From d5f6707c4533e14239de7e03ca17fcfd82055661 Mon Sep 17 00:00:00 2001 From: "Jonathan Gonzalez V." Date: Tue, 19 Nov 2024 14:00:24 +0100 Subject: [PATCH] chore: add Barman base image Now we build an image every week with the base packages required for the sidecar, the idea is to reduce the amount of time of every CI process requires to run. Signed-off-by: Jonathan Gonzalez V. --- .github/workflows/barman-base-image.yml | 62 +++++++++++++++++++++++++ containers/Dockerfile.barmanbase | 6 +++ containers/Dockerfile.sidecar | 12 ++--- 3 files changed, 71 insertions(+), 9 deletions(-) create mode 100644 .github/workflows/barman-base-image.yml create mode 100644 containers/Dockerfile.barmanbase diff --git a/.github/workflows/barman-base-image.yml b/.github/workflows/barman-base-image.yml new file mode 100644 index 0000000..e3d9f75 --- /dev/null +++ b/.github/workflows/barman-base-image.yml @@ -0,0 +1,62 @@ +name: Barman Base Image +on: + pull_request: + workflow_dispatch: + schedule: + - cron: "0 0 * * 0" + +env: + IMAGE_NAME: "ghcr.io/cloudnative-pg/plugin-barman-cloud-base" + PLATFORMS: "linux/amd64,linux/arm64" + +permissions: + contents: write + packages: write + security-events: write + +jobs: + build: + runs-on: ubuntu-24.04 + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + with: + platforms: ${{ env.PLATFORMS }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to the GitHub Container registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build Docker Image + uses: docker/build-push-action@v6 + with: + platforms: ${{ env.PLATFORMS }} + context: . + file: ./containers/Dockerfile.barmanbase + push: true + tags: ${{ env.IMAGE_NAME }}:latest + + - name: Run Snyk to check Docker image for vulnerabilities + uses: snyk/actions/docker@master + continue-on-error: true + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + image: "${{ env.IMAGE_NAME }}:latest" + args: --severity-threshold=high --file=./containers/Dockerfile.barmanbase + - + name: Upload result to GitHub Code Scanning + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: snyk.sarif diff --git a/containers/Dockerfile.barmanbase b/containers/Dockerfile.barmanbase new file mode 100644 index 0000000..4cd27fd --- /dev/null +++ b/containers/Dockerfile.barmanbase @@ -0,0 +1,6 @@ +FROM python:3.13-slim AS pythonbuilder +RUN apt-get update && \ + apt-get install -y postgresql-common build-essential && \ + /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y && \ + apt-get install -y libpq-dev && \ + pip install barman[azure,cloud,google,snappy]==3.11.1 setuptools diff --git a/containers/Dockerfile.sidecar b/containers/Dockerfile.sidecar index 5cd7503..3d52fe6 100644 --- a/containers/Dockerfile.sidecar +++ b/containers/Dockerfile.sidecar @@ -30,16 +30,10 @@ COPY ../internal/ internal/ RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache/go-build \ CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager cmd/manager/main.go -# Build barman-cloud +# Use plug-barman-cloud-base to get the dependencies # pip will build everything inside /usr/ since this is the case -# we should build and then copy every file into a destination that will -# then copy into the distroless container -FROM python:3.13-slim AS pythonbuilder -RUN apt-get update && \ - apt-get install -y postgresql-common build-essential && \ - /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y && \ - apt-get install -y libpq-dev && \ - pip install barman[azure,cloud,google,snappy]==3.11.1 setuptools +# Copy every file into a destination that will then copy into the distroless container +FROM ghcr.io/cloudnative-pg/plugin-barman-cloud-base:latest AS pythonbuilder # Prepare a new /usr/ directory with the files we'll need in the final image RUN mkdir /new-usr/ && \ cp -r --parents /usr/local/lib/ /usr/lib/*-linux-gnu/ /usr/local/bin/ \