diff --git a/.github/VERSION b/.github/VERSION deleted file mode 100644 index 992977ad..00000000 --- a/.github/VERSION +++ /dev/null @@ -1 +0,0 @@ -v1.1.0 \ No newline at end of file diff --git a/.github/workflows/build-openresty.yaml b/.github/workflows/build-openresty.yaml new file mode 100644 index 00000000..8b94edfe --- /dev/null +++ b/.github/workflows/build-openresty.yaml @@ -0,0 +1,55 @@ +name: BuildOpenresty +# only trigger it manually +on: + workflow_dispatch: + inputs: + do_build: + type: boolean + description: build image + required: true + do_release: + type: boolean + description: sync image to dockerhub + required: true + push: + branches: + - feat/ACP-37252-ghci + paths-ignore: + - 'docs/**' + - '**.md' +concurrency: + group: "${{ github.workflow }}-${{ github.ref }}" + cancel-in-progress: true + +jobs: + build-openresty: + name: Build Openresty + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + - uses: docker/setup-buildx-action@v3 + - name: build + env: + RELEASE_ME: "${{ github.event.inputs.do_release == 'true' }}" + run: | + set -x + ./scripts/run-like-github-actions.sh build-nginx + - name: Upload alb-nginx images to artifact + uses: actions/upload-artifact@v3 + with: + name: alb-nginx + path: alb-nginx.tar + - name: release + if: ${{ inputs.do_release }} + env: + RELEASE_ME: "${{ github.event.inputs.do_release == 'true' }}" + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + DOCKER_CLI_EXPERIMENTAL: enabled + run: | + ./scripts/run-like-github-actions.sh release-nginx \ No newline at end of file diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index fbce8358..52f5f6b1 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -1,4 +1,4 @@ -name: Build +name: Build on: workflow_dispatch: inputs: @@ -30,7 +30,6 @@ env: GOSEC_VERSION: '2.18.2' HELM_VERSION: v3.13.3 SUBMARINER_VERSION: '0.16.2' - IMAGE_REPO: "theseedoaa" jobs: build-alb: name: Build alb @@ -41,46 +40,22 @@ jobs: run: | git config user.name "$GITHUB_ACTOR" git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - name: version + - name: version # it will set the CURRENT_VERSION env uses: HardNorth/github-version-generate@v1.3.0 with: version-source: file - version-file: .github/VERSION - version-file-extraction-pattern: 'v(.+)' + version-file: ./deploy/chart/alb/Chart.yaml + version-file-extraction-pattern: 'version: v([0-9]*\.[0-9]*\.[0-9]*)' - uses: docker/setup-buildx-action@v3 - uses: azure/setup-helm@v3 with: version: '${{ env.HELM_VERSION }}' - name: build + env: + RELEASE_ME: "${{ github.event.inputs.do_release == 'true' }}" run: | set -x - source ./scripts/alb-dev-actions.sh - export VERSION=$(alb-github-gen-version) - - OPENRESTY_BASE=theseedoaa/alb-nginx-base:v1.22.0 - GO_BUILD_BASE=golang:1.21.6-alpine - RUN_BASE=theseedoaa/ops-alpine:3.17 # we need nonroot user - - # build images - docker buildx build --platform linux/amd64 -t $IMAGE_REPO/alb:$VERSION --build-arg VERSION=$VERSION --build-arg RUN_BASE=$RUN_BASE --build-arg BUILD_BASE=$GO_BUILD_BASE -o type=docker -f ./Dockerfile . - - docker pull $OPENRESTY_BASE - docker buildx build --platform linux/amd64 -t $IMAGE_REPO/alb-nginx:$VERSION --build-arg VERSION=$VERSION --build-arg OPENRESTY_BASE=$OPENRESTY_BASE --build-arg BUILD_BASE=$GO_BUILD_BASE -o type=docker -f ./template/Dockerfile ./ - - docker images - - docker save $IMAGE_REPO/alb:$VERSION > alb.tar - docker save $IMAGE_REPO/alb-nginx:$VERSION > alb-nginx.tar - ls - env - # build chart - rm -rf .cr-release-packages - mkdir -p .cr-release-packages - chart=$(alb-build-github-chart $IMAGE_REPO $VERSION ./deploy/chart/alb .cr-release-packages/ ) - cp $chart alauda-alb2.tgz - tree ./deploy/chart/alb - tree .cr-release-packages - cat ./deploy/chart/alb/Chart.yaml + ./scripts/run-like-github-actions.sh build-alb - name: Upload alb images to artifact uses: actions/upload-artifact@v3 with: @@ -103,30 +78,10 @@ jobs: - name: release if: ${{ inputs.do_release }} env: + RELEASE_ME: "${{ github.event.inputs.do_release == 'true' }}" CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} DOCKER_CLI_EXPERIMENTAL: enabled run: | - echo "in release" - # push docker - source ./scripts/alb-dev-actions.sh - export VERSION=$(alb-github-gen-version) - echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin - docker push $IMAGE_REPO/alb:$VERSION - docker push $IMAGE_REPO/alb-nginx:$VERSION - - # push chart - owner=$(cut -d '/' -f 1 <<< "$GITHUB_REPOSITORY") - repo=$(cut -d '/' -f 2 <<< "$GITHUB_REPOSITORY") - - args=(--owner "$owner" --repo "$repo" --charts-dir "./deploy/chart/alb" --skip-packaging "true" --pages-branch "gh-pages") - - echo "sync chart" - git status - git log | head -n 30 - git remote -v - git remote update - git branch -r - - .github/cr.sh "${args[@]}" \ No newline at end of file + ./scripts/run-like-github-actions.sh release-alb \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 6ce38ba3..1ae6d567 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,5 @@ ARG GO_BUILD_BASE=docker-mirrors.alauda.cn/library/golang:1.22.5-alpine ARG OPENRESTY_BASE=build-harbor.alauda.cn/3rdparty/alb-nginx:v1.25.3 -ARG RUN_BASE=build-harbor.alauda.cn/ops/alpine:3.20 FROM ${GO_BUILD_BASE} AS go_builder @@ -52,7 +51,9 @@ STOPSIGNAL SIGQUIT # libcap: tweak file capability # zlib-dev: policy-zip # iproute2: ss -RUN umask 027 && \ +# add nonroot user to run base image if not exist +RUN sh -c "cat /etc/passwd | grep nonroot || (adduser -D nonroot && mkdir -p /etc/sudoers.d && echo 'nonroot ALL=(ALL) NOPASSWD: ALL' >/etc/sudoers.d/nonroot && chmod 0440 /etc/sudoers.d/nonroot)" && \ +umask 027 && \ sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/g' /etc/apk/repositories && \ apk add --no-cache zlib-dev libcap iproute2 yq jq curl bash && \ mkdir -p /alb/ctl/tools && \ diff --git a/scripts/alb-github-actions.sh b/scripts/alb-github-actions.sh index a189c6fd..c508d092 100644 --- a/scripts/alb-github-actions.sh +++ b/scripts/alb-github-actions.sh @@ -8,7 +8,11 @@ function alb-github-gen-version() { echo "v$CURRENT_VERSION-$branch.$GITHUB_RUN_NUMBER.$GITHUB_RUN_ATTEMPT" } -function alb-github-sync() { +function alb-github-build-nginx-base() { + docker build --progress=plain -t alb-nginx:latest --no-cache --network=host -f ./template/Dockerfile.openresty . +} + +function alb-github-pull-artifact() { local runid=$1 if [ -z "$runid" ]; then diff --git a/scripts/run-like-github-actions.sh b/scripts/run-like-github-actions.sh new file mode 100755 index 00000000..1463be6f --- /dev/null +++ b/scripts/run-like-github-actions.sh @@ -0,0 +1,94 @@ +#!