diff --git a/.github/workflows/Dockerfile.ci.alpine b/.github/workflows/Dockerfile.ci.alpine index 609eb77..d4cbde7 100644 --- a/.github/workflows/Dockerfile.ci.alpine +++ b/.github/workflows/Dockerfile.ci.alpine @@ -56,8 +56,35 @@ WORKDIR /app ENV UID=1000 ENV GID=1000 ENV USER=lldap -RUN echo http://mirror.math.princeton.edu/pub/alpinelinux/edge/testing/ >> /etc/apk/repositories && \ - apk add --no-cache tini ca-certificates bash gosu && \ +ENV GOSU_VERSION 1.14 +# Fetch gosu from git +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +RUN apk add --no-cache tini ca-certificates bash && \ addgroup -g $GID $USER && \ adduser \ --disabled-password \ diff --git a/.github/workflows/Dockerfile.ci.debian b/.github/workflows/Dockerfile.ci.debian new file mode 100644 index 0000000..47899fa --- /dev/null +++ b/.github/workflows/Dockerfile.ci.debian @@ -0,0 +1,69 @@ +FROM debian:bullseye AS lldap +ARG DEBIAN_FRONTEND=noninteractive +ARG TARGETPLATFORM +RUN apt update && apt install -y wget +WORKDIR /dim +COPY bin/ bin/ +COPY web/ web/ + +RUN mkdir -p target/ +RUN mkdir -p /lldap/app + +RUN if [ "${TARGETPLATFORM}" = "linux/amd64" ]; then \ + mv bin/amd64-bin/lldap target/lldap && \ + mv bin/amd64-bin/migration-tool target/migration-tool && \ + chmod +x target/lldap && \ + chmod +x target/migration-tool && \ + ls -la target/ . && \ + pwd \ + ; fi + +RUN if [ "${TARGETPLATFORM}" = "linux/arm64" ]; then \ + mv bin/aarch64-bin/lldap target/lldap && \ + mv bin/aarch64-bin/migration-tool target/migration-tool && \ + chmod +x target/lldap && \ + chmod +x target/migration-tool && \ + ls -la target/ . && \ + pwd \ + ; fi + +RUN if [ "${TARGETPLATFORM}" = "linux/arm/v7" ]; then \ + mv bin/armhf-bin/lldap target/lldap && \ + mv bin/armhf-bin/migration-tool target/migration-tool && \ + chmod +x target/lldap && \ + chmod +x target/migration-tool && \ + ls -la target/ . && \ + pwd \ + ; fi + +# Web and App dir +COPY docker-entrypoint.sh /docker-entrypoint.sh +COPY lldap_config.docker_template.toml /lldap/ +RUN cp target/lldap /lldap/ && \ + cp target/migration-tool /lldap/ && \ + cp -R web/index.html \ + web/pkg \ + web/static \ + /lldap/app/ + +RUN set -x \ + && for file in $(cat /lldap/app/static/libraries.txt); do wget -P app/static "$file"; done \ + && for file in $(cat /lldap/app/static/fonts/fonts.txt); do wget -P app/static/fonts "$file"; done \ + && chmod a+r -R . + +FROM debian:bullseye-slim +ENV UID=1000 +ENV GID=1000 +ENV USER=lldap +RUN apt update && \ + apt install -y --no-install-recommends tini openssl ca-certificates gosu && \ + apt clean && \ + rm -rf /var/lib/apt/lists/* && \ + groupadd -g $GID $USER && useradd --system -m -g $USER --uid $UID $USER && \ + mkdir -p /data && chown $USER:$USER /data +COPY --from=lldap --chown=$USER:$USER /lldap /app +COPY --from=lldap --chown=$USER:$USER /docker-entrypoint.sh /docker-entrypoint.sh +VOLUME ["/data"] +WORKDIR /app +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] +CMD ["run", "--config-file", "/data/lldap_config.toml"] diff --git a/.github/workflows/docker-build-static.yml b/.github/workflows/docker-build-static.yml index 3b1bcef..ab3a62f 100644 --- a/.github/workflows/docker-build-static.yml +++ b/.github/workflows/docker-build-static.yml @@ -56,10 +56,11 @@ jobs: build-ui: runs-on: ubuntu-latest container: - image: rust:1.61 + image: rust:1.62 env: CARGO_TERM_COLOR: always - RUSTFLAGS: -Ctarget-feature=-crt-static + RUSTFLAGS: -Ctarget-feature=+crt-static + #CARGO_HOME: ${GITHUB_WORKSPACE}/.cargo steps: - name: install runtime run: apt update && apt install -y gcc-x86-64-linux-gnu g++-x86-64-linux-gnu libc6-dev @@ -82,11 +83,10 @@ jobs: lldap-ui- - name: Checkout repository uses: actions/checkout@v2 - # Prevent install error on existing cached - - name: install cargo wasm - run: cargo install wasm-pack || true - - name: install rollup nodejs - run: npm install -g rollup + - name: install rollup