Create new tag with xloader as default plugin, replacement for datapusher
This commit is contained in:
parent
674b127728
commit
33da2a1b5e
|
@ -54,6 +54,23 @@ jobs:
|
||||||
cache-from: type=local,src=/tmp/.buildx-cache-alpine-2-10
|
cache-from: type=local,src=/tmp/.buildx-cache-alpine-2-10
|
||||||
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-alpine-2-10
|
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-alpine-2-10
|
||||||
|
|
||||||
|
- name: Get docker tag for alpine xloader image
|
||||||
|
id: alpine
|
||||||
|
run: |
|
||||||
|
echo "IMAGE_TAG=$(awk -F '=' '/IMAGE_TAG/{print $2}' ./images/ckan/2.10/Dockerfile.xloader)" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
|
- name: Build and push CKAN 2.10 alpine xloader
|
||||||
|
uses: docker/build-push-action@v5
|
||||||
|
with:
|
||||||
|
context: ./images/ckan/2.10
|
||||||
|
file: ./images/ckan/2.10/Dockerfile.xloader
|
||||||
|
push: true
|
||||||
|
tags: |
|
||||||
|
keitaro/ckan:${{ steps.alpine.outputs.IMAGE_TAG }}
|
||||||
|
ghcr.io/keitaroinc/ckan:${{ steps.alpine.outputs.IMAGE_TAG }}
|
||||||
|
cache-from: type=local,src=/tmp/.buildx-cache-alpine-2-10
|
||||||
|
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-alpine-2-10
|
||||||
|
|
||||||
- name: Get docker tag for Ubuntu image
|
- name: Get docker tag for Ubuntu image
|
||||||
id: ubuntu
|
id: ubuntu
|
||||||
run: |
|
run: |
|
||||||
|
|
|
@ -39,6 +39,21 @@ jobs:
|
||||||
cache-from: type=local,src=/tmp/.buildx-cache-alpine-2-10
|
cache-from: type=local,src=/tmp/.buildx-cache-alpine-2-10
|
||||||
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-alpine-2-10
|
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-alpine-2-10
|
||||||
|
|
||||||
|
- name: Get docker tag for Alpine xloader image
|
||||||
|
id: alpine
|
||||||
|
run: |
|
||||||
|
echo "IMAGE_TAG=$(awk -F '=' '/IMAGE_TAG/{print $2}' ./images/ckan/2.10/Dockerfile.xloader)" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
|
- name: Build CKAN 2.10 alpine
|
||||||
|
uses: docker/build-push-action@v5
|
||||||
|
with:
|
||||||
|
context: ./images/ckan/2.10
|
||||||
|
file: ./images/ckan/2.10/Dockerfile.xloader
|
||||||
|
push: false
|
||||||
|
tags: keitaro/ckan:${{ steps.alpine.outputs.IMAGE_TAG }}
|
||||||
|
cache-from: type=local,src=/tmp/.buildx-cache-alpine-2-10
|
||||||
|
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-alpine-2-10
|
||||||
|
|
||||||
- name: Get docker tag for Ubuntu image
|
- name: Get docker tag for Ubuntu image
|
||||||
id: ubuntu
|
id: ubuntu
|
||||||
run: |
|
run: |
|
||||||
|
|
|
@ -55,6 +55,30 @@ jobs:
|
||||||
with:
|
with:
|
||||||
sarif_file: 'trivy-results.sarif'
|
sarif_file: 'trivy-results.sarif'
|
||||||
|
|
||||||
|
scan_2_10_xloader:
|
||||||
|
name: scan_2_10_xloader
|
||||||
|
runs-on: ubuntu-20.04
|
||||||
|
steps:
|
||||||
|
|
||||||
|
- name: Checkout code
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Build an image from Dockerfile
|
||||||
|
run: |
|
||||||
|
docker build -t keitaro/ckan/2.10:${{ github.sha }} -f ./images/ckan/2.10/Dockerfile.xloader ./images/ckan/2.10/
|
||||||
|
|
||||||
|
- name: Run Trivy vulnerability scanner
|
||||||
|
uses: aquasecurity/trivy-action@master
