Prepare 1.9 image

.github/workflows/main.yml

@@ -1,27 +1,53 @@
 ---
 name: main
-
 on:
   push:
+    branches-ignore:
+      - release
+  pull_request:
+    branches-ignore:
+      - release
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
 
 jobs:
   build:
+    continue-on-error: ${{ matrix.build_cmd != './build-latest.sh' }}
     strategy:
       matrix:
         build_cmd:
           - ./build-latest.sh
+          - PRERELEASE=true ./build-latest.sh
           - ./build.sh main
+        os:
+          - ubuntu-latest
+          # - macos-latest
       fail-fast: false
-    runs-on: ubuntu-latest
-    name: Build new images
+    env:
+      GH_ACTION: enable
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      IMAGE_NAMES: docker.io/peeringmanager/peering-manager
+    runs-on: ${{ matrix.os }}
+    name: Build new Peering Manager Docker images
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-      - name: Build the image with '${{ matrix.build_cmd }}'
+      - name: Set up Docker Buildx
+        id: buildx-setup
+        uses: docker/setup-buildx-action@v3
+      # - name: Set BUILDX_PLATFORM to ARM64
+      #   if: matrix.os == 'macos-latest'
+      #   run: echo "BUILDX_PLATFORM=linux/arm64" >>"${GITHUB_ENV}"
+      - name: Build the image for '${{ matrix.os }}' with '${{ matrix.build_cmd }}'
         id: docker-build
         run: ${{ matrix.build_cmd }}
         env:
-          GH_ACTION: enable
+          BUILDX_BUILDER_NAME: ${{ steps.buildx-setup.outputs.name }}
+      # - name: Set Peering Manager container start_period higher on ARM64
+      #   if: matrix.os == 'macos-latest'
+      #   run: echo "PEERINGMANAGER_START_PERIOD=240s" >>"${GITHUB_ENV}"
       - name: Test the image
         run: IMAGE="${FINAL_DOCKER_TAG}" ./test.sh
         if: steps.docker-build.outputs.skipped != 'true'

.github/workflows/release.yml

@@ -7,53 +7,63 @@ on:
       - published
   schedule:
     - cron: '45 5 * * *'
+  workflow_dispatch:
 
 jobs:
   build:
     strategy:
       matrix:
         build_cmd:
           - ./build-latest.sh
+          - PRERELEASE=true ./build-latest.sh
           - ./build.sh main
+        platform:
+          - linux/amd64,linux/arm64
       fail-fast: false
     runs-on: ubuntu-latest
-    name: Build new images
+    name: Build new Peering Manager Docker images
     env:
       GH_ACTION: enable
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      IMAGE_NAMES: docker.io/peeringmanager/peering-manager ghcr.io/peering-manager/peering-manager
     steps:
       - name: Checkout
         uses: actions/checkout@v4
       - name: Get version of Peering Manager Docker
         run: echo "version=$(cat VERSION)" >>"$GITHUB_OUTPUT"
         shell: bash
-      - id: docker-build
-        name: Build the image with '${{ matrix.build_cmd }}'
+      - name: Check if the build is needed for '${{ matrix.build_cmd }}'
+        id: check-build-needed
+        env:
+          CHECK_ONLY: "true"
         run: ${{ matrix.build_cmd }}
-      - name: Test the image
-        run: IMAGE="${FINAL_DOCKER_TAG}" ./test.sh
-        if: steps.docker-build.outputs.skipped != 'true'
+      - name: Set up Docker Buildx
+        id: buildx-setup
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: "lab:latest"
+          driver: cloud
+          endpoint: "peeringmanager/peering-manager-default"
+        if: steps.check-build-needed.outputs.skipped != 'true'
       # docker.io
       - name: Login to docker.io
         uses: docker/login-action@v3
         with:
           registry: docker.io
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
-        if: steps.docker-build.outputs.skipped != 'true'
-      - name: Push the image to docker.io
-        run: ${{ matrix.build_cmd }} --push-only
-        if: steps.docker-build.outputs.skipped != 'true'
+        if: steps.check-build-needed.outputs.skipped != 'true'
       # ghcr.io
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
-        if: steps.docker-build.outputs.skipped != 'true'
-      - name: Push the image to ghcr.io
+        if: steps.check-build-needed.outputs.skipped != 'true'
+      - name: Push the image
         run: ${{ matrix.build_cmd }} --push
+        if: steps.check-build-needed.outputs.skipped != 'true'
         env:
-          DOCKER_REGISTRY: ghcr.io
-          DOCKER_ORG: peering-manager
-        if: steps.docker-build.outputs.skipped != 'true'
+          BUILDX_PLATFORM: ${{ matrix.platform }}
+          BUILDX_BUILDER_NAME: ${{ steps.buildx-setup.outputs.name }}

