From c4d282a77ef7701d79db2226136bfbd8e147d95d Mon Sep 17 00:00:00 2001
From: vharseko <vharseko@3a-systems.ru>
Date: Tue, 17 May 2022 07:40:14 +0000
Subject: [PATCH] Docker refactoring (#229)
---
opendj-packages/opendj-docker/Dockerfile-alpine | 8 ++
.github/workflows/deploy.yml | 9 +-
.github/workflows/release.yml | 69 +++++++++++++++-------
.github/workflows/build.yml | 71 ++++++++++++++---------
opendj-packages/opendj-docker/Dockerfile | 12 ++-
5 files changed, 108 insertions(+), 61 deletions(-)
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index ffd98c3..d48103e 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,4 +1,4 @@
-name: Build Maven
+name: Build
on:
push:
@@ -7,8 +7,7 @@
branches: [ master ]
jobs:
- build:
- name: Maven build
+ build-maven:
runs-on: ${{ matrix.os }}
strategy:
matrix:
@@ -62,7 +61,6 @@
opendj-dsml-servlet/target/*.war
opendj-rest2ldap-servlet/target/*.war
build-docker:
- name: Docker build
runs-on: 'ubuntu-latest'
services:
registry:
@@ -79,7 +77,7 @@
run: |
git fetch -t; export git_version_last="$(git describe --abbrev=0 --tags)" ; echo "last release: $git_version_last"
echo "release_version=$git_version_last" >> $GITHUB_ENV
- - name: Docker meta (default)
+ - name: Docker meta
id: meta
uses: docker/metadata-action@v3
with:
@@ -88,15 +86,6 @@
tags: |
type=raw,value=latest
type=raw,value=${{ env.release_version }}
- - name: Docker meta (alpine)
- id: meta_alpine
- uses: docker/metadata-action@v3
- with:
- images: |
- localhost:5000/${{ github.repository }}
- tags: |
- type=raw,value=alpine
- type=raw,value=${{ env.release_version }}-alpine
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
@@ -118,12 +107,41 @@
- name: Docker test
shell: bash
run: |
- export docker_image="localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}"
- echo "last release: ${{ env.release_version }}, docker image: ${docker_image}"
- docker run --rm -it -d --name=opendj_1 --health-cmd='/opt/opendj/bin/ldapsearch --hostname localhost --port 1636 --bindDN "cn=Directory Manager" --bindPassword password --useSsl --trustAll --baseDN "" --searchScope base "(objectClass=*)" 1.1 || /opt/opendj/bin/stop-ds || exit 1' --health-retries=10 --health-timeout=10s ${docker_image}
- timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" opendj_1 | grep -q \"healthy\"; do sleep 10; done'
- docker stop opendj_1 || true
- - name: Build image (alpine)
+ docker run --rm -it -d --name=test localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}
+ timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test | grep -q \"healthy\"; do sleep 10; done'
+ build-docker-alpine:
+ runs-on: 'ubuntu-latest'
+ services:
+ registry:
+ image: registry:2
+ ports:
+ - 5000:5000
+ steps:
+ - uses: actions/checkout@v3
+ with:
+ fetch-depth: 0
+ submodules: recursive
+ - name: Get latest release version
+ shell: bash
+ run: |
+ git fetch -t; export git_version_last="$(git describe --abbrev=0 --tags)" ; echo "last release: $git_version_last"
+ echo "release_version=$git_version_last" >> $GITHUB_ENV
+ - name: Docker meta
+ id: meta
+ uses: docker/metadata-action@v3
+ with:
+ images: |
+ localhost:5000/${{ github.repository }}
+ tags: |
+ type=raw,value=alpine
+ type=raw,value=${{ env.release_version }}-alpine
+ - name: Set up QEMU
+ uses: docker/setup-qemu-action@v1
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action@v1
+ with:
+ driver-opts: network=host
+ - name: Build image
continue-on-error: true
uses: docker/build-push-action@v2
with:
@@ -133,13 +151,10 @@
VERSION=${{ env.release_version }}
platforms: linux/amd64,linux/arm64/8, linux/s390x, linux/386, linux/arm/v7, linux/arm/v6, linux/ppc64le
push: true
- tags: ${{ steps.meta_alpine.outputs.tags }}
- labels: ${{ steps.meta_alpine.outputs.labels }}
- - name: Docker alpine test
+ tags: ${{ steps.meta.outputs.tags }}
+ labels: ${{ steps.meta.outputs.labels }}
