mirror of
https://github.com/zadam/trilium.git
synced 2025-06-06 18:08:33 +02:00
Merge pull request #314 from TriliumNext/fix-arm-builds
Fix ARM container builds
This commit is contained in:
commit
50a6a1f3dc
257
.github/workflows/main-docker.yml
vendored
257
.github/workflows/main-docker.yml
vendored
@ -1,148 +1,155 @@
|
|||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
branches:
|
branches:
|
||||||
- "develop"
|
- "develop"
|
||||||
- "feature/update**"
|
- "feature/update**"
|
||||||
- "feature/server_esm**"
|
- "feature/server_esm**"
|
||||||
paths-ignore:
|
paths-ignore:
|
||||||
- "docs/**"
|
- "docs/**"
|
||||||
- "bin/**"
|
- "bin/**"
|
||||||
tags:
|
tags:
|
||||||
- "v*"
|
- "v*"
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
|
|
||||||
env:
|
env:
|
||||||
GHCR_REGISTRY: ghcr.io
|
GHCR_REGISTRY: ghcr.io
|
||||||
DOCKERHUB_REGISTRY: docker.io
|
DOCKERHUB_REGISTRY: docker.io
|
||||||
IMAGE_NAME: ${{ github.repository }}
|
IMAGE_NAME: ${{ github.repository }}
|
||||||
TEST_TAG: triliumnext/notes:test
|
TEST_TAG: triliumnext/notes:test
|
||||||
PLATFORMS: linux/amd64,linux/arm64
|
PLATFORMS: linux/amd64,linux/arm64,linux/arm/v7,linux/arm64/v8
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
test_docker:
|
test_docker:
|
||||||
name: Check Docker build
|
name: Check Docker build
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout the repository
|
- name: Checkout the repository
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
- name: Set up Docker Buildx
|
- name: Set up Docker Buildx
|
||||||
uses: docker/setup-buildx-action@v3
|
uses: docker/setup-buildx-action@v3
|
||||||
|
|
||||||
- name: Set up node & dependencies
|
|
||||||
uses: actions/setup-node@v4
|
|
||||||
with:
|
|
||||||
node-version: 20
|
|
||||||
cache: "npm"
|
|
||||||
|
|
||||||
- run: npm ci
|
|
||||||
|
|
||||||
- name: Run the TypeScript build
|
|
||||||
run: npx tsc
|
|
||||||
|
|
||||||
- name: Create server-package.json
|
|
||||||
run: cat package.json | grep -v electron > server-package.json
|
|
||||||
|
|
||||||
- name: Build and export to Docker
|
|
||||||
uses: docker/build-push-action@v6
|
|
||||||
with:
|
|
||||||
context: .
|
|
||||||
load: true
|
|
||||||
tags: ${{ env.TEST_TAG }}
|
|
||||||
cache-from: type=gha
|
|
||||||
cache-to: type=gha,mode=max
|
|
||||||
|
|
||||||
- name: Run the container in the background
|
|
||||||
run: docker run -d --rm --name trilium_local ${{ env.TEST_TAG }}
|
|
||||||
|
|
||||||
- name: Wait for the healthchecks to pass
|
|
||||||
uses: stringbean/docker-healthcheck-action@v1
|
|
||||||
with:
|
|
||||||
container: trilium_local
|
|
||||||
wait-time: 50
|
|
||||||
require-status: running
|
|
||||||
require-healthy: true
|
|
||||||
|
|
||||||
build_docker:
|
|
||||||
name: Build Docker images
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
needs:
|
|
||||||
- test_docker
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
packages: write
|
|
||||||
attestations: write
|
|
||||||
id-token: write
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
- name: Set up QEMU
|
|
||||||
uses: docker/setup-qemu-action@v3
|
|
||||||
- name: Extract metadata (tags, labels) for GHCR image
|
|
||||||
id: ghcr-meta
|
|
||||||
