diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 00000000..01398dc3 --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,81 @@ +name: Docker Publish + +on: + push: + tags: + - 'v*' + workflow_dispatch: + +jobs: + build-and-push: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + env: + GITHUB_REGISTRY: ghcr.io + ALIYUN_REGISTRY: registry.cn-hangzhou.aliyuncs.com + ALIYUN_NAMESPACE: ${{ vars.ALIYUN_NAMESPACE }} + DOCKERHUB_NAMESPACE: ${{ vars.DOCKERHUB_NAMESPACE }} + + strategy: + matrix: + service: [ adminer, guacd, mysql, redis, service, ui ] + + steps: + - name: 🌱 Checkout repository + uses: actions/checkout@v4 + + - name: ⚙️ Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: 🔧 Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: 🐳 Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: 🐳 Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ${{ env.GITHUB_REGISTRY }} + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: 🐳 Login to Aliyun Registry + uses: docker/login-action@v3 + with: + registry: ${{ env.ALIYUN_REGISTRY }} + username: ${{ secrets.ALIYUN_USERNAME }} + password: ${{ secrets.ALIYUN_TOKEN }} + + - name: 📦 Extract Docker metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: | + orion-visor-${{ matrix.service }} + tags: | + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + + - name: 🛠️ Build and push Docker image for orion-visor-${{ matrix.service }} + uses: docker/build-push-action@v5 + with: + context: . + file: ./docker/${{ matrix.service }}/Dockerfile + push: true + tags: | + ${{ env.DOCKERHUB_NAMESPACE }}/orion-visor-${{ matrix.service }}:${{ steps.meta.outputs.version }} + ${{ env.DOCKERHUB_NAMESPACE }}/orion-visor-${{ matrix.service }}:latest + ${{ env.GITHUB_REGISTRY }}/${{ github.repository_owner }}/orion-visor-${{ matrix.service }}:${{ steps.meta.outputs.version }} + ${{ env.GITHUB_REGISTRY }}/${{ github.repository_owner }}/orion-visor-${{ matrix.service }}:latest + ${{ env.ALIYUN_REGISTRY }}/${{ env.ALIYUN_NAMESPACE }}/orion-visor-${{ matrix.service }}:${{ steps.meta.outputs.version }} + ${{ env.ALIYUN_REGISTRY }}/${{ env.ALIYUN_NAMESPACE }}/orion-visor-${{ matrix.service }}:latest + labels: ${{ steps.meta.outputs.labels }} + platforms: linux/amd64,linux/arm64 \ No newline at end of file diff --git a/docker/adminer/Dockerfile b/docker/adminer/Dockerfile index 9ee4d40b..b93cae46 100644 --- a/docker/adminer/Dockerfile +++ b/docker/adminer/Dockerfile @@ -1 +1 @@ -FROM adminer:latest +FROM --platform=$BUILDPLATFORM adminer:latest diff --git a/docker/adminer/build.sh b/docker/adminer/build.sh deleted file mode 100644 index 06a7bb84..00000000 --- a/docker/adminer/build.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -set -e -version=2.4.1 -docker build -t orion-visor-adminer:${version} . -docker tag orion-visor-adminer:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-adminer:${version} -docker tag orion-visor-adminer:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-adminer:latest diff --git a/docker/build.sh b/docker/build.sh new file mode 100644 index 00000000..36ba142d --- /dev/null +++ b/docker/build.sh @@ -0,0 +1,40 @@ +#!/bin/bash +set -e + +# 版本 +version=2.4.1 +# 是否推送 +push_images=false +# 命令空间 +namespace="registry.cn-hangzhou.aliyuncs.com/orionsec" + +# 解析参数 +while [[ $# -gt 0 ]]; do + case "$1" in + --push) + push_images=true + shift + ;; + *) + echo "未知参数: $1" + exit 1 + ;; + esac +done + +docker build -f ./ui/Dockerfile -t orion-visor-ui:${version} -t ${namespace}/orion-visor-ui:${version} . && \ +docker build -f ./service/Dockerfile -t orion-visor-service:${version} -t ${namespace}/orion-visor-service:${version} . && \ +docker build -f ./mysql/Dockerfile -t orion-visor-mysql:${version} -t ${namespace}/orion-visor-mysql:${version} . && \ +docker build -f ./redis/Dockerfile -t orion-visor-redis:${version} -t ${namespace}/orion-visor-redis:${version} . && \ +docker build -f ./adminer/Dockerfile -t orion-visor-adminer:${version} -t ${namespace}/orion-visor-adminer:${version} . && \ +docker build -f ./guacd/Dockerfile -t orion-visor-guacd:${version} -t ${namespace}/orion-visor-guacd:${version} . + +# 推送镜像 +if [ "$push_images" = true ]; then + docker push ${namespace}/orion-visor-adminer:${version} + docker push ${namespace}/orion-visor-mysql:${version} + docker push ${namespace}/orion-visor-redis:${version} + docker push ${namespace}/orion-visor-guacd:${version} + docker push ${namespace}/orion-visor-service:${version} + docker push ${namespace}/orion-visor-ui:${version} +fi diff --git a/docker/guacd/Dockerfile b/docker/guacd/Dockerfile index 5bbaf75c..310f7abd 100644 --- a/docker/guacd/Dockerfile +++ b/docker/guacd/Dockerfile @@ -1,10 +1,17 @@ -FROM guacamole/guacd:1.6.0 +FROM --platform=$BUILDPLATFORM guacamole/guacd:1.6.0 + USER root + # 系统时区 ARG TZ=Asia/Shanghai -# 设置时区 -RUN ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime && \ - echo '${TZ}' > /etc/timezone + +# 添加包 & 设置时区 +RUN \ + sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories && \ + apk update && \ + apk add --no-cache tzdata && \ + ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime && \ + echo "${TZ}" > /etc/timezone # 创建所需目录 RUN mkdir -p /home/guacd/drive /usr/share/guacd/drive diff --git a/docker/guacd/build.sh b/docker/guacd/build.sh deleted file mode 100644 index cc3e3072..00000000 --- a/docker/guacd/build.