90249aad89
Some checks failed
Build and Push Development Images / build-base (push) Has been cancelled
Build and Push Development Images / build-rust (push) Has been cancelled
Build and Push Development Images / build-go (push) Has been cancelled
Build and Push Development Images / build-python (push) Has been cancelled
Build and Push Development Images / build-node (push) Has been cancelled
Build and Push Development Images / build-java (push) Has been cancelled
Build and Push Development Images / build-cpp (push) Has been cancelled
Build and Push Development Images / test-images (base) (push) Has been cancelled
Build and Push Development Images / test-images (cpp-dev) (push) Has been cancelled
Build and Push Development Images / test-images (go-dev) (push) Has been cancelled
Build and Push Development Images / test-images (java-dev) (push) Has been cancelled
Build and Push Development Images / test-images (node-dev) (push) Has been cancelled
Build and Push Development Images / test-images (python-dev) (push) Has been cancelled
Build and Push Development Images / test-images (rust-dev) (push) Has been cancelled
This commit establishes the foundation for language-specific development
container images used by CHORUS autonomous agents.
Features:
- Multi-stage Dockerfile with 7 layered images
- Base Debian Bookworm image with common tools
- Language-specific images: Rust, Go, Python, Node.js, Java, C/C++
- Standardized /workspace/{input,data,output} structure
- Automated CI/CD pipeline for weekly security updates
- Comprehensive test suite for all images
- Full documentation (README, USAGE, MAINTENANCE)
Images available:
- chorus/base:1.0.0 (~200MB)
- chorus/rust-dev:1.0.0 (~1.2GB)
- chorus/go-dev:1.0.0 (~600MB)
- chorus/python-dev:1.0.0 (~800MB)
- chorus/node-dev:1.0.0 (~700MB)
- chorus/java-dev:1.0.0 (~1.5GB)
- chorus/cpp-dev:1.0.0 (~900MB)
🤖 Generated with Claude Code (https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
6.9 KiB
6.9 KiB
CHORUS Development Images - Maintenance Guide
Version Management
Semantic Versioning
We follow Semantic Versioning 2.0.0:
- MAJOR (X.0.0): Breaking changes (base image OS upgrade, removed tools)
- MINOR (x.Y.0): New features (new tools added, new image variants)
- PATCH (x.y.Z): Bug fixes, security updates, tool version updates
Updating Version
-
Edit the
VERSIONfile:echo "1.1.0" > VERSION -
Commit the change:
git add VERSION git commit -m "Bump version to 1.1.0" git push -
Automated build will create images tagged with new version
Updating Base Image
Debian Version Update
When a new Debian stable release is available:
-
Update
ARG DEBIAN_VERSIONinimages/base/Dockerfile:ARG DEBIAN_VERSION=bookworm-20240615 # Update date suffix -
Test all images:
make build-all make test-all -
If tests pass, increment MAJOR version
Updating Language Toolchains
Go Version Update
-
Check latest Go version: https://go.dev/dl/
-
Update
ARG GO_VERSIONin Dockerfile:ARG GO_VERSION=1.23.0 # Update version -
Build and test:
make build-go make test-go
Node.js Version Update
-
Check LTS versions: https://nodejs.org/
-
Update
ARG NODE_VERSIONin Dockerfile:ARG NODE_VERSION=22 # Update to new LTS -
Build and test:
make build-node make test-node
Rust Toolchain Update
Rust auto-updates to stable via rustup. To pin a specific version:
- Modify Dockerfile rust-dev stage:
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \ --default-toolchain 1.78.0 \ # Pin version --profile default \ --no-modify-path
Python Version Update
-
Check available versions:
apt-cache search python3. -
Update Dockerfile:
RUN apt-get update && apt-get install -y --no-install-recommends \ python3.12 \ # Update version python3.12-dev \ # Update version python3-pip \ python3-venv
Adding New Tools
Adding Tool to Existing Image
- Edit
images/base/Dockerfilein appropriate stage - Add installation command
- Update README.md with new tool
- Add test for new tool in
tests/test-<image>.sh - Increment MINOR version
Example - Adding tokei to Rust image:
# In rust-dev stage
RUN cargo install \
cargo-edit \
cargo-audit \
tokei \ # New tool
&& rm -rf /home/chorus/.cargo/registry/cache
Add test:
# In tests/test-rust-dev.sh
docker run --rm "$IMAGE" which tokei > /dev/null || exit 1
Creating New Language Image
-
Add new stage to
images/base/Dockerfile:FROM base AS ruby-dev USER root RUN apt-get update && apt-get install -y --no-install-recommends \ ruby-full \ && rm -rf /var/lib/apt/lists/* USER chorus RUN gem install bundler LABEL org.opencontainers.image.title="CHORUS Ruby Development Image" -
Create test script
tests/test-ruby-dev.sh -
Add build target to
Makefile -
Add to CI workflow
.gitea/workflows/build-and-push.yml -
Update README.md with new image
Security Updates
Weekly Automated Rebuild
Images automatically rebuild weekly (Mondays 2 AM UTC) to pull latest security updates.
