-
Notifications
You must be signed in to change notification settings - Fork 207
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
d7d2791
commit e36556c
Showing
4 changed files
with
98 additions
and
167 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,36 +1,51 @@ | ||
| name: "Run Build Test" | ||
| on: | ||
| push: | ||
| branches: | ||
| - pr@* | ||
| - repr@* | ||
| paths: | ||
| - 'Dockerfile' | ||
| - 'Dockerfile*' | ||
| - 'Dockerfile-*' | ||
| - 'go.mod' | ||
| - 'go.sum' | ||
|
|
||
| jobs: | ||
| build: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| - uses: docker/setup-qemu-action@v3 | ||
| - uses: docker/setup-buildx-action@v3 | ||
|
|
||
| - name: Prepare Mirror | ||
| run: | | ||
| sed -i '[email protected]@registry.yarnpkg.com@g' ui/yarn.lock | ||
| - name: Login to GitHub Container Registry | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.repository_owner }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Build CE Image | ||
| uses: docker/build-push-action@v5 | ||
| with: | ||
| context: . | ||
| push: false | ||
| push: true | ||
| file: Dockerfile | ||
| tags: jumpserver/koko-ce:test | ||
| tags: ghcr.io/jumpserver/koko:v4-lite | ||
| platforms: linux/amd64 | ||
| build-args: | | ||
| VERSION=v4 | ||
| GOPROXY=direct | ||
| APT_MIRROR=http://deb.debian.org | ||
| NPM_REGISTRY=https://registry.yarnpkg.com | ||
| outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true | ||
| cache-from: type=gha | ||
| cache-to: type=gha,mode=max | ||
|
|
||
| - name: Prepare EE Image | ||
| run: | | ||
| sed -i 's@^FROM registry.fit2cloud.com/jumpserver@FROM ghcr.io/jumpserver@g' Dockerfile-ee | ||
| - name: Build EE Image | ||
| uses: docker/build-push-action@v5 | ||
|
|
@@ -41,8 +56,10 @@ jobs: | |
| tags: jumpserver/koko-ee:test | ||
| platforms: linux/amd64 | ||
| build-args: | | ||
| VERSION=v4 | ||
| GOPROXY=direct | ||
| APT_MIRROR=http://deb.debian.org | ||
| NPM_REGISTRY=https://registry.yarnpkg.com | ||
| outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true | ||
| cache-from: type=gha | ||
| cache-to: type=gha,mode=max | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,165 +1,75 @@ | ||
| FROM redis:6.2-bullseye as redis | ||
|
|
||
| FROM node:16.20-bullseye-slim as ui-build | ||
| ARG TARGETARCH | ||
| ARG NPM_REGISTRY="https://registry.npmmirror.com" | ||
| ENV NPM_REGISTY=$NPM_REGISTRY | ||
|
|
||
| RUN set -ex \ | ||
| && npm config set registry ${NPM_REGISTRY} \ | ||
| && yarn config set registry ${NPM_REGISTRY} | ||
|
|
||
| WORKDIR /opt/koko/ui | ||
| ADD ui/package.json ui/yarn.lock . | ||
| RUN --mount=type=cache,target=/usr/local/share/.cache/yarn,sharing=locked,id=koko \ | ||
| yarn install | ||
|
|
||
| ADD ui . | ||
| RUN --mount=type=cache,target=/usr/local/share/.cache/yarn,sharing=locked,id=koko \ | ||
| yarn build | ||
|
|
||
| FROM golang:1.22-bullseye as stage-build | ||
| LABEL stage=stage-build | ||
| ARG TARGETARCH | ||
|
|
||
| WORKDIR /opt/koko | ||
| ARG HELM_VERSION=v3.12.2 | ||
| ARG DOWNLOAD_URL=https://download.jumpserver.org | ||
|
|
||
| RUN set -ex \ | ||
| && echo "no" | dpkg-reconfigure dash | ||
|
|
||
| WORKDIR /opt/koko | ||
| ARG HELM_VERSION=v3.14.3 | ||
| ARG KUBECTL_VERSION=v1.29.3 | ||
| ARG CHECK_VERSION=v1.0.2 | ||
| RUN set -ex \ | ||
| && mkdir -p /opt/koko/bin /opt/clickhouse \ | ||
| && LATEST_VERSION=$(curl -s https://packages.clickhouse.com/tgz/stable/ | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | sort -V -r | head -n 1) \ | ||
| && PKG="clickhouse-common-static" \ | ||
| && wget "https://packages.clickhouse.com/tgz/stable/$PKG-$LATEST_VERSION-${TARGETARCH}.tgz" \ | ||
| && tar -xf "$PKG-$LATEST_VERSION-${TARGETARCH}.tgz" --strip-components=1 -C /opt/clickhouse \ | ||
| && wget -O kubectl.tar.gz https://dl.k8s.io/${KUBECTL_VERSION}/kubernetes-client-linux-${TARGETARCH}.tar.gz \ | ||
| && tar -xf kubectl.tar.gz --strip-components=3 -C /opt/koko/bin/ kubernetes/client/bin/kubectl \ | ||
| && mv /opt/koko/bin/kubectl /opt/koko/bin/rawkubectl \ | ||
