perf: 优化镜像构建

.github/workflows/jms-build-test.yml

@@ -10,26 +10,39 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
+    - uses: docker/setup-qemu-action@v3
+    - uses: docker/setup-buildx-action@v3
 
-    - uses: docker/setup-qemu-action@v2
+    - name: Prepare Mirror
+      run: |
+        sed -i '[email protected]@registry.yarnpkg.com@g' ui/yarn.lock
 
-    - uses: docker/setup-buildx-action@v2
-
-    - uses: docker/build-push-action@v3
+    - name: Build CE Image
+      uses: docker/build-push-action@v5
       with:
         context: .
         push: false
-        tags: jumpserver/koko:test
+        file: Dockerfile
+        tags: jumpserver/koko-ce:test
+        platforms: linux/amd64
         build-args: |
           GOPROXY=direct
           APT_MIRROR=http://deb.debian.org
-        file: Dockerfile
+          NPM_REGISTRY=https://registry.yarnpkg.com
         cache-from: type=gha
         cache-to: type=gha,mode=max
 
-    - uses: LouisBrunner/[email protected]
-      if: always()
+    - name: Build EE Image
+      uses: docker/build-push-action@v5
       with:
-        token: ${{ secrets.GITHUB_TOKEN }}
-        name: Check Build
-        conclusion: ${{ job.status }}
+        context: .
+        push: false
+        file: Dockerfile-ee
+        tags: jumpserver/koko-ee:test
+        platforms: linux/amd64
+        build-args: |
+          GOPROXY=direct
+          APT_MIRROR=http://deb.debian.org
+          NPM_REGISTRY=https://registry.yarnpkg.com
+        cache-from: type=gha
+        cache-to: type=gha,mode=max

Dockerfile

@@ -22,29 +22,25 @@ FROM golang:1.21-bullseye as stage-build
 LABEL stage=stage-build
 ARG TARGETARCH
 
-WORKDIR /opt/koko
-ARG HELM_VERSION=v3.12.2
-ARG DOWNLOAD_URL=https://download.jumpserver.org
-
 RUN set -ex \
     && echo "no" | dpkg-reconfigure dash
 
+WORKDIR /opt/koko
+ARG HELM_VERSION=v3.14.3
+ARG KUBECTL_VERSION=v1.29.3
+ARG CHECK_VERSION=v1.0.2
 RUN set -ex \
     && mkdir -p /opt/koko/bin \
-    && wget ${DOWNLOAD_URL}/public/kubectl-linux-${TARGETARCH}.tar.gz -O kubectl.tar.gz \
-    && tar -xf kubectl.tar.gz -C /opt/koko/bin/ \
+    && wget -O kubectl.tar.gz https://dl.k8s.io/${KUBECTL_VERSION}/kubernetes-client-linux-${TARGETARCH}.tar.gz \
+    && tar -xf kubectl.tar.gz --strip-components=3 -C /opt/koko/bin/ kubernetes/client/bin/kubectl \
     && mv /opt/koko/bin/kubectl /opt/koko/bin/rawkubectl \
-    && wget -O helm.tar.gz https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz \
-    && tar -xf helm.tar.gz --strip-components=1 -C /opt/koko/bin/ linux-${TARGETARCH}/helm \
+    && wget https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz \
+    && tar -xf helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz --strip-components=1 -C /opt/koko/bin/ linux-${TARGETARCH}/helm \
     && mv /opt/koko/bin/helm /opt/koko/bin/rawhelm \
-    && \
-    if [ "${TARGETARCH}" == "amd64" ] || [ "${TARGETARCH}" == "arm64" ]; then \
-        wget ${DOWNLOAD_URL}/files/clickhouse/22.20.2.11/clickhouse-client-linux-${TARGETARCH}.tar.gz; \
-        tar -xf clickhouse-client-linux-${TARGETARCH}.tar.gz -C /opt/koko/bin/; \
-    fi \
-    && wget ${DOWNLOAD_URL}/public/kubectl_aliases.tar.gz -O kubectl_aliases.tar.gz \
-    && tar -xf kubectl_aliases.tar.gz \
-    && chmod +x /opt/koko/bin/* \
+    && wget https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
+    && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/koko/bin/ \
+    && wget https://github.com/ahmetb/kubectl-aliases/raw/master/.kubectl_aliases \
+    && chmod 755 /opt/koko/bin/* \
     && chown root:root /opt/koko/bin/* \
     && rm -f *.tar.gz
 
@@ -84,65 +80,22 @@ RUN mkdir /opt/koko/release \
 
 FROM debian:bullseye-slim
 ARG TARGETARCH
+ENV LANG=en_US.UTF-8
 
 ARG DEPENDENCIES="                    \
-        bash-completion               \
-        ca-certificates               \
-        curl                          \
-        git                           \
-        git-lfs                       \
-        iputils-ping                  \
-        jq                            \
-        less                          \
-        locales                       \
-        openssh-client                \
-        freetds-bin                   \
-        mariadb-client                \
-        postgresql-client             \
-        telnet                        \
-        unzip                         \
-        vim                           \
-        wget                          \
-        xz-utils"
+        ca-certificates"
 