Manual Security Update
For critical CVEs:
-
Trigger manual rebuild:
- Go to: https://gitea.chorus.services/tony/chorus-dev-images/actions
- Click "Build and Push Development Images"
- Click "Run workflow"
- Check "Force rebuild all images"
-
Monitor build progress
-
Increment PATCH version after successful build
Testing
Local Testing
# Test all images
make test-all
# Test specific image
make test-rust
Adding New Tests
Add assertions to appropriate test script:
# tests/test-rust-dev.sh
echo " ✓ Checking new feature..."
docker run --rm "$IMAGE" bash -c '
# Test commands here
rustc --version | grep -q "1.77"
' || exit 1
Registry Management
Cleaning Old Tags
Periodically remove old version tags to save space:
# List all tags for an image
curl -u username:password \
https://registry.home.deepblack.cloud/v2/chorus/rust-dev/tags/list
# Delete specific tag (requires registry API v2)
curl -X DELETE -u username:password \
https://registry.home.deepblack.cloud/v2/chorus/rust-dev/manifests/<digest>
Checking Image Sizes
# Local sizes
docker images | grep chorus
# Registry sizes (requires access to registry)
docker manifest inspect registry.home.deepblack.cloud/chorus/rust-dev:latest | \
jq -r '.layers[].size' | awk '{s+=$1} END {print s/1024/1024 " MB"}'
Build Optimization
Layer Caching
Ensure frequently changing operations are at the end:
# ✅ Good - static dependencies first
RUN apt-get update && apt-get install -y build-essential
RUN cargo install cargo-edit # Changes infrequently
# ❌ Bad - changing operation first
COPY requirements.txt /tmp/
RUN pip install -r /tmp/requirements.txt
RUN apt-get update # Should be before pip
Multi-Stage Build Size
Check base layer is shared:
docker images --format "table {{.Repository}}\t{{.Tag}}\t{{.Size}}\t{{.ID}}" | grep chorus
All images should share the same base layer ID.
Troubleshooting
Build Fails
- Check Docker build logs
- Verify external dependencies (Go downloads, npm registry)
- Test locally:
make build-<image> - Check network connectivity
Test Fails
- Run test manually:
bash tests/test-<image>.sh - Check tool availability in container
- Verify tool versions
- Check for breaking changes in tool updates
CI/CD Issues
- Check Gitea Actions logs
- Verify registry credentials (secrets)
- Check Docker buildx support
- Verify network access to registry
Release Checklist
Before releasing new version:
- All tests pass locally (
make test-all) - README.md updated with new features/changes
- USAGE.md updated if usage patterns changed
- VERSION file updated
- Git tag created:
git tag v1.x.x && git push --tags - Registry contains new version tags
- CHANGELOG.md updated (if exists)
- CHORUS engine updated to use new images (if needed)
Monitoring
Build Status
Check automated builds: https://gitea.chorus.services/tony/chorus-dev-images/actions
Registry Health
# Check registry is accessible
curl -u username:password \
https://registry.home.deepblack.cloud/v2/_catalog
# Check image is pullable
docker pull registry.home.deepblack.cloud/chorus/base:latest
Usage Metrics
Track which images are most pulled (requires registry logging):
# Check registry logs
docker service logs registry_registry | grep "GET /v2/chorus" | \
awk '{print $10}' | sort | uniq -c | sort -rn