mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-05-19 07:23:55 +02:00
Code Issues Actions16 Packages Projects Releases Wiki Activity

1355 docker builds ()

Browse source
This commit is contained in:
Firstyear 2023-02-06 09:50:10 +10:00 committed by GitHub
parent 965423d2ac
commit 100bbd5477
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 52 additions and 43 deletions

1
.gitignore vendored
View file

@ -7,6 +7,7 @@ altnames.cnf
/insecure /insecure
**/*.rs.bk **/*.rs.bk
test.db test.db
cargo_vendor_config
/vendor /vendor
kanidm_rlm_python/test_data/certs/ kanidm_rlm_python/test_data/certs/
vendor.tar.gz vendor.tar.gz

8
Makefile
View file

@ -15,7 +15,7 @@ help:
.PHONY: buildx/kanidmd/x86_64_v3 .PHONY: buildx/kanidmd/x86_64_v3
buildx/kanidmd/x86_64_v3: ## build multiarch server images buildx/kanidmd/x86_64_v3: ## build multiarch server images
buildx/kanidmd/x86_64_v3: buildx/kanidmd/x86_64_v3: vendor
@$(CONTAINER_TOOL) buildx build $(CONTAINER_TOOL_ARGS) --pull --push --platform "linux/amd64/v3" \ @$(CONTAINER_TOOL) buildx build $(CONTAINER_TOOL_ARGS) --pull --push --platform "linux/amd64/v3" \
-f kanidmd/Dockerfile -t $(IMAGE_BASE)/server:x86_64_$(IMAGE_VERSION) \ -f kanidmd/Dockerfile -t $(IMAGE_BASE)/server:x86_64_$(IMAGE_VERSION) \
--build-arg "KANIDM_BUILD_PROFILE=container_x86_64_v3" \ --build-arg "KANIDM_BUILD_PROFILE=container_x86_64_v3" \
@ -25,7 +25,7 @@ buildx/kanidmd/x86_64_v3:
.PHONY: buildx/kanidmd .PHONY: buildx/kanidmd
buildx/kanidmd: ## Build multiarch kanidm server images and push to docker hub buildx/kanidmd: ## Build multiarch kanidm server images and push to docker hub
buildx/kanidmd: buildx/kanidmd: vendor
@$(CONTAINER_TOOL) buildx build $(CONTAINER_TOOL_ARGS) \ @$(CONTAINER_TOOL) buildx build $(CONTAINER_TOOL_ARGS) \
--pull --push --platform $(IMAGE_ARCH) \ --pull --push --platform $(IMAGE_ARCH) \
-f kanidmd/Dockerfile \ -f kanidmd/Dockerfile \
@ -37,7 +37,7 @@ buildx/kanidmd:
.PHONY: buildx/kanidm_tools .PHONY: buildx/kanidm_tools
buildx/kanidm_tools: ## Build multiarch kanidm tool images and push to docker hub buildx/kanidm_tools: ## Build multiarch kanidm tool images and push to docker hub
buildx/kanidm_tools: buildx/kanidm_tools: vendor
@$(CONTAINER_TOOL) buildx build $(CONTAINER_TOOL_ARGS) \ @$(CONTAINER_TOOL) buildx build $(CONTAINER_TOOL_ARGS) \
--pull --push --platform $(IMAGE_ARCH) \ --pull --push --platform $(IMAGE_ARCH) \
-f kanidm_tools/Dockerfile \ -f kanidm_tools/Dockerfile \
@ -103,7 +103,7 @@ precommit: test codespell test/pykanidm doc/format
.PHONY: vendor .PHONY: vendor
vendor: vendor:
cargo vendor cargo vendor > cargo_vendor_config
.PHONY: vendor-prep .PHONY: vendor-prep
vendor-prep: vendor vendor-prep: vendor

2
kanidm_tools/Cargo.toml
View file

@ -27,7 +27,7 @@ path = "src/ssh_authorizedkeys.rs"
[dependencies] [dependencies]
clap = { workspace = true, features = ["derive", "env"] } clap = { workspace = true, features = ["derive", "env"] }
compact_jwt.workspace = true compact_jwt = { workspace = true, features = ["openssl"] }
dialoguer.workspace = true dialoguer.workspace = true
futures-concurrency.workspace = true futures-concurrency.workspace = true
libc.workspace = true libc.workspace = true

