Build using musl

This commit is contained in:
Dedy Martadinata S 2022-07-18 10:52:02 +07:00 committed by nitnelave
parent c108921dcf
commit b9c823e01a
5 changed files with 178 additions and 36 deletions

View File

@ -56,8 +56,35 @@ WORKDIR /app
ENV UID=1000 ENV UID=1000
ENV GID=1000 ENV GID=1000
ENV USER=lldap ENV USER=lldap
RUN echo http://mirror.math.princeton.edu/pub/alpinelinux/edge/testing/ >> /etc/apk/repositories && \ ENV GOSU_VERSION 1.14
apk add --no-cache tini ca-certificates bash gosu && \ # Fetch gosu from git
RUN set -eux; \
\
apk add --no-cache --virtual .gosu-deps \
ca-certificates \
dpkg \
gnupg \
; \
\
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
\
# verify the signature
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
command -v gpgconf && gpgconf --kill all || :; \
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
\
# clean up fetch dependencies
apk del --no-network .gosu-deps; \
\
chmod +x /usr/local/bin/gosu; \
# verify that the binary works
gosu --version; \
gosu nobody true
RUN apk add --no-cache tini ca-certificates bash && \
addgroup -g $GID $USER && \ addgroup -g $GID $USER && \
adduser \ adduser \
--disabled-password \ --disabled-password \

69
.github/workflows/Dockerfile.ci.debian vendored Normal file
View File

@ -0,0 +1,69 @@
FROM debian:bullseye AS lldap
ARG DEBIAN_FRONTEND=noninteractive
ARG TARGETPLATFORM
RUN apt update && apt install -y wget
WORKDIR /dim
COPY bin/ bin/
COPY web/ web/
RUN mkdir -p target/
RUN mkdir -p /lldap/app
RUN if [ "${TARGETPLATFORM}" = "linux/amd64" ]; then \
mv bin/amd64-bin/lldap target/lldap && \
mv bin/amd64-bin/migration-tool target/migration-tool && \
chmod +x target/lldap && \
chmod +x target/migration-tool && \
ls -la target/ . && \
pwd \
; fi
RUN if [ "${TARGETPLATFORM}" = "linux/arm64" ]; then \
mv bin/aarch64-bin/lldap target/lldap && \
mv bin/aarch64-bin/migration-tool target/migration-tool && \
chmod +x target/lldap && \
chmod +x target/migration-tool && \
ls -la target/ . && \
pwd \
; fi
RUN if [ "${TARGETPLATFORM}" = "linux/arm/v7" ]; then \
mv bin/armhf-bin/lldap target/lldap && \
mv bin/armhf-bin/migration-tool target/migration-tool && \
chmod +x target/lldap && \
chmod +x target/migration-tool && \
ls -la target/ . && \
pwd \
; fi
# Web and App dir
COPY docker-entrypoint.sh /docker-entrypoint.sh
COPY lldap_config.docker_template.toml /lldap/
RUN cp target/lldap /lldap/ && \
cp target/migration-tool /lldap/ && \
cp -R web/index.html \
web/pkg \
web/static \
/lldap/app/
RUN set -x \
&& for file in $(cat /lldap/app/static/libraries.txt); do wget -P app/static "$file"; done \
&& for file in $(cat /lldap/app/static/fonts/fonts.txt); do wget -P app/static/fonts "$file"; done \
&& chmod a+r -R .
FROM debian:bullseye-slim
ENV UID=1000
ENV GID=1000
ENV USER=lldap
RUN apt update && \
apt install -y --no-install-recommends tini openssl ca-certificates gosu && \
apt clean && \
rm -rf /var/lib/apt/lists/* && \
groupadd -g $GID $USER && useradd --system -m -g $USER --uid $UID $USER && \
mkdir -p /data && chown $USER:$USER /data
COPY --from=lldap --chown=$USER:$USER /lldap /app
COPY --from=lldap --chown=$USER:$USER /docker-entrypoint.sh /docker-entrypoint.sh
VOLUME ["/data"]
WORKDIR /app
ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"]
CMD ["run", "--config-file", "/data/lldap_config.toml"]

