From ad1667063f54be47f7c6160367be62489ef81c33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=90=B4=E5=B0=8F=E7=99=BD?= <296015668@qq.com> Date: Sat, 27 Jan 2024 01:19:41 +0800 Subject: [PATCH] =?UTF-8?q?perf:=20=E5=B0=9D=E8=AF=95=E8=B0=83=E8=AF=95?= =?UTF-8?q?=E7=BC=93=E5=AD=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/build.yml | 24 ++++++++++ .github/workflows/cache.yml | 57 ++++++++++++++++++++++ core/Dockerfile | 96 +++---------------------------------- core/Dockerfile.base | 91 +++++++++++++++++++++++++++++++++++ 4 files changed, 178 insertions(+), 90 deletions(-) create mode 100644 .github/workflows/cache.yml create mode 100644 core/Dockerfile.base diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b293eec..f546f76 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -7,7 +7,31 @@ on: - '*' # Push events to matching v*, i.e. v1.0, v20.15.10 jobs: + prepare: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 + - uses: actions/setup-python@v4 + with: + python-version: 3.11 + + - uses: abatilo/actions-poetry@v2 + + - name: Get Version + run: | + echo "version=$(basename ${GITHUB_REF})" >> $GITHUB_ENV + + - name: Generate poetry.lock + run: | + wget https://github.com/jumpserver/jumpserver/raw/${{ env.version }}/pyproject.toml + poetry config virtualenvs.create false + poetry source add --priority=default PyPI + poetry lock --no-update + build: + needs: prepare runs-on: ubuntu-latest strategy: matrix: diff --git a/.github/workflows/cache.yml b/.github/workflows/cache.yml new file mode 100644 index 0000000..a8df26a --- /dev/null +++ b/.github/workflows/cache.yml @@ -0,0 +1,57 @@ +name: Build Cache + +on: + push: + branches: + - master + schedule: + - cron: '0 1 * * *' + +jobs: + build-cache: + runs-on: ubuntu-latest + strategy: + matrix: + component: [core] + steps: + - uses: actions/checkout@v4 + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 + - uses: actions/setup-python@v4 + with: + python-version: 3.11 + + - uses: abatilo/actions-poetry@v2 + + - name: Generate poetry.lock + run: | + wget https://github.com/jumpserver/jumpserver/raw/master/pyproject.toml + poetry config virtualenvs.create false + poetry source add --priority=default PyPI + poetry lock --no-update + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_TOKEN }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and Push Image + uses: docker/build-push-action@v5 + with: + context: . + file: ${{ matrix.component }}/Dockerfile.base + platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x + push: true + tags: | + ${{ github.repository_owner }}/${{ matrix.component }}:base-bookworm + ghcr.io/${{ github.repository_owner }}/${{ matrix.component }}:base-bookworm + cache-from: type=gha + cache-to: type=gha,mode=max \ No newline at end of file diff --git a/core/Dockerfile b/core/Dockerfile index 78dd645..76496df 100644 --- a/core/Dockerfile +++ b/core/Dockerfile @@ -41,99 +41,15 @@ RUN set -ex \ && cd utils \ && bash -ixeu build.sh -FROM python:3.11-slim-bookworm as stage-2 +FROM wojiushixiaobai/core:base-bookworm as stage-2 ARG TARGETARCH -ARG BUILD_DEPENDENCIES=" \ - g++ \ - make \ - pkg-config" - -ARG DEPENDENCIES=" \ - freetds-dev \ - libpq-dev \ - libffi-dev \ - libjpeg-dev \ - libldap2-dev \ - libsasl2-dev \ - libssl-dev \ - libxml2-dev \ - libxmlsec1-dev \ - libxmlsec1-openssl \ - freerdp2-dev \ - libaio-dev" - -ARG TOOLS=" \ - ca-certificates \ - curl \ - default-libmysqlclient-dev \ - default-mysql-client \ - git \ - git-lfs \ - unzip \ - xz-utils \ - wget" - -RUN set -ex \ - && apt-get update \ - && apt-get -y install --no-install-recommends ${BUILD_DEPENDENCIES} \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ - && apt-get -y install --no-install-recommends ${TOOLS} \ - && echo "no" | dpkg-reconfigure dash \ - && apt-get clean all \ - && rm -rf /var/lib/apt/lists/* - -WORKDIR /opt - -ARG RUST_VERSION=1.71.1 -RUN set -ex \ - && mkdir -p /opt/rust-install \ - && rustUrl="https://static.rust-lang.org/dist" \ - && \ - case "${TARGETARCH}" in \ - # amd64) rustArch='x86_64-unknown-linux-gnu'; \ - # ;; \ - # arm64) rustArch='aarch64-unknown-linux-gnu'; \ - # ;; \ - mips64le) rustArch='mips64el-unknown-linux-gnuabi64'; \ - ;; \ - ppc64le) rustArch='powerpc64le-unknown-linux-gnu'; \ - ;; \ - riscv64) rustArch='riscv64gc-unknown-linux-gnu'; \ - ;; \ - s390x) rustArch='s390x-unknown-linux-gnu'; \ - ;; \ - loong64) rustArch='loongarch64-unknown-linux-gnu'; \ - rustUrl="https://download.jumpserver.org/rust/dist"; \ - ;; \ - *) echo >&2 "error: unsupported architecture: ${TARGETARCH}"; \ - ;; \ - esac \ - && \ - if [ -n "${rustArch}" ]; then \ - wget -O /opt/rust.tar.gz "${rustUrl}/rust-${RUST_VERSION}-${rustArch}.tar.xz"; \ - tar -xf /opt/rust.tar.gz -C /opt/rust-install --strip-components=1; \ - cd /opt/rust-install && ./install.sh; \ - cd /opt && rm -rf /opt/rust-install /opt/rust.tar.gz; \ - fi - -COPY --from=stage-1 /opt/jumpserver/poetry.lock /opt/jumpserver/pyproject.toml /opt/jumpserver/ - -WORKDIR /opt/jumpserver - -ARG PYTHONUNBUFFERED=1 \ - PYTHONDONTWRITEBYTECODE=1 - -ENV GRPC_PYTHON_BUILD_SYSTEM_OPENSSL=1 - -RUN --mount=type=cache,target=/root/.cache \ -set -ex \ - && python3 -m venv /opt/py3 \ - && pip install $(grep cryptography pyproject.toml | sed 's/ = /==/g' | sed 's/"//g') \ - && pip install poetry \ - && poetry config virtualenvs.create false \ +RUN --mount=type=bind,source=poetry.lock,target=/opt/jumpserver/poetry.lock \ + --mount=type=bind,source=pyproject.toml,target=/opt/jumpserver/pyproject.toml \ + set -ex \ && . /opt/py3/bin/activate \ - && poetry install --only=main + && poetry install --only=main \ + && rm -rf /root/.cache FROM python:3.11-slim-bookworm ENV LANG=en_US.UTF-8 \ diff --git a/core/Dockerfile.base b/core/Dockerfile.base new file mode 100644 index 0000000..7a8659c --- /dev/null +++ b/core/Dockerfile.base @@ -0,0 +1,91 @@ +FROM python:3.11-slim-bookworm +ARG TARGETARCH + +ARG BUILD_DEPENDENCIES=" \ + g++ \ + make \ + pkg-config" + +ARG DEPENDENCIES=" \ + freetds-dev \ + libpq-dev \ + libffi-dev \ + libjpeg-dev \ + libldap2-dev \ + libsasl2-dev \ + libssl-dev \ + libxml2-dev \ + libxmlsec1-dev \ + libxmlsec1-openssl \ + freerdp2-dev \ + libaio-dev" + +ARG TOOLS=" \ + ca-certificates \ + curl \ + default-libmysqlclient-dev \ + default-mysql-client \ + git \ + git-lfs \ + unzip \ + xz-utils \ + wget" + +RUN set -ex \ + && apt-get update \ + && apt-get -y install --no-install-recommends ${BUILD_DEPENDENCIES} \ + && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ + && apt-get -y install --no-install-recommends ${TOOLS} \ + && echo "no" | dpkg-reconfigure dash \ + && apt-get clean all \ + && rm -rf /var/lib/apt/lists/* + +WORKDIR /opt + +ARG RUST_VERSION=1.71.1 +RUN set -ex \ + && mkdir -p /opt/rust-install \ + && rustUrl="https://static.rust-lang.org/dist" \ + && \ + case "${TARGETARCH}" in \ + # amd64) rustArch='x86_64-unknown-linux-gnu'; \ + # ;; \ + # arm64) rustArch='aarch64-unknown-linux-gnu'; \ + # ;; \ + mips64le) rustArch='mips64el-unknown-linux-gnuabi64'; \ + ;; \ + ppc64le) rustArch='powerpc64le-unknown-linux-gnu'; \ + ;; \ + riscv64) rustArch='riscv64gc-unknown-linux-gnu'; \ + ;; \ + s390x) rustArch='s390x-unknown-linux-gnu'; \ + ;; \ + loong64) rustArch='loongarch64-unknown-linux-gnu'; \ + rustUrl="https://download.jumpserver.org/rust/dist"; \ + ;; \ + *) echo >&2 "error: unsupported architecture: ${TARGETARCH}"; \ + ;; \ + esac \ + && \ + if [ -n "${rustArch}" ]; then \ + wget -O /opt/rust.tar.gz "${rustUrl}/rust-${RUST_VERSION}-${rustArch}.tar.xz"; \ + tar -xf /opt/rust.tar.gz -C /opt/rust-install --strip-components=1; \ + cd /opt/rust-install && ./install.sh; \ + cd /opt && rm -rf /opt/rust-install /opt/rust.tar.gz; \ + fi + +WORKDIR /opt/jumpserver + +ENV PYTHONUNBUFFERED=1 \ + PYTHONDONTWRITEBYTECODE=1 \ + GRPC_PYTHON_BUILD_SYSTEM_OPENSSL=1 + +RUN --mount=type=bind,source=poetry.lock,target=/opt/jumpserver/poetry.lock \ + --mount=type=bind,source=pyproject.toml,target=/opt/jumpserver/pyproject.toml \ + set -ex \ + && python3 -m venv /opt/py3 \ + && pip install $(grep cryptography pyproject.toml | sed 's/ = /==/g' | sed 's/"//g') \ + && pip install poetry \ + && poetry config virtualenvs.create false \ + && . /opt/py3/bin/activate \ + && poetry install --only=main \ No newline at end of file