feat: refactor & upgrade judge environment

2024-12-27 12:21:44 +00:00 · 2024-01-29 12:29:49 +08:00 · 2024-01-29 12:29:49 +08:00 · ee748c0ec5
commit ee748c0ec5
parent 6a45225d0e
5 changed files with 134 additions and 33 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -0,0 +1,3 @@
+[submodule "Judger"]
+	path = Judger
+	url = git@github.com:QingdaoU/Judger.git
--- a/145
+++ b/145
@ -1,29 +1,122 @@
-FROM ubuntu:18.04
+FROM debian:trixie-slim AS builder

-COPY build/java_policy /etc
-#RUN sed -E -i -e 's/(archive|ports).ubuntu.com/mirrors.aliyun.com/g' -e '/security.ubuntu.com/d' /etc/apt/sources.list
 ENV DEBIAN_FRONTEND=noninteractive
-RUN buildDeps='software-properties-common git libtool cmake python-dev python3-pip python-pip libseccomp-dev curl' && \
-    apt-get update && apt-get install -y python python3 python-pkg-resources python3-pkg-resources $buildDeps && \
-    add-apt-repository ppa:openjdk-r/ppa && add-apt-repository ppa:longsleep/golang-backports && \
-    add-apt-repository ppa:ubuntu-toolchain-r/test && \
-    add-apt-repository ppa:ondrej/php && \
-    curl -fsSL https://deb.nodesource.com/setup_14.x | bash - && \
-    apt-get update && apt-get install -y golang-go openjdk-11-jdk php-cli nodejs gcc-9 g++-9 && \
-    update-alternatives --install  /usr/bin/gcc gcc /usr/bin/gcc-9 40 && \
-    update-alternatives --install  /usr/bin/g++ g++ /usr/bin/g++-9 40 && \
-    phpJitOption='opcache.enable=1\nopcache.enable_cli=1\nopcache.jit=1205\nopcache.jit_buffer_size=64M' && \
-    echo $phpJitOption > /etc/php/8.0/cli/conf.d/10-opcache-jit.ini && \
-    pip3 install -i https://mirrors.aliyun.com/pypi/simple/ -I --no-cache-dir psutil gunicorn flask requests idna && \
-    cd /tmp && git clone -b newnew  --depth 1 https://gitee.com/qduoj/Judger.git && cd Judger && \
-    mkdir build && cd build && cmake .. && make && make install && cd ../bindings/Python && python3 setup.py install && \
-    apt-get purge -y --auto-remove $buildDeps && \
-    apt-get clean && rm -rf /var/lib/apt/lists/* && \
-    mkdir -p /code && \
-    useradd -u 12001 compiler && useradd -u 12002 code && useradd -u 12003 spj && usermod -a -G code spj
-HEALTHCHECK --interval=5s --retries=3 CMD python3 /code/service.py
-ADD server /code
-WORKDIR /code
-RUN gcc -shared -fPIC -o unbuffer.so unbuffer.c
+WORKDIR /app
+
+RUN --mount=type=cache,target=/var/cache/apt,id=apt-cahce-1-$TARGETARCH$TARGETVARIANT-builder,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,id=apt-cahce-2-$TARGETARCH$TARGETVARIANT-builder,sharing=locked \
+    <<EOS
+set -ex
+rm -f /etc/apt/apt.conf.d/docker-clean
+echo 'Binary::apt::APT::Keep-Downloaded-Packages "1";' > /etc/apt/apt.conf.d/keep-cache
+echo 'APT::Install-Recommends "0";' > /etc/apt/apt.conf.d/no-recommends
+echo 'APT::AutoRemove::RecommendsImportant "0";' >> /etc/apt/apt.conf.d/no-recommends
+apt-get update
+apt-get install -y libtool make cmake libseccomp-dev gcc python3 python3-venv
+EOS
+
+COPY Judger/ /app/
+RUN <<EOS
+set -ex
+mkdir /app/build
+cmake -S . -B build
+cmake --build build --parallel $(nproc)
+EOS
+
+RUN <<EOS
+set -ex
+cd bindings/Python
+python3 -m venv .venv
+.venv/bin/pip3 install build
+.venv/bin/python3 -m build -w
+EOS
+
+FROM debian:trixie-slim
+
+ENV DEBIAN_FRONTEND=noninteractive
+WORKDIR /app
+
+RUN --mount=type=cache,target=/var/cache/apt,id=apt-cahce-1-$TARGETARCH$TARGETVARIANT-final,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,id=apt-cahce-2-$TARGETARCH$TARGETVARIANT-final,sharing=locked \
+    <<EOS
+set -ex
+rm -f /etc/apt/apt.conf.d/docker-clean
