From f363ff94379a42d16577aef46bce255e761ebf5c Mon Sep 17 00:00:00 2001 From: Dedy Martadinata S Date: Thu, 28 Dec 2023 17:22:20 +0700 Subject: [PATCH] docker: Add a rootless container New images with "-rootless" tags will automatically get released on the docker registry. --- .github/workflows/Dockerfile.ci.alpine | 94 +-------------- .github/workflows/Dockerfile.ci.alpine-base | 84 +++++++++++++ .../workflows/Dockerfile.ci.alpine-rootless | 3 + .github/workflows/Dockerfile.ci.debian | 110 +++++------------- .github/workflows/Dockerfile.ci.debian-base | 79 +++++++++++++ .../workflows/Dockerfile.ci.debian-rootless | 3 + .github/workflows/docker-build-static.yml | 103 ++++++++++++++-- docker-entrypoint-rootless.sh | 20 ++++ 8 files changed, 318 insertions(+), 178 deletions(-) create mode 100644 .github/workflows/Dockerfile.ci.alpine-base create mode 100644 .github/workflows/Dockerfile.ci.alpine-rootless create mode 100644 .github/workflows/Dockerfile.ci.debian-base create mode 100644 .github/workflows/Dockerfile.ci.debian-rootless create mode 100755 docker-entrypoint-rootless.sh diff --git a/.github/workflows/Dockerfile.ci.alpine b/.github/workflows/Dockerfile.ci.alpine index 598645b..9d40d5e 100644 --- a/.github/workflows/Dockerfile.ci.alpine +++ b/.github/workflows/Dockerfile.ci.alpine @@ -1,72 +1,6 @@ -FROM debian:bullseye AS lldap -ARG DEBIAN_FRONTEND=noninteractive -ARG TARGETPLATFORM -RUN apt update && apt install -y wget -WORKDIR /dim -COPY bin/ bin/ -COPY web/ web/ - -RUN mkdir -p target/ -RUN mkdir -p /lldap/app - -RUN if [ "${TARGETPLATFORM}" = "linux/amd64" ]; then \ - mv bin/x86_64-unknown-linux-musl-lldap-bin/lldap target/lldap && \ - mv bin/x86_64-unknown-linux-musl-lldap_migration_tool-bin/lldap_migration_tool target/lldap_migration_tool && \ - mv bin/x86_64-unknown-linux-musl-lldap_set_password-bin/lldap_set_password target/lldap_set_password && \ - chmod +x target/lldap && \ - chmod +x target/lldap_migration_tool && \ - chmod +x target/lldap_set_password && \ - ls -la target/ . && \ - pwd \ - ; fi - -RUN if [ "${TARGETPLATFORM}" = "linux/arm64" ]; then \ - mv bin/aarch64-unknown-linux-musl-lldap-bin/lldap target/lldap && \ - mv bin/aarch64-unknown-linux-musl-lldap_migration_tool-bin/lldap_migration_tool target/lldap_migration_tool && \ - mv bin/aarch64-unknown-linux-musl-lldap_set_password-bin/lldap_set_password target/lldap_set_password && \ - chmod +x target/lldap && \ - chmod +x target/lldap_migration_tool && \ - chmod +x target/lldap_set_password && \ - ls -la target/ . && \ - pwd \ - ; fi - -RUN if [ "${TARGETPLATFORM}" = "linux/arm/v7" ]; then \ - mv bin/armv7-unknown-linux-musleabihf-lldap-bin/lldap target/lldap && \ - mv bin/armv7-unknown-linux-musleabihf-lldap_migration_tool-bin/lldap_migration_tool target/lldap_migration_tool && \ - mv bin/armv7-unknown-linux-musleabihf-lldap_set_password-bin/lldap_set_password target/lldap_set_password && \ - chmod +x target/lldap && \ - chmod +x target/lldap_migration_tool && \ - chmod +x target/lldap_set_password && \ - ls -la target/ . && \ - pwd \ - ; fi - -# Web and App dir -COPY docker-entrypoint.sh /docker-entrypoint.sh -COPY lldap_config.docker_template.toml /lldap/ -COPY web/index_local.html web/index.html -RUN cp target/lldap /lldap/ && \ - cp target/lldap_migration_tool /lldap/ && \ - cp target/lldap_set_password /lldap/ && \ - cp -R web/index.html \ - web/pkg \ - web/static \ - /lldap/app/ - -WORKDIR /lldap -RUN set -x \ - && for file in $(cat /lldap/app/static/libraries.txt); do wget -P app/static "$file"; done \ - && for file in $(cat /lldap/app/static/fonts/fonts.txt); do wget -P app/static/fonts "$file"; done \ - && chmod a+r -R . - -FROM alpine:3.16 -WORKDIR /app -ENV UID=1000 -ENV GID=1000 -ENV USER=lldap -ENV GOSU_VERSION 1.14 -# Fetch gosu from git +FROM localhost:5000/lldap/lldap:alpine-base +# Taken directly from https://github.com/tianon/gosu/blob/master/INSTALL.md +ENV GOSU_VERSION 1.17 RUN set -eux; \ \ apk add --no-cache --virtual .gosu-deps \ @@ -83,7 +17,7 @@ RUN set -eux; \ export GNUPGHOME="$(mktemp -d)"; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - command -v gpgconf && gpgconf --kill all || :; \ + gpgconf --kill all; \ rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ \ # clean up fetch dependencies @@ -93,22 +27,4 @@ RUN set -eux; \ # verify that the binary works gosu --version; \ gosu nobody true -RUN apk add --no-cache tini ca-certificates bash tzdata && \ - addgroup -g $GID $USER && \ - adduser \ - --disabled-password \ - --gecos "" \ - --home "$(pwd)" \ - --ingroup "$USER" \ - --no-create-home \ - --uid "$UID" \ - "$USER" && \ - mkdir -p /data && \ - chown $USER:$USER /data -COPY --from=lldap --chown=$USER:$USER /lldap /app -COPY --from=lldap --chown=$USER:$USER /docker-entrypoint.sh /docker-entrypoint.sh -VOLUME ["/data"] -WORKDIR /app -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] -CMD ["run", "--config-file", "/data/lldap_config.toml"] -HEALTHCHECK CMD ["/app/lldap", "healthcheck", "--config-file", "/data/lldap_config.toml"] +COPY --chown=$USER:$USER docker-entrypoint.sh /docker-entrypoint.sh diff --git a/.github/workflows/Dockerfile.ci.alpine-base b/.github/workflows/Dockerfile.ci.alpine-base new file mode 100644 index 0000000..ecf2b95 --- /dev/null +++ b/.github/workflows/Dockerfile.ci.alpine-base @@ -0,0 +1,84 @@ +FROM debian:bullseye AS lldap +ARG DEBIAN_FRONTEND=noninteractive +ARG TARGETPLATFORM +RUN apt update && apt install -y wget +WORKDIR /dim +COPY bin/ bin/ +COPY web/ web/ + +RUN mkdir -p target/ +RUN mkdir -p /lldap/app + +RUN if [ "${TARGETPLATFORM}" = "linux/amd64" ]; then \ + mv bin/x86_64-unknown-linux-musl-lldap-bin/lldap target/lldap && \ + mv bin/x86_64-unknown-linux-musl-lldap_migration_tool-bin/lldap_migration_tool target/lldap_migration_tool && \ + mv bin/x86_64-unknown-linux-musl-lldap_set_password-bin/lldap_set_password target/lldap_set_password && \ + chmod +x target/lldap && \ + chmod +x target/lldap_migration_tool && \ + chmod +x target/lldap_set_password && \ + ls -la target/ . && \ + pwd \ + ; fi + +RUN if [ "${TARGETPLATFORM}" = "linux/arm64" ]; then \ + mv bin/aarch64-unknown-linux-musl-lldap-bin/lldap target/lldap && \ + mv bin/aarch64-unknown-linux-musl-lldap_migration_tool-bin/lldap_migration_tool target/lldap_migration_tool && \ + mv bin/aarch64-unknown-linux-musl-lldap_set_password-bin/lldap_set_password target/lldap_set_password && \ + chmod +x target/lldap && \ + chmod +x target/lldap_migration_tool && \ + chmod +x target/lldap_set_password && \ + ls -la target/ . && \ + pwd \ + ; fi + +RUN if [ "${TARGETPLATFORM}" = "linux/arm/v7" ]; then \ + mv bin/armv7-unknown-linux-musleabihf-lldap-bin/lldap target/lldap && \ + mv bin/armv7-unknown-linux-musleabihf-lldap_migration_tool-bin/lldap_migration_tool target/lldap_migration_tool && \ + mv bin/armv7-unknown-linux-musleabihf-lldap_set_password-bin/lldap_set_password target/lldap_set_password && \ + chmod +x target/lldap && \ + chmod +x target/lldap_migration_tool && \ + chmod +x target/lldap_set_password && \ + ls -la target/ . && \ + pwd \ + ; fi + +# Web and App dir +COPY lldap_config.docker_template.toml /lldap/ +COPY web/index_local.html