View File

@ -56,10 +56,11 @@ jobs:
build-ui: build-ui:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: container:
image: rust:1.61 image: rust:1.62
env: env:
CARGO_TERM_COLOR: always CARGO_TERM_COLOR: always
RUSTFLAGS: -Ctarget-feature=-crt-static RUSTFLAGS: -Ctarget-feature=+crt-static
#CARGO_HOME: ${GITHUB_WORKSPACE}/.cargo
steps: steps:
- name: install runtime - name: install runtime
run: apt update && apt install -y gcc-x86-64-linux-gnu g++-x86-64-linux-gnu libc6-dev run: apt update && apt install -y gcc-x86-64-linux-gnu g++-x86-64-linux-gnu libc6-dev
@ -82,11 +83,10 @@ jobs:
lldap-ui- lldap-ui-
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v2 uses: actions/checkout@v2
# Prevent install error on existing cached - name: install rollup nodejs and wasm-pack
- name: install cargo wasm run: |
run: cargo install wasm-pack || true npm install -g rollup
- name: install rollup nodejs npm install -g wasm-pack
run: npm install -g rollup
- name: build frontend - name: build frontend
run: ./app/build.sh run: ./app/build.sh
- name: check path - name: check path
@ -100,11 +100,11 @@ jobs:
build-armhf: build-armhf:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: container:
image: rust:1.61 image: rust:1.62
env: env:
CARGO_TARGET_ARMV7_UNKNOWN_LINUX_GNUEABIHF_LINKER: arm-linux-gnueabihf-gcc CARGO_TARGET_ARMV7_UNKNOWN_LINUX_GNUEABIHF_LINKER: arm-linux-gnueabihf-gcc
CARGO_TERM_COLOR: always CARGO_TERM_COLOR: always
RUSTFLAGS: -Ctarget-feature=+crt-static RUSTFLAGS: -Ctarget-feature=-crt-static
CARGO_HOME: ${GITHUB_WORKSPACE}/.cargo CARGO_HOME: ${GITHUB_WORKSPACE}/.cargo
steps: steps:
- name: add armhf architecture - name: add armhf architecture
@ -159,13 +159,9 @@ jobs:
- name: add arm64 architecture - name: add arm64 architecture
run: dpkg --add-architecture arm64 run: dpkg --add-architecture arm64
- name: install runtime - name: install runtime
run: apt update && apt install -y gcc-aarch64-linux-gnu g++-aarch64-linux-gnu libc6-arm64-cross libc6-dev-arm64-cross tar run: apt update && apt install -y gcc-aarch64-linux-gnu g++-aarch64-linux-gnu libc6-arm64-cross libc6-dev-arm64-cross tar wget
- name: smoke test
run: rustc --version
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v2 uses: actions/checkout@v2
- name: add arm64 target
run: rustup target add aarch64-unknown-linux-gnu
- name: smoke test - name: smoke test
run: rustc --version run: rustc --version
- name: Checkout repository - name: Checkout repository
@ -181,34 +177,32 @@ jobs:
key: lldap-bin-aarch64-${{ hashFiles('**/Cargo.lock') }} key: lldap-bin-aarch64-${{ hashFiles('**/Cargo.lock') }}
restore-keys: | restore-keys: |
lldap-bin-aarch64- lldap-bin-aarch64-
- name: compile aarch64 - name: build
run: cargo build --target=aarch64-unknown-linux-gnu --release -p lldap -p migration-tool run: ./build-arm64.sh
- name: check path - name: check path
run: ls -al target/aarch64-unknown-linux-gnu/release/ run: ls -al target/aarch64-unknown-linux-musl/release/
- name: upload aarch64 lldap artifacts - name: upload aarch64 lldap artifacts
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@v3
with: with:
name: aarch64-lldap-bin name: aarch64-lldap-bin
path: target/aarch64-unknown-linux-gnu/release/lldap path: target/aarch64-unknown-linux-musl/release/lldap
- name: upload aarch64 migration-tool artifacts - name: upload aarch64 migration-tool artifacts
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@v3
with: with:
name: aarch64-migration-tool-bin name: aarch64-migration-tool-bin
path: target/aarch64-unknown-linux-gnu/release/migration-tool path: target/aarch64-unknown-linux-musl/release/migration-tool
build-amd64: build-amd64:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: container:
image: rust:1.61 image: rust:1.62
env: env:
CARGO_TERM_COLOR: always CARGO_TERM_COLOR: always
RUSTFLAGS: -Ctarget-feature=+crt-static RUSTFLAGS: -Ctarget-feature=+crt-static
CARGO_HOME: ${GITHUB_WORKSPACE}/.cargo CARGO_HOME: ${GITHUB_WORKSPACE}/.cargo
steps: steps:
- name: install runtime - name: install runtime
run: apt update && apt install -y gcc-x86-64-linux-gnu g++-x86-64-linux-gnu libc6-dev tar run: apt update && apt install -y gcc-x86-64-linux-gnu g++-x86-64-linux-gnu libc6-dev tar wget musl-tools
- name: smoke test
run: rustc --version
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v2 uses: actions/checkout@v2
- uses: actions/cache@v3 - uses: actions/cache@v3
@ -222,20 +216,20 @@ jobs:
key: lldap-bin-amd64-${{ hashFiles('**/Cargo.lock') }} key: lldap-bin-amd64-${{ hashFiles('**/Cargo.lock') }}
restore-keys: | restore-keys: |
lldap-bin-amd64- lldap-bin-amd64-
- name: compile amd64 - name: build
