From: Matthew Newton Date: Tue, 21 Mar 2023 22:47:19 +0000 (+0000) Subject: CI: build local Docker images for CI runs X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ddc00de32e151805819ce6c579e3dbddf0a70a07;p=thirdparty%2Ffreeradius-server.git CI: build local Docker images for CI runs --- diff --git a/.github/workflows/docker-refresh.yml b/.github/workflows/docker-refresh.yml new file mode 100644 index 00000000000..16eec583b85 --- /dev/null +++ b/.github/workflows/docker-refresh.yml @@ -0,0 +1,67 @@ +name: Docker CI Image Refresh + +on: + workflow_dispatch: + schedule: + - cron: '0 1 * * *' + +env: + DOCKER_REGISTRY: "docker.internal.networkradius.com" + DOCKER_IMAGE_NAME: "docker.internal.networkradius.com/self-hosted" + DOCKER_BASE_IMAGE: "ubuntu:20.04" + +jobs: + build-image: + timeout-minutes: 20 + + runs-on: self-hosted + if: github.event_name == 'workflow_dispatch' || github.repository_owner == 'FreeRADIUS' + + name: "build-docker-image" + + steps: + + - uses: actions/checkout@v3 + with: + lfs: false + + - name: Fetch standard base image + shell: bash + run: | + docker pull "$DOCKER_BASE_IMAGE" + docker tag "$DOCKER_BASE_IMAGE" "$DOCKER_REGISTRY/$DOCKER_BASE_IMAGE" + + - name: Create build dependency package + uses: addnab/docker-run-action@v3 + with: + options: -v ${{ github.workspace }}:/work + image: ${{ env.DOCKER_BASE_IMAGE }} + run: | + apt-get update + export DEBIAN_FRONTEND=noninteractive + apt-get install -y --no-install-recommends build-essential devscripts equivs quilt + cd /work + debian/rules debian/control + mk-build-deps debian/control + mv freeradius-build-deps_*.deb freeradius-build-deps.deb + mk-build-deps scripts/ci/extra-packages.debian.control + mv freeradius-build-deps_1*.deb freeradius-build-deps-extra.deb + chown $(stat -c'%u:%g' .git) * + + - name: Build Docker image + shell: bash + run: | + docker build --no-cache -f scripts/ci/Dockerfile -t "$DOCKER_IMAGE_NAME" . + + - name: Docker login + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_REPO_UPDATE_USERNAME }} + password: ${{ secrets.DOCKER_REPO_UPDATE_PASSWORD }} + registry: ${{ env.DOCKER_REGISTRY }} + + - name: Push images to registry + shell: bash + run: | + docker push "$DOCKER_IMAGE_NAME" + docker push "$DOCKER_REGISTRY/$DOCKER_BASE_IMAGE" diff --git a/scripts/ci/Dockerfile b/scripts/ci/Dockerfile index 0bd3fc1ffa3..01da24df97a 100644 --- a/scripts/ci/Dockerfile +++ b/scripts/ci/Dockerfile @@ -1,141 +1,143 @@ -FROM ubuntu:16.04 +FROM ubuntu:20.04 + +ARG llvm_ver=12 +ARG gcc_ver=11 +ARG openssl_ver=3.0.2 + ENV DEBIAN_FRONTEND=noninteractive +# +# Refresh APT lists and ensure up-to-date +# RUN apt-get update && \ - apt-get upgrade -y + apt-get dist-upgrade -y -RUN apt-get install -y \ +# +# Install packages needed by the build +# +RUN apt-get install -y --no-install-recommends \ apt-transport-https \ + build-essential \ + ca-certificates \ + curl \ + devscripts \ + equivs \ + gawk \ + git \ + git-lfs \ + gnupg \ + libasan6 \ + lsb-release \ + python3-pip \ + quilt \ + ruby-dev \ software-properties-common \ - wget \ - curl - + wget # -# Set up extra repositories +# Set up Ubuntu toolchain repo # -# GCC and clang RUN add-apt-repository -y ppa:ubuntu-toolchain-r/test -RUN add-apt-repository -y "deb http://apt.llvm.org/xenial/ llvm-toolchain-xenial-8 main" - -# cmake (script below used instead) -# RUN add-apt-repository -y ppa:rjvbertin/misc - -# Redis and PostgreSQL -RUN add-apt-repository ppa:chris-lea/redis-server -RUN add-apt-repository "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -sc)-pgdg main" - # -# Install repo keys +# Set up Network RADIUS repo # -RUN wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | \ - apt-key add - +RUN mkdir -p /etc/apt/keyrings && \ + curl -sS -o /etc/apt/keyrings/networkradius.asc \ + https://packages.networkradius.com/pgp/packages%40networkradius.com -RUN wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | \ - apt-key add - +RUN DIST=$(lsb_release -is | tr '[:upper:]' '[:lower:]') && \ + RELEASE=$(lsb_release -cs) && \ + echo "deb [signed-by=/etc/apt/keyrings/networkradius.asc] http://packages.networkradius.com/extras/${DIST}/${RELEASE} ${RELEASE} main" \ + > /etc/apt/sources.list.d/networkradius-extras.list +RUN apt-get update # -# Update with repos added above +# Install FreeRADIUS build-dep packages +# After