41
kanidm_tools/Dockerfile
View file

@ -1,53 +1,56 @@
# This builds the kanidm CLI tool # This builds the kanidm CLI tools
ARG BASE_IMAGE=opensuse/tumbleweed:latest ARG BASE_IMAGE=opensuse/tumbleweed:latest
FROM ${BASE_IMAGE} AS repos FROM ${BASE_IMAGE} AS repos
RUN zypper refresh --force RUN zypper refresh --force
RUN zypper dup -y RUN zypper dup -y
FROM repos AS builder FROM repos AS builder
ARG SCCACHE_REDIS=""
ARG KANIDM_FEATURES ARG KANIDM_FEATURES
ARG KANIDM_BUILD_PROFILE ARG KANIDM_BUILD_PROFILE
ARG KANIDM_BUILD_OPTIONS="" ARG KANIDM_BUILD_OPTIONS=""
RUN zypper install -y \ RUN echo Profile $KANIDM_BUILD_PROFILE
RUN echo Features $KANIDM_FEATURES
RUN zypper install -y --no-recommends \
rustup wasm-pack \ rustup wasm-pack \
gcc clang lld \ clang \
make automake autoconf \ make automake autoconf \
libopenssl-devel \ libopenssl-3-devel \
pam-devel \ pam-devel \
libudev-devel \ libudev-devel \
sqlite3-devel \ sqlite3-devel \
rsync rsync \
mold
RUN zypper clean -a RUN zypper clean -a
RUN rustup default stable RUN rustup default stable
COPY . /usr/src/kanidm COPY . /usr/src/kanidm
RUN mkdir /scratch RUN mkdir -p /usr/src/kanidm/.cargo
RUN echo $KANIDM_BUILD_PROFILE RUN cp /usr/src/kanidm/cargo_vendor_config /usr/src/kanidm/.cargo/config.toml
ENV KANIDM_BUILD_PROFILE=${KANIDM_BUILD_PROFILE:-container_generic}
RUN echo Features $KANIDM_FEATURES
ENV CARGO_HOME=/scratch/.cargo
ENV RUSTFLAGS="-Clinker=clang -Clink-arg=-fuse-ld=/usr/bin/ld.lld"
WORKDIR /usr/src/kanidm/ WORKDIR /usr/src/kanidm/
# Set the build profile
ENV KANIDM_BUILD_PROFILE=${KANIDM_BUILD_PROFILE:-container_generic}
ENV RUSTFLAGS="-Clinker=clang -Clink-arg=-fuse-ld=/usr/bin/ld.mold"
# build the CLI # build the CLI
RUN if [ -z "${KANIDM_FEATURES}" ]; then \ RUN if [ -z "${KANIDM_FEATURES}" ]; then \
cargo build --bin kanidm ${KANIDM_BUILD_OPTIONS} \ cargo build -p kanidm_tools ${KANIDM_BUILD_OPTIONS} \
--target-dir="/usr/src/kanidm/target/" \ --target-dir="/usr/src/kanidm/target/" \
--release; \ --release; \
cargo build --bin kanidm-ipa-sync ${KANIDM_BUILD_OPTIONS} \ cargo build -p kanidm-ipa-sync ${KANIDM_BUILD_OPTIONS} \
--target-dir="/usr/src/kanidm/target/" \ --target-dir="/usr/src/kanidm/target/" \
--release; \ --release; \
else \ else \
cargo build --bin kanidm ${KANIDM_BUILD_OPTIONS} \ cargo build -p kanidm_tools ${KANIDM_BUILD_OPTIONS} \
--target-dir="/usr/src/kanidm/target/" \ --target-dir="/usr/src/kanidm/target/" \
--features="${KANIDM_FEATURES}" \ --features="${KANIDM_FEATURES}" \
--release; \ --release; \
cargo build --bin kanidm-ipa-sync ${KANIDM_BUILD_OPTIONS} \ cargo build -p kanidm-ipa-sync ${KANIDM_BUILD_OPTIONS} \
--target-dir="/usr/src/kanidm/target/" \ --target-dir="/usr/src/kanidm/target/" \
--features="${KANIDM_FEATURES}" \ --features="${KANIDM_FEATURES}" \
--release; \ --release; \
@ -58,7 +61,7 @@ RUN ls -al /usr/src/kanidm/target/release
# == Construct the tools container # == Construct the tools container
FROM repos FROM repos
RUN zypper install -y timezone busybox-adduser && \ RUN zypper install -y timezone busybox-adduser openssl-3 && \
zypper clean -a zypper clean -a
COPY --from=builder /usr/src/kanidm/target/release/kanidm /sbin/ COPY --from=builder /usr/src/kanidm/target/release/kanidm /sbin/

