github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

perf: 优化镜像构建

pull/13014/head
吴小白 2024-04-03 00:11:41 +08:00 committed by Bryan
parent 08ac8b0857
commit 8500f186f6
6 changed files with 537 additions and 1814 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
.github/workflows/jms-build-test.yml vendored
View File

@ -10,17 +10,17 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3
- uses: docker/setup-qemu-action@v2 - name: Build CE Image
uses: docker/build-push-action@v5
- uses: docker/setup-buildx-action@v2
- uses: docker/build-push-action@v3
with: with:
context: . context: .
push: false push: false
file: Dockerfile
tags: jumpserver/core-ce:test tags: jumpserver/core-ce:test
file: Dockerfile-ce platforms: linux/amd64
build-args: | build-args: |
APT_MIRROR=http://deb.debian.org APT_MIRROR=http://deb.debian.org
PIP_MIRROR=https://pypi.org/simple PIP_MIRROR=https://pypi.org/simple
@ -28,9 +28,22 @@ jobs:
cache-from: type=gha cache-from: type=gha
cache-to: type=gha,mode=max cache-to: type=gha,mode=max
- uses: LouisBrunner/checks-action@v1.5.0 - name: Prepare EE Image
if: always() run: |
sed -i 's@^FROM registry.fit2cloud.com@# FROM registry.fit2cloud.com@g' Dockerfile-ee
sed -i 's@^COPY --from=build-xpack@# COPY --from=build-xpack@g' Dockerfile-ee
- name: Build EE Image
uses: docker/build-push-action@v5
with: with:
token: ${{ secrets.GITHUB_TOKEN }} context: .
name: Check Build push: false
conclusion: ${{ job.status }} file: Dockerfile-ee
tags: jumpserver/core-ee:test
platforms: linux/amd64
build-args: |
APT_MIRROR=http://deb.debian.org
PIP_MIRROR=https://pypi.org/simple
PIP_JMS_MIRROR=https://pypi.org/simple
cache-from: type=gha
cache-to: type=gha,mode=max

