From 5dc17c0c7493155f5fc9b384b48fa04e9363526f Mon Sep 17 00:00:00 2001 From: James Hodgkinson Date: Sun, 8 May 2022 13:00:34 +1000 Subject: [PATCH] Dockerized containerybuilds (#741) * let us see if we can dockerize this crab --- .github/workflows/docker_build.yml | 104 +++++++++++++++++++ .github/workflows/docker_images.yml.disabled | 57 ---------- kanidm_rlm_python/Dockerfile | 5 +- kanidmd/Dockerfile | 44 ++++---- 4 files changed, 127 insertions(+), 83 deletions(-) create mode 100644 .github/workflows/docker_build.yml delete mode 100644 .github/workflows/docker_images.yml.disabled diff --git a/.github/workflows/docker_build.yml b/.github/workflows/docker_build.yml new file mode 100644 index 000000000..db1f3138c --- /dev/null +++ b/.github/workflows/docker_build.yml @@ -0,0 +1,104 @@ +--- +name: Container for Kanidm + +# this will build regardless, +# but only push to the container registry +# when you're committing on the master branch. + +"on": + push: + +jobs: + test: + runs-on: ubuntu-latest + strategy: + matrix: + target: + - linux/arm64 + - linux/amd64 + steps: + - uses: actions/checkout@v3 + + - name: Update package manager + run: sudo apt-get update + - name: Install dependencies + run: | + sudo apt-get install -y \ + libpam0g-dev \ + libudev-dev \ + libssl-dev \ + libsqlite3-dev + - name: Install latest stable + uses: actions-rs/toolchain@v1 + with: + toolchain: stable + default: true + components: cargo + - name: Run cargo test + run: cargo test --workspace + + kanidm_build: + needs: test + runs-on: ubuntu-latest + strategy: + matrix: + target: + - linux/arm64 + - linux/amd64 + if: github.event_name == 'push' + steps: + - uses: actions/checkout@v3 + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - # https://github.com/docker/login-action/#github-container-registry + name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and push kanidmd + id: docker_build_kanidmd + uses: docker/build-push-action@v2 + with: + push: ${{ github.ref == 'refs/heads/main' }} + platforms: ${{matrix.target}} + # https://github.com/docker/build-push-action/issues/254 + tags: ghcr.io/${{ github.repository }}/kanidmd:devel + build-args: | + "KANIDM_BUILD_PROFILE=developer" + "KANIDM_FEATURES=" + file: kanidmd/Dockerfile + radius_build: + needs: test + runs-on: ubuntu-latest + strategy: + matrix: + target: + - linux/arm64 + - linux/amd64 + if: github.event_name == 'push' + steps: + - uses: actions/checkout@v3 + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - # https://github.com/docker/login-action/#github-container-registry + name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and push radius + id: docker_build_radius + uses: docker/build-push-action@v2 + with: + push: ${{ github.ref == 'refs/heads/main' }} + platforms: ${{matrix.target}} + # https://github.com/docker/build-push-action/issues/254 + tags: ghcr.io/${{ github.repository }}/radius:devel + context: ./kanidm_rlm_python/ diff --git a/.github/workflows/docker_images.yml.disabled b/.github/workflows/docker_images.yml.disabled deleted file mode 100644 index da2c6366c..000000000 --- a/.github/workflows/docker_images.yml.disabled +++ /dev/null @@ -1,57 +0,0 @@ -name: release images - -on: - push: - branches: - - master - - tags: - - v* - - pull_request: - -jobs: - test: - runs-on: ubuntu-latest - strategy: - matrix: - target: [kanidmd, radiusd] - steps: - - uses: actions/checkout@v2 - - - name: Run tests - run: make test/${{ matrix.target }} - - push: - needs: test - - runs-on: ubuntu-latest - - strategy: - matrix: - target: [kanidmd, radiusd] - - if: github.event_name == 'push' - - steps: - - uses: actions/checkout@v2 - - - name: Build image - run: make build/${{ matrix.target }} - - - name: Log into registry - run: echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin - - - name: Push image - run: | - # Strip git ref prefix from version - VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') - - # Strip "v" prefix from tag name - [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') - - # Use Docker `latest` tag convention - [ "$VERSION" == "master" ] && VERSION=latest - - VERSION=$VERSION make push/${{ matrix.target }} - diff --git a/kanidm_rlm_python/Dockerfile b/kanidm_rlm_python/Dockerfile index 78e050581..500ff7eef 100644 --- a/kanidm_rlm_python/Dockerfile +++ b/kanidm_rlm_python/Dockerfile @@ -3,9 +3,8 @@ LABEL org.opencontainers.image.authors="william@blackhats.net.au" EXPOSE 1812 1813 -RUN sed -i -E 's/https?:\/\/download.opensuse.org/http:\/\/dl.suse.blackhats.net.au:8080/g' /etc/zypp/repos.d/*.repo && \ - zypper --gpg-auto-import-keys ref --force - +RUN zypper --gpg-auto-import-keys ref --force +RUN zypper refresh RUN zypper install -y timezone freeradius-client freeradius-server freeradius-server-ldap \ freeradius-server-python3 openldap2-client freeradius-server-utils hostname \ python3 python3-requests python3-devel && \ diff --git a/kanidmd/Dockerfile b/kanidmd/Dockerfile index ff7c9eb96..d8c5242f3 100644 --- a/kanidmd/Dockerfile +++ b/kanidmd/Dockerfile @@ -2,11 +2,9 @@ ARG BASE_IMAGE=opensuse/tumbleweed:latest FROM ${BASE_IMAGE} AS builder LABEL mantainer william@blackhats.net.au -RUN zypper ar obs://devel:languages:rust devel:languages:rust && \ - sed -i -E 's/https?:\/\/download.opensuse.org/http:\/\/dl.suse.blackhats.net.au:8080/g' /etc/zypp/repos.d/*.repo && \ - zypper --gpg-auto-import-keys ref --force && \ - zypper dup -y && \ - zypper install -y \ +RUN zypper refresh +RUN zypper dup -y +RUN zypper install -y \ cargo \ rust \ gcc clang lld \ @@ -23,39 +21,40 @@ ARG SCCACHE_REDIS ARG KANIDM_FEATURES ARG KANIDM_BUILD_PROFILE -RUN mkdir /scratch && \ - ln -s -f /usr/bin/clang /usr/bin/cc && \ - ln -s -f /usr/bin/ld.lld /usr/bin/ld && \ - if [ "${SCCACHE_REDIS}" != "" ]; \ +ENV RUSTC_BOOTSTRAP=1 +RUN mkdir /scratch +RUN ln -s -f /usr/bin/clang /usr/bin/cc +RUN ln -s -f /usr/bin/ld.lld /usr/bin/ld +RUN if [ "${SCCACHE_REDIS}" != "" ]; \ then \ export CC="/usr/bin/sccache /usr/bin/clang" && \ export RUSTC_WRAPPER=sccache && \ sccache --start-server; \ else \ export CC="/usr/bin/clang"; \ - fi && \ - export RUSTC_BOOTSTRAP=1 && \ - echo $KANIDM_BUILD_PROFILE && \ - echo $KANIDM_FEATURES && \ - CARGO_HOME=/scratch/.cargo cargo build \ + fi +RUN echo $KANIDM_BUILD_PROFILE +RUN echo $KANIDM_FEATURES +ENV CARGO_HOME=/scratch/.cargo +RUN cargo build \ --features=${KANIDM_FEATURES} \ --target-dir=/usr/src/kanidm/target/ \ - --release && \ - ls -al /usr/src/kanidm/target/release/ && \ - if [ "${SCCACHE_REDIS}" != "" ]; \ + --release +RUN ls -al /usr/src/kanidm/target/release +RUN if [ "${SCCACHE_REDIS}" != "" ]; \ then sccache -s; \ fi; FROM ${BASE_IMAGE} LABEL mantainer william@blackhats.net.au -RUN zypper ref && \ - zypper dup -y && \ - zypper install -y \ +RUN zypper ref +RUN zypper dup -y +RUN zypper install -y \ timezone \ sqlite3 \ - pam && \ - zypper clean -a + pam +RUN zypper clean -a COPY --from=builder /usr/src/kanidm/target/release/kanidmd /sbin/ COPY --from=builder /usr/src/kanidm/kanidmd_web_ui/pkg /pkg @@ -65,4 +64,3 @@ VOLUME /data ENV RUST_BACKTRACE 1 CMD ["/sbin/kanidmd", "server", "-c", "/data/server.toml"] -