Add PowerShell global to docker-sdk images #960
Conversation
|
|
|
I have a couple of questions:
|
|
@adityapatwardhan - Thanks for making this PR. To answer your questions
Regarding your changes, can you describe the type of automated tests you plan on adding for PS? |
3.0/sdk/alpine3.9/amd64/Dockerfile
Outdated
| # Install PowerShell global tool | ||
| ENV POWERSHELL_VERSION 6.2.0-rc.1 | ||
|
|
||
| RUN curl -SL --output PowerShell.Linux.$POWERSHELL_VERSION.nupkg 'https://go.microsoft.com/fwlink/?linkid=2080856' \ |
There was a problem hiding this comment.
Is there a reason why the nupkg can't be pulled directly from NuGet?
There was a problem hiding this comment.
The PowerShell.Linux and PowerShell.Windows are special packages with reduced size that were created for this purpose. We do not plan to ship these on NuGet. We will be shipping a package called PowerShell on NuGet which is larger since it has Windows and Linux assemblies and a shim layer.
There was a problem hiding this comment.
Our Dockerfiles are more than just the source for the Docker images we produce. They often get referenced as the way to do things by our customers. I am pretty certain you will see this pattern copied and referenced as the way to install PS as a dotnet tool. This feels like a potential source of confusion. Would it make sense to have a differentiated name for these packages and publish them to NuGet?
There was a problem hiding this comment.
These packages support a small set of runtimes tailored towards platforms supported by dotnet-docker images. This was done to reduce the size of the package.
Hence, even a PowerShell.Linux package would not work on all supported Linux platforms and would create confusion as a global tool. The tool we plan to publish on NuGet has all the runtimes we support.
Would adding a comment explaining this and mentioning the package is internal and not for public consumption directly be sufficient?
There was a problem hiding this comment.
I have less issue with this pattern. I think it is fine for us/anyone to publish specialized to other NuGet feeds. My issue is the fwlink. I'm not at all comfortable with that. There are at least three problems with it:
- It is not OSS-friendly. Users have no idea what that points to (beyond traversing the link).
- It is not good for versioning. Ideally, I'd like to see each Dockerfile point to a specific version of PowerShell, just like we do with .NET Core. This means that you can go back and re-build an old Dockerfile and get the same result. That old Dockerfile might result in images with security vulnerabilities, but that's actually a good thing in this case.
- It's not good for engineering but it is unclear from looking at this source what the version coupling is between .NET Core and PowerShell.
In short, fwlinks are opaque.
We have a tool called DARC that you can likely use to help with this. It enables you to publish LKG versions to a database, as part of your build, that this repo can subscribe and then versions flow automatically w/o you doing anything. That would be my recommendation.
There was a problem hiding this comment.
I have updated the URLs to a publicly accessible blob.
There was a problem hiding this comment.
@MichaelSimons Should I add a comment saying the packages are not for public consumption?
There was a problem hiding this comment.
They are for public consumption by including them in our open source Dockerfiles. An expected use case is that there will be a set of users that will copy our Dockerfiles and build their own images for various reasons. What may be useful to clarify is what is different about this NuGet versus your general purpose NuGet package.
There was a problem hiding this comment.
Agreed. I will add a comment explaing the runtimes it supports and also mention that there is global tool published on NuGet.org which supports all runtimes.
adityapatwardhan
changed the title
adityapatwardhan
force-pushed
the
PowerShellTool
branch
from
56191c7 to
f6ce78c
Compare
|
@adityapatwardhan - Can you answer this question I asked earlier?
In this repo we mostly test at a scenario level. It seems like it should be easy to execute a simple pwsh command to smoke test PS is installed and functional. |
|
@MichaelSimons We have automated tests at the end of the build to install the tool on Linux and Windows. Also run some simple validation to verify version and run a couple of cmdlets. |
|
@adityapatwardhan - yes but we need to verify pwsh works within the scope of these Docker images. Is pwsh on the path, does the shared runtime and pwsh work together, are the required native dependencies present, etc. These are the things that should be validated. One scenario test should be able to cover this. |
|
@MichaelSimons Should I add similar test to validate PowerShell here: dotnet-docker/tests/Microsoft.DotNet.Docker.Tests/ImageTests.cs Lines 148 to 158 in 1e84193 |
|
@adityapatwardhan, yes. Here is an outline of what comes to mind. |
|
@MichaelSimons I have added the test. Please have a look. The CI seems stuck from last night or is the queue pretty long? |
MichaelSimons
left a comment
MichaelSimons
left a comment
There was a problem hiding this comment.