72
Dockerfile-ce → Dockerfile
View File

@ -1,6 +1,28 @@
FROM python:3.11-slim-bullseye as stage-1 FROM python:3.11-slim-bullseye as stage-1
ARG TARGETARCH ARG TARGETARCH
ARG DEPENDENCIES=" \
ca-certificates \
wget"
RUN set -ex \
&& apt-get update \
&& apt-get -y install --no-install-recommends ${DEPENDENCIES} \
&& echo "no" | dpkg-reconfigure dash \
&& apt-get clean all \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /opt
ARG CHECK_VERSION=v1.0.2
RUN set -ex \
&& wget https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
&& tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
&& mv check /usr/local/bin/ \
&& chown root:root /usr/local/bin/check \
&& chmod 755 /usr/local/bin/check \
&& rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz
ARG VERSION ARG VERSION
ENV VERSION=$VERSION ENV VERSION=$VERSION
@ -14,34 +36,16 @@ ARG TARGETARCH
ARG BUILD_DEPENDENCIES=" \ ARG BUILD_DEPENDENCIES=" \
g++ \ g++ \
make \
pkg-config" pkg-config"
ARG DEPENDENCIES=" \ ARG DEPENDENCIES=" \
freetds-dev \
libpq-dev \
libffi-dev \
libjpeg-dev \
libkrb5-dev \
libldap2-dev \
libsasl2-dev \
libssl-dev \
libxml2-dev \
libxmlsec1-dev \
libxmlsec1-openssl \
freerdp2-dev \
libaio-dev"
ARG TOOLS=" \
ca-certificates \
curl \
default-libmysqlclient-dev \ default-libmysqlclient-dev \
default-mysql-client \ default-mysql-client \
git \ libldap2-dev \
git-lfs \ libsasl2-dev \
unzip \ libxml2-dev \
xz-utils \ libxmlsec1-dev \
wget" libxmlsec1-openssl"
ARG APT_MIRROR=http://mirrors.ustc.edu.cn ARG APT_MIRROR=http://mirrors.ustc.edu.cn
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core-apt \ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core-apt \
@ -52,7 +56,6 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core-apt \
&& apt-get update \ && apt-get update \
&& apt-get -y install --no-install-recommends ${BUILD_DEPENDENCIES} \ && apt-get -y install --no-install-recommends ${BUILD_DEPENDENCIES} \
&& apt-get -y install --no-install-recommends ${DEPENDENCIES} \ && apt-get -y install --no-install-recommends ${DEPENDENCIES} \
&& apt-get -y install --no-install-recommends ${TOOLS} \
&& echo "no" | dpkg-reconfigure dash && echo "no" | dpkg-reconfigure dash
WORKDIR /opt/jumpserver WORKDIR /opt/jumpserver
@ -66,33 +69,24 @@ RUN --mount=type=cache,target=/root/.cache \
&& pip install poetry -i ${PIP_MIRROR} \ && pip install poetry -i ${PIP_MIRROR} \
&& poetry config virtualenvs.create false \ && poetry config virtualenvs.create false \
&& . /opt/py3/bin/activate \ && . /opt/py3/bin/activate \
&& poetry install && poetry install --only=main
FROM python:3.11-slim-bullseye FROM python:3.11-slim-bullseye
ARG TARGETARCH ARG TARGETARCH
ENV LANG=zh_CN.UTF-8 \ ENV LANG=en_US.UTF-8 \
PATH=/opt/py3/bin:$PATH PATH=/opt/py3/bin:$PATH
ARG DEPENDENCIES=" \ ARG DEPENDENCIES=" \
libjpeg-dev \ libldap2-dev \
libpq-dev \
libx11-dev \ libx11-dev \
freerdp2-dev \
libxmlsec1-openssl" libxmlsec1-openssl"
ARG TOOLS=" \ ARG TOOLS=" \
ca-certificates \ ca-certificates \
curl \
default-libmysqlclient-dev \ default-libmysqlclient-dev \
default-mysql-client \
iputils-ping \
locales \
nmap \
openssh-client \ openssh-client \
patch \ sshpass"
sshpass \
telnet \
vim \
wget"
ARG APT_MIRROR=http://mirrors.ustc.edu.cn ARG APT_MIRROR=http://mirrors.ustc.edu.cn
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core-apt \ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core-apt \
@ -106,11 +100,11 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core-apt \
&& mkdir -p /root/.ssh/ \ && mkdir -p /root/.ssh/ \
&& echo "Host *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null\n\tCiphers +aes128-cbc\n\tKexAlgorithms +diffie-hellman-group1-sha1\n\tHostKeyAlgorithms +ssh-rsa" > /root/.ssh/config \ && echo "Host *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null\n\tCiphers +aes128-cbc\n\tKexAlgorithms +diffie-hellman-group1-sha1\n\tHostKeyAlgorithms +ssh-rsa" > /root/.ssh/config \
&& echo "no" | dpkg-reconfigure dash \ && echo "no" | dpkg-reconfigure dash \
&& echo "zh_CN.UTF-8" | dpkg-reconfigure locales \
&& sed -i "s@# export @export @g" ~/.bashrc \ && sed -i "s@# export @export @g" ~/.bashrc \
&& sed -i "s@# alias @alias @g" ~/.bashrc && sed -i "s@# alias @alias @g" ~/.bashrc
COPY --from=stage-2 /opt/py3 /opt/py3 COPY --from=stage-2 /opt/py3 /opt/py3
COPY --from=stage-1 /usr/local/bin /usr/local/bin
COPY --from=stage-1 /opt/jumpserver/release/jumpserver /opt/jumpserver COPY --from=stage-1 /opt/jumpserver/release/jumpserver /opt/jumpserver
WORKDIR /opt/jumpserver WORKDIR /opt/jumpserver

