From a564e87387efc49773a05ffa23985eaf35fd85dd Mon Sep 17 00:00:00 2001 From: Michael Kriese Date: Tue, 18 May 2021 07:05:44 +0200 Subject: [PATCH] feat: support apt proxy (#50) --- .github/workflows/build.yaml | 15 ++++++++++++++- Dockerfile | 1 + Dockerfile.bionic | 1 + README.md | 5 +++++ docker-bake.hcl | 24 ++++++++++++++++++++---- src/usr/local/buildpack/util.sh | 6 ++++++ test/dotnet/Dockerfile | 4 ++++ test/erlang/Dockerfile | 2 ++ test/golang/Dockerfile | 1 + test/helm/Dockerfile | 1 - test/java/Dockerfile | 4 ++++ test/latest/Dockerfile | 15 +++++++++++++++ test/nix/Dockerfile | 2 ++ test/node/Dockerfile | 8 ++++++++ test/php/Dockerfile | 6 ++++++ test/powershell/Dockerfile | 2 ++ test/python/Dockerfile | 5 ++++- test/ruby/Dockerfile | 4 ++++ test/rust/Dockerfile | 2 ++ test/swift/Dockerfile | 4 ++++ 20 files changed, 105 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index df3c160e1..9a5626fb0 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -17,6 +17,7 @@ env: YARN_PACKAGE_CACHE_KEY: v1 YARN_CACHE_FOLDER: .cache/yarn NODE_VERSION: 14 + APT_HTTP_PROXY: http://172.17.0.1:3142 jobs: distro: @@ -34,6 +35,9 @@ jobs: steps: - uses: actions/checkout@v2.3.4 + - name: start apt-cacher + run: sudo apt-get install -y apt-cacher-ng + - name: test distro run: docker buildx bake --progress plain test @@ -62,9 +66,15 @@ jobs: latest, ] + env: + TAG: ${{ matrix.tag }} + steps: - uses: actions/checkout@v2.3.4 + - name: start apt-cacher + run: sudo apt-get install -y apt-cacher-ng + - name: build run: docker buildx bake --progress plain @@ -72,7 +82,7 @@ jobs: run: docker image ls - name: test - run: docker buildx build --progress plain ./test/${{ matrix.tag }} + run: docker buildx bake --progress plain build_test release: needs: [lang, distro] @@ -105,6 +115,9 @@ jobs: with: fetch-depth: 0 + - name: start apt-cacher + run: sudo apt-get install -y apt-cacher-ng + - name: Docker registry login if: github.ref == 'refs/heads/main' run: | diff --git a/Dockerfile b/Dockerfile index ffd3a5d0a..723685ab6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,6 +11,7 @@ FROM ubuntu:focal@sha256:cf31af331f38d1d7158470e095b132acd126a7180a54f263d386da8 ARG USER_ID ARG USER_NAME +ARG APT_HTTP_PROXY LABEL maintainer="Rhys Arkins " \ org.opencontainers.image.source="https://github.com/containerbase/buildpack" diff --git a/Dockerfile.bionic b/Dockerfile.bionic index d06fc7613..e69402547 100644 --- a/Dockerfile.bionic +++ b/Dockerfile.bionic @@ -11,6 +11,7 @@ FROM ubuntu:bionic@sha256:538529c9d229fb55f50e6746b119e899775205d62c0fc1b7e679b3 ARG USER_ID ARG USER_NAME +ARG APT_HTTP_PROXY LABEL maintainer="Rhys Arkins " \ org.opencontainers.image.source="https://github.com/containerbase/buildpack" diff --git a/README.md b/README.md index 77df3a5ba..4306536d5 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,11 @@ This repository is the source for the Docker Hub image `containerbase/buildpack`. Commits to `main` branch are automatically built and published. +## Apt proxy + +You can pass a custom temporary Apt proxy at build or runtime when installing new packages via `APT_HTTP_PROXY` arg. +All buildpack tool installer and the `install-apt` command will configure the Proxy for installation and remove it afterwards. + ## Custom base image To use a custom base image with `containerbase/buildpack` checkout [custom-base-image](./docs/custom-base-image.md) docs. diff --git a/docker-bake.hcl b/docker-bake.hcl index 04e7d94e6..4e0e827b8 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -8,6 +8,10 @@ variable "TAG" { default = "latest" } +variable "APT_HTTP_PROXY" { + default = "" +} + group "default" { targets = ["build_docker"] } @@ -23,6 +27,12 @@ group "test" { target "settings" { context = "." + args = { + APT_HTTP_PROXY = "${APT_HTTP_PROXY}" + } +} + +target "cache" { cache-from = [ "type=registry,ref=ghcr.io/${OWNER}/cache:${FILE}", "type=registry,ref=ghcr.io/${OWNER}/cache:${FILE}-${TAG}", @@ -30,7 +40,7 @@ target "settings" { } target "push_cache" { - inherits = ["settings"] + inherits = ["settings", "cache"] output = ["type=registry"] tags = [ "ghcr.io/${OWNER}/cache:${FILE}-${TAG}", @@ -40,7 +50,7 @@ target "push_cache" { } target "build_docker" { - inherits = ["settings"] + inherits = ["settings", "cache"] output = ["type=docker"] tags = [ "ghcr.io/${OWNER}/${FILE}", @@ -51,14 +61,20 @@ target "build_docker" { } target "build_distro" { + inherits = ["settings"] dockerfile = "Dockerfile.${TAG}" tags = [ "${OWNER}/${FILE}:${TAG}" ] } -target "push_ghcr" { +target "build_test" { inherits = ["settings"] + context ="./test/${TAG}" +} + +target "push_ghcr" { + inherits = ["settings", "cache"] output = ["type=registry"] tags = [ "ghcr.io/${OWNER}/${FILE}", @@ -67,7 +83,7 @@ target "push_ghcr" { } target "push_hub" { - inherits = ["settings"] + inherits = ["settings", "cache"] output = ["type=registry"] tags = ["${OWNER}/${FILE}", "${OWNER}/${FILE}:${TAG}"] } diff --git a/src/usr/local/buildpack/util.sh b/src/usr/local/buildpack/util.sh index dd79157f5..ef1ff0b89 100644 --- a/src/usr/local/buildpack/util.sh +++ b/src/usr/local/buildpack/util.sh @@ -121,8 +121,14 @@ function check_semver () { function apt_install () { echo "Installing apt packages: ${@}" + if [[ "${APT_HTTP_PROXY}" ]]; then + echo "Acquire::HTTP::Proxy \"${APT_HTTP_PROXY}\";" | tee -a /etc/apt/apt.conf.d/buildpack-proxy + echo "Acquire::HTTPS::Proxy \"DIRECT\";" | tee -a /etc/apt/apt.conf.d/buildpack-proxy + fi apt-get update apt-get install -y "$@" + + rm -f /etc/apt/apt.conf.d/buildpack-proxy } function require_distro () { diff --git a/test/dotnet/Dockerfile b/test/dotnet/Dockerfile index d07e2ee5e..94e8fb173 100644 --- a/test/dotnet/Dockerfile +++ b/test/dotnet/Dockerfile @@ -13,6 +13,8 @@ COPY --chown=1000:0 test test #-------------------------------------- FROM base as net3 +ARG APT_HTTP_PROXY + # renovate: datasource=docker lookupName=mcr.microsoft.com/dotnet/sdk versioning=docker RUN install-tool dotnet 3.1.409 @@ -43,6 +45,8 @@ RUN set -ex; \ #-------------------------------------- FROM base as testb +ARG APT_HTTP_PROXY + # renovate: datasource=docker lookupName=mcr.microsoft.com/dotnet/sdk versioning=docker RUN install-tool dotnet 5.0.203 diff --git a/test/erlang/Dockerfile b/test/erlang/Dockerfile index f05e7778f..37f7b7efd 100644 --- a/test/erlang/Dockerfile +++ b/test/erlang/Dockerfile @@ -1,6 +1,8 @@ ARG IMAGE=containerbase/buildpack FROM ${IMAGE} +ARG APT_HTTP_PROXY + # Erlang #disable renovate: datasource=github-releases lookupName=erlang/otp versioning=loose diff --git a/test/golang/Dockerfile b/test/golang/Dockerfile index 76e1b0add..ccacd53b3 100644 --- a/test/golang/Dockerfile +++ b/test/golang/Dockerfile @@ -1,6 +1,7 @@ ARG IMAGE=containerbase/buildpack FROM ${IMAGE} as build + RUN touch /.dummy WORKDIR /tmp diff --git a/test/helm/Dockerfile b/test/helm/Dockerfile index 508482631..ccbf717a7 100644 --- a/test/helm/Dockerfile +++ b/test/helm/Dockerfile @@ -1,7 +1,6 @@ ARG IMAGE=containerbase/buildpack FROM ${IMAGE} as build - # renovate: datasource=github-releases lookupName=helm/helm RUN install-tool helm v3.5.4 diff --git a/test/java/Dockerfile b/test/java/Dockerfile index 61dc9a412..ec1c88571 100644 --- a/test/java/Dockerfile +++ b/test/java/Dockerfile @@ -1,6 +1,8 @@ ARG IMAGE=containerbase/buildpack FROM ${IMAGE} as build +ARG APT_HTTP_PROXY + # TODO: only lts # renovate: datasource=docker lookupName=openjdk versioning=docker RUN install-tool java 11.0.11 @@ -37,6 +39,7 @@ RUN gradle --version #-------------------------------------- FROM build as testb +ARG APT_HTTP_PROXY # need to stay old RUN install-tool java 8 @@ -46,6 +49,7 @@ RUN install-tool java 8 #-------------------------------------- FROM build as testc +ARG APT_HTTP_PROXY # renovate: datasource=docker lookupName=openjdk versioning=docker RUN install-tool java 16.0.1 diff --git a/test/latest/Dockerfile b/test/latest/Dockerfile index c79e817e6..955ca338a 100644 --- a/test/latest/Dockerfile +++ b/test/latest/Dockerfile @@ -1,6 +1,8 @@ ARG IMAGE=containerbase/buildpack FROM ${IMAGE} as build +ARG APT_HTTP_PROXY + RUN touch /.dummy # install nginx for request testing @@ -55,6 +57,8 @@ RUN set -ex; \ #-------------------------------------- FROM build as testb +ARG APT_HTTP_PROXY + # renovate: datasource=github-releases depName=containerbase/python-prebuild ARG PYTHON_VERSION=3.9.5 RUN install-tool python @@ -67,6 +71,8 @@ RUN set -ex; \ #-------------------------------------- FROM build as testc +ARG APT_HTTP_PROXY + # renovate: datasource=docker versioning=docker RUN install-tool node 14.17.0 @@ -78,6 +84,8 @@ RUN set -ex; \ #-------------------------------------- FROM build as testd +ARG APT_HTTP_PROXY + # renovate: datasource=github-releases lookupName=containerbase/python-prebuild RUN install-tool php 7.4.14 @@ -90,6 +98,8 @@ RUN set -ex; \ #-------------------------------------- FROM build as teste +ARG APT_HTTP_PROXY + # Do not renovate ruby 2.x RUN install-tool ruby 2.6.4 @@ -102,6 +112,8 @@ RUN set -ex; \ #-------------------------------------- FROM build as testf +ARG APT_HTTP_PROXY + # renovate: datasource=github-releases lookupName=PowerShell/PowerShell RUN install-tool powershell v7.1.3 @@ -112,6 +124,9 @@ RUN set -ex; cat /etc/hosts; \ # test: terraform #-------------------------------------- FROM build as testg + +ARG APT_HTTP_PROXY + # renovate: datasource=docker lookupName=hashicorp/terraform versioning=docker RUN install-tool terraform 0.15.3 diff --git a/test/nix/Dockerfile b/test/nix/Dockerfile index c86fdbeaf..b23598f34 100644 --- a/test/nix/Dockerfile +++ b/test/nix/Dockerfile @@ -1,6 +1,8 @@ ARG IMAGE=containerbase/buildpack FROM ${IMAGE} as build +ARG APT_HTTP_PROXY + # renovate: datasource=github-releases lookupName=NixOS/nix RUN install-tool nix 2.3.10 diff --git a/test/node/Dockerfile b/test/node/Dockerfile index 8b6343587..cabca9439 100644 --- a/test/node/Dockerfile +++ b/test/node/Dockerfile @@ -1,6 +1,8 @@ ARG IMAGE=containerbase/buildpack FROM ${IMAGE} as build +ARG APT_HTTP_PROXY + # renovate: datasource=docker versioning=docker RUN install-tool node 14.17.0 @@ -36,6 +38,8 @@ RUN npm --version #-------------------------------------- FROM