mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fighting with zypper, tagging our images (#1964)

Browse source 
* fighting weird build issues

* labels are better outside

* ugh that stupid linter

* why do you always lint on me

* neat

* adding comments
This commit is contained in:
James Hodgkinson 2023-08-14 10:06:53 +10:00 committed by GitHub
parent 84ac1168f6
commit 9246293922
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 85 additions and 59 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
Makefile
View file

@ -9,6 +9,7 @@ CONTAINER_TOOL ?= docker
BUILDKIT_PROGRESS ?= plain BUILDKIT_PROGRESS ?= plain
TESTS ?= TESTS ?=
BOOK_VERSION ?= master BOOK_VERSION ?= master
GIT_COMMIT := $(shell git rev-parse HEAD)
.DEFAULT: help .DEFAULT: help
.PHONY: help .PHONY: help
@ -32,6 +33,8 @@ buildx/kanidmd:
--progress $(BUILDKIT_PROGRESS) \ --progress $(BUILDKIT_PROGRESS) \
--build-arg "KANIDM_BUILD_PROFILE=container_generic" \ --build-arg "KANIDM_BUILD_PROFILE=container_generic" \
--build-arg "KANIDM_FEATURES=" \ --build-arg "KANIDM_FEATURES=" \
--label "com.kanidm.git-commit=$(GIT_COMMIT)" \
--label "com.kanidm.version=$(IMAGE_EXT_VERSION)" \
$(CONTAINER_BUILD_ARGS) . $(CONTAINER_BUILD_ARGS) .
.PHONY: buildx/kanidm_tools .PHONY: buildx/kanidm_tools
@ -45,6 +48,8 @@ buildx/kanidm_tools:
--progress $(BUILDKIT_PROGRESS) \ --progress $(BUILDKIT_PROGRESS) \
--build-arg "KANIDM_BUILD_PROFILE=container_generic" \ --build-arg "KANIDM_BUILD_PROFILE=container_generic" \
--build-arg "KANIDM_FEATURES=" \ --build-arg "KANIDM_FEATURES=" \
--label "com.kanidm.git-commit=$(GIT_COMMIT)" \
--label "com.kanidm.version=$(IMAGE_EXT_VERSION)" \
$(CONTAINER_BUILD_ARGS) . $(CONTAINER_BUILD_ARGS) .
.PHONY: buildx/radiusd .PHONY: buildx/radiusd
@ -54,6 +59,8 @@ buildx/radiusd:
--pull --push --platform $(IMAGE_ARCH) \ --pull --push --platform $(IMAGE_ARCH) \
-f rlm_python/Dockerfile \ -f rlm_python/Dockerfile \
--progress $(BUILDKIT_PROGRESS) \ --progress $(BUILDKIT_PROGRESS) \
--label "com.kanidm.git-commit=$(GIT_COMMIT)" \
--label "com.kanidm.version=$(IMAGE_EXT_VERSION)" \
-t $(IMAGE_BASE)/radius:$(IMAGE_VERSION) \ -t $(IMAGE_BASE)/radius:$(IMAGE_VERSION) \
-t $(IMAGE_BASE)/radius:$(IMAGE_EXT_VERSION) . -t $(IMAGE_BASE)/radius:$(IMAGE_EXT_VERSION) .
@ -65,17 +72,19 @@ build/kanidmd: ## Build the kanidmd docker image locally
build/kanidmd: build/kanidmd:
@$(CONTAINER_TOOL) build $(CONTAINER_TOOL_ARGS) -f server/Dockerfile \ @$(CONTAINER_TOOL) build $(CONTAINER_TOOL_ARGS) -f server/Dockerfile \
-t $(IMAGE_BASE)/server:$(IMAGE_VERSION) \ -t $(IMAGE_BASE)/server:$(IMAGE_VERSION) \
--platform $(IMAGE_ARCH) \
--build-arg "KANIDM_BUILD_PROFILE=container_generic" \ --build-arg "KANIDM_BUILD_PROFILE=container_generic" \
--build-arg "KANIDM_FEATURES=" \ --build-arg "KANIDM_FEATURES=" \
--label "com.kanidm.git-commit=$(GIT_COMMIT)" \
--label "com.kanidm.version=$(IMAGE_EXT_VERSION)" \
$(CONTAINER_BUILD_ARGS) . $(CONTAINER_BUILD_ARGS) .
.PHONY: build/radiusd .PHONY: build/radiusd
build/radiusd: ## Build the radiusd docker image locally build/radiusd: ## Build the radiusd docker image locally
build/radiusd: build/radiusd:
@$(CONTAINER_TOOL) build $(CONTAINER_TOOL_ARGS) \ @$(CONTAINER_TOOL) build $(CONTAINER_TOOL_ARGS) \
--platform $(IMAGE_ARCH) \
-f rlm_python/Dockerfile \ -f rlm_python/Dockerfile \
--label "com.kanidm.git-commit=$(GIT_COMMIT)" \
--label "com.kanidm.version=$(IMAGE_EXT_VERSION)" \
-t $(IMAGE_BASE)/radius:$(IMAGE_VERSION) . -t $(IMAGE_BASE)/radius:$(IMAGE_VERSION) .
.PHONY: build .PHONY: build
@ -88,6 +97,8 @@ test/kanidmd:
$(CONTAINER_TOOL_ARGS) -f server/Dockerfile \ $(CONTAINER_TOOL_ARGS) -f server/Dockerfile \
--target builder \ --target builder \
-t $(IMAGE_BASE)/server:$(IMAGE_VERSION)-builder \ -t $(IMAGE_BASE)/server:$(IMAGE_VERSION)-builder \
--label "com.kanidm.git-commit=$(GIT_COMMIT)" \
--label "com.kanidm.version=$(IMAGE_EXT_VERSION)" \
$(CONTAINER_BUILD_ARGS) . $(CONTAINER_BUILD_ARGS) .
@$(CONTAINER_TOOL) run --rm $(IMAGE_BASE)/server:$(IMAGE_VERSION)-builder cargo test @$(CONTAINER_TOOL) run --rm $(IMAGE_BASE)/server:$(IMAGE_VERSION)-builder cargo test

