mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 12:37:00 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Building kanidm cli in docker, disabling ARM kanidmd (#879)

Browse source 
* adding kanidm image and config
* removing npm deps from build and dockerfiles
* moving to a non-root user in the dockerfile
This commit is contained in:
James Hodgkinson 2022-07-05 11:39:38 +10:00 committed by GitHub
parent 61e32bce4f
commit f664971acf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 159 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
.github/dependabot.yml vendored
View file

@ -112,3 +112,11 @@ updates:
time: "06:00"
timezone: Australia/Brisbane
open-pull-requests-limit: 99
# Maintain dependencies for GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: weekly
time: "06:00"
timezone: Australia/Brisbane
open-pull-requests-limit: 99

49
.github/workflows/docker_build_kanidm.yml vendored Normal file
View file

@ -0,0 +1,49 @@
---
name: Container - Kanidm
# this will build regardless,
# but only push to the container registry
# when you're committing on the master branch.
"on":
pull_request:
push:
branches:
- master
jobs:
kanidm_build:
runs-on: ubuntu-latest
continue-on-error: true # yolo
strategy:
fail-fast: false
matrix:
target:
- linux/arm64
- linux/amd64
if: github.event_name == 'push'
steps:
- uses: actions/checkout@v3
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- # https://github.com/docker/login-action/#github-container-registry
name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push kanidmd
id: docker_build_kanidm
uses: docker/build-push-action@v2
with:
push: ${{ github.ref == 'refs/heads/master' }}
platforms: ${{matrix.target}}
# https://github.com/docker/build-push-action/issues/254
tags: ghcr.io/kanidm/kanidm:devel
build-args: |
"KANIDM_FEATURES="
"KANIDM_BUILD_OPTIONS=-j1"
file: kanidm_tools/Dockerfile

12
.github/workflows/docker_build_kanidmd.yml vendored
View file

@ -12,23 +12,25 @@ name: Container - Kanidmd
- master
jobs:
kanidm_build:
kanidmd_build:
runs-on: ubuntu-latest
continue-on-error: true # yolo
strategy:
fail-fast: false
matrix:
target:
- linux/arm64
# - linux/arm64
- linux/amd64
if: github.event_name == 'push'
steps:
- uses: actions/checkout@v3
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@v2
- # https://github.com/docker/login-action/#github-container-registry
name: Login to GitHub Container Registry
uses: docker/login-action@v1
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}

7
DEVELOPER_README.md
View file

@ -33,7 +33,7 @@ using the Tumbleweed release, it's packaged in `zypper`.
You will also need some system libraries to build this:
libudev-devel sqlite3-devel libopenssl-devel npm-default
libudev-devel sqlite3-devel libopenssl-devel
#### Fedora
@ -177,12 +177,13 @@ The Web UI uses Rust WebAssembly rather than Javascript. To build this you need
to set up the environment:
cargo install wasm-pack
npm install --global rollup
Then you are able to build the UI:
cd kanidmd_web_ui/
./build_wasm.sh
./build_wasm_dev.sh
To build for release, run `build_wasm_release.sh`.
The "developer" profile for kanidmd will automatically use the pkg output in this folder.

86
kanidm_tools/Dockerfile Normal file
View file

@ -0,0 +1,86 @@
# This builds the kanidm CLI tool
ARG BASE_IMAGE=opensuse/tumbleweed:latest
FROM ${BASE_IMAGE} AS repos
# To help mirrors not be as bad
RUN zypper install -y mirrorsorcerer
RUN /usr/sbin/mirrorsorcerer -x; true
RUN zypper refresh --force
RUN zypper dup -y
FROM repos AS builder
RUN zypper install -y \
cargo \
gcc \
rust wasm-pack \
clang lld \
make automake autoconf \
libopenssl-devel \
pam-devel \
libudev-devel \
sqlite3-devel \
sccache \
rsync
RUN zypper clean -a
COPY . /usr/src/kanidm
ARG SCCACHE_REDIS=""
ARG KANIDM_FEATURES
ARG KANIDM_BUILD_PROFILE
ARG KANIDM_BUILD_OPTIONS=""
RUN mkdir /scratch
RUN echo $KANIDM_BUILD_PROFILE
RUN echo $KANIDM_FEATURES
ENV CARGO_HOME=/scratch/.cargo
ENV RUSTFLAGS="-Clinker=clang"
WORKDIR /usr/src/kanidm/
ENV RUSTFLAGS="-Clinker=clang -Clink-arg=-fuse-ld=/usr/bin/ld.lld"
RUN if [ "${SCCACHE_REDIS}" != "" ]; \
then \
export CARGO_INCREMENTAL=false && \
export CC="/usr/bin/sccache /usr/bin/clang" && \
export RUSTC_WRAPPER=sccache && \
sccache --start-server; \
else \
export CC="/usr/bin/clang"; \
fi
# build the CLI
RUN if [ -z "${KANIDM_FEATURES}" ]; then \
cargo build -p kanidm_tools --bin kanidm ${KANIDM_BUILD_OPTIONS} \
--target-dir="/usr/src/kanidm/target/" \
--release; \
else \
cargo build -p kanidm_tools --bin kanidm ${KANIDM_BUILD_OPTIONS} \
--target-dir="/usr/src/kanidm/target/" \
--features="${KANIDM_FEATURES}" \
--release; \
fi
RUN if [ "${SCCACHE_REDIS}" != "" ]; then sccache -s; fi
RUN ls -al /usr/src/kanidm/target/release
FROM repos
RUN zypper install -y timezone busybox-adduser
RUN zypper clean -a
COPY --from=builder /usr/src/kanidm/target/release/kanidm /sbin/
RUN chmod +x /sbin/kanidm
ENV RUST_BACKTRACE 1
RUN adduser -D -H kanidm
RUN zypper remove -y busybox-adduser
USER kanidm
ENTRYPOINT [ "/sbin/kanidm" ]

5
kanidmd/Dockerfile
View file

@ -16,7 +16,9 @@ RUN zypper install -y \
make automake autoconf \
libopenssl-devel pam-devel \
sqlite3-devel \
sccache
sccache \
gcc \
rsync
RUN zypper clean -a
COPY . /usr/src/kanidm
@ -81,6 +83,7 @@ RUN zypper clean -a
COPY --from=builder /usr/src/kanidm/target/release/kanidmd /sbin/
COPY --from=builder /usr/src/kanidm/kanidmd_web_ui/pkg /pkg
RUN chmod +x /sbin/kanidmd
EXPOSE 8443 3636
VOLUME /data