Skip to content

Commit de79dee

Browse files
authored
feat(infra): Add a Dockerfile for Superset with our extra packages in it (#171)
### Summary Creates a Dockerfile for Superset with our extra packages in it. It is currently based on the fork we maintain at github.com/ISISNeutronMuon/superset-fork. Adds a GitHub action to build and optionally publish the image. Publishing will be enabled in a later commit after the GHA has run.
1 parent daa2d10 commit de79dee

3 files changed

Lines changed: 81 additions & 0 deletions

File tree

Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,55 @@
1+
name: Publish a Docker image for our Superset build
2+
3+
on:
4+
push:
5+
branches:
6+
- "main"
7+
paths:
8+
- "infra/container-images/analytics-data-platform-superset/Dockerfile"
9+
pull_request:
10+
types: [opened, synchronize, reopened]
11+
paths:
12+
- "infra/container-images/analytics-data-platform-superset/Dockerfile"
13+
14+
env:
15+
REGISTRY: ghcr.io
16+
ORG_NAME: isisneutronmuon
17+
IMAGE_NAME: analytics-data-platform-superset
18+
FQ_IMAGE_NAME: ${{ env.REGISTRY }}/${{ env.ORG_NAME }}/${{ env.IMAGE_NAME }}
19+
PUBLISH: false
20+
21+
jobs:
22+
build-and-push-image:
23+
runs-on: ubuntu-latest
24+
permissions:
25+
contents: read
26+
packages: write
27+
attestations: write
28+
id-token: write
29+
steps:
30+
- name: Checkout repository
31+
uses: actions/checkout@v5
32+
- name: Log in to the Container registry
33+
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
34+
with:
35+
registry: ${{ env.REGISTRY }}
36+
username: ${{ github.actor }}
37+
password: ${{ secrets.GITHUB_TOKEN }}
38+
- name: Build and push Docker image
39+
id: push
40+
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
41+
with:
42+
context: infra/container-images/${{ env.IMAGE_NAME }}
43+
push: ${{ env.PUBLISH }}
44+
tags: |
45+
${{ FQ_IMAGE_NAME }}:${{ github.sha }}
46+
${{ FQ_IMAGE_NAME }}:latest
47+
48+
# This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built.
49+
# See [Using artifact attestations to establish provenance for builds](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)
50+
- name: Generate artifact attestation
51+
uses: actions/attest-build-provenance@v3
52+
with:
53+
subject-name: ${{ FQ_IMAGE_NAME }}
54+
subject-digest: ${{ steps.push.outputs.digest }}
55+
push-to-registry: ${{ env.PUBLISH }}
Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
ARG BASE_IMAGE=ghcr.io/isisneutronmuon/superset-fork:sha256-1f2019bd5a6ed81902d7c4035f0a363bceb10f60f5d9d98b4784857e2578506e
2+
FROM ${BASE_IMAGE}
3+
4+
LABEL org.opencontainers.image.source=https://github.com/ISISNeutronMuon/analytics-data-platform
5+
LABEL org.opencontainers.image.description="Custom build of Apache Superset"
6+
LABEL org.opencontainers.image.licenses=MIT
7+
8+
# Install Python requirements
9+
USER root
10+
RUN /app/docker/pip-install.sh --requires-build-essential \
11+
openpyxl==3.1.5 \
12+
psycopg2-binary==2.9.10 \
13+
prophet==1.1.5 \
14+
playwright==1.57.0 \
15+
python-ldap==3.4.4 \
16+
trino[sqlalchemy]==0.332.0
17+
18+
RUN playwright install-deps && \
19+
playwright install chromium
20+
21+
# Run as superset
22+
USER superset

infra/container-images/readme.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
# Container Images
2+
3+
This directory stores a set Dockerfiles for images used in the project. They are built and published
4+
to the GitHub container registry using [GitHub actions](../../.github/workflows).

0 commit comments

Comments
 (0)