1
examples/apache_oauth/Dockerfile
View file

@ -10,3 +10,4 @@ RUN a2enmod ssl
RUN rm /etc/apache2/sites-enabled/000-default.conf RUN rm /etc/apache2/sites-enabled/000-default.conf
COPY index.html /var/www/html/index.html COPY index.html /var/www/html/index.html
COPY oauth2.conf /etc/apache2/sites-enabled/oauth2.conf COPY oauth2.conf /etc/apache2/sites-enabled/oauth2.conf

9
rlm_python/Dockerfile
View file

@ -1,12 +1,7 @@
ARG BASE_IMAGE=opensuse/tumbleweed:latest ARG BASE_IMAGE=opensuse/tumbleweed:latest
FROM ${BASE_IMAGE} AS repos FROM ${BASE_IMAGE} AS repos
RUN \ ADD ../scripts/zypper_fixing.sh /zypper_fixing.sh
--mount=type=cache,id=zypp,target=/var/cache/zypp \ RUN --mount=type=cache,id=zypp,target=/var/cache/zypp /zypper_fixing.sh
zypper mr -k repo-oss; \
zypper mr -k repo-non-oss; \
zypper mr -k repo-update; \
zypper ref --force; \
zypper -v dup -y
# ====================== # ======================
FROM repos FROM repos

22
scripts/zypper_fixing.sh Executable file
View file

@ -0,0 +1,22 @@
#!/bin/bash
# makes sure the repos are configured because the containers are derpy sometimes
#disable the openh264 repo
if [ "$(zypper lr | grep -ci 'repo-openh264')" -eq 1 ]; then
zypper mr -d -f -n 'repo-openh264'
fi
# add the non-oss repo if it doesn't exist
if [ "$(zypper lr | grep -c 'repo-non-oss')" -eq 0 ]; then
zypper ar -f -n 'Non-OSS' http://download.opensuse.org/tumbleweed/repo/non-oss/ repo-non-oss
fi
# update the repos and make sure the ones we want are enabled
zypper mr -k repo-oss
zypper mr -k repo-non-oss
zypper mr -k repo-update
# force the refresh because zypper is too silly to work out it needs to do it itself
zypper ref --force
# show which mirror is failing if an error occurs (otherwise zypper shows the wrong mirror url)
zypper -v dup -y