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -set -e -version=2.4.1 -docker build -t orion-visor-guacd:${version} . -docker tag orion-visor-guacd:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-guacd:${version} -docker tag orion-visor-guacd:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-guacd:latest diff --git a/docker/mysql/Dockerfile b/docker/mysql/Dockerfile index 26e9dc42..7b37afb9 100644 --- a/docker/mysql/Dockerfile +++ b/docker/mysql/Dockerfile @@ -1,16 +1,18 @@ -FROM mysql:8.0.28 +FROM --platform=$BUILDPLATFORM mysql:8.0.28 + # 系统时区 ARG TZ=Asia/Shanghai + # 设置时区 RUN ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime && \ - echo '${TZ}' > /etc/timezone + echo "${TZ}" > /etc/timezone + # 复制配置 -COPY ./my.cnf /etc/mysql/conf.d/my.cnf +COPY ./docker/mysql/my.cnf /etc/mysql/conf.d/my.cnf + # 复制初始化脚本 -COPY ./sql/init-1-schema-databases.sql /tmp -COPY ./sql/init-2-schema-tables.sql /tmp -COPY ./sql/init-3-schema-quartz.sql /tmp -COPY ./sql/init-4-data.sql /tmp +COPY ./sql /tmp + # 设置初始化脚本 RUN cat /tmp/init-1-schema-databases.sql >> /tmp/init.sql && \ cat /tmp/init-2-schema-tables.sql >> /tmp/init.sql && \ diff --git a/docker/mysql/build.sh b/docker/mysql/build.sh deleted file mode 100644 index c43db3ed..00000000 --- a/docker/mysql/build.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -set -e -version=2.4.1 -cp -r ../../sql ./sql -docker build -t orion-visor-mysql:${version} . -rm -rf ./sql -docker tag orion-visor-mysql:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-mysql:${version} -docker tag orion-visor-mysql:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-mysql:latest diff --git a/docker/push.sh b/docker/push.sh deleted file mode 100644 index c8ed73d3..00000000 --- a/docker/push.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash -set -e -version=2.4.1 -docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-adminer:${version} -docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-mysql:${version} -docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-redis:${version} -docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-guacd:${version} -docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-service:${version} -docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-ui:${version} -docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-adminer:latest -docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-mysql:latest -docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-redis:latest -docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-guacd:latest -docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-service:latest -docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-ui:latest diff --git a/docker/redis/Dockerfile b/docker/redis/Dockerfile index b95416cf..42947dc9 100644 --- a/docker/redis/Dockerfile +++ b/docker/redis/Dockerfile @@ -1,15 +1,22 @@ -FROM redis:6.0.16-alpine +FROM --platform=$BUILDPLATFORM redis:6.0.16-alpine + WORKDIR /data + # 系统时区 ARG TZ=Asia/Shanghai -# 添加包 + +# 添加包 & 设置时区 RUN \ sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories && \ apk update && \ - apk add tzdata -# 设置时区 -RUN ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime && \ - echo '${TZ}' > /etc/timezone -# redis 配置 -COPY ./redis.conf /tmp -RUN cat /tmp/redis.conf > /usr/local/redis.conf + apk add --no-cache tzdata && \ + ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime && \ + echo "${TZ}" > /etc/timezone && \ + rm -rf /var/cache/apk/* && \ + rm -f /usr/local/redis.conf + +# 复制配置文件 +COPY ./docker/redis/redis.conf /usr/local/redis.conf + +# 启动 Redis 并加载自定义配置 +CMD ["redis-server", "/usr/local/redis.conf"] \ No newline at end of file diff --git a/docker/redis/build.sh b/docker/redis/build.sh deleted file mode 100644 index 4c58396c..00000000 --- a/docker/redis/build.