babashka-sci-dev

borkdude 2022-04-23T13:34:11.605299Z

@rahul080327 docker fails on master since today in clj-kondo, any clues? https://app.circleci.com/pipelines/github/clj-kondo/clj-kondo/4576/workflows/72f9a799-f4e0-433c-8d85-8e700c22cd18/jobs/18715

lispyclouds 2022-04-23T15:46:31.599049Z

Looks like something happened with the Ubuntu release, will try to take a look tonight!

borkdude 2022-04-23T15:47:55.446219Z

Thanks, no hurry

lispyclouds 2022-04-23T15:47:58.197919Z

Does that run locally? If not try pinning to the older Ubuntu version maybe?

borkdude 2022-04-23T15:49:52.141889Z

not sure what you mean with running locally

borkdude 2022-04-23T19:11:34.776949Z

@rahul080327 I naively tried to update the remote docker version because I read somewhere that that may help

borkdude 2022-04-23T19:18:32.882519Z

@rahul080327 That seems to have done the trick

lispyclouds 2022-04-23T20:56:46.341369Z

ah nice! by locally i meant are you able to build the docker image on your local docker and by the looks of it that couldve pointed at the problem too 😄

lispyclouds 2022-04-23T20:57:54.743709Z

trying to figure out what the problem was now

borkdude 2022-04-23T21:00:36.676509Z

my theory for the babashka github release script 404-ing is: the first one seems to fail. then the rest of the jobs succeed and push their artifacts https://app.circleci.com/pipelines/github/clj-kondo/clj-kondo/4590/workflows/4f27d03c-2c9b-4558-937b-4c58efc418ab/jobs/18780 This is why it always happens on a release too since then a new github release is created

lispyclouds 2022-04-23T21:01:56.007029Z

also https://ubuntu.com/blog/ubuntu-22-04-lts-released got released so was thinking does that have something to do as the error seems to be some broken packages

lispyclouds 2022-04-23T21:02:23.037089Z

not sure how updating docker fixes this

borkdude 2022-04-23T21:02:47.568409Z

I read something about old docker versions, ubuntu and gpg, upgrading fixed it, so let's just leave it there

lispyclouds 2022-04-23T21:03:55.614549Z

interesting, can you send the link? docker versions being tied to what the images are running seems quite weird

lispyclouds 2022-04-23T21:04:31.656819Z

quite weird would be a big understatement

borkdude 2022-04-23T21:04:34.713119Z

I read it on stack overfloew

borkdude 2022-04-23T21:05:03.545699Z

https://stackoverflow.com/a/66385784/6264

lispyclouds 2022-04-23T21:12:13.283579Z

issue in glibc which is manifested via a new feature in apt using the seccomp syscalls... oof 🤯 from the bug tracker:

it this seems to be an issue that there is new functionality in apt/apt-key e.g. security hardening that docker prohibits in its containers. Running this manually works only in an --privileged container.
loads of TIL, that this is even possible

lispyclouds 2022-04-23T21:13:48.721039Z

2 leanings: • static link musl ftw • how does does one apply the clojure non breaking things we try to follow all the way down to the kernel?

lispyclouds 2022-04-23T21:15:07.791979Z

so i guess the machine where the remote docker was running in circle updated its OS and we ran into this?

borkdude 2022-04-23T21:15:43.634879Z

could be

lispyclouds 2022-04-23T21:16:37.892899Z

this is too much for my little head to comprehend

borkdude 2022-04-23T21:17:14.099329Z

well, upgrading fixed it, I'm a happy customer, and was able to release a new clj-kondo ;)

lispyclouds 2022-04-23T21:19:24.604719Z

yeah that definitely was the correct fix, what just worries me is that there's no intuitive way for me to figure this out. well another experience then 😅

🙏 1
borkdude 2022-04-23T21:23:04.695069Z

I think those docker settings were from pretty much the initial commits in clj-kondo

borkdude 2022-04-23T21:25:16.331819Z

I'm surprised we had macos support from the early beginnings, https://github.com/clj-kondo/clj-kondo/commit/6a253cd6129f7dc06a4f2485af9121b6ffcf09bf I thought you had to have a special circleci support for that, perhaps @marc-omorain enabled that

borkdude 2022-04-23T21:26:33.570109Z

hmm, something was changed in 2020.10 here: https://github.com/clj-kondo/clj-kondo/commit/15ce36ad616bbc4a86a256719f37145c76372e38

borkdude 2022-04-23T21:26:53.084519Z

not sure why, no issue number ;)

borkdude 2022-04-23T21:27:53.506589Z

maybe there's something in our private chats on 2020 October 1st about this

borkdude 2022-04-23T21:31:04.126949Z

We moved the default docker image to ubuntu on that day: https://github.com/babashka/babashka/issues/604#issuecomment-702302226

borkdude 2022-04-23T21:31:24.221039Z

(since using alpine as the default lead to many questions)

borkdude 2022-04-23T21:33:09.831429Z

that's all I could find, not sure why we used a fixed version on that date

lispyclouds 2022-04-23T21:40:08.565989Z

i suppose we looking at an example at the time and that wouldve been the version

lispyclouds 2022-04-23T21:41:25.979919Z

ive gotten to a pattern of only using raw machine executors and have it all contained in that, not depend on too much external factors

borkdude 2022-04-23T21:44:53.436919Z

before the commit there was no version at all, using the default

borkdude 2022-04-23T21:45:05.418199Z

I just read they default to 17 or so now

lispyclouds 2022-04-23T21:45:10.064399Z

also these are the reasons tooling like https://github.com/GoogleContainerTools/kaniko were made, do docker image builds in a container in userspace and not do the fancy machine hopping

lispyclouds 2022-04-23T21:45:49.774029Z

ah so that version was an upgrade

borkdude 2022-04-23T21:47:17.028529Z

the version I committed today was an upgrade. but the version I committed on October 1st 2022 was pinning the version instead of using the default and I have no idea what the default was at the time

lispyclouds 2022-04-23T21:47:43.232459Z

probably 17 or earlier, if thats still the default now

borkdude 2022-04-23T21:49:59.273289Z

right