From e8d54eed1bfabc95b48ab3dd5073390eb8b853b5 Mon Sep 17 00:00:00 2001 From: "Jonathan Gonzalez V." Date: Tue, 19 Nov 2024 14:00:24 +0100 Subject: [PATCH] chore: add Barman base image Now we build an image every week with the base packages required for the sidecar, the idea is to reduce the amount of time of every CI process requires to run. Signed-off-by: Jonathan Gonzalez V. --- .github/workflows/barman-base-image.yml | 62 +++++++++++++++++++++++++ containers/Dockerfile.barmanbase | 6 +++ containers/Dockerfile.sidecar | 2 +- 3 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/barman-base-image.yml create mode 100644 containers/Dockerfile.barmanbase diff --git a/.github/workflows/barman-base-image.yml b/.github/workflows/barman-base-image.yml new file mode 100644 index 00000000..82fb9732 --- /dev/null +++ b/.github/workflows/barman-base-image.yml @@ -0,0 +1,62 @@ +name: Barman Base Image +on: + pull_request: + workflow_dispatch: + schedule: + - cron: "0 0 * * 0" + +env: + IMAGE_NAME: "gchr.io/cloudnative-pg/plugin-barman-cloud-base" + PLATFORMS: "linux/amd64,linux/arm64" + +permissions: + contents: write + packages: write + security-events: write + +jobs: + build: + runs-on: ubuntu-24.04 + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + with: + platforms: ${{ env.PLATFORMS }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to the GitHub Container registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build Docker Image + uses: docker/build-push-action@v6 + with: + platforms: ${{ env.PLATFORMS }} + context: . + file: ./containers/Dockerfile.barmanbase + push: true + tags: ${{ env.IMAGE_NAME }}:latest + + - name: Run Snyk to check Docker image for vulnerabilities + uses: snyk/actions/docker@master + continue-on-error: true + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + image: "${{ env.IMAGE_NAME }}:latest" + args: --severity-threshold=high --file=./containers/Dockerfile.barmanbase + - + name: Upload result to GitHub Code Scanning + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: snyk.sarif diff --git a/containers/Dockerfile.barmanbase b/containers/Dockerfile.barmanbase new file mode 100644 index 00000000..4dd9308f --- /dev/null +++ b/containers/Dockerfile.barmanbase @@ -0,0 +1,6 @@ +FROM python:3.12-slim AS pythonbuilder +RUN apt-get update && \ + apt-get install -y postgresql-common build-essential && \ + /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y && \ + apt-get install -y libpq-dev && \ + pip install barman[azure,cloud,google,snappy]==3.11.1 setuptools diff --git a/containers/Dockerfile.sidecar b/containers/Dockerfile.sidecar index d620f1f2..0d5f337e 100644 --- a/containers/Dockerfile.sidecar +++ b/containers/Dockerfile.sidecar @@ -34,7 +34,7 @@ RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache # pip will build everything inside /usr/ since this is the case # we should build and then copy every file into a destination that will # then copy into the distroless container -FROM python:3.13-slim AS pythonbuilder +FROM gchr.io/cloudnative-pg/plugin-barman-cloud-base:latest AS pythonbuilder RUN apt-get update && \ apt-get install -y postgresql-common build-essential && \ /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y && \