30
server/Dockerfile
View file

@ -1,13 +1,9 @@
# Build the main Kanidmd server # Build the main Kanidmd server
ARG BASE_IMAGE=opensuse/tumbleweed:latest ARG BASE_IMAGE=opensuse/tumbleweed:latest
FROM ${BASE_IMAGE} AS repos FROM ${BASE_IMAGE} AS repos
RUN \ ADD scripts/zypper_fixing.sh /zypper_fixing.sh
--mount=type=cache,id=zypp,target=/var/cache/zypp \ RUN --mount=type=cache,id=zypp,target=/var/cache/zypp /zypper_fixing.sh
zypper mr -k repo-oss; \
zypper mr -k repo-non-oss; \
zypper mr -k repo-update; \
zypper ref --force ; \
zypper -v dup -y
# ====================== # ======================
FROM repos AS builder FROM repos AS builder
@ -25,8 +21,11 @@ RUN \
sccache \ sccache \
cargo \ cargo \
clang \ clang \
make automake autoconf \ make \
libopenssl-3-devel pam-devel \ automake \
autoconf \
libopenssl-3-devel \
pam-devel \
sqlite3-devel \ sqlite3-devel \
rsync \ rsync \
findutils \ findutils \
@ -47,13 +46,12 @@ COPY . /usr/src/kanidm
WORKDIR /usr/src/kanidm/kanidmd/daemon WORKDIR /usr/src/kanidm/kanidmd/daemon
# Exports don't persist through RUN statements. # Exports don't persist through RUN statements.
RUN \ RUN --mount=type=cache,id=cargo,target=/cargo \
--mount=type=cache,id=cargo,target=/cargo \
--mount=type=cache,id=sccache,target=/sccache \ --mount=type=cache,id=sccache,target=/sccache \
export CARGO_HOME=/cargo; \ export CARGO_HOME=/cargo && \
export SCCACHE_DIR=/sccache; \ export SCCACHE_DIR=/sccache && \
export RUSTC_WRAPPER=/usr/bin/sccache; \ export RUSTC_WRAPPER=/usr/bin/sccache && \
export CC="/usr/bin/clang"; \ export CC="/usr/bin/clang" && \
cargo build -p daemon ${KANIDM_BUILD_OPTIONS} \ cargo build -p daemon ${KANIDM_BUILD_OPTIONS} \
--target-dir="/usr/src/kanidm/target/" \ --target-dir="/usr/src/kanidm/target/" \
--features="${KANIDM_FEATURES}" \ --features="${KANIDM_FEATURES}" \
@ -63,7 +61,6 @@ export CC="/usr/bin/clang"; \
# ====================== # ======================
FROM repos FROM repos
RUN \ RUN \
--mount=type=cache,id=zypp,target=/var/cache/zypp \ --mount=type=cache,id=zypp,target=/var/cache/zypp \
zypper install -y \ zypper install -y \
@ -80,4 +77,5 @@ EXPOSE 8443 3636
VOLUME /data VOLUME /data
ENV RUST_BACKTRACE 1 ENV RUST_BACKTRACE 1
CMD [ "/sbin/kanidmd", "server", "-c", "/data/server.toml"] CMD [ "/sbin/kanidmd", "server", "-c", "/data/server.toml"]

23
tools/Dockerfile
View file

@ -1,13 +1,8 @@
# This builds the kanidm CLI tools # This builds the kanidm CLI tools
ARG BASE_IMAGE=opensuse/tumbleweed:latest ARG BASE_IMAGE=opensuse/tumbleweed:latest
FROM ${BASE_IMAGE} AS repos FROM ${BASE_IMAGE} AS repos
RUN \ ADD ../scripts/zypper_fixing.sh /zypper_fixing.sh
--mount=type=cache,id=zypp,target=/var/cache/zypp \ RUN --mount=type=cache,id=zypp,target=/var/cache/zypp /zypper_fixing.sh
zypper mr -k repo-oss; \
zypper mr -k repo-non-oss; \
zypper mr -k repo-update; \
zypper ref --force; \
zypper -v dup -y
FROM repos AS builder FROM repos AS builder
ARG KANIDM_FEATURES ARG KANIDM_FEATURES
@ -24,7 +19,9 @@ RUN \
sccache \ sccache \
cargo \ cargo \
clang \ clang \
make automake autoconf \ make \
automake \
autoconf \
libopenssl-3-devel \ libopenssl-3-devel \
pam-devel \ pam-devel \
libudev-devel \ libudev-devel \
@ -47,11 +44,11 @@ export CC="/usr/bin/clang"; \
cargo build -p kanidm_tools ${KANIDM_BUILD_OPTIONS} \ cargo build -p kanidm_tools ${KANIDM_BUILD_OPTIONS} \
--target-dir="/usr/src/kanidm/target/" \ --target-dir="/usr/src/kanidm/target/" \
--features="${KANIDM_FEATURES}" \ --features="${KANIDM_FEATURES}" \
--release; \ --release && \
cargo build -p kanidm-ipa-sync ${KANIDM_BUILD_OPTIONS} \ cargo build -p kanidm-ipa-sync ${KANIDM_BUILD_OPTIONS} \
--target-dir="/usr/src/kanidm/target/" \ --target-dir="/usr/src/kanidm/target/" \
--features="${KANIDM_FEATURES}" \ --features="${KANIDM_FEATURES}" \
--release; \ --release && \
sccache -s sccache -s
# == Construct the tools container # == Construct the tools container
@ -61,7 +58,10 @@ ENV RUST_BACKTRACE 1
RUN \ RUN \
--mount=type=cache,id=zypp,target=/var/cache/zypp \ --mount=type=cache,id=zypp,target=/var/cache/zypp \
zypper install -y timezone busybox-adduser openssl-3 zypper install -y \
timezone \
busybox-adduser \
openssl-3
COPY --from=builder /usr/src/kanidm/target/release/kanidm /sbin/ COPY --from=builder /usr/src/kanidm/target/release/kanidm /sbin/
COPY --from=builder /usr/src/kanidm/target/release/kanidm-ipa-sync /sbin/ COPY --from=builder /usr/src/kanidm/target/release/kanidm-ipa-sync /sbin/
@ -75,4 +75,3 @@ RUN adduser -D -H kanidm && \
USER kanidm USER kanidm
CMD [ "/sbin/kanidm", "-h" ] CMD [ "/sbin/kanidm", "-h" ]