Merge pull request #8 from Icinga/feature/github-action

Build minimal Docker image with runnable Icinga 2 installed
2026-05-05 10:56:12 +02:00 · 2020-06-19 14:07:13 +02:00 · 2020-06-19 14:07:13 +02:00 · 528bf9bc3f
commit 528bf9bc3f
parent 34c7cf0f11 e9c7792d1f
9 changed files with 140 additions and 58 deletions
--- a/44
+++ b/44
@ -1,42 +1,6 @@
-##
-## We are using many RUN blocks in order to make development easier
-## They will replaced with minimal RUN blocks before release
-##
-ARG BUILD_BASE=ubuntu:bionic
+FROM icinga/icinga2-deps

-FROM $BUILD_BASE
+COPY --chown=icinga:icinga icinga2-bin/ /

-ENV \
-  TERM=xterm \
-  DEBIAN_FRONTEND=noninteractive \
-  APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=DontWarn
-
-RUN apt-get update \
-  && apt-get upgrade -y 
-
-RUN apt-get install -y apt-file ; apt-file update
-
-RUN apt-file search lsb_release
-RUN apt-file search lsb-release
-RUN apt-cache search lsb-release
-
-RUN apt-get install -y curl wget gnupg2 lsb-release
-
-RUN curl -LsS https://packages.icinga.com/icinga.key | apt-key add -
-
-RUN DIST="$(lsb_release -c | awk '{print $2}')"; \
-    echo "deb http://packages.icinga.com/ubuntu icinga-${DIST} main" >/etc/apt/sources.list.d/icinga.list
-
-RUN apt-get update
-
-RUN apt-get install -y --no-install-recommends icinga2-bin icinga2-common icinga2-ido-mysql monitoring-plugins
-
-RUN rm -fr /var/lib/apt/lists/*
-
-RUN mkdir /run/icinga2 && chown nagios. /run/icinga2
-
-VOLUME /var/lib/icinga2
-
-ENTRYPOINT /usr/lib/x86_64-linux-gnu/icinga2/sbin/icinga2 --no-stack-rlimit daemon
-
-EXPOSE 5665
+USER icinga
+CMD ["icinga2", "daemon"]
--- a/9
+++ b/9
@ -1,9 +0,0 @@
-IMAGE := icinga/icinga2:latest
-BUILD_BASE := ubuntu:bionic
-
-all: build
-
-build:
-	docker build --rm \
-		--build-arg BUILD_BASE=$(BUILD_BASE) \
-		--tag $(IMAGE) .
--- a/README.md
+++ b/README.md
@ -73,12 +73,3 @@ This needs some further research to figure out what would work best for us. Avai
 Some other condcerns have been brought up that we should keep in mind. One is that long running containers (> 2 Weeks) may become stale and need a restart. It is unclear whether this is an Icinga issue or something else.