run: cargo build --target=x86_64-unknown-linux-gnu --release -p lldap -p migration-tool run: ./build-amd64.sh
- name: check path - name: check path
run: ls -al target/x86_64-unknown-linux-gnu/release/ run: ls -al target/x86_64-unknown-linux-musl/release/
- name: upload amd64 lldap artifacts - name: upload amd64 lldap artifacts
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@v3
with: with:
name: amd64-lldap-bin name: amd64-lldap-bin
path: target/x86_64-unknown-linux-gnu/release/lldap path: target/x86_64-unknown-linux-musl/release/lldap
- name: upload amd64 migration-tool artifacts - name: upload amd64 migration-tool artifacts
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@v3
with: with:
name: amd64-migration-tool-bin name: amd64-migration-tool-bin
path: target/x86_64-unknown-linux-gnu/release/migration-tool path: target/x86_64-unknown-linux-musl/release/migration-tool
build-docker-image: build-docker-image:
@ -330,20 +324,51 @@ jobs:
with: with:
username: ${{ secrets.DOCKERHUB_USERNAME }} username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }} password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push latest ######################
#### latest build ####
######################
- name: Build and push latest alpine
if: github.event_name != 'release'
uses: docker/build-push-action@v3
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
platforms: linux/amd64,linux/arm64
file: ./.github/workflows/Dockerfile.ci.alpine
tags: nitnelave/lldap:latest
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
- name: Build and push latest debian
if: github.event_name != 'release' if: github.event_name != 'release'
uses: docker/build-push-action@v3 uses: docker/build-push-action@v3
with: with:
context: . context: .
push: ${{ github.event_name != 'pull_request' }} push: ${{ github.event_name != 'pull_request' }}
platforms: linux/amd64,linux/arm64,linux/arm/v7 platforms: linux/amd64,linux/arm64,linux/arm/v7
file: ./.github/workflows/Dockerfile.ci.debian
tags: nitnelave/lldap:latest-debian
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
#######################
#### release build ####
#######################
- name: Build and push release alpine
if: github.event_name == 'release'
uses: docker/build-push-action@v3
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
# Tag as latest, stable, semver, major, major.minor and major.minor.patch.
file: ./.github/workflows/Dockerfile.ci.alpine file: ./.github/workflows/Dockerfile.ci.alpine
tags: nitnelave/lldap:latest tags: nitnelave/lldap:stable, nitnelave/lldap:v${{ steps.slug.outputs.version-semantic }}, nitnelave/lldap:v${{ steps.slug.outputs.version-major }}, nitnelave/lldap:v${{ steps.slug.outputs.version-major }}.${{ steps.slug.outputs.version-minor }}, nitnelave/lldap:v${{ steps.slug.outputs.version-major }}.${{ steps.slug.outputs.version-minor }}.${{ steps.slug.outputs.version-patch }}
cache-from: type=local,src=/tmp/.buildx-cache cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new cache-to: type=local,dest=/tmp/.buildx-cache-new
- name: Build and push release - name: Build and push release debian
if: github.event_name == 'release' if: github.event_name == 'release'
uses: docker/build-push-action@v3 uses: docker/build-push-action@v3
with: with:
@ -351,8 +376,8 @@ jobs:
platforms: linux/amd64,linux/arm64,linux/arm/v7 platforms: linux/amd64,linux/arm64,linux/arm/v7
push: true push: true
# Tag as latest, stable, semver, major, major.minor and major.minor.patch. # Tag as latest, stable, semver, major, major.minor and major.minor.patch.
file: ./.github/workflows/Dockerfile.ci file: ./.github/workflows/Dockerfile.ci.debian
tags: nitnelave/lldap:stable, nitnelave/lldap:v${{ steps.slug.outputs.version-semantic }}, nitnelave/lldap:v${{ steps.slug.outputs.version-major }}, nitnelave/lldap:v${{ steps.slug.outputs.version-major }}.${{ steps.slug.outputs.version-minor }}, nitnelave/lldap:v${{ steps.slug.outputs.version-major }}.${{ steps.slug.outputs.version-minor }}.${{ steps.slug.outputs.version-patch }} tags: nitnelave/lldap:stable-debian, nitnelave/lldap:v${{ steps.slug.outputs.version-semantic }}-debian, nitnelave/lldap:v${{ steps.slug.outputs.version-major }}-debian, nitnelave/lldap:v${{ steps.slug.outputs.version-major }}.${{ steps.slug.outputs.version-minor }}-debian, nitnelave/lldap:v${{ steps.slug.outputs.version-major }}.${{ steps.slug.outputs.version-minor }}.${{ steps.slug.outputs.version-patch }}-debian
cache-from: type=local,src=/tmp/.buildx-cache cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new cache-to: type=local,dest=/tmp/.buildx-cache-new