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
|
|
||||||
with:
|
|
||||||
images: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}
|
|
||||||
tags:
|
|
||||||
- name: Extract metadata (tags, labels) for DockerHub image
|
|
||||||
id: dh-meta
|
|
||||||
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
|
|
||||||
with:
|
|
||||||
images: ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}
|
|
||||||
- name: Set up node & dependencies
|
- name: Set up node & dependencies
|
||||||
uses: actions/setup-node@v4
|
uses: actions/setup-node@v4
|
||||||
with:
|
with:
|
||||||
node-version: 20
|
node-version: 20
|
||||||
cache: "npm"
|
cache: "npm"
|
||||||
|
|
||||||
- run: npm ci
|
- run: npm ci
|
||||||
|
|
||||||
- name: Run the TypeScript build
|
- name: Run the TypeScript build
|
||||||
run: npx tsc
|
run: npx tsc
|
||||||
|
|
||||||
- name: Create server-package.json
|
- name: Create server-package.json
|
||||||
run: cat package.json | grep -v electron > server-package.json
|
run: cat package.json | grep -v electron > server-package.json
|
||||||
- name: Log in to the GHCR container registry
|
|
||||||
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
|
- name: Build and export to Docker
|
||||||
with:
|
|
||||||
registry: ${{ env.GHCR_REGISTRY }}
|
|
||||||
username: ${{ github.actor }}
|
|
||||||
password: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
- uses: docker/setup-buildx-action@v3
|
|
||||||
- name: Build and push container image to GHCR
|
|
||||||
uses: docker/build-push-action@v6
|
uses: docker/build-push-action@v6
|
||||||
id: ghcr-push
|
|
||||||
with:
|
with:
|
||||||
context: .
|
context: .
|
||||||
platforms: ${{ env.PLATFORMS }}
|
load: true
|
||||||
push: true
|
tags: ${{ env.TEST_TAG }}
|
||||||
tags: ${{ steps.ghcr-meta.outputs.tags }}
|
|
||||||
labels: ${{ steps.ghcr-meta.outputs.labels }}
|
|
||||||
cache-from: type=gha
|
cache-from: type=gha
|
||||||
cache-to: type=gha,mode=max
|
cache-to: type=gha,mode=max
|
||||||
- name: Generate and push artifact attestation to GHCR
|
|
||||||
uses: actions/attest-build-provenance@v1
|
- name: Run the container in the background
|
||||||
|
run: docker run -d --rm --name trilium_local ${{ env.TEST_TAG }}
|
||||||
|
|
||||||
|
- name: Wait for the healthchecks to pass
|
||||||
|
uses: stringbean/docker-healthcheck-action@v1
|
||||||
with:
|
with:
|
||||||
subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME}}
|
container: trilium_local
|
||||||
subject-digest: ${{ steps.ghcr-push.outputs.digest }}
|
wait-time: 50
|
||||||
push-to-registry: true
|
require-status: running
|
||||||
- name: Log in to the DockerHub container registry
|
require-healthy: true
|
||||||
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
|
|
||||||
with:
|
build_docker:
|
||||||
registry: ${{ env.DOCKERHUB_REGISTRY }}
|
name: Build Docker images
|
||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
runs-on: ubuntu-latest
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
needs:
|
||||||
- name: Build and push image to DockerHub
|
- test_docker
|
||||||
uses: docker/build-push-action@v6
|
permissions:
|
||||||
id: dh-push
|
contents: read
|
||||||
with:
|
packages: write
|
||||||
context: .
