Dockerized containerybuilds (#741)

* let us see if we can dockerize this crab
2025-02-23 12:37:00 +01:00 · 2022-05-08 13:00:34 +10:00 · 2022-05-08 13:00:34 +10:00 · 5dc17c0c74
parent d5fbb91a1c
commit 5dc17c0c74
4 changed files with 127 additions and 83 deletions
--- a/.github/workflows/docker_build.yml
+++ b/.github/workflows/docker_build.yml
@ -0,0 +1,104 @@
+---
+name: Container for Kanidm
+
+# this will build regardless,
+# but only push to the container registry
+# when you're committing on the master branch.
+
+"on":
+  push:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        target:
+          - linux/arm64
+          - linux/amd64
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Update package manager
+        run: sudo apt-get update
+      - name: Install dependencies
+        run: |
+          sudo apt-get install -y \
+            libpam0g-dev \
+            libudev-dev \
+            libssl-dev \
+            libsqlite3-dev
+      - name: Install latest stable
+        uses: actions-rs/toolchain@v1
+        with:
+            toolchain: stable
+            default: true
+            components: cargo
+      - name: Run cargo test
+        run: cargo test --workspace
+
+  kanidm_build:
+    needs: test
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        target:
+          - linux/arm64
+          - linux/amd64
+    if: github.event_name == 'push'
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      -  # https://github.com/docker/login-action/#github-container-registry
+        name: Login to GitHub Container Registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push kanidmd
+        id: docker_build_kanidmd
+        uses: docker/build-push-action@v2
+        with:
+          push: ${{ github.ref == 'refs/heads/main' }}
+          platforms: ${{matrix.target}}
+          # https://github.com/docker/build-push-action/issues/254
+          tags: ghcr.io/${{ github.repository }}/kanidmd:devel
+          build-args: |
+            "KANIDM_BUILD_PROFILE=developer"
+            "KANIDM_FEATURES="
+          file: kanidmd/Dockerfile
+  radius_build:
+    needs: test
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        target:
+          - linux/arm64
+          - linux/amd64
+    if: github.event_name == 'push'
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      -  # https://github.com/docker/login-action/#github-container-registry
+        name: Login to GitHub Container Registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push radius
+        id: docker_build_radius
+        uses: docker/build-push-action@v2
+        with:
+          push: ${{ github.ref == 'refs/heads/main' }}
+          platforms: ${{matrix.target}}
+          # https://github.com/docker/build-push-action/issues/254
+          tags: ghcr.io/${{ github.repository }}/radius:devel
+          context: ./kanidm_rlm_python/
--- a/.github/workflows/docker_images.yml.disabled
+++ b/.github/workflows/docker_images.yml.disabled
@ -1,57 +0,0 @@
-name: release images
-
-on:
-  push:
-    branches:
-      - master
-
-    tags:
-      - v*
-
-  pull_request:
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        target: [kanidmd, radiusd]
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Run tests
-        run: make test/${{ matrix.target }}
-
-  push:
-    needs: test
-
-    runs-on: ubuntu-latest
-
-    strategy:
-      matrix:
-        target: [kanidmd, radiusd]
-
-    if: github.event_name == 'push'
-
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Build image
-        run: make build/${{ matrix.target }}
-
-      - name: Log into registry
-        run: echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin
-
-      - name: Push image
-        run: |
-          # Strip git ref prefix from version
-          VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
-
-          # Strip "v" prefix from tag name
-          [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
-
-          # Use Docker `latest` tag convention
-          [ "$VERSION" == "master" ] && VERSION=latest
-
-          VERSION=$VERSION make push/${{ matrix.target }}
-
--- a/kanidm_rlm_python/Dockerfile
+++ b/kanidm_rlm_python/Dockerfile
@ -3,9 +3,8 @@ LABEL org.opencontainers.image.authors="william@blackhats.net.au"

