From 15db466f1ff651ca07d8f319b8406fc0c3da4271 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9goire=20Pailler?= Date: Mon, 15 Feb 2021 08:53:03 +0800 Subject: [PATCH 1/4] Add missing python3-dev and cargo to build cryptography dependency and switch to multi-stage Docker build to keep a slim final image (https://cryptography.io/en/latest/installation.html#alpine) --- .dockerignore | 5 +++++ Dockerfile | 33 ++++++++++++++++----------------- 2 files changed, 21 insertions(+), 17 deletions(-) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..633f098 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,5 @@ +.git +.gitignore +.github +README.MD +LICENSE diff --git a/Dockerfile b/Dockerfile index d82ffef..bd1f4c5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,24 +1,23 @@ -FROM python:3-alpine +FROM python:3-alpine AS base -RUN echo 'http://dl-cdn.alpinelinux.org/alpine/v3.9/community' >> /etc/apk/repositories -RUN apk update -RUN apk add --no-cache pkgconfig gammu=1.39.0-r2 gammu-libs=1.39.0-r2 gammu-dev=1.39.0-r2 -RUN mkdir ssl +RUN echo 'http://dl-cdn.alpinelinux.org/alpine/v3.9/community' >> /etc/apk/repositories \ + && apk update \ + && apk add --no-cache pkgconfig gammu=1.39.0-r2 gammu-libs=1.39.0-r2 gammu-dev=1.39.0-r2 +# Build dependencies in a dedicated stage +FROM base AS dependencies +COPY requirements.txt . +RUN apk add --no-cache --virtual .build-deps libffi-dev openssl-dev gcc musl-dev python3-dev cargo \ + && pip install -r requirements.txt + +# Switch back to base layer for final stage +FROM base AS final ENV BASE_PATH /sms-gw -RUN mkdir $BASE_PATH +RUN mkdir $BASE_PATH /ssl WORKDIR $BASE_PATH -ADD requirements.txt . -ADD gammu.config . -ADD credentials.txt . -ADD support.py . - -#RUN pip install -r requirements.txt - -RUN apk add --no-cache --virtual .build-deps libffi-dev openssl-dev gcc musl-dev \ - && pip install -r requirements.txt \ - && apk del .build-deps libffi-dev openssl-dev gcc musl-dev +COPY . $BASE_PATH -ADD run.py . +COPY --from=dependencies /root/.cache /root/.cache +RUN pip install -r requirements.txt && rm -rf /root/.cache CMD [ "python", "./run.py" ] From e7ef8ceb8fce876843559b1f808f509069311ad6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9goire=20Pailler?= Date: Mon, 15 Feb 2021 08:43:04 +0800 Subject: [PATCH 2/4] Add workflow to build and push Docker images for amd64/armv6/arm64 --- .github/workflows/docker_image.yml | 51 ++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 .github/workflows/docker_image.yml diff --git a/.github/workflows/docker_image.yml b/.github/workflows/docker_image.yml new file mode 100644 index 0000000..a8e1436 --- /dev/null +++ b/.github/workflows/docker_image.yml @@ -0,0 +1,51 @@ +name: Docker image + +on: + # Run manually from the Actions tab + workflow_dispatch: + # Run automatically when a change is pushed on master + #push: + # branches: master + +env: + PLATFORMS: linux/amd64,linux/arm/v6,linux/arm64 + DOCKER_HUB_REPOSITORY: ${{ github.repository }} + DOCKER_HUB_TAG: latest + +jobs: + docker: + name: Docker build and push + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Set up QEMU for multi-arch build + uses: docker/setup-qemu-action@v1 + + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Login to Docker Hub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + + - name: Build and push + uses: docker/build-push-action@v2 + with: + platforms: ${{ env.PLATFORMS }} + push: true + tags: ${{ env.DOCKER_HUB_REPOSITORY }}:${{ env.DOCKER_HUB_TAG }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache,mode=max From 0c01312c1b13281e4087005e985f857bed488385 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9goire=20Pailler?= Date: Wed, 17 Feb 2021 09:58:08 +0800 Subject: [PATCH 3/4] Force pip update (advised by cryptography dependency) --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index bd1f4c5..1b27c93 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,6 +4,8 @@ RUN echo 'http://dl-cdn.alpinelinux.org/alpine/v3.9/community' >> /etc/apk/repos && apk update \ && apk add --no-cache pkgconfig gammu=1.39.0-r2 gammu-libs=1.39.0-r2 gammu-dev=1.39.0-r2 +RUN python -m pip install -U pip + # Build dependencies in a dedicated stage FROM base AS dependencies COPY requirements.txt . From 40aa6abc63c1d2b253f0de02fcce4221ab77469d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9goire=20Pailler?= Date: Wed, 17 Feb 2021 22:59:43 +0800 Subject: [PATCH 4/4] Allow customization of the Docker image tag when running the GH workflow --- .github/workflows/docker_image.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/docker_image.yml b/.github/workflows/docker_image.yml index a8e1436..93cea9f 100644 --- a/.github/workflows/docker_image.yml +++ b/.github/workflows/docker_image.yml @@ -1,16 +1,17 @@ name: Docker image on: - # Run manually from the Actions tab workflow_dispatch: - # Run automatically when a change is pushed on master - #push: - # branches: master + inputs: + docker_tag: + description: 'Docker image tag' + required: true + default: 'latest' env: PLATFORMS: linux/amd64,linux/arm/v6,linux/arm64 DOCKER_HUB_REPOSITORY: ${{ github.repository }} - DOCKER_HUB_TAG: latest + DOCKER_HUB_TAG: ${{ github.event.inputs.docker_tag }} jobs: docker: