Merge pull request #119 from vicnoah/main

添加github action用于构建并推送docker镜像到dockerhub以及github cr

.github/workflows/docker-publish.yml

@@ -0,0 +1,129 @@
+name: Docker Publish
+
+on:
+  push:
+    tags:
+      - 'v*' # Trigger on version tags like v1.0.0
+  workflow_dispatch: # Allow manual trigger
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read    # To read repository content
+      packages: write   # To push packages to GitHub Container Registry
+
+    env:
+      DOCKERHUB_USERNAME: ${{ vars.DOCKERHUB_ORGNAME }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract Docker metadata
+        id: meta # Giving an ID to this step to reference its outputs later
+        uses: docker/metadata-action@v5
+        with:
+          images: | # Define base image names for metadata generation
+            orion-visor-adminer
+            orion-visor-guacd
+            orion-visor-mysql
+            orion-visor-redis
+            orion-visor-service
+            orion-visor-ui
+          tags: | # Define how tags are generated
+            type=semver,pattern={{version}} # Main strategy: git tag v1.2.3 will produce tag 1.2.3
+            type=semver,pattern={{major}}.{{minor}} # e.g., v1.2.3 -> 1.2
+            type=semver,pattern={{major}} # e.g., v1.2.3 -> 1
+
+      # --- Build and push generic images ---
+
+      - name: Build and push orion-visor-adminer
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./docker/adminer/Dockerfile
+          push: true
+          tags: |
+            ${{ env.DOCKERHUB_USERNAME }}/orion-visor-adminer:${{ steps.meta.outputs.version }}
+            ghcr.io/${{ github.repository_owner }}/orion-visor-adminer:${{ steps.meta.outputs.version }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64
+
+      - name: Build and push orion-visor-guacd
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./docker/guacd/Dockerfile
+          push: true
+          tags: |
+            ${{ env.DOCKERHUB_USERNAME }}/orion-visor-guacd:${{ steps.meta.outputs.version }}
+            ghcr.io/${{ github.repository_owner }}/orion-visor-guacd:${{ steps.meta.outputs.version }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64
+
+      - name: Build and push orion-visor-mysql
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./docker/mysql/Dockerfile
+          push: true
+          tags: |
+            ${{ env.DOCKERHUB_USERNAME }}/orion-visor-mysql:${{ steps.meta.outputs.version }}
+            ghcr.io/${{ github.repository_owner }}/orion-visor-mysql:${{ steps.meta.outputs.version }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64
+
+      - name: Build and push orion-visor-redis
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./docker/redis/Dockerfile
+          push: true
+          tags: |
+            ${{ env.DOCKERHUB_USERNAME }}/orion-visor-redis:${{ steps.meta.outputs.version }}
+            ghcr.io/${{ github.repository_owner }}/orion-visor-redis:${{ steps.meta.outputs.version }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64
+
+      - name: Build and push orion-visor-service
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./docker/service/Dockerfile
+          push: true
+          tags: |
+            ${{ env.DOCKERHUB_USERNAME }}/orion-visor-service:${{ steps.meta.outputs.version }}
+            ghcr.io/${{ github.repository_owner }}/orion-visor-service:${{ steps.meta.outputs.version }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64
+
+      - name: Build and push orion-visor-ui
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./docker/ui/Dockerfile
+          push: true
+          tags: |
+            ${{ env.DOCKERHUB_USERNAME }}/orion-visor-ui:${{ steps.meta.outputs.version }}
+            ghcr.io/${{ github.repository_owner }}/orion-visor-ui:${{ steps.meta.outputs.version }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64 # Uncomment for multi-platform builds

build_docker.sh

@@ -0,0 +1,38 @@
+#/bin/bash
+set -e
+
+# ./build_docker.sh --push 这样使用会编译完成后自动推送镜像到阿里云仓库
+version=2.4.1
+push_images=false
+
+# 解析参数
+while [[ $# -gt 0 ]]; do
+    case "$1" in
+        --push)
+            push_images=true
+            shift
+            ;;
+        *)
+            echo "未知参数: $1"
+            exit 1
+            ;;
+    esac
+done
+
+docker build -f ./docker/ui/Dockerfile -t orion-visor-ui:${version} -t registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-ui:${version} . && \
+docker build -f ./docker/service/Dockerfile -t orion-visor-service:${version} -t registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-service:${version} . && \
+docker build -f ./docker/mysql/Dockerfile -t orion-visor-mysql:${version} -t registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-mysql:${version} . && \
+docker build -f ./docker/redis/Dockerfile -t orion-visor-redis:${version} -t registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-redis:${version} . && \
+docker build -f ./docker/adminer/Dockerfile -t orion-visor-adminer:${version} -t registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-adminer:${version} . && \
+docker build -f ./docker/guacd/Dockerfile -t orion-visor-guacd:${version} -t registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-guacd:${version} .
+
+
+# 如果需要推送镜像
+if [ "$push_images" = true ]; then
+    docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-adminer:${version}
+    docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-mysql:${version}
+    docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-redis:${version}
+    docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-guacd:${version}
+    docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-service:${version}
+    docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-ui:${version}
+fi

docker/adminer/Dockerfile

@@ -1 +1 @@
-FROM adminer:latest
+FROM --platform=$BUILDPLATFORM adminer:latest

docker/adminer/build.sh

@@ -1,6 +0,0 @@
-#/bin/bash
-set -e
-version=2.4.1
-docker build -t orion-visor-adminer:${version} .
-docker tag orion-visor-adminer:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-adminer:${version}
-docker tag orion-visor-adminer:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-adminer:latest

docker/guacd/Dockerfile

@@ -1,4 +1,4 @@
-FROM guacamole/guacd:1.6.0
+FROM --platform=$BUILDPLATFORM guacamole/guacd:1.6.0
 USER root
 # 系统时区
 ARG TZ=Asia/Shanghai

docker/guacd/build.sh

@@ -1,6 +0,0 @@
-#/bin/bash
-set -e
-version=2.4.1
-docker build -t orion-visor-guacd:${version} .
-docker tag orion-visor-guacd:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-guacd:${version}
-docker tag orion-visor-guacd:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-guacd:latest

docker/mysql/Dockerfile

@@ -1,16 +1,13 @@
-FROM mysql:8.0.28
+FROM --platform=$BUILDPLATFORM mysql:8.0.28
 # 系统时区
 ARG TZ=Asia/Shanghai
 # 设置时区
 RUN ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime && \
   echo '${TZ}' > /etc/timezone
 # 复制配置
-COPY ./my.cnf /etc/mysql/conf.d/my.cnf
+COPY ./docker/mysql/my.cnf /etc/mysql/conf.d/my.cnf
 # 复制初始化脚本
-COPY ./sql/init-1-schema-databases.sql /tmp
-COPY ./sql/init-2-schema-tables.sql /tmp
-COPY ./sql/init-3-schema-quartz.sql /tmp
-COPY ./sql/init-4-data.sql /tmp
+COPY ./sql /tmp
 # 设置初始化脚本
 RUN cat /tmp/init-1-schema-databases.sql >> /tmp/init.sql && \
     cat /tmp/init-2-schema-tables.sql >> /tmp/init.sql && \

docker/mysql/build.sh

@@ -1,8 +0,0 @@
-#/bin/bash
-set -e
-version=2.4.1
-cp -r ../../sql ./sql
-docker build -t orion-visor-mysql:${version} .
-rm -rf ./sql
-docker tag orion-visor-mysql:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-mysql:${version}
-docker tag orion-visor-mysql:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-mysql:latest

docker/push.sh

@@ -1,15 +0,0 @@
-#/bin/bash
-set -e
-version=2.4.1
-docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-adminer:${version}
-docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-mysql:${version}
-docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-redis:${version}
-docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-guacd:${version}
-docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-service:${version}
-docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-ui:${version}
-docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-adminer:latest
-docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-mysql:latest
-docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-redis:latest
-docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-guacd:latest
-docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-service:latest
-docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-ui:latest

