diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index e190826..09bdeef 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -363,14 +363,6 @@ jobs: push: true tags: bolcom/unftp:${{ env.BUILD_VERSION }}-alpine - - name: Build and push alpine-istio image - uses: docker/build-push-action@v2 - with: - context: . - file: ./packaging/docker/alpine-istio.Dockerfile.ci - push: true - tags: bolcom/unftp:${{ env.BUILD_VERSION }}-alpine-istio - - name: Build and push alpine-debug image uses: docker/build-push-action@v2 with: @@ -378,11 +370,3 @@ jobs: file: ./packaging/docker/alpine-debug.Dockerfile.ci push: true tags: bolcom/unftp:${{ env.BUILD_VERSION }}-alpine-debug - - - name: Build and push Scratch image - uses: docker/build-push-action@v2 - with: - context: . - file: ./packaging/docker/alpine-istio-debug.Dockerfile.ci - push: true - tags: bolcom/unftp:${{ env.BUILD_VERSION }}-alpine-istio-debug diff --git a/CHANGELOG.md b/CHANGELOG.md index ce6b281..c5961ac 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ - [#196](https://github.com/bolcom/unFTP/pull/196) --auth-type is now mandatory to prevent security risks from omission or typos that could leave the FTP server open - Upgraded dependencies - Upgraded to Rust 1.83.0 +- Removed istio (scuttle) image build in favor of using `proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }'` ## 2023-12-24 unftp v0.14.7 diff --git a/README.md b/README.md index 721cf97..108d738 100644 --- a/README.md +++ b/README.md @@ -40,8 +40,6 @@ We offer 3 different options for building an unFTP docker image: - `scratch`: builds the binary in [rust:slim](https://hub.docker.com/_/rust) and deploys in a `FROM scratch` image. The unFTP binary is statically linked using [musl libc](https://www.musl-libc.org/). - `alpine` (default): builds in [rust:slim](https://hub.docker.com/_/rust) and deploy in alpine. This image is built with musl instead of a full-blown libc. The unFTP binary is statically linked using [musl libc](https://www.musl-libc.org/). - `alpine-debug`: same images as `alpine` but using the debug build of unftp and adds tools like [lftp](https://lftp.yar.ru/) and [CurlFtpFS](http://curlftpfs.sourceforge.net/) while also running as root. -- `alpine-istio`: same as `alpine` but with [scuttle](https://github.com/redboxllc/scuttle) installed. For use together with [Istio](https://istio.io/). -- `alpine-istio-debug`: same as alpine-debug but with the additions of `alpine-istio`. To build the alpine docker image: diff --git a/RELEASE-CHECKLIST.md b/RELEASE-CHECKLIST.md index 5d00772..dd6217f 100644 --- a/RELEASE-CHECKLIST.md +++ b/RELEASE-CHECKLIST.md @@ -1,6 +1,8 @@ # Release Checklist * Update the Rust version in the Makefile and the Github actions file +* Update the Rust version in packaging/docker/*.ci +* Update the alpine version in the packaging/docker/alpine.Dockerfile.ci image * Update minor versions dependencies. Install [cargo-edit](https://crates.io/crates/cargo-edit) and run `cargo upgrade`. Cargo-edit also covers all the crates in the workspace * Update Cargo.toml with the new version number (also check for libunftp version references) diff --git a/alpine-istio-debug.Dockerfile.template b/alpine-istio-debug.Dockerfile.template deleted file mode 100644 index 79b3c27..0000000 --- a/alpine-istio-debug.Dockerfile.template +++ /dev/null @@ -1,26 +0,0 @@ -FROM rust:%%RUST_VERSION%%-slim AS builder -WORKDIR /usr/src/unftp -COPY . . -RUN apt-get update && apt-get install -y \ - musl-dev \ - musl-tools -RUN rustup target add x86_64-unknown-linux-musl -ENV RUSTFLAGS="-C target-feature=+crt-static" -RUN BUILD_VERSION="%%BUILD_VERSION%%" cargo build --no-default-features --features docker --target=x86_64-unknown-linux-musl - -FROM alpine:3.17 - -# for devel only -RUN apk add --repository http://dl-cdn.alpinelinux.org/alpine/v3.17/main fuse lftp curl -RUN apk add --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing curlftpfs - -# we could also RUN 'apk add ca-certificates', but we prefer to be consistent with the -minimal image -COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt -COPY --from=redboxoss/scuttle:latest /scuttle /bin/scuttle - -# no security measures, run as root -USER root -RUN mkdir /unftp -COPY --from=builder /usr/src/unftp/target/x86_64-unknown-linux-musl/debug/unftp /unftp -WORKDIR /unftp -CMD ["scuttle", "/unftp/unftp", "-vv"] diff --git a/alpine-istio.Dockerfile.template b/alpine-istio.Dockerfile.template deleted file mode 100644 index 63a5fc9..0000000 --- a/alpine-istio.Dockerfile.template +++ /dev/null @@ -1,26 +0,0 @@ -FROM rust:%%RUST_VERSION%%-slim AS builder -WORKDIR /usr/src/unftp -COPY . . -RUN apt-get update && apt-get install -y \ - musl-dev \ - musl-tools -RUN rustup target add x86_64-unknown-linux-musl -ENV RUSTFLAGS="-C target-feature=+crt-static" -RUN BUILD_VERSION="%%BUILD_VERSION%%" cargo build --no-default-features --features docker --release --target=x86_64-unknown-linux-musl - -FROM alpine:latest - -# we could also RUN 'apk add ca-certificates', but we prefer to be consistent with the -minimal image -COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt -COPY --from=redboxoss/scuttle:latest /scuttle /bin/scuttle -# run as user for security -RUN mkdir /unftp && mkdir -p /srv -RUN addgroup -g 1010 unftp \ - && adduser -D -s /bin/sh -u 1010 -G unftp unftp \ - && chown -R unftp:unftp /unftp /srv -COPY --chown=unftp:unftp --from=builder /usr/src/unftp/target/x86_64-unknown-linux-musl/release/unftp /unftp - -VOLUME /srv -WORKDIR /unftp -USER unftp -CMD ["scuttle", "/unftp/unftp", "-vv"] diff --git a/docs/server/docker.md b/docs/server/docker.md index 7bcfe71..0581fe1 100644 --- a/docs/server/docker.md +++ b/docs/server/docker.md @@ -6,7 +6,6 @@ You can download pre-made docker images from [docker hub](https://hub.docker.com ```sh docker pull bolcom/unftp:v0.14.7-alpine -docker pull bolcom/unftp:v0.14.7-alpine-istio docker pull bolcom/unftp:v0.14.7-scratch ``` diff --git a/packaging/docker/alpine-debug.Dockerfile.ci b/packaging/docker/alpine-debug.Dockerfile.ci index 7a48822..5aaa981 100644 --- a/packaging/docker/alpine-debug.Dockerfile.ci +++ b/packaging/docker/alpine-debug.Dockerfile.ci @@ -1,9 +1,9 @@ -FROM rust:1.70.0-slim AS builder +FROM rust:1.83.0-slim AS builder -FROM alpine:3.17 +FROM alpine:3.21 # for devel only -RUN apk add --repository http://dl-cdn.alpinelinux.org/alpine/v3.17/main fuse lftp curl +RUN apk add --repository http://dl-cdn.alpinelinux.org/alpine/v3.21/main fuse lftp curl RUN apk add --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing curlftpfs # we could also RUN 'apk add ca-certificates', but we prefer to be consistent with the -minimal image diff --git a/packaging/docker/alpine-istio-debug.Dockerfile.ci b/packaging/docker/alpine-istio-debug.Dockerfile.ci deleted file mode 100644 index aafb848..0000000 --- a/packaging/docker/alpine-istio-debug.Dockerfile.ci +++ /dev/null @@ -1,18 +0,0 @@ -FROM rust:1.70.0-slim AS builder - -FROM alpine:3.17 - -# for devel only -RUN apk add --repository http://dl-cdn.alpinelinux.org/alpine/v3.17/main fuse lftp curl -RUN apk add --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing curlftpfs - -# we could also RUN 'apk add ca-certificates', but we prefer to be consistent with the -minimal image -COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt -COPY --from=redboxoss/scuttle:latest /scuttle /bin/scuttle - -# no security measures, run as root -USER root -RUN mkdir /unftp -COPY --chmod=755 ./x86_64-unknown-linux-musl/unftp_x86_64-unknown-linux-musl /unftp/unftp -WORKDIR /unftp -CMD ["scuttle", "/unftp/unftp", "-vv"] diff --git a/packaging/docker/alpine-istio.Dockerfile.ci b/packaging/docker/alpine-istio.Dockerfile.ci deleted file mode 100644 index 95e9f7c..0000000 --- a/packaging/docker/alpine-istio.Dockerfile.ci +++ /dev/null @@ -1,18 +0,0 @@ -FROM rust:1.70.0-slim AS builder - -FROM alpine:latest - -# we could also RUN 'apk add ca-certificates', but we prefer to be consistent with the -minimal image -COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt -COPY --from=redboxoss/scuttle:latest /scuttle /bin/scuttle -# run as user for security -RUN mkdir /unftp && mkdir -p /srv -RUN addgroup -g 1010 unftp \ - && adduser -D -s /bin/sh -u 1010 -G unftp unftp \ - && chown -R unftp:unftp /unftp /srv -COPY --chown=unftp:unftp --chmod=755 ./x86_64-unknown-linux-musl/unftp_x86_64-unknown-linux-musl /unftp/unftp - -VOLUME /srv -WORKDIR /unftp -USER unftp -CMD ["scuttle", "/unftp/unftp", "-vv"] diff --git a/packaging/docker/alpine.Dockerfile.ci b/packaging/docker/alpine.Dockerfile.ci index 186c246..002ef6b 100644 --- a/packaging/docker/alpine.Dockerfile.ci +++ b/packaging/docker/alpine.Dockerfile.ci @@ -1,4 +1,4 @@ -FROM rust:1.70.0-slim AS builder +FROM rust:1.83.0-slim AS builder FROM alpine:latest diff --git a/packaging/docker/scratch.Dockerfile.ci b/packaging/docker/scratch.Dockerfile.ci index 2c6e183..8a901c3 100644 --- a/packaging/docker/scratch.Dockerfile.ci +++ b/packaging/docker/scratch.Dockerfile.ci @@ -1,4 +1,4 @@ -FROM rust:1.70.0-slim AS builder +FROM rust:1.83.0-slim AS builder FROM scratch