build: fix docker image

streamthoughts · Sep 6, 2023 · a46022a · a46022a
1 parent af0473c
commit a46022a
Show file tree

Hide file tree

Showing 5 changed files with 136 additions and 71 deletions.
diff --git a/.github/workflows/docker-build-push.yml b/.github/workflows/docker-build-push.yml
@@ -22,11 +22,10 @@ on:
 env:
   JAVA_VERSION: '17'
   JAVA_DISTRO: 'zulu'
-  GRAAL_VERSION: '22.3.3'
 jobs:
-  build_docker_image:
+  build:
     if: github.repository == 'streamthoughts/jikkou'
-    name: Build docker image
+    name: 'Build Docker Image'
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
@@ -35,55 +34,41 @@ jobs:
     - name: 'Set up GraalVM'
       uses: graalvm/setup-graalvm@v1
       with:
-        version: ${{ env.GRAAL_VERSION }}
         java-version: ${{ env.JAVA_VERSION }}
+        distribution: 'graalvm'
         github-token: ${{ secrets.GITHUB_TOKEN }}
-
-    - name: Grant execute permission to MVN Wrapper
-      run: chmod +x ./mvnw
-
-    - name: Build with Maven Wrapper
-      run: ./mvnw -ntp -B clean package -Pnative
-
-    - name: Set env PROJECT_VERSION
-      run: echo "PROJECT_VERSION=$(./mvnw org.apache.maven.plugins:maven-help-plugin:3.1.0:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV
-
-    - name: Check PROJECT_VERSION    
-      run: echo "${{ env.PROJECT_VERSION }}"
-
-    - name: Set env GIT_BRANCH
-      run: echo "GIT_BRANCH=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
-
-    - name: Check GIT_BRANCH
-      run: echo "${{ env.GIT_BRANCH }}"
-
-    - name: Set GIT_COMMIT
-      run: echo "GIT_COMMIT=$(git rev-parse --short "$GITHUB_SHA")" >> $GITHUB_ENV     
-
-    - name: Check GIT_COMMIT   
-      run: echo "${{ env.GIT_COMMIT }}"
-
-    - name: Set DOCKER_IMAGE_TAG
+        components: 'native-image'
+        native-image-job-reports: 'true'
+        native-image-musl: 'true'
+
+    - name: 'Set Docker Image Build-Args'
+      run: |
+        echo "VERSION=$(./mvnw org.apache.maven.plugins:maven-help-plugin:3.1.0:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV
+        echo "GIT_BRANCH=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
+        echo "GIT_COMMIT=$(git rev-parse --short "$GITHUB_SHA")" >> $GITHUB_ENV
+        echo "CREATED=$(date --rfc-3339=seconds)" >> $GITHUB_ENV
+
+    - name: 'Build Native Executable'
+      run: |
+        chmod +x ./mvnw  && \
+        ./mvnw -ntp -B clean package -Pnative -Dgraalvm.build.arg="--static --libc=musl" -DskipTests && \
+        cp ./jikkou-cli/target/jikkou-cli-${{ env.VERSION }}-runner ./docker/jikkou-cli-${{ env.VERSION }}-runner
+
+    - name: 'Set Docker Image Tag (Main)'
       if: github.ref_name == 'main'
       run: echo "DOCKER_TAG=main" >> $GITHUB_ENV
 
-    - name: Set DOCKER_IMAGE_TAG
+    - name: 'Set Docker Image Tag'
       if: startsWith(github.ref, 'refs/tags/v')
-      run: echo "DOCKER_TAG=${{ env.PROJECT_VERSION }}" >> $GITHUB_ENV
-
-    - name: Check DOCKER_IMAGE_TAG
-      run: echo "${{ env.DOCKER_TAG }}"
-
-    - name: Copy Assembly distribution
-      run:  cp ./jikkou-cli/target/jikkou-cli-${{ env.PROJECT_VERSION }}-runner ./docker/jikkou-cli-${{ env.PROJECT_VERSION }}-runner
+      run: echo "DOCKER_TAG=${{ env.VERSION }}" >> $GITHUB_ENV
 
-    - name: Login to DockerHub
+    - name: 'Login to DockerHub'
       uses: docker/login-action@v2
       with:
         username: ${{ secrets.DOCKERHUB_USERNAME }}
         password: ${{ secrets.DOCKERHUB_TOKEN }}        
 