|
||||||
|
with:
|
||||||
|
image-ref: 'keitaro/ckan/2.10:${{ github.sha }}'
|
||||||
|
format: 'sarif'
|
||||||
|
output: 'trivy-results.sarif'
|
||||||
|
|
||||||
|
- name: Upload Trivy scan results to GitHub Security tab
|
||||||
|
uses: github/codeql-action/upload-sarif@v3
|
||||||
|
with:
|
||||||
|
sarif_file: 'trivy-results.sarif'
|
||||||
|
|
||||||
|
|
||||||
scan_2_10_focal:
|
scan_2_10_focal:
|
||||||
name: scan_2_10_focal
|
name: scan_2_10_focal
|
||||||
|
|
|
@ -0,0 +1,207 @@
|
||||||
|
##################
|
||||||
|
### Build CKAN ###
|
||||||
|
##################
|
||||||
|
FROM alpine:3.17.2 as ckanbuild
|
||||||
|
|
||||||
|
# Used by Github Actions to tag the image with
|
||||||
|
ENV IMAGE_TAG=2.10.4
|
||||||
|
|
||||||
|
# Set CKAN version to build
|
||||||
|
ENV GIT_URL=https://github.com/ckan/ckan.git
|
||||||
|
ENV GIT_BRANCH=ckan-2.10.4
|
||||||
|
|
||||||
|
# Set src dirs
|
||||||
|
ENV SRC_DIR=/srv/app/src
|
||||||
|
ENV PIP_SRC=${SRC_DIR}
|
||||||
|
|
||||||
|
WORKDIR ${SRC_DIR}
|
||||||
|
|
||||||
|
# Packages to build CKAN requirements and plugins
|
||||||
|
RUN apk add --no-cache \
|
||||||
|
python3 \
|
||||||
|
python3-dev \
|
||||||
|
git \
|
||||||
|
curl \
|
||||||
|
postgresql-dev \
|
||||||
|
linux-headers \
|
||||||
|
gcc \
|
||||||
|
make \
|
||||||
|
g++ \
|
||||||
|
autoconf \
|
||||||
|
automake \
|
||||||
|
libtool \
|
||||||
|
patch \
|
||||||
|
musl-dev \
|
||||||
|
pcre-dev \
|
||||||
|
pcre \
|
||||||
|
libffi-dev \
|
||||||
|
libxml2-dev \
|
||||||
|
libxslt-dev
|
||||||
|
|
||||||
|
# Create the src directory
|
||||||
|
RUN mkdir -p ${SRC_DIR}
|
||||||
|
|
||||||
|
# Install pip
|
||||||
|
RUN curl -o ${SRC_DIR}/get-pip.py https://bootstrap.pypa.io/get-pip.py && \
|
||||||
|
python ${SRC_DIR}/get-pip.py
|
||||||
|
|
||||||
|
# Downgrade setuptools so that CKAN requirements can be built
|
||||||
|
RUN pip install setuptools==44.1.0
|
||||||
|
|
||||||
|
# Fetch and build CKAN and requirements
|
||||||
|
RUN pip install -e git+${GIT_URL}@${GIT_BRANCH}#egg=ckan
|
||||||
|
# Copy patches and apply patches script
|
||||||
|
COPY ./patches ${SRC_DIR}/patches
|
||||||
|
COPY ./scripts/apply_ckan_patches.sh ${SRC_DIR}/apply_ckan_patches.sh
|
||||||
|
# Apply patches
|
||||||
|
# RUN ${SRC_DIR}/apply_ckan_patches.sh
|
||||||
|
RUN rm -rf /srv/app/src/ckan/.git
|
||||||
|
RUN pip wheel --wheel-dir=/wheels -r ckan/requirements.txt
|
||||||
|
RUN pip wheel --wheel-dir=/wheels uWSGI==2.0.20 gevent==22.10.2 greenlet==2.0.2
|
||||||
|
|
||||||
|
|
||||||
|
###########################
|
||||||
|
### Default-Extensions ####
|
||||||
|
###########################
|
||||||
|
FROM alpine:3.17.2 as extbuild
|
||||||
|
|
||||||
|
# Set src dirs
|
||||||
|
ENV SRC_DIR=/srv/app/src
|
||||||
|
ENV PIP_SRC=${SRC_DIR}
|
||||||
|
|
||||||
|
# List of default extensions
|
||||||
|
ENV DEFAULT_EXTENSIONS envvars
|
||||||
|
|
||||||
|
# Locations and tags, please use specific tags or revisions
|
||||||
|
ENV ENVVARS_GIT_URL=https://github.com/okfn/ckanext-envvars
|
||||||
|
ENV ENVVARS_GIT_BRANCH=0.0.2
|
||||||
|
|
||||||
|
RUN apk add --no-cache \
|
||||||
|
python3 \
|
||||||
|
python3-dev \
|
||||||
|
git \
|
||||||
|
curl
