Merge pull request #4 from StatCan/add-dockerfile-and-workflow

Add dockerfile and workflow
StatCan · Jul 18, 2024 · ecc5000 · ecc5000
2 parents f7ea803 + 1109e13
commit ecc5000
Show file tree

Hide file tree

Showing 46 changed files with 2,698 additions and 57 deletions.
diff --git a/.github/workflows/build-push.yaml b/.github/workflows/build-push.yaml
@@ -0,0 +1,69 @@
+name: build-and-push
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    types:
+      - 'opened'
+      - 'synchronize'
+      - 'reopened'
+
+env:
+  REGISTRY_NAME: k8scc01covidacr
+  TRIVY_VERSION: "v0.43.1"
+  HADOLINT_VERSION: "2.12.0"
+jobs:
+  build-push:
+    runs-on: ubuntu-latest
+    services:
+      registry:
+        image: registry:2
+        ports:
+          - 5000:5000
+    steps:
+    - uses: actions/checkout@v4
+
+    # Push image to ACR
+    # Pushes if this is a push to master or an update to a PR that has auto-deploy label
+    - name: Test if we should push to ACR
+      id: should-i-push
+      if: |
+        github.event_name == 'push' ||
+        (
+          github.event_name == 'pull_request' &&
+          contains( github.event.pull_request.labels.*.name, 'auto-deploy')
+        )
+      run: echo "::set-output name=boolean::true"
+
+    # Connect to Azure Container registry (ACR)
+    - uses: azure/docker-login@v1
+      with:
+        login-server: ${{ env.REGISTRY_NAME }}.azurecr.io
+        username: ${{ secrets.REGISTRY_USERNAME }}
+        password: ${{ secrets.REGISTRY_PASSWORD }}
+
+    - name: Run Hadolint
+      run:  |
+        sudo curl -L https://github.com/hadolint/hadolint/releases/download/v${{ env.HADOLINT_VERSION }}/hadolint-Linux-x86_64 --output hadolint
+        sudo chmod +x hadolint
+        ./hadolint ./Dockerfile --no-fail
+    
+    - name: Build image locally
+      run: |
+        docker build -f Dockerfile -t localhost:5000/mfcp-proxy-goofys-multi-inc:${{ github.sha }} .
+        docker push localhost:5000/mfcp-proxy-goofys-multi-inc:${{ github.sha }}
+        docker image prune
+    
+    - name: Aqua Security Trivy image scan
+      run: |
+        curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin ${{ env.TRIVY_VERSION }}
+        trivy image localhost:5000/mfcp-proxy-goofys-multi-inc:${{ github.sha }} --exit-code 1 --timeout=20m --security-checks vuln --severity CRITICAL
+
+    # Container build and push to a Azure Container registry (ACR)
+    - name: Push to ACR if necessary
+      if: steps.should-i-push.outputs.boolean == 'true'
+      run: |
+        docker pull localhost:5000/mfcp-proxy-goofys-multi-inc:${{ github.sha }}
+        docker tag localhost:5000/mfcp-proxy-goofys-multi-inc:${{ github.sha }} ${{ env.REGISTRY_NAME }}.azurecr.io/mfcp-proxy-goofys-multi-inc:${{ github.sha }}
+        docker push ${{ env.REGISTRY_NAME }}.azurecr.io/mfcp-proxy-goofys-multi-inc:${{ github.sha }}
diff --git a/.travis.yml b/.travis.yml
@@ -10,7 +10,7 @@ install:
 script: travis_retry ./test/run-tests.sh GoofysTest
 go:
   - 1.16
-go_import_path: github.com/kahing/goofys
+go_import_path: github.com/StatCan/goofys
 matrix:
   include:
     - name: "S3Proxy"

diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,40 @@
+FROM golang:1.20.7 as fusermount3-proxy-builder
+
+WORKDIR /meta-fuse-csi-plugin
+ADD ./meta-fuse-csi-plugin .
+# Builds the meta-fuse-csi-plugin app
+RUN make fusermount3-proxy BINDIR=/bin
+
+FROM golang:1.20.7 as goofys-builder
+
+WORKDIR /goofys
+ADD . .
+# Builds the goofys app
+RUN make build
+
+FROM ubuntu:22.04
+
+RUN apt update && apt upgrade -y
+RUN apt install -y ca-certificates wget libfuse2 fuse3
+
+# prepare for MinIO
+RUN wget https://dl.min.io/client/mc/release/linux-amd64/mc -O /usr/bin/mc && chmod +x /usr/bin/mc
+
+COPY <<EOF /test.txt
+This is a test file for minio
+EOF
+
+COPY <<EOF /configure_minio.sh
+#!/bin/bash
+set -eux
+/usr/bin/mc alias set k8s-minio-dev http://localhost:9000 minioadmin minioadmin
+/usr/bin/mc mb k8s-minio-dev/test-bucket
+/usr/bin/mc cp /test.txt k8s-minio-dev/test-bucket
+EOF
+RUN chmod +x /configure_minio.sh
+
+#Get goofys build from first step
+COPY --from=goofys-builder /goofys/goofys .
+
+COPY --from=fusermount3-proxy-builder /bin/fusermount3-proxy /bin/fusermount3
+RUN ln -sf /bin/fusermount3 /bin/fusermount
diff --git a/README-azure.md b/README-azure.md
@@ -52,7 +52,7 @@ $ $GOPATH/bin/goofys adl://servicename.azuredatalakestore.net:prefix <mountpoint
 
 # Azure Data Lake Storage Gen2
 
-Configure your credentials the same way as [Azure Blob Storage](https://github.com/kahing/goofys/blob/master/README-azure.md#azure-blob-storage) above, and then:
+Configure your credentials the same way as [Azure Blob Storage](https://github.com/StatCan/goofys/blob/master/README-azure.md#azure-blob-storage) above, and then:
 
 ```ShellSession
 $ $GOPATH/bin/goofys abfs://container <mountpoint>

diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
 <img src="doc/goofys.png" height="32" width="32" align="middle" /> Goofys is a high-performance, POSIX-ish [Amazon S3](https://aws.amazon.com/s3/) file system written in Go
 
-[![Build Status](https://travis-ci.org/kahing/goofys.svg?branch=master)](https://travis-ci.org/kahing/goofys)
-[![Github All Releases](https://img.shields.io/github/downloads/kahing/goofys/total.svg)](https://github.com/kahing/goofys/releases/)
+[![Build Status](https://travis-ci.org/StatCan/goofys.svg?branch=master)](https://travis-ci.org/StatCan/goofys)
+[![Github All Releases](https://img.shields.io/github/downloads/StatCan/goofys/total.svg)](https://github.com/StatCan/goofys/releases/)
 [![Twitter Follow](https://img.shields.io/twitter/follow/s3goofys.svg?style=social&label=Follow)](https://twitter.com/s3goofys)
 [![Stack Overflow Questions](https://img.shields.io/stackexchange/stackoverflow/t/goofys?label=Stack%20Overflow%20questions)](https://stackoverflow.com/search?q=%5Bgoofys%5D+is%3Aquestion)
 
@@ -14,12 +14,12 @@ for performance first and POSIX second. Particularly things that are
 difficult to support on S3 or would translate into more than one
 round-trip would either fail (random writes) or faked (no per-file
 permission). Goofys does not have an on disk data cache (checkout
-[catfs](https://github.com/kahing/catfs)), and consistency model is
+[catfs](https://github.com/StatCan/catfs)), and consistency model is
 close-to-open.
 
 # Installation
 
-* On Linux, install via [pre-built binaries](https://github.com/kahing/goofys/releases/latest/download/goofys). 
+* On Linux, install via [pre-built binaries](https://github.com/StatCan/goofys/releases/latest/download/goofys). 
 You may also need to install fuse too if you want to mount it on startup.
 
 * On macOS, install via [Homebrew](https://brew.sh/):
@@ -33,8 +33,8 @@ $ brew install goofys
 
 ```ShellSession
 $ export GOPATH=$HOME/work
-$ go get github.com/kahing/goofys
-$ go install github.com/kahing/goofys
+$ go get github.com/StatCan/goofys
+$ go install github.com/StatCan/goofys
 ```
 
 # Usage
@@ -59,28 +59,28 @@ configured for `root`, and can add this to `/etc/fstab`:
 goofys#bucket   /mnt/mountpoint        fuse     _netdev,allow_other,--file-mode=0666,--dir-mode=0777    0       0
 ```
 
-See also: [Instruction for Azure Blob Storage, Azure Data Lake Gen1, and Azure Data Lake Gen2](https://github.com/kahing/goofys/blob/master/README-azure.md).
+See also: [Instruction for Azure Blob Storage, Azure Data Lake Gen1, and Azure Data Lake Gen2](https://github.com/StatCan/goofys/blob/master/README-azure.md).
 
