diff --git a/.github/workflows/jms-build-test.yml b/.github/workflows/jms-build-test.yml index 7b731bc22..4760af7cf 100644 --- a/.github/workflows/jms-build-test.yml +++ b/.github/workflows/jms-build-test.yml @@ -11,8 +11,12 @@ on: jobs: build: runs-on: ubuntu-latest + strategy: + matrix: + component: [core] + version: [v4] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: docker/setup-buildx-action@v3 - name: Login to GitHub Container Registry @@ -21,21 +25,10 @@ jobs: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build Base Image - uses: docker/build-push-action@v5 - with: - context: . - push: true - file: Dockerfile.base - tags: ghcr.io/jumpserver/core:v4-base - platforms: linux/amd64 - build-args: | - APT_MIRROR=http://deb.debian.org - PIP_MIRROR=https://pypi.org/simple - outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true - cache-from: type=gha - cache-to: type=gha,mode=max + + - name: Prepare Build + run: | + sed -i 's@^FROM registry.fit2cloud.com/jumpserver@FROM ghcr.io/jumpserver@g' Dockerfile-ee - name: Build CE Image uses: docker/build-push-action@v5 @@ -43,34 +36,28 @@ jobs: context: . push: true file: Dockerfile - tags: ghcr.io/jumpserver/core:v4-lite + tags: ghcr.io/jumpserver/${{ matrix.component }}:${{ matrix.version }}-ce platforms: linux/amd64 build-args: | - VERSION=v4 + VERSION=${{ matrix.version }} APT_MIRROR=http://deb.debian.org - BASE_IMAGE=ghcr.io/jumpserver/core + PIP_MIRROR=https://pypi.org/simple outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true cache-from: type=gha cache-to: type=gha,mode=max - - name: Prepare EE Image - run: | - sed -i 's@^FROM registry.fit2cloud.com/jumpserver/xpack@# FROM registry.fit2cloud.com/jumpserver/xpack@' Dockerfile-ee - sed -i 's@^FROM registry.fit2cloud.com/jumpserver@FROM ghcr.io/jumpserver@g' Dockerfile-ee - sed -i 's@^COPY --from=build-xpack@# COPY --from=build-xpack@g' Dockerfile-ee - - name: Build EE Image uses: docker/build-push-action@v5 with: context: . push: false file: Dockerfile-ee - tags: jumpserver/core:v4 + tags: ghcr.io/jumpserver/${{ matrix.component }}:${{ matrix.version }} platforms: linux/amd64 build-args: | - VERSION=v4 + VERSION=${{ matrix.version }} APT_MIRROR=http://deb.debian.org - BASE_IMAGE=ghcr.io/jumpserver/core + PIP_MIRROR=https://pypi.org/simple outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true cache-from: type=gha cache-to: type=gha,mode=max \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index abc740e73..9f338e272 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,4 @@ -ARG VERSION -ARG BASE_IMAGE=jumpserver/core - -FROM python:3.11-slim-bullseye as stage-1 +FROM debian:bullseye-slim as stage-1 ARG TARGETARCH ARG DEPENDENCIES=" \ @@ -9,8 +6,8 @@ ARG DEPENDENCIES=" \ wget" ARG APT_MIRROR=http://mirrors.ustc.edu.cn -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ +RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \ + --mount=type=cache,target=/var/lib/apt,sharing=locked,id=core \ set -ex \ && rm -f /etc/apt/apt.conf.d/docker-clean \ && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ @@ -48,15 +45,42 @@ RUN echo > /opt/jumpserver/config.yml \ sed -i "s@VERSION = .*@VERSION = '${VERSION}'@g" apps/jumpserver/const.py; \ fi -FROM ${BASE_IMAGE}:${VERSION}-base as stage-2 +FROM python:3.11-slim-bullseye as stage-2 ARG TARGETARCH +ARG BUILD_DEPENDENCIES=" \ + g++ \ + make \ + pkg-config" + +ARG DEPENDENCIES=" \ + default-libmysqlclient-dev \ + gettext \ + libldap2-dev \ + libsasl2-dev" + +ARG APT_MIRROR=http://mirrors.ustc.edu.cn +RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \ + --mount=type=cache,target=/var/lib/apt,sharing=locked,id=core \ + set -ex \ + && rm -f /etc/apt/apt.conf.d/docker-clean \ + && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ + && sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \ + && apt-get update \ + && apt-get -y install --no-install-recommends ${BUILD_DEPENDENCIES} \ + && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ + && echo "no" | dpkg-reconfigure dash + WORKDIR /opt/jumpserver -RUN --mount=type=cache,target=/root/.cache,sharing=locked \ - --mount=type=bind,source=poetry.lock,target=/opt/jumpserver/poetry.lock \ - --mount=type=bind,source=pyproject.toml,target=/opt/jumpserver/pyproject.toml \ +ARG PIP_MIRROR=https://pypi.tuna.tsinghua.edu.cn/simple +RUN --mount=type=cache,target=/root/.cache,sharing=locked,id=core \ + --mount=type=bind,source=poetry.lock,target=poetry.lock \ + --mount=type=bind,source=pyproject.toml,target=pyproject.toml \ set -ex \ + && python3 -m venv /opt/py3 \ + && pip install poetry -i ${PIP_MIRROR} \ + && poetry config virtualenvs.create false \ && . /opt/py3/bin/activate \ && poetry install --only main @@ -75,9 +99,7 @@ ENV LANG=en_US.UTF-8 \ ARG DEPENDENCIES=" \ libldap2-dev \ - libpq-dev \ - libx11-dev \ - libxmlsec1-openssl" + libx11-dev" ARG TOOLS=" \ ca-certificates \ @@ -86,8 +108,8 @@ ARG TOOLS=" \ sshpass" ARG APT_MIRROR=http://mirrors.ustc.edu.cn -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ +RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \ + --mount=type=cache,target=/var/lib/apt,sharing=locked,id=core \ set -ex \ && rm -f /etc/apt/apt.conf.d/docker-clean \ && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ diff --git a/Dockerfile-ee b/Dockerfile-ee index 3e876dd26..d3654df6d 100644 --- a/Dockerfile-ee +++ b/Dockerfile-ee @@ -1,20 +1,35 @@ ARG VERSION -ARG BASE_IMAGE=registry.fit2cloud.com/jumpserver/core FROM registry.fit2cloud.com/jumpserver/xpack:${VERSION} as build-xpack -FROM registry.fit2cloud.com/jumpserver/core:${VERSION}-base as build-core -ARG TARGETARCH +FROM python:3.11-slim-bullseye as build-core +ARG BUILD_DEPENDENCIES=" \ + g++" + +ARG APT_MIRROR=http://mirrors.ustc.edu.cn +RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \ + --mount=type=cache,target=/var/lib/apt,sharing=locked,id=core \ + set -ex \ + && rm -f /etc/apt/apt.conf.d/docker-clean \ + && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ + && sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \ + && apt-get update \ + && apt-get -y install --no-install-recommends ${BUILD_DEPENDENCIES} \ + && echo "no" | dpkg-reconfigure dash WORKDIR /opt/jumpserver -RUN --mount=type=cache,target=/root/.cache,sharing=locked \ +ARG PIP_MIRROR=https://pypi.tuna.tsinghua.edu.cn/simple +RUN --mount=type=cache,target=/root/.cache,sharing=locked,id=core \ --mount=type=bind,source=poetry.lock,target=/opt/jumpserver/poetry.lock \ --mount=type=bind,source=pyproject.toml,target=/opt/jumpserver/pyproject.toml \ set -ex \ + && python3 -m venv /opt/py3 \ + && pip install poetry -i ${PIP_MIRROR} \ + && poetry config virtualenvs.create false \ && . /opt/py3/bin/activate \ && poetry install --only xpack -FROM ${BASE_IMAGE}:${VERSION}-lite +FROM registry.fit2cloud.com/jumpserver/core:${VERSION}-ce ARG TARGETARCH ARG TOOLS=" \ @@ -27,8 +42,8 @@ ARG TOOLS=" \ wget" ARG APT_MIRROR=http://mirrors.ustc.edu.cn -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ +RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \ + --mount=type=cache,target=/var/lib/apt,sharing=locked,id=core \ set -ex \ && apt-get update \ && apt-get -y install --no-install-recommends ${TOOLS} diff --git a/Dockerfile.base b/Dockerfile.base deleted file mode 100644 index 003e7c6bc..000000000 --- a/Dockerfile.base +++ /dev/null @@ -1,55 +0,0 @@ -FROM python:3.11-slim-bullseye -ARG TARGETARCH - -ARG BUILD_DEPENDENCIES=" \ - g++ \ - make \ - pkg-config" - -ARG DEPENDENCIES=" \ - freetds-dev \ - gettext \ - libffi-dev \ - libjpeg-dev \ - libkrb5-dev \ - libldap2-dev \ - libpq-dev \ - libsasl2-dev \ - libssl-dev \ - libxml2-dev \ - libxmlsec1-dev \ - libxmlsec1-openssl \ - freerdp2-dev \ - libaio-dev" - -ARG TOOLS=" \ - ca-certificates \ - curl \ - default-libmysqlclient-dev \ - default-mysql-client \ - git \ - git-lfs \ - unzip \ - xz-utils \ - wget" - -ARG APT_MIRROR=http://mirrors.ustc.edu.cn -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -ex \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ - && sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \ - && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ - && apt-get update \ - && apt-get -y install --no-install-recommends ${BUILD_DEPENDENCIES} \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ - && apt-get -y install --no-install-recommends ${TOOLS} \ - && echo "no" | dpkg-reconfigure dash - -ARG PIP_MIRROR=https://pypi.org/simple -RUN --mount=type=cache,target=/root/.cache,sharing=locked \ - set -ex \ - && python3 -m venv /opt/py3 \ - && pip install poetry -i ${PIP_MIRROR} \ - && poetry config virtualenvs.create false \ No newline at end of file