+ - name: Docker test
shell: bash
run: |
- export docker_image="localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}-alpine"
- echo "last release: ${{ env.release_version }}, docker image: ${docker_image}"
- docker run --rm -it -d --name=opendj_alpine --health-cmd='/opt/opendj/bin/ldapsearch --hostname localhost --port 1636 --bindDN "cn=Directory Manager" --bindPassword password --useSsl --trustAll --baseDN "" --searchScope base "(objectClass=*)" 1.1 || /opt/opendj/bin/stop-ds || exit 1' --health-retries=10 --health-timeout=10s ${docker_image}
- timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" opendj_alpine | grep -q \"healthy\"; do sleep 10; done'
- docker stop opendj_alpine || true
\ No newline at end of file
+ docker run --rm -it -d --name=test localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}-alpine
+ timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test | grep -q \"healthy\"; do sleep 10; done'
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 66ddd1b..3f5669b 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -1,13 +1,12 @@
-name: Package/Deploy Maven
+name: Package/Deploy
on:
workflow_run:
branches: [ master ]
- workflows: ["Build Maven"]
+ workflows: ["Build"]
types: [completed]
jobs:
- deploy:
- name: Maven deploy
+ deploy-maven:
if: ${{ github.event.workflow_run.conclusion == 'success' }}
runs-on: 'ubuntu-latest'
steps:
@@ -53,6 +52,8 @@
gpg --list-secret-keys --keyid-format LONG
- name: Build package local
env:
+ MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+ MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
MAVEN_OPTS: -Dhttps.protocols=TLSv1.2 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120 -Dmaven.wagon.http.retryHandler.requestSentEnabled=true -Dmaven.wagon.http.retryHandler.count=10
if: ${{ !(github.event.workflow_run.event=='push' && env.MAVEN_USERNAME!='' && env.MAVEN_PASSWORD!='')}}
run: mvn --batch-mode --errors --update-snapshots -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} package --file pom.xml
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index b5155eb..0c3d434 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,4 +1,4 @@
-name: Release Maven
+name: Release
on:
workflow_dispatch:
@@ -12,8 +12,7 @@
required: true
default: "X.Y.Z-SNAPSHOT"
jobs:
- release:
- name: Maven release
+ release-maven:
runs-on: 'ubuntu-latest'
steps:
- name: Print github context
@@ -113,14 +112,14 @@
name: Docker release
runs-on: 'ubuntu-latest'
needs:
- - release
+ - release-maven
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.inputs.releaseVersion }}
fetch-depth: 1
submodules: recursive
- - name: Docker meta (default)
+ - name: Docker meta
id: meta
uses: docker/metadata-action@v3
with:
@@ -130,8 +129,46 @@
tags: |
type=raw,value=latest
type=raw,value=${{ github.event.inputs.releaseVersion }}
- - name: Docker meta (alpine)
- id: meta_alpine
+ - name: Set up QEMU
+ uses: docker/setup-qemu-action@v1
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action@v1
+ - name: Login to DockerHub
+ uses: docker/login-action@v1
+ with:
+ username: ${{ secrets.DOCKER_USERNAME }}
+ password: ${{ secrets.DOCKER_PASSWORD }}
+ - name: Login to GHCR
+ uses: docker/login-action@v1
+ with:
+ registry: ghcr.io
+ username: ${{ github.repository_owner }}
+ password: ${{ secrets.GITHUB_TOKEN }}
+ - name: Build and push image
+ uses: docker/build-push-action@v2
+ continue-on-error: true
+ with:
+ context: ./opendj-packages/opendj-docker
+ file: ./opendj-packages/opendj-docker/Dockerfile
+ build-args: |
+ VERSION=${{ github.event.inputs.releaseVersion }}
+ platforms: linux/amd64,linux/arm64/8
+ push: true
+ tags: ${{ steps.meta.outputs.tags }}
+ labels: ${{ steps.meta.outputs.labels }}
+ release-docker-alpine:
+ name: Docker release
+ runs-on: 'ubuntu-latest'
+ needs:
+ - release-maven
+ steps:
+ - uses: actions/checkout@v3
