From 1cd364e46ed2bd1d86dede2e0e0ae290ee9618d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=90=B4=E5=B0=8F=E7=99=BD?= <296015668@qq.com> Date: Sat, 27 Jan 2024 01:19:41 +0800 Subject: [PATCH] =?UTF-8?q?perf:=20=E5=B0=9D=E8=AF=95=E8=B0=83=E8=AF=95?= =?UTF-8?q?=E7=BC=93=E5=AD=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/build.yml | 21 +++++++++ .github/workflows/cache.yml | 53 +++++++++++++++++++++ core/Dockerfile | 91 ++----------------------------------- core/Dockerfile.base | 85 ++++++++++++++++++++++++++++++++++ 4 files changed, 164 insertions(+), 86 deletions(-) create mode 100644 .github/workflows/cache.yml create mode 100644 core/Dockerfile.base diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b293eec..608d819 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,9 +16,30 @@ jobs: - uses: actions/checkout@v4 - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 + - uses: actions/setup-python@v4 + if: matrix.component == 'core' + with: + python-version: 3.11 + + - uses: abatilo/actions-poetry@v2 + if: matrix.component == 'core' + - name: Get Version run: | echo "version=$(basename ${GITHUB_REF})" >> $GITHUB_ENV + + - name: Generate poetry.lock + if: matrix.component == 'core' + run: | + wget https://github.com/jumpserver/jumpserver/raw/${{ env.version }}/pyproject.toml + sed -i 's@^cython =@# cython =@g' pyproject.toml + sed -i 's@^certifi =@# certifi =@g' pyproject.toml + sed -i 's@^cffi =@# cffi =@g' pyproject.toml + sed -i 's@^idna =@# idna =@g' pyproject.toml + sed -i 's@^urllib3 =@# urllib3 =@g' pyproject.toml + poetry config virtualenvs.create false + poetry source add --priority=default PyPI + poetry lock --no-update - name: Login to Docker Hub uses: docker/login-action@v3 diff --git a/.github/workflows/cache.yml b/.github/workflows/cache.yml new file mode 100644 index 0000000..25e0401 --- /dev/null +++ b/.github/workflows/cache.yml @@ -0,0 +1,53 @@ +name: Build Cache + +on: + push: + branches: + - master + schedule: + - cron: '0 1 * * *' + +jobs: + build-cache: + runs-on: ubuntu-latest + strategy: + matrix: + component: [core] + steps: + - uses: actions/checkout@v4 + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 + + - name: Get Cryptography Version + run: | + wget https://github.com/jumpserver/jumpserver/raw/master/pyproject.toml + cryptography_version=$(awk -F'"' '/cryptography/{print $2}' pyproject.toml) + echo "cryptography_version=${cryptography_version}" >> $GITHUB_ENV + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_TOKEN }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and Push Image + uses: docker/build-push-action@v5 + with: + context: . + file: ${{ matrix.component }}/Dockerfile.base + platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x + push: true + build-args: + CRYPTOGRAPHY_VERSION=${{ env.cryptography_version }} + tags: | + ${{ github.repository_owner }}/${{ matrix.component }}:base-bookworm + ghcr.io/${{ github.repository_owner }}/${{ matrix.component }}:base-bookworm + cache-from: type=gha + cache-to: type=gha,mode=max \ No newline at end of file diff --git a/core/Dockerfile b/core/Dockerfile index 78dd645..403ee01 100644 --- a/core/Dockerfile +++ b/core/Dockerfile @@ -41,99 +41,18 @@ RUN set -ex \ && cd utils \ && bash -ixeu build.sh -FROM python:3.11-slim-bookworm as stage-2 +FROM wojiushixiaobai/core:base-bookworm as stage-2 ARG TARGETARCH -ARG BUILD_DEPENDENCIES=" \ - g++ \ - make \ - pkg-config" - -ARG DEPENDENCIES=" \ - freetds-dev \ - libpq-dev \ - libffi-dev \ - libjpeg-dev \ - libldap2-dev \ - libsasl2-dev \ - libssl-dev \ - libxml2-dev \ - libxmlsec1-dev \ - libxmlsec1-openssl \ - freerdp2-dev \ - libaio-dev" - -ARG TOOLS=" \ - ca-certificates \ - curl \ - default-libmysqlclient-dev \ - default-mysql-client \ - git \ - git-lfs \ - unzip \ - xz-utils \ - wget" - -RUN set -ex \ - && apt-get update \ - && apt-get -y install --no-install-recommends ${BUILD_DEPENDENCIES} \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ - && apt-get -y install --no-install-recommends ${TOOLS} \ - && echo "no" | dpkg-reconfigure