-    - name: Push to Docker Hub
+    - name: 'Build & Push to Docker Hub'
       uses: docker/build-push-action@v4
       with:
         context: docker
@@ -93,11 +78,12 @@ jobs:
         push: true
         tags: streamthoughts/jikkou:${{ env.DOCKER_TAG }}
         build-args: |
-          jikkouVersion=${{ env.PROJECT_VERSION }}
-          jikkouCommit=${{ env.GIT_COMMIT }}
-          jikkouBranch=${{ env.GIT_BRANCH }}
+          VERSION=${{ env.VERSION }}
+          COMMIT=${{ env.GIT_COMMIT }}
+          BRANCH=${{ env.GIT_BRANCH }}
+          CREATED=${{ env.CREATED }}
 
-    - name: Push to Docker Hub (latest)
+    - name: 'Build & Push to Docker Hub (Latest)'
       if: startsWith(github.ref, 'refs/tags/v')
       uses: docker/build-push-action@v4
       with:
@@ -108,6 +94,7 @@ jobs:
         push: true
         tags: streamthoughts/jikkou:latest
         build-args: |
-          jikkouVersion=${{ env.PROJECT_VERSION }}
-          jikkouCommit=${{ env.GIT_COMMIT }}
-          jikkouBranch=${{ env.GIT_BRANCH }}
+          VERSION=${{ env.VERSION }}
+          COMMIT=${{ env.GIT_COMMIT }}
+          BRANCH=${{ env.GIT_BRANCH }}
+          CREATED=${{ env.CREATED }}
diff --git a/Makefile b/Makefile
@@ -3,21 +3,22 @@
 VERSION := $(shell mvn org.apache.maven.plugins:maven-help-plugin:3.1.0:evaluate -Dexpression=project.version -q -DforceStdout)
 GIT_COMMIT := $(shell git rev-parse --short HEAD)
 GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD)
+DATE := $(shell date --rfc-3339=seconds)
 
 REPOSITORY = streamthoughts
 IMAGE = jikkou
-DOCKER_PATH=./docker
+DOCKER_PATH = ./docker
 
 .SILENT:
 
-all: build-images clean-build
+all: build-dist build-image clean-build
 
 clean-containers:
 	echo "Cleaning containers \n========================================== ";
 
 clean-images:
 	echo "Cleaning images \n========================================== ";
-	for image in `docker images -qf "label=io.streamthoughts.docker.name"`; do \
+	for image in `docker images -qf "label=org.opencontainers.image.title=jikkou"`; do \
 	    echo "Removing image $${image} \n==========================================\n " ; \
         docker rmi -f $${image} || exit 1 ; \
     done
@@ -27,6 +28,7 @@ print-info:
 	echo "VERSION="$(VERSION);
 	echo "GIT_COMMIT="$(GIT_COMMIT);
 	echo "GIT_BRANCH="$(GIT_BRANCH);
+	echo "DATE="$(DATE);
 	echo "\n==========================================\n";
 
 clean-build:
@@ -36,19 +38,22 @@ clean-build:
 build-dist: print-info
 	./mvnw clean -ntp -B --file ./pom.xml package -Pnative
 
-build-images: build-dist
+build-image:
 	cp ./jikkou-cli/target/jikkou-cli-${VERSION}-runner ./docker/jikkou-cli-${VERSION}-runner
-	docker build --compress \
-	--build-arg jikkouVersion=${VERSION} \
-	--build-arg jikkouCommit=${GIT_COMMIT} \
-	--build-arg jikkouBranch=${GIT_BRANCH} \
+	docker build \
+	--compress \
+	--build-arg VERSION="${VERSION}" \
+	--build-arg COMMIT="${GIT_COMMIT}" \
+	--build-arg BRANCH="${GIT_BRANCH}" \
+	--build-arg CREATED="${DATE}" \
 	--rm \
-        -f ./docker/Dockerfile \
+	-f ./docker/Dockerfile.ubuntu \
 	-t ${REPOSITORY}/${IMAGE}:${VERSION} ${DOCKER_PATH} || exit 1 ;
-
+
+	docker tag ${REPOSITORY}/${IMAGE}:${VERSION} ${REPOSITORY}/${IMAGE}:dev || exit 1 ;
 	docker tag ${REPOSITORY}/${IMAGE}:${VERSION} ${REPOSITORY}/${IMAGE}:${GIT_BRANCH} || exit 1 ;
 
-docker-tag-latest: build-images
+docker-tag-latest:
 	docker tag ${REPOSITORY}/${IMAGE}:${VERSION} ${REPOSITORY}/${IMAGE}:latest || exit 1 ;
 
 changelog:

diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -13,23 +13,35 @@
 # limitations under the License.
 FROM alpine:3.18.3
 
-ARG jikkouVersion
-ARG jikkouBranch
-ARG jikkouCommit
+LABEL org.opencontainers.image.title=jikkou \
+      org.opencontainers.image.licenses=Apache-2.0 \
+      org.opencontainers.image.url=https://streamthoughts.github.io/jikkou/ \
+      org.opencontainers.image.documentation=https://streamthoughts.github.io/jikkou/ \
+      org.opencontainers.image.source=https://github.com/streamthoughts/jikkou
 
-ENV JIKKOU_VERSION="${jikkouVersion}" \
-    JIKKOU_COMMIT="${jikkouCommit}" \
-    JIKKOU_BRANCH="${jikkouBranch}"
+ARG VERSION
+ARG CREATED
+ARG COMMIT
 
-WORKDIR /opt/jikkou
+ENV USER_ID=10000 \
+    GROUP_ID=10001 \
+    USER_NAME="appuser" \
+    GROUP_NAME="appuser"
 
-COPY ./jikkou-cli-${JIKKOU_VERSION}-runner jikkou
+WORKDIR /app
 
-LABEL io.streamthoughts.docker.name="jikkou" \
-      io.streamthoughts.docker.version=$JIKKOU_VERSION \
-      io.streamthoughts.docker.branch=$JIKKOU_BRANCH \
-      io.streamthoughts.docker.commit=$JIKKOU_COMMIT
+RUN addgroup -g $GROUP_ID $GROUP_NAME && \
+    adduser --shell /sbin/nologin --disabled-password \
+    --no-create-home --uid $USER_ID --ingroup $GROUP_NAME $USER_NAME
 
-ENTRYPOINT ["/bin/bash","/opt/jikkou/bin/jikkou"]
+USER $USER_NAME
+
+COPY --chmod=0755 ./jikkou-cli-${VERSION}-runner ./jikkou
+
+LABEL org.opencontainers.image.created=$CREATED \
+      org.opencontainers.image.version=$VERSION \
+      org.opencontainers.image.revision=$COMMIT
+
+ENTRYPOINT ["./jikkou"]
 
 
diff --git a/docker/Dockerfile.ubuntu b/docker/Dockerfile.ubuntu
@@ -0,0 +1,47 @@
+# Copyright 2023 The original authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+FROM ubuntu:20.04
+
+LABEL org.opencontainers.image.title=jikkou \
+      org.opencontainers.image.licenses=Apache-2.0 \
+      org.opencontainers.image.url=https://streamthoughts.github.io/jikkou/ \
+      org.opencontainers.image.documentation=https://streamthoughts.github.io/jikkou/ \
+      org.opencontainers.image.source=https://github.com/streamthoughts/jikkou
+
+ARG VERSION
+ARG CREATED
+ARG COMMIT
+
+ENV USER_ID=10000 \
+    GROUP_ID=10001 \
+    USER_NAME="appuser" \
+    GROUP_NAME="appuser"
+
+WORKDIR /app
+
+RUN groupadd -g $GROUP_ID $GROUP_NAME && \
+    useradd -r -s /bin/false -u $USER_ID -g $USER_NAME $GROUP_NAME && \
+    chown $USER_NAME:$GROUP_NAME /app
+
+USER $USER_NAME
+
+COPY --chmod=0755 ./jikkou-cli-${VERSION}-runner ./jikkou
+
+LABEL org.opencontainers.image.created=$CREATED \
+      org.opencontainers.image.version=$VERSION \
+      org.opencontainers.image.revision=$COMMIT
+
+ENTRYPOINT ["./jikkou"]
+
+
diff --git a/jikkou-cli/pom.xml b/jikkou-cli/pom.xml
@@ -47,6 +47,7 @@ limitations under the License.
         <os-maven-plugin.version>1.7.1</os-maven-plugin.version>
         <executable-suffix/>
         <imageName>jikkou</imageName>
+        <graalvm.build.arg/>
         <rpm-maven-plugin.version>2.3.0</rpm-maven-plugin.version>
         <micronaut-serde-processor.version>1.5.3</micronaut-serde-processor.version>
     </properties>
@@ -367,6 +368,19 @@ limitations under the License.
                 <packaging>native-image</packaging>
                 <imageName>${project.build.finalName}-runner</imageName>
             </properties>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.graalvm.buildtools</groupId>
+                        <artifactId>native-maven-plugin</artifactId>
+                        <configuration>
+                            <buildArgs combine.children="append">
+                                <buildArg>${graalvm.build.arg}</buildArg>
+                            </buildArgs>
+                        </configuration>
+                    </plugin>
+                </plugins>
+            </build>
         </profile>
         <profile>
             <id>dist</id>