Skip to content

Commit

Permalink
feat: init mariadb container
Browse files Browse the repository at this point in the history
  • Loading branch information
hairmare committed Jan 24, 2024
0 parents commit 888ae49
Show file tree
Hide file tree
Showing 13 changed files with 337 additions and 0 deletions.
3 changes: 3 additions & 0 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
.pre-commit-config.yaml
.github/
trivy.*
15 changes: 15 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
version: 2
updates:
- package-ecosystem: "docker"
directory: "/"
schedule:
interval: "daily"
commit-message:
prefix: "feat: "
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
commit-message:
prefix: "chore(ci): "
open-pull-requests-limit: 10
42 changes: 42 additions & 0 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
name: Release

on:
pull_request:
push:
branches:
- main
tags:
- '*'

jobs:
release-container:
uses: radiorabe/actions/.github/workflows/[email protected]
with:
image: ghcr.io/radiorabe/mariadb
name: mariadb
display-name: RaBe MariaDB in UBI9
tags: minimal rhel9 ubi9 rabe mariadb
cosign-base-image-only: true
mkdocs:
runs-on: ubuntu-latest
permissions:
actions: none
checks: none
contents: write # for pushing gh-pages branch
deployments: none
issues: none
packages: none
pull-requests: none
repository-projects: none
security-events: none
statuses: none
id-token: none
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- run: pip install mkdocs mkdocs-material mkdocs-gen-files mkdocs-literate-nav mkdocs-section-index
- run: mkdocs build
- run: mkdocs gh-deploy
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
12 changes: 12 additions & 0 deletions .github/workflows/schedule.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
name: Scheduled tasks

on:
schedule:
- cron: '13 12 * * *'
workflow_dispatch:

jobs:
call-workflow:
uses: radiorabe/actions/.github/workflows/[email protected]
with:
image-ref: 'ghcr.io/radiorabe/mariadb:latest'
13 changes: 13 additions & 0 deletions .github/workflows/semantic-release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
name: Semantic Release

on:
push:
branches:
- main
- release/*

jobs:
call-workflow:
uses: radiorabe/actions/.github/workflows/[email protected]
secrets:
RABE_ITREAKTION_GITHUB_TOKEN: ${{ secrets.RABE_ITREAKTION_GITHUB_TOKEN }}
15 changes: 15 additions & 0 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.5.0
hooks:
- id: trailing-whitespace
exclude: ^src/api/client.js$
- id: end-of-file-fixer
exclude: ^src/api/client.js$
- id: check-symlinks
- id: check-merge-conflict
- id: check-case-conflict
- id: detect-aws-credentials
args:
- --allow-missing-credentials
- id: detect-private-key
107 changes: 107 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,107 @@
FROM quay.io/sclorg/mariadb-105-c9s:20240117 AS upstream
FROM ghcr.io/radiorabe/ubi9-minimal:0.6.3 AS build

ENV MYSQL_VERSION=10.5 \
APP_DATA=/opt/app-root/src \
CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/mysql \
STI_SCRIPTS_PATH=/usr/libexec/s2i \
HOME=/var/lib/mysql

COPY mariadb.repo /etc/yum.repos.d/

RUN mkdir -p /mnt/rootfs \
&& microdnf install -y \
--releasever 9 \
--installroot /mnt/rootfs \
--noplugins \
--config /etc/dnf/dnf.conf \
--setopt install_weak_deps=0 --nodocs \
--setopt cachedir=/var/cache/dnf \
--setopt reposdir=/etc/yum.repos.d \
--setopt varsdir=/etc/yum.repos.d \
policycoreutils \
rsync \
tar \
gettext \
hostname \
bind-utils \
groff-base

# Install a s2i like server, put using Oracles RPMs
# We can switch back to using what RedHat deeps as stable/supported
# once our deployments catch up to being more modern.
RUN chroot /mnt/rootfs groupadd --system --gid 27 mysql \
&& chroot /mnt/rootfs useradd \
--no-create-home \
--no-user-group \
--shell /sbin/nologin \
--uid 27 \
--gid 27 \
--system \
mysql \
&& rpm --root /mnt/rootfs --import https://rpm.mariadb.org/RPM-GPG-KEY-MariaDB \
&& rpm -q --queryformat "%{SUMMARY}\n" $(rpm -q gpg-pubkey) \
&& microdnf install -y \
--releasever 9 \
--installroot /mnt/rootfs \
--noplugins \
--config /etc/dnf/dnf.conf \
--setopt install_weak_deps=0 --nodocs \
--setopt cachedir=/var/cache/dnf \
--setopt reposdir=/etc/yum.repos.d \
--setopt varsdir=/etc/yum.repos.d \
MariaDB-server \
MariaDB-client

RUN cp \
/etc/pki/ca-trust/source/anchors/rabe-ca.crt \
/mnt/rootfs/etc/pki/ca-trust/source/anchors/ \
&& update-ca-trust \
&& rm \
/mnt/rootfs/usr/bin/gsoelim \
/mnt/rootfs/usr/sbin/rcmysql \
/mnt/rootfs/usr/bin/soelim \
/mnt/rootfs/usr/bin/zsoelim \
&& chmod -f a-s \
/mnt/rootfs/usr/bin/* \
/mnt/rootfs/usr/sbin/* \
/mnt/rootfs/usr/libexec/*/* \
&& rm -rf \
/mnt/rootfs/var/cache/* \
/mnt/rootfs/var/log/dnf* \
/mnt/rootfs/var/log/yum.*

