dockerfile v2 and pipeline rework

pagopa · Sep 22, 2023 · da9e53d · da9e53d
1 parent 3a42fd5
commit da9e53d
Show file tree

Hide file tree

Showing 2 changed files with 153 additions and 5 deletions.
diff --git a/.github/workflows/beta-docker-branch.yml b/.github/workflows/beta-docker-branch.yml
@@ -10,6 +10,10 @@ on:
       - '**.md'
       - '.**'
 
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
 jobs:
   release:
     name: Beta docker on dev branch
@@ -24,6 +28,9 @@ jobs:
           persist-credentials: false
           fetch-depth: 0
 
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
+
       - name: Log in to the Container registry
         id: docker_login
         # from https://github.com/docker/login-action/commits/master
@@ -33,15 +40,31 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+          images: |
+            ${{ env.REGISTRY }}/${{ github.repository }}
+          tags: |
+            type=ref,event=branch
+            type=raw,value=beta-${{ github.ref_name }}
+          labels:
+            org.opencontainers.image.title=${{ github.repository }}-beta
+            org.opencontainers.image.description=GitHub self hosted runner
+            org.opencontainers.image.authors=PagoPA
+            org.opencontainers.image.url=github.com/PagoPA/${{ github.repository }}
+            org.opencontainers.image.source=https://github.com/${{ github.repository }}
+
       - name: Build and push Docker image
         id: docker_build_push
         # from https://github.com/docker/build-push-action/commits/master
         uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5
         with:
           context: .
           push: true
-          tags: |
-            ghcr.io/${{ github.repository }}:beta-${{ github.ref_name }}
-          labels: |
-            maintainer=https://pagopa.it
-            org.opencontainers.image.source=https://github.com/${{ github.repository }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          file: Dockerfile.github
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/Dockerfile.github b/Dockerfile.github
@@ -0,0 +1,125 @@
+FROM ghcr.io/actions/actions-runner:2.309.0 AS base
+# FROM ubuntu:22.04@sha256:965fbcae990b0467ed5657caceaec165018ef44a4d2d46c7cdea80a9dff0d1ea
+USER root
+
+RUN apt-get update \
+    && apt-get install -y curl jq \
+    && apt-get -y install curl git vim \
+    && apt-get -y install zip unzip \
+    && apt-get -y install ca-certificates curl wget apt-transport-https lsb-release gnupg \
+    && apt-get satisfy "python3-pip (<= 22.1)" -y
+    # && apt-get clean \
+    # && rm -rf /var/lib/apt/lists/*
+
+# 1) 510/1.21GB (changing base image from ubuntu to gh runner)
+
+FROM base AS deps
+
+# 2) 510/1.21GB (changing base image from ubuntu to gh runner)
+
+RUN bash bin/installdependencies.sh
+    # && apt-get clean \
+    # && rm -rf /var/lib/apt/lists/*
+# 3) 1.22GB (necessary?)
+
+FROM deps AS deps-az
+RUN curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null
+RUN AZ_REPO=$(lsb_release -cs) && \
+    echo "deb [arch=$(dpkg --print-architecture)] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" | tee /etc/apt/sources.list.d/azure-cli.list
+RUN apt-get update && \
+    apt-get -y install azure-cli
+    # && apt-get clean \
+    # && rm -rf /var/lib/apt/lists/*
+
+RUN az config set extension.use_dynamic_install=yes_without_prompt
+
+FROM deps-az AS deps-node-yarn
+# 4) 1.81GB
+RUN curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/trusted.gpg.d/nodesource.gpg
+ENV NODE_MAJOR_VERSION="${ENV_NODE_MAJOR_VERSION:-20}"
+RUN echo "deb [signed-by=/etc/apt/trusted.gpg.d/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR_VERSION.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list
+RUN apt-get update \
+    && apt-get -y install nodejs \
+    && npm install -g yarn
+    # && apt-get clean \
+    # && rm -rf /var/lib/apt/lists/*
+
+# 5) 1.98GB
+
+FROM deps-node-yarn AS deps-kube
+# RUN curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+# RUN echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list
+# # 6) 1.98GB
+
+RUN curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null
+RUN echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list
+
+# # 7) 1.98GB
+
+RUN apt-get update \
+#     && apt-get satisfy "kubectl" -y \
+    && apt-get satisfy "helm" -y
+    # && apt-get clean \
+    # && rm -rf /var/lib/apt/lists/*
+
+# 8) 2.08GB
+
+ENV KUBELOGIN_VERSION="${ENV_KUBELOGIN_VERSION:-0.0.26}"
+RUN az aks install-cli --kubelogin-version "${KUBELOGIN_VERSION}"
+
+# 9) 2.17GB
+
+FROM deps-kube AS deps-yq
+
+ENV YQ_VERSION="${ENV_YQ_VERSION:-v4.30.6}"
+ENV YQ_BINARY="yq_linux_amd64"
+RUN wget https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/${YQ_BINARY}.tar.gz -O - | tar xz && mv ${YQ_BINARY} /usr/bin/yq
+
+# 10) 2.17GB
+
+# RUN whereis yq
+# RUN whereis kubectl
+# RUN whereis helm
+# RUN whereis git
+# RUN whereis node
+# RUN whereis npm
+# RUN whereis yarn
+# RUN whereis az
+# RUN whereis python3
+
+# FROM ghcr.io/actions/actions-runner:2.309.0 AS final
+FROM deps-yq AS final
+
+RUN apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+# USER root
+
+# COPY --from=deps-yq /usr/bin/yq /usr/bin/yq
+# COPY --from=deps-yq /usr/local/bin/kubectl /usr/local/bin/kubectl
+# COPY --from=deps-yq /usr/local/bin/kubelogin /usr/local/bin/kubelogin
+# COPY --from=deps-yq /usr/bin/helm /usr/bin/helm
+# COPY --from=deps-yq /usr/sbin/helm /usr/sbin/helm
+# COPY --from=deps-yq /usr/bin/git /usr/bin/git
+# COPY --from=deps-yq /usr/bin/yarn /usr/bin/yarn
+# COPY --from=deps-yq /usr/bin/npm /usr/bin/npm
+# COPY --from=deps-yq /usr/bin/node /usr/bin/node
+# COPY --from=deps-yq /usr/include/node /usr/include/node
+# COPY --from=deps-yq /usr/include/node /usr/include/node
+# COPY --from=deps-yq /usr/bin/az /usr/bin/az
+# COPY --from=deps-yq /opt/az/bin/az /opt/az/bin/az
+# COPY --from=deps-yq /usr/bin/python3 /usr/bin/python3
+# COPY --from=deps-yq /usr/lib/python3 /usr/lib/python3
+# COPY --from=deps-yq /etc/python3 /etc/python3
+# COPY --from=deps-yq /usr/share/python3 /usr/share/python3
+# COPY --from=deps-yq /opt/az/bin/python3 /opt/az/bin/python3
+
+COPY ./github-runner-entrypoint.sh ./entrypoint.sh
+RUN chmod +x ./entrypoint.sh
+
+USER runner
+# RUN mkdir -p /home/github
+# RUN chown -R github:github /home/github
+# RUN chown -R github:github /actions-runner
+
+ENTRYPOINT ["./entrypoint.sh"]