-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
refactor docker build for ariang and frp
- Loading branch information
Showing
27 changed files
with
377 additions
and
670 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,3 @@ | ||
# Docker Images | ||
|
||
Just a set of docker build files, but they are too small to be in their own repository. |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,63 +1,110 @@ | ||
FROM alpine AS prepare | ||
|
||
RUN set -xe \ | ||
&& apk add --no-cache git make gcc libc-dev \ | ||
&& mkdir /build \ | ||
&& cd /build \ | ||
&& git clone --depth=1 https://github.com/BR903/ELFkickers.git \ | ||
&& cd ELFkickers \ | ||
&& make PROGRAMS=sstrip \ | ||
&& cp sstrip/sstrip /build \ | ||
&& cd .. \ | ||
&& rm -rf ELFkickers \ | ||
&& apk del make gcc libc-dev | ||
|
||
WORKDIR /build | ||
ARG CHECKOUT_VERSION | ||
ARG NODE_VERSION=10.24.1 | ||
|
||
RUN set -xe \ | ||
&& apk add --no-cache curl xxd qpdf \ | ||
&& curl -sSO https://unofficial-builds.nodejs.org/download/release/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-x64-musl.tar.xz \ | ||
&& tar -Jxf node-v${NODE_VERSION}-linux-x64-musl.tar.xz \ | ||
&& rm -f node-v${NODE_VERSION}-linux-x64-musl.tar.xz \ | ||
&& export PATH=/build/node-v${NODE_VERSION}-linux-x64-musl/bin:$PATH \ | ||
&& git clone https://github.com/mayswind/AriaNg.git \ | ||
&& cd AriaNg \ | ||
&& export LATEST_VERSION=`git tag --sort=v:refname | grep '^\d' | tail -n1` \ | ||
&& export VERSION="${CHECKOUT_VERSION:-$LATEST_VERSION}" \ | ||
&& echo VERSION=$VERSION > /build/.env \ | ||
&& echo LATEST_VERSION=$LATEST_VERSION >> /build/.env \ | ||
&& git checkout $VERSION \ | ||
&& npm i \ | ||
&& npx gulp build-bundle \ | ||
&& cp dist/index.html /build/ \ | ||
&& cd /build \ | ||
&& rm -rf AriaNg node-v${NODE_VERSION}-linux-x64-musl \ | ||
&& zlib-flate -compress=9 < index.html > index.html.deflate \ | ||
&& xxd -i index.html.deflate > index_html_deflate.c \ | ||
&& apk del curl xxd qpdf | ||
|
||
ARG MUSLCC_TARGET | ||
FROM muslcc/x86_64:${MUSLCC_TARGET} AS build | ||
|
||
COPY --from=prepare /build /build | ||
COPY httpd.c /build | ||
|
||
WORKDIR /build | ||
|
||
RUN set -xe \ | ||
&& sed -i "s/\\\${CONTENT_LENGTH}/$(stat -c%s index.html.deflate)/" httpd.c \ | ||
&& gcc -Os --static -s -fno-stack-protector -ffunction-sections -fdata-sections -Wl,--gc-sections httpd.c -o httpd \ | ||
&& /build/sstrip httpd | ||
# syntax=docker/dockerfile:1 | ||
|
||
FROM --platform=$BUILDPLATFORM node:lts AS build | ||
|
||
ARG GIT_BRANCH | ||
|
||
RUN <<EOF | ||
set -ex | ||
if [ ! -z "$NPM_REGISTRY" ]; then | ||
npm config set registry $NPM_REGISTRY | ||
fi | ||
|
||
mkdir -p /build | ||
cd /build | ||
git clone --depth 1 --branch $GIT_BRANCH https://github.com/mayswind/AriaNg.git | ||
cd AriaNg | ||
npm install | ||
npm run build | ||
EOF | ||
|
||
FROM --platform=$BUILDPLATFORM tonistiigi/xx AS xx | ||
|
||
FROM --platform=$BUILDPLATFORM alpine:edge AS xbuild | ||
|
||
COPY --from=xx / / | ||
|
||
RUN <<EOF | ||
set -ex | ||
if [ ! -z "$APK_MIRROR" ]; then | ||
sed -i "s/dl-cdn.alpinelinux.org/$APK_MIRROR/g" /etc/apk/repositories | ||
fi | ||
EOF | ||
|
||
RUN --mount=type=cache,target=/var/cache/apk,sharing=locked \ | ||
--mount=type=cache,target=/var/lib/apk,sharing=locked \ | ||
--mount=type=tmpfs,target=/var/cache \ | ||
--mount=type=tmpfs,target=/var/lock \ | ||
