diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 00000000..a21ba24f --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,129 @@ +name: Docker Publish + +on: + push: + tags: + - 'v*' # Trigger on version tags like v1.0.0 + workflow_dispatch: # Allow manual trigger + +jobs: + build-and-push: + runs-on: ubuntu-latest + permissions: + contents: read # To read repository content + packages: write # To push packages to GitHub Container Registry + + env: + DOCKERHUB_USERNAME: ${{ vars.DOCKERHUB_ORGNAME }} + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract Docker metadata + id: meta # Giving an ID to this step to reference its outputs later + uses: docker/metadata-action@v5 + with: + images: | # Define base image names for metadata generation + orion-visor-adminer + orion-visor-guacd + orion-visor-mysql + orion-visor-redis + orion-visor-service + orion-visor-ui + tags: | # Define how tags are generated + type=semver,pattern={{version}} # Main strategy: git tag v1.2.3 will produce tag 1.2.3 + type=semver,pattern={{major}}.{{minor}} # e.g., v1.2.3 -> 1.2 + type=semver,pattern={{major}} # e.g., v1.2.3 -> 1 + + # --- Build and push generic images --- + + - name: Build and push orion-visor-adminer + uses: docker/build-push-action@v5 + with: + context: . + file: ./docker/adminer/Dockerfile + push: true + tags: | + ${{ env.DOCKERHUB_USERNAME }}/orion-visor-adminer:${{ steps.meta.outputs.version }} + ghcr.io/${{ github.repository_owner }}/orion-visor-adminer:${{ steps.meta.outputs.version }} + labels: ${{ steps.meta.outputs.labels }} + platforms: linux/amd64,linux/arm64 + + - name: Build and push orion-visor-guacd + uses: docker/build-push-action@v5 + with: + context: . + file: ./docker/guacd/Dockerfile + push: true + tags: | + ${{ env.DOCKERHUB_USERNAME }}/orion-visor-guacd:${{ steps.meta.outputs.version }} + ghcr.io/${{ github.repository_owner }}/orion-visor-guacd:${{ steps.meta.outputs.version }} + labels: ${{ steps.meta.outputs.labels }} + platforms: linux/amd64,linux/arm64 + + - name: Build and push orion-visor-mysql + uses: docker/build-push-action@v5 + with: + context: . + file: ./docker/mysql/Dockerfile + push: true + tags: | + ${{ env.DOCKERHUB_USERNAME }}/orion-visor-mysql:${{ steps.meta.outputs.version }} + ghcr.io/${{ github.repository_owner }}/orion-visor-mysql:${{ steps.meta.outputs.version }} + labels: ${{ steps.meta.outputs.labels }} + platforms: linux/amd64,linux/arm64 + + - name: Build and push orion-visor-redis + uses: docker/build-push-action@v5 + with: + context: . + file: ./docker/redis/Dockerfile + push: true + tags: | + ${{ env.DOCKERHUB_USERNAME }}/orion-visor-redis:${{ steps.meta.outputs.version }} + ghcr.io/${{ github.repository_owner }}/orion-visor-redis:${{ steps.meta.outputs.version }} + labels: ${{ steps.meta.outputs.labels }} + platforms: linux/amd64,linux/arm64 + + - name: Build and push orion-visor-service + uses: docker/build-push-action@v5 + with: + context: . + file: ./docker/service/Dockerfile + push: true + tags: | + ${{ env.DOCKERHUB_USERNAME }}/orion-visor-service:${{ steps.meta.outputs.version }} + ghcr.io/${{ github.repository_owner }}/orion-visor-service:${{ steps.meta.outputs.version }} + labels: ${{ steps.meta.outputs.labels }} + platforms: linux/amd64,linux/arm64 + + - name: Build and push orion-visor-ui + uses: docker/build-push-action@v5 + with: + context: . + file: ./docker/ui/Dockerfile + push: true + tags: | + ${{ env.DOCKERHUB_USERNAME }}/orion-visor-ui:${{ steps.meta.outputs.version }} + ghcr.io/${{ github.repository_owner }}/orion-visor-ui:${{ steps.meta.outputs.version }} + labels: ${{ steps.meta.outputs.labels }} + platforms: linux/amd64,linux/arm64 # Uncomment for multi-platform builds diff --git a/build_docker.sh b/build_docker.sh new file mode 100755 index 00000000..6411fc32 --- /dev/null +++ b/build_docker.sh @@ -0,0 +1,38 @@ +#/bin/bash +set -e + +# ./build_docker.sh --push 这样使用会编译完成后自动推送镜像到阿里云仓库 +version=2.4.1 +push_images=false + +# 解析参数 +while [[ $# -gt 0 ]]; do + case "$1" in + --push) + push_images=true + shift + ;; + *) + echo "未知参数: $1" + exit 1 + ;; + esac +done + +docker build -f ./docker/ui/Dockerfile -t orion-visor-ui:${version} -t registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-ui:${version} . && \ +docker build -f ./docker/service/Dockerfile -t orion-visor-service:${version} -t registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-service:${version} . && \ +docker build -f ./docker/mysql/Dockerfile -t orion-visor-mysql:${version} -t registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-mysql:${version} . && \ +docker build -f ./docker/redis/Dockerfile -t orion-visor-redis:${version} -t registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-redis:${version} . && \ +docker build -f ./docker/adminer/Dockerfile -t orion-visor-adminer:${version} -t registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-adminer:${version} . && \ +docker build -f ./docker/guacd/Dockerfile -t orion-visor-guacd:${version} -t registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-guacd:${version} . + + +# 如果需要推送镜像 +if [ "$push_images" = true ]; then + docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-adminer:${version} + docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-mysql:${version} + docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-redis:${version} + docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-guacd:${version} + docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-service:${version} + docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-ui:${version} +fi \ No newline at end of file diff --git a/docker/adminer/Dockerfile b/docker/adminer/Dockerfile index 9ee4d40b..b93cae46 100644 --- a/docker/adminer/Dockerfile +++ b/docker/adminer/Dockerfile @@ -1 +1 @@ -FROM adminer:latest +FROM --platform=$BUILDPLATFORM adminer:latest diff --git a/docker/adminer/build.sh b/docker/adminer/build.sh deleted file mode 100644 index 714410f5..00000000 --- a/docker/adminer/build.sh +++ /dev/null @@ -1,6 +0,0 @@ -#/bin/bash -set -e -version=2.4.1 -docker build -t orion-visor-adminer:${version} . -docker tag orion-visor-adminer:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-adminer:${version} -docker tag orion-visor-adminer:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-adminer:latest diff --git a/docker/guacd/Dockerfile b/docker/guacd/Dockerfile index 5bbaf75c..b9427b6b 100644 --- a/docker/guacd/Dockerfile +++ b/docker/guacd/Dockerfile @@ -1,4 +1,4 @@ -FROM guacamole/guacd:1.6.0 +FROM --platform=$BUILDPLATFORM guacamole/guacd:1.6.0 USER root # 系统时区 ARG TZ=Asia/Shanghai diff --git a/docker/guacd/build.sh b/docker/guacd/build.sh deleted file mode 100644 index 0597bab2..00000000 --- a/docker/guacd/build.sh +++ /dev/null @@ -1,6 +0,0 @@ -#/bin/bash -set -e -version=2.4.1 -docker build -t orion-visor-guacd:${version} . -docker tag orion-visor-guacd:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-guacd:${version} -docker tag orion-visor-guacd:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-guacd:latest diff --git a/docker/mysql/Dockerfile b/docker/mysql/Dockerfile index 26e9dc42..a8b72c65 100644 --- a/docker/mysql/Dockerfile +++ b/docker/mysql/Dockerfile @@ -1,16 +1,13 @@ -FROM mysql:8.0.28 +FROM --platform=$BUILDPLATFORM mysql:8.0.28 # 系统时区 ARG TZ=Asia/Shanghai # 设置时区 RUN ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime && \ echo '${TZ}' > /etc/timezone # 复制配置 -COPY ./my.cnf /etc/mysql/conf.d/my.cnf +COPY ./docker/mysql/my.cnf /etc/mysql/conf.d/my.cnf # 复制初始化脚本 -COPY ./sql/init-1-schema-databases.sql /tmp -COPY ./sql/init-2-schema-tables.sql /tmp -COPY ./sql/init-3-schema-quartz.sql /tmp -COPY ./sql/init-4-data.sql /tmp +COPY ./sql /tmp # 设置初始化脚本 RUN cat /tmp/init-1-schema-databases.sql >> /tmp/init.sql && \ cat /tmp/init-2-schema-tables.sql >> /tmp/init.sql && \ diff --git a/docker/mysql/build.sh b/docker/mysql/build.sh deleted file mode 100644 index 37bf3f45..00000000 --- a/docker/mysql/build.sh +++ /dev/null @@ -1,8 +0,0 @@ -#/bin/bash -set -e -version=2.4.1 -cp -r ../../sql ./sql -docker build -t orion-visor-mysql:${version} . -rm -rf ./sql -docker tag orion-visor-mysql:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-mysql:${version} -docker tag orion-visor-mysql:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-mysql:latest diff --git a/docker/push.sh b/docker/push.sh deleted file mode 100644 index 2de73c74..00000000 --- a/docker/push.sh +++ /dev/null @@ -1,15 +0,0 @@ -#/bin/bash -set -e -version=2.4.1 -docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-adminer:${version} -docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-mysql:${version} -docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-redis:${version} -docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-guacd:${version} -docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-service:${version} -docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-ui:${version} -docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-adminer:latest -docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-mysql:latest -docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-redis:latest -docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-guacd:latest -docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-service:latest -docker push registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-ui:latest diff --git a/docker/redis/Dockerfile b/docker/redis/Dockerfile index b95416cf..ff4bc473 100644 --- a/docker/redis/Dockerfile +++ b/docker/redis/Dockerfile @@ -1,4 +1,4 @@ -FROM redis:6.0.16-alpine +FROM --platform=$BUILDPLATFORM redis:6.0.16-alpine WORKDIR /data # 系统时区 ARG TZ=Asia/Shanghai @@ -11,5 +11,5 @@ RUN \ RUN ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime && \ echo '${TZ}' > /etc/timezone # redis 配置 -COPY ./redis.conf /tmp +COPY ./docker/redis/redis.conf /tmp RUN cat /tmp/redis.conf > /usr/local/redis.conf diff --git a/docker/redis/build.sh b/docker/redis/build.sh deleted file mode 100644 index f0a54c46..00000000 --- a/docker/redis/build.sh +++ /dev/null @@ -1,6 +0,0 @@ -#/bin/bash -set -e -version=2.4.1 -docker build -t orion-visor-redis:${version} . -docker tag orion-visor-redis:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-redis:${version} -docker tag orion-visor-redis:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-redis:latest diff --git a/docker/service/Dockerfile b/docker/service/Dockerfile index 0215fad6..2598500f 100644 --- a/docker/service/Dockerfile +++ b/docker/service/Dockerfile @@ -1,4 +1,18 @@ -FROM openjdk:8-jdk-alpine +# 第一阶段:Maven构建阶段 +FROM --platform=$BUILDPLATFORM maven:3.9.10-eclipse-temurin-8-alpine AS builder + +# 设置阿里云镜像加速 +RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories + +# 复制POM文件先进行依赖下载(利用Docker缓存) +WORKDIR /build +COPY . . +RUN mvn dependency:go-offline + +# 构建 +RUN mvn clean package -DskipTests + +FROM --platform=$BUILDPLATFORM openjdk:8-jdk-alpine USER root WORKDIR /app # 系统时区 @@ -14,7 +28,9 @@ RUN \ # 设置时区 RUN ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime && \ echo '${TZ}' > /etc/timezone -# 复制包 -COPY ./orion-visor-launch.jar /app/app.jar + +# 从构建阶段复制jar包 +COPY --from=builder /build/orion-visor-launch/target/orion-visor-launch.jar /app/app.jar + # 启动 -CMD ["java", "-jar", "/app/app.jar"] +CMD ["java", "-jar", "/app/app.jar"] \ No newline at end of file diff --git a/docker/service/build.sh b/docker/service/build.sh deleted file mode 100644 index f8dd6b97..00000000 --- a/docker/service/build.sh +++ /dev/null @@ -1,8 +0,0 @@ -#/bin/bash -set -e -version=2.4.1 -mv ../../orion-visor-launch/target/orion-visor-launch.jar ./orion-visor-launch.jar -docker build -t orion-visor-service:${version} . -rm -rf ./orion-visor-launch.jar -docker tag orion-visor-service:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-service:${version} -docker tag orion-visor-service:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-service:latest diff --git a/docker/ui/Dockerfile b/docker/ui/Dockerfile index a807e5fd..8ddf0845 100644 --- a/docker/ui/Dockerfile +++ b/docker/ui/Dockerfile @@ -1,4 +1,26 @@ -FROM nginx:alpine +FROM --platform=$BUILDPLATFORM node:18-alpine AS builder + +# 设置阿里云镜像加速 +RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories + +# 安装pnpm +RUN corepack enable && corepack prepare pnpm@latest --activate + +WORKDIR /app + +# 复制项目文件(包括package.json等) +COPY ./orion-visor-ui/package.json ./orion-visor-ui/pnpm-lock.yaml* ./ + +# 安装依赖(利用Docker缓存层) +RUN pnpm install --frozen-lockfile + +# 复制源代码 +COPY ./orion-visor-ui/ . + +# 构建项目 +RUN pnpm build + +FROM --platform=$BUILDPLATFORM nginx:alpine # 系统时区 ARG TZ=Asia/Shanghai # 添加包 @@ -12,7 +34,7 @@ RUN ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime && \ # 删除原 nginx 配置 RUN rm -rf /etc/nginx/conf.d/* # 复制包 -COPY ./dist /usr/share/nginx/html -COPY ./nginx.conf /etc/nginx/conf.d +COPY --from=builder /app/dist /usr/share/nginx/html +COPY ./docker/ui/nginx.conf /etc/nginx/conf.d # 启动 CMD ["nginx", "-g", "daemon off;"] diff --git a/docker/ui/build.sh b/docker/ui/build.sh deleted file mode 100644 index 471297e2..00000000 --- a/docker/ui/build.sh +++ /dev/null @@ -1,9 +0,0 @@ -#/bin/bash -set -e -version=2.4.1 -mv ../../orion-visor-ui/dist ./dist -docker build -t orion-visor-ui:${version} . -rm -rf ./orion-visor-launch.jar -rm -rf ./dist -docker tag orion-visor-ui:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-ui:${version} -docker tag orion-visor-ui:${version} registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-ui:latest