Merge pull request #331 from jumpserver/dev

v4.0.0
jumpserver · Jul 3, 2024 · c6572ad · c6572ad
2 parents 130d19b + 519acc1
commit c6572ad
Show file tree

Hide file tree

Showing 55 changed files with 4,000 additions and 2,011 deletions.
diff --git a/.github/workflows/jms-build-test.yml b/.github/workflows/jms-build-test.yml
@@ -1,34 +1,65 @@
 name: "Run Build Test"
 on:
   push:
-    branches:
-      - pr@*
-      - repr@*
+    paths:
+      - 'Dockerfile'
+      - 'Dockerfile*'
+      - 'Dockerfile-*'
+      - 'go.mod'
+      - 'go.sum'
 
 jobs:
   build:
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        component: [lion]
+        version: [v4]
     steps:
     - uses: actions/checkout@v3
-    - uses: docker/setup-qemu-action@v3
     - uses: docker/setup-buildx-action@v3
 
-    - name: Prepare Mirror
+    - name: Prepare Build
       run: |
         sed -i '[email protected]@registry.yarnpkg.com@g' ui/yarn.lock
-        sed -i '[email protected]/@@g' Dockerfile
+        sed -i 's@^FROM registry.fit2cloud.com/jumpserver@FROM ghcr.io/jumpserver@g' Dockerfile
+        sed -i 's@^FROM registry.fit2cloud.com/jumpserver@FROM ghcr.io/jumpserver@g' Dockerfile-ee
 
-    - name: Build Image
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.repository_owner }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Build CE Image
       uses: docker/build-push-action@v5
       with:
         context: .
-        push: false
+        push: true
         file: Dockerfile
-        tags: jumpserver/lion:test
+        tags: ghcr.io/jumpserver/${{ matrix.component }}:${{ matrix.version }}-ce
         platforms: linux/amd64
         build-args: |
+          VERSION=${{ matrix.version }}
           GOPROXY=direct
           APT_MIRROR=http://deb.debian.org
           NPM_REGISTRY=https://registry.yarnpkg.com
+        outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+
+    - name: Build EE Image
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        push: false
+        file: Dockerfile-ee
+        tags: ghcr.io/jumpserver/${{ matrix.component }}:${{ matrix.version }}
+        platforms: linux/amd64
+        build-args: |
+          VERSION=${{ matrix.version }}
+          APT_MIRROR=http://deb.debian.org
+        outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true
         cache-from: type=gha
         cache-to: type=gha,mode=max
diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
@@ -36,7 +36,7 @@ jobs:
           node-version: '16.20'
       - uses: actions/setup-go@v2
         with:
-          go-version: '1.21.x' # The Go version to download (if necessary) and use.
+          go-version: '1.22.x' # The Go version to download (if necessary) and use.
       - name: Make Build
         id: make_build
         env:
@@ -52,13 +52,3 @@ jobs:
             build/*.gz
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - name: sync lion-release
-        env:
-          REPO_URL: jumpserver/lion-release
-          TAG_NAME: ${{ steps.get_version.outputs.TAG }}
-          BRANCH: master
-          ACCESS_TOKEN: ${{ secrets.PRIVATE_TOKEN }}
-          FILE_PATTERN: build/*.gz
-        run:  |
-          wget "https://github.com/LeeEirc/ghaction/releases/download/v0.0.2/ghrcreate-linux-amd64"
-          chmod +x ghrcreate-linux-amd64 && ./ghrcreate-linux-amd64
diff --git a/Dockerfile b/Dockerfile
@@ -8,37 +8,48 @@ RUN set -ex \
     && yarn config set registry ${NPM_REGISTRY}
 
 WORKDIR /opt/lion/ui
-ADD ui/package.json ui/yarn.lock .
+
 RUN --mount=type=cache,target=/usr/local/share/.cache/yarn,sharing=locked,id=lion \
+    --mount=type=bind,source=ui/package.json,target=package.json \
+    --mount=type=bind,source=ui/yarn.lock,target=yarn.lock \
     yarn install
 
 ADD ui .
 RUN --mount=type=cache,target=/usr/local/share/.cache/yarn,sharing=locked,id=lion \
     yarn build
 
-FROM golang:1.21-bullseye as stage-build
+FROM golang:1.22-bullseye as stage-build
 LABEL stage=stage-build
 ARG TARGETARCH
 
-WORKDIR /opt/lion
+WORKDIR /opt
 
-ADD go.mod go.sum .
+ARG CHECK_VERSION=v1.0.2
+RUN set -ex \
+    && wget https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
+    && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
+    && mv check /usr/local/bin/ \
+    && chown root:root /usr/local/bin/check \
+    && chmod 755 /usr/local/bin/check \
+    && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz
 
 ARG GOPROXY=https://goproxy.io
 ENV CGO_ENABLED=0
 ENV GO111MODULE=on
-ENV GOOS=linux
 
-RUN --mount=type=cache,target=/root/.cache \
-    --mount=type=cache,target=/go/pkg/mod \
-    go mod download -x
+WORKDIR /opt/lion
+
+RUN --mount=type=cache,target=/go/pkg/mod,sharing=locked,id=lion \
+    --mount=type=bind,source=go.mod,target=go.mod \
+    --mount=type=bind,source=go.sum,target=go.sum \
+    go mod download
 
 COPY . .
+
 ARG VERSION
 ENV VERSION=$VERSION
 
-RUN --mount=type=cache,target=/root/.cache \
-    --mount=type=cache,target=/go/pkg/mod \
+RUN --mount=type=cache,target=/go/pkg/mod,sharing=locked,id=lion \
     export GOFlAGS="-X 'main.Buildstamp=`date -u '+%Y-%m-%d %I:%M:%S%p'`'" \
     && export GOFlAGS="${GOFlAGS} -X 'main.Githash=`git rev-parse HEAD`'" \
     && export GOFlAGS="${GOFlAGS} -X 'main.Goversion=`go version`'" \
@@ -47,33 +58,33 @@ RUN --mount=type=cache,target=/root/.cache \
 
 RUN chmod +x entrypoint.sh
 
-FROM registry.fit2cloud.com/jumpserver/guacd:1.5.3-bullseye
+FROM jumpserver/guacd:1.5.5-bullseye
 ARG TARGETARCH
-ENV LANG=zh_CN.UTF-8
+ENV LANG=en_US.UTF-8
 
 USER root
 
 ARG DEPENDENCIES="                    \
         ca-certificates               \
-        curl                          \
-        locales                       \
-        supervisor                    \
-        telnet"
+        supervisor"
 
 ARG APT_MIRROR=http://mirrors.ustc.edu.cn
 RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=lion \
-    sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked,id=lion \
+    set -ex \
+    && rm -f /etc/apt/apt.conf.d/docker-clean \
+    && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \
+    && sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
     && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
     && apt-get update \
     && apt-get install -y --no-install-recommends ${DEPENDENCIES} \
-    && echo "zh_CN.UTF-8" | dpkg-reconfigure locales \
     && sed -i "s@# export @export @g" ~/.bashrc \
-    && sed -i "s@# alias @alias @g" ~/.bashrc \
-    && rm -rf /var/lib/apt/lists/*
+    && sed -i "s@# alias @alias @g" ~/.bashrc
 
 WORKDIR /opt/lion
 
 COPY --from=ui-build /opt/lion/ui/dist ui/dist/
+COPY --from=stage-build /usr/local/bin /usr/local/bin
 COPY --from=stage-build /opt/lion/lion .
 COPY --from=stage-build /opt/lion/config_example.yml .
 COPY --from=stage-build /opt/lion/entrypoint.sh .
@@ -82,5 +93,12 @@ COPY --from=stage-build /opt/lion/supervisord.conf /etc/supervisor/conf.d/superv
 ARG VERSION
 ENV VERSION=$VERSION
 
+VOLUME /opt/lion/data
+
+ENTRYPOINT ["./entrypoint.sh"]
+
 EXPOSE 8081
-CMD ["./entrypoint.sh"]
+
+STOPSIGNAL SIGQUIT
+
+CMD [ "supervisord", "-c", "/etc/supervisor/supervisord.conf" ]
diff --git a/Dockerfile-ee b/Dockerfile-ee
@@ -0,0 +1,17 @@
+ARG VERSION
+
+FROM registry.fit2cloud.com/jumpserver/lion:${VERSION}-ce
+ARG TARGETARCH
+
+ARG DEPENDENCIES="                    \
+        curl                          \
+        iputils-ping                  \
+        telnet                        \
+        vim                           \
+        wget"
+
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=lion \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked,id=lion \
+    set -ex \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends ${DEPENDENCIES}