Merge pull request #314 from TriliumNext/fix-arm-builds

Fix ARM container builds
This commit is contained in:
Elian Doran 2024-08-09 01:06:32 +03:00 committed by GitHub
commit 50a6a1f3dc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 161 additions and 143 deletions

View File

@ -1,148 +1,155 @@
on: on:
push: push:
branches: branches:
- "develop" - "develop"
- "feature/update**" - "feature/update**"
- "feature/server_esm**" - "feature/server_esm**"
paths-ignore: paths-ignore:
- "docs/**" - "docs/**"
- "bin/**" - "bin/**"
tags: tags:
- "v*" - "v*"
workflow_dispatch: workflow_dispatch:
env: env:
GHCR_REGISTRY: ghcr.io GHCR_REGISTRY: ghcr.io
DOCKERHUB_REGISTRY: docker.io DOCKERHUB_REGISTRY: docker.io
IMAGE_NAME: ${{ github.repository }} IMAGE_NAME: ${{ github.repository }}
TEST_TAG: triliumnext/notes:test TEST_TAG: triliumnext/notes:test
PLATFORMS: linux/amd64,linux/arm64 PLATFORMS: linux/amd64,linux/arm64,linux/arm/v7,linux/arm64/v8
jobs: jobs:
test_docker: test_docker:
name: Check Docker build name: Check Docker build
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout the repository - name: Checkout the repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
- name: Set up node & dependencies
uses: actions/setup-node@v4
with:
node-version: 20
cache: "npm"
- run: npm ci
- name: Run the TypeScript build
run: npx tsc
- name: Create server-package.json
run: cat package.json | grep -v electron > server-package.json
- name: Build and export to Docker
uses: docker/build-push-action@v6
with:
context: .
load: true
tags: ${{ env.TEST_TAG }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Run the container in the background
run: docker run -d --rm --name trilium_local ${{ env.TEST_TAG }}
- name: Wait for the healthchecks to pass
uses: stringbean/docker-healthcheck-action@v1
with:
container: trilium_local
wait-time: 50
require-status: running
require-healthy: true
build_docker:
name: Build Docker images
runs-on: ubuntu-latest
needs:
- test_docker
permissions:
contents: read
packages: write
attestations: write
id-token: write
steps:
- uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Extract metadata (tags, labels) for GHCR image
id: ghcr-meta
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
with:
images: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}
tags:
- name: Extract metadata (tags, labels) for DockerHub image
id: dh-meta
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
with:
images: ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Set up node & dependencies - name: Set up node & dependencies
uses: actions/setup-node@v4 uses: actions/setup-node@v4
with: with:
node-version: 20 node-version: 20
cache: "npm" cache: "npm"
- run: npm ci - run: npm ci
- name: Run the TypeScript build - name: Run the TypeScript build
run: npx tsc run: npx tsc
- name: Create server-package.json - name: Create server-package.json
run: cat package.json | grep -v electron > server-package.json run: cat package.json | grep -v electron > server-package.json
- name: Log in to the GHCR container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 - name: Build and export to Docker
with:
registry: ${{ env.GHCR_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: docker/setup-buildx-action@v3
- name: Build and push container image to GHCR
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
id: ghcr-push
with: with:
context: . context: .
platforms: ${{ env.PLATFORMS }} load: true
push: true tags: ${{ env.TEST_TAG }}
tags: ${{ steps.ghcr-meta.outputs.tags }}
labels: ${{ steps.ghcr-meta.outputs.labels }}
cache-from: type=gha cache-from: type=gha
cache-to: type=gha,mode=max cache-to: type=gha,mode=max
- name: Generate and push artifact attestation to GHCR
uses: actions/attest-build-provenance@v1 - name: Run the container in the background
run: docker run -d --rm --name trilium_local ${{ env.TEST_TAG }}
- name: Wait for the healthchecks to pass
uses: stringbean/docker-healthcheck-action@v1
with: with:
subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME}} container: trilium_local
subject-digest: ${{ steps.ghcr-push.outputs.digest }} wait-time: 50
push-to-registry: true require-status: running
- name: Log in to the DockerHub container registry require-healthy: true
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with: build_docker:
registry: ${{ env.DOCKERHUB_REGISTRY }} name: Build Docker images
username: ${{ secrets.DOCKERHUB_USERNAME }} runs-on: ubuntu-latest
password: ${{ secrets.DOCKERHUB_TOKEN }} needs:
- name: Build and push image to DockerHub - test_docker
uses: docker/build-push-action@v6 permissions:
id: dh-push contents: read
with: packages: write
context: . attestations: write
platforms: ${{ env.PLATFORMS }} id-token: write
push: true strategy:
tags: ${{ steps.dh-meta.outputs.tags }} matrix:
labels: ${{ steps.dh-meta.outputs.labels }} architecture: [linux/amd64, linux/arm64, linux/arm/v7, linux/arm64/v8]
cache-from: type=gha steps:
cache-to: type=gha,mode=max - uses: actions/checkout@v4
- name: Generate and push artifact attestation to DockerHub - name: Extract metadata (tags, labels) for GHCR image
uses: actions/attest-build-provenance@v1 id: ghcr-meta
with: uses: docker/metadata-action@v4
subject-name: ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME}} with:
subject-digest: ${{ steps.dh-push.outputs.digest }} images: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}
push-to-registry: true tags: |
type=ref,event=branch
type=ref,event=tag
type=sha
- name: Extract metadata (tags, labels) for DockerHub image
id: dh-meta
uses: docker/metadata-action@v4
with:
images: ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=tag
type=sha
- name: Set up node & dependencies
uses: actions/setup-node@v4
with:
node-version: 20
cache: "npm"
- run: npm ci
- name: Run the TypeScript build
run: npx tsc
- name: Create server-package.json
run: cat package.json | grep -v electron > server-package.json
- name: Log in to the GHCR container registry
uses: docker/login-action@v2
with:
registry: ${{ env.GHCR_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: docker/setup-buildx-action@v3
- name: Build and push container image to GHCR
uses: docker/build-push-action@v6
id: ghcr-push
with:
context: .
platforms: ${{ matrix.architecture }}
push: true
tags: ${{ steps.ghcr-meta.outputs.tags }}
labels: ${{ steps.ghcr-meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Generate and push artifact attestation to GHCR
uses: actions/attest-build-provenance@v1
with:
subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME}}
subject-digest: ${{ steps.ghcr-push.outputs.digest }}
push-to-registry: true
- name: Log in to the DockerHub container registry
uses: docker/login-action@v2
with:
registry: ${{ env.DOCKERHUB_REGISTRY }}
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push image to DockerHub
uses: docker/build-push-action@v6
id: dh-push
with:
context: .
platforms: ${{ matrix.architecture }}
push: true
tags: ${{ steps.dh-meta.outputs.tags }}
labels: ${{ steps.dh-meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Generate and push artifact attestation to DockerHub
uses: actions/attest-build-provenance@v1
with:
subject-name: ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME}}
subject-digest: ${{ steps.dh-push.outputs.digest }}
push-to-registry: true