--mount=type=tmpfs,target=/var/log \ | ||
--mount=type=tmpfs,target=/var/tmp \ | ||
--mount=type=tmpfs,target=/tmp \ | ||
--mount=type=tmpfs,target=/run \ | ||
<<EOF | ||
set -ex | ||
|
||
apk add clang git libcap lld make | ||
EOF | ||
|
||
RUN <<EOF | ||
set -ex | ||
|
||
mkdir -p /build | ||
cd /build | ||
git clone --depth 1 https://github.com/BR903/ELFkickers.git | ||
cd ELFkickers | ||
make PROGRAMS=sstrip | ||
cp sstrip/sstrip /usr/local/bin | ||
EOF | ||
|
||
RUN <<EOF | ||
set -ex | ||
|
||
mkdir -p /build | ||
cd /build | ||
git clone --depth 1 https://github.com/emikulic/darkhttpd.git | ||
EOF | ||
|
||
ARG TARGETPLATFORM | ||
|
||
RUN --mount=type=cache,target=/var/cache/apk,id=apk-cache-$TARGETARCH$TARGETVARIANT,sharing=locked \ | ||
--mount=type=cache,target=/var/lib/apk,id=apk-lib-$TARGETARCH$TARGETVARIANT,sharing=locked \ | ||
--mount=type=tmpfs,target=/var/cache \ | ||
--mount=type=tmpfs,target=/var/lock \ | ||
--mount=type=tmpfs,target=/var/log \ | ||
--mount=type=tmpfs,target=/var/tmp \ | ||
--mount=type=tmpfs,target=/tmp \ | ||
--mount=type=tmpfs,target=/run \ | ||
<<EOF | ||
set -ex | ||
|
||
xx-apk add gcc musl-dev | ||
EOF | ||
|
||
RUN <<EOF | ||
set -ex | ||
|
||
cd /build/darkhttpd | ||
make darkhttpd-static CC=xx-clang CFLAGS='-Os -D_FORTIFY_SOURCE=2 -Dstrip=true -fstack-clash-protection -fstack-protector-strong -pipe -Wall -Wextra -Werror=format-security -Werror=implicit-function-declaration -Wl,-z,defs -Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack' | ||
setcap cap_net_bind_service=+ep darkhttpd-static | ||
sstrip darkhttpd-static || true | ||
xx-verify darkhttpd-static | ||
|
||
mkdir -p /build/root/etc | ||
cp darkhttpd-static /build/root/darkhttpd | ||
echo 'nobody:x:65534:65534:nobody:/www:/darkhttpd' > /build/root/etc/passwd | ||
echo 'nobody:x:65534:' > /build/root/etc/group | ||
EOF | ||
|
||
COPY --from=build /build/AriaNg/dist /build/root/www | ||
|
||
FROM scratch | ||
|
||
COPY --from=build /build/httpd /ariang | ||
COPY --from=xbuild /build/root/ / | ||
|
||
ARG VERSION | ||
LABEL version=${VERSION} | ||
|
||
EXPOSE 8080 | ||
CMD ["/ariang"] | ||
|
||
ENTRYPOINT ["/darkhttpd"] | ||
CMD ["/www", "--chroot", "--uid", "nobody", "--gid", "nobody", "--port", "8080"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
#!/bin/sh | ||
|
||
set -e | ||
|
||
DOCKER_REPO="${DOCKER_REPO:-leonismoe/ariang}" | ||
|
||
LATEST=0 | ||
|
||
if [ -z "$VERSION" ]; then | ||
GIT_BRANCH="$(curl -fsSL https://github.com/mayswind/AriaNg/releases.atom | grep -oE 'releases/tag/[^"]+' | head -n1 | cut -d/ -f3)" | ||
VERSION=${GIT_BRANCH#v} | ||
LATEST=1 | ||
else | ||
GIT_BRANCH="$VERSION" | ||
fi | ||
|
||
docker buildx build --pull --push \ | ||
-t $DOCKER_REPO:$VERSION \ | ||
--platform linux/amd64,linux/arm64/v8,linux/arm/v6,linux/arm/v7,linux/386,linux/ppc64le,linux/s390x,linux/riscv64 \ | ||
--build-arg VERSION=$VERSION \ | ||
--build-arg GIT_BRANCH=$GIT_BRANCH \ | ||
. | ||
|
||
if [ $LATEST -eq 1 ]; then | ||
docker buildx imagetools create -t $DOCKER_REPO:latest $DOCKER_REPO:$VERSION | ||
fi | ||
|
||
if [ ! -z "$GHCR_REPO" ]; then | ||
docker buildx imagetools create -t $GHCR_REPO:$VERSION $DOCKER_REPO:$VERSION | ||
if [ $LATEST -eq 1 ]; then | ||
docker buildx imagetools create -t $GHCR_REPO:latest $DOCKER_REPO:$VERSION | ||
fi | ||
fi |
Oops, something went wrong.