From a10d83aaa6476e6def9f1bb2b3832cf25be7ec2d Mon Sep 17 00:00:00 2001 From: "Paul Kennedy (&DEV)" Date: Thu, 9 Jan 2025 21:39:30 +0000 Subject: [PATCH] Multiarch - test --- .github/workflows/docker-image.v4.yml | 58 +++++++++--------------- clair/v4/Dockerfile | 2 +- postgres/Dockerfile | 21 +++++++++ postgres/create_container.sh | 22 +++++++++ postgres/setup_base.sh | 65 +++++++++++++++++++++++++++ 5 files changed, 131 insertions(+), 37 deletions(-) create mode 100644 postgres/Dockerfile create mode 100644 postgres/create_container.sh create mode 100644 postgres/setup_base.sh diff --git a/.github/workflows/docker-image.v4.yml b/.github/workflows/docker-image.v4.yml index 1f72c1d..1b1e797 100644 --- a/.github/workflows/docker-image.v4.yml +++ b/.github/workflows/docker-image.v4.yml @@ -14,6 +14,7 @@ jobs: POSTGRES_IMAGE: "postgres:16-alpine" CLAIR_VERSION: "4.7.4" CLAIR_LOCAL_SCAN_IMAGE: "arminc/clair-local-scan-v4" + ARCHS: "linux/amd64,linux/arm64" steps: - name: Checkout code @@ -44,59 +45,44 @@ jobs: driver: docker install: true + - name: Login to DockerHub + if: github.repository_owner == 'arminc' + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Build image - run: docker build -t $CLAIR_LOCAL_SCAN_IMAGE --build-arg VERSION=$CLAIR_VERSION clair/v4 + run: | + docker buildx create --use --name multiarch_builder || docker buildx use multiarch_builder + docker buildx build --platform "${ARCHS}" -t "${CLAIR_LOCAL_SCAN_IMAGE}:latest" -t "${CLAIR_LOCAL_SCAN_IMAGE}:${CLAIR_VERSION}_${GITHUB_SHA}" --build-arg VERSION="${CLAIR_VERSION}" --push clair/v4 - name: Start Postgres and run clair run: | - docker pull $POSTGRES_IMAGE - docker run -d --name postgres -e 'PGDATA=/var/lib/postgresql/clair' -e POSTGRES_PASSWORD=password $POSTGRES_IMAGE - - name: Wait for database - run: | - sleep 30 - - name: Docker Postgres info - run: | - docker ps -a - docker logs postgres - - name: Run Clair - run: | - docker run --rm -d --link postgres:postgres -e PGPASSWORD=password $POSTGRES_IMAGE pg_isready -U postgres -h postgres - docker run -d --name clair --link postgres:postgres $CLAIR_LOCAL_SCAN_IMAGE - - name: Wait for clair - run: | - sleep 10 + chmod a+x ./postgres/*.sh + ./postgres/setup_base.sh + - name: Docker Postgres info run: | - docker ps -a docker logs postgres + - name: Docker Clair info run: | - docker ps -a docker logs clair + - name: Checking run: | ./clair/v4/check.sh + - name: Docker logs run: | docker logs clair - - name: Tag images + + - name: Stop containers run: | docker stop clair docker stop postgres - docker commit postgres arminc/clair-db-v4:$(date +%Y-%m-%d) - docker tag arminc/clair-db-v4:$(date +%Y-%m-%d) arminc/clair-db-v4:latest - docker tag $CLAIR_LOCAL_SCAN_IMAGE ${CLAIR_LOCAL_SCAN_IMAGE}:${CLAIR_VERSION}_${GITHUB_SHA} - docker images - - name: Login to DockerHub - if: github.repository_owner == 'arminc' - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Push images - if: github.repository_owner == 'arminc' + + - name: Create postgres container run: | - docker push ${CLAIR_LOCAL_SCAN_IMAGE}:${CLAIR_VERSION}_${GITHUB_SHA} - docker push $CLAIR_LOCAL_SCAN_IMAGE:latest - docker push arminc/clair-db-v4:$(date +%Y-%m-%d) - docker push arminc/clair-db-v4:latest + ./postgres/create_container.sh diff --git a/clair/v4/Dockerfile b/clair/v4/Dockerfile index bc93350..449f312 100644 --- a/clair/v4/Dockerfile +++ b/clair/v4/Dockerfile @@ -1,6 +1,6 @@ ARG VERSION=4.7.4 -FROM quay.io/projectquay/clair:${VERSION} as src +FROM quay.io/projectquay/clair:${VERSION} COPY config.yaml /config/config.yaml diff --git a/postgres/Dockerfile b/postgres/Dockerfile new file mode 100644 index 0000000..5075b2d --- /dev/null +++ b/postgres/Dockerfile @@ -0,0 +1,21 @@ +ARG VERSION=16-alpine + +FROM postgres:${VERSION} + +# Argument for external data directory +ARG SOURCE_DIR=/mnt/postgres + +# Copy data from the specified host folder into the container + +RUN mkdir -p /var/lib/postgresql/clair + +COPY --from=postgres / /var/lib/postgresql/clair + +# Ensure proper permissions +RUN chown -R postgres:postgres /var/lib/postgresql/clair + +# Expose PostgreSQL port +EXPOSE 5432 + +# Start PostgreSQL +CMD ["postgres"] \ No newline at end of file diff --git a/postgres/create_container.sh b/postgres/create_container.sh new file mode 100644 index 0000000..a057928 --- /dev/null +++ b/postgres/create_container.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +set -ex + +FINAL_IMAGE="arminc/clair-db-v4" +ARCHS="${ARCHS:-linux/amd64,linux/arm64}" +HOST_FOLDER="/mnt/postgres" + +echo "Building multi-architecture Docker image..." + +docker buildx create --use --name multiarch_builder || docker buildx use multiarch_builder + +sudo ls -alh /mnt +sudo ls -alh "${HOST_FOLDER}" + +docker buildx build --platform "${ARCHS}" \ + -t "${FINAL_IMAGE}:$(date +%Y-%m-%d)" -t "${FINAL_IMAGE}:latest" \ + --build-context postgres="${HOST_FOLDER}" \ + --progress=plain \ + --push postgres + +echo "Done! Multi-arch image '${FINAL_IMAGE}' has been built and pushed." diff --git a/postgres/setup_base.sh b/postgres/setup_base.sh new file mode 100644 index 0000000..f42c20b --- /dev/null +++ b/postgres/setup_base.sh @@ -0,0 +1,65 @@ +#!/bin/bash + +set -ex + +VOLUME_NAME="pg_data_volume" +POSTGRES_IMAGE="${POSTGRES_IMAGE:-postgres:16-alpine}" +HOST_FOLDER="/mnt/postgres" + +CLAIR_VERSION="${CLAIR_VERSION:-4.7.4}" +CLAIR_LOCAL_SCAN_IMAGE="${CLAIR_LOCAL_SCAN_IMAGE:-arminc/clair-local-scan-v4}" + +# Step 1: Create Docker volume with specific host folder +echo "Creating Docker volume backed by ${HOST_FOLDER}..." + +sudo mkdir -p "${HOST_FOLDER}" +sudo chmod 755 /mnt/postgres +sudo chown $(whoami):$(whoami) /mnt/postgres + +docker volume create \ + --driver local \ + --opt type=none \ + --opt device="${HOST_FOLDER}" \ + --opt o=bind \ + "${VOLUME_NAME}" + +# Step 2: Start PostgreSQL container with the volume +echo "Starting PostgreSQL container with volume..." +docker pull ${POSTGRES_IMAGE} +docker run -d --name postgres -e 'PGDATA=/var/lib/postgresql/clair' -e POSTGRES_PASSWORD=password -v ${VOLUME_NAME}:/var/lib/postgresql/clair ${POSTGRES_IMAGE} + +# Wait for PostgreSQL to initialize (adjust as needed) +echo "Waiting for PostgreSQL to initialize..." +sleep 20 + +RETRY_INTERVAL=5 # Time in seconds between retries +MAX_RETRIES=30 # Maximum number of retries before failing + +# Loop to check PostgreSQL readiness +for ((i=1; i<=MAX_RETRIES; i++)); do + echo "Attempt ${i}: Checking if PostgreSQL is ready..." + + docker run --rm --link postgres:postgres -e PGPASSWORD=password ${POSTGRES_IMAGE} pg_isready -U postgres -h postgres + + if [ $? -eq 0 ]; then + echo "PostgreSQL is ready!" + break + else + echo "PostgreSQL is not ready. Retrying in ${RETRY_INTERVAL} seconds..." + sleep ${RETRY_INTERVAL} + fi +done + +if [ ${i} -gt ${MAX_RETRIES} ]; then + echo "PostgreSQL did not become ready after ${MAX_RETRIES} attempts." + exit 1 +else + echo "Continuing to start clair." +fi + +docker run -d --name clair --link postgres:postgres "${CLAIR_LOCAL_SCAN_IMAGE}" + +echo "Waiting for Clair to initialize..." +sleep 10 + +docker ps -a