diff --git a/.github/workflows/adoptopenjdk.yml b/.github/workflows/adoptopenjdk.yml index 235efa8..d919191 100644 --- a/.github/workflows/adoptopenjdk.yml +++ b/.github/workflows/adoptopenjdk.yml @@ -1,24 +1,33 @@ name: adoptopenjdk on: - # schedule: - # - cron: '0 0 1 * *' + workflow_dispatch: + inputs: + logLevel: + description: 'Log level' + required: true + default: 'warning' + type: choice + options: + - info + - warning + - debug push: paths: - 'adoptopenjdk/**' jobs: multi: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: fetch-depth: 0 - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v2 - name: Login to Registry - uses: docker/login-action@v1 + uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/.github/workflows/cibase.yml b/.github/workflows/cibase.yml index b05519e..c111e27 100644 --- a/.github/workflows/cibase.yml +++ b/.github/workflows/cibase.yml @@ -1,34 +1,43 @@ name: cibase on: - # schedule: - # - cron: '0 1 1 * *' + workflow_dispatch: + inputs: + logLevel: + description: 'Log level' + required: true + default: 'warning' + type: choice + options: + - info + - warning + - debug push: paths: - 'cibase/**' jobs: multi: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: fetch-depth: 0 - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v2 - name: Login to Registry - uses: docker/login-action@v1 + uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push run: | set -eux; - /usr/bin/docker create --name scanner sonarsource/sonar-scanner-cli:4.5 - for file_path in $(find cibase -name Dockerfile | sort | grep '1.1.0'); + /usr/bin/docker create --name scanner sonarsource/sonar-scanner-cli:4.8 + # for file_path in $(find cibase -name Dockerfile | sort | grep '1.1.0'); # for file_path in $(find cibase -name Dockerfile | sort -r | head -n 3); - # for file_path in $(git diff --name-only HEAD~ HEAD | grep cibase/ | grep Dockerfile); + for file_path in $(git diff --name-only HEAD~ HEAD | grep cibase/ | grep Dockerfile); do /usr/bin/docker buildx prune -a -f /usr/bin/docker cp scanner:/opt/sonar-scanner ${file_path%/*} diff --git a/.github/workflows/cluster-agent-base.yml b/.github/workflows/cluster-agent-base.yml index c14ed66..1b4a05c 100644 --- a/.github/workflows/cluster-agent-base.yml +++ b/.github/workflows/cluster-agent-base.yml @@ -1,22 +1,33 @@ name: cluster-agent-base on: + workflow_dispatch: + inputs: + logLevel: + description: 'Log level' + required: true + default: 'warning' + type: choice + options: + - info + - warning + - debug push: paths: - 'cluster-agent-base/**' jobs: multi: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: fetch-depth: 0 - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v2 - name: Login to Registry - uses: docker/login-action@v1 + uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/.github/workflows/dbtool.yml b/.github/workflows/dbtool.yml index 124ebe3..dfac3bc 100644 --- a/.github/workflows/dbtool.yml +++ b/.github/workflows/dbtool.yml @@ -1,22 +1,33 @@ name: dbtool on: + workflow_dispatch: + inputs: + logLevel: + description: 'Log level' + required: true + default: 'warning' + type: choice + options: + - info + - warning + - debug push: paths: - 'dbtool/**' jobs: multi: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: fetch-depth: 0 - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v2 - name: Login to Registry - uses: docker/login-action@v1 + uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/.github/workflows/frontbase.yml b/.github/workflows/frontbase.yml index d3717bd..d71734b 100644 --- a/.github/workflows/frontbase.yml +++ b/.github/workflows/frontbase.yml @@ -1,31 +1,41 @@ name: frontbase on: - # schedule: - # - cron: '0 1 1 * *' + workflow_dispatch: + inputs: + logLevel: + description: 'Log level' + required: true + default: 'warning' + type: choice + options: + - info + - warning + - debug push: paths: - 'frontbase/**' jobs: multi: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: fetch-depth: 0 - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v2 - name: Login to Registry - uses: docker/login-action@v1 + uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push run: | set -eux; - for file_path in $(find frontbase -name Dockerfile | sort -r | head -n 3); + # for file_path in $(find frontbase -name Dockerfile | sort -r | head -n 3); + for file_path in $(git diff --name-only HEAD~ HEAD | grep frontbase/ | grep Dockerfile); do /usr/bin/docker buildx prune -a -f /usr/bin/docker buildx build --push --no-cache \ diff --git a/.github/workflows/javabase.yml b/.github/workflows/javabase.yml index de06656..75cf40c 100644 --- a/.github/workflows/javabase.yml +++ b/.github/workflows/javabase.yml @@ -1,31 +1,41 @@ name: javabase on: - # schedule: - # - cron: '0 2 1 * *' + workflow_dispatch: + inputs: + logLevel: + description: 'Log level' + required: true + default: 'warning' + type: choice + options: + - info + - warning + - debug push: paths: - 'javabase/**' jobs: multi: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: fetch-depth: 0 - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v2 - name: Login to Registry - uses: docker/login-action@v1 + uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push run: | set -eux; - for file_path in $(find javabase -name Dockerfile | sort -r | head -n 3); + # for file_path in $(find javabase -name Dockerfile | sort -r | head -n 3); + for file_path in $(git diff --name-only HEAD~ HEAD | grep javabase/ | grep Dockerfile); do /usr/bin/docker buildx prune -a -f /usr/bin/docker buildx build --push --no-cache \ diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index 45f9def..b24a7ac 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -1,24 +1,33 @@ name: maven on: - # schedule: - # - cron: '0 2 1 * *' + workflow_dispatch: + inputs: + logLevel: + description: 'Log level' + required: true + default: 'warning' + type: choice + options: + - info + - warning + - debug push: paths: - 'maven/**' jobs: multi: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: fetch-depth: 0 - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v2 - name: Login to Registry - uses: docker/login-action@v1 + uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/.github/workflows/ruamel-yaml.yml b/.github/workflows/ruamel-yaml.yml index 5b6fa07..21231b1 100644 --- a/.github/workflows/ruamel-yaml.yml +++ b/.github/workflows/ruamel-yaml.yml @@ -1,29 +1,40 @@ name: ruamel-yaml on: + workflow_dispatch: + inputs: + logLevel: + description: 'Log level' + required: true + default: 'warning' + type: choice + options: + - info + - warning + - debug push: paths: - 'ruamel-yaml/**' jobs: multi: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: fetch-depth: 0 - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v2 - name: Login to Registry - uses: docker/login-action@v1 + uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push run: | set -eux; - for file_path in $(git diff --name-only HEAD~ HEAD | grep ruamel-yaml/); + for file_path in $(git diff --name-only HEAD~ HEAD | grep ruamel-yaml/ | grep Dockerfile); do /usr/bin/docker buildx prune -a -f /usr/bin/docker buildx build --push --no-cache \ diff --git a/.github/workflows/skywalking-agent.yml b/.github/workflows/skywalking-agent.yml index 83f4b3a..bc0bee6 100644 --- a/.github/workflows/skywalking-agent.yml +++ b/.github/workflows/skywalking-agent.yml @@ -1,22 +1,33 @@ name: skywalking-agent on: + workflow_dispatch: + inputs: + logLevel: + description: 'Log level' + required: true + default: 'warning' + type: choice + options: + - info + - warning + - debug push: paths: - 'skywalking-agent/**' jobs: multi: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: fetch-depth: 0 - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v2 - name: Login to Registry - uses: docker/login-action@v1 + uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/.github/workflows/sonar-scanner.yml b/.github/workflows/sonar-scanner.yml index d4b7815..aa0208a 100644 --- a/.github/workflows/sonar-scanner.yml +++ b/.github/workflows/sonar-scanner.yml @@ -1,24 +1,33 @@ name: sonar-scanner on: - # schedule: - # - cron: '0 1 1 * *' + workflow_dispatch: + inputs: + logLevel: + description: 'Log level' + required: true + default: 'warning' + type: choice + options: + - info + - warning + - debug push: paths: - 'sonar-scanner/**' jobs: multi: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: fetch-depth: 0 - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v2 - name: Login to Registry - uses: docker/login-action@v1 + uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/.github/workflows/sonarqube-plugin.yml b/.github/workflows/sonarqube-plugin.yml index bd041d7..b5267f5 100644 --- a/.github/workflows/sonarqube-plugin.yml +++ b/.github/workflows/sonarqube-plugin.yml @@ -1,22 +1,33 @@ name: sonarqube-plugin on: + workflow_dispatch: + inputs: + logLevel: + description: 'Log level' + required: true + default: 'warning' + type: choice + options: + - info + - warning + - debug push: paths: - 'sonarqube-plugin/**' jobs: multi: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: fetch-depth: 0 - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v2 - name: Login to Registry - uses: docker/login-action@v1 + uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/cibase/1.2.0-base/Dockerfile b/cibase/1.2.0-base/Dockerfile index c611573..abf1c81 100644 --- a/cibase/1.2.0-base/Dockerfile +++ b/cibase/1.2.0-base/Dockerfile @@ -1,21 +1,28 @@ +FROM mikefarah/yq:4.35.1 AS yq +FROM docker:23.0.6-cli AS docker FROM gcr.io/kaniko-project/executor:v1.14.0 AS kaniko -FROM debian:bullseye +FROM ubuntu:22.04 ENV TZ="Asia/Shanghai" \ ROOT_PASSWORD="changeit" \ - YQ_VERSION="v4.35.1" \ HELM_VERSION="v3.12.3" \ - DOCKER_VERSION="5:23.0.6-1~debian.11~bullseye" \ PATH="/kaniko:${PATH}" -# copy kaniko +# install yq +COPY --from=yq /usr/bin/yq /usr/bin/yq + +# install kaniko COPY --from=kaniko /kaniko /kaniko COPY --from=kaniko /etc/nsswitch.conf /etc/nsswitch.conf +# install docker-client-cli +COPY --from=docker /usr/local/bin/docker /usr/local/bin/docker +COPY --from=docker /usr/local/libexec/docker/cli-plugins/docker-buildx /usr/local/libexec/docker/cli-plugins/docker-buildx + # install base packages RUN set -eux; \ apt-get update; \ - apt-get upgrade -y; \ + DEBIAN_FRONTEND=noninteractive \ apt-get install -y \ jq \ vim \ @@ -26,27 +33,15 @@ RUN set -eux; \ unzip \ pylint \ gnupg2 \ + skopeo \ xmlstarlet \ openssh-server \ mariadb-client \ ca-certificates \ build-essential \ apt-transport-https; \ - curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -; \ - echo \ - "deb [arch="$(dpkg --print-architecture)"] https://download.docker.com/linux/debian \ - "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \ - tee /etc/apt/sources.list.d/docker.list > /dev/null; \ - ARCH="$(dpkg --print-architecture)"; \ - apt-get update; \ - apt-get install -y \ - skopeo \ - docker-ce-cli=$DOCKER_VERSION; \ rm -rf /var/lib/apt/lists/*; \ - # install yq - wget -qO /usr/bin/yq \ - "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_${ARCH}"; \ - chmod a+x /usr/bin/yq; \ + ARCH="$(dpkg --print-architecture)"; \ # install helm wget -qO "/tmp/helm-${HELM_VERSION}-linux-${ARCH}.tar.gz" \ "https://get.helm.sh/helm-${HELM_VERSION}-linux-${ARCH}.tar.gz"; \ @@ -54,8 +49,8 @@ RUN set -eux; \ mv /tmp/linux-${ARCH}/helm /usr/bin/helm; \ # post install helm plugin install https://github.com/chartmuseum/helm-push; \ - ln -s /usr/bin/xmlstarlet /usr/bin/xml; \ ln -s /kaniko/executor /kaniko/kaniko; \ + ln -s /usr/bin/xmlstarlet /usr/bin/xml; \ docker-credential-gcr config --token-source=env; \ # Modify `sshd_config` sed -ri 's/^#PermitEmptyPasswords no/PermitEmptyPasswords yes/' /etc/ssh/sshd_config; \ @@ -73,7 +68,8 @@ RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/ # Add mirror source RUN cp /etc/apt/sources.list /etc/apt/sources.list.bak; \ - sed -i 's deb.debian.org mirrors.aliyun.com g' /etc/apt/sources.list + sed -i "s@http://.*archive.ubuntu.com@http://repo.huaweicloud.com@g" /etc/apt/sources.list; \ + sed -i "s@http://.*security.ubuntu.com@http://repo.huaweicloud.com@g" /etc/apt/sources.list EXPOSE 22