Dockerized containerybuilds (#741)

* let us see if we can dockerize this crab
2025-02-23 20:47:01 +01:00 · 2022-05-08 13:00:34 +10:00 · 2022-05-08 13:00:34 +10:00 · 5dc17c0c74
parent d5fbb91a1c
commit 5dc17c0c74
4 changed files with 127 additions and 83 deletions
--- a/.github/workflows/docker_build.yml
+++ b/.github/workflows/docker_build.yml
@ -0,0 +1,104 @@
 ---
 name: Container for Kanidm
 # this will build regardless,
 # but only push to the container registry
 # when you're committing on the master branch.
 "on":
  push:
 jobs:
  test:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        target:
          - linux/arm64
          - linux/amd64
    steps:
      - uses: actions/checkout@v3
      - name: Update package manager
        run: sudo apt-get update
      - name: Install dependencies
        run: |
          sudo apt-get install -y \
            libpam0g-dev \
            libudev-dev \
            libssl-dev \
            libsqlite3-dev
      - name: Install latest stable
        uses: actions-rs/toolchain@v1
        with:
            toolchain: stable
            default: true
            components: cargo
      - name: Run cargo test
        run: cargo test --workspace
  kanidm_build:
    needs: test
    runs-on: ubuntu-latest
    strategy:
      matrix:
        target:
          - linux/arm64
          - linux/amd64
    if: github.event_name == 'push'
    steps:
      - uses: actions/checkout@v3
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v1
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      -  # https://github.com/docker/login-action/#github-container-registry
        name: Login to GitHub Container Registry
        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build and push kanidmd
        id: docker_build_kanidmd
        uses: docker/build-push-action@v2
        with:
          push: ${{ github.ref == 'refs/heads/main' }}
          platforms: ${{matrix.target}}
          # https://github.com/docker/build-push-action/issues/254
          tags: ghcr.io/${{ github.repository }}/kanidmd:devel
          build-args: |
            "KANIDM_BUILD_PROFILE=developer"
            "KANIDM_FEATURES="
          file: kanidmd/Dockerfile
  radius_build:
    needs: test
    runs-on: ubuntu-latest
    strategy:
      matrix:
        target:
          - linux/arm64
          - linux/amd64
    if: github.event_name == 'push'
    steps:
      - uses: actions/checkout@v3
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v1
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      -  # https://github.com/docker/login-action/#github-container-registry
        name: Login to GitHub Container Registry
        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build and push radius
        id: docker_build_radius
        uses: docker/build-push-action@v2
        with:
          push: ${{ github.ref == 'refs/heads/main' }}
          platforms: ${{matrix.target}}
          # https://github.com/docker/build-push-action/issues/254
          tags: ghcr.io/${{ github.repository }}/radius:devel
          context: ./kanidm_rlm_python/
--- a/.github/workflows/docker_images.yml.disabled
+++ b/.github/workflows/docker_images.yml.disabled
@ -1,57 +0,0 @@
 name: release images
 on:
  push:
    branches:
      - master
    tags:
      - v*
  pull_request:
 jobs:
  test:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        target: [kanidmd, radiusd]
    steps:
      - uses: actions/checkout@v2
      - name: Run tests
        run: make test/${{ matrix.target }}
  push:
    needs: test
    runs-on: ubuntu-latest
    strategy:
