From e39e141d6c5c52c61d2a372acaf143d16065ea4e Mon Sep 17 00:00:00 2001 From: Dedy Martadinata S Date: Thu, 30 Jun 2022 16:21:14 +0700 Subject: [PATCH] docker: Create a multiarch CI/CD pipeline --- .github/workflows/Dockerfile.ci | 68 +++++++ .github/workflows/docker-build.yml | 310 +++++++++++++++++++++++++++++ .github/workflows/docker.yml | 84 -------- 3 files changed, 378 insertions(+), 84 deletions(-) create mode 100644 .github/workflows/Dockerfile.ci create mode 100644 .github/workflows/docker-build.yml delete mode 100644 .github/workflows/docker.yml diff --git a/.github/workflows/Dockerfile.ci b/.github/workflows/Dockerfile.ci new file mode 100644 index 0000000..ce5cd22 --- /dev/null +++ b/.github/workflows/Dockerfile.ci @@ -0,0 +1,68 @@ +FROM debian:bullseye AS lldap +ARG DEBIAN_FRONTEND=noninteractive +ARG TARGETPLATFORM +RUN apt update && apt install -y wget +WORKDIR /dim +COPY bin/ bin/ +COPY web/ web/ + +RUN mkdir -p target/ +RUN mkdir -p /lldap/app + +RUN if [ "${TARGETPLATFORM}" = "linux/amd64" ]; then \ + mv bin/amd64-bin/lldap target/lldap && \ + mv bin/amd64-bin/migration-tool target/migration-tool && \ + chmod +x target/lldap && \ + chmod +x target/migration-tool && \ + ls -la target/ . && \ + pwd \ + ; fi + +RUN if [ "${TARGETPLATFORM}" = "linux/arm64" ]; then \ + mv bin/aarch64-bin/lldap target/lldap && \ + mv bin/aarch64-bin/migration-tool target/migration-tool && \ + chmod +x target/lldap && \ + chmod +x target/migration-tool && \ + ls -la target/ . && \ + pwd \ + ; fi + +RUN if [ "${TARGETPLATFORM}" = "linux/arm/v7" ]; then \ + mv bin/armhf-bin/lldap target/lldap && \ + mv bin/armhf-bin/migration-tool target/migration-tool && \ + chmod +x target/lldap && \ + chmod +x target/migration-tool && \ + ls -la target/ . && \ + pwd \ + ; fi + +# Web and App dir +COPY docker-entrypoint.sh /docker-entrypoint.sh +COPY lldap_config.docker_template.toml /lldap/ +RUN cp target/lldap /lldap/ && \ + cp target/migration-tool /lldap/ && \ + cp -R web/index.html \ + web/pkg \ + web/static \ + /lldap/app/ + +RUN set -x \ + && for file in $(cat /lldap/app/static/libraries.txt); do wget -P app/static "$file"; done \ + && for file in $(cat /lldap/app/static/fonts/fonts.txt); do wget -P app/static/fonts "$file"; done \ + && chmod a+r -R . + +FROM debian:bullseye +ENV UID=1000 +ENV GID=1000 +ENV USER=lldap +RUN apt update && \ + apt install -y --no-install-recommends tini && \ + apt clean && \ + rm -rf /var/lib/apt/lists/* && \ + groupadd -g $GID $USER && useradd --system -m -g $USER --uid $UID $USER +COPY --from=lldap --chown=$CONTAINERUSER:$CONTAINERUSER /lldap /app +COPY --from=lldap --chown=$CONTAINERUSER:$CONTAINERUSER /docker-entrypoint.sh /docker-entrypoint.sh +WORKDIR /app +USER $CONTAINERUSER +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] +CMD ["run", "--config-file", "/data/lldap_config.toml"] diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml new file mode 100644 index 0000000..c7dca5a --- /dev/null +++ b/.github/workflows/docker-build.yml @@ -0,0 +1,310 @@ +name: Docker + +on: + push: + branches: + - 'main' + release: + types: + - 'published' + pull_request: + branches: + - 'main' + workflow_dispatch: + inputs: + msg: + description: "Set message" + default: "Manual trigger" + +env: + CARGO_TERM_COLOR: always + +# In total 5 jobs, all of the jobs are containerized +# --- + +# build-ui , create/compile the web +## Use rustlang/rust:nighlty image +### Install nodejs from nodesource repo +### install wasm +### install rollup +### run