View File

@ -1,8 +1,8 @@
# !!! Don't try to build this Dockerfile directly, run it through bin/build-docker.sh script !!! # !!! Don't try to build this Dockerfile directly, run it through bin/build-docker.sh script !!!
FROM node:20.15.1-alpine FROM node:20.15.1-bullseye-slim
# Configure system dependencies # Configure system dependencies
RUN apk add --no-cache --virtual .build-dependencies \ RUN apt-get update && apt-get install -y --no-install-recommends \
autoconf \ autoconf \
automake \ automake \
g++ \ g++ \
@ -11,7 +11,9 @@ RUN apk add --no-cache --virtual .build-dependencies \
make \ make \
nasm \ nasm \
libpng-dev \ libpng-dev \
python3 python3 \
gosu \
&& rm -rf /var/lib/apt/lists/*
# Create app directory # Create app directory
WORKDIR /usr/src/app WORKDIR /usr/src/app
@ -32,24 +34,33 @@ RUN rm docker_healthcheck.ts
RUN rm -r build RUN rm -r build
# Install app dependencies # Install app dependencies
RUN set -x \ RUN set -x
&& npm install \ RUN npm install
&& apk del .build-dependencies \ RUN apt-get purge -y --auto-remove \
&& npm run webpack \ autoconf \
&& npm prune --omit=dev \ automake \
&& cp src/public/app/share.js src/public/app-dist/. \ g++ \
&& cp -r src/public/app/doc_notes src/public/app-dist/. \ gcc \
&& rm -rf src/public/app \ libtool \
&& rm src/services/asset_path.ts make \
nasm \
libpng-dev \
python3 \
&& rm -rf /var/lib/apt/lists/*
RUN npm run webpack
RUN npm prune --omit=dev
RUN cp src/public/app/share.js src/public/app-dist/.
RUN cp -r src/public/app/doc_notes src/public/app-dist/.
RUN rm -rf src/public/app
RUN rm src/services/asset_path.ts
# Some setup tools need to be kept # Some setup tools need to be kept
RUN apk add --no-cache su-exec shadow RUN apt-get update && apt-get install -y --no-install-recommends \
gosu \
# Add application user and setup proper volume permissions && rm -rf /var/lib/apt/lists/*
RUN adduser -s /bin/false node; exit 0
# Start the application # Start the application
EXPOSE 8080 EXPOSE 8080
CMD [ "./start-docker.sh" ] CMD [ "./start-docker.sh" ]
HEALTHCHECK --start-period=10s CMD exec su-exec node node docker_healthcheck.js HEALTHCHECK --start-period=10s CMD exec gosu node node docker_healthcheck.js

View File

@ -4,4 +4,4 @@
[[ ! -z "${USER_GID}" ]] && groupmod -og ${USER_GID} node || echo "No USER_GID specified, leaving 1000" [[ ! -z "${USER_GID}" ]] && groupmod -og ${USER_GID} node || echo "No USER_GID specified, leaving 1000"
chown -R node:node /home/node chown -R node:node /home/node
exec su-exec node node ./src/www exec gosu node node ./src/www