From ef656a8dfdc0ba2a6967b997c685266e4c9d1a18 Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Tue, 23 Jul 2024 16:38:00 +0800 Subject: [PATCH] perf: change docker file build (#13761) * perf: change docker file build * perf: Update Dockerfile with new base image tag --------- Co-authored-by: ibuler Co-authored-by: github-actions[bot] --- .github/workflows/build-base-image.yml | 60 +++++++++++++++++ Dockerfile | 91 +++----------------------- Dockerfile-base | 54 +++++++++++++++ Dockerfile-ee | 52 ++++++--------- apps/i18n/lina/en.json | 4 +- 5 files changed, 145 insertions(+), 116 deletions(-) create mode 100644 .github/workflows/build-base-image.yml create mode 100644 Dockerfile-base diff --git a/.github/workflows/build-base-image.yml b/.github/workflows/build-base-image.yml new file mode 100644 index 000000000..1ad366a98 --- /dev/null +++ b/.github/workflows/build-base-image.yml @@ -0,0 +1,60 @@ +name: Build and Push Base Image + +on: + push: + branches: + - 'pr*' + paths: + - 'poetry.lock' + - 'pyproject.toml' + - 'Dockerfile-base' + +jobs: + build-and-push: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to DockerHub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Extract date + id: vars + run: echo "IMAGE_TAG=$(date +'%Y%m%d_%H%M%S')" >> $GITHUB_ENV + + - name: Extract repository name + id: repo + run: echo "REPO=$(basename ${{ github.repository }})" >> $GITHUB_ENV + + - name: Build and push multi-arch image + uses: docker/build-push-action@v6 + with: + platforms: linux/amd64,linux/arm64 + push: true + file: Dockerfile-base + tags: jumpserver/core-base:${{ env.IMAGE_TAG }} + + - name: Update Dockerfile + run: | + sed -i 's|-base:.* AS stage-build|-base:${{ env.IMAGE_TAG }} AS stage-build|' Dockerfile + + - name: Commit changes + run: | + git config --global user.name 'github-actions[bot]' + git config --global user.email 'github-actions[bot]@users.noreply.github.com' + git add Dockerfile + git commit -m "perf: Update Dockerfile with new base image tag" + git push + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/Dockerfile b/Dockerfile index a1be00d2a..269ec7ddd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,93 +1,25 @@ -FROM debian:bullseye-slim AS stage-1 -ARG TARGETARCH - -ARG DEPENDENCIES=" \ - ca-certificates \ - wget" - -ARG APT_MIRROR=http://mirrors.ustc.edu.cn -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \ - --mount=type=cache,target=/var/lib/apt,sharing=locked,id=core \ - set -ex \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ - && sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \ - && apt-get update \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash - -WORKDIR /opt - -ARG CHECK_VERSION=v1.0.2 -RUN set -ex \ - && wget https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && mv check /usr/local/bin/ \ - && chown root:root /usr/local/bin/check \ - && chmod 755 /usr/local/bin/check \ - && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz +FROM jumpserver/core-base:20240722_031104 AS stage-build ARG VERSION WORKDIR /opt/jumpserver + ADD . . + RUN echo > /opt/jumpserver/config.yml \ && \ if [ -n "${VERSION}" ]; then \ sed -i "s@VERSION = .*@VERSION = '${VERSION}'@g" apps/jumpserver/const.py; \ fi -FROM python:3.11-slim-bullseye AS stage-2 -ARG TARGETARCH - -ARG BUILD_DEPENDENCIES=" \ - g++ \ - make \ - pkg-config" - -ARG DEPENDENCIES=" \ - default-libmysqlclient-dev \ - freetds-dev \ - gettext \ - libkrb5-dev \ - libldap2-dev \ - libsasl2-dev" - -ARG APT_MIRROR=http://mirrors.ustc.edu.cn -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \ - --mount=type=cache,target=/var/lib/apt,sharing=locked,id=core \ - set -ex \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ - && sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \ - && apt-get update \ - && apt-get -y install --no-install-recommends ${BUILD_DEPENDENCIES} \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash - -WORKDIR /opt/jumpserver - -ARG PIP_MIRROR=https://pypi.tuna.tsinghua.edu.cn/simple -RUN --mount=type=cache,target=/root/.cache,sharing=locked,id=core \ - --mount=type=bind,source=poetry.lock,target=poetry.lock \ - --mount=type=bind,source=pyproject.toml,target=pyproject.toml \ - set -ex \ - && python3 -m venv /opt/py3 \ - && pip install poetry -i ${PIP_MIRROR} \ - && poetry config virtualenvs.create false \ - && . /opt/py3/bin/activate \ - && poetry install --only main - -COPY --from=stage-1 /opt/jumpserver /opt/jumpserver - RUN set -ex \ && export SECRET_KEY=$(head -c100 < /dev/urandom | base64 | tr -dc A-Za-z0-9 | head -c 48) \ && . /opt/py3/bin/activate \ && cd apps \ && python manage.py compilemessages + FROM python:3.11-slim-bullseye -ARG TARGETARCH ENV LANG=en_US.UTF-8 \ PATH=/opt/py3/bin:$PATH @@ -102,32 +34,29 @@ ARG TOOLS=" \ sshpass \ bubblewrap" -ARG APT_MIRROR=http://mirrors.ustc.edu.cn +ARG APT_MIRROR=http://deb.debian.org RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \ --mount=type=cache,target=/var/lib/apt,sharing=locked,id=core \ set -ex \ && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ && sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \ && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ - && apt-get update \ + && apt-get update > /dev/null \ && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ && apt-get -y install --no-install-recommends ${TOOLS} \ + && apt-get clean \ && mkdir -p /root/.ssh/ \ && echo "Host *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null\n\tCiphers +aes128-cbc\n\tKexAlgorithms +diffie-hellman-group1-sha1\n\tHostKeyAlgorithms +ssh-rsa" > /root/.ssh/config \ && echo "no" | dpkg-reconfigure dash \ && sed -i "s@# export @export @g" ~/.bashrc \ && sed -i "s@# alias @alias @g" ~/.bashrc -COPY --from=stage-2 /opt /opt -COPY --from=stage-1 /usr/local/bin /usr/local/bin -COPY --from=stage-1 /opt/jumpserver/apps/libs/ansible/ansible.cfg /etc/ansible/ +COPY --from=stage-build /opt /opt +COPY --from=stage-build /usr/local/bin /usr/local/bin +COPY --from=stage-build /opt/jumpserver/apps/libs/ansible/ansible.cfg /etc/ansible/ WORKDIR /opt/jumpserver -ARG VERSION -ENV VERSION=$VERSION - VOLUME /opt/jumpserver/data ENTRYPOINT ["./entrypoint.sh"] diff --git a/Dockerfile-base b/Dockerfile-base new file mode 100644 index 000000000..1ac168ac1 --- /dev/null +++ b/Dockerfile-base @@ -0,0 +1,54 @@ +FROM python:3.11-slim-bullseye +ARG TARGETARCH + +# Install APT dependencies +ARG DEPENDENCIES=" \ + ca-certificates \ + wget \ + g++ \ + make \ + pkg-config \ + default-libmysqlclient-dev \ + freetds-dev \ + gettext \ + libkrb5-dev \ + libldap2-dev \ + libsasl2-dev" + + +ARG APT_MIRROR=http://deb.debian.org +RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \ + --mount=type=cache,target=/var/lib/apt,sharing=locked,id=core \ + set -ex \ + && rm -f /etc/apt/apt.conf.d/docker-clean \ + && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache \ + && sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \ + && apt-get update > /dev/null \ + && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ + && echo "no" | dpkg-reconfigure dash + + +# Install bin tools +ARG CHECK_VERSION=v1.0.2 +RUN set -ex \ + && wget https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ + && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ + && mv check /usr/local/bin/ \ + && chown root:root /usr/local/bin/check \ + && chmod 755 /usr/local/bin/check \ + && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz + + +# Install Python