From aa6d76aeb457cfd6e021d1cc3746cbe179838163 Mon Sep 17 00:00:00 2001 From: Giles Knap Date: Thu, 25 Jul 2024 15:28:08 +0100 Subject: [PATCH 1/4] add GitHub Actions --- .github/dependabot.yml | 8 ++++ .github/workflows/build.yml | 89 +++++++++++++++++++++++++++++++++++++ Dockerfile | 1 + 3 files changed, 98 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/build.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..b9e8b67 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,8 @@ +# Look for updates to python and docker dependencies. + +version: 2 +updates: + - package-ecosystem: "docker" + directory: "/" + schedule: + interval: "daily" diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..659f168 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,89 @@ +name: Build and publish image to ghcr.io/epics-containers + +on: + push: + pull_request: + +jobs: + build: + # pull requests are a duplicate of a branch push if within the same repo. + if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository + permissions: + contents: read + packages: write + strategy: + fail-fast: false + matrix: + epics-target: [linux-x86_64] # , linux-aarch64] + include: + - os: ubuntu-latest # everyone is on ubuntu-latest + - epics-target: linux-x86_64 + platform: linux/amd64 + + # # a temporary name until multi-arch is supported + # - epics-target: linux-aarch64 + # extension: -native-aarch64 + # platform: linux/arm64 + + runs-on: ${{ matrix.os }} + env: + TAG: ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }} + steps: + + - name: Log in to GitHub Docker Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io/${{ github.repository_owner }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build image + uses: docker/build-push-action@v6 + with: + platforms: ${{ matrix.platform }} + target: final + cache-from: type=gha,scope=${{ matrix.epics-target }} + cache-to: type=gha,mode=max,scope=${{ matrix.epics-target }} + tags: ci_test + load: true + + - name: Test image + # Opportunity to run tests using docker run 'ci_test' + if: ${{ matrix.epics-target == 'linux-x86_64' }} + run: if [ -f tests/run-tests.sh ]; then tests/run-tests.sh ci_test; fi + + - name: Push final image + if: ${{ github.event_name == 'push' && github.ref_type == 'tag' }} + uses: docker/build-push-action@v6 + with: + platforms: ${{ matrix.platform }} + target: final + tags: ${{ env.TAG }}:${{ github.ref_name }} + push: true + + - name: Push debug image + if: ${{ github.event_name == 'push' && github.ref_type == 'tag' }} + uses: docker/build-push-action@v6 + with: + platforms: ${{ matrix.platform }} + target: dockerizer + tags: ${{ env.TAG }}-debug:${{ github.ref_name }} + push: true + + release: + # Release on tag push + needs: [build] + if: ${{ github.event_name == 'push' && github.ref_type == 'tag' }} + runs-on: ubuntu-latest + + steps: + - name: Github Release + uses: softprops/action-gh-release@c062e08 # v2.0.8 + with: + generate_release_notes: true diff --git a/Dockerfile b/Dockerfile index 9ce0316..1e17322 100644 --- a/Dockerfile +++ b/Dockerfile @@ -46,6 +46,7 @@ RUN dockerize -L preserve -n -u scs -o /ca-gateway_root --verbose /epics/gateway # /epics is owned by scs in this image and should also be in later one: && chown -R scs:users /ca-gateway_root/epics +ENTRYPOINT ["/epics/gateway"] ## ========================================= # 4th stage: Finally put together our image From 3d186fe9fe3a3d0eabadaa42bb0c660dda6dc237 Mon Sep 17 00:00:00 2001 From: Giles Knap Date: Fri, 26 Jul 2024 07:49:32 +0100 Subject: [PATCH 2/4] Fix issue with python install Switched to epics-containers epics-base-developer:7.0.8ec2 Added pcas build Used python and compilers from epics-base developer stage Updated to latest (pinned) dockerize python module --- Dockerfile | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1e17322..7fb8bc2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,24 +3,28 @@ FROM alpine AS download-extract RUN apk update && apk add git -RUN git clone --branch R2-1-2-0 --depth 1 -c advice.detachedHead=false \ +RUN git clone --branch R2-1-3-0 --depth 1 -c advice.detachedHead=false \ https://github.com/epics-extensions/ca-gateway.git /ca-gateway -RUN rm -rf /ca-gateway/.git +RUN git clone --branch v4.13.3 --depth 1 -c advice.detachedHead=false \ + https://github.com/epics-modules/pcas.git /epics/support/pcas + +RUN rm -rf /ca-gateway/.git; rm -rf /epics/support/pcas/.git ## =============================== # 2nd stage: build the CA Gateway -FROM pklaus/epics_base:7.0.4_debian AS builder - -# The scs user already exists in base image. -# We set it here explicitly to clarify file ownership. -USER scs +FROM ghcr.io/epics-containers/epics-base-developer:7.0.8ec2 AS builder # Download the EPICS CA Gateway -COPY --chown=scs:users --from=download-extract /ca-gateway /epics/src/ca-gateway +COPY --from=download-extract /ca-gateway /epics/src/ca-gateway +COPY --from=download-extract /epics/support/pcas /epics/support/pcas + +RUN cd /epics/support/pcas \ + && echo "EPICS_BASE=/epics/epics-base" > configure/RELEASE.local \ + && make -j$(nproc) RUN cd /epics/src/ca-gateway \ - && echo "EPICS_BASE=/epics/base" > configure/RELEASE.local \ - && echo "PCAS=/epics/base/modules/pcas" >> configure/RELEASE.local \ + && echo "EPICS_BASE=/epics/epics-base" > configure/RELEASE.local \ + && echo "PCAS=/epics/support/pcas" >> configure/RELEASE.local \ && echo "INSTALL_LOCATION=/epics/ca-gateway" > configure/CONFIG_SITE.local \ && make -j$(nproc) @@ -30,14 +34,13 @@ RUN cd /epics/src/ca-gateway \ # to a new root folder. For more information, read # https://blog.oddbit.com/post/2015-02-05-creating-minimal-docker-images/ FROM builder AS dockerizer -USER root -# Install Python and a Python2 compatible version of larsks/dockerize -RUN apt-get update && apt-get install -yq python python-pip rsync \ - && pip install https://github.com/larsks/dockerize/archive/a903419.zip +# Install the latest commit of dockerize (2021/07/06) +RUN pip install git+https://github.com/larsks/dockerize@024b1a2 # Move the executable "gateway" to a more prominent location RUN mv /epics/ca-gateway/bin/*/gateway /epics/ +RUN useradd scs # Dockerize RUN dockerize -L preserve -n -u scs -o /ca-gateway_root --verbose /epics/gateway \ @@ -53,6 +56,7 @@ ENTRYPOINT ["/epics/gateway"] # from scratch for minimal size. FROM scratch AS final +# User scs gives us a non-root user to run the gateway USER scs COPY --from=dockerizer /ca-gateway_root / From fdfc3dd665dc87ccb775c5c54af1aa62cdacd96a Mon Sep 17 00:00:00 2001 From: Giles Knap Date: Fri, 26 Jul 2024 08:10:49 +0100 Subject: [PATCH 3/4] fix action-gh-release version --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 659f168..4b3d93c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -84,6 +84,6 @@ jobs: steps: - name: Github Release - uses: softprops/action-gh-release@c062e08 # v2.0.8 + uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8 with: generate_release_notes: true From 98d69aae4bbbdd11446d9f8ade5574304e0f67a5 Mon Sep 17 00:00:00 2001 From: Giles Knap Date: Fri, 26 Jul 2024 08:34:32 +0100 Subject: [PATCH 4/4] add debug tools --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 7fb8bc2..026046c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -28,6 +28,8 @@ RUN cd /epics/src/ca-gateway \ && echo "INSTALL_LOCATION=/epics/ca-gateway" > configure/CONFIG_SITE.local \ && make -j$(nproc) +# Install debugging tools to use this target as a debug container +RUN apt update && apt install -y net-tools tcpdump iproute2 iputils-ping vim ## ====================================== # 3rd stage: "dockerize" the application - copy executable, lib dependencies