docker image artifact

google · Jan 22, 2024 · ba8f562 · ba8f562
1 parent 0a3580a
commit ba8f562
Show file tree

Hide file tree

Showing 7 changed files with 118 additions and 65 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -184,11 +184,8 @@ jobs:
           path: gcs_upload_dir/
           retention-days: 1
 
-  docker-compose-test:
+  build-docker-image:
     if: ${{ github.event_name == 'push' }}
-    permissions:
-      contents: 'read'
-      id-token: 'write'
     runs-on: ubuntu-22.04
     needs:
       - build-centos
@@ -197,68 +194,103 @@ jobs:
       - build-windows
     steps:
       - uses: actions/checkout@v3
+      - name: Download installers from GitHub artifacts
+        id: download
+        uses: actions/download-artifact@v4
+        with:
+          pattern: '*_installer*'
+          path: _installers
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.DOCKER_REPOSITORY }}
+      - name: Build and export
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          tags: | 
+            ${{ env.DOCKER_REPOSITORY }}:testing
+            ${{ steps.meta.outputs.tags }}
+          outputs: type=docker,dest=/tmp/grr_base_image.tar
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: grr_base_image
+          path: /tmp/grr_base_image.tar
+
+
+  docker-compose-test:
+    if: ${{ github.event_name == 'push' }}
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+    runs-on: ubuntu-22.04
+    needs:
+      - build-docker-image
+    steps:
+      - name: Download artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: grr_base_image
+          path: /tmp
+      - name: Load image
+        run: |
+          docker load --input /tmp/grr_base_image.tar
+          docker image ls -a 
       - name: Start docker-compose stack
         shell: bash
         run: |
-          docker-compose pull --include-deps
-          docker-compose up -d
+          docker-compose up -f docker-compose.yaml -f docker-compose.testing.yaml -d
       - name: Test
         shell: bash
         run: |
-          docker build -f ./Dockerfile . -t grr-testing
+          docker-compose exec linux-client /configs/create_fake_user.sh
           docker run \
             --add-host=host.docker.internal:host-gateway \
             -v $(pwd):/github_workspace \
             -w /github_workspace \
             --entrypoint appveyor/e2e_tests/run_docker_compose_e2e_test.sh \
-            grr-testing \
+            ${{ env.DOCKER_REPOSITORY }}:testing \
             $(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' grr-linux-client)
       - name: Stop docker-compose stack
         if: always()
         shell: bash
         run: |
           docker-compose down --volumes
 
-  build-push-docker-base-image:
+  push-docker-image:
     env:
       REGISTRY: ghcr.io
-      IMAGE_NAME: ${{ github.repository }}
+    permissions:
+      contents: 'read'
+      id-token: 'write'
     runs-on: ubuntu-22.04
     needs:
       - docker-compose-test
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-      - name: Download installers from GitHub artifacts
-        id: download
+      - name: Download artifact
         uses: actions/download-artifact@v4
         with:
-          pattern: '*_installer*'
-          path: _installers
+          name: grr_base_image
+          path: /tmp
+      - name: Load image
+        run: |
+          docker load --input /tmp/grr_base_image.tar
+          docker image ls -a 
       - name: Login to GitHub Container registry
         # if: ${{ github.event_name == 'push' }}
         uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Extract metadata (tags, labels) for Docker
-        # if: ${{ github.event_name == 'push' }}
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-
-      - name: Build and push Docker image
-        # if: ${{ github.event_name == 'push' }}
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: Dockerfile
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
+      - name: Push Docker image
+        if: ${{ github.event_name == 'push' }}
+        run: |
+          docker push --all-tags ${{ env.DOCKER_REPOSITORY }}
 
   upload-artifacts:
     if: ${{ github.event_name == 'push' }}

diff --git a/Dockerfile b/Dockerfile
@@ -13,7 +13,7 @@
 #   "-component" "admin_ui"
 #   "-config" "/configs/server/grr.server.yaml"
 
-FROM ubuntu:22.04 AS builder
+FROM ubuntu:22.04
 
 LABEL maintainer="grr-dev@googlegroups.com"
 

diff --git a/Dockerfile.client b/Dockerfile.client
@@ -1,25 +1,7 @@
-FROM ghcr.io/google/grr:grr-github-actions-docker
 
-LABEL maintainer="grr-dev@googlegroups.com"
 