web/index.html +RUN cp target/lldap /lldap/ && \ + cp target/lldap_migration_tool /lldap/ && \ + cp target/lldap_set_password /lldap/ && \ + cp -R web/index.html \ + web/pkg \ + web/static \ + /lldap/app/ + +WORKDIR /lldap +RUN set -x \ + && for file in $(cat /lldap/app/static/libraries.txt); do wget -P app/static "$file"; done \ + && for file in $(cat /lldap/app/static/fonts/fonts.txt); do wget -P app/static/fonts "$file"; done \ + && chmod a+r -R . + +FROM alpine:3.16 +WORKDIR /app +ENV UID=1000 +ENV GID=1000 +ENV USER=lldap +RUN apk add --no-cache tini ca-certificates bash tzdata && \ + addgroup -g $GID $USER && \ + adduser \ + --disabled-password \ + --gecos "" \ + --home "$(pwd)" \ + --ingroup "$USER" \ + --no-create-home \ + --uid "$UID" \ + "$USER" && \ + mkdir -p /data && \ + chown $USER:$USER /data +COPY --from=lldap --chown=$USER:$USER /lldap /app +VOLUME ["/data"] +HEALTHCHECK CMD ["/app/lldap", "healthcheck", "--config-file", "/data/lldap_config.toml"] +WORKDIR /app +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] +CMD ["run", "--config-file", "/data/lldap_config.toml"] diff --git a/.github/workflows/Dockerfile.ci.alpine-rootless b/.github/workflows/Dockerfile.ci.alpine-rootless new file mode 100644 index 0000000..649799e --- /dev/null +++ b/.github/workflows/Dockerfile.ci.alpine-rootless @@ -0,0 +1,3 @@ +FROM localhost:5000/lldap/lldap:alpine-base +COPY --chown=$USER:$USER docker-entrypoint-rootless.sh /docker-entrypoint.sh +USER $USER \ No newline at end of file diff --git a/.github/workflows/Dockerfile.ci.debian b/.github/workflows/Dockerfile.ci.debian index f8cf86d..107c310 100644 --- a/.github/workflows/Dockerfile.ci.debian +++ b/.github/workflows/Dockerfile.ci.debian @@ -1,79 +1,31 @@ -FROM debian:bullseye AS lldap -ARG DEBIAN_FRONTEND=noninteractive -ARG TARGETPLATFORM -RUN apt update && apt install -y wget -WORKDIR /dim -COPY bin/ bin/ -COPY web/ web/ - -RUN mkdir -p target/ -RUN mkdir -p /lldap/app - -RUN if [ "${TARGETPLATFORM}" = "linux/amd64" ]; then \ - mv bin/x86_64-unknown-linux-musl-lldap-bin/lldap target/lldap && \ - mv bin/x86_64-unknown-linux-musl-lldap_migration_tool-bin/lldap_migration_tool target/lldap_migration_tool && \ - mv bin/x86_64-unknown-linux-musl-lldap_set_password-bin/lldap_set_password target/lldap_set_password && \ - chmod +x target/lldap && \ - chmod +x target/lldap_migration_tool && \ - chmod +x target/lldap_set_password && \ - ls -la target/ . && \ - pwd \ - ; fi - -RUN if [ "${TARGETPLATFORM}" = "linux/arm64" ]; then \ - mv bin/aarch64-unknown-linux-musl-lldap-bin/lldap target/lldap && \ - mv bin/aarch64-unknown-linux-musl-lldap_migration_tool-bin/lldap_migration_tool target/lldap_migration_tool && \ - mv bin/aarch64-unknown-linux-musl-lldap_set_password-bin/lldap_set_password target/lldap_set_password && \ - chmod +x target/lldap && \ - chmod +x target/lldap_migration_tool && \ - chmod +x target/lldap_set_password && \ - ls -la target/ . && \ - pwd \ - ; fi - -RUN if [ "${TARGETPLATFORM}" = "linux/arm/v7" ]; then \ - mv bin/armv7-unknown-linux-musleabihf-lldap-bin/lldap target/lldap && \ - mv bin/armv7-unknown-linux-musleabihf-lldap_migration_tool-bin/lldap_migration_tool target/lldap_migration_tool && \ - mv bin/armv7-unknown-linux-musleabihf-lldap_set_password-bin/lldap_set_password target/lldap_set_password && \ - chmod +x target/lldap && \ - chmod +x target/lldap_migration_tool && \ - chmod +x target/lldap_set_password && \ - ls -la target/ . && \ - pwd \ - ; fi - -# Web and App dir -COPY docker-entrypoint.sh /docker-entrypoint.sh -COPY lldap_config.docker_template.toml /lldap/ -COPY web/index_local.html web/index.html -RUN cp target/lldap /lldap/ && \ - cp target/lldap_migration_tool /lldap/ && \ - cp target/lldap_set_password /lldap/ && \ - cp -R web/index.html \ - web/pkg \ - web/static \ - /lldap/app/ - -WORKDIR /lldap -RUN set -x \ - && for file in $(cat /lldap/app/static/libraries.txt); do wget -P app/static "$file"; done \ - && for file in $(cat /lldap/app/static/fonts/fonts.txt); do wget -P app/static/fonts "$file"; done \ - && chmod a+r -R . - -FROM debian:bullseye-slim -ENV UID=1000 -ENV GID=1000 -ENV USER=lldap -RUN apt update && \ - apt install -y --no-install-recommends tini openssl ca-certificates gosu tzdata && \ - apt clean && \ - rm -rf /var/lib/apt/lists/* && \ - groupadd -g $GID $USER && useradd --system -m -g $USER --uid $UID $USER && \ - mkdir -p /data && chown $USER:$USER /data -COPY --from=lldap --chown=$USER:$USER /lldap /app -COPY --from=lldap --chown=$USER:$USER /docker-entrypoint.sh /docker-entrypoint.sh -VOLUME ["/data"] -WORKDIR /app -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] -CMD ["run", "--config-file", "/data/lldap_config.toml"] -HEALTHCHECK CMD ["/app/lldap", "healthcheck", "--config-file", "/data/lldap_config.toml"] +FROM localhost:5000/lldap/lldap:debian-base +# Taken directly from https://github.com/tianon/gosu/blob/master/INSTALL.md +ENV GOSU_VERSION 1.17 +RUN set -eux; \ +# save list of currently installed packages for later so we can clean up + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates gnupg wget; \ + rm -rf /var/lib/apt/lists/*; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true +COPY --chown=$USER:$USER docker-entrypoint.sh /docker-entrypoint.sh diff --git a/.github/workflows/Dockerfile.ci.debian-base b/.github/workflows/Dockerfile.ci.debian-base new file mode 100644 index 0000000..dc9afde --- /dev/null +++ b/.github/workflows/Dockerfile.ci.debian-base @@ -0,0 +1,79 @@ +FROM debian:bullseye AS lldap +ARG DEBIAN_FRONTEND=noninteractive +ARG TARGETPLATFORM +RUN apt update && apt install -y wget +WORKDIR /dim +COPY bin/ bin/ +COPY web/ web/ + +RUN mkdir -p target/ +RUN mkdir -p /lldap/app + +RUN if [ "${TARGETPLATFORM}" = "linux/amd64" ]; then \ + mv bin/x86_64-unknown-linux-musl-lldap-bin/lldap target/lldap && \ + mv bin/x86_64-unknown-linux-musl-lldap_migration_tool-bin/lldap_migration_tool target/lldap_migration_tool && \ + mv bin/x86_64-unknown-linux-musl-lldap_set_password-bin/lldap_set_password target/lldap_set_password && \ + chmod +x target/lldap && \ + chmod +x target/lldap_migration_tool && \ + chmod +x target/lldap_set_password && \ + ls -la target/ . && \ + pwd \ + ; fi + +RUN if [ "${TARGETPLATFORM}" = "linux/arm64" ]; then \ + mv bin/aarch64-unknown-linux-musl-lldap-bin/lldap target/lldap && \ + mv bin/aarch64-unknown-linux-musl-lldap_migration_tool-bin/lldap_migration_tool target/lldap_migration_tool && \ + mv bin/aarch64-unknown-linux-musl-lldap_set_password-bin/lldap_set_password target/lldap_set_password && \ + chmod +x target/lldap && \ + chmod +x target/lldap_migration_tool && \ + chmod +x target/lldap_set_password && \ + ls -la target/ . && \ + pwd \ + ; fi + +RUN if [ "${TARGETPLATFORM}" = "linux/arm/v7" ]; then \ + mv bin/armv7-unknown-linux-musleabihf-lldap-bin/lldap target/lldap && \ + mv bin/armv7-unknown-linux-musleabihf-lldap_migration_tool-bin/lldap_migration_tool target/lldap_migration_tool && \ + mv bin/armv7-unknown-linux-musleabihf-lldap_set_password-bin/lldap_set_password target/lldap_set_password && \ + chmod +x target/lldap && \ + chmod +x target/lldap_migration_tool && \ + chmod +x target/lldap_set_password && \ + ls -la target/ . && \ + pwd \ + ; fi + +# Web and App dir +COPY docker-entrypoint.sh /docker-entrypoint.sh +COPY lldap_config.docker_template.toml /lldap/ +COPY web/index_local.html web/index.html +RUN cp target/lldap /lldap/ && \ + cp target/lldap_migration_tool /lldap/ && \ + cp target/lldap_set_password /lldap/ && \ + cp -R web/index.html \ + web/pkg \ + web/static \ + /lldap/app/ + +WORKDIR /lldap +RUN set -x \ + && for file in $(cat /lldap/app/static/libraries.txt); do wget -P app/static "$file"; done \ + && for file in $(cat /lldap/app/static/fonts/fonts.txt); do wget -P app/static/fonts "$file"; done \ + && chmod a+r -R . + +FROM debian:bullseye-slim +ENV UID=1000 +ENV GID=1000 +ENV USER=lldap +RUN apt update && \ + apt install -y --no-install-recommends tini openssl ca-certificates tzdata && \ + apt clean && \ + rm -rf /var/lib/apt/lists/* && \ + groupadd -g $GID $USER && useradd --system -m -g $USER --uid $UID $USER && \ + mkdir -p /data && chown $USER:$USER /data +COPY --from=lldap --chown=$USER:$USER /lldap /app +COPY --from=lldap --chown=$USER:$USER /docker-entrypoint.sh /docker-entrypoint.sh +VOLUME ["/data"] +WORKDIR /app +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] +CMD ["run", "--config-file", "/data/lldap_config.toml"] +HEALTHCHECK CMD ["/app/lldap", "healthcheck", "--config-file", "/data/lldap_config.toml"] diff --git a/.github/workflows/Dockerfile.ci.debian-rootless b/.github/workflows/Dockerfile.ci.debian-rootless new file mode 100644 index 0000000..e2b8929 --- /dev/null +++ b/.github/workflows/Dockerfile.ci.debian-rootless @@ -0,0 +1,3 @@ +FROM localhost:5000/lldap/lldap:debian-base +COPY --chown=$USER:$USER docker-entrypoint-rootless.sh /docker-entrypoint.sh +USER $USER \ No newline at end of file diff --git a/.github/workflows/docker-build-static.yml b/.github/workflows/docker-build-static.yml index e39c91f..317ba16 100644 --- a/.github/workflows/docker-build-static.yml +++ b/.github/workflows/docker-build-static.yml @@ -434,6 +434,9 @@ jobs: - name: Test Dummy User MySQL run: ldapsearch -H ldap://localhost:3893 -LLL -D "uid=dummyuser,ou=people,dc=example,dc=com" -w 'dummypassword' -s "One" -b "ou=people,dc=example,dc=com" +######################################## +#### BUILD BASE IMAGE ################## +######################################## build-docker-image: needs: [build-ui, build-bin] name: Build Docker image @@ -443,7 +446,7 @@ jobs: container: ["debian","alpine"] include: - container: alpine - platforms: linux/amd64,linux/arm64 + platforms: linux/amd64,linux/arm64,linux/arm/v7 tags: | type=ref,event=pr type=semver,pattern=v{{version}} @@ -468,13 +471,19 @@ jobs: type=raw,value=latest,enable={{ is_default_branch }} type=raw,value=stable,enable=${{ startsWith(github.ref, 'refs/tags/v') }} type=raw,value={{ date 'YYYY-MM-DD' }},enable={{ is_default_branch }} - + services: + registry: + image: registry:2 + ports: + - 5000:5000 permissions: contents: read packages: write + steps: - name: Checkout repository uses: actions/checkout@v4.1.1 + - name: Download all artifacts uses: actions/download-artifact@v4 with: @@ -488,10 +497,41 @@ jobs: - name: Setup QEMU uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 + - name: Setup buildx + uses: docker/setup-buildx-action@v3 + with: + driver-opts: network=host + + - name: Docker ${{ matrix.container }} Base meta + id: meta-base + uses: docker/metadata-action@v5 + with: + # list of Docker images to use as base name for tags + images: | + localhost:5000/lldap/lldap + tags: ${{ matrix.container }}-base + + - name: Build ${{ matrix.container }} Base Docker Image + uses: docker/build-push-action@v5 + with: + context: . + # On PR will fail, force fully uncomment push: true, or docker image will fail for next steps + #push: ${{ github.event_name != 'pull_request' }} + push: true + platforms: ${{ matrix.platforms }} + file: ./.github/workflows/Dockerfile.ci.