nodejs and wasm-pack + run: | + npm install -g rollup + npm install -g wasm-pack - name: build frontend run: ./app/build.sh - name: check path @@ -100,11 +100,11 @@ jobs: build-armhf: runs-on: ubuntu-latest container: - image: rust:1.61 + image: rust:1.62 env: CARGO_TARGET_ARMV7_UNKNOWN_LINUX_GNUEABIHF_LINKER: arm-linux-gnueabihf-gcc CARGO_TERM_COLOR: always - RUSTFLAGS: -Ctarget-feature=+crt-static + RUSTFLAGS: -Ctarget-feature=-crt-static CARGO_HOME: ${GITHUB_WORKSPACE}/.cargo steps: - name: add armhf architecture @@ -159,13 +159,9 @@ jobs: - name: add arm64 architecture run: dpkg --add-architecture arm64 - name: install runtime - run: apt update && apt install -y gcc-aarch64-linux-gnu g++-aarch64-linux-gnu libc6-arm64-cross libc6-dev-arm64-cross tar - - name: smoke test - run: rustc --version + run: apt update && apt install -y gcc-aarch64-linux-gnu g++-aarch64-linux-gnu libc6-arm64-cross libc6-dev-arm64-cross tar wget - name: Checkout repository uses: actions/checkout@v2 - - name: add arm64 target - run: rustup target add aarch64-unknown-linux-gnu - name: smoke test run: rustc --version - name: Checkout repository @@ -181,34 +177,32 @@ jobs: key: lldap-bin-aarch64-${{ hashFiles('**/Cargo.lock') }} restore-keys: | lldap-bin-aarch64- - - name: compile aarch64 - run: cargo build --target=aarch64-unknown-linux-gnu --release -p lldap -p migration-tool + - name: build + run: ./build-arm64.sh - name: check path - run: ls -al target/aarch64-unknown-linux-gnu/release/ + run: ls -al target/aarch64-unknown-linux-musl/release/ - name: upload aarch64 lldap artifacts uses: actions/upload-artifact@v3 with: name: aarch64-lldap-bin - path: target/aarch64-unknown-linux-gnu/release/lldap + path: target/aarch64-unknown-linux-musl/release/lldap - name: upload aarch64 migration-tool artifacts uses: actions/upload-artifact@v3 with: name: aarch64-migration-tool-bin - path: target/aarch64-unknown-linux-gnu/release/migration-tool + path: target/aarch64-unknown-linux-musl/release/migration-tool build-amd64: runs-on: ubuntu-latest container: - image: rust:1.61 + image: rust:1.62 env: CARGO_TERM_COLOR: always RUSTFLAGS: -Ctarget-feature=+crt-static CARGO_HOME: ${GITHUB_WORKSPACE}/.cargo steps: - name: install runtime - run: apt update && apt install -y gcc-x86-64-linux-gnu g++-x86-64-linux-gnu libc6-dev tar - - name: smoke test - run: rustc --version + run: apt update && apt install -y gcc-x86-64-linux-gnu g++-x86-64-linux-gnu libc6-dev tar wget musl-tools - name: Checkout repository uses: actions/checkout@v2 - uses: actions/cache@v3 @@ -222,20 +216,20 @@ jobs: key: lldap-bin-amd64-${{ hashFiles('**/Cargo.lock') }} restore-keys: | lldap-bin-amd64- - - name: compile amd64 - run: cargo build --target=x86_64-unknown-linux-gnu --release -p lldap -p migration-tool + - name: build + run: ./build-amd64.sh - name: check path - run: ls -al target/x86_64-unknown-linux-gnu/release/ + run: ls -al target/x86_64-unknown-linux-musl/release/ - name: upload amd64 lldap artifacts uses: actions/upload-artifact@v3 with: name: amd64-lldap-bin - path: target/x86_64-unknown-linux-gnu/release/lldap + path: target/x86_64-unknown-linux-musl/release/lldap - name: upload amd64 migration-tool artifacts uses: actions/upload-artifact@v3 with: name: amd64-migration-tool-bin - path: target/x86_64-unknown-linux-gnu/release/migration-tool + path: target/x86_64-unknown-linux-musl/release/migration-tool build-docker-image: @@ -330,20 +324,51 @@ jobs: with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Build and push latest + +###################### +#### latest build #### +###################### + - name: Build and push latest alpine + if: github.event_name != 'release' + uses: docker/build-push-action@v3 + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + platforms: linux/amd64,linux/arm64 + file: ./.github/workflows/Dockerfile.ci.alpine + tags: nitnelave/lldap:latest + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new + + - name: Build and push latest debian if: github.event_name != 'release' uses: docker/build-push-action@v3 with: context: . push: ${{ github.event_name != 'pull_request' }} platforms: linux/amd64,linux/arm64,linux/arm/v7 + file: ./.github/workflows/Dockerfile.ci.debian + tags: nitnelave/lldap:latest-debian + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new + +####################### +#### release build #### +####################### + - name: Build and push release alpine + if: github.event_name == 'release' + uses: docker/build-push-action@v3 + with: + context: . + platforms: linux/amd64,linux/arm64 + push: true + # Tag as latest, stable, semver, major, major.minor and major.minor.patch. file: ./.github/workflows/Dockerfile.ci.alpine - tags: nitnelave/lldap:latest + tags: nitnelave/lldap:stable, nitnelave/lldap:v${{ steps.slug.outputs.version-semantic }}, nitnelave/lldap:v${{ steps.slug.outputs.version-major }}, nitnelave/lldap:v${{ steps.slug.outputs.version-major }}.${{ steps.slug.outputs.version-minor }}, nitnelave/lldap:v${{ steps.slug.outputs.version-major }}.${{ steps.slug.outputs.version-minor }}.${{ steps.slug.outputs.version-patch }} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new - - name: Build and push release + - name: Build and push release debian if: github.event_name == 'release' uses: docker/build-push-action@v3 with: @@ -351,8 +376,8 @@ jobs: platforms: linux/amd64,linux/arm64,linux/arm/v7 push: true # Tag as latest, stable, semver, major, major.minor and major.minor.patch. - file: ./.github/workflows/Dockerfile.ci - tags: nitnelave/lldap:stable, nitnelave/lldap:v${{ steps.slug.outputs.version-semantic }}, nitnelave/lldap:v${{ steps.slug.outputs.version-major }}, nitnelave/lldap:v${{ steps.slug.outputs.version-major }}.${{ steps.slug.outputs.version-minor }}, nitnelave/lldap:v${{ steps.slug.outputs.version-major }}.${{ steps.slug.outputs.version-minor }}.${{ steps.slug.outputs.version-patch }} + file: ./.github/workflows/Dockerfile.ci.debian + tags: nitnelave/lldap:stable-debian, nitnelave/lldap:v${{ steps.slug.outputs.version-semantic }}-debian, nitnelave/lldap:v${{ steps.slug.outputs.version-major }}-debian, nitnelave/lldap:v${{ steps.slug.outputs.version-major }}.${{ steps.slug.outputs.version-minor }}-debian, nitnelave/lldap:v${{ steps.slug.outputs.version-major }}.${{ steps.slug.outputs.version-minor }}.${{ steps.slug.outputs.version-patch }}-debian cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new diff --git a/build-amd64.sh b/build-amd64.sh new file mode 100755 index 0000000..2bccd0e --- /dev/null +++ b/build-amd64.sh @@ -0,0 +1,10 @@ +#!/bin/bash +wget -c https://musl.cc/x86_64-linux-musl-cross.tgz +tar zxf ./x86_64-linux-musl-cross.tgz -C /opt +rm ./x86_64-linux-musl-cross.tgz +export RUST_BACKTRACE=1 +export CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=x86_64-linux-musl-gcc +export RUSTFLAGS="-Ctarget-feature=+crt-static" +export PATH="/opt/x86_64-linux-musl-cross/:/opt/x86_64-linux-musl-cross/bin/:$PATH" +rustup target add x86_64-unknown-linux-musl +cargo build --target=x86_64-unknown-linux-musl --release -p lldap -p migration-tool diff --git a/build-arm64.sh b/build-arm64.sh new file mode 100755 index 0000000..c025e5e --- /dev/null +++ b/build-arm64.sh @@ -0,0 +1,11 @@ +#!/bin/bash +wget -c https://musl.cc/aarch64-linux-musl-cross.tgz +tar zxf ./aarch64-linux-musl-cross.tgz -C /opt +rm ./aarch64-linux-musl-cross.tgz +export RUST_BACKTRACE=1 +export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc +export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_LINKER=aarch64-linux-musl-gcc +export RUSTFLAGS="-Ctarget-feature=+crt-static" +export PATH="/opt/aarch64-linux-musl-cross/:/opt/aarch64-linux-musl-cross/bin/:$PATH" +rustup target add aarch64-unknown-linux-musl +cargo build --target=aarch64-unknown-linux-musl --release -p lldap -p migration-tool