)]}'
{
  "commit": "7dd38828dae845aa2f48da76811e009781812944",
  "tree": "5c8b78012f33d75b547cf52ab2c0a7291eb55b9b",
  "parents": [
    "f85a4398aa6e17930b90407a416b50a872cc999e"
  ],
  "author": {
    "name": "Geoffrey Martin-Noble",
    "email": "gcmn@google.com",
    "time": "Tue Jul 21 16:02:52 2020 -0700"
  },
  "committer": {
    "name": "GitHub",
    "email": "noreply@github.com",
    "time": "Tue Jul 21 16:02:52 2020 -0700"
  },
  "message": "Clean up dockerfiles to enable non-root usage (#2583)\n\nEnables running our Docker builds as an arbitrary non-root user.\r\n\r\nThis allows usage of `docker run` without weird things like all the\r\nfiles created being owned by root. It also includes updates to make\r\nit possible to run the docker scripts locally provided the relevant\r\nenv variables are set.\r\n\r\nThis includes simplification of the Bazel installation to just use\r\napt. I tried to get rid of the necessity for the scary-looking\r\n`APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE`, but I couldn\u0027t find any\r\nalternatives. The warning message it prints doesn\u0027t even make\r\nsense as a warning.\r\n\r\nReworks the update script to allow updating multiple images at\r\nonce including updating *all* images.\r\n\r\nAlso institutes some general Docker best practices like\r\n[apt-get cache busting](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#apt-get)\r\nand\r\n[layer minimization](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#minimize-the-number-of-layers)\r\n(although note on the latter that it looks like we might want to\r\ninvestigate multi-stage builds).\r\n\r\nPart of https://github.com/google/iree/issues/2565\r\n\r\nTested:\r\nSet build scripts to use the \"latest\" tag and ran all the presubmits,\r\nincluding manually triggering the linux_x86-turing_cmake, which is\r\nnot enabled by default yet. See status for\r\n[`d44f343` (#2583)](https://github.com/google/iree/pull/2583/commits/d44f343abe4dfdb332b500e5fe507861beccc5cc)\r\n\r\nhttps://github.com/google/iree/pull/2566 makes our Docker scripts\r\nactually run without root and use these images (including manually\r\ntriggering builds that aren\u0027t running by default yet):\r\n- [linux_bazel_core](https://source.cloud.google.com/results/invocations/74af7fb4-1032-42ac-953a-314bf314c503)\r\n- [linux_bazel_bindings](https://source.cloud.google.com/results/invocations/f4da9656-5940-4481-9df3-be6a41a64356)\r\n- [linux_bazel_integrations](https://source.cloud.google.com/results/invocations/248d516a-6da6-45b4-84ef-bd7c9942ce3c)\r\n- [linux_cmake](https://source.cloud.google.com/results/invocations/d3cc69c0-4de7-40ce-84b4-6201bb350b38)\r\n- [android_arm64_cmake](https://source.cloud.google.com/results/invocations/1b07091e-533c-4edc-8385-f378f9084128/targets)\r\n- [linux_x86-turing_cmake](https://source.cloud.google.com/results/invocations/d73d847b-f56d-41a3-ad49-f2b9368685bd)\r\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "702a0876673448b5c8464e9cbd7a16925a960c85",
      "old_mode": 33188,
      "old_path": "WORKSPACE",
      "new_id": "cf098ce11493020d39aa0ebbec63bbdb247e582b",
      "new_mode": 33188,
      "new_path": "WORKSPACE"
    },
    {
      "type": "modify",
      "old_id": "e9a587cb02b355aa45985978f2a32a315f1821c9",
      "old_mode": 33188,
      "old_path": "build_tools/docker/bazel/Dockerfile",
      "new_id": "c42521acd92f2bdeabf4d3593101be49ab869d74",
      "new_mode": 33188,
      "new_path": "build_tools/docker/bazel/Dockerfile"
    },
    {
      "type": "modify",
      "old_id": "f7ef30f720f2ce0670d6d1afbdcfd93b1d2c5812",
      "old_mode": 33188,
      "old_path": "build_tools/docker/bazel_bindings/Dockerfile",
      "new_id": "8f07958126bf9d2686cc60a79f8dc2c5a20648d5",
      "new_mode": 33188,
      "new_path": "build_tools/docker/bazel_bindings/Dockerfile"
    },
    {
      "type": "modify",
      "old_id": "a1179905fde9c3026a6c445f9817f508f039b93a",
      "old_mode": 33188,
      "old_path": "build_tools/docker/bazel_tensorflow/Dockerfile",
      "new_id": "0c37354a1107261b0dc25f3c40aafb34b60cf89b",
      "new_mode": 33188,
      "new_path": "build_tools/docker/bazel_tensorflow/Dockerfile"
    },
    {
      "type": "modify",
      "old_id": "90c74541c25cba1d9721bd932d7e22fa2287dc0d",
      "old_mode": 33261,
      "old_path": "build_tools/docker/build_and_update_gcr.py",
      "new_id": "5538aa617935abf39e4e46376c9ad5ac4720cf80",
      "new_mode": 33261,
      "new_path": "build_tools/docker/build_and_update_gcr.py"
    },
    {
      "type": "modify",
      "old_id": "92cece8526d1d8c173b6470d0b62757966b4e72d",
      "old_mode": 33188,
      "old_path": "build_tools/docker/cmake/Dockerfile",
      "new_id": "bde1f4d004afd6be1e055459e3d7170e6410209c",
      "new_mode": 33188,
      "new_path": "build_tools/docker/cmake/Dockerfile"
    },
    {
      "type": "modify",
      "old_id": "86796563a2e2dfe258e658d8fdd41764c7841722",
      "old_mode": 33188,
      "old_path": "build_tools/docker/cmake_nvidia/Dockerfile",
      "new_id": "c25519f43a3b21a7f6c48fdb781011f1d1def372",
      "new_mode": 33188,
      "new_path": "build_tools/docker/cmake_nvidia/Dockerfile"
    },
    {
      "type": "modify",
      "old_id": "c2df29909335d4fe5cb7c74cde216d9b22e06c78",
      "old_mode": 33261,
      "old_path": "build_tools/docker/rbe_toolchain/Dockerfile",
      "new_id": "878aca3953fc3b2f1d23b9dd07b8065c31d449cc",
      "new_mode": 33261,
      "new_path": "build_tools/docker/rbe_toolchain/Dockerfile"
    }
  ]
}