-Got more questions? Check out [questions other people asked](https://github.com/kahing/goofys/issues?utf8=%E2%9C%93&q=is%3Aissue%20label%3Aquestion%20)
+Got more questions? Check out [questions other people asked](https://github.com/StatCan/goofys/issues?utf8=%E2%9C%93&q=is%3Aissue%20label%3Aquestion%20)
 
 # Benchmark
 
 Using `--stat-cache-ttl 1s --type-cache-ttl 1s` for goofys
 `-ostat_cache_expire=1` for s3fs to simulate cold runs. Detail for the
 benchmark can be found in
-[bench.sh](https://github.com/kahing/goofys/blob/master/bench/bench.sh). [Raw data](https://github.com/kahing/goofys/blob/master/bench/)
+[bench.sh](https://github.com/StatCan/goofys/blob/master/bench/bench.sh). [Raw data](https://github.com/StatCan/goofys/blob/master/bench/)
 is available as well. The test was run on an EC2 m5.4xlarge in us-west-2a
 connected to a bucket in us-west-2. Units are seconds.
 
 ![Benchmark result](/bench/bench.png?raw=true "Benchmark")
 
 To run the benchmark, configure EC2's instance role to be able to write to `$TESTBUCKET`, and then do:
 ```ShellSession
-$ sudo docker run -e BUCKET=$TESTBUCKET -e CACHE=false --rm --privileged --net=host -v /tmp/cache:/tmp/cache kahing/goofys-bench
+$ sudo docker run -e BUCKET=$TESTBUCKET -e CACHE=false --rm --privileged --net=host -v /tmp/cache:/tmp/cache StatCan/goofys-bench
 # result will be written to $TESTBUCKET
 ```
 
-See also: [cached benchmark result](https://github.com/kahing/goofys/blob/master/bench/cache/README.md) and [result on Azure](https://github.com/kahing/goofys/blob/master/bench/azure/README.md).
+See also: [cached benchmark result](https://github.com/StatCan/goofys/blob/master/bench/cache/README.md) and [result on Azure](https://github.com/StatCan/goofys/blob/master/bench/azure/README.md).
 
 # License
 
@@ -128,7 +128,7 @@ Additionally, goofys also works with the following non-S3 object stores:
   * Data is stored on [Amazon S3](https://aws.amazon.com/s3/)
   * [Amazon SDK for Go](https://github.com/aws/aws-sdk-go)
   * Other related fuse filesystems
-    * [catfs](https://github.com/kahing/catfs): caching layer that can be used with goofys
+    * [catfs](https://github.com/StatCan/catfs): caching layer that can be used with goofys
     * [s3fs](https://github.com/s3fs-fuse/s3fs-fuse): another popular filesystem for S3
     * [gcsfuse](https://github.com/googlecloudplatform/gcsfuse):
       filesystem for

diff --git a/api/api.go b/api/api.go
@@ -1,8 +1,8 @@
 package goofys
 
 import (
-	. "github.com/kahing/goofys/api/common"
-	"github.com/kahing/goofys/internal"
+	. "github.com/StatCan/goofys/api/common"
+	"github.com/StatCan/goofys/internal"
 
 	"context"
 	"fmt"

diff --git a/bench/Dockerfile b/bench/Dockerfile
@@ -30,8 +30,8 @@ RUN curl -L -O https://github.com/kahing/catfs/releases/download/v0.8.0/catfs &&
 # ideally I want to clear out all the go deps too but there's no
 # way to do that with ADD
 ENV PATH=$PATH:/root/go/bin
-ADD . /root/go/src/github.com/kahing/goofys
-WORKDIR /root/go/src/github.com/kahing/goofys
+ADD . /root/go/src/github.com/StatCan/goofys
+WORKDIR /root/go/src/github.com/StatCan/goofys
 RUN go get . && make install
 
-ENTRYPOINT ["/root/go/src/github.com/kahing/goofys/bench/run_bench.sh"]
+ENTRYPOINT ["/root/go/src/github.com/StatCan/goofys/bench/run_bench.sh"]
diff --git a/bench/Dockerfile.azure b/bench/Dockerfile.azure
@@ -31,8 +31,8 @@ RUN curl -L -O https://github.com/kahing/catfs/releases/download/v0.8.0/catfs &&
 # ideally I want to clear out all the go deps too but there's no
 # way to do that with ADD
 ENV PATH=$PATH:/root/go/bin
-ADD . /root/go/src/github.com/kahing/goofys
-WORKDIR /root/go/src/github.com/kahing/goofys
+ADD . /root/go/src/github.com/StatCan/goofys
+WORKDIR /root/go/src/github.com/StatCan/goofys
 RUN go get . && make install
 