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -set -e -version=2.4.1 -docker build -t orion-visor-redis:${version} . -docker tag orion-visor-redis:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-redis:${version} -docker tag orion-visor-redis:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-redis:latest diff --git a/docker/service/Dockerfile b/docker/service/Dockerfile index 0215fad6..5f82c964 100644 --- a/docker/service/Dockerfile +++ b/docker/service/Dockerfile @@ -1,20 +1,42 @@ -FROM openjdk:8-jdk-alpine +# 构建应用 +FROM --platform=$BUILDPLATFORM maven:3.9.10-eclipse-temurin-8-alpine AS builder + +# 设置阿里云镜像加速 +RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories + +# 拷贝 settings.xml +COPY ./docker/service/settings.xml /root/.m2/ + +# 复制 POM 文件先进行依赖下载 (利用 Docker 缓存) +WORKDIR /build +COPY pom.xml . +RUN mvn dependency:resolve + +# 构建 +COPY . . +RUN mvn clean package -DskipTests + +FROM --platform=$BUILDPLATFORM openjdk:8-jdk-alpine + USER root + WORKDIR /app + # 系统时区 ARG TZ=Asia/Shanghai -# 添加包 + +# 添加包 & 设置时区 RUN \ sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories && \ apk update && \ apk add curl && \ apk add udev && \ apk add tzdata && \ - apk add dmidecode -# 设置时区 -RUN ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime && \ - echo '${TZ}' > /etc/timezone -# 复制包 -COPY ./orion-visor-launch.jar /app/app.jar + ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime && \ + echo "${TZ}" > /etc/timezone + +# 从构建阶段复制 jar 包 +COPY --from=builder /build/orion-visor-launch/target/orion-visor-launch.jar /app/app.jar + # 启动 CMD ["java", "-jar", "/app/app.jar"] diff --git a/docker/service/build.sh b/docker/service/build.sh deleted file mode 100644 index 26274f55..00000000 --- a/docker/service/build.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -set -e -version=2.4.1 -mv ../../orion-visor-launch/target/orion-visor-launch.jar ./orion-visor-launch.jar -docker build -t orion-visor-service:${version} . -rm -rf ./orion-visor-launch.jar -docker tag orion-visor-service:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-service:${version} -docker tag orion-visor-service:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-service:latest diff --git a/docker/service/settings.xml b/docker/service/settings.xml new file mode 100644 index 00000000..b79392eb --- /dev/null +++ b/docker/service/settings.xml @@ -0,0 +1,43 @@ + + + + + repos + + + + aliyun + Aliyun Repository + https://maven.aliyun.com/repository/public + + true + + + true + + + + + + central + Maven Central Repository + https://repo.maven.apache.org/maven2 + + true + + + false + + + + + + + + + repos + + + \ No newline at end of file diff --git a/docker/ui/Dockerfile b/docker/ui/Dockerfile index a807e5fd..9a93db56 100644 --- a/docker/ui/Dockerfile +++ b/docker/ui/Dockerfile @@ -1,18 +1,51 @@ -FROM nginx:alpine +# 构建应用 +FROM --platform=$BUILDPLATFORM node:18-alpine AS builder + +# 设置阿里云镜像加速 +RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories + +# 安装 pnpm +RUN corepack enable && corepack prepare pnpm@latest --activate + +WORKDIR /app + +# 设置 pnpm 使用指定的 registry +ARG REGISTRY_URL=https://registry.npmmirror.com +RUN pnpm config set registry $REGISTRY_URL + +# 复制项目文件 (package.json等) +COPY ./orion-visor-ui/package.json ./orion-visor-ui/pnpm-lock.yaml* ./ + +# 安装依赖 (利用 Docker 缓存层) +RUN pnpm install --frozen-lockfile + +# 复制源代码 +COPY ./orion-visor-ui/ . + +# 构建项目 +RUN pnpm build + +# 打包静态资源 +FROM --platform=$BUILDPLATFORM nginx:alpine + # 系统时区 ARG TZ=Asia/Shanghai -# 添加包 + +# 添加包 & 设置时区 RUN \ sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories && \ apk update && \ - apk add tzdata -# 设置时区 -RUN ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime && \ - echo '${TZ}' > /etc/timezone -# 删除原 nginx 配置 -RUN rm -rf /etc/nginx/conf.d/* + apk add --no-cache tzdata && \ + ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime && \ + echo "${TZ}" > /etc/timezone && \ + rm -rf /var/cache/apk/* && \ + rm -rf /etc/nginx/conf.d/* + # 复制包 -COPY ./dist /usr/share/nginx/html -COPY ./nginx.conf /etc/nginx/conf.d +COPY --from=builder /app/dist /usr/share/nginx/html + +# 复制配置 +COPY ./docker/ui/nginx.conf /etc/nginx/conf.d + # 启动 -CMD ["nginx", "-g", "daemon off;"] +CMD ["nginx", "-g", "daemon off;"] \ No newline at end of file diff --git a/docker/ui/build.sh b/docker/ui/build.sh deleted file mode 100644 index e8ed2ae5..00000000 --- a/docker/ui/build.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash -set -e -version=2.4.1 -mv ../../orion-visor-ui/dist ./dist -docker build -t orion-visor-ui:${version} . -rm -rf ./orion-visor-launch.jar -rm -rf ./dist -docker tag orion-visor-ui:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-ui:${version} -docker tag orion-visor-ui:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-ui:latest