+ with:
+ ref: ${{ github.event.inputs.releaseVersion }}
+ fetch-depth: 1
+ submodules: recursive
+ - name: Docker meta
+ id: meta
uses: docker/metadata-action@v3
with:
images: |
@@ -155,19 +192,7 @@
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- - name: Build and push image (default)
- uses: docker/build-push-action@v2
- continue-on-error: true
- with:
- context: ./opendj-packages/opendj-docker
- file: ./opendj-packages/opendj-docker/Dockerfile
- build-args: |
- VERSION=${{ github.event.inputs.releaseVersion }}
- platforms: linux/amd64,linux/arm64/8
- push: true
- tags: ${{ steps.meta.outputs.tags }}
- labels: ${{ steps.meta.outputs.labels }}
- - name: Build and push image (alpine)
+ - name: Build and push image
continue-on-error: true
uses: docker/build-push-action@v2
with:
@@ -177,5 +202,5 @@
VERSION=${{ github.event.inputs.releaseVersion }}
platforms: linux/amd64,linux/arm64/8, linux/s390x, linux/386, linux/arm/v7, linux/arm/v6, linux/ppc64le
push: true
- tags: ${{ steps.meta_alpine.outputs.tags }}
- labels: ${{ steps.meta_alpine.outputs.labels }}
+ tags: ${{ steps.meta.outputs.tags }}
+ labels: ${{ steps.meta.outputs.labels }}
diff --git a/opendj-packages/opendj-docker/Dockerfile b/opendj-packages/opendj-docker/Dockerfile
index e008b07..0d9e0ec 100644
--- a/opendj-packages/opendj-docker/Dockerfile
+++ b/opendj-packages/opendj-docker/Dockerfile
@@ -1,4 +1,4 @@
-FROM openjdk:11-jre-slim
+FROM openjdk:11
MAINTAINER Open Identity Platform Community <open-identity-platform-opendj@googlegroups.com>
@@ -20,10 +20,10 @@
WORKDIR /opt
RUN apt-get update \
- && apt-get install -y --no-install-recommends wget unzip \
- && wget --quiet https://github.com/OpenIdentityPlatform/OpenDJ/releases/download/$VERSION/opendj-$VERSION.zip \
+ && apt-get install -y --no-install-recommends curl unzip \
+ && curl -L https://github.com/OpenIdentityPlatform/OpenDJ/releases/download/$VERSION/opendj-$VERSION.zip --output opendj-$VERSION.zip \
&& unzip opendj-$VERSION.zip \
- && apt-get remove -y --purge unzip \
+ && apt-get remove -y --purge curl unzip \
&& rm -rf /var/lib/apt/lists/* \
&& rm -r opendj-*.zip \
&& groupadd $OPENDJ_USER \
@@ -41,4 +41,6 @@
USER $OPENDJ_USER
-ENTRYPOINT ["/opt/opendj/run.sh"]
+HEALTHCHECK --interval=30s --timeout=30s --start-period=1s --retries=3 CMD opendj/bin/ldapsearch --hostname localhost --port 1636 --bindDN "$ROOT_USER_DN" --bindPassword $ROOT_PASSWORD --useSsl --trustAll --baseDN "$BASE_DN" --searchScope base "(objectClass=*)" 1.1 || exit 1
+
+ENTRYPOINT ["/opt/opendj/run.sh"]
\ No newline at end of file
diff --git a/opendj-packages/opendj-docker/Dockerfile-alpine b/opendj-packages/opendj-docker/Dockerfile-alpine
index 68f5639..2ee5cd7 100644
--- a/opendj-packages/opendj-docker/Dockerfile-alpine
+++ b/opendj-packages/opendj-docker/Dockerfile-alpine
@@ -19,12 +19,14 @@
WORKDIR /opt
-RUN apk add --update --no-cache --virtual builddeps wget unzip \
+RUN apk add --update --no-cache --virtual builddeps curl unzip \
&& apk upgrade --update --no-cache \
&& apk add bash \
- && wget --quiet https://github.com/OpenIdentityPlatform/OpenDJ/releases/download/$VERSION/opendj-$VERSION.zip \
+ && curl -L https://github.com/OpenIdentityPlatform/OpenDJ/releases/download/$VERSION/opendj-$VERSION.zip --output opendj-$VERSION.zip \
&& unzip opendj-$VERSION.zip \
&& apk del builddeps \
+ && apk del curl \
+ && apk del unzip \
&& rm -r opendj-$VERSION.zip \
&& addgroup -S $OPENDJ_USER \
&& adduser -S -u 1001 -G $OPENDJ_USER $OPENDJ_USER \
@@ -41,4 +43,6 @@
USER $OPENDJ_USER
+HEALTHCHECK --interval=30s --timeout=30s --start-period=1s --retries=3 CMD opendj/bin/ldapsearch --hostname localhost --port 1636 --bindDN "$ROOT_USER_DN" --bindPassword $ROOT_PASSWORD --useSsl --trustAll --baseDN "$BASE_DN" --searchScope base "(objectClass=*)" 1.1 || exit 1
+
ENTRYPOINT ["/opt/opendj/run.sh"]
--
Gitblit v1.10.0