      matrix:
        target: [kanidmd, radiusd]
    if: github.event_name == 'push'
    steps:
      - uses: actions/checkout@v2
      - name: Build image
        run: make build/${{ matrix.target }}
      - name: Log into registry
        run: echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin
      - name: Push image
        run: |
          # Strip git ref prefix from version
          VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
          # Strip "v" prefix from tag name
          [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
          # Use Docker `latest` tag convention
          [ "$VERSION" == "master" ] && VERSION=latest
          VERSION=$VERSION make push/${{ matrix.target }}
--- a/kanidm_rlm_python/Dockerfile
+++ b/kanidm_rlm_python/Dockerfile
@ -3,9 +3,8 @@ LABEL org.opencontainers.image.authors="william@blackhats.net.au"
 EXPOSE 1812 1813
-RUN sed -i -E 's/https?:\/\/download.opensuse.org/http:\/\/dl.suse.blackhats.net.au:8080/g' /etc/zypp/repos.d/*.repo && \
+RUN zypper --gpg-auto-import-keys ref --force
-    zypper --gpg-auto-import-keys ref --force
+RUN zypper refresh
 RUN zypper install -y timezone freeradius-client freeradius-server freeradius-server-ldap \
    freeradius-server-python3 openldap2-client freeradius-server-utils hostname \
    python3 python3-requests python3-devel && \
--- a/kanidmd/Dockerfile
+++ b/kanidmd/Dockerfile
@ -2,11 +2,9 @@ ARG BASE_IMAGE=opensuse/tumbleweed:latest
 FROM ${BASE_IMAGE} AS builder
 LABEL mantainer william@blackhats.net.au
-RUN zypper ar obs://devel:languages:rust devel:languages:rust && \
+RUN zypper refresh
-    sed -i -E 's/https?:\/\/download.opensuse.org/http:\/\/dl.suse.blackhats.net.au:8080/g' /etc/zypp/repos.d/*.repo && \
+RUN zypper dup -y
-    zypper --gpg-auto-import-keys ref --force && \
+RUN zypper install -y \
    zypper dup -y && \
    zypper install -y \
        cargo \
        rust \
        gcc clang lld \
@ -23,39 +21,40 @@ ARG SCCACHE_REDIS
 ARG KANIDM_FEATURES
 ARG KANIDM_BUILD_PROFILE
-RUN mkdir /scratch && \
+ENV RUSTC_BOOTSTRAP=1
-	ln -s -f /usr/bin/clang /usr/bin/cc && \
+RUN mkdir /scratch
-	ln -s -f /usr/bin/ld.lld /usr/bin/ld && \
+RUN ln -s -f /usr/bin/clang /usr/bin/cc
-	if [ "${SCCACHE_REDIS}" != "" ]; \
+RUN ln -s -f /usr/bin/ld.lld /usr/bin/ld
 RUN if [ "${SCCACHE_REDIS}" != "" ]; \
 		then \
 			export CC="/usr/bin/sccache /usr/bin/clang" && \
 			export RUSTC_WRAPPER=sccache && \
 			sccache --start-server; \
 		else \
 			export CC="/usr/bin/clang"; \
-	fi && \
+	fi
-	export RUSTC_BOOTSTRAP=1 && \
+RUN echo $KANIDM_BUILD_PROFILE
-	echo $KANIDM_BUILD_PROFILE && \
+RUN echo $KANIDM_FEATURES
-	echo $KANIDM_FEATURES && \
+ENV CARGO_HOME=/scratch/.cargo
-	CARGO_HOME=/scratch/.cargo cargo build \
+RUN cargo build \
 		--features=${KANIDM_FEATURES} \
 		--target-dir=/usr/src/kanidm/target/ \
-		--release && \
+		--release
-	ls -al /usr/src/kanidm/target/release/ && \
+RUN ls -al /usr/src/kanidm/target/release
-	if [ "${SCCACHE_REDIS}" != "" ]; \
+RUN if [ "${SCCACHE_REDIS}" != "" ]; \
 		then sccache -s; \
 	fi;
 FROM ${BASE_IMAGE}
 LABEL mantainer william@blackhats.net.au
-RUN zypper ref && \
+RUN zypper ref
-    zypper dup -y && \
+RUN zypper dup -y
-    zypper install -y \
+RUN zypper install -y \
        timezone \
        sqlite3 \
-        pam && \
+        pam
-    zypper clean -a
+RUN zypper clean -a
 COPY --from=builder /usr/src/kanidm/target/release/kanidmd /sbin/
 COPY --from=builder /usr/src/kanidm/kanidmd_web_ui/pkg /pkg
@ -65,4 +64,3 @@ VOLUME /data
 ENV RUST_BACKTRACE 1
 CMD ["/sbin/kanidmd", "server", "-c", "/data/server.toml"]