The size of the PowerShell layer is surprisingly large - 104MB on Linux amd64. What can be done to reduce the size? I see it is carrying around a copy of the nupkg (thanks NuGet 😄). I also see ~37MB of runtimes. I wasn't expecting to see the platforms other than the current.
root@d1818d9294d0:/usr/share/powershell/.store/powershell.linux/6.2.0-rc.1/powershell.linux/6.2.0-rc.1/tools/netcoreapp2.1/any/runtimes# du -sh *
272K linux
220K linux-arm
232K linux-arm64
36K linux-musl-x64
1.6M linux-x64
1.4M osx
3.7M unix
6.4M win
4.6M win-arm
5.0M win-arm64
4.3M win-x64
4.2M win-x86
708K win10-x64
652K win10-x86
700K win7-x64
636K win7-x86
700K win8-x64
636K win8-x86
700K win81-x64
636K win81-x86
|
@MichaelSimons There is definately an error in package creation. The Linux package should not have Windows runtimes and vice versa. We have a |
|
@adityapatwardhan - yes the size issue can be addressed at the release. I would however like to have a good idea of what the layer size will be when addressed because the current size is going to be a difficult sell. |
|
@MichaelSimons I should be able to create a private package fixing the packaging error by Monday. We can have a look then. |
|
@MichaelSimons I can potentially delete the copy of the nupkg that nuget keeps. That will save somwhere around 20 MBs in the size. |
|
@adityapatwardhan - yes I was thinking the nupkg copy should be cleaned up. |
|
I built the alpine 3.9 container locally to check the layer sizes. The reduction in the size will be part of our next release expected near end of month. Layer size before reductions:
After reductions:
|
|
@MichaelSimons I have addressed all the review comments. Please have another look. I have also put some layer size information above. It is from a private of the next release of PowerShell |
3.0/sdk/alpine3.9/amd64/Dockerfile
Outdated
| # To reduce image size, remove the copy nupkg that nuget keeps. | ||
| && find /usr/share/powershell -print | grep -i '.*[.]nupkg$' | xargs rm \ | ||
| # Remove unnecessary runtimes | ||
| && rm -fr /usr/share/powershell/.store/powershell.linux/$POWERSHELL_VERSION/powershell.linux/$POWERSHELL_VERSION/tools/netcoreapp2.1/any/runtimes/linux-arm \ |
There was a problem hiding this comment.
I thought the plan was to create rid specific packages. These packages aren't rid specific if they contain more than one runtime.
There was a problem hiding this comment.
The end result is the same. I just makes your builds easier and faster. Are having rid specific packages a must?
There was a problem hiding this comment.
Even for linux-x64, we have some dependencies coming from unix and some from linux.
Assemblies from unix:
System.Drawing.Common.dll
System.Runtime.Caching.dll
System.Data.SqlClient.dll
Microsoft.Management.Infrastructure.dll
Microsoft.Management.Infrastructure.Native.dll
System.Private.ServiceModel.dll
Assemblies from linux:
System.Data.Odbc.dll
There was a problem hiding this comment.
The value is the simplicity of the Dockerfile. The cleanliness makes it easy for the end user to see what the image contains. Having logic here to know what runtime folders are required is not desirable. rid specific packages are going to provide the best experience here.
There was a problem hiding this comment.
@MichaelSimons I have created RID specific packages now, which will be available with the next release. I will remove the code for deleting runtime folders from the docker files. In my next PR for updating the version, I will also update the package names, is that ok?
PowerShell.Linux.Alpine.$POWERSHELL_VERSION.nupkg
PowerShell.Linux.arm32.$POWERSHELL_VERSION.nupkg
PowerShell.Linux.arm64.$POWERSHELL_VERSIONnupkg
PowerShell.Linux.x64.$POWERSHELL_VERSION.nupkg
PowerShell.Windows.arm32.$ENV:POWERSHELL_VERSION.nupkg
PowerShell.Windows.x64.$ENV:POWERSHELL_VERSION.nupkg
There was a problem hiding this comment.
Yes, looks great. We can't merge however until the CLI issue is address as that is a blocker.
There was a problem hiding this comment.
Yes of course.
|
@adityapatwardhan - it looks as thought he underlying .NET CLI issue was resolved with the latest bits. I pulled in the latest 3.0 build. Can you update this PR? FYI - the nanoserver-1709 images were recently removed (#1023). |
|
I am currently updating the branch for changing version to |
adityapatwardhan
changed the title
adityapatwardhan
force-pushed
the
PowerShellTool
branch
from
b9f3fb4 to
9e99ce9
Compare
adityapatwardhan
changed the title
|
@MichaelSimons PR updated for PowerShell |
|
@MichaelSimons Updated. Please have another look. |
|
@MichaelSimons an unrelated test is failing. There were no changes in 2.1-2.2 docker files. |
|
@adityapatwardhan - I am still seeing a failure while building the Windows arm32 image. |
Replaced $ENV:POWERSHELL_VERSION with %POWERSHELL_VERSION% Co-Authored-By: adityapatwardhan <[email protected]>
|
I updated my previous comment - I meant that we are only on-boarding Alpine arm64 images. |
4 participants
Add PowerShell global tool as part of the SDK image.
Related to #360
Our release pipeline tests installation of global tool and executing some very basic commands on Windows and Linux.