|
attestations: write
|
||||||
platforms: ${{ env.PLATFORMS }}
|
id-token: write
|
||||||
push: true
|
strategy:
|
||||||
tags: ${{ steps.dh-meta.outputs.tags }}
|
matrix:
|
||||||
labels: ${{ steps.dh-meta.outputs.labels }}
|
architecture: [linux/amd64, linux/arm64, linux/arm/v7, linux/arm64/v8]
|
||||||
cache-from: type=gha
|
steps:
|
||||||
cache-to: type=gha,mode=max
|
- uses: actions/checkout@v4
|
||||||
- name: Generate and push artifact attestation to DockerHub
|
- name: Extract metadata (tags, labels) for GHCR image
|
||||||
uses: actions/attest-build-provenance@v1
|
id: ghcr-meta
|
||||||
with:
|
uses: docker/metadata-action@v4
|
||||||
subject-name: ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME}}
|
with:
|
||||||
subject-digest: ${{ steps.dh-push.outputs.digest }}
|
images: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}
|
||||||
push-to-registry: true
|
tags: |
|
||||||
|
type=ref,event=branch
|
||||||
|
type=ref,event=tag
|
||||||
|
type=sha
|
||||||
|
- name: Extract metadata (tags, labels) for DockerHub image
|
||||||
|
id: dh-meta
|
||||||
|
uses: docker/metadata-action@v4
|
||||||
|
with:
|
||||||
|
images: ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}
|
||||||
|
tags: |
|
||||||
|
type=ref,event=branch
|
||||||
|
type=ref,event=tag
|
||||||
|
type=sha
|
||||||
|
- name: Set up node & dependencies
|
||||||
|
uses: actions/setup-node@v4
|
||||||
|
with:
|
||||||
|
node-version: 20
|
||||||
|
cache: "npm"
|
||||||
|
- run: npm ci
|
||||||
|
- name: Run the TypeScript build
|
||||||
|
run: npx tsc
|
||||||
|
- name: Create server-package.json
|
||||||
|
run: cat package.json | grep -v electron > server-package.json
|
||||||
|
- name: Log in to the GHCR container registry
|
||||||
|
uses: docker/login-action@v2
|
||||||
|
with:
|
||||||
|
registry: ${{ env.GHCR_REGISTRY }}
|
||||||
|
username: ${{ github.actor }}
|
||||||
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
- uses: docker/setup-buildx-action@v3
|
||||||
|
- name: Build and push container image to GHCR
|
||||||
|
uses: docker/build-push-action@v6
|
||||||
|
id: ghcr-push
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
platforms: ${{ matrix.architecture }}
|
||||||
|
push: true
|
||||||
|
tags: ${{ steps.ghcr-meta.outputs.tags }}
|
||||||
|
labels: ${{ steps.ghcr-meta.outputs.labels }}
|
||||||
|
cache-from: type=gha
|
||||||
|
cache-to: type=gha,mode=max
|
||||||
|
- name: Generate and push artifact attestation to GHCR
|
||||||
|
uses: actions/attest-build-provenance@v1
|
||||||
|
with:
|
||||||
|
subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME}}
|
||||||
|
subject-digest: ${{ steps.ghcr-push.outputs.digest }}
|
||||||
|
push-to-registry: true
|
||||||
|
- name: Log in to the DockerHub container registry
|
||||||
|
uses: docker/login-action@v2
|
||||||
|
with:
|
||||||
|
registry: ${{ env.DOCKERHUB_REGISTRY }}
|
||||||
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
|
- name: Build and push image to DockerHub
|
||||||
|
uses: docker/build-push-action@v6
|
||||||
|
id: dh-push
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
platforms: ${{ matrix.architecture }}
|
||||||
|
push: true
|
||||||
|
tags: ${{ steps.dh-meta.outputs.tags }}
|
||||||
|
labels: ${{ steps.dh-meta.outputs.labels }}
|
||||||
|
cache-from: type=gha
|
||||||
|
cache-to: type=gha,mode=max
|
||||||
|
- name: Generate and push artifact attestation to DockerHub
|
||||||
|
uses: actions/attest-build-provenance@v1
|
||||||
|
with:
