY_CONF/docker-entrypoint.sh "$0" "$@" -# Heroku use $PORT, thus, it will overwrite this -ENV PORT="8000" -CMD sentry run web --bind :$PORT +ARG SOURCE_COMMIT +ENV SENTRY_BUILD=${SOURCE_COMMIT:-unknown} +LABEL org.opencontainers.image.revision=$SOURCE_COMMIT +LABEL org.opencontainers.image.source="https://github.com/getsentry/sentry/tree/${SOURCE_COMMIT:-master}/" +LABEL org.opencontainers.image.licenses="https://github.com/getsentry/sentry/blob/${SOURCE_COMMIT:-master}/LICENSE" diff --git a/docker/cloudbuild.yaml b/docker/cloudbuild.yaml index 6f99dce91e5fa7..47f23dafaf3dca 100644 --- a/docker/cloudbuild.yaml +++ b/docker/cloudbuild.yaml @@ -7,6 +7,8 @@ steps: '--use-new-run', '--build-arg', 'SOURCE_COMMIT=$COMMIT_SHA', + '--build-arg', + 'DIST_DIR=/dist', '--destination=us.gcr.io/$PROJECT_ID/sentry-builder:$COMMIT_SHA', '-f', './docker/builder.dockerfile',