debug ci

.github/workflows/build-openresty.yaml

@@ -0,0 +1,48 @@
+name: BuildOpenresty
+# only trigger it manually
+on:
+  workflow_dispatch:
+    inputs:
+      do_release:
+        type: boolean
+        description: sync alb-nginx-base image to dockerhub
+        required: true
+        default: false
+  push:
+    branches:
+    - feat/ACP-37252-ghci
+    paths-ignore:
+    - 'docs/**'
+    - '**.md'
+concurrency:
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true
+
+jobs:
+  build-openresty:
+    name: Build Openresty
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "[email protected]"
+      - uses: docker/setup-buildx-action@v3
+      - name: build
+        run: |
+          ./scripts/run-like-github-actions.sh build-nginx
+      - name: Upload alb-nginx-base images to artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: alb-nginx-base
+          path: alb-nginx-base.tar
+      - name: release
+        env:
+          RELEASE_ME: "${{ github.event.inputs.do_release == 'true' }}"
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+          DOCKER_CLI_EXPERIMENTAL: enabled
+        run: |
+          ./scripts/run-like-github-actions.sh release-nginx

.github/workflows/build.yaml

@@ -1,4 +1,4 @@
-name: Build 
+name: Build
 on:
   workflow_dispatch:
     inputs:
@@ -30,7 +30,6 @@ env:
   GOSEC_VERSION: '2.18.2'
   HELM_VERSION: v3.13.3
   SUBMARINER_VERSION: '0.16.2'
-  IMAGE_REPO: "theseedoaa"
 jobs:
   build-alb:
     name: Build alb
@@ -41,46 +40,22 @@ jobs:
         run: |
           git config user.name "$GITHUB_ACTOR"
           git config user.email "[email protected]"
-      - name: version
+      - name: version # it will set the CURRENT_VERSION env
         uses: HardNorth/[email protected]
         with:
           version-source: file
-          version-file: .github/VERSION
-          version-file-extraction-pattern: 'v(.+)'
+          version-file: ./deploy/chart/alb/Chart.yaml
+          version-file-extraction-pattern: 'version: v([0-9]*\.[0-9]*\.[0-9]*)'
       - uses: docker/setup-buildx-action@v3
       - uses: azure/setup-helm@v3
         with:
           version: '${{ env.HELM_VERSION }}'
       - name: build
+        env:
+            RELEASE_ME: "${{ github.event.inputs.do_release == 'true' }}"
         run: |
           set -x
-          source ./scripts/alb-dev-actions.sh
-          export VERSION=$(alb-github-gen-version)
-
-          OPENRESTY_BASE=theseedoaa/alb-nginx-base:v1.22.0
-          GO_BUILD_BASE=golang:1.21.6-alpine
-          RUN_BASE=theseedoaa/ops-alpine:3.17 # we need nonroot user
-
-          #  build images
-          docker buildx build --platform linux/amd64 -t $IMAGE_REPO/alb:$VERSION --build-arg VERSION=$VERSION  --build-arg RUN_BASE=$RUN_BASE --build-arg BUILD_BASE=$GO_BUILD_BASE -o type=docker -f ./Dockerfile . 
-
-          docker pull $OPENRESTY_BASE 
-          docker buildx build --platform linux/amd64 -t $IMAGE_REPO/alb-nginx:$VERSION --build-arg VERSION=$VERSION  --build-arg OPENRESTY_BASE=$OPENRESTY_BASE --build-arg BUILD_BASE=$GO_BUILD_BASE -o type=docker -f ./template/Dockerfile ./ 
-
-          docker images
-          
-          docker save $IMAGE_REPO/alb:$VERSION > alb.tar
-          docker save $IMAGE_REPO/alb-nginx:$VERSION > alb-nginx.tar
-          ls
-          env
-          # build chart
-          rm -rf .cr-release-packages
-          mkdir -p .cr-release-packages
-          chart=$(alb-build-github-chart $IMAGE_REPO $VERSION  ./deploy/chart/alb .cr-release-packages/ )
-          cp $chart alauda-alb2.tgz
-          tree ./deploy/chart/alb
-          tree .cr-release-packages
-          cat ./deploy/chart/alb/Chart.yaml
+          ./scripts/run-like-github-actions.sh build-alb
       - name: Upload alb images to artifact
         uses: actions/upload-artifact@v3
         with:
@@ -103,30 +78,10 @@ jobs:
       - name: release
         if: ${{ inputs.do_release }}
         env:
+          RELEASE_ME: "${{ github.event.inputs.do_release == 'true' }}"
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
           DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
           DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
           DOCKER_CLI_EXPERIMENTAL: enabled
         run: |
-          echo "in release"
-          # push docker
-          source ./scripts/alb-dev-actions.sh
-          export VERSION=$(alb-github-gen-version)
-          echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
-          docker push $IMAGE_REPO/alb:$VERSION
-          docker push $IMAGE_REPO/alb-nginx:$VERSION
-
-          # push chart
-          owner=$(cut -d '/' -f 1 <<< "$GITHUB_REPOSITORY")
-          repo=$(cut -d '/' -f 2 <<< "$GITHUB_REPOSITORY")
-
-          args=(--owner "$owner" --repo "$repo" --charts-dir "./deploy/chart/alb" --skip-packaging "true" --pages-branch "gh-pages")
-
-          echo "sync chart"
-          git status
-          git log | head -n 30
-          git remote -v
-          git remote update
-          git branch -r
-
-          .github/cr.sh "${args[@]}"
+          ./scripts/run-like-github-actions.sh release-alb

