feat: mount source code instead of copying into images (#5330)

This should mean we can used cached docker images properly in future.

Co-authored-by: Darragh Elliott <me@delliott.net>
Reviewed-on: #5330
Co-authored-by: delliott <delliott@fsfe.org>
Co-committed-by: delliott <delliott@fsfe.org>

.drone.yml

@@ -18,6 +18,7 @@ steps:
       - name: dockersock
         path: /run/user/1001/docker.sock
     commands:
+      - export FSFE_WEBSITE_HOST_SOURCE_CODE=$(docker container inspect "$HOSTNAME" --format '{{ range .Mounts }}{{ if eq .Destination "/drone/src" }}{{ .Source }}{{ end }}{{ end }}')
       - docker ps && echo "tampered with"
       - echo "DRONE_COMMIT_BRANCH ${DRONE_COMMIT_BRANCH}"
       - docker compose -p fsfe-website-pre-commit run --remove-orphans --build pre-commit "origin/${DRONE_COMMIT_BRANCH}"
@@ -57,6 +58,7 @@ steps:
       - name: dockersock
         path: /run/user/1001/docker.sock
     commands:
+      - export FSFE_WEBSITE_HOST_SOURCE_CODE=$(docker container inspect "$HOSTNAME" --format '{{ range .Mounts }}{{ if eq .Destination "/drone/src" }}{{ .Source }}{{ end }}{{ end }}')
       - docker ps && echo "tampered with"
       - docker compose -p "$PROJECT" down
       # If we are in a cron job, then do a full rebuild
@@ -90,6 +92,7 @@ steps:
       - name: dockersock
         path: /run/user/1001/docker.sock
     commands:
+      - export FSFE_WEBSITE_HOST_SOURCE_CODE=$(docker container inspect "$HOSTNAME" --format '{{ range .Mounts }}{{ if eq .Destination "/drone/src" }}{{ .Source }}{{ end }}{{ end }}')
       - docker ps && echo "tampered with"
       - docker compose -p "$PROJECT" down
       # If we are in a cron job, then do a full rebuild
@@ -122,4 +125,4 @@ volumes:
       path: /run/user/1001/docker.sock
 ---
 kind: signature
-hmac: 90c89291c80d406e84622f2a018a05041e28584ea3cfa567d2db744a08d225d3
+hmac: c6f966198e528086f4b1efc10336e9d3797cafbf430efaaa9194315cea1c75fa

build.Dockerfile

@@ -15,17 +15,21 @@ rsync
 
 # Set uv project env, to persist stuff moving dirs 
 ENV UV_PROJECT_ENVIRONMENT=/root/.cache/uv/venv
+
 # Set the workdir
-WORKDIR /website-source
+WORKDIR /website-source-during-build
 
 # Copy the pyproject and build deps
 # Done in a seperate step for optimal docker caching
 COPY ./pyproject.toml ./uv.lock .
 RUN uv sync --no-install-package fsfe_website_build
 
-# Copy everything else
-COPY . .
+# Copy entrypoint
+COPY build.entrypoint.sh .
 
-ENTRYPOINT ["bash", "./build.entrypoint.sh"]
+# Set the workdir
+WORKDIR /website-source
+
+ENTRYPOINT ["bash", "/website-source-during-build/build.entrypoint.sh"]
 
 

docker-compose.yml

@@ -4,6 +4,8 @@ services:
       context: .
       dockerfile: pre-commit.Dockerfile
     image: fsfe-websites-pre-commit
+    volumes:
+      - ${FSFE_WEBSITE_HOST_SOURCE_CODE:-./}:/website-source
   build:
     build:
       context: .
@@ -22,6 +24,7 @@ services:
       - FSFE_WEBSITE_GIT_TOKEN
     volumes:
       - cache:/website-cached
+      - ${FSFE_WEBSITE_HOST_SOURCE_CODE:-./}:/website-source
 volumes:
   cache:
 secrets:

pre-commit.Dockerfile

@@ -32,16 +32,21 @@ ENV PATH="/root/.composer/vendor/bin:$PATH"
 ENV UV_PROJECT_ENVIRONMENT=/root/.cache/uv/venv
 # Add vent to path
 ENV PATH="$UV_PROJECT_ENVIRONMENT/bin:$PATH"
+
 # Set the workdir
-WORKDIR /website-source
+WORKDIR /website-source-during-build
 
 # Copy the pyproject and build deps
 # Done in a seperate step for optimal docker caching
 COPY ./pyproject.toml ./uv.lock .
 RUN uv sync --no-install-package fsfe_website_build --group dev
-# Copy everything else
-COPY . .
 
-ENTRYPOINT ["bash", "./pre-commit.entrypoint.sh"]
+# Copy entrypoint
+COPY pre-commit.entrypoint.sh .
+
+# Set the workdir
+WORKDIR /website-source
+
+ENTRYPOINT ["bash", "/website-source-during-build/pre-commit.entrypoint.sh"]