43
kanidmd/Dockerfile
View file

@ -1,3 +1,4 @@
# Build the main Kanidmd server
ARG BASE_IMAGE=opensuse/tumbleweed:latest ARG BASE_IMAGE=opensuse/tumbleweed:latest
FROM ${BASE_IMAGE} AS repos FROM ${BASE_IMAGE} AS repos
RUN zypper refresh --force RUN zypper refresh --force
@ -5,56 +6,59 @@ RUN zypper dup -y
# ====================== # ======================
FROM repos AS builder FROM repos AS builder
ARG KANIDM_FEATURES
ARG KANIDM_BUILD_PROFILE="container_generic"
ARG KANIDM_BUILD_OPTIONS=""
RUN zypper install -y \ RUN echo Profile $KANIDM_BUILD_PROFILE
RUN echo Features $KANIDM_FEATURES
RUN zypper install -y --no-recommends \
rustup \ rustup \
wasm-pack \ clang \
clang lld \
make automake autoconf \ make automake autoconf \
libopenssl-devel pam-devel \ libopenssl-3-devel pam-devel \
sqlite3-devel \ sqlite3-devel \
gcc \
rsync \ rsync \
findutils \ findutils \
which which \
mold
# wasm-pack \
# lld
RUN zypper clean -a RUN zypper clean -a
RUN rustup default stable RUN rustup default stable
COPY . /usr/src/kanidm COPY . /usr/src/kanidm
ARG KANIDM_FEATURES RUN mkdir -p /usr/src/kanidm/.cargo
ARG KANIDM_BUILD_PROFILE="container_generic" RUN cp /usr/src/kanidm/cargo_vendor_config /usr/src/kanidm/.cargo/config.toml
ARG KANIDM_BUILD_OPTIONS=""
RUN mkdir /scratch
RUN echo $KANIDM_BUILD_PROFILE
RUN echo $KANIDM_FEATURES
ENV CARGO_HOME=/scratch/.cargo
# ====================== # ======================
WORKDIR /usr/src/kanidm/kanidmd_web_ui # WORKDIR /usr/src/kanidm/kanidmd_web_ui
# # This can't be used in the wasm build for now. # # This can't be used in the wasm build for now.
# # ENV RUSTFLAGS="-Clinker=clang" # # ENV RUSTFLAGS="-Clinker=clang"
RUN ./build_wasm.sh # RUN ./build_wasm.sh
# ====================== # ======================
WORKDIR /usr/src/kanidm/kanidmd/daemon WORKDIR /usr/src/kanidm/kanidmd/daemon
# Set the build profile # Set the build profile
ENV KANIDM_BUILD_PROFILE="${KANIDM_BUILD_PROFILE}" ENV KANIDM_BUILD_PROFILE=${KANIDM_BUILD_PROFILE:-container_generic}
ENV RUSTFLAGS="-Clinker=clang -Clink-arg=-fuse-ld=/usr/bin/ld.lld" ENV RUSTFLAGS="-Clinker=clang -Clink-arg=-fuse-ld=/usr/bin/ld.mold"
# Exports don't persist through RUN statements. # Exports don't persist through RUN statements.
RUN export CC="/usr/bin/clang"; \ RUN export CC="/usr/bin/clang"; \
if [ -z "${KANIDM_FEATURES}" ]; then \ if [ -z "${KANIDM_FEATURES}" ]; then \
cargo build -p daemon ${KANIDM_BUILD_OPTIONS} \ cargo build -p daemon ${KANIDM_BUILD_OPTIONS} \
--locked --offline \
--target-dir="/usr/src/kanidm/target/" \ --target-dir="/usr/src/kanidm/target/" \
--release; \ --release; \
else \ else \
cargo build -p daemon ${KANIDM_BUILD_OPTIONS} \ cargo build -p daemon ${KANIDM_BUILD_OPTIONS} \
--locked --offline \
--target-dir="/usr/src/kanidm/target/" \ --target-dir="/usr/src/kanidm/target/" \
--features="${KANIDM_FEATURES}" \ --features="${KANIDM_FEATURES}" \
--release; \ --release; \
@ -68,6 +72,7 @@ FROM repos
RUN zypper install -y \ RUN zypper install -y \
timezone \ timezone \
openssl-3 \
sqlite3 \ sqlite3 \
pam pam
RUN zypper clean -a RUN zypper clean -a