Merge docker image github actions into unique

Use matrix and Makefile to build both images in the same workflow. Kanidmd image remove muslc version and come back to SUSE version because performance problems. Also fix a typo bug with kanidmd image build on CI.
2025-02-23 12:37:00 +01:00 · 2020-05-06 09:37:07 +02:00 · 2020-05-06 09:37:07 +02:00 · 7687791466
parent c2f77a47f3
commit 7687791466
5 changed files with 85 additions and 80 deletions
--- a/.github/workflows/kanidmd-docker_image.yml
+++ b/.github/workflows/kanidmd-docker_image.yml
@ -1,4 +1,4 @@
-name: Kanidmd release
+name: release images

 on:
  push:
@ -13,24 +13,31 @@ on:
 jobs:
  test:
    runs-on: ubuntu-latest
-
+    strategy:
+      matrix:
+        target: [kanidmd, radiusd]
    steps:
      - uses: actions/checkout@v2

      - name: Run tests
-        run: make test/kanidmd
+        run: make test/${{ matrix.target }}

  push:
    needs: test

    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        artifact: [kanidmd, radiusd]
+
    if: github.event_name == 'push'

    steps:
      - uses: actions/checkout@v2

      - name: Build image
-        run: make build/kanidm
+        run: make build/${{ matrix.target }}

      - name: Log into registry
        run: echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin
@ -46,5 +53,5 @@ jobs:
          # Use Docker `latest` tag convention
          [ "$VERSION" == "master" ] && VERSION=latest

-          VERSION=$VERSION make push/kanidmd
+          VERSION=$VERSION make push/${{ matrix.target }}

--- a/.github/workflows/radius-docker_image.yml
+++ b/.github/workflows/radius-docker_image.yml
@ -1,50 +0,0 @@
-name: Radius docker image
-
-on:
-  push:
-    branches:
-      - master
-
-    tags:
-      - v*
-
-  pull_request:
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Run tests
-        run: make build/radiusd
-
-  push:
-    needs: test
-
-    runs-on: ubuntu-latest
-    if: github.event_name == 'push'
-
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Build image
-        run: make build/radiusd
-
-      - name: Log into registry
-        run: echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin
-
-      - name: Push image
-        run: |
-          # Strip git ref prefix from version
-          VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
-
-          # Strip "v" prefix from tag name
-          [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
-
-          # Use Docker `latest` tag convention
-          [ "$VERSION" == "master" ] && VERSION=latest
-
-          VERSION=$VERSION make push/radiusd
-
--- a/7
+++ b/7
@ -10,10 +10,6 @@ help:
 build/kanidmd:	## build kanidmd images
 build/kanidmd:
 	@docker build -f kanidmd/Dockerfile -t $(IMAGE_BASE)/server:$(IMAGE_VERSION) .
-	@docker build -f kanidmd/Dockerfile \
-		--target alpine \
-		-t $(IMAGE_BASE)/server:$(IMAGE_VERSION)-alpine \
-		.

 build/radiusd:	## build radiusd image
 build/radiusd:
@ -28,10 +24,11 @@ test/kanidmd:
 		.
 	@docker run --rm $(IMAGE_BASE)/server:$(IMAGE_VERSION)-builder cargo test

+test/radiusd:	build/radiusd	## test radiusd
+
 push/kanidmd:	## push kanidmd images
 push/kanidmd:
 	@docker push $(IMAGE_BASE)/server:$(IMAGE_VERSION)
-	@docker push $(IMAGE_BASE)/server:$(IMAGE_VERSION)-alpine

 push/radiusd:	## push radiusd image
 push/radiusd:
--- a/kanidmd/Dockerfile
+++ b/kanidmd/Dockerfile
@ -1,32 +1,51 @@
-ARG BASE_IMAGE=ekidd/rust-musl-builder:1.43.0
+ARG BASE_IMAGE=opensuse/tumbleweed@sha256:211becaf2c9250ae36eb313abf5db38cd5e159cac2d920e1ef7bb62429a51585
 FROM ${BASE_IMAGE} AS builder
 LABEL mantainer william@blackhats.net.au