.gitignore

@@ -34,7 +34,7 @@ Network Trash Folder
 Temporary Items
 .apdisk
 
-.initializers
+docker-compose.override.yml
 configuration/*
 !configuration/configuration.py
 !configuration/extra.py

Dockerfile

@@ -1,4 +1,5 @@
-FROM alpine:3.19 as builder
+ARG FROM
+FROM ${FROM} AS builder
 
 RUN apk add --no-cache \
     bash \
@@ -26,11 +27,11 @@ RUN apk add --no-cache \
 
 ARG PEERING_MANAGER_PATH
 COPY ${PEERING_MANAGER_PATH}/requirements.txt requirements-container.txt /
-RUN /opt/peering-manager/venv/bin/pip install -r /requirements.txt
-RUN /opt/peering-manager/venv/bin/pip install -r /requirements-container.txt
-WORKDIR /peering-manager
+RUN \
+    sed -i -e 's/social-auth-core/social-auth-core\[all\]/g' /requirements.txt && \
+    /opt/peering-manager/venv/bin/pip install -r /requirements.txt -r /requirements-container.txt
 
-FROM alpine:3.19 as bgpq-builder
+FROM ${FROM} AS bgpq-builder
 
 RUN mkdir app && \
     apk add --no-cache build-base autoconf automake gcc git libtool linux-headers musl-dev
@@ -51,7 +52,7 @@ RUN mkdir /bgpq4 && \
 # Main stage #
 ##############
 
-FROM alpine:3.19 as main
+FROM ${FROM} AS main
 
 RUN apk add --no-cache \
     bash \
@@ -60,6 +61,8 @@ RUN apk add --no-cache \
     libevent \
     libffi \
     libjpeg-turbo \
+    libldap \
+    libsasl \
     libxslt \
     openssl \
     postgresql-client \
@@ -68,23 +71,23 @@ RUN apk add --no-cache \
     python3 \
     tini \
     unit \
-    unit-python3
-
-WORKDIR /opt
+    unit-python3 \
+    util-linux
 
 COPY --from=builder /opt/peering-manager/venv /opt/peering-manager/venv
 COPY --from=bgpq-builder /usr/local/bin/bgpq3 /usr/local/bin/bgpq3
 COPY --from=bgpq-builder /usr/local/bin/bgpq4 /usr/local/bin/bgpq4
 
 ARG PEERING_MANAGER_PATH
 COPY ${PEERING_MANAGER_PATH} /opt/peering-manager
+# Copy the modified 'requirements*.txt' files, to have the files actually used during installation
+COPY --from=builder /requirements.txt /requirements-container.txt /opt/peering-manager/
 
 COPY docker/configuration.docker.py /opt/peering-manager/peering_manager/configuration.py
+COPY docker/ldap_config.docker.py /opt/peering-manager/peering_manager/ldap_config.py
 COPY docker/docker-entrypoint.sh /opt/peering-manager/docker-entrypoint.sh
 COPY docker/run-command.sh /opt/peering-manager/run-command.sh
 COPY docker/launch-peering-manager.sh /opt/peering-manager/launch-peering-manager.sh
-COPY startup_scripts/ /opt/peering-manager/startup_scripts/
-COPY initializers/ /opt/peering-manager/initializers/
 COPY configuration/ /etc/peering-manager/config/
 COPY docker/nginx-unit.json /etc/unit/
 
@@ -97,8 +100,11 @@ RUN mkdir -p static /opt/unit/state/ /opt/unit/tmp/ \
     && chown -R unit:root /opt/unit/ \
     && chmod -R g+w /opt/unit/ \
     && cd /opt/peering-manager/ \
-    && SECRET_KEY="dummy" /opt/peering-manager/venv/bin/python /opt/peering-manager/manage.py collectstatic --no-input
+    && SECRET_KEY="dummy" /opt/peering-manager/venv/bin/python /opt/peering-manager/manage.py collectstatic --no-input \
+    && chown -R unit:root /opt/peering-manager/ \
+    && chmod -R g+w /opt/peering-manager/
 
+ENV LANG=C.utf8 PATH=/opt/peering-manager/venv/bin:$PATH
 ENTRYPOINT [ "/sbin/tini", "--" ]
 