 ARG APT_MIRROR=http://mirrors.ustc.edu.cn
-
-RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=koko \
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=koko-apt \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked,id=koko-apt \
     sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
     && rm -f /etc/apt/apt.conf.d/docker-clean \
     && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
     && apt-get update \
     && apt-get install -y --no-install-recommends ${DEPENDENCIES} \
     && echo "no" | dpkg-reconfigure dash \
-    && echo "zh_CN.UTF-8" | dpkg-reconfigure locales \
     && sed -i "s@# export @export @g" ~/.bashrc \
-    && sed -i "s@# alias @alias @g" ~/.bashrc \
-    && rm -rf /var/lib/apt/lists/*
-
-ARG MONGOSH_VERSION=1.10.3
-RUN set -ex \
-    && \
-    case "${TARGETARCH}" in \
-        amd64) \
-            wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-x64.tgz \
-            && tar -xf mongosh-${MONGOSH_VERSION}-linux-x64.tgz \
-            && chown root:root mongosh-${MONGOSH_VERSION}-linux-x64/bin/* \
-            && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh /usr/local/bin/ \
-            && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh_crypt_v1.so /usr/local/lib/ \
-            && rm -rf mongosh-${MONGOSH_VERSION}-linux-x64* \
-            ;; \
-        arm64) \
-            wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \
-            && tar -xf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \
-            && chown root:root mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/* \
-            && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh /usr/local/bin/ \
-            && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh_crypt_v1.so /usr/local/lib/ \
-            && rm -rf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}* \
-            ;; \
-        *) \
-            echo "Unsupported architecture: ${TARGETARCH}" \
-            ;; \
-    esac
+    && sed -i "s@# alias @alias @g" ~/.bashrc
 
