Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Drop building cryptography from source #219

Merged
merged 3 commits into from
Dec 27, 2024
Merged

Drop building cryptography from source #219

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
309e27b
Drops building cryptography from source in favor of using the pre-bui…
stumpylog Dec 27, 2024
dd55f51
Adds a workflow name for slight enhancement
stumpylog Dec 27, 2024
3d0ee6d
Setups up so forks and main can push to ghcr.io
stumpylog Dec 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 31 additions & 14 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,17 +8,40 @@ on:

jobs:
buildx:
name: Build Docker Image
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Check pushing to Docker Hub
id: push-other-places
# Only push to Dockerhub from the main repo
# Otherwise forks would require a Docker Hub account and secrets setup
run: |
if [[ ${{ github.repository_owner }} == "caronc" ]] ; then
echo "Enabling DockerHub image push"
echo "enable=true" >> $GITHUB_OUTPUT
else
echo "Not pushing to DockerHub"
echo "enable=false" >> $GITHUB_OUTPUT
fi

# Mostly for forks, set an output package name for ghcr.io using the repo name
- name: Set ghcr repository name
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not strictly speaking necessary, but makes it easier for forks to build the image and push it to the ghcr.io, so you can just pull an image to test.

Gives an image input like this on a fork and should have both tags enabled on the main repo.

id: set-ghcr-repository
run: |
ghcr_name=$(echo "${{ github.repository_owner }}/apprise" | awk '{ print tolower($0) }')
echo "Name is ${ghcr_name}"
echo "ghcr-repository=${ghcr_name}" >> $GITHUB_OUTPUT

- name: Docker meta
id: docker_meta
uses: docker/metadata-action@v5
with:
images: |
docker.io/caronc/apprise
ghcr.io/${{ steps.set-ghcr-repository.outputs.ghcr-repository }}
name=docker.io/caronc/apprise,enable=${{ steps.push-other-places.outputs.enable }}
tags: |
type=semver,event=tag,pattern={{version}}
type=semver,event=tag,pattern={{major}}.{{minor}}
Expand All @@ -30,19 +53,6 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Check pushing to Docker Hub
id: push-other-places
# Only push to Dockerhub from the main repo
# Otherwise forks would require a Docker Hub account and secrets setup
run: |
if [[ ${{ github.repository_owner }} == "caronc" ]] ; then
echo "Enabling DockerHub image push"
echo "enable=true" >> $GITHUB_OUTPUT
else
echo "Not pushing to DockerHub"
echo "enable=false" >> $GITHUB_OUTPUT
fi

- name: Login to DockerHub
uses: docker/login-action@v3
# Don't attempt to login is not pushing to Docker Hub
Expand All @@ -51,6 +61,13 @@ jobs:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}

- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Build and push
uses: docker/build-push-action@v6
with:
Expand Down
33 changes: 2 additions & 31 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,51 +13,22 @@ ENV APPRISE_CONFIG_DIR=/config
ENV APPRISE_ATTACH_DIR=/attach
ENV APPRISE_PLUGIN_PATHS=/plugin

FROM base AS builder

WORKDIR /build/

# Install nginx, supervisord, and cryptography dependencies
RUN set -eux && \
echo "Installing build dependencies" && \
apt-get update -qq && \
apt-get install -y -qq \
curl \
build-essential \
libffi-dev \
libssl-dev \
pkg-config && \
echo "Updating pip and getting requirements to build" && \
# Cryptography documents that the latest version of pip3 must always be used
python3 -m pip install --upgrade \
pip \
wheel && \
echo "Installing latest rustc" && \
# Pull in bleeding edge of rust to keep up with cryptography build requirements
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal && \
. "$HOME/.cargo/env" && \
echo "Buildingcryptography" && \
python3 -m pip wheel \
--no-binary cryptography \
cryptography

FROM base AS runtime

# Install requirements and gunicorn
COPY ./requirements.txt /etc/requirements.txt
COPY --from=builder /build/*.whl ./

RUN set -eux && \
echo "Installing nginx" && \
apt-get update -qq && \
apt-get install -y -qq \
nginx && \
echo "Installing cryptography" && \
pip3 install *.whl && \
echo "Installing tools" && \
apt-get install -y -qq \
curl sed git && \
echo "Installing python requirements" && \
pip3 install --no-cache-dir -q -r /etc/requirements.txt gunicorn supervisor && \
pip freeze && \
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As versions aren't locked for a decent number of items, this might be useful to see what was installed in a built image.

echo "Cleaning up" && \
apt-get --yes autoremove --purge && \
apt-get clean --yes && \
Expand Down
Loading