dependencies +WORKDIR /opt/jumpserver + +ARG PIP_MIRROR=https://pypi.org/simple +RUN --mount=type=cache,target=/root/.cache,sharing=locked,id=core \ + --mount=type=bind,source=poetry.lock,target=poetry.lock \ + --mount=type=bind,source=pyproject.toml,target=pyproject.toml \ + set -ex \ + && python3 -m venv /opt/py3 \ + && pip install poetry -i ${PIP_MIRROR} \ + && poetry config virtualenvs.create false \ + && . /opt/py3/bin/activate \ + && poetry install --only main diff --git a/Dockerfile-ee b/Dockerfile-ee index a11bdbd33..63c26826b 100644 --- a/Dockerfile-ee +++ b/Dockerfile-ee @@ -1,38 +1,12 @@ ARG VERSION FROM registry.fit2cloud.com/jumpserver/xpack:${VERSION} AS build-xpack -FROM python:3.11-slim-bullseye AS build-core -ARG BUILD_DEPENDENCIES=" \ - g++" +FROM jumpserver/core:${VERSION}-ce -ARG APT_MIRROR=http://mirrors.ustc.edu.cn -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \ - --mount=type=cache,target=/var/lib/apt,sharing=locked,id=core \ - set -ex \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ - && sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \ - && apt-get update \ - && apt-get -y install --no-install-recommends ${BUILD_DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash - -WORKDIR /opt/jumpserver - -ARG PIP_MIRROR=https://pypi.tuna.tsinghua.edu.cn/simple -RUN --mount=type=cache,target=/root/.cache,sharing=locked,id=core \ - --mount=type=bind,source=poetry.lock,target=/opt/jumpserver/poetry.lock \ - --mount=type=bind,source=pyproject.toml,target=/opt/jumpserver/pyproject.toml \ - set -ex \ - && python3 -m venv /opt/py3 \ - && pip install poetry -i ${PIP_MIRROR} \ - && poetry config virtualenvs.create false \ - && . /opt/py3/bin/activate \ - && poetry install --only xpack - -FROM registry.fit2cloud.com/jumpserver/core:${VERSION}-ce -ARG TARGETARCH +COPY --from=build-xpack /opt/xpack /opt/jumpserver/apps/xpack ARG TOOLS=" \ + g++ \ curl \ iputils-ping \ netcat-openbsd \ @@ -41,12 +15,24 @@ ARG TOOLS=" \ vim \ wget" -ARG APT_MIRROR=http://mirrors.ustc.edu.cn +ARG APT_MIRROR=http://deb.debian.org RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \ --mount=type=cache,target=/var/lib/apt,sharing=locked,id=core \ set -ex \ + && rm -f /etc/apt/apt.conf.d/docker-clean \ + && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache \ + && sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \ && apt-get update \ - && apt-get -y install --no-install-recommends ${TOOLS} + && apt-get -y install --no-install-recommends ${TOOLS} \ + && echo "no" | dpkg-reconfigure dash + + +ARG PIP_MIRROR=https://pypi.org/simple +RUN --mount=type=cache,target=/root/.cache,sharing=locked,id=core \ + --mount=type=bind,source=poetry.lock,target=/opt/jumpserver/poetry.lock \ + --mount=type=bind,source=pyproject.toml,target=/opt/jumpserver/pyproject.toml \ + set -ex \ + . /opt/py3/bin/activate \ + && pip install poetry -i ${PIP_MIRROR} \ + && poetry install --only xpack -COPY --from=build-core /opt/py3 /opt/py3 -COPY --from=build-xpack /opt/xpack /opt/jumpserver/apps/xpack \ No newline at end of file diff --git a/apps/i18n/lina/en.json b/apps/i18n/lina/en.json index 1500d2dda..c8091779e 100644 --- a/apps/i18n/lina/en.json +++ b/apps/i18n/lina/en.json @@ -883,7 +883,7 @@ "PrivateKey": "Private key", "Privileged": "Privileged", "PrivilegedFirst": "Privileged first", - "PrivilegedOnly": "Privileged accounts only", + "PrivilegedOnly": "Privileged only", "PrivilegedTemplate": "Privileged", "Product": "Product", "ProfileSetting": "Profile info", @@ -1389,4 +1389,4 @@ "Running": "Running", "AdhocCreate": "Create the command", "UploadHelpText": "Please upload a .zip file containing the following sample directory structure" -} \ No newline at end of file +}