diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index dfc78a79..0755d906 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -86,3 +86,100 @@ jobs: OpenICF-ssh-connector/target/*.jar OpenICF-xml-connector/target/*.jar !**/*-sources.jar + build-docker: + runs-on: 'ubuntu-latest' + services: + registry: + image: registry:2 + ports: + - 5000:5000 + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + submodules: recursive + - name: Get latest release version + shell: bash + run: | + git fetch -t; export git_version_last="$(git describe --abbrev=0 --tags)" ; echo "last release: $git_version_last" + echo "release_version=$git_version_last" >> $GITHUB_ENV + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + localhost:5000/${{ github.repository }} + tags: | + type=raw,value=${{ env.release_version }} + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + driver-opts: network=host + - name: Build image (default) + uses: docker/build-push-action@v5 + continue-on-error: true + with: + context: . + file: ./Dockerfile + build-args: | + VERSION=${{ env.release_version }} + platforms: linux/amd64, linux/arm64/8, linux/arm/v7, linux/ppc64le, linux/s390x + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + - name: Docker test + shell: bash + run: | + docker run --rm -it -d --memory="1g" --name=test localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }} + timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test | grep -q \"healthy\"; do sleep 10; done' + build-docker-alpine: + runs-on: 'ubuntu-latest' + services: + registry: + image: registry:2 + ports: + - 5000:5000 + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + submodules: recursive + - name: Get latest release version + shell: bash + run: | + git fetch -t; export git_version_last="$(git describe --abbrev=0 --tags)" ; echo "last release: $git_version_last" + echo "release_version=$git_version_last" >> $GITHUB_ENV + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + localhost:5000/${{ github.repository }} + tags: | + type=raw,value=alpine + type=raw,value=${{ env.release_version }}-alpine + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + driver-opts: network=host + - name: Build image + continue-on-error: true + uses: docker/build-push-action@v5 + with: + context: . + file: ./Dockerfile-alpine + build-args: | + VERSION=${{ env.release_version }} + platforms: linux/amd64,linux/arm64/8, linux/s390x, linux/386, linux/arm/v7, linux/arm/v6, linux/ppc64le + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + - name: Docker test + shell: bash + run: | + docker run --rm -it -d --memory="1g" --name=test localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}-alpine + timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test | grep -q \"healthy\"; do sleep 10; done' \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 627a6e50..ed8c5cc6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -76,3 +76,99 @@ jobs: OpenICF-ldap-connector/target/*.jar OpenICF-ssh-connector/target/*.jar OpenICF-xml-connector/target/*.jar + release-docker: + name: Docker release + runs-on: 'ubuntu-latest' + needs: + - release-maven + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.event.inputs.releaseVersion }} + fetch-depth: 1 + submodules: recursive + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ${{ github.repository }} + ghcr.io/${{ github.repository }}/${{ github.event.repository.name }} + tags: | + type=raw,value=latest + type=raw,value=${{ github.event.inputs.releaseVersion }} + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Login to DockerHub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Login to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and push image + uses: docker/build-push-action@v5 + continue-on-error: true + with: + context: .opendj-packages/opendj-docker + file: ./Dockerfile + build-args: | + VERSION=${{ github.event.inputs.releaseVersion }} + platforms: linux/amd64, linux/arm64/8, linux/arm/v7, linux/ppc64le, linux/s390x + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + release-docker-alpine: + name: Docker release + runs-on: 'ubuntu-latest' + needs: + - release-maven + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.event.inputs.releaseVersion }} + fetch-depth: 1 + submodules: recursive + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ${{ github.repository }} + ghcr.io/${{ github.repository }}/${{ github.event.repository.name }} + tags: | + type=raw,value=alpine + type=raw,value=${{ github.event.inputs.releaseVersion }}-alpine + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Login to DockerHub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Login to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and push image + continue-on-error: true + uses: docker/build-push-action@v5 + with: + context: . + file: ./Dockerfile-alpine + build-args: | + VERSION=${{ github.event.inputs.releaseVersion }} + platforms: linux/amd64,linux/arm64/8, linux/s390x, linux/386, linux/arm/v7, linux/arm/v6, linux/ppc64le + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..89be0abb --- /dev/null +++ b/Dockerfile @@ -0,0 +1,33 @@ +FROM eclipse-temurin:8-jre-jammy + +MAINTAINER Open Identity Platform Community + +ENV USER="openicf" +ENV OPENICF_OPTS="-server -XX:+UseContainerSupport" + +ARG VERSION + +WORKDIR /opt + +#COPY OpenICF-java-framework/openicf-zip/target/*.zip ./ + +RUN apt-get update +RUN apt-get install -y --no-install-recommends curl unzip +RUN if [ ! -z "$VERSION" ] ; then rm -rf ./*.zip ; curl -L https://github.com/OpenIdentityPlatform/OpenICF/releases/download/$VERSION/openicf-$VERSION.zip --output openicf-$VERSION.zip ; fi +RUN unzip openicf-*.zip && rm -rf *.zip +RUN apt-get remove -y --purge unzip +RUN rm -rf /var/lib/apt/lists/* +RUN groupadd $USER +RUN useradd -m -r -u 1001 -g $USER $USER +RUN install -d -o $USER /opt/openicf +RUN chown -R $USER:$USER /opt/openicf +RUN chmod -R g=u /opt/openicf +RUN chmod +x /opt/openicf/bin/*.sh + +EXPOSE 8759 + +USER $USER + +HEALTHCHECK --interval=30s --timeout=30s --start-period=1s --retries=3 CMD curl -i -o - --silent http://127.0.0.1:8759/openicf | grep -q "OpenICF0 Connector Server" + +ENTRYPOINT ["/opt/openicf/bin/ConnectorServer.sh","/run"] diff --git a/Dockerfile-alpine b/Dockerfile-alpine new file mode 100644 index 00000000..99d678dd --- /dev/null +++ b/Dockerfile-alpine @@ -0,0 +1,33 @@ +FROM openjdk:8-jre-alpine + +MAINTAINER Open Identity Platform Community + +ENV USER="openicf" +ENV OPENICF_OPTS="-server -XX:+UseContainerSupport" + +ARG VERSION + +WORKDIR /opt + +#COPY OpenICF-java-framework/openicf-zip/target/*.zip ./ + +RUN apk add --update --no-cache --virtual builddeps curl unzip +RUN apk upgrade --update --no-cache +RUN apk add bash +RUN if [ ! -z "$VERSION" ] ; then rm -rf ./*.zip ; curl -L https://github.com/OpenIdentityPlatform/OpenICF/releases/download/$VERSION/openicf-$VERSION.zip --output openicf-$VERSION.zip ; fi +RUN unzip openicf-*.zip && rm -rf *.zip +RUN apk del unzip +RUN addgroup -S $USER +RUN adduser -S -u 1001 -G $USER $USER +RUN install -d -o $USER /opt/openicf +RUN chown -R $USER:$USER /opt/openicf +RUN chmod -R g=u /opt/openicf +RUN chmod +x /opt/openicf/bin/*.sh + +EXPOSE 8759 + +USER $USER + +HEALTHCHECK --interval=30s --timeout=30s --start-period=1s --retries=3 CMD curl -i -o - --silent http://127.0.0.1:8759/openicf | grep -q "OpenICF Connector Server" + +ENTRYPOINT ["/opt/openicf/bin/ConnectorServer.sh","/run"] diff --git a/README.md b/README.md index 8cb68640..88bc3636 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,7 @@ [![Last commit](https://img.shields.io/github/last-commit/OpenIdentityPlatform/OpenICF.svg)](https://github.com/OpenIdentityPlatform/OpenICF/commits/master) [![License](https://img.shields.io/badge/license-CDDL-blue.svg)](https://github.com/OpenIdentityPlatform/OpenICF/blob/master/LICENSE.md) [![Downloads](https://img.shields.io/github/downloads/OpenIdentityPlatform/OpenICF/total.svg)](https://github.com/OpenIdentityPlatform/OpenICF/releases) +[![Docker](https://img.shields.io/docker/pulls/openidentityplatform/openicf.svg)](https://hub.docker.com/r/openidentityplatform/openicf) [![Gitter](https://img.shields.io/gitter/room/nwjs/nw.js.svg)](https://gitter.im/OpenIdentityPlatform/OpenIDM) [![Top language](https://img.shields.io/github/languages/top/OpenIdentityPlatform/OpenICF.svg)](https://github.com/OpenIdentityPlatform/OpenICF) [![Code size in bytes](https://img.shields.io/github/languages/code-size/OpenIdentityPlatform/OpenICF.svg)](https://github.com/OpenIdentityPlatform/OpenICF) @@ -26,6 +27,7 @@ This project is licensed under the [Common Development and Distribution License ## Downloads * [OpenICF ZIP](https://github.com/OpenIdentityPlatform/OpenICF/releases) +* [OpenICF Docker](https://hub.docker.com/r/openidentityplatform/openicf/) ### OpenICF Java connectors: * [csvfile-connector](https://github.com/OpenIdentityPlatform/OpenICF/releases)