 EXPOSE 1812 1813

-RUN sed -i -E 's/https?:\/\/download.opensuse.org/http:\/\/dl.suse.blackhats.net.au:8080/g' /etc/zypp/repos.d/*.repo && \
-    zypper --gpg-auto-import-keys ref --force
-
+RUN zypper --gpg-auto-import-keys ref --force
+RUN zypper refresh
 RUN zypper install -y timezone freeradius-client freeradius-server freeradius-server-ldap \
    freeradius-server-python3 openldap2-client freeradius-server-utils hostname \
    python3 python3-requests python3-devel && \
--- a/kanidmd/Dockerfile
+++ b/kanidmd/Dockerfile
@ -2,11 +2,9 @@ ARG BASE_IMAGE=opensuse/tumbleweed:latest
 FROM ${BASE_IMAGE} AS builder
 LABEL mantainer william@blackhats.net.au

-RUN zypper ar obs://devel:languages:rust devel:languages:rust && \
-    sed -i -E 's/https?:\/\/download.opensuse.org/http:\/\/dl.suse.blackhats.net.au:8080/g' /etc/zypp/repos.d/*.repo && \
-    zypper --gpg-auto-import-keys ref --force && \
-    zypper dup -y && \
-    zypper install -y \
+RUN zypper refresh
+RUN zypper dup -y
+RUN zypper install -y \
        cargo \
        rust \
        gcc clang lld \
@ -23,39 +21,40 @@ ARG SCCACHE_REDIS
 ARG KANIDM_FEATURES
 ARG KANIDM_BUILD_PROFILE

-RUN mkdir /scratch && \
-	ln -s -f /usr/bin/clang /usr/bin/cc && \
-	ln -s -f /usr/bin/ld.lld /usr/bin/ld && \
-	if [ "${SCCACHE_REDIS}" != "" ]; \
+ENV RUSTC_BOOTSTRAP=1
+RUN mkdir /scratch
+RUN ln -s -f /usr/bin/clang /usr/bin/cc
+RUN ln -s -f /usr/bin/ld.lld /usr/bin/ld
+RUN if [ "${SCCACHE_REDIS}" != "" ]; \
 		then \
 			export CC="/usr/bin/sccache /usr/bin/clang" && \
 			export RUSTC_WRAPPER=sccache && \
 			sccache --start-server; \
 		else \
 			export CC="/usr/bin/clang"; \
-	fi && \
-	export RUSTC_BOOTSTRAP=1 && \
-	echo $KANIDM_BUILD_PROFILE && \
-	echo $KANIDM_FEATURES && \
-	CARGO_HOME=/scratch/.cargo cargo build \
+	fi
+RUN echo $KANIDM_BUILD_PROFILE
+RUN echo $KANIDM_FEATURES
+ENV CARGO_HOME=/scratch/.cargo
+RUN cargo build \
 		--features=${KANIDM_FEATURES} \
 		--target-dir=/usr/src/kanidm/target/ \
-		--release && \
-	ls -al /usr/src/kanidm/target/release/ && \
-	if [ "${SCCACHE_REDIS}" != "" ]; \
+		--release
+RUN ls -al /usr/src/kanidm/target/release
+RUN if [ "${SCCACHE_REDIS}" != "" ]; \
 		then sccache -s; \
 	fi;

 FROM ${BASE_IMAGE}
 LABEL mantainer william@blackhats.net.au

-RUN zypper ref && \
-    zypper dup -y && \
-    zypper install -y \
+RUN zypper ref
+RUN zypper dup -y
+RUN zypper install -y \
        timezone \
        sqlite3 \
-        pam && \
-    zypper clean -a
+        pam
+RUN zypper clean -a

 COPY --from=builder /usr/src/kanidm/target/release/kanidmd /sbin/
 COPY --from=builder /usr/src/kanidm/kanidmd_web_ui/pkg /pkg
@ -65,4 +64,3 @@ VOLUME /data

 ENV RUST_BACKTRACE 1
 CMD ["/sbin/kanidmd", "server", "-c", "/data/server.toml"]
-