Dockerfile

@@ -1,6 +1,5 @@
 ARG GO_BUILD_BASE=docker-mirrors.alauda.cn/library/golang:1.22.5-alpine
 ARG OPENRESTY_BASE=build-harbor.alauda.cn/3rdparty/alb-nginx:v1.25.3
-ARG RUN_BASE=build-harbor.alauda.cn/ops/alpine:3.20
 
 FROM ${GO_BUILD_BASE} AS go_builder
 
@@ -52,7 +51,9 @@ STOPSIGNAL SIGQUIT
 # libcap: tweak file capability
 # zlib-dev: policy-zip
 # iproute2: ss
-RUN umask 027 && \ 
+# add nonroot user to run base image if not exist
+RUN sh -c "cat /etc/passwd | grep nonroot || (adduser -D nonroot && mkdir -p /etc/sudoers.d && echo 'nonroot ALL=(ALL) NOPASSWD: ALL' >/etc/sudoers.d/nonroot && chmod 0440 /etc/sudoers.d/nonroot)" && \ 
+umask 027 && \ 
 sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/g' /etc/apk/repositories && \ 
 apk add --no-cache zlib-dev libcap iproute2 yq jq curl bash && \ 
 mkdir -p /alb/ctl/tools && \ 

scripts/alb-github-actions.sh

@@ -1,14 +1,6 @@
 #!/bin/bash
-function alb-github-gen-version() {
-  local branch=$(echo "${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" | sed 's|/|-|g')
-  if [[ "$branch" == "master" ]]; then
-    echo v$CURRENT_VERSION
-    return
-  fi
-  echo "v$CURRENT_VERSION-$branch.$GITHUB_RUN_NUMBER.$GITHUB_RUN_ATTEMPT"
-}
 
-function alb-github-sync() {
+function alb-gh-pull-artifact() {
   local runid=$1
 
   if [ -z "$runid" ]; then
@@ -30,26 +22,7 @@ function alb-github-sync() {
   # do some test
 }
 
-function alb-build-github-chart() {
-  #   alb-build-github-chart $RELEASE_TAG ./chart/alb ./xx
-  local repo=$1
-  local version=$2
-  local chart_dir=$3
-  local out_dir=$4
-
-  local branch=$GITHUB_HEAD_REF
-  local commit=$GITHUB_SHA
-  cp ./.github/chart/alb/values.yaml $chart_dir
-  cp ./deploy/chart/alb/crds/crd.alauda.io_alaudaloadbalancer2.yaml $chart_dir/crds # do not served v1
-  yq -i e ".global.images.alb2.tag |= \"$version\"" $chart_dir/values.yaml
-  yq -i e ".global.registry.address |= \"$repo\"" $chart_dir/values.yaml
-  yq -i e ".global.images.nginx.tag |= \"$version\"" $chart_dir/values.yaml
-  yq -i e ".annotations.branch |= \"$branch\"" $chart_dir/Chart.yaml
-  yq -i e ".annotations.commit |= \"$commit\"" $chart_dir/Chart.yaml
-  yq -i e ".version |= \"$version\"" $chart_dir/Chart.yaml
-
-  helm package --debug $chart_dir >/dev/null
-  mv ./alauda-alb2-$version.tgz $out_dir
-  echo "$out_dir/alauda-alb2-$version.tgz"
-  return
-}
+function alb-gh-wk-build-and-relase-nginx() (
+  local branch=${1-$(git rev-parse --abbrev-ref HEAD)}
+  gh workflow run build-openresty.yaml --ref $branch -f do_release=true
+)

