diff --git a/.github/workflows/jms-build-test.yml b/.github/workflows/jms-build-test.yml index 33268215..1a292812 100644 --- a/.github/workflows/jms-build-test.yml +++ b/.github/workflows/jms-build-test.yml @@ -10,26 +10,39 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 - - uses: docker/setup-qemu-action@v2 + - name: Prepare Mirror + run: | + sed -i 's@registry.npmmirror.com@registry.yarnpkg.com@g' ui/yarn.lock - - uses: docker/setup-buildx-action@v2 - - - uses: docker/build-push-action@v3 + - name: Build CE Image + uses: docker/build-push-action@v5 with: context: . push: false - tags: jumpserver/koko:test + file: Dockerfile + tags: jumpserver/koko-ce:test + platforms: linux/amd64 build-args: | GOPROXY=direct APT_MIRROR=http://deb.debian.org - file: Dockerfile + NPM_REGISTRY=https://registry.yarnpkg.com cache-from: type=gha cache-to: type=gha,mode=max - - uses: LouisBrunner/checks-action@v1.5.0 - if: always() + - name: Build EE Image + uses: docker/build-push-action@v5 with: - token: ${{ secrets.GITHUB_TOKEN }} - name: Check Build - conclusion: ${{ job.status }} + context: . + push: false + file: Dockerfile-ee + tags: jumpserver/koko-ee:test + platforms: linux/amd64 + build-args: | + GOPROXY=direct + APT_MIRROR=http://deb.debian.org + NPM_REGISTRY=https://registry.yarnpkg.com + cache-from: type=gha + cache-to: type=gha,mode=max diff --git a/Dockerfile b/Dockerfile index 1c494599..ca6582a0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,29 +22,25 @@ FROM golang:1.21-bullseye as stage-build LABEL stage=stage-build ARG TARGETARCH -WORKDIR /opt/koko -ARG HELM_VERSION=v3.12.2 -ARG DOWNLOAD_URL=https://download.jumpserver.org - RUN set -ex \ && echo "no" | dpkg-reconfigure dash +WORKDIR /opt/koko +ARG HELM_VERSION=v3.14.3 +ARG KUBECTL_VERSION=v1.29.3 +ARG CHECK_VERSION=v1.0.2 RUN set -ex \ && mkdir -p /opt/koko/bin \ - && wget ${DOWNLOAD_URL}/public/kubectl-linux-${TARGETARCH}.tar.gz -O kubectl.tar.gz \ - && tar -xf kubectl.tar.gz -C /opt/koko/bin/ \ + && wget -O kubectl.tar.gz https://dl.k8s.io/${KUBECTL_VERSION}/kubernetes-client-linux-${TARGETARCH}.tar.gz \ + && tar -xf kubectl.tar.gz --strip-components=3 -C /opt/koko/bin/ kubernetes/client/bin/kubectl \ && mv /opt/koko/bin/kubectl /opt/koko/bin/rawkubectl \ - && wget -O helm.tar.gz https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf helm.tar.gz --strip-components=1 -C /opt/koko/bin/ linux-${TARGETARCH}/helm \ + && wget https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz \ + && tar -xf helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz --strip-components=1 -C /opt/koko/bin/ linux-${TARGETARCH}/helm \ && mv /opt/koko/bin/helm /opt/koko/bin/rawhelm \ - && \ - if [ "${TARGETARCH}" == "amd64" ] || [ "${TARGETARCH}" == "arm64" ]; then \ - wget ${DOWNLOAD_URL}/files/clickhouse/22.20.2.11/clickhouse-client-linux-${TARGETARCH}.tar.gz; \ - tar -xf clickhouse-client-linux-${TARGETARCH}.tar.gz -C /opt/koko/bin/; \ - fi \ - && wget ${DOWNLOAD_URL}/public/kubectl_aliases.tar.gz -O kubectl_aliases.tar.gz \ - && tar -xf kubectl_aliases.tar.gz \ - && chmod +x /opt/koko/bin/* \ + && wget https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ + && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/koko/bin/ \ + && wget https://github.com/ahmetb/kubectl-aliases/raw/master/.kubectl_aliases \ + && chmod 755 /opt/koko/bin/* \ && chown root:root /opt/koko/bin/* \ && rm -f *.tar.gz @@ -84,65 +80,22 @@ RUN mkdir /opt/koko/release \ FROM debian:bullseye-slim ARG TARGETARCH +ENV LANG=en_US.UTF-8 ARG DEPENDENCIES=" \ - bash-completion \ - ca-certificates \ - curl \ - git \ - git-lfs \ - iputils-ping \ - jq \ - less \ - locales \ - openssh-client \ - freetds-bin \ - mariadb-client \ - postgresql-client \ - telnet \ - unzip \ - vim \ - wget \ - xz-utils" + ca-certificates" ARG APT_MIRROR=http://mirrors.ustc.edu.cn - -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=koko \ +RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=koko-apt \ + --mount=type=cache,target=/var/lib/apt,sharing=locked,id=koko-apt \ sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \ && rm -f /etc/apt/apt.conf.d/docker-clean \ && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ && apt-get update \ && apt-get install -y --no-install-recommends ${DEPENDENCIES} \ && echo "no" | dpkg-reconfigure dash \ - && echo "zh_CN.UTF-8" | dpkg-reconfigure locales \ && sed -i "s@# export @export @g" ~/.bashrc \ - && sed -i "s@# alias @alias @g" ~/.bashrc \ - && rm -rf /var/lib/apt/lists/* - -ARG MONGOSH_VERSION=1.10.3 -RUN set -ex \ - && \ - case "${TARGETARCH}" in \ - amd64) \ - wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-x64.tgz \ - && tar -xf mongosh-${MONGOSH_VERSION}-linux-x64.tgz \ - && chown root:root mongosh-${MONGOSH_VERSION}-linux-x64/bin/* \ - && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh /usr/local/bin/ \ - && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh_crypt_v1.so /usr/local/lib/ \ - && rm -rf mongosh-${MONGOSH_VERSION}-linux-x64* \ - ;; \ - arm64) \ - wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \ - && tar -xf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \ - && chown root:root mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/* \ - && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh /usr/local/bin/ \ - && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh_crypt_v1.so /usr/local/lib/ \ - && rm -rf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}* \ - ;; \ - *) \ - echo "Unsupported architecture: ${TARGETARCH}" \ - ;; \ - esac + && sed -i "s@# alias @alias @g" ~/.bashrc COPY --from=redis /usr/local/bin/redis-cli /usr/local/bin/redis-cli diff --git a/Dockerfile-ee b/Dockerfile-ee new file mode 100644 index 00000000..c52a345f --- /dev/null +++ b/Dockerfile-ee @@ -0,0 +1,165 @@ +FROM redis:6.2-bullseye as redis + +FROM node:16.20-bullseye-slim as ui-build +ARG TARGETARCH +ARG NPM_REGISTRY="https://registry.npmmirror.com" +ENV NPM_REGISTY=$NPM_REGISTRY + +RUN set -ex \ + && npm config set registry ${NPM_REGISTRY} \ + && yarn config set registry ${NPM_REGISTRY} + +WORKDIR /opt/koko/ui +ADD ui/package.json ui/yarn.lock . +RUN --mount=type=cache,target=/usr/local/share/.cache/yarn,sharing=locked,id=koko \ + yarn install + +ADD ui . +RUN --mount=type=cache,target=/usr/local/share/.cache/yarn,sharing=locked,id=koko \ + yarn build + +FROM golang:1.21-bullseye as stage-build +LABEL stage=stage-build +ARG TARGETARCH + +WORKDIR /opt/koko +ARG HELM_VERSION=v3.12.2 +ARG DOWNLOAD_URL=https://download.jumpserver.org + +RUN set -ex \ + && echo "no" | dpkg-reconfigure dash + +WORKDIR /opt/koko +ARG HELM_VERSION=v3.14.3 +ARG KUBECTL_VERSION=v1.29.3 +ARG CHECK_VERSION=v1.0.2 +RUN set -ex \ + && mkdir -p /opt/koko/bin /opt/clickhouse \ + && LATEST_VERSION=$(curl -s https://packages.clickhouse.com/tgz/stable/ | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | sort -V -r | head -n 1) \ + && PKG="clickhouse-common-static" \ + && wget "https://packages.clickhouse.com/tgz/stable/$PKG-$LATEST_VERSION-${TARGETARCH}.tgz" \ + && tar -xf "$PKG-$LATEST_VERSION-${TARGETARCH}.tgz" --strip-components=1 -C /opt/clickhouse \ + && wget -O kubectl.tar.gz https://dl.k8s.io/${KUBECTL_VERSION}/kubernetes-client-linux-${TARGETARCH}.tar.gz \ + && tar -xf kubectl.tar.gz --strip-components=3 -C /opt/koko/bin/ kubernetes/client/bin/kubectl \ + && mv /opt/koko/bin/kubectl /opt/koko/bin/rawkubectl \ + && wget https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz \ + && tar -xf helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz --strip-components=1 -C /opt/koko/bin/ linux-${TARGETARCH}/helm \ + && mv /opt/koko/bin/helm /opt/koko/bin/rawhelm \ + && wget https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ + && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/koko/bin/ \ + && wget https://github.com/ahmetb/kubectl-aliases/raw/master/.kubectl_aliases \ + && mv /opt/clickhouse/usr/bin/clickhouse /usr/local/bin/clickhouse-client \ + && chmod 755 /opt/koko/bin/* \ + && chown root:root /opt/koko/bin/* \ + && rm -f *.tar.gz *.tgz \ + && rm -rf /opt/clickhouse + +ADD go.mod go.sum . + +ARG GOPROXY=https://goproxy.io +ENV CGO_ENABLED=0 +ENV GO111MODULE=on +ENV GOOS=linux + +RUN --mount=type=cache,target=/root/.cache \ + --mount=type=cache,target=/go/pkg/mod \ + go mod download -x + +COPY . . + +COPY --from=ui-build /opt/koko/ui/dist ui/dist + +ARG VERSION +ENV VERSION=$VERSION + +RUN --mount=type=cache,target=/root/.cache \ + --mount=type=cache,target=/go/pkg/mod \ + set +x \ + && make build -s \ + && set -x && ls -al . \ + && mv /opt/koko/build/koko-linux-${TARGETARCH} /opt/koko/koko \ + && mv /opt/koko/build/helm-linux-${TARGETARCH} /opt/koko/bin/helm \ + && mv /opt/koko/build/kubectl-linux-${TARGETARCH} /opt/koko/bin/kubectl + +RUN mkdir /opt/koko/release \ + && mv /opt/koko/locale /opt/koko/release \ + && mv /opt/koko/config_example.yml /opt/koko/release \ + && mv /opt/koko/entrypoint.sh /opt/koko/release \ + && mv /opt/koko/utils/init-kubectl.sh /opt/koko/release \ + && chmod 755 /opt/koko/release/entrypoint.sh /opt/koko/release/init-kubectl.sh + +FROM debian:bullseye-slim +ARG TARGETARCH + +ARG DEPENDENCIES=" \ + bash-completion \ + ca-certificates \ + curl \ + git \ + git-lfs \ + iputils-ping \ + jq \ + less \ + locales \ + openssh-client \ + freetds-bin \ + mariadb-client \ + postgresql-client \ + telnet \ + unzip \ + vim \ + wget \ + xz-utils" + +ARG APT_MIRROR=http://mirrors.ustc.edu.cn + +RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=koko-apt \ + --mount=type=cache,target=/var/lib/apt,sharing=locked,id=koko-apt \ + sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \ + && rm -f /etc/apt/apt.conf.d/docker-clean \ + && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ + && apt-get update \ + && apt-get install -y --no-install-recommends ${DEPENDENCIES} \ + && echo "no" | dpkg-reconfigure dash \ + && echo "zh_CN.UTF-8" | dpkg-reconfigure locales \ + && sed -i "s@# export @export @g" ~/.bashrc \ + && sed -i "s@# alias @alias @g" ~/.bashrc + +ARG MONGOSH_VERSION=1.10.3 +RUN set -ex \ + && \ + case "${TARGETARCH}" in \ + amd64) \ + wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-x64.tgz \ + && tar -xf mongosh-${MONGOSH_VERSION}-linux-x64.tgz \ + && chown root:root mongosh-${MONGOSH_VERSION}-linux-x64/bin/* \ + && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh /usr/local/bin/ \ + && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh_crypt_v1.so /usr/local/lib/ \ + && rm -rf mongosh-${MONGOSH_VERSION}-linux-x64* \ + ;; \ + arm64) \ + wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \ + && tar -xf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \ + && chown root:root mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/* \ + && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh /usr/local/bin/ \ + && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh_crypt_v1.so /usr/local/lib/ \ + && rm -rf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}* \ + ;; \ + *) \ + echo "Unsupported architecture: ${TARGETARCH}" \ + ;; \ + esac + +COPY --from=redis /usr/local/bin/redis-cli /usr/local/bin/redis-cli + +WORKDIR /opt/koko/ + +COPY --from=stage-build /opt/koko/.kubectl_aliases /opt/kubectl-aliases/.kubectl_aliases +COPY --from=stage-build /opt/koko/bin /usr/local/bin +COPY --from=stage-build /opt/koko/release . +COPY --from=stage-build /opt/koko/koko . + +ENV LANG=zh_CN.UTF-8 + +EXPOSE 2222 5000 +CMD ["./entrypoint.sh"] diff --git a/entrypoint.sh b/entrypoint.sh index dca85c4b..d6b45522 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,11 +1,11 @@ #!/bin/sh # -while [ "$(curl -I -m 10 -o /dev/null -s -w %{http_code} ${CORE_HOST}/api/health/)" != "200" ] -do - echo "wait for jms_core $CORE_HOST ready" +until /usr/local/bin/check ${CORE_HOST}/api/health/; do + echo "wait for jms_core ${CORE_HOST} ready" sleep 2 done + # 限制所有可执行目录的权限 chmod -R 700 /usr/local/sbin/* && chmod -R 700 /usr/local/bin/* && chmod -R 700 /usr/bin/* chmod -R 700 /usr/sbin/* && chmod -R 700 /sbin/* && chmod -R 700 /bin/* @@ -26,4 +26,4 @@ chown :jms_k8s_user `which jq` `which less` `which vim` `which ls` `which bash` chmod 750 `which jq` `which less` `which vim` `which ls` `which bash` `which grep` cd /opt/koko -./koko +./koko \ No newline at end of file