docker/redis/Dockerfile

@@ -1,4 +1,4 @@
-FROM redis:6.0.16-alpine
+FROM --platform=$BUILDPLATFORM redis:6.0.16-alpine
 WORKDIR /data
 # 系统时区
 ARG TZ=Asia/Shanghai
@@ -11,5 +11,5 @@ RUN \
 RUN ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime && \
   echo '${TZ}' > /etc/timezone
 # redis 配置
-COPY ./redis.conf /tmp
+COPY ./docker/redis/redis.conf /tmp
 RUN cat /tmp/redis.conf > /usr/local/redis.conf

docker/redis/build.sh

@@ -1,6 +0,0 @@
-#/bin/bash
-set -e
-version=2.4.1
-docker build -t orion-visor-redis:${version} .
-docker tag orion-visor-redis:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-redis:${version}
-docker tag orion-visor-redis:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-redis:latest

docker/service/Dockerfile

@@ -1,4 +1,18 @@
-FROM openjdk:8-jdk-alpine
+# 第一阶段：Maven构建阶段
+FROM --platform=$BUILDPLATFORM maven:3.9.10-eclipse-temurin-8-alpine AS builder
+
+# 设置阿里云镜像加速
+RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories
+
+# 复制POM文件先进行依赖下载（利用Docker缓存）
+WORKDIR /build
+COPY . .
+RUN mvn dependency:go-offline
+
+# 构建
+RUN mvn clean package -DskipTests
+
+FROM --platform=$BUILDPLATFORM openjdk:8-jdk-alpine
 USER root
 WORKDIR /app
 # 系统时区
@@ -14,7 +28,9 @@ RUN \
 # 设置时区
 RUN ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime && \
   echo '${TZ}' > /etc/timezone
-# 复制包
-COPY ./orion-visor-launch.jar /app/app.jar
+
+# 从构建阶段复制jar包
+COPY --from=builder /build/orion-visor-launch/target/orion-visor-launch.jar /app/app.jar
+
 # 启动
-CMD ["java", "-jar", "/app/app.jar"]
+CMD ["java", "-jar", "/app/app.jar"]

docker/service/build.sh

@@ -1,8 +0,0 @@
-#/bin/bash
-set -e
-version=2.4.1
-mv ../../orion-visor-launch/target/orion-visor-launch.jar ./orion-visor-launch.jar
-docker build -t orion-visor-service:${version} .
-rm -rf ./orion-visor-launch.jar
-docker tag orion-visor-service:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-service:${version}
-docker tag orion-visor-service:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-service:latest

docker/ui/Dockerfile

@@ -1,4 +1,26 @@
-FROM nginx:alpine
+FROM --platform=$BUILDPLATFORM node:18-alpine AS builder
+
+# 设置阿里云镜像加速
+RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories
+
+# 安装pnpm
+RUN corepack enable && corepack prepare pnpm@latest --activate
+
+WORKDIR /app
+
+# 复制项目文件（包括package.json等）
+COPY ./orion-visor-ui/package.json ./orion-visor-ui/pnpm-lock.yaml* ./
+
+# 安装依赖（利用Docker缓存层）
+RUN pnpm install --frozen-lockfile
+
+# 复制源代码
+COPY ./orion-visor-ui/ .
+
+# 构建项目
+RUN pnpm build
+
+FROM --platform=$BUILDPLATFORM nginx:alpine
 # 系统时区
 ARG TZ=Asia/Shanghai
 # 添加包
@@ -12,7 +34,7 @@ RUN ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime && \
 # 删除原 nginx 配置
 RUN rm -rf /etc/nginx/conf.d/*
 # 复制包
-COPY ./dist /usr/share/nginx/html
-COPY ./nginx.conf /etc/nginx/conf.d
+COPY --from=builder /app/dist /usr/share/nginx/html
+COPY ./docker/ui/nginx.conf /etc/nginx/conf.d
 # 启动
 CMD ["nginx", "-g", "daemon off;"]

docker/ui/build.sh

@@ -1,9 +0,0 @@
-#/bin/bash
-set -e
-version=2.4.1
-mv ../../orion-visor-ui/dist ./dist
-docker build -t orion-visor-ui:${version} .
-rm -rf ./orion-visor-launch.jar
-rm -rf ./dist
-docker tag orion-visor-ui:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-ui:${version}
-docker tag orion-visor-ui:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-ui:latest