+echo 'Binary::apt::APT::Keep-Downloaded-Packages "1";' > /etc/apt/apt.conf.d/keep-cache
+echo 'APT::Install-Recommends "0";' > /etc/apt/apt.conf.d/no-recommends
+echo 'APT::AutoRemove::RecommendsImportant "0";' >> /etc/apt/apt.conf.d/no-recommends
+needed="python3.12-minimal \
+    python3.12-venv \
+    libpython3.12-stdlib \
+    libpython3.12-dev \
+    golang-1.22-go \
+    temurin-21-jdk \
+    gcc-13 \
+    g++-13 \
+    nodejs \
+    strace"
+savedAptMark="$(apt-mark showmanual) $needed"
+apt-get update
+apt-get install -y ca-certificates curl gnupg
+curl -fsSL https://packages.adoptium.net/artifactory/api/gpg/key/public | gpg --dearmor -o /etc/apt/keyrings/adoptium.gpg
+cat > /etc/apt/sources.list.d/adoptium.sources <<EOF
+Types: deb
+URIs: https://packages.adoptium.net/artifactory/deb
+Suites: bookworm
+Components: main
+Signed-By: /etc/apt/keyrings/adoptium.gpg
+EOF
+curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
+cat > /etc/apt/sources.list.d/nodesource.sources <<EOF
+Types: deb
+URIs: https://deb.nodesource.com/node_20.x
+Suites: nodistro
+Components: main
+Signed-By:/etc/apt/keyrings/nodesource.gpg
+EOF
+apt-get update
+apt-get install -y $needed
+update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-13 13
+update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-13 13
+update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.12 12
+update-alternatives --install /usr/bin/go go /usr/lib/go-1.22/bin/go 22
+rm -rf /usr/lib/jvm/temurin-21-jdk-*/jmods
+rm -rf /usr/lib/jvm/temurin-21-jdk-*/lib/src.zip
+apt-mark auto '.*' > /dev/null
+apt-mark manual $savedAptMark
+apt-get purge -y --auto-remove
+EOS
+
+COPY --from=builder --chmod=755 --link /app/output/libjudger.so /usr/lib/judger/libjudger.so
+COPY --from=builder /app/bindings/Python/dist/ /app/
+RUN --mount=type=cache,target=/root/.cache/pip,id=pip-cahce-$TARGETARCH$TARGETVARIANT-final \
+    <<EOS
+set -ex
+python3 -m venv .venv
+CC=gcc .venv/bin/pip3 install --compile --no-cache-dir flask gunicorn idna psutil requests
+.venv/bin/pip3 install *.whl
+EOS
+
+COPY server/ /app/
+RUN <<EOS
+set -ex
+chmod -R u=rwX,go=rX /app/
+chmod +x /app/entrypoint.sh
+gcc -shared -fPIC -o unbuffer.so unbuffer.c
+useradd -u 901 -r -s /sbin/nologin -M compiler
+useradd -u 902 -r -s /sbin/nologin -M code
+useradd -u 903 -r -s /sbin/nologin -M -G code spj
+mkdir -p /usr/lib/judger
+EOS
+
+RUN <<EOS
+set -ex
+gcc --version
+g++ --version
+python3 --version
+java -version
+node --version
+EOS
+
+HEALTHCHECK CMD [ '/app/.venv/bin/python3', '/app/service.py' ]
 EXPOSE 8080
-ENTRYPOINT /code/entrypoint.sh
+ENTRYPOINT [ "/app/entrypoint.sh" ]
--- a/1
+++ b/1
@ -0,0 +1 @@
+Subproject commit d19a6dc192ebd7f41fed44ae6e091575ef22906a
--- a/build/java_policy
+++ b/build/java_policy
@ -1,3 +0,0 @@
-grant {
-    permission java.io.FilePermission "/tmp", "read";
-};
--- a/server/entrypoint.sh
+++ b/server/entrypoint.sh
@ -1,4 +1,6 @@
-#!/bin/bash
+#!/bin/sh
+set -ex
+
 rm -rf /judger/*
 mkdir -p /judger/run /judger/spj

@ -8,6 +10,11 @@ chmod 711 /judger/run
 chown compiler:spj /judger/spj
 chmod 710 /judger/spj

-core=$(grep --count ^processor /proc/cpuinfo)
-n=$(($core*2))
-exec gunicorn --workers $n --threads $n --error-logfile /log/gunicorn.log --time 600 --bind 0.0.0.0:8080 server:app
+CPU_CORE_NUM="$(nproc)"
+if [ "$CPU_CORE_NUM" -lt 2 ]; then
+    export WORKER_NUM=2;
+else
+    export WORKER_NUM="$CPU_CORE_NUM";
+fi
+
+exec .venv/bin/gunicorn server:app --workers $WORKER_NUM --threads 4 --error-logfile /log/gunicorn.log --bind 0.0.0.0:8080
				`@ -0,0 +1 @@`
				`Subproject commit d19a6dc192ebd7f41fed44ae6e091575ef22906a`