|
||||||
|
subject-name: ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME}}
|
||||||
|
subject-digest: ${{ steps.dh-push.outputs.digest }}
|
||||||
|
push-to-registry: true
|
45
Dockerfile
45
Dockerfile
@ -1,8 +1,8 @@
|
|||||||
# !!! Don't try to build this Dockerfile directly, run it through bin/build-docker.sh script !!!
|
# !!! Don't try to build this Dockerfile directly, run it through bin/build-docker.sh script !!!
|
||||||
FROM node:20.15.1-alpine
|
FROM node:20.15.1-bullseye-slim
|
||||||
|
|
||||||
# Configure system dependencies
|
# Configure system dependencies
|
||||||
RUN apk add --no-cache --virtual .build-dependencies \
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||||
autoconf \
|
autoconf \
|
||||||
automake \
|
automake \
|
||||||
g++ \
|
g++ \
|
||||||
@ -11,7 +11,9 @@ RUN apk add --no-cache --virtual .build-dependencies \
|
|||||||
make \
|
make \
|
||||||
nasm \
|
nasm \
|
||||||
libpng-dev \
|
libpng-dev \
|
||||||
python3
|
python3 \
|
||||||
|
gosu \
|
||||||
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
# Create app directory
|
# Create app directory
|
||||||
WORKDIR /usr/src/app
|
WORKDIR /usr/src/app
|
||||||
@ -32,24 +34,33 @@ RUN rm docker_healthcheck.ts
|
|||||||
RUN rm -r build
|
RUN rm -r build
|
||||||
|
|
||||||
# Install app dependencies
|
# Install app dependencies
|
||||||
RUN set -x \
|
RUN set -x
|
||||||
&& npm install \
|
RUN npm install
|
||||||
&& apk del .build-dependencies \
|
RUN apt-get purge -y --auto-remove \
|
||||||
&& npm run webpack \
|
autoconf \
|
||||||
&& npm prune --omit=dev \
|
automake \
|
||||||
&& cp src/public/app/share.js src/public/app-dist/. \
|
g++ \
|
||||||
&& cp -r src/public/app/doc_notes src/public/app-dist/. \
|
gcc \
|
||||||
&& rm -rf src/public/app \
|
libtool \
|
||||||
&& rm src/services/asset_path.ts
|
make \
|
||||||
|
nasm \
|
||||||
|
libpng-dev \
|
||||||
|
python3 \
|
||||||
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
RUN npm run webpack
|
||||||
|
RUN npm prune --omit=dev
|
||||||
|
RUN cp src/public/app/share.js src/public/app-dist/.
|
||||||
|
RUN cp -r src/public/app/doc_notes src/public/app-dist/.
|
||||||
|
RUN rm -rf src/public/app
|
||||||
|
RUN rm src/services/asset_path.ts
|
||||||
|
|
||||||
# Some setup tools need to be kept
|
# Some setup tools need to be kept
|
||||||
RUN apk add --no-cache su-exec shadow
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||||
|
gosu \
|
||||||
# Add application user and setup proper volume permissions
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
RUN adduser -s /bin/false node; exit 0
|
|
||||||
|
|
||||||
# Start the application
|
# Start the application
|
||||||
EXPOSE 8080
|
EXPOSE 8080
|
||||||
CMD [ "./start-docker.sh" ]
|
CMD [ "./start-docker.sh" ]
|
||||||
|
|
||||||
HEALTHCHECK --start-period=10s CMD exec su-exec node node docker_healthcheck.js
|
HEALTHCHECK --start-period=10s CMD exec gosu node node docker_healthcheck.js
|
@ -4,4 +4,4 @@
|
|||||||
[[ ! -z "${USER_GID}" ]] && groupmod -og ${USER_GID} node || echo "No USER_GID specified, leaving 1000"
|
[[ ! -z "${USER_GID}" ]] && groupmod -og ${USER_GID} node || echo "No USER_GID specified, leaving 1000"
|
||||||
|
|
||||||
chown -R node:node /home/node
|
chown -R node:node /home/node
|
||||||
exec su-exec node node ./src/www
|
exec gosu node node ./src/www
|
||||||
|
Loading…
x
Reference in New Issue
Block a user