Skip to content

Merge the two apt RUN instructions in Dockerfile.updater-core #13684

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
Copilot wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Merge the two apt RUN instructions in Dockerfile.updater-core #13684

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
dd1dad4
Initial plan
Copilot Dec 2, 2025
bf896aa
Merge the two apt RUN instructions in Dockerfile.updater-core
Copilot Dec 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 30 additions & 36 deletions Dockerfile.updater-core
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,10 @@ ENV DEBIAN_FRONTEND="noninteractive" \
# Configures Ubuntu to use Azure mirrors, which are often faster and more reliable
# From https://github.com/Azure/LinuxPatchExtension/blob/master/src/tools/references/apt/sources.list.d/ubuntu.sources
# This is also used in other places such as the runner builds: https://github.com/actions/runner-images/blob/2f8d6ab9ef24fd8bda80b5259650fe1dc4311320/images/ubuntu/scripts/build/configure-apt-sources.sh#L11
RUN set -e; \
release=$( . /etc/os-release && echo "$VERSION_CODENAME" ); \
cat <<EOF | tee /etc/apt/sources.list.d/ubuntu.sources
RUN <<EOT
set -e
release=$( . /etc/os-release && echo "$VERSION_CODENAME" )
cat <<EOF | tee /etc/apt/sources.list.d/ubuntu.sources

# Prefer Azure mirrors
Types: deb
Expand Down Expand Up @@ -58,55 +59,48 @@ Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg

EOF

RUN apt-get update \
&& apt-get upgrade -y \
&& apt-get install -y --no-install-recommends \
# needed to run add-apt-repository
apt-get update
apt-get upgrade -y
# software-properties-common is needed to run add-apt-repository
# curl is used to download the git-lfs GPG key as well as dev dependencies for CI
apt-get install -y --no-install-recommends \
software-properties-common \
# Used to download the git-lfs GPG key as well as dev dependencies for CI
curl \
# Add git core ppa to get a more recent git version than the one provided by ubuntu
&& add-apt-repository -y ppa:git-core/ppa \
# Install the git-lfs mirror. See https://github.com/git-lfs/git-lfs/blob/main/INSTALLING.md
# We need this because the version of git-lfs provided by Ubuntu is outdated
# apt-transport-https is a temporary dependency to install the git-lfs apt source
&& apt-get install -y --no-install-recommends apt-transport-https \
&& mkdir -p /etc/apt/keyrings \
&& curl -fsSL 'https://packagecloud.io/github/git-lfs/gpgkey' | gpg --dearmor > /etc/apt/keyrings/github_git-lfs-archive-keyring.gpg \
&& release=$( . /etc/os-release && echo "$VERSION_CODENAME" ) \
&& echo "deb [signed-by=/etc/apt/keyrings/github_git-lfs-archive-keyring.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $release main" \
> /etc/apt/sources.list.d/github_git-lfs.list \
&& echo "deb-src [signed-by=/etc/apt/keyrings/github_git-lfs-archive-keyring.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $release main" \
>> /etc/apt/sources.list.d/github_git-lfs.list \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
# dev dependencies for CI
curl
# Add git core ppa to get a more recent git version than the one provided by ubuntu
add-apt-repository -y ppa:git-core/ppa
# Install the git-lfs mirror. See https://github.com/git-lfs/git-lfs/blob/main/INSTALLING.md
# We need this because the version of git-lfs provided by Ubuntu is outdated
# apt-transport-https is a temporary dependency to install the git-lfs apt source
apt-get install -y --no-install-recommends apt-transport-https
mkdir -p /etc/apt/keyrings
curl -fsSL 'https://packagecloud.io/github/git-lfs/gpgkey' | gpg --dearmor > /etc/apt/keyrings/github_git-lfs-archive-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/github_git-lfs-archive-keyring.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $release main" \
> /etc/apt/sources.list.d/github_git-lfs.list
echo "deb-src [signed-by=/etc/apt/keyrings/github_git-lfs-archive-keyring.gpg] https://packagecloud.io/github/git-lfs/ubuntu/ $release main" \
>> /etc/apt/sources.list.d/github_git-lfs.list
apt-get update
apt-get install -y --no-install-recommends \
build-essential \
libgmp-dev \
# Compression libs
zlib1g-dev \
unzip \
zstd \
# VCS section
git \
git-lfs \
bzr \
mercurial \
# needed to sign commits
gnupg2 \
# for git repo access with ssh key credentials
Copy link
Contributor

@yeikel yeikel Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These comments are important context, can we ask copilot to bring them back? @jeffwidman

That, or bring them back manually. Whatever works best

Copy link
Member

@jeffwidman jeffwidman Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot can you please leave the code comments inline and not delete them?

Copy link
Member

@jeffwidman jeffwidman Dec 2, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@yeikel good spot. I was only looking at the actual dockerfile RUN structure change and completely missed that!

Copy link
Member

@jeffwidman jeffwidman Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like I'll have to manually fixup this commit... that's okay, at least we're a lot closer. Let's see if CI is happy

openssh-client \
# Installs certs in dependabot-action and CLI
ca-certificates \
# used to check if a file is binary in the VendorUpdater
file \
# used by Ruby to parse YAML
libyaml-dev \
locales \
&& locale-gen en_US.UTF-8 \
locales
locale-gen en_US.UTF-8
# No longer needed post git-core ppa addition and git-lfs install
&& apt purge software-properties-common apt-transport-https -y && apt-get autoremove -y \
&& rm -rf /var/lib/apt/lists/*
apt purge software-properties-common apt-transport-https -y
apt-get autoremove -y
rm -rf /var/lib/apt/lists/*
EOT
Copy link
Member

@jeffwidman jeffwidman Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot what does this EOT syntax do? Are these commands still executed as part of the RUN command or are they copied to a file instead?

Copy link
Contributor Author

Copilot AI Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The RUN <<EOT ... EOT syntax is the Dockerfile heredoc feature introduced in BuildKit (Docker 1.20+). All commands between <<EOT and EOT are executed as part of the RUN instruction—nothing is copied to a file.

This syntax allows writing multi-line shell scripts more naturally without && \ line continuations. It also enables embedding nested heredocs (like the <<EOF ... EOF for creating the apt sources file) which wouldn't work with the traditional RUN syntax.

See the Docker documentation: https://docs.docker.com/build/building/best-practices/#heredocs

Copy link
Member

@jeffwidman jeffwidman Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Whoa, cool!


ARG USER_UID=1000
ARG USER_GID=$USER_UID
Expand Down
Loading