app/build.sh +### upload artifacts + +# builds-armhf, build-aarch64, build-amd64 create binary for respective arch +## Use rustlang/rust:nightly image +### Add non native architecture dpkg --add-architecture XXX +### Install dev tool gcc g++, etc per respective arch +### Cargo build +### Upload artifacts + +## the CARGO_ env +#CARGO_TARGET_ARMV7_UNKNOWN_LINUX_GNUEABIHF_LINKER: arm-linux-gnueabihf-gcc +#OPENSSL_INCLUDE_DIR: "/usr/include/openssl/" +#OPENSSL_LIB_DIR: "/usr/lib/arm-linux-gnueabihf/" +# This will determine which architecture lib will be used. + +# build-ui,builds-armhf, build-aarch64, build-amd64 will upload artifacts will be used next job +# build-docker-image job will fetch artifacts and run Dockerfile.ci then push the image. + +# On current https://hub.docker.com/_/rust +# 1-bullseye, 1.61-bullseye, 1.61.0-bullseye, bullseye, 1, 1.61, 1.61.0, latest + +jobs: + build-ui: + runs-on: ubuntu-latest + container: + image: rust:1.61 + env: + CARGO_TERM_COLOR: always + RUSTFLAGS: -Ctarget-feature=-crt-static + steps: + - name: install runtime + run: apt update && apt install -y gcc-x86-64-linux-gnu g++-x86-64-linux-gnu libc6-dev libssl-dev + - name: setup node repo LTS + run: curl -fsSL https://deb.nodesource.com/setup_lts.x | bash - + - name: install nodejs + run: apt install -y nodejs && npm -g install npm + - name: set default nightly + run: rustup default nightly + - name: smoke test + run: rustc --version + - name: install cargo wasm + run: cargo install wasm-pack + - name: install rollup nodejs + run: npm install -g rollup + - name: Checkout repository + uses: actions/checkout@v2 + - name: build frontend + run: ./app/build.sh + - name: check path + run: ls -al app/ + - name: upload ui artifacts + uses: actions/upload-artifact@v3 + with: + name: ui + path: app/ + + build-armhf: + runs-on: ubuntu-latest + container: + image: rust:1.61 + env: + CARGO_TARGET_ARMV7_UNKNOWN_LINUX_GNUEABIHF_LINKER: arm-linux-gnueabihf-gcc + OPENSSL_INCLUDE_DIR: "/usr/include/openssl/" + OPENSSL_LIB_DIR: "/usr/lib/arm-linux-gnueabihf/" + CARGO_TERM_COLOR: always + RUSTFLAGS: -Ctarget-feature=-crt-static + steps: + - name: add armhf architecture + run: dpkg --add-architecture armhf + - name: install runtime + run: apt update && apt install -y gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf libc6-armhf-cross libc6-dev-armhf-cross libssl-dev:armhf + - name: set default nightly + run: rustup default nightly + - name: smoke test + run: rustc --version + - name: add armhf target + run: rustup target add armv7-unknown-linux-gnueabihf + - name: set default nightly + run: rustup default nightly + - name: smoke test + run: rustc --version + - name: Checkout repository + uses: actions/checkout@v2 + - name: compile armhf + run: cargo build --target=armv7-unknown-linux-gnueabihf --release -p lldap -p migration-tool + - name: check path + run: ls -al target/release + - name: upload armhf artifacts + uses: actions/upload-artifact@v3 + with: + name: armhf-lldap-bin + path: target/armv7-unknown-linux-gnueabihf/release/lldap + - name: upload armhf artifacts + uses: actions/upload-artifact@v3 + with: + name: armhf-migration-tool-bin + path: target/armv7-unknown-linux-gnueabihf/release/migration-tool + + + build-aarch64: + runs-on: ubuntu-latest + container: + image: rust:1.61 + env: + CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-gcc + OPENSSL_INCLUDE_DIR: "/usr/include/openssl/" + OPENSSL_LIB_DIR: "/usr/lib/aarch64-linux-gnu/" + CARGO_TERM_COLOR: always + RUSTFLAGS: -Ctarget-feature=-crt-static + steps: + - name: add arm64 architecture + run: dpkg --add-architecture arm64 + - name: install runtime + run: apt update && apt install -y gcc-aarch64-linux-gnu g++-aarch64-linux-gnu libc6-arm64-cross libc6-dev-arm64-cross libssl-dev:arm64 + - name: set default nightly + run: rustup default nightly + - name: smoke test + run: rustc --version + - name: Checkout repository + uses: actions/checkout@v2 + - name: add arm64 target + run: rustup target add aarch64-unknown-linux-gnu + - name: set default nightly + run: rustup default nightly + - name: smoke test + run: rustc --version + - name: Checkout repository + uses: actions/checkout@v2 + - name: compile aarch64 + run: cargo build --target=aarch64-unknown-linux-gnu --release -p lldap -p migration-tool + - name: check path + run: ls -al target/aarch64-unknown-linux-gnu/release/ + - name: upload aarch64 artifacts + uses: actions/upload-artifact@v3 + with: + name: aarch64-lldap-bin + path: target/aarch64-unknown-linux-gnu/release/lldap + - name: upload aarch64 artifacts + uses: actions/upload-artifact@v3 + with: + name: aarch64-migration-tool-bin + path: target/aarch64-unknown-linux-gnu/release/migration-tool + + build-amd64: + runs-on: ubuntu-latest + container: + image: rust:1.61 + env: + CARGO_TERM_COLOR: always + RUSTFLAGS: -Ctarget-feature=-crt-static + steps: + - name: install runtime + run: apt update && apt install -y gcc-x86-64-linux-gnu g++-x86-64-linux-gnu libc6-dev libssl-dev + - name: set default nightly + run: rustup default nightly + - name: smoke test + run: rustc --version + - name: Checkout repository + uses: actions/checkout@v2 + - name: compile amd64 + run: cargo build --target=x86_64-unknown-linux-gnu --release -p lldap -p migration-tool + - name: check path + run: ls -al target/x86_64-unknown-linux-gnu/release/ + - name: upload amd64 lldap artifacts + uses: actions/upload-artifact@v3 + with: + name: amd64-lldap-bin + path: target/x86_64-unknown-linux-gnu/release/lldap + - name: upload amd64 migration-tool artifacts + uses: actions/upload-artifact@v3 + with: + name: amd64-migration-tool-bin + path: target/x86_64-unknown-linux-gnu/release/migration-tool + + + build-docker-image: + needs: [build-ui,build-armhf,build-aarch64,build-amd64] + name: Build Docker image + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - name: fetch repo + uses: actions/checkout@v2 + + - name: Download armhf lldap artifacts + uses: actions/download-artifact@v3 + with: + name: armhf-lldap-bin + path: bin/armhf-bin + - name: Download armhf migration-tool artifacts + uses: actions/download-artifact@v3 + with: + name: armhf-migration-tool-bin + path: bin/armhf-bin + + - name: Download aarch64 lldap artifacts + uses: actions/download-artifact@v3 + with: + name: aarch64-lldap-bin + path: bin/aarch64-bin + - name: Download aarch64 migration-tool artifacts + uses: actions/download-artifact@v3 + with: + name: aarch64-migration-tool-bin + path: bin/aarch64-bin + + - name: Download amd64 lldap artifacts + uses: actions/download-artifact@v3 + with: + name: amd64-lldap-bin + path: bin/amd64-bin + - name: Download amd64 migration-tool artifacts + uses: actions/download-artifact@v3 + with: + name: amd64-migration-tool-bin + path: bin/amd64-bin + + - name: check bin path + run: ls -al bin/ + + - name: Download llap ui artifacts + uses: actions/download-artifact@v3 + with: + name: ui + path: web + + - name: setup qemu + uses: docker/setup-qemu-action@v1 + - uses: docker/setup-buildx-action@v2 + + - name: Docker meta + id: meta + uses: docker/metadata-action@v4 + with: + # list of Docker images to use as base name for tags + images: | + nitnelave/lldap + # generate Docker tags based on the following events/attributes + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=sha + + - name: parse tag + uses: gacts/github-slug@v1 + id: slug + + - name: Login to Docker Hub + if: github.event_name != 'pull_request' + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Build and push + if: github.event_name == 'release' + uses: docker/build-push-action@v3 + with: + context: . + push: true + platforms: linux/amd64,linux/arm64,linux/arm/v7 + # Tag as latest, stable, semver, major, major.minor and major.minor.patch. + tags: nitnelave/lldap:latest, nitnelave/lldap:stable, nitnelave/lldap:v${{ steps.slug.outputs.version-semantic }}, nitnelave/lldap:v${{ steps.slug.outputs.version-major }}, nitnelave/lldap:v${{ steps.slug.outputs.version-major }}.${{ steps.slug.outputs.version-minor }}, nitnelave/lldap:v${{ steps.slug.outputs.version-major }}.${{ steps.slug.outputs.version-minor }}.${{ steps.slug.outputs.version-patch }} + cache-from: type=gha + cache-to: type=gha,mode=max + + + - name: Update repo description + if: github.event_name != 'pull_request' + uses: peter-evans/dockerhub-description@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + repository: nitnelave/lldap + diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml deleted file mode 100644 index 204aab8..0000000 --- a/.github/workflows/docker.yml +++ /dev/null @@ -1,84 +0,0 @@ -name: docker - -on: - push: - branches: - - 'main' - release: - types: - - 'published' - pull_request: - branches: - - 'main' - -jobs: - docker: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v3 - - - name: Docker meta - id: meta - uses: docker/metadata-action@v4 - with: - # list of Docker images to use as base name for tags - images: | - nitnelave/lldap - # generate Docker tags based on the following events/attributes - tags: | - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - type=sha - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Login to DockerHub - if: github.event_name != 'pull_request' - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - # Parse the tag into semver. - - uses: gacts/github-slug@v1 - id: slug - - - - name: Build and push - if: github.event_name != 'release' - uses: docker/build-push-action@v3 - with: - context: . - push: ${{ github.event_name != 'pull_request' }} - platforms: linux/amd64 - tags: nitnelave/lldap:latest - cache-from: type=gha - cache-to: type=gha,mode=max - - - - name: Build and push - if: github.event_name == 'release' - uses: docker/build-push-action@v3 - with: - context: . - push: true - platforms: linux/amd64 - # Tag as latest, stable, semver, major, major.minor and major.minor.patch. - tags: nitnelave/lldap:latest, nitnelave/lldap:stable, nitnelave/lldap:v${{ steps.slug.outputs.version-semantic }}, nitnelave/lldap:v${{ steps.slug.outputs.version-major }}, nitnelave/lldap:v${{ steps.slug.outputs.version-major }}.${{ steps.slug.outputs.version-minor }}, nitnelave/lldap:v${{ steps.slug.outputs.version-major }}.${{ steps.slug.outputs.version-minor }}.${{ steps.slug.outputs.version-patch }} - cache-from: type=gha - cache-to: type=gha,mode=max - - - - name: Update repo description - if: github.event_name != 'pull_request' - uses: peter-evans/dockerhub-description@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_PASSWORD }} - repository: nitnelave/lldap