|
||||||
|
|
||||||
|
# Create the src directory
|
||||||
|
RUN mkdir -p ${SRC_DIR}
|
||||||
|
|
||||||
|
# Install pip
|
||||||
|
RUN curl -o ${SRC_DIR}/get-pip.py https://bootstrap.pypa.io/get-pip.py && \
|
||||||
|
python ${SRC_DIR}/get-pip.py
|
||||||
|
|
||||||
|
# Fetch and build the default CKAN extensions
|
||||||
|
RUN pip wheel --wheel-dir=/wheels git+${ENVVARS_GIT_URL}@${ENVVARS_GIT_BRANCH}#egg=ckanext-envvars
|
||||||
|
|
||||||
|
############
|
||||||
|
### MAIN ###
|
||||||
|
############
|
||||||
|
FROM alpine:3.17.2
|
||||||
|
|
||||||
|
LABEL maintainer="Keitaro Inc <info@keitaro.com>"
|
||||||
|
LABEL org.opencontainers.image.source https://github.com/keitaroinc/docker-ckan
|
||||||
|
|
||||||
|
ENV APP_DIR=/srv/app
|
||||||
|
ENV SRC_DIR=/srv/app/src
|
||||||
|
ENV CKAN_DIR=${SRC_DIR}/ckan
|
||||||
|
ENV DATA_DIR=/srv/app/data
|
||||||
|
ENV PIP_SRC=${SRC_DIR}
|
||||||
|
ENV CKAN_SITE_URL=http://localhost:5000
|
||||||
|
ENV CKAN__PLUGINS envvars image_view text_view recline_view datastore xloader
|
||||||
|
|
||||||
|
# Install necessary packages to run CKAN
|
||||||
|
RUN apk add --no-cache \
|
||||||
|
supervisor \
|
||||||
|
python3 \
|
||||||
|
bash \
|
||||||
|
git \
|
||||||
|
gettext \
|
||||||
|
curl \
|
||||||
|
postgresql-client \
|
||||||
|
libmagic \
|
||||||
|
pcre \
|
||||||
|
libxslt \
|
||||||
|
libxml2 \
|
||||||
|
tzdata \
|
||||||
|
apache2-utils && \
|
||||||
|
# Create SRC_DIR
|
||||||
|
mkdir -p ${SRC_DIR}
|
||||||
|
|
||||||
|
|
||||||
|
# Install pip
|
||||||
|
RUN curl -o ${SRC_DIR}/get-pip.py https://bootstrap.pypa.io/get-pip.py && \
|
||||||
|
python ${SRC_DIR}/get-pip.py
|
||||||
|
|
||||||
|
### XLoader ###
|
||||||
|
RUN pip3 install -e 'git+https://github.com/keitaroinc/ckanext-xloader.git@master#egg=ckanext-xloader' && \
|
||||||
|
pip3 install -r ${SRC_DIR}/ckanext-xloader/requirements.txt && \
|
||||||
|
pip3 install -U requests[security]
|
||||||
|
|
||||||
|
# Get artifacts from build stages
|
||||||
|
COPY --from=ckanbuild /wheels /srv/app/wheels
|
||||||
|
COPY --from=extbuild /wheels /srv/app/ext_wheels
|
||||||
|
COPY --from=ckanbuild /srv/app/src/ckan ${CKAN_DIR}
|
||||||
|
|
||||||
|
# Additional install steps for build stages artifacts
|
||||||
|
RUN pip install --no-index --find-links=/srv/app/wheels uWSGI==2.0.20 gevent==22.10.2
|
||||||
|
|
||||||
|
# Create a local user and group to run the app
|
||||||
|
RUN addgroup -g 92 -S ckan && \
|
||||||
|
adduser -u 92 -h /srv/app -H -D -S -G ckan ckan
|
||||||
|
|
||||||
|
WORKDIR ${CKAN_DIR}
|
||||||
|
|
||||||
|
# Install CKAN
|
||||||
|
RUN pip install -e /srv/app/src/ckan && \
|
||||||
|
cp who.ini ${APP_DIR} && \
|
||||||
|
pip install --no-index --find-links=/srv/app/wheels -r requirements.txt && \
|
||||||
|
# Install default CKAN extensions
|
||||||
|
pip install --no-index --find-links=/srv/app/ext_wheels ckanext-envvars && \
|
||||||
|
# Create and update CKAN config
|
||||||
|
# Set timezone
|
||||||
|
echo "UTC" > /etc/timezone && \
|
||||||
|
# Generate CKAN config
|
||||||
|
ckan generate config ${APP_DIR}/production.ini && \
|
||||||
|
ckan config-tool ${APP_DIR}/production.ini "beaker.session.secret = " && \
|
||||||
|