${{ matrix.container }}-base + tags: | + ${{ steps.meta-base.outputs.tags }} + labels: ${{ steps.meta-base.outputs.labels }} + cache-from: type=gha,mode=max + cache-to: type=gha,mode=max + +##################################### +#### build variants docker image #### +##################################### - name: Docker ${{ matrix.container }} meta - id: meta + id: meta-standard uses: docker/metadata-action@v5 with: # list of Docker images to use as base name for tags @@ -523,6 +563,39 @@ jobs: suffix=-${{ matrix.container }} tags: ${{ matrix.tags }} + - name: Docker ${{ matrix.container }}-rootless meta + id: meta-rootless + uses: docker/metadata-action@v5 + with: + # list of Docker images to use as base name for tags + images: | + nitnelave/lldap + lldap/lldap + ghcr.io/lldap/lldap + # Wanted Docker tags + # vX-alpine + # vX.Y-alpine + # vX.Y.Z-alpine + # latest + # latest-alpine + # stable + # stable-alpine + # YYYY-MM-DD + # YYYY-MM-DD-alpine + ################# + # vX-debian + # vX.Y-debian + # vX.Y.Z-debian + # latest-debian + # stable-debian + # YYYY-MM-DD-debian + ################# + # Check matrix for tag list definition + flavor: | + latest=false + suffix=-${{ matrix.container }}-rootless + tags: ${{ matrix.tags }} + # Docker login to nitnelave/lldap and lldap/lldap - name: Login to Nitnelave/LLDAP Docker Hub if: github.event_name != 'pull_request' @@ -539,10 +612,6 @@ jobs: username: nitnelave password: ${{ secrets.GITHUB_TOKEN }} - -######################################## -#### docker image build #### -######################################## - name: Build ${{ matrix.container }} Docker Image uses: docker/build-push-action@v5 with: @@ -551,8 +620,22 @@ jobs: platforms: ${{ matrix.platforms }} file: ./.github/workflows/Dockerfile.ci.${{ matrix.container }} tags: | - ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} + ${{ steps.meta-standard.outputs.tags }} + labels: ${{ steps.meta-standard.outputs.labels }} + cache-from: type=gha,mode=max + cache-to: type=gha,mode=max + + + - name: Build ${{ matrix.container }}-rootless Docker Image + uses: docker/build-push-action@v5 + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + platforms: ${{ matrix.platforms }} + file: ./.github/workflows/Dockerfile.ci.${{ matrix.container }}-rootless + tags: | + ${{ steps.meta-rootless.outputs.tags }} + labels: ${{ steps.meta-rootless.outputs.labels }} cache-from: type=gha,mode=max cache-to: type=gha,mode=max diff --git a/docker-entrypoint-rootless.sh b/docker-entrypoint-rootless.sh new file mode 100755 index 0000000..33dec34 --- /dev/null +++ b/docker-entrypoint-rootless.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash +set -euo pipefail + +CONFIG_FILE=/data/lldap_config.toml + +if [ ! -f "$CONFIG_FILE" ]; then + echo "[entrypoint] Copying the default config to $CONFIG_FILE" + echo "[entrypoint] Edit this $CONFIG_FILE to configure LLDAP." + if cp /app/lldap_config.docker_template.toml $CONFIG_FILE; then + echo "Configuration copied successfully." + else + echo "Fail to copy configuration, check permission on /data or manually create one by copying from LLDAP repository" + exit 1 + fi +fi + +echo "> Starting lldap.." +echo "" +exec /app/lldap "$@" +exec "$@"