dash \ - && apt-get clean all \ - && rm -rf /var/lib/apt/lists/* - -WORKDIR /opt - -ARG RUST_VERSION=1.71.1 -RUN set -ex \ - && mkdir -p /opt/rust-install \ - && rustUrl="https://static.rust-lang.org/dist" \ - && \ - case "${TARGETARCH}" in \ - # amd64) rustArch='x86_64-unknown-linux-gnu'; \ - # ;; \ - # arm64) rustArch='aarch64-unknown-linux-gnu'; \ - # ;; \ - mips64le) rustArch='mips64el-unknown-linux-gnuabi64'; \ - ;; \ - ppc64le) rustArch='powerpc64le-unknown-linux-gnu'; \ - ;; \ - riscv64) rustArch='riscv64gc-unknown-linux-gnu'; \ - ;; \ - s390x) rustArch='s390x-unknown-linux-gnu'; \ - ;; \ - loong64) rustArch='loongarch64-unknown-linux-gnu'; \ - rustUrl="https://download.jumpserver.org/rust/dist"; \ - ;; \ - *) echo >&2 "error: unsupported architecture: ${TARGETARCH}"; \ - ;; \ - esac \ - && \ - if [ -n "${rustArch}" ]; then \ - wget -O /opt/rust.tar.gz "${rustUrl}/rust-${RUST_VERSION}-${rustArch}.tar.xz"; \ - tar -xf /opt/rust.tar.gz -C /opt/rust-install --strip-components=1; \ - cd /opt/rust-install && ./install.sh; \ - cd /opt && rm -rf /opt/rust-install /opt/rust.tar.gz; \ - fi - -COPY --from=stage-1 /opt/jumpserver/poetry.lock /opt/jumpserver/pyproject.toml /opt/jumpserver/ - WORKDIR /opt/jumpserver -ARG PYTHONUNBUFFERED=1 \ - PYTHONDONTWRITEBYTECODE=1 - -ENV GRPC_PYTHON_BUILD_SYSTEM_OPENSSL=1 +ADD poetry.lock pyproject.toml /opt/jumpserver/ -RUN --mount=type=cache,target=/root/.cache \ -set -ex \ +RUN set -ex \ && python3 -m venv /opt/py3 \ - && pip install $(grep cryptography pyproject.toml | sed 's/ = /==/g' | sed 's/"//g') \ - && pip install poetry \ - && poetry config virtualenvs.create false \ && . /opt/py3/bin/activate \ - && poetry install --only=main + && poetry install --only=main \ + && rm -rf /root/.cache FROM python:3.11-slim-bookworm ENV LANG=en_US.UTF-8 \ diff --git a/core/Dockerfile.base b/core/Dockerfile.base new file mode 100644 index 0000000..ef70604 --- /dev/null +++ b/core/Dockerfile.base @@ -0,0 +1,85 @@ +FROM python:3.11-slim-bookworm +ARG TARGETARCH + +ARG BUILD_DEPENDENCIES=" \ + g++ \ + make \ + pkg-config" + +ARG DEPENDENCIES=" \ + freetds-dev \ + libpq-dev \ + libffi-dev \ + libjpeg-dev \ + libldap2-dev \ + libsasl2-dev \ + libssl-dev \ + libxml2-dev \ + libxmlsec1-dev \ + libxmlsec1-openssl \ + freerdp2-dev \ + libaio-dev" + +ARG TOOLS=" \ + ca-certificates \ + curl \ + default-libmysqlclient-dev \ + default-mysql-client \ + git \ + git-lfs \ + unzip \ + xz-utils \ + wget" + +RUN set -ex \ + && apt-get update \ + && apt-get -y install --no-install-recommends ${BUILD_DEPENDENCIES} \ + && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ + && apt-get -y install --no-install-recommends ${TOOLS} \ + && echo "no" | dpkg-reconfigure dash \ + && apt-get clean all \ + && rm -rf /var/lib/apt/lists/* + +WORKDIR /opt + +ARG RUST_VERSION=1.71.1 +RUN set -ex \ + && mkdir -p /opt/rust-install \ + && rustUrl="https://static.rust-lang.org/dist" \ + && \ + case "${TARGETARCH}" in \ + # amd64) rustArch='x86_64-unknown-linux-gnu'; \ + # ;; \ + # arm64) rustArch='aarch64-unknown-linux-gnu'; \ + # ;; \ + mips64le) rustArch='mips64el-unknown-linux-gnuabi64'; \ + ;; \ + ppc64le) rustArch='powerpc64le-unknown-linux-gnu'; \ + ;; \ + riscv64) rustArch='riscv64gc-unknown-linux-gnu'; \ + ;; \ + s390x) rustArch='s390x-unknown-linux-gnu'; \ + ;; \ + loong64) rustArch='loongarch64-unknown-linux-gnu'; \ + rustUrl="https://download.jumpserver.org/rust/dist"; \ + ;; \ + *) echo >&2 "error: unsupported architecture: ${TARGETARCH}"; \ + ;; \ + esac \ + && \ + if [ -n "${rustArch}" ]; then \ + wget -O /opt/rust.tar.gz "${rustUrl}/rust-${RUST_VERSION}-${rustArch}.tar.xz"; \ + tar -xf /opt/rust.tar.gz -C /opt/rust-install --strip-components=1; \ + cd /opt/rust-install && ./install.sh; \ + cd /opt && rm -rf /opt/rust-install /opt/rust.tar.gz; \ + fi + +ARG CRYPTOGRAPHY_VERSION + +ENV PYTHONUNBUFFERED=1 \ + PYTHONDONTWRITEBYTECODE=1 \ + GRPC_PYTHON_BUILD_SYSTEM_OPENSSL=1 + +RUN set -ex \ + && pip install cryptography==${CRYPTOGRAPHY_VERSION} \ + && pip install poetry \ No newline at end of file