# Configure plugins
|
||||||
|
ckan config-tool ${APP_DIR}/production.ini "ckan.plugins = ${CKAN__PLUGINS}" && \
|
||||||
|
# Create the data directory
|
||||||
|
mkdir ${DATA_DIR} && \
|
||||||
|
# Webassets can't be loaded from env variables at runtime, it needs to be in the config so that it is created
|
||||||
|
ckan config-tool ${APP_DIR}/production.ini "ckan.webassets.path = ${DATA_DIR}/webassets" && \
|
||||||
|
# Set the default level for extensions to INFO
|
||||||
|
ckan config-tool ${APP_DIR}/production.ini -s logger_ckanext -e level=INFO && \
|
||||||
|
# Change ownership to app user
|
||||||
|
chown -R ckan:ckan /srv/app
|
||||||
|
|
||||||
|
# Remove wheels
|
||||||
|
RUN rm -rf /srv/app/wheels /srv/app/ext_wheels
|
||||||
|
|
||||||
|
# Copy necessary scripts
|
||||||
|
COPY setup/app ${APP_DIR}
|
||||||
|
|
||||||
|
WORKDIR ${APP_DIR}
|
||||||
|
|
||||||
|
# Create entrypoint directory for children image scripts
|
||||||
|
RUN mkdir docker-entrypoint.d
|
||||||
|
|
||||||
|
# Create afterinit directory for children image scripts
|
||||||
|
RUN mkdir docker-afterinit.d
|
||||||
|
|
||||||
|
RUN pip install supervisor
|
||||||
|
RUN mkdir /var/supervisor
|
||||||
|
RUN mkdir /var/log/ckan
|
||||||
|
RUN mkdir /etc/supervisor/conf.d/ -p
|
||||||
|
COPY supervisorvalidation.conf /etc/supervisor/conf.d/supervisor-ckan-worker.conf
|
||||||
|
COPY supervisord.conf /etc/supervisord.conf
|
||||||
|
COPY supervisorstart.sh /srv/app/docker-afterinit.d
|
||||||
|
|
||||||
|
# Change ownership to app user
|
||||||
|
RUN chown -R ckan:ckan ${APP_DIR} /var/supervisor /var/log/ckan /etc/supervisor/conf.d/
|
||||||
|
|
||||||
|
EXPOSE 5000
|
||||||
|
|
||||||
|
HEALTHCHECK --interval=10s --timeout=5s --retries=5 CMD curl --fail http://localhost:5000/api/3/action/status_show || exit 1
|
||||||
|
|
||||||
|
USER ckan
|
||||||
|
|
||||||
|
CMD ["/srv/app/start_ckan.sh"]
|
|
@ -0,0 +1,23 @@
|
||||||
|
; supervisor config file
|
||||||
|
[unix_http_server]
|
||||||
|
file=/var/supervisor/supervisor.sock ; (the path to the socket file)
|
||||||
|
chmod=0700 ; sockef file mode (default 0700)
|
||||||
|
[supervisord]
|
||||||
|
logfile=/var/log/ckan/supervisord.log ; (main log file;default $CWD/supervisord.log)
|
||||||
|
;pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
|
||||||
|
;childlogdir=/var/log/supervisor ; ('AUTO' child log dir, default $TEMP)
|
||||||
|
; the below section must remain in the config file for RPC
|
||||||
|
; (supervisorctl/web interface) to work, additional interfaces may be
|
||||||
|
; added by defining them in separate rpcinterface: sections
|
||||||
|
user=ckan
|
||||||
|
[rpcinterface:supervisor]
|
||||||
|
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
|
||||||
|
[supervisorctl]
|
||||||
|
serverurl=unix:///var/supervisor/supervisor.sock ; use a unix:// URL for a unix socket
|
||||||
|
; The [include] section can just contain the "files" setting. This
|
||||||
|
; setting can list multiple files (separated by whitespace or
|
||||||
|
; newlines). It can also contain wildcards. The filenames are
|
||||||
|
; interpreted as relative to this file. Included files *cannot*
|
||||||
|
; include files themselves.
