From 21eb87ad03f3992270861fd77c3639e9c37d6649 Mon Sep 17 00:00:00 2001 From: Pallab Pain Date: Wed, 29 Nov 2023 16:25:07 +0530 Subject: [PATCH] ci: adds workflow to build custom alpine image --- .github/workflows/build-alpine.yml | 52 ++++++++++++++++++++++++++++++ Dockerfile.alpine | 37 +++++++++++++++++++++ hack/acl_watcher.sh | 9 ++++++ hack/start.sh | 6 ++++ 4 files changed, 104 insertions(+) create mode 100644 .github/workflows/build-alpine.yml create mode 100644 Dockerfile.alpine create mode 100644 hack/acl_watcher.sh create mode 100644 hack/start.sh diff --git a/.github/workflows/build-alpine.yml b/.github/workflows/build-alpine.yml new file mode 100644 index 00000000000..d20e50d9bfb --- /dev/null +++ b/.github/workflows/build-alpine.yml @@ -0,0 +1,52 @@ +name: Build alpine image + +on: + push: + workflow_dispatch: + +env: + BUILD_VERSION: "v0.22.3-dev" + DOCKER_CLI_EXPERIMENTAL: enabled + +permissions: read-all + +jobs: + docker: + runs-on: ubuntu-latest + steps: + - name: 🛒 Checkout Code + uses: actions/checkout@v4 + + - name: ⚙️ Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: ⚙️ Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: 🔑 Login to quay.io + uses: docker/login-action@v3 + with: + registry: quay.io + username: ${{ secrets.QUAY_USER }} + password: ${{ secrets.QUAY_PASS }} + + - name: 🏷️ Generate Image Tags + id: image-metadata + uses: docker/metadata-action@v4 + with: + images: | + name=quay.io/rapyuta/rr-headscale + tags: | + type=raw,value=${{ env.BUILD_VERSION }} + + - name: ⬆️ Build and Push + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.alpine + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.image-metadata.outputs.tags }} + push: true + build-args: | + BUILD_VERSION + sbom: true \ No newline at end of file diff --git a/Dockerfile.alpine b/Dockerfile.alpine new file mode 100644 index 00000000000..0b76343a41b --- /dev/null +++ b/Dockerfile.alpine @@ -0,0 +1,37 @@ +FROM golang:1.21.4-alpine3.18@sha256:110b07af87238fbdc5f1df52b00927cf58ce3de358eeeb1854f10a8b5e5e1411 AS build + +WORKDIR /go/src/github.com/juanfont/headscale/ + +ARG BUILD_VERSION + +COPY . . + +RUN test -n "${BUILD_VERSION}" \ + && apk update \ + && apk upgrade -a \ + && apk add --no-cache ca-certificates curl gcc musl-dev \ + && update-ca-certificates \ + && CGO_ENABLED=0 go build -o ./headscale -v -trimpath -ldflags="-s -w -X github.com/juanfont/headscale/cmd/headscale/cli.Version=${BUILD_VERSION}" ./cmd/headscale + +WORKDIR /config + +FROM alpine:3.18.4@sha256:eece025e432126ce23f223450a0326fbebde39cdf496a85d8c016293fc851978 + +LABEL org.opencontainers.image.title="quay.io/rapyuta/rr-headscale" +LABEL org.opencontainers.image.description="An open source, self-hosted implementation of the Tailscale coordination server." + +RUN apk update && apk upgrade -a && apk add inotify-tools + +COPY --from=build /etc/ssl/certs /etc/ssl/certs + +COPY --from=build /go/src/github.com/juanfont/headscale/headscale /usr/local/bin/headscale +COPY --from=build /config /config + +COPY ./hack/acl_watcher.sh ./hack/start.sh . +RUN chmod +x start.sh acl_watcher.sh + +EXPOSE 8080/tcp + +ENTRYPOINT [ "./start.sh" ] + +CMD ["help"] diff --git a/hack/acl_watcher.sh b/hack/acl_watcher.sh new file mode 100644 index 00000000000..b10278309fe --- /dev/null +++ b/hack/acl_watcher.sh @@ -0,0 +1,9 @@ +#!/bin/sh +set -x + +inotifywait --event moved_to --recursive --monitor /acl | +while read -r +do + echo "$(date +%s) noticed acl update; triggered reload" + killall -s SIGHUP headscale +done \ No newline at end of file diff --git a/hack/start.sh b/hack/start.sh new file mode 100644 index 00000000000..c6e6147515d --- /dev/null +++ b/hack/start.sh @@ -0,0 +1,6 @@ +#!/bin/sh +set -x + +./acl_watcher.sh & + +/usr/local/bin/headscale serve --config /etc/headscale/config.yaml \ No newline at end of file