From 76877914663a0f6396d8627c48ba86f7f9cb1349 Mon Sep 17 00:00:00 2001 From: Pando85 Date: Wed, 6 May 2020 09:37:07 +0200 Subject: [PATCH] Merge docker image github actions into unique Use matrix and Makefile to build both images in the same workflow. Kanidmd image remove muslc version and come back to SUSE version because performance problems. Also fix a typo bug with kanidmd image build on CI. --- ...dmd-docker_image.yml => docker_images.yml} | 17 ++++-- .github/workflows/radius-docker_image.yml | 50 ---------------- Makefile | 7 +-- kanidmd/Dockerfile | 59 ++++++++++++------- kanidmd/Dockerfile.scratch | 32 ++++++++++ 5 files changed, 85 insertions(+), 80 deletions(-) rename .github/workflows/{kanidmd-docker_image.yml => docker_images.yml} (75%) delete mode 100644 .github/workflows/radius-docker_image.yml create mode 100644 kanidmd/Dockerfile.scratch diff --git a/.github/workflows/kanidmd-docker_image.yml b/.github/workflows/docker_images.yml similarity index 75% rename from .github/workflows/kanidmd-docker_image.yml rename to .github/workflows/docker_images.yml index 2041d71d0..7e94ef539 100644 --- a/.github/workflows/kanidmd-docker_image.yml +++ b/.github/workflows/docker_images.yml @@ -1,4 +1,4 @@ -name: Kanidmd release +name: release images on: push: @@ -13,24 +13,31 @@ on: jobs: test: runs-on: ubuntu-latest - + strategy: + matrix: + target: [kanidmd, radiusd] steps: - uses: actions/checkout@v2 - name: Run tests - run: make test/kanidmd + run: make test/${{ matrix.target }} push: needs: test runs-on: ubuntu-latest + + strategy: + matrix: + artifact: [kanidmd, radiusd] + if: github.event_name == 'push' steps: - uses: actions/checkout@v2 - name: Build image - run: make build/kanidm + run: make build/${{ matrix.target }} - name: Log into registry run: echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin @@ -46,5 +53,5 @@ jobs: # Use Docker `latest` tag convention [ "$VERSION" == "master" ] && VERSION=latest - VERSION=$VERSION make push/kanidmd + VERSION=$VERSION make push/${{ matrix.target }} diff --git a/.github/workflows/radius-docker_image.yml b/.github/workflows/radius-docker_image.yml deleted file mode 100644 index ab57b082c..000000000 --- a/.github/workflows/radius-docker_image.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: Radius docker image - -on: - push: - branches: - - master - - tags: - - v* - - pull_request: - -jobs: - test: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: Run tests - run: make build/radiusd - - push: - needs: test - - runs-on: ubuntu-latest - if: github.event_name == 'push' - - steps: - - uses: actions/checkout@v2 - - - name: Build image - run: make build/radiusd - - - name: Log into registry - run: echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin - - - name: Push image - run: | - # Strip git ref prefix from version - VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') - - # Strip "v" prefix from tag name - [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') - - # Use Docker `latest` tag convention - [ "$VERSION" == "master" ] && VERSION=latest - - VERSION=$VERSION make push/radiusd - diff --git a/Makefile b/Makefile index 39d70ac21..10a0f0369 100644 --- a/Makefile +++ b/Makefile @@ -10,10 +10,6 @@ help: build/kanidmd: ## build kanidmd images build/kanidmd: @docker build -f kanidmd/Dockerfile -t $(IMAGE_BASE)/server:$(IMAGE_VERSION) . - @docker build -f kanidmd/Dockerfile \ - --target alpine \ - -t $(IMAGE_BASE)/server:$(IMAGE_VERSION)-alpine \ - . build/radiusd: ## build radiusd image build/radiusd: @@ -28,10 +24,11 @@ test/kanidmd: . @docker run --rm $(IMAGE_BASE)/server:$(IMAGE_VERSION)-builder cargo test +test/radiusd: build/radiusd ## test radiusd + push/kanidmd: ## push kanidmd images push/kanidmd: @docker push $(IMAGE_BASE)/server:$(IMAGE_VERSION) - @docker push $(IMAGE_BASE)/server:$(IMAGE_VERSION)-alpine push/radiusd: ## push radiusd image push/radiusd: diff --git a/kanidmd/Dockerfile b/kanidmd/Dockerfile index e024c285d..cd56f592c 100644 --- a/kanidmd/Dockerfile +++ b/kanidmd/Dockerfile @@ -1,32 +1,51 @@ -ARG BASE_IMAGE=ekidd/rust-musl-builder:1.43.0 +ARG BASE_IMAGE=opensuse/tumbleweed@sha256:211becaf2c9250ae36eb313abf5db38cd5e159cac2d920e1ef7bb62429a51585 FROM ${BASE_IMAGE} AS builder LABEL mantainer william@blackhats.net.au -ADD --chown=rust:rust . ./ -WORKDIR kanidmd +RUN zypper mr -d repo-non-oss && \ + zypper mr -d repo-oss && \ + zypper mr -d repo-update && \ + zypper ar https://download.opensuse.org/update/tumbleweed/ repo-update-https && \ + zypper ar https://download.opensuse.org/tumbleweed/repo/oss/ repo-oss-https && \ + zypper ar https://download.opensuse.org/tumbleweed/repo/non-oss/ repo-non-oss-https && \ + zypper ref && \ + zypper install -y \ + cargo \ + rust \ + gcc \ + automake \ + autoconf \ + make \ + libopenssl-devel \ + pam-devel && \ + zypper clean -a + +COPY . /usr/src/kanidm +WORKDIR /usr/src/kanidm + RUN cargo build --release - -FROM alpine:3.11 AS alpine +FROM ${BASE_IMAGE} LABEL mantainer william@blackhats.net.au -RUN apk --no-cache add ca-certificates -COPY --from=builder \ - /home/rust/src/target/x86_64-unknown-linux-musl/release/kanidmd \ - /sbin/ -EXPOSE 8443 -VOLUME /data -CMD ["/sbin/kanidmd", "server", "-D", "/data/kanidm.db", "-C", "/data/ca.pem", \ - "-c", "/data/cert.pem", "-k", "/data/key.pem", "--bindaddr", "0.0.0.0:8443"] - -FROM scratch -LABEL mantainer william@blackhats.net.au - -COPY --from=builder \ - /home/rust/src/target/x86_64-unknown-linux-musl/release/kanidmd \ - /sbin/ +RUN zypper mr -d repo-non-oss && \ + zypper mr -d repo-oss && \ + zypper mr -d repo-update && \ + zypper ar https://download.opensuse.org/update/tumbleweed/ repo-update-https && \ + zypper ar https://download.opensuse.org/tumbleweed/repo/oss/ repo-oss-https && \ + zypper ar https://download.opensuse.org/tumbleweed/repo/non-oss/ repo-non-oss-https && \ + zypper ref && \ + zypper install -y \ + timezone \ + pam && \ + zypper clean -a + +COPY --from=builder /home/kanidm/target/release/kanidmd /sbin/ + EXPOSE 8443 VOLUME /data + +ENV RUST_BACKTRACE 1 CMD ["/sbin/kanidmd", "server", "-D", "/data/kanidm.db", "-C", "/data/ca.pem", \ "-c", "/data/cert.pem", "-k", "/data/key.pem", "--bindaddr", "0.0.0.0:8443"] diff --git a/kanidmd/Dockerfile.scratch b/kanidmd/Dockerfile.scratch new file mode 100644 index 000000000..e024c285d --- /dev/null +++ b/kanidmd/Dockerfile.scratch @@ -0,0 +1,32 @@ +ARG BASE_IMAGE=ekidd/rust-musl-builder:1.43.0 +FROM ${BASE_IMAGE} AS builder +LABEL mantainer william@blackhats.net.au + +ADD --chown=rust:rust . ./ +WORKDIR kanidmd +RUN cargo build --release + + +FROM alpine:3.11 AS alpine +LABEL mantainer william@blackhats.net.au + +RUN apk --no-cache add ca-certificates +COPY --from=builder \ + /home/rust/src/target/x86_64-unknown-linux-musl/release/kanidmd \ + /sbin/ +EXPOSE 8443 +VOLUME /data +CMD ["/sbin/kanidmd", "server", "-D", "/data/kanidm.db", "-C", "/data/ca.pem", \ + "-c", "/data/cert.pem", "-k", "/data/key.pem", "--bindaddr", "0.0.0.0:8443"] + +FROM scratch +LABEL mantainer william@blackhats.net.au + +COPY --from=builder \ + /home/rust/src/target/x86_64-unknown-linux-musl/release/kanidmd \ + /sbin/ +EXPOSE 8443 +VOLUME /data +CMD ["/sbin/kanidmd", "server", "-D", "/data/kanidm.db", "-C", "/data/ca.pem", \ + "-c", "/data/cert.pem", "-k", "/data/key.pem", "--bindaddr", "0.0.0.0:8443"] +