 Another concern is that networking can be a challenge when separating services into separate containers.
-
-### Development
-For easier development and changes of earlier stages the containers will contain lots of `RUN` blocks which is very "not best-practice" in Docker. This will be changed before the first release.
-
-### Influences
-There are many Docker containers for Icinga 2 out in the wild. Most were built to serve a special purpose and might not be fit for what this project is aiming for. Nonetheless the first commits rely heavily on the work of following users:
-* [lazyfrosch](https://github.com/lazyfrosch/docker-icinga2)
-* [bodsch](https://github.com/bodsch/docker-icinga2)
-* [jjethwa](https://github.com/jjethwa/icinga2)
--- a/action-base.Dockerfile
+++ b/action-base.Dockerfile
@ -0,0 +1,39 @@
+FROM buildpack-deps:scm as clone
+SHELL ["/bin/bash", "-exo", "pipefail", "-c"]
+
+RUN mkdir actions ;\
+	cd actions ;\
+	git clone --bare https://github.com/actions/checkout.git ;\
+	git -C checkout.git archive --prefix=checkout/ v2 |tar -x ;\
+	git clone --bare https://github.com/actions/cache.git ;\
+	git -C cache.git archive --prefix=cache/ v2 |tar -x ;\
+	git clone --bare https://github.com/actions/upload-artifact.git ;\
+	git -C upload-artifact.git archive --prefix=upload-artifact/ v2 |tar -x ;\
+	rm -rf *.git
+
+
+FROM debian:buster-slim
+SHELL ["/bin/bash", "-exo", "pipefail", "-c"]
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN apt-get update ;\
+	apt-get install --no-install-{recommends,suggests} -y \
+		apt-transport-https gnupg2 dirmngr ca-certificates ;\
+	apt-get clean ;\
+	rm -vrf /var/lib/apt/lists/* ;\
+	apt-key adv --fetch-keys https://download.docker.com/linux/debian/gpg ;\
+	apt-get purge -y gnupg2 dirmngr ;\
+	apt-get autoremove --purge -y
+
+ADD action-base.list /etc/apt/sources.list.d/misc.list
+
+RUN apt-get update ;\
+	apt-get install --no-install-{recommends,suggests} -y \
+		bison cmake docker-ce-cli flex g++ \
+		libboost{,-{context,coroutine,date-time,filesystem,program-options,regex,system,thread}}1.67-dev \
+		libedit-dev libmariadbclient-dev libpq-dev libssl-dev make nodejs ;\
+	apt-get install --no-install-{recommends,suggests} -y ccache ;\
+	apt-get clean ;\
+	rm -vrf /var/lib/apt/lists/*
+
+COPY --from=clone /actions /actions
--- a/action-base.list
+++ b/action-base.list
@ -0,0 +1,2 @@
+deb http://deb.debian.org/debian buster-backports main
+deb [arch=amd64] https://download.docker.com/linux/debian buster stable
--- a/action.Dockerfile
+++ b/action.Dockerfile
@ -0,0 +1,5 @@
+FROM icinga/icinga2-builder
+
+COPY action.bash Dockerfile /
+
+CMD ["/action.bash"]
--- a/action.bash
+++ b/action.bash
@ -0,0 +1,81 @@
+#!/bin/bash
+set -exo pipefail
+
+TARGET=icinga/icinga2
+
+cache () {
+	INPUT_KEY=docker-image/ccache INPUT_PATH=ccache \
+		STATE_CACHE_KEY=1 STATE_CACHE_RESULT=2 \
+		node "/actions/cache/dist/${1}/index.js"
+}
+
+mkimg () {
+	test -n "$TAG"
+
+	node /actions/checkout/dist/index.js |grep -vFe ::add-matcher::
+	cache restore
+
+	export PATH="/usr/lib/ccache:$PATH"
+	mkdir -p ccache
+	ln -vs "$(pwd)/ccache" ~/.ccache
+
+	mkdir icinga2-bin
+	mkdir build
+	cd build
+
+	cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_INSTALL_SYSCONFDIR=/etc \
+		-DCMAKE_INSTALL_LOCALSTATEDIR=/var -DICINGA2_RUNDIR=/run \
+		-DICINGA2_SYSCONFIGFILE=/etc/sysconfig/icinga2 -DICINGA2_WITH_{COMPAT,LIVESTATUS}=OFF ..
+
+	make
+	make test
+
+	make install "DESTDIR=$(pwd)/../icinga2-bin"
+
+	cd ..
+
+	rm icinga2-bin/etc/icinga2/features-enabled/mainlog.conf
+
+	cache save
+	docker build -f /Dockerfile -t "${TARGET}:$TAG" .
+
+	STATE_isPost=1 node /actions/checkout/dist/index.js
+
+	docker save "${TARGET}:$TAG" |gzip >docker-save.tgz
+	INPUT_NAME=docker-image INPUT_PATH=docker-save.tgz node /actions/upload-artifact/dist/index.js
+	rm docker-save.tgz
+}
+
+push () {
+	test -n "$TAG"
+
+	if [ "$(tr -d '\n' <<<"$DOCKER_HUB_PASSWORD" |wc -c)" -gt 0 ]; then
+		docker login -u icingaadmin --password-stdin <<<"$DOCKER_HUB_PASSWORD"
+		docker push "${TARGET}:$TAG"
+		docker logout
+	fi
+}
+
+case "$GITHUB_EVENT_NAME" in
+	pull_request)
+		grep -qEe '^refs/pull/[0-9]+' <<<"$GITHUB_REF"
+		TAG="pr$(grep -oEe '[0-9]+' <<<"$GITHUB_REF")"
+		mkimg
+		;;
+	push)
+		grep -qEe '^refs/heads/.' <<<"$GITHUB_REF"
+		TAG="$(cut -d / -f 3- <<<"$GITHUB_REF")"
+		mkimg
+		push
+		;;
+	release)
+		grep -qEe '^refs/tags/v[0-9]' <<<"$GITHUB_REF"
+		TAG="$(cut -d v -f 2- <<<"$GITHUB_REF")"
+		mkimg
+		push
+		;;
+	*)
+		echo "Unknown event: $GITHUB_EVENT_NAME" >&2
+		false
+		;;
+esac
--- a/action.yml
+++ b/action.yml
@ -0,0 +1,4 @@
+name: Icinga 2 Docker image
+runs:
+  using: docker
+  image: action.Dockerfile
--- a/deps.Dockerfile
+++ b/deps.Dockerfile
@ -0,0 +1,5 @@
+FROM debian:buster-slim
+
+RUN ["/bin/bash", "-exo", "pipefail", "-c", "apt-get update; apt-get install --no-install-{recommends,suggests} -y libboost-{context,coroutine,date-time,filesystem,program-options,regex,system,thread}1.67 libedit2 libmariadb3 libpq5 libssl1.1; apt-get clean; rm -vrf /var/lib/apt/lists/*"]
+
+RUN ["adduser", "--system", "--group", "--home", "/var/lib/icinga2", "--disabled-login", "--force-badname", "--no-create-home", "icinga"]