10
build-amd64.sh Executable file
View File

@ -0,0 +1,10 @@
#!/bin/bash
wget -c https://musl.cc/x86_64-linux-musl-cross.tgz
tar zxf ./x86_64-linux-musl-cross.tgz -C /opt
rm ./x86_64-linux-musl-cross.tgz
export RUST_BACKTRACE=1
export CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=x86_64-linux-musl-gcc
export RUSTFLAGS="-Ctarget-feature=+crt-static"
export PATH="/opt/x86_64-linux-musl-cross/:/opt/x86_64-linux-musl-cross/bin/:$PATH"
rustup target add x86_64-unknown-linux-musl
cargo build --target=x86_64-unknown-linux-musl --release -p lldap -p migration-tool

11
build-arm64.sh Executable file
View File

@ -0,0 +1,11 @@
#!/bin/bash
wget -c https://musl.cc/aarch64-linux-musl-cross.tgz
tar zxf ./aarch64-linux-musl-cross.tgz -C /opt
rm ./aarch64-linux-musl-cross.tgz
export RUST_BACKTRACE=1
export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc
export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_LINKER=aarch64-linux-musl-gcc
export RUSTFLAGS="-Ctarget-feature=+crt-static"
export PATH="/opt/aarch64-linux-musl-cross/:/opt/aarch64-linux-musl-cross/bin/:$PATH"
rustup target add aarch64-unknown-linux-musl
cargo build --target=aarch64-unknown-linux-musl --release -p lldap -p migration-tool