-ENV TEMPLATE_DIR /client_templates
-ENV INSTALLERS_DIR /client_installers
 
-RUN apt-get update
+ 
 
-RUN useradd -m appveyor2
-RUN echo "[7] [01234] [ts/3] [appveyor2] [pts/3       ] [100.100.10.10       ] [100.100.10.10  ] [Thu Jan 01 00:00:00 1970 UTC]" > wtmp.txt && \
-    utmpdump /var/log/wtmp >> wtmp.txt && \
-    utmpdump --reverse < wtmp.txt > /var/log/wtmp && \
-    utmpdump /var/log/wtmp
 
-ADD ./docker_config_files/client/ /configs
 
-RUN grr_client_build repack_multiple \
-    --templates ${TEMPLATE_DIR}/*/*.zip \
-    --repack_configs /configs/grr.client.yaml \
-    --output_dir ${INSTALLERS_DIR}
-
-RUN dpkg -i  ${INSTALLERS_DIR}/grr.client/*.deb    
-
-ENTRYPOINT [ "fleetspeak-client" ]
diff --git a/docker-compose.testing.yaml b/docker-compose.testing.yaml
@@ -0,0 +1,13 @@
+
+services: 
+  grr-admin-ui:
+    image: ghcr.io/google/grr:testing
+
+  grr-fleetspeak-frontend:
+    build: ghcr.io/google/grr:testing
+
+  grr-worker:
+    build: ghcr.io/google/grr:testing
+
+  linux-client:
+    build: ghcr.io/google/grr:testing
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -26,9 +26,7 @@ services:
       retries: 10
 
   grr-admin-ui:
-    build:
-      dockerfile: Dockerfile
-      context: .
+    image: ghcr.io/google/grr:latest
     container_name: grr-admin-ui
     hostname: admin-ui
     restart: always
@@ -53,9 +51,7 @@ services:
       - --verbose
 
   grr-fleetspeak-frontend:
-    build:
-      dockerfile: Dockerfile
-      context: .
+    image: ghcr.io/google/grr:latest
     container_name: grr-fleetspeak-frontend
     hostname: grr-fleetspeak-frontend
     depends_on: 
@@ -129,9 +125,7 @@ services:
     ]
 
   grr-worker:
-    build:
-      dockerfile: Dockerfile
-      context: .
+    image: ghcr.io/google/grr:latest
     container_name: grr-worker
     volumes:
       - ./docker_config_files/server/:/configs/
@@ -162,14 +156,14 @@ services:
       - fleetspeak-frontend
     volumes:
       - ./docker_config_files/client/:/configs/
+      # Mount the client_installers folder, to preserve 
+      # the repacked templates across restarts.
       - client_installers:/client_installers
     tty: true
     stdin_open: true
     networks:
       - server-network
-    command: 
-      - -config
-      - /configs/client.config
+    entrypoint: /configs/init_grr_client.sh
 
 volumes:
   db_data:

diff --git a/docker_config_files/client/create_fake_user.sh b/docker_config_files/client/create_fake_user.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+useradd -m testuser &&
+echo "[7] [01234] [ts/3] [testuser] [pts/3       ] [100.100.10.10       ] [100.100.10.10  ] [Thu Jan 01 00:00:00 1970 UTC]" > wtmp.txt && \
+    utmpdump /var/log/wtmp >> wtmp.txt && \
+    utmpdump --reverse < wtmp.txt > /var/log/wtmp && \
+    utmpdump /var/log/wtmp
diff --git a/docker_config_files/client/init_grr_client.sh b/docker_config_files/client/init_grr_client.sh
@@ -0,0 +1,25 @@
+#! /bin/bash
+
+# GRR client docker compose initialization script.
+# This script runs once when starting the client in the
+# docker-compose stack for the first time. It repacks
+# the client using the provided configuration files
+# and installs the resulting debian package. 
+#
+# This script assumes the client-config files 
+# (docker_config_files/client) to be mounted at /configs.
+
+TEMPLATE_DIR="/client_templates"
+INSTALLERS_DIR="/client_installers"
+
+
+if [ -z "$(ls -A ${INSTALLERS_DIR})" ]; then 
+    grr_client_build repack_multiple \
+        --templates ${TEMPLATE_DIR}/*/*.zip \
+        --repack_configs /configs/grr.client.yaml \
+        --output_dir ${INSTALLERS_DIR}
+
+    dpkg -i  ${INSTALLERS_DIR}/grr.client/*.deb   
+fi
+
+fleetspeak-client -config /configs/client.config