-ADD --chown=rust:rust . ./
-WORKDIR kanidmd
+RUN zypper mr -d repo-non-oss && \
+    zypper mr -d repo-oss && \
+    zypper mr -d repo-update && \
+    zypper ar https://download.opensuse.org/update/tumbleweed/ repo-update-https && \
+    zypper ar https://download.opensuse.org/tumbleweed/repo/oss/ repo-oss-https && \
+    zypper ar https://download.opensuse.org/tumbleweed/repo/non-oss/ repo-non-oss-https && \
+    zypper ref && \
+    zypper install -y \
+        cargo \
+        rust \
+        gcc \
+        automake \
+        autoconf \
+        make \
+        libopenssl-devel \
+        pam-devel && \
+    zypper clean -a
+
+COPY . /usr/src/kanidm
+WORKDIR /usr/src/kanidm
+
 RUN cargo build --release

-
-FROM alpine:3.11 AS alpine
+FROM ${BASE_IMAGE}
 LABEL mantainer william@blackhats.net.au

-RUN apk --no-cache add ca-certificates
-COPY --from=builder \
-    /home/rust/src/target/x86_64-unknown-linux-musl/release/kanidmd \
-    /sbin/
-EXPOSE 8443
-VOLUME /data
-CMD ["/sbin/kanidmd", "server", "-D", "/data/kanidm.db",  "-C", "/data/ca.pem", \
-     "-c", "/data/cert.pem", "-k", "/data/key.pem", "--bindaddr", "0.0.0.0:8443"]
-
-FROM scratch
-LABEL mantainer william@blackhats.net.au
-
-COPY --from=builder \
-    /home/rust/src/target/x86_64-unknown-linux-musl/release/kanidmd \
-    /sbin/
+RUN zypper mr -d repo-non-oss && \
+    zypper mr -d repo-oss && \
+    zypper mr -d repo-update && \
+    zypper ar https://download.opensuse.org/update/tumbleweed/ repo-update-https && \
+    zypper ar https://download.opensuse.org/tumbleweed/repo/oss/ repo-oss-https && \
+    zypper ar https://download.opensuse.org/tumbleweed/repo/non-oss/ repo-non-oss-https && \
+    zypper ref && \
+    zypper install -y \
+        timezone \
+        pam && \
+    zypper clean -a
+
+COPY --from=builder /home/kanidm/target/release/kanidmd /sbin/
+
 EXPOSE 8443
 VOLUME /data
+
+ENV RUST_BACKTRACE 1
 CMD ["/sbin/kanidmd", "server", "-D", "/data/kanidm.db",  "-C", "/data/ca.pem", \
     "-c", "/data/cert.pem", "-k", "/data/key.pem", "--bindaddr", "0.0.0.0:8443"]

--- a/kanidmd/Dockerfile.scratch
+++ b/kanidmd/Dockerfile.scratch
@ -0,0 +1,32 @@
+ARG BASE_IMAGE=ekidd/rust-musl-builder:1.43.0
+FROM ${BASE_IMAGE} AS builder
+LABEL mantainer william@blackhats.net.au
+
+ADD --chown=rust:rust . ./
+WORKDIR kanidmd
+RUN cargo build --release
+
+
+FROM alpine:3.11 AS alpine
+LABEL mantainer william@blackhats.net.au
+
+RUN apk --no-cache add ca-certificates
+COPY --from=builder \
+    /home/rust/src/target/x86_64-unknown-linux-musl/release/kanidmd \
+    /sbin/
+EXPOSE 8443
+VOLUME /data
+CMD ["/sbin/kanidmd", "server", "-D", "/data/kanidm.db",  "-C", "/data/ca.pem", \
+     "-c", "/data/cert.pem", "-k", "/data/key.pem", "--bindaddr", "0.0.0.0:8443"]
+
+FROM scratch
+LABEL mantainer william@blackhats.net.au
+
+COPY --from=builder \
+    /home/rust/src/target/x86_64-unknown-linux-musl/release/kanidmd \
+    /sbin/
+EXPOSE 8443
+VOLUME /data
+CMD ["/sbin/kanidmd", "server", "-D", "/data/kanidm.db",  "-C", "/data/ca.pem", \
+     "-c", "/data/cert.pem", "-k", "/data/key.pem", "--bindaddr", "0.0.0.0:8443"]
+