NR repo so that we pick up newer libkqueue packages. # -RUN apt-get update && \ - apt-get upgrade -y +COPY freeradius-build-deps.deb /tmp/freeradius-build-deps.deb +COPY freeradius-build-deps-extra.deb /tmp/freeradius-build-deps-extra.deb +RUN apt-get install -y --no-install-recommends /tmp/freeradius-build-deps.deb && \ + apt-get --purge -y remove freeradius-build-deps && \ + apt-get install -y --no-install-recommends /tmp/freeradius-build-deps-extra.deb && \ + apt-get --purge -y remove freeradius-build-deps +RUN pip3 install tacacs_plus # -# Install everything needed +# Install Clang and GCC # -RUN apt-get install -y \ - autoconf \ - build-essential \ - clang-8 \ - debhelper \ - devscripts \ - dh-make \ - doxygen \ - fakeroot \ - firebird-dev \ - freetds-dev \ - gcc-7 \ - gccgo-7 \ +RUN apt-get install -y --no-install-recommends \ + clang-${llvm_ver} \ + llvm-${llvm_ver} \ + gcc-${gcc_ver} \ gdb \ - graphviz \ - ldap-utils \ - libcollectdclient-dev \ - libcap-dev \ - libcurl4-openssl-dev \ - libgdbm-dev \ - libhiredis-dev \ - libidn11-dev \ - libiodbc2-dev \ - libiodbc2 \ - libjson0 \ - libjson0-dev \ - libkrb5-dev \ - libldap2-dev \ - libluajit-5.1-dev \ - libmemcached-dev \ - libmysqlclient-dev \ - libnl-genl-3-dev \ - libpam0g-dev \ - libpcap-dev \ - libpcre3-dev \ - libperl-dev \ - libpq-dev \ - libpython-all-dev \ - libreadline-dev \ - libsnmp-dev \ - libssl-dev \ - libtalloc-dev \ - libtalloc2-dbg \ - libunbound-dev \ - libwbclient-dev \ - libykclient-dev \ - libyubikey-dev \ - lintian \ - llvm-8 \ - luajit \ - lynx \ - mysql-server \ - pbuilder \ - postgresql-10 \ - postgresql-client-10 \ - python-dev \ - quilt \ - slapd \ - ruby \ - git \ - redis-server \ - jq + lldb + +# +# Install Cassandra database +# +#./scripts/ci/cassandra-install.sh # -# Install cmake +# Install OpenSSL # -RUN curl -f -o cmake.sh https://cmake.org/files/v3.8/cmake-3.8.2-Linux-x86_64.sh -RUN [ "$(cat cmake.sh | openssl sha256 | sed 's/^.* //')" = "bb26b1871f9e5c2fb73476186cc94d03b674608f704b48b94d617340b87b4d73" ] -RUN sh cmake.sh --skip-license --prefix=/usr/local +#RUN wget https://www.openssl.org/source/openssl-${openssl_ver}.tar.gz && \ +# tar xzf openssl-${openssl_ver}.tar.gz && \ +# cd openssl-${openssl_ver} && \ +# ./Configure --prefix=/opt/openssl --openssldir=. --debug && \ +# make -j `nproc` && \ +# make install_sw # -# Install libkqueue +# Download to APT cache but do not install # -WORKDIR /usr/local/src/repositories +RUN apt-get install -yd --no-install-recommends \ + heimdal-dev \ + libpcre3-dev -RUN git clone --branch master --depth=1 https://github.com/mheily/libkqueue.git -### Get the latest release of libkqueue -# RUN curl -sL https://github.com/mheily/libkqueue/archive/09f9ae5560974f132ee9e8313e2b6c82c7e74f69.tar.gz > libkqueue.tgz -# RUN curl -sL $(curl -s https://api.github.com/repos/mheily/libkqueue/releases/latest | jq -r .tarball_url) > libkqueue.tgz -### Figure out the directory structure. -# RUN tar zxf libkqueue.tgz && mv $(tar ztf libkqueue.tgz | head -1) libkqueue -WORKDIR /usr/local/src/repositories/libkqueue +# +# Extra installs for the CI testing stage +# +RUN mkdir -p /etc/apt/keyrings && \ + curl -sS -o /etc/apt/keyrings/openresty.asc \ + https://openresty.org/package/pubkey.gpg + +RUN RELEASE=$(lsb_release -cs) && \ + echo "deb [signed-by=/etc/apt/keyrings/openresty.asc] http://openresty.org/package/ubuntu $(lsb_release -sc) main" \ + > /etc/apt/sources.list.d/openresty.list && \ + apt-get update + +RUN echo "samba-common samba-common/workgroup string WORKGROUP" | debconf-set-selections && \ + echo "samba-common samba-common/dhcp boolean false" | debconf-set-selections && \ + echo "samba-common samba-common/do_debconf boolean true" | debconf-set-selections + +RUN apt-get install -y --no-install-recommends \ + 389-ds \ + apparmor-utils \ + dovecot-imapd \ + exim4 \ + krb5-user \ + ldap-utils \ + mariadb-client \ + openresty \ + postgresql-client \ + redis-server \ + redis-tools \ + slapd \ + winbind +# samba \ + -RUN cmake -G "Unix Makefiles" -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_INSTALL_LIBDIR=lib ./ && \ - make && \ - cpack -G DEB && \ - dpkg -i --force-all ./libkqueue*.deb +# +# Additional improvements +# - install eapol_test +# - install openssl 3.0 (needs CI update to enable/disable) +# -WORKDIR /usr/local/src/repositories