scripts/run-like-github-actions.sh

@@ -0,0 +1,138 @@
+#!/bin/bash
+
+export IMAGE_REPO="theseedoaa"
+# required env $CURRENT_VERSION $RELEASE_ME
+function alb-gh-build-alb() (
+  source ./scripts/alb-dev-actions.sh
+  export ver=$(alb-github-gen-version)
+  echo "version $CURRENT_VERSION this ver $ver is_release $RELEASE_ME"
+
+  OPENRESTY_BASE=theseedoaa/alb-nginx-base:v1.25.3
+  GO_BUILD_BASE=golang:1.22.5-alpine
+  #  build images
+  docker buildx build --network=host --platform linux/amd64 -t $IMAGE_REPO/alb:$VERSION --build-arg VERSION=$VERSION --build-arg BUILD_BASE=$GO_BUILD_BASE -o type=docker -f ./Dockerfile .
+  docker images
+  docker save $IMAGE_REPO/alb:$VERSION >alb.tar
+  ls
+  # build chart
+  rm -rf .cr-release-packages
+  mkdir -p .cr-release-packages
+  chart=$(alb-build-github-chart $IMAGE_REPO $VERSION ./deploy/chart/alb .cr-release-packages/)
+  cp $chart alauda-alb2.tgz
+  tree ./deploy/chart/alb
+  tree .cr-release-packages
+  cat ./deploy/chart/alb/Chart.yaml
+  return
+)
+
+function alb-gh-release-alb() (
+  if [[ "$RELEASE_ME" != "true" ]]; then
+    echo "skip release"
+    return
+  fi
+  echo "in release"
+  # push docker
+  source ./scripts/alb-dev-actions.sh
+  export VERSION=$(alb-github-gen-version)
+  echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
+  docker push $IMAGE_REPO/alb:$VERSION
+  docker push $IMAGE_REPO/alb-nginx:$VERSION
+
+  # push chart
+  owner=$(cut -d '/' -f 1 <<<"$GITHUB_REPOSITORY")
+  repo=$(cut -d '/' -f 2 <<<"$GITHUB_REPOSITORY")
+
+  args=(--owner "$owner" --repo "$repo" --charts-dir "./deploy/chart/alb" --skip-packaging "true" --pages-branch "gh-pages")
+
+  echo "sync chart"
+  git status
+  git log | head -n 30
+  git remote -v
+  git remote update
+  git branch -r
+
+  .github/cr.sh "${args[@]}"
+  return
+)
+
+function alb-gh-build-nginx() (
+  local ver=$(alb-gh-get-nginx-ver)
+  local RESTY_PCRE_VERSION=$(cat ./template/Dockerfile.openresty | grep RESTY_PCRE_VERSION= | awk -F = '{print $2}' | tr -d '"')
+  local RESTY_PCRE_BASE="https://downloads.sourceforge.net/project/pcre/pcre/$RESTY_PCRE_VERSION/pcre-$RESTY_PCRE_VERSION.tar.gz"
+  local resty_base="docker.io/library/alpine"
+  docker buildx build \
+    --progress=plain \
+    --no-cache \
+    --network=host \
+    --platform linux/amd64 \
+    -t $IMAGE_REPO/alb-nginx-base:$ver \
+    --build-arg RESTY_IMAGE_BASE=$resty_base \
+    --build-arg RESTY_PCRE_BASE=$RESTY_PCRE_BASE \
+    -o type=docker \
+    -f ./template/Dockerfile.openresty \
+    ./
+  docker images
+  docker save $IMAGE_REPO/alb-nginx-base:$ver >alb-nginx-base.tar
+  return
+)
+
+function alb-gh-release-nginx() (
+  echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
+  docker images
+  local ver=$(alb-gh-get-nginx-ver)
+  docker push $IMAGE_REPO/alb-nginx-base:$ver
+  return
+)
+
+function alb-gh-get-nginx-ver() (
+  cat ./Dockerfile | grep OPENRESTY_BASE | grep alb-nginx | awk -F : '{print $2}'
+)
+
+function alb-github-gen-version() {
+  local branch=$(echo "${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" | sed 's|/|-|g')
+  if [[ "$branch" == "master" ]]; then
+    echo v$CURRENT_VERSION
+    return
+  fi
+  echo "v$CURRENT_VERSION-$branch.$GITHUB_RUN_NUMBER.$GITHUB_RUN_ATTEMPT"
+}
+
+function alb-build-github-chart() {
+  #   alb-build-github-chart $RELEASE_TAG ./chart/alb ./xx
+  local repo=$1
+  local version=$2
+  local chart_dir=$3
+  local out_dir=$4
+
+  local branch=$GITHUB_HEAD_REF
+  local commit=$GITHUB_SHA
+  cp ./.github/chart/alb/values.yaml $chart_dir
+  cp ./deploy/chart/alb/crds/crd.alauda.io_alaudaloadbalancer2.yaml $chart_dir/crds # do not served v1
+  yq -i e ".global.images.alb2.tag |= \"$version\"" $chart_dir/values.yaml
+  yq -i e ".global.registry.address |= \"$repo\"" $chart_dir/values.yaml
+  yq -i e ".global.images.nginx.tag |= \"$version\"" $chart_dir/values.yaml
+  yq -i e ".annotations.branch |= \"$branch\"" $chart_dir/Chart.yaml
+  yq -i e ".annotations.commit |= \"$commit\"" $chart_dir/Chart.yaml
+  yq -i e ".version |= \"$version\"" $chart_dir/Chart.yaml
+
+  helm package --debug $chart_dir >/dev/null
+  mv ./alauda-alb2-$version.tgz $out_dir
+  echo "$out_dir/alauda-alb2-$version.tgz"
+  return
+}
+
+if [ "$0" = "$BASH_SOURCE" ]; then
+  if [[ "$1" == "build-nginx" ]]; then
+    alb-gh-build-nginx
+  fi
+  if [[ "$1" == "release-nginx" ]]; then
+    alb-gh-release-nginx
+  fi
+
+  if [[ "$1" == "build-alb" ]]; then
+    alb-gh-build-alb
+  fi
+  if [[ "$1" == "release-alb" ]]; then
+    alb-gh-release-alb
+  fi
+fi