131
Dockerfile-ee
View File

@ -1,5 +1,134 @@
ARG VERSION ARG VERSION
FROM registry.fit2cloud.com/jumpserver/xpack:${VERSION} as build-xpack FROM registry.fit2cloud.com/jumpserver/xpack:${VERSION} as build-xpack
FROM registry.fit2cloud.com/jumpserver/core-ce:${VERSION}
FROM python:3.11-slim-bullseye as stage-1
ARG TARGETARCH
ARG DEPENDENCIES=" \
ca-certificates \
wget"
RUN set -ex \
&& apt-get update \
&& apt-get -y install --no-install-recommends ${DEPENDENCIES} \
&& echo "no" | dpkg-reconfigure dash \
&& apt-get clean all \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /opt
ARG CHECK_VERSION=v1.0.2
RUN set -ex \
&& wget https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
&& tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
&& mv check /usr/local/bin/ \
&& chown root:root /usr/local/bin/check \
&& chmod 755 /usr/local/bin/check \
&& rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz
ARG VERSION
ENV VERSION=$VERSION
WORKDIR /opt/jumpserver
ADD . .
COPY --from=build-xpack /opt/xpack /opt/jumpserver/apps/xpack COPY --from=build-xpack /opt/xpack /opt/jumpserver/apps/xpack
RUN echo > /opt/jumpserver/config.yml \
&& cd utils && bash -ixeu build.sh
FROM python:3.11-slim-bullseye as stage-2
ARG TARGETARCH
ARG BUILD_DEPENDENCIES=" \
g++ \
pkg-config"
ARG DEPENDENCIES=" \
default-libmysqlclient-dev \
default-mysql-client \
libldap2-dev \
libsasl2-dev \
libxml2-dev \
libxmlsec1-dev \
libxmlsec1-openssl"
ARG APT_MIRROR=http://mirrors.ustc.edu.cn
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core-apt \
--mount=type=cache,target=/var/lib/apt,sharing=locked,id=core-apt \
sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
&& rm -f /etc/apt/apt.conf.d/docker-clean \
&& ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
&& apt-get update \
&& apt-get -y install --no-install-recommends ${BUILD_DEPENDENCIES} \
&& apt-get -y install --no-install-recommends ${DEPENDENCIES} \
&& echo "no" | dpkg-reconfigure dash
WORKDIR /opt/jumpserver
ARG PIP_MIRROR=https://pypi.tuna.tsinghua.edu.cn/simple
RUN --mount=type=cache,target=/root/.cache \
--mount=type=bind,source=poetry.lock,target=/opt/jumpserver/poetry.lock \
--mount=type=bind,source=pyproject.toml,target=/opt/jumpserver/pyproject.toml \
set -ex \
&& python3 -m venv /opt/py3 \
&& pip install poetry -i ${PIP_MIRROR} \
&& poetry config virtualenvs.create false \
&& . /opt/py3/bin/activate \
&& poetry install
FROM python:3.11-slim-bullseye
ARG TARGETARCH
ENV LANG=zh_CN.UTF-8 \
PATH=/opt/py3/bin:$PATH
ARG DEPENDENCIES=" \
libldap2-dev \
libx11-dev \
libxmlsec1-openssl"
ARG TOOLS=" \
ca-certificates \
curl \
default-libmysqlclient-dev \
default-mysql-client \
iputils-ping \
locales \
nmap \
openssh-client \
patch \
sshpass \
telnet \
vim \
wget"
ARG APT_MIRROR=http://mirrors.ustc.edu.cn
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core-apt \
--mount=type=cache,target=/var/lib/apt,sharing=locked,id=core-apt \
sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
&& rm -f /etc/apt/apt.conf.d/docker-clean \
&& ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
&& apt-get update \
&& apt-get -y install --no-install-recommends ${DEPENDENCIES} \
&& apt-get -y install --no-install-recommends ${TOOLS} \
&& mkdir -p /root/.ssh/ \
&& echo "Host *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null\n\tCiphers +aes128-cbc\n\tKexAlgorithms +diffie-hellman-group1-sha1\n\tHostKeyAlgorithms +ssh-rsa" > /root/.ssh/config \
&& echo "no" | dpkg-reconfigure dash \
&& echo "zh_CN.UTF-8" | dpkg-reconfigure locales \
&& sed -i "s@# export @export @g" ~/.bashrc \
&& sed -i "s@# alias @alias @g" ~/.bashrc
COPY --from=stage-2 /opt/py3 /opt/py3
COPY --from=stage-1 /usr/local/bin /usr/local/bin
COPY --from=stage-1 /opt/jumpserver/release/jumpserver /opt/jumpserver
WORKDIR /opt/jumpserver
ARG VERSION
ENV VERSION=$VERSION
VOLUME /opt/jumpserver/data
EXPOSE 8080
ENTRYPOINT ["./entrypoint.sh"]

2088
poetry.lock generated
View File

File diff suppressed because it is too large Load Diff

9
pyproject.toml
View File

@ -1,6 +1,6 @@
[tool.poetry] [tool.poetry]
name = "jumpserver" name = "jumpserver"
version = "v3.10" version = "v4.0"
description = "广受欢迎的开源堡垒机" description = "广受欢迎的开源堡垒机"
authors = ["ibuler <ibuler@qq.com>"] authors = ["ibuler <ibuler@qq.com>"]
license = "GPLv3" license = "GPLv3"
@ -176,16 +176,11 @@ keystoneauth1 = "5.2.1"
oracledb = "1.4.0" oracledb = "1.4.0"
psycopg2-binary = "2.9.6" psycopg2-binary = "2.9.6"
pymssql = "2.2.8" pymssql = "2.2.8"
psycopg2 = "2.9.6" # psycopg2 = "2.9.6"
ucloud-sdk-python3 = "0.11.50" ucloud-sdk-python3 = "0.11.50"
huaweicloudsdkecs = "3.1.52" huaweicloudsdkecs = "3.1.52"
huaweicloudsdkcore = "3.1.52" huaweicloudsdkcore = "3.1.52"
[[tool.poetry.source]]
name = "tsinghua"
url = "https://pypi.tuna.tsinghua.edu.cn/simple/"
priority = "primary"
[[tool.poetry.source]] [[tool.poetry.source]]
name = "PyPI" name = "PyPI"
priority = "primary" priority = "primary"

14
utils/renew_poetry_lock.sh Normal file
View File

@ -0,0 +1,14 @@
#!/bin/bash
command -v poetry >/dev/null 2>&1 || {
echo "poetry not found. Aborting."
exit 1
}
if [ ! -f "pyproject.toml" ]; then
echo "pyproject.toml not found. Aborting."
exit 1
fi
poetry config virtualenvs.create false
poetry lock --no-update