/bin/bash + +export IMAGE_REPO="theseedoaa" +# required env $CURRENT_VERSION $RELEASE_ME +function alb-gh-build-alb() ( + source ./scripts/alb-dev-actions.sh + export ver=$(alb-github-gen-version) + echo "version $CURRENT_VERSION this ver $ver is_release $RELEASE_ME" + + OPENRESTY_BASE=theseedoaa/alb-nginx-base:v1.25.3 + GO_BUILD_BASE=golang:1.22.5-alpine + # build images + docker buildx build --network=host --platform linux/amd64 -t $IMAGE_REPO/alb:$VERSION --build-arg VERSION=$VERSION --build-arg BUILD_BASE=$GO_BUILD_BASE -o type=docker -f ./Dockerfile . + docker images + docker save $IMAGE_REPO/alb:$VERSION >alb.tar + ls + # build chart + rm -rf .cr-release-packages + mkdir -p .cr-release-packages + chart=$(alb-build-github-chart $IMAGE_REPO $VERSION ./deploy/chart/alb .cr-release-packages/) + cp $chart alauda-alb2.tgz + tree ./deploy/chart/alb + tree .cr-release-packages + cat ./deploy/chart/alb/Chart.yaml + return +) + +function alb-gh-release-alb() ( + if [[ "$RELEASE_ME" != "true" ]]; then + echo "skip release" + return + fi + echo "in release" + # push docker + source ./scripts/alb-dev-actions.sh + export VERSION=$(alb-github-gen-version) + echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin + docker push $IMAGE_REPO/alb:$VERSION + docker push $IMAGE_REPO/alb-nginx:$VERSION + + # push chart + owner=$(cut -d '/' -f 1 <<<"$GITHUB_REPOSITORY") + repo=$(cut -d '/' -f 2 <<<"$GITHUB_REPOSITORY") + + args=(--owner "$owner" --repo "$repo" --charts-dir "./deploy/chart/alb" --skip-packaging "true" --pages-branch "gh-pages") + + echo "sync chart" + git status + git log | head -n 30 + git remote -v + git remote update + git branch -r + + .github/cr.sh "${args[@]}" + return +) + +function alb-gh-release-nginx() ( + return +) + +function alb-gh-build-nginx() ( + set -x + local ver=$(cat ./Dockerfile | grep OPENRESTY_BASE | grep alb-nginx | awk -F : '{print $2}') + local RESTY_PCRE_VERSION=$(cat ./template/Dockerfile.openresty | grep RESTY_PCRE_VERSION= | awk -F = '{print $2}' | tr -d '"') + local RESTY_PCRE_BASE="https://downloads.sourceforge.net/project/pcre/pcre/$RESTY_PCRE_VERSION/pcre-$RESTY_PCRE_VERSION.tar.gz" + local resty_base="docker.io/library/alpine" + docker buildx build \ + --network=host \ + --platform linux/amd64 \ + -t $IMAGE_REPO/alb-nginx-base:$VERSION + --build-arg RESTY_IMAGE_BASE=$resty_base \ + --build-arg RESTY_PCRE_BASE=$RESTY_PCRE_BASE \ + -o type=docker \ + -f ./template/Dockerfile.openresty \ + ./ + docker images + docker save $IMAGE_REPO/alb-nginx:$ver >alb-nginx.tar + return +) + +if [[ "$1" == "build-nginx" ]]; then + alb-gh-build-nginx +fi +if [[ "$1" == "release-nginx" ]]; then + alb-gh-release-nginx +fi + +if [[ "$1" == "release-alb" ]]; then + alb-gh-release-alb +fi +if [[ "$1" == "build-alb" ]]; then + alb-gh-build-alb +fi diff --git a/template/Dockerfile.openresty b/template/Dockerfile.openresty index 522b9db4..7ad4c7da 100644 --- a/template/Dockerfile.openresty +++ b/template/Dockerfile.openresty @@ -3,6 +3,7 @@ ARG RESTY_IMAGE_BASE="build-harbor.alauda.cn/ops/alpine" ARG RESTY_IMAGE_TAG="3.20" +ARG RESTY_PCRE_BASE="http://prod-minio.alauda.cn/acp/pcre-8.45.tar.gz" FROM ${RESTY_IMAGE_BASE}:${RESTY_IMAGE_TAG} @@ -10,8 +11,6 @@ FROM ${RESTY_IMAGE_BASE}:${RESTY_IMAGE_TAG} LABEL maintainer="congwu " # Docker Build Arguments -ARG RESTY_IMAGE_BASE="build-harbor.alauda.cn/ops/alpine" -ARG RESTY_IMAGE_TAG="3.20" ARG RESTY_VERSION="1.25.3.1" ARG RESTY_OPENSSL_VERSION="1.1.1w" ARG RESTY_OPENSSL_PATCH_VERSION="1.1.1f" @@ -134,7 +133,7 @@ RUN echo "build" && apk add --no-cache --virtual .build-deps \ && make -j${RESTY_J} \ && make -j${RESTY_J} install_sw \ && cd /tmp \ - && curl -fSL http://prod-minio.alauda.cn/acp/pcre-${RESTY_PCRE_VERSION}.tar.gz -o pcre-${RESTY_PCRE_VERSION}.tar.gz \ + && curl -fSL $RESTY_PCRE_BASE -o pcre-${RESTY_PCRE_VERSION}.tar.gz \ && echo "${RESTY_PCRE_SHA256} pcre-${RESTY_PCRE_VERSION}.tar.gz" | shasum -a 256 --check \ && tar xzf pcre-${RESTY_PCRE_VERSION}.tar.gz \ && cd /tmp/pcre-${RESTY_PCRE_VERSION} \