-ENTRYPOINT ["/root/go/src/github.com/kahing/goofys/bench/run_bench.sh"]
+ENTRYPOINT ["/root/go/src/github.com/StatCan/goofys/bench/run_bench.sh"]
diff --git a/bench/Dockerfile.gcs b/bench/Dockerfile.gcs
@@ -1,7 +1,7 @@
 FROM golang:1.14 AS goofys-builder
 
 # install goofys
-WORKDIR $GOPATH/src/github.com/kahing/goofys
+WORKDIR $GOPATH/src/github.com/StatCan/goofys
 
 COPY . .
 
@@ -33,12 +33,12 @@ RUN pip install numpy
 ENV PATH=$PATH:/root/go/bin
 
 # copy go binaries
-COPY --from=goofys-builder /go/src/github.com/kahing/goofys/goofys /root/go/bin/goofys
+COPY --from=goofys-builder /go/src/github.com/StatCan/goofys/goofys /root/go/bin/goofys
 COPY --from=goofys-builder /go/bin/gcsfuse /root/go/bin/gcsfuse
 
-WORKDIR /root/go/src/github.com/kahing/goofys
+WORKDIR /root/go/src/github.com/StatCan/goofys
 
 # copy bench scripts
 COPY bench bench
 
-ENTRYPOINT ["/root/go/src/github.com/kahing/goofys/bench/run_bench.sh"]
+ENTRYPOINT ["/root/go/src/github.com/StatCan/goofys/bench/run_bench.sh"]
diff --git a/bench/azure/README.md b/bench/azure/README.md
@@ -8,6 +8,6 @@ To run the benchmark, do:
 ```ShellSession
 $ export AZURE_STORAGE_ACCOUNT=myaccount
 $ export AZURE_STORAGE_KEY=STORAGE-ACCESS-KEY
-$ sudo docker run -e BUCKET=$TESTBUCKET -e AZURE_STORAGE_ACCOUNT=$AZURE_STORAGE_ACCOUNT -e AZURE_STORAGE_KEY=$AZURE_STORAGE_KEY --rm --privileged --net=host -v /mnt/cache:/tmp/cache kahing/goofys-bench:azure-latest
+$ sudo docker run -e BUCKET=$TESTBUCKET -e AZURE_STORAGE_ACCOUNT=$AZURE_STORAGE_ACCOUNT -e AZURE_STORAGE_KEY=$AZURE_STORAGE_KEY --rm --privileged --net=host -v /mnt/cache:/tmp/cache StatCan/goofys-bench:azure-latest
 # result will be written to $TESTBUCKET
 ```
diff --git a/bench/cache/README.md b/bench/cache/README.md
@@ -11,6 +11,6 @@ To run the benchmark, configure EC2's instance role to be able to write to `$TES
 ```ShellSession
 $ export AWS_ACCESS_KEY_ID=AKID1234567890
 $ export AWS_SECRET_ACCESS_KEY=MY-SECRET-KEY
-$ sudo docker run -e BUCKET=$TESTBUCKET -e CACHE=true --rm --privileged --net=host -v /tmp/cache:/tmp/cache kahing/goofys-bench
+$ sudo docker run -e BUCKET=$TESTBUCKET -e CACHE=true --rm --privileged --net=host -v /tmp/cache:/tmp/cache StatCan/goofys-bench
 # result will be written to $TESTBUCKET
 ```
diff --git a/example/test_api.go b/example/test_api.go
@@ -1,11 +1,11 @@
 package main
 
 import (
-	goofys "github.com/kahing/goofys/api"
-	common "github.com/kahing/goofys/api/common"
+	goofys "github.com/StatCan/goofys/api"
+	common "github.com/StatCan/goofys/api/common"
 
-	"fmt"
 	"context"
+	"fmt"
 )
 
 func main() {

diff --git a/go.mod b/go.mod
@@ -1,4 +1,4 @@
-module github.com/kahing/goofys
+module github.com/StatCan/goofys
 
 go 1.14
 

diff --git a/go.work b/go.work
@@ -0,0 +1,6 @@
+go 1.20
+
+use (
+	.
+	./meta-fuse-csi-plugin
+)