 COPY --from=redis /usr/local/bin/redis-cli /usr/local/bin/redis-cli
 

Dockerfile-ee

@@ -0,0 +1,165 @@
+FROM redis:6.2-bullseye as redis
+
+FROM node:16.20-bullseye-slim as ui-build
+ARG TARGETARCH
+ARG NPM_REGISTRY="https://registry.npmmirror.com"
+ENV NPM_REGISTY=$NPM_REGISTRY
+
+RUN set -ex \
+    && npm config set registry ${NPM_REGISTRY} \
+    && yarn config set registry ${NPM_REGISTRY}
+
+WORKDIR /opt/koko/ui
+ADD ui/package.json ui/yarn.lock .
+RUN --mount=type=cache,target=/usr/local/share/.cache/yarn,sharing=locked,id=koko \
+    yarn install
+
+ADD ui .
+RUN --mount=type=cache,target=/usr/local/share/.cache/yarn,sharing=locked,id=koko \
+    yarn build
+
+FROM golang:1.21-bullseye as stage-build
+LABEL stage=stage-build
+ARG TARGETARCH
+
+WORKDIR /opt/koko
+ARG HELM_VERSION=v3.12.2
+ARG DOWNLOAD_URL=https://download.jumpserver.org
+
+RUN set -ex \
+    && echo "no" | dpkg-reconfigure dash
+
+WORKDIR /opt/koko
+ARG HELM_VERSION=v3.14.3
+ARG KUBECTL_VERSION=v1.29.3
+ARG CHECK_VERSION=v1.0.2
+RUN set -ex \
+    && mkdir -p /opt/koko/bin /opt/clickhouse \
+    && LATEST_VERSION=$(curl -s https://packages.clickhouse.com/tgz/stable/ | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | sort -V -r | head -n 1) \
+    && PKG="clickhouse-common-static" \
+    && wget "https://packages.clickhouse.com/tgz/stable/$PKG-$LATEST_VERSION-${TARGETARCH}.tgz" \
+    && tar -xf "$PKG-$LATEST_VERSION-${TARGETARCH}.tgz" --strip-components=1 -C /opt/clickhouse \
+    && wget -O kubectl.tar.gz https://dl.k8s.io/${KUBECTL_VERSION}/kubernetes-client-linux-${TARGETARCH}.tar.gz \
+    && tar -xf kubectl.tar.gz --strip-components=3 -C /opt/koko/bin/ kubernetes/client/bin/kubectl \
+    && mv /opt/koko/bin/kubectl /opt/koko/bin/rawkubectl \
+    && wget https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz \
+    && tar -xf helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz --strip-components=1 -C /opt/koko/bin/ linux-${TARGETARCH}/helm \
+    && mv /opt/koko/bin/helm /opt/koko/bin/rawhelm \
+    && wget https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
+    && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/koko/bin/ \
+    && wget https://github.com/ahmetb/kubectl-aliases/raw/master/.kubectl_aliases \
+    && mv /opt/clickhouse/usr/bin/clickhouse /usr/local/bin/clickhouse-client \
+    && chmod 755 /opt/koko/bin/* \
+    && chown root:root /opt/koko/bin/* \
+    && rm -f *.tar.gz *.tgz \
+    && rm -rf /opt/clickhouse
+
+ADD go.mod go.sum .
+
+ARG GOPROXY=https://goproxy.io
+ENV CGO_ENABLED=0
+ENV GO111MODULE=on
+ENV GOOS=linux
+
+RUN --mount=type=cache,target=/root/.cache \
+    --mount=type=cache,target=/go/pkg/mod \
+    go mod download -x
+
+COPY . .
+
+COPY --from=ui-build /opt/koko/ui/dist ui/dist
+
+ARG VERSION
+ENV VERSION=$VERSION
+
+RUN --mount=type=cache,target=/root/.cache \
+    --mount=type=cache,target=/go/pkg/mod \
+    set +x \
+    && make build -s \
+    && set -x && ls -al . \
+    && mv /opt/koko/build/koko-linux-${TARGETARCH} /opt/koko/koko \
+    && mv /opt/koko/build/helm-linux-${TARGETARCH} /opt/koko/bin/helm \
+    && mv /opt/koko/build/kubectl-linux-${TARGETARCH} /opt/koko/bin/kubectl
+
+RUN mkdir /opt/koko/release \
+    && mv /opt/koko/locale /opt/koko/release \
+    && mv /opt/koko/config_example.yml /opt/koko/release \
+    && mv /opt/koko/entrypoint.sh /opt/koko/release \
+    && mv /opt/koko/utils/init-kubectl.sh /opt/koko/release \
+    && chmod 755 /opt/koko/release/entrypoint.sh /opt/koko/release/init-kubectl.sh
+
+FROM debian:bullseye-slim
+ARG TARGETARCH
+
+ARG DEPENDENCIES="                    \
+        bash-completion               \
+        ca-certificates               \
+        curl                          \
+        git                           \
+        git-lfs                       \
+        iputils-ping                  \
+        jq                            \
+        less                          \
+        locales                       \
+        openssh-client                \
+        freetds-bin                   \
+        mariadb-client                \
+        postgresql-client             \
+        telnet                        \
+        unzip                         \
+        vim                           \
+        wget                          \
+        xz-utils"
+
+ARG APT_MIRROR=http://mirrors.ustc.edu.cn
+
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=koko-apt \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked,id=koko-apt \
+    sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
+    && rm -f /etc/apt/apt.conf.d/docker-clean \
+    && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends ${DEPENDENCIES} \
+    && echo "no" | dpkg-reconfigure dash \
+    && echo "zh_CN.UTF-8" | dpkg-reconfigure locales \
+    && sed -i "s@# export @export @g" ~/.bashrc \
+    && sed -i "s@# alias @alias @g" ~/.bashrc
+
+ARG MONGOSH_VERSION=1.10.3
+RUN set -ex \
+    && \
+    case "${TARGETARCH}" in \
+        amd64) \
+            wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-x64.tgz \
+            && tar -xf mongosh-${MONGOSH_VERSION}-linux-x64.tgz \
+            && chown root:root mongosh-${MONGOSH_VERSION}-linux-x64/bin/* \
+            && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh /usr/local/bin/ \
+            && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh_crypt_v1.so /usr/local/lib/ \
+            && rm -rf mongosh-${MONGOSH_VERSION}-linux-x64* \
+            ;; \
+        arm64) \
+            wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \
+            && tar -xf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \
+            && chown root:root mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/* \
+            && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh /usr/local/bin/ \
+            && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh_crypt_v1.so /usr/local/lib/ \
+            && rm -rf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}* \
+            ;; \
+        *) \
+            echo "Unsupported architecture: ${TARGETARCH}" \
+            ;; \
+    esac
+
+COPY --from=redis /usr/local/bin/redis-cli /usr/local/bin/redis-cli
+
+WORKDIR /opt/koko/
+
+COPY --from=stage-build /opt/koko/.kubectl_aliases /opt/kubectl-aliases/.kubectl_aliases
+COPY --from=stage-build /opt/koko/bin /usr/local/bin
+COPY --from=stage-build /opt/koko/release .
+COPY --from=stage-build /opt/koko/koko .
+
+ENV LANG=zh_CN.UTF-8
+
+EXPOSE 2222 5000
+CMD ["./entrypoint.sh"]

entrypoint.sh

@@ -1,11 +1,11 @@
 #!/bin/sh
 #
 
-while [ "$(curl -I -m 10 -o /dev/null -s -w %{http_code} ${CORE_HOST}/api/health/)" != "200" ]
-do
-    echo "wait for jms_core $CORE_HOST ready"
+until /usr/local/bin/check ${CORE_HOST}/api/health/; do
+    echo "wait for jms_core ${CORE_HOST} ready"
     sleep 2
 done
+
 # 限制所有可执行目录的权限
 chmod -R  700 /usr/local/sbin/* && chmod -R 700 /usr/local/bin/* && chmod -R 700 /usr/bin/*
 chmod -R  700 /usr/sbin/* && chmod -R 700 /sbin/* && chmod -R 700 /bin/*
@@ -26,4 +26,4 @@ chown :jms_k8s_user  `which jq` `which less` `which vim` `which ls` `which bash`
 chmod  750 `which jq` `which less` `which vim` `which ls` `which bash` `which grep`
 
 cd /opt/koko
-./koko
+./koko