From 990998e8df1ca669cf61710d25ae39b03f915f8b Mon Sep 17 00:00:00 2001 From: Vlad Bogolin Date: Thu, 11 Apr 2024 16:54:47 +0300 Subject: [PATCH] Add Docker image creation for crossreference --- .../workflows/bbm_build_crossreference.yml | 98 +++++++++++++++++++ .hadolint.yaml | 1 + cross-reference/Dockerfile | 31 ++++++ 3 files changed, 130 insertions(+) create mode 100644 .github/workflows/bbm_build_crossreference.yml create mode 100644 cross-reference/Dockerfile diff --git a/.github/workflows/bbm_build_crossreference.yml b/.github/workflows/bbm_build_crossreference.yml new file mode 100644 index 00000000..7876cf15 --- /dev/null +++ b/.github/workflows/bbm_build_crossreference.yml @@ -0,0 +1,98 @@ +--- +name: bbm-build-crossreference + +on: + push: + paths: + - "cross-reference/**" + - .github/workflows/bbm_build_crossreference.yml + pull_request: + paths: + - "cross-reference/**" + - .github/workflows/bbm_build_crossreference.yml + +defaults: + run: + working-directory: cross-reference + +jobs: + build: + runs-on: ubuntu-latest + name: build + services: + registry: + image: registry:2 + ports: + - 5000:5000 + + steps: + - uses: actions/checkout@v4 + - name: Check Dockerfile with hadolint + run: | + docker run -i -v $(pwd):/mnt -w /mnt ghcr.io/hadolint/hadolint:latest hadolint /mnt/cross-reference/Dockerfile + working-directory: ${{ github.workspace }} + - name: Set up env vars + run: | + echo "REPO=bb-master" >>$GITHUB_ENV + - name: Build cross-reference + run: | + podman build . --tag ${{ env.REPO }}:crossreference + - name: Push images to local registry + run: | + for img in crossreference; do + podman push --tls-verify=0 \ + ${{ env.REPO }}:$img \ + docker://localhost:5000/${{ env.REPO }}:$img + done + - name: Check for registry credentials + if: > + github.ref == 'refs/heads/main' && + github.repository == 'MariaDB/buildbot' + run: | + missing=() + [[ -n "${{ secrets.QUAY_USER }}" ]] || missing+=(QUAY_USER) + [[ -n "${{ secrets.QUAY_TOKEN }}" ]] || missing+=(QUAY_TOKEN) + for i in "${missing[@]}"; do + echo "Missing github secret: $i" + done + if (( ${#missing[@]} == 0 )); then + echo "DEPLOY_IMAGES=true" >> $GITHUB_ENV + else + echo "Not pushing images to registry" + fi + - name: Login to ghcr.io + if: ${{ env.DEPLOY_IMAGES == 'true' }} + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Push images to ghcr.io + if: ${{ env.DEPLOY_IMAGES == 'true' }} + run: | + msg="Push docker images to ghcr.io" + line="${msg//?/=}" + printf "\n${line}\n${msg}\n${line}\n" + for image in crossreference; do + skopeo copy --all --src-tls-verify=0 \ + docker://localhost:5000/${{ env.REPO }}:${image} \ + docker://ghcr.io/mariadb/buildbot:${image} + done + - name: Login to quay.io + if: ${{ env.DEPLOY_IMAGES == 'true' }} + uses: docker/login-action@v2 + with: + registry: quay.io + username: ${{ secrets.QUAY_USER }} + password: ${{ secrets.QUAY_TOKEN }} + - name: Push images to quay.io + if: ${{ env.DEPLOY_IMAGES == 'true' }} + run: | + msg="Push docker images to quay.io" + line="${msg//?/=}" + printf "\n${line}\n${msg}\n${line}\n" + for image in crossreference; do + skopeo copy --all --src-tls-verify=0 \ + docker://localhost:5000/${{ env.REPO }}:${image} \ + docker://quay.io/mariadb-foundation/${{ env.REPO }}:${image} + done diff --git a/.hadolint.yaml b/.hadolint.yaml index 6c05f43c..e8b25929 100644 --- a/.hadolint.yaml +++ b/.hadolint.yaml @@ -6,6 +6,7 @@ ignored: - DL3009 - DL3013 - DL3016 + - DL3018 - DL3033 - DL3037 - DL3041 diff --git a/cross-reference/Dockerfile b/cross-reference/Dockerfile new file mode 100644 index 00000000..f7e46682 --- /dev/null +++ b/cross-reference/Dockerfile @@ -0,0 +1,31 @@ +# Use an official Python runtime as a parent image +FROM python:3.12.3-alpine + +# Set environment variables +ENV PYTHONDONTWRITEBYTECODE 1 +ENV PYTHONUNBUFFERED 1 + +# Set work directory +WORKDIR /app + +# Install system dependencies +RUN apk update \ + && apk add --no-cache \ + gcc \ + mariadb-dev \ + && rm -rf /var/cache/apk/* + +# Install python dependencies +COPY requirements.txt /app +RUN pip install --no-cache-dir --upgrade pip && \ + pip install --no-cache-dir -r requirements.txt + +# Copy project +COPY ./crossreference /app/ + +# Add and run as non-root user +RUN adduser --disabled-password --gecos '' cr +USER cr + +# Run gunicorn +CMD ["bash", "-c", "python manage.py collectstatic --noinput && exec gunicorn crossreference.wsgi:application --bind 0.0.0.0:25432"] \ No newline at end of file