| && wget https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz \ | ||
| && tar -xf helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz --strip-components=1 -C /opt/koko/bin/ linux-${TARGETARCH}/helm \ | ||
| && mv /opt/koko/bin/helm /opt/koko/bin/rawhelm \ | ||
| && wget https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ | ||
| && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/koko/bin/ \ | ||
| && wget https://github.com/ahmetb/kubectl-aliases/raw/master/.kubectl_aliases \ | ||
| && mv /opt/clickhouse/usr/bin/clickhouse /usr/local/bin/clickhouse-client \ | ||
| && chmod 755 /opt/koko/bin/* \ | ||
| && chown root:root /opt/koko/bin/* \ | ||
| && rm -f *.tar.gz *.tgz \ | ||
| && rm -rf /opt/clickhouse | ||
|
|
||
| ADD go.mod go.sum . | ||
|
|
||
| ARG GOPROXY=https://goproxy.io | ||
| ENV CGO_ENABLED=0 | ||
| ENV GO111MODULE=on | ||
| ENV GOOS=linux | ||
|
|
||
| RUN --mount=type=cache,target=/root/.cache \ | ||
| --mount=type=cache,target=/go/pkg/mod \ | ||
| go mod download -x | ||
|
|
||
| COPY . . | ||
|
|
||
| COPY --from=ui-build /opt/koko/ui/dist ui/dist | ||
|
|
||
| ARG VERSION | ||
| ENV VERSION=$VERSION | ||
|
|
||
| RUN --mount=type=cache,target=/root/.cache \ | ||
| --mount=type=cache,target=/go/pkg/mod \ | ||
| set +x \ | ||
| && make build -s \ | ||
| && set -x && ls -al . \ | ||
| && mv /opt/koko/build/koko-linux-${TARGETARCH} /opt/koko/koko \ | ||
| && mv /opt/koko/build/helm-linux-${TARGETARCH} /opt/koko/bin/helm \ | ||
| && mv /opt/koko/build/kubectl-linux-${TARGETARCH} /opt/koko/bin/kubectl | ||
|
|
||
| RUN mkdir /opt/koko/release \ | ||
| && mv /opt/koko/locale /opt/koko/release \ | ||
| && mv /opt/koko/config_example.yml /opt/koko/release \ | ||
| && mv /opt/koko/entrypoint.sh /opt/koko/release \ | ||
| && mv /opt/koko/utils/init-kubectl.sh /opt/koko/release \ | ||
| && chmod 755 /opt/koko/release/entrypoint.sh /opt/koko/release/init-kubectl.sh | ||
|
|
||
| FROM debian:bullseye-slim | ||
| FROM debian:bullseye-slim as stage-build | ||
| ARG TARGETARCH | ||
|
|
||
| ARG DEPENDENCIES=" \ | ||
| bash-completion \ | ||
| ca-certificates \ | ||
| curl \ | ||
| git \ | ||
| git-lfs \ | ||
| iputils-ping \ | ||
| jq \ | ||
| less \ | ||
| locales \ | ||
| openssh-client \ | ||
| freetds-bin \ | ||
| mariadb-client \ | ||
| postgresql-client \ | ||
| telnet \ | ||
| unzip \ | ||
| vim \ | ||
| wget \ | ||
| xz-utils" | ||
| wget" | ||
|
|
||
| ARG APT_MIRROR=http://mirrors.ustc.edu.cn | ||
|
|
||
| RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=koko-apt \ | ||
| --mount=type=cache,target=/var/lib/apt,sharing=locked,id=koko-apt \ | ||
| sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \ | ||
| RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ | ||
| --mount=type=cache,target=/var/lib/apt,sharing=locked \ | ||
| set -ex \ | ||
| && rm -f /etc/apt/apt.conf.d/docker-clean \ | ||
| && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ | ||
| && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ | ||
| && sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \ | ||
| && apt-get update \ | ||
| && apt-get install -y --no-install-recommends ${DEPENDENCIES} \ | ||
| && echo "no" | dpkg-reconfigure dash \ | ||
| && echo "zh_CN.UTF-8" | dpkg-reconfigure locales \ | ||
| && sed -i "s@# export @export @g" ~/.bashrc \ | ||
| && sed -i "s@# alias @alias @g" ~/.bashrc | ||
| && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ | ||
| && echo "no" | dpkg-reconfigure dash | ||
|
|
||
| WORKDIR /opt/koko | ||
|
|
||
| ARG MONGOSH_VERSION=1.10.3 | ||
| RUN set -ex \ | ||
| && mkdir -p /opt/koko/bin /opt/koko/lib \ | ||
| && \ | ||
| case "${TARGETARCH}" in \ | ||
| amd64) \ | ||
| wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-x64.tgz \ | ||
| && tar -xf mongosh-${MONGOSH_VERSION}-linux-x64.tgz \ | ||
| && chown root:root mongosh-${MONGOSH_VERSION}-linux-x64/bin/* \ | ||
| && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh /usr/local/bin/ \ | ||
| && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh_crypt_v1.so /usr/local/lib/ \ | ||
| && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh /opt/koko/bin/ \ | ||
| && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh_crypt_v1.so /opt/koko/lib/ \ | ||
| && rm -rf mongosh-${MONGOSH_VERSION}-linux-x64* \ | ||
| ;; \ | ||
| arm64) \ | ||
| wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \ | ||
| && tar -xf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \ | ||
| && chown root:root mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/* \ | ||
| && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh /usr/local/bin/ \ | ||
| && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh_crypt_v1.so /usr/local/lib/ \ | ||
| && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh /opt/koko/bin/ \ | ||
| && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh_crypt_v1.so /opt/koko/lib/ \ | ||
| && rm -rf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}* \ | ||
| ;; \ | ||
| *) \ | ||
| echo "Unsupported architecture: ${TARGETARCH}" \ | ||
| ;; \ | ||
| esac | ||
|
|
||
| COPY --from=redis /usr/local/bin/redis-cli /usr/local/bin/redis-cli | ||
|
|
||
| WORKDIR /opt/koko/ | ||
| FROM registry.fit2cloud.com/jumpserver/koko:${VERSION}-lite | ||
| ARG TARGETARCH | ||
|
|
||
| COPY --from=stage-build /opt/koko/.kubectl_aliases /opt/kubectl-aliases/.kubectl_aliases | ||
| COPY --from=stage-build /opt/koko/bin /usr/local/bin | ||
| COPY --from=stage-build /opt/koko/release . | ||
| COPY --from=stage-build /opt/koko/koko . | ||
| ARG DEPENDENCIES=" \ | ||
| bash-completion \ | ||
| curl \ | ||
| git \ | ||
| git-lfs \ | ||
| iputils-ping \ | ||
| jq \ | ||
| less \ | ||
| openssh-client \ | ||
| telnet \ | ||
| unzip \ | ||
| vim \ | ||
| wget \ | ||
| xz-utils" | ||
|
|
||
| ENV LANG=zh_CN.UTF-8 | ||
| RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ | ||
| --mount=type=cache,target=/var/lib/apt,sharing=locked \ | ||
| set -ex \ | ||
| && apt-get update \ | ||
| && apt-get install -y --no-install-recommends ${DEPENDENCIES} | ||
|
|
||
| EXPOSE 2222 5000 | ||
| CMD ["./entrypoint.sh"] | ||
| COPY --from=stage-build /opt/koko/bin /usr/local/bin | ||
| COPY --from=stage-build /opt/koko/lib /usr/local/lib |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,29 +1,20 @@ | ||
| #!/bin/sh | ||
| # | ||
|
|
||
| until /usr/local/bin/check ${CORE_HOST}/api/health/; do | ||
| echo "wait for jms_core ${CORE_HOST} ready" | ||
| sleep 2 | ||
| done | ||
| if [ -n "$CORE_HOST" ]; then | ||
| until check ${CORE_HOST}/api/health/; do | ||
| echo "wait for jms_core ${CORE_HOST} ready" | ||
| sleep 2 | ||
| done | ||
| fi | ||
|
|
||
| # 限制所有可执行目录的权限 | ||
| chmod -R 700 /usr/local/sbin/* && chmod -R 700 /usr/local/bin/* && chmod -R 700 /usr/bin/* | ||
| chmod -R 700 /usr/sbin/* && chmod -R 700 /sbin/* && chmod -R 700 /bin/* | ||
| export WORK_DIR=/opt/koko | ||
| export COMPONENT_NAME=koko | ||
| export WISP_TRACE_PROCESS=1 | ||
| export EXECUTE_PROGRAM=/opt/koko/koko | ||
|
|
||
| function init_jms_k8s_user(){ | ||
| echo `getent passwd | grep 'jms_k8s_user' || useradd -M -U -d /nonexistent jms_k8s_user` > /dev/null 2>&1 | ||
| echo `getent passwd | grep 'jms_k8s_user' | grep '/nonexistent' || usermod -d /nonexistent jms_k8s_user` > /dev/null 2>&1 | ||
| echo `getent group | grep 'jms_k8s_user' || groupadd jms_k8s_user` > /dev/null 2>&1 | ||
| } | ||
| init_jms_k8s_user | ||
| if [ ! "$LOG_LEVEL" ]; then | ||
| export LOG_LEVEL=ERROR | ||
| fi | ||
|
|
||
| # 放开部分需要的可执行权限 | ||
| chmod 755 `which mysql` `which psql` `which mongosh` `which tsql` `which redis` `which clickhouse-client` | ||
| chmod 755 `which kubectl` `which rawkubectl` `which helm` `which rawhelm` | ||
|
|
||
| # k8s 集群连接需要的命令 | ||
| chown :jms_k8s_user `which jq` `which less` `which vim` `which ls` `which bash` `which grep` | ||
| chmod 750 `which jq` `which less` `which vim` `which ls` `which bash` `which grep` | ||
|
|
||
| cd /opt/koko | ||
| ./koko | ||
| exec "$@" |