build as testb +ARG APT_HTTP_PROXY + RUN npm install -g yarn RUN set -ex; \ @@ -75,6 +79,8 @@ RUN set -ex; \ FROM build as testc +ARG APT_HTTP_PROXY + USER root # renovate: datasource=npm @@ -101,6 +107,8 @@ RUN set -ex; \ FROM ${IMAGE} as testd +ARG APT_HTTP_PROXY + # renovate: datasource=npm RUN install-tool node 15.0.1 diff --git a/test/php/Dockerfile b/test/php/Dockerfile index 3e6c71e64..504cefbe9 100644 --- a/test/php/Dockerfile +++ b/test/php/Dockerfile @@ -12,6 +12,8 @@ COPY --chown=1000:0 test test #-------------------------------------- FROM base as testa +ARG APT_HTTP_PROXY + # old php version, not for renovating RUN install-tool php 7.4.14 @@ -48,6 +50,8 @@ RUN set -ex; \ #-------------------------------------- FROM base as testb +ARG APT_HTTP_PROXY + # old php version, not for renovating RUN install-tool php 5.6.40 @@ -79,6 +83,8 @@ RUN composer --version #-------------------------------------- FROM base as testc +ARG APT_HTTP_PROXY + # no auto env for testing SHELL [ "/bin/sh", "-c" ] diff --git a/test/powershell/Dockerfile b/test/powershell/Dockerfile index 0836644ad..af7fd417c 100644 --- a/test/powershell/Dockerfile +++ b/test/powershell/Dockerfile @@ -1,6 +1,8 @@ ARG IMAGE=containerbase/buildpack FROM ${IMAGE} as build +ARG APT_HTTP_PROXY + # renovate: datasource=github-releases lookupName=PowerShell/PowerShell RUN install-tool powershell v7.1.3 diff --git a/test/python/Dockerfile b/test/python/Dockerfile index df21578f0..b04f6631c 100644 --- a/test/python/Dockerfile +++ b/test/python/Dockerfile @@ -1,7 +1,6 @@ ARG IMAGE=containerbase/buildpack FROM ${IMAGE} as base - RUN touch /.dummy WORKDIR /tmp @@ -9,6 +8,8 @@ COPY --chown=1000:0 test test FROM base as build +ARG APT_HTTP_PROXY + # Python # renovate: datasource=github-releases lookupName=containerbase/python-prebuild RUN install-tool python 3.9.5 @@ -16,6 +17,8 @@ RUN install-tool python 3.9.5 FROM base as build-rootless +ARG APT_HTTP_PROXY + USER 1000 # renovate: datasource=github-releases lookupName=containerbase/python-prebuild diff --git a/test/ruby/Dockerfile b/test/ruby/Dockerfile index 221e8bb15..90d816cbf 100644 --- a/test/ruby/Dockerfile +++ b/test/ruby/Dockerfile @@ -1,6 +1,8 @@ ARG IMAGE=containerbase/buildpack FROM ${IMAGE} as build +ARG APT_HTTP_PROXY + # Do not renovate ruby 2.x RUN install-tool ruby 2.6.4 @@ -12,6 +14,8 @@ COPY --chown=1000:0 test test FROM ${IMAGE} as build3 +ARG APT_HTTP_PROXY + # renovate: datasource=github-releases lookupName=containerbase/ruby-prebuild versioning=ruby RUN install-tool ruby 3.0.1 diff --git a/test/rust/Dockerfile b/test/rust/Dockerfile index f9655f884..4e4ef7241 100644 --- a/test/rust/Dockerfile +++ b/test/rust/Dockerfile @@ -1,6 +1,8 @@ ARG IMAGE=containerbase/buildpack FROM ${IMAGE} as build +ARG APT_HTTP_PROXY + # renovate: datasource=docker versioning=docker RUN install-tool rust 1.52.1 diff --git a/test/swift/Dockerfile b/test/swift/Dockerfile index c349088f8..45c7899f1 100644 --- a/test/swift/Dockerfile +++ b/test/swift/Dockerfile @@ -1,6 +1,8 @@ ARG IMAGE=containerbase/buildpack FROM ${IMAGE} as build +ARG APT_HTTP_PROXY + # renovate: datasource=docker versioning=docker RUN install-tool swift 5.4.0 @@ -40,6 +42,8 @@ RUN swift --version #-------------------------------------- FROM build as testb +ARG APT_HTTP_PROXY + # renovate: datasource=docker versioning=docker RUN install-tool swift 5.4.0