 CMD [ "/opt/peering-manager/docker-entrypoint.sh", "/opt/peering-manager/launch-peering-manager.sh" ]
@@ -118,14 +124,4 @@ LABEL ORIGINAL_TAG="" \
     org.opencontainers.image.documentation="https://github.com/peering-manager/docker" \
     org.opencontainers.image.source="https://github.com/peering-manager/docker.git" \
     org.opencontainers.image.revision="" \
-    org.opencontainers.image.version="snapshot"
-
-###################
-## LDAP specific ##
-###################
-
-FROM main as ldap
-
-RUN apk add --no-cache libldap libsasl util-linux
-
-COPY docker/ldap_config.docker.py /opt/peering-manager/peering_manager/ldap_config.py
+    org.opencontainers.image.version=""

README.md

@@ -39,5 +39,3 @@ and override definitions from this file.
 This work is based on the great
 [netbox-docker](https://github.com/netbox-community/netbox-docker) project and
 uses the same license.
-
-

build-functions/check-commands.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+NEEDED_COMMANDS="curl jq docker skopeo"
+for c in $NEEDED_COMMANDS; do
+  if ! command -v "$c" &>/dev/null; then
+    echo "⚠️  '$c' is not installed. Can't proceed with build."
+    exit 1
+  fi
+done

build-functions/get-public-image-config.sh

@@ -1,82 +1,18 @@
 #!/bin/bash
-# Retrieves image configuration from public images in DockerHub
-# Functions from https://gist.github.com/cirocosta/17ea17be7ac11594cb0f290b0a3ac0d1
-# Optimised for our use case
 
-get_image_label() {
-  local label=$1
-  local image=$2
-  local tag=$3
-  local token
-  token=$(_get_token "$image")
-  local digest
-  digest=$(_get_digest "$image" "$tag" "$token")
-  local retval="null"
-  if [ "$digest" != "null" ]; then
-    retval=$(_get_image_configuration "$image" "$token" "$digest" "$label")
-  fi
-  echo "$retval"
-}
-
-get_image_layers() {
-  local image=$1
-  local tag=$2
-  local token
-  token=$(_get_token "$image")
-  _get_layers "$image" "$tag" "$token"
-}
-
-get_image_last_layer() {
+check_if_tags_exists() {
   local image=$1
   local tag=$2
-  local token
-  token=$(_get_token "$image")
-  local layers
-  mapfile -t layers < <(_get_layers "$image" "$tag" "$token")
-  echo "${layers[-1]}"
+  skopeo list-tags "docker://$image" | jq -r ".Tags | contains([\"$tag\"])"
 }
 
-_get_image_configuration() {
-  local image=$1
-  local token=$2
-  local digest=$3
-  local label=$4
-  curl \
-    --silent \
-    --location \
-    --header "Authorization: Bearer $token" \
-    "https://registry-1.docker.io/v2/$image/blobs/$digest" |
-    jq -r ".config.Labels.\"$label\""
-}
-
-_get_token() {
-  local image=$1
-  curl \
-    --silent \
-    "https://auth.docker.io/token?scope=repository:$image:pull&service=registry.docker.io" |
-    jq -r '.token'
-}
-
-_get_digest() {
-  local image=$1
-  local tag=$2
-  local token=$3
-  curl \
-    --silent \
-    --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
-    --header "Authorization: Bearer $token" \
-    "https://registry-1.docker.io/v2/$image/manifests/$tag" |
-    jq -r '.config.digest'
+get_image_label() {
+  local label=$1
+  local image=$2
+  skopeo inspect "docker://$image" | jq -r ".Labels[\"$label\"]"
 }
 
-_get_layers() {
+get_image_last_layer() {
   local image=$1
-  local tag=$2
-  local token=$3
-  curl \
-    --silent \
-    --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
-    --header "Authorization: Bearer $token" \
-    "https://registry-1.docker.io/v2/$image/manifests/$tag" |
-    jq -r '.layers[].digest'
+  skopeo inspect "docker://$image" | jq -r ".Layers | last"
 }

build-functions/gh-functions.sh

@@ -23,7 +23,7 @@ gh_env() {
 ###
 # Prints the output to the file defined in ${GITHUB_OUTPUT}.
 # Only executes if ${GH_ACTION} is defined.
-# Example Usage: gh_out "FOO_VAR=bar_value"
+# Example Usage: gh_env "FOO_VAR=bar_value"
 ###
 gh_out() {
   if [ -n "${GH_ACTION}" ]; then