template/Dockerfile.openresty

@@ -4,14 +4,13 @@
 ARG RESTY_IMAGE_BASE="build-harbor.alauda.cn/ops/alpine"
 ARG RESTY_IMAGE_TAG="3.20"
 
-
 FROM ${RESTY_IMAGE_BASE}:${RESTY_IMAGE_TAG}
 
+ARG RESTY_PCRE_BASE="http://prod-minio.alauda.cn/acp/pcre-8.45.tar.gz"
+
 LABEL maintainer="congwu <[email protected]>"
 
 # Docker Build Arguments
-ARG RESTY_IMAGE_BASE="build-harbor.alauda.cn/ops/alpine"
-ARG RESTY_IMAGE_TAG="3.20"
 ARG RESTY_VERSION="1.25.3.1"
 ARG RESTY_OPENSSL_VERSION="1.1.1w"
 ARG RESTY_OPENSSL_PATCH_VERSION="1.1.1f"
@@ -70,9 +69,6 @@ ARG _RESTY_CONFIG_DEPS="--with-pcre \
     --with-ld-opt='-L/usr/local/openresty/pcre/lib -L/usr/local/openresty/openssl/lib -Wl,-rpath,/usr/local/openresty/pcre/lib:/usr/local/openresty/openssl/lib' \
     "
 
-LABEL resty_image_base="${RESTY_IMAGE_BASE}"
-LABEL resty_image_tag="${RESTY_IMAGE_TAG}"
-LABEL resty_version="${RESTY_VERSION}"
 LABEL resty_openssl_version="${RESTY_OPENSSL_VERSION}"
 LABEL resty_openssl_patch_version="${RESTY_OPENSSL_PATCH_VERSION}"
 LABEL resty_openssl_url_base="${RESTY_OPENSSL_URL_BASE}"
@@ -134,7 +130,7 @@ RUN echo "build" && apk add --no-cache --virtual .build-deps \
     && make -j${RESTY_J} \
     && make -j${RESTY_J} install_sw \
     && cd /tmp \
-    && curl -fSL http://prod-minio.alauda.cn/acp/pcre-${RESTY_PCRE_VERSION}.tar.gz -o pcre-${RESTY_PCRE_VERSION}.tar.gz \
+    && curl -fSL $RESTY_PCRE_BASE -o pcre-${RESTY_PCRE_VERSION}.tar.gz \
     && echo "${RESTY_PCRE_SHA256}  pcre-${RESTY_PCRE_VERSION}.tar.gz" | shasum -a 256 --check \
     && tar xzf pcre-${RESTY_PCRE_VERSION}.tar.gz \
     && cd /tmp/pcre-${RESTY_PCRE_VERSION} \