|
||||||
|
[include]
|
||||||
|
files = /etc/supervisor/conf.d/*.conf
|
|
@ -0,0 +1,2 @@
|
||||||
|
#!/bin/sh
|
||||||
|
supervisord
|
|
@ -0,0 +1,54 @@
|
||||||
|
; =======================================================
|
||||||
|
; Supervisor configuration for CKAN background job worker
|
||||||
|
; =======================================================
|
||||||
|
; 1. Copy this file to /etc/supervisor/conf.d
|
||||||
|
; 2. Make sure the paths below match your setup
|
||||||
|
[program:ckan-worker-default]
|
||||||
|
command=ckan -c /srv/app/production.ini jobs worker default
|
||||||
|
; Log files.
|
||||||
|
redirect_stderr=true
|
||||||
|
stdout_logfile=/var/log/ckan/ckan-worker.log
|
||||||
|
; Make sure that the worker is started on system start and automatically
|
||||||
|
; restarted if it crashes unexpectedly.
|
||||||
|
autostart=true
|
||||||
|
autorestart=true
|
||||||
|
; Number of seconds the process has to run before it is considered to have
|
||||||
|
; started successfully.
|
||||||
|
startsecs=10
|
||||||
|
; Need to wait for currently executing tasks to finish at shutdown.
|
||||||
|
; Increase this if you have very long running tasks.
|
||||||
|
stopwaitsecs = 600
|
||||||
|
|
||||||
|
[program:ckan-worker-bulk]
|
||||||
|
command=ckan -c /srv/app/production.ini jobs worker bulk
|
||||||
|
; Log files.
|
||||||
|
redirect_stderr=true
|
||||||
|
stdout_logfile=/var/log/ckan/ckan-worker.log
|
||||||
|
; Make sure that the worker is started on system start and automatically
|
||||||
|
; restarted if it crashes unexpectedly.
|
||||||
|
autostart=true
|
||||||
|
autorestart=true
|
||||||
|
; Number of seconds the process has to run before it is considered to have
|
||||||
|
; started successfully.
|
||||||
|
startsecs=10
|
||||||
|
; Need to wait for currently executing tasks to finish at shutdown.
|
||||||
|
; Increase this if you have very long running tasks.
|
||||||
|
stopwaitsecs = 600
|
||||||
|
|
||||||
|
[program:ckan-worker-priority]
|
||||||
|
command=ckan -c /srv/app/production.ini jobs worker priority
|
||||||
|
numprocs=2
|
||||||
|
process_name=%(program_name)s-%(process_num)02d
|
||||||
|
; Log files.
|
||||||
|
redirect_stderr=true
|
||||||
|
stdout_logfile=/var/log/ckan/ckan-worker.log
|
||||||
|
; Make sure that the worker is started on system start and automatically
|
||||||
|
; restarted if it crashes unexpectedly.
|
||||||
|
autostart=true
|
||||||
|
autorestart=true
|
||||||
|
; Number of seconds the process has to run before it is considered to have
|
||||||
|
; started successfully.
|
||||||
|
startsecs=10
|
||||||
|
; Need to wait for currently executing tasks to finish at shutdown.
|
||||||
|
; Increase this if you have very long running tasks.
|
||||||
|
stopwaitsecs = 600
|
Loading…
Reference in New Issue