COPY --from=upstream /usr/libexec/fix-permissions /usr/libexec/container-setup /mnt/rootfs/usr/libexec/
COPY --from=upstream /bin/cgroup-limits /bin/run-mysqld /bin/container-entrypoint /mnt/rootfs/bin/
COPY --from=upstream /etc/my.cnf /mnt/rootfs/etc/
COPY --from=upstream ${STI_SCRIPTS_PATH} /mnt/rootfs/${STI_SCRIPTS_PATH}
COPY --from=upstream ${CONTAINER_SCRIPTS_PATH} /mnt/rootfs/${CONTAINER_SCRIPTS_PATH}

RUN chroot /mnt/rootfs ln -s /bin/mariadb-install-db /bin/mysql_install_db \
&& chroot /mnt/rootfs ln -s /bin/mariadb-admin /bin/mysqladmin \
&& chroot /mnt/rootfs ln -s /bin/mariadb-upgrade /bin/mysql_upgrade \
&& chroot /mnt/rootfs ln -s /bin/mariadb /bin/mysql \
&& chroot /mnt/rootfs ln -s /sbin/mariadbd /usr/libexec/mysqld \
&& rm -rf /mnt/rootfs/var/lib/mysql

FROM scratch as app

ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/mysql \
STI_SCRIPTS_PATH=/usr/libexec/s2i \
APP_DATA=/opt/app-root/src \
MYSQL_PREFIX=/usr \
MYSQL_VERSION=11.2

ENV STI_SCRIPTS_URL=image://${STI_SCRIPTS_PATH}

COPY --from=build /mnt/rootfs/ /

RUN mkdir -p /var/lib/mysql/data && chown -R mysql.0 /var/lib/mysql \
&& test "$(id mysql)" = "uid=27(mysql) gid=27(mysql) groups=27(mysql)" \
&& rm -rf /etc/my.cnf.d/* \
&& /usr/libexec/container-setup

USER 27

ENTRYPOINT ["container-entrypoint"]
CMD ["run-mysqld"]
39 changes: 39 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
# RaBe nginx Image

[MariaDB](https://mariadb.org) container image based on [RaBe UBI9 Minimal](https://github.com/radiorabe/container-image-ubi9-minimal).

## Usage

Run it as you please.

## Release Management

The CI/CD setup uses semantic commit messages following the [conventional commits standard](https://www.conventionalcommits.org/en/v1.0.0/).
The workflow is based on the [RaBe shared actions](https://radiorabe.github.io/actions/)
and uses [go-semantic-commit](https://go-semantic-release.xyz/)
to create new releases.

The commit message should be structured as follows:

```
<type>[optional scope]: <description>
[optional body]
[optional footer(s)]
```

The commit contains the following structural elements, to communicate intent to the consumers of your library:

1. **fix:** a commit of the type `fix` patches gets released with a PATCH version bump
1. **feat:** a commit of the type `feat` gets released as a MINOR version bump
1. **BREAKING CHANGE:** a commit that has a footer `BREAKING CHANGE:` gets released as a MAJOR version bump
1. types other than `fix:` and `feat:` are allowed and don't trigger a release

If a commit does not contain a conventional commit style message you can fix
it during the squash and merge operation on the PR.

## Build Process

The CI/CD setup uses [Docker build-push Action](https://github.com/docker/build-push-action)
to publish container images. The workflow is based on the [RaBe shared actions](https://radiorabe.github.io/actions/).
18 changes: 18 additions & 0 deletions catalog-info.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
---
apiVersion: backstage.io/v1alpha1
kind: Component
metadata:
name: mariadb
description: MariaDB in UBI9 Minimal
annotations:
backstage.io/techdocs-ref: dir:.
github.com/project-slug: radiorabe/container-image-mariadb
links:
- url: https://mariadb.com/kb/en/documentation/
title: MariaDB Server Documentation
spec:
type: container
lifecycle: experimental
owner: it-reaktion
dependsOn:
- component:default/rabe-ubi9-minimal
10 changes: 10 additions & 0 deletions docs/css/style.css
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
/* set primary color */
:root {
--md-primary-fg-color: #00C9BF;
--md-accent-fg-color: #00C9BF;
}

/* make code selectable on main */
.highlight .o {
user-select: none;
}
12 changes: 12 additions & 0 deletions docs/gen_ref_pages.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
"""Generate the code reference pages and navigation.
From https://mkdocstrings.github.io/recipes/
"""

from pathlib import Path

import mkdocs_gen_files

readme = Path("README.md").open("r")
with mkdocs_gen_files.open("index.md", "w", encoding="utf-8") as index_file:
index_file.writelines(readme.read())
4 changes: 4 additions & 0 deletions mariadb.repo
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
[mariadb]
name = MariaDB
baseurl = https://rpm.mariadb.org/11.2/centos/$releasever/$basearch
gpgkey = https://rpm.mariadb.org/RPM-GPG-KEY-MariaDB
47 changes: 47 additions & 0 deletions mkdocs.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
site_name: RaBe MariaDB Container Image
repo_url: https://github.com/radiorabe/container-image-mariadb
repo_name: radiorabe/container-image-mariadb

theme:
name: "material"
palette:
# Palette toggle for dark mode
- scheme: slate
toggle:
icon: material/brightness-4
name: Switch to light mode
# Palette toggle for light mode
- scheme: default
toggle:
icon: material/brightness-7
name: Switch to dark mode
icon:
repo: fontawesome/brands/git-alt
features:
- content.code.copy
- content.code.annotate
- toc.integrate

markdown_extensions:
- pymdownx.highlight:
anchor_linenums: true
- pymdownx.inlinehilite
- pymdownx.snippets
- pymdownx.superfences

extra_css:
- css/style.css

plugins:
- search
- gen-files:
scripts:
- docs/gen_ref_pages.py
- literate-nav
- section-index

nav:
- README: index.md

watch:
- README.md

0 comments on commit 888ae49

Please sign in to comment.