From af3f8bb63912a3f9c14202ad91dbcc383fa843de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Verstraeten?= Date: Tue, 9 Sep 2025 16:28:19 +0200 Subject: [PATCH 01/12] Add GitHub Actions workflow for pull request builds and update Dockerfile dependencies --- .github/workflows/pr-build.yml | 65 ++++++++++++++++++++++++++++++++++ .gitignore | 1 + Dockerfile | 43 ++++++++++++++++------ 3 files changed, 99 insertions(+), 10 deletions(-) create mode 100644 .github/workflows/pr-build.yml diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml new file mode 100644 index 0000000..7ea45c8 --- /dev/null +++ b/.github/workflows/pr-build.yml @@ -0,0 +1,65 @@ +name: Build pull request +on: + pull_request: + types: [opened, synchronize] + +env: + REPO: kerberos/agent + +jobs: + build-amd64: + runs-on: ubuntu-latest + permissions: + contents: write + strategy: + matrix: + architecture: [amd64] + steps: + - name: Login to DockerHub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Checkout + uses: actions/checkout@v3 + - uses: benjlevesque/short-sha@v2.1 + id: short-sha + with: + length: 7 + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Available platforms + run: echo ${{ steps.buildx.outputs.platforms }} + - name: Run Buildx + run: docker buildx build --platform linux/$(echo ${{matrix.architecture}} | tr - /) -t $REPO-arch:arch-${{matrix.architecture}}-${{github.event.inputs.tag || github.ref_name}} . + + build-other: + runs-on: ubuntu-latest + permissions: + contents: write + needs: build-amd64 + strategy: + matrix: + architecture: [arm64, arm-v7, arm-v6] + steps: + - name: Login to DockerHub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Checkout + uses: actions/checkout@v3 + - uses: benjlevesque/short-sha@v2.1 + id: short-sha + with: + length: 7 + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Available platforms + run: echo ${{ steps.buildx.outputs.platforms }} + - name: Run Buildx + run: docker buildx build --platform linux/$(echo ${{matrix.architecture}} | tr - /) -t $REPO-arch:arch-${{matrix.architecture}}-${{github.event.inputs.tag || github.ref_name}} . \ No newline at end of file diff --git a/.gitignore b/.gitignore index c028795..098cca6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,7 @@ ui/node_modules ui/build ui/public/assets/env.js +.DS_Store .idea machinery/www yarn.lock diff --git a/Dockerfile b/Dockerfile index 059eba3..c7ed14d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,21 +1,44 @@ -ARG BASE_IMAGE_VERSION=70ec57e -FROM kerberos/base:${BASE_IMAGE_VERSION} AS build-machinery -LABEL AUTHOR=Kerberos.io - -ENV GOROOT=/usr/local/go -ENV GOPATH=/go -ENV PATH=$GOPATH/bin:$GOROOT/bin:/usr/local/lib:$PATH -ENV GOSUMDB=off +FROM mcr.microsoft.com/devcontainers/go:1.24-bookworm AS build-machinery +LABEL AUTHOR=uug.ai ########################################## # Installing some additional dependencies. -RUN apt-get upgrade -y && apt-get update && apt-get install -y --fix-missing --no-install-recommends \ +RUN apt-get update && apt-get upgrade -y && apt-get install -y --fix-missing --no-install-recommends \ git build-essential cmake pkg-config unzip libgtk2.0-dev \ - curl ca-certificates libcurl4-openssl-dev libssl-dev libjpeg62-turbo-dev && \ + curl ca-certificates libcurl4-openssl-dev libssl-dev libjpeg62-turbo-dev \ + libc-ares-dev uuid-dev daemon libwebsockets-dev \ + dh-autoreconf autotools-dev autoconf automake gcc \ + libtool make nasm tar && \ rm -rf /var/lib/apt/lists/* +############################# +# Static build x264 + +RUN git clone https://code.videolan.org/videolan/x264.git && \ + cd x264 && git checkout 0a84d986 && \ + ./configure --prefix=/usr/local --enable-static --enable-pic && \ + make && \ + make install && \ + cd .. && rm -rf x264 + +################################# +# Clone and build FFMpeg & OpenCV + +RUN git clone https://github.com/FFmpeg/FFmpeg && \ + cd FFmpeg && git checkout n6.0.1 && \ + ./configure --prefix=/usr/local --target-os=linux --enable-nonfree \ + --extra-ldflags="-latomic" \ + --enable-avfilter \ + --disable-zlib \ + --enable-gpl \ + --extra-libs=-latomic \ + --enable-static --disable-shared && \ + make && \ + make install && \ + cd .. && rm -rf FFmpeg + ############################################################################## # Copy all the relevant source code in the Docker image, so we can build this. From ca8d88ffce43f98e6aa0710b325cb237ea004d2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Verstraeten?= Date: Tue, 9 Sep 2025 14:34:39 +0000 Subject: [PATCH 02/12] Update GitHub Actions workflow to support multiple architectures in build matrix --- .github/workflows/pr-build.yml | 33 ++------------------------------- 1 file changed, 2 insertions(+), 31 deletions(-) diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml index 7ea45c8..2da4805 100644 --- a/.github/workflows/pr-build.yml +++ b/.github/workflows/pr-build.yml @@ -13,7 +13,7 @@ jobs: contents: write strategy: matrix: - architecture: [amd64] + architecture: [amd64, arm64, arm-v7, arm-v6] steps: - name: Login to DockerHub uses: docker/login-action@v2 @@ -33,33 +33,4 @@ jobs: - name: Available platforms run: echo ${{ steps.buildx.outputs.platforms }} - name: Run Buildx - run: docker buildx build --platform linux/$(echo ${{matrix.architecture}} | tr - /) -t $REPO-arch:arch-${{matrix.architecture}}-${{github.event.inputs.tag || github.ref_name}} . - - build-other: - runs-on: ubuntu-latest - permissions: - contents: write - needs: build-amd64 - strategy: - matrix: - architecture: [arm64, arm-v7, arm-v6] - steps: - - name: Login to DockerHub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - name: Checkout - uses: actions/checkout@v3 - - uses: benjlevesque/short-sha@v2.1 - id: short-sha - with: - length: 7 - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Available platforms - run: echo ${{ steps.buildx.outputs.platforms }} - - name: Run Buildx - run: docker buildx build --platform linux/$(echo ${{matrix.architecture}} | tr - /) -t $REPO-arch:arch-${{matrix.architecture}}-${{github.event.inputs.tag || github.ref_name}} . \ No newline at end of file + run: docker buildx build --platform linux/$(echo ${{matrix.architecture}} | tr - /) -t ${{matrix.architecture}} . \ No newline at end of file From 14254303767984f6dce19390db39e8e88f9f93b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Verstraeten?= Date: Tue, 9 Sep 2025 14:36:32 +0000 Subject: [PATCH 03/12] Update .gitignore to include __debug* and change Dockerfile base image to golang:1.24.5-bullseye --- .gitignore | 1 + Dockerfile | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 098cca6..6541f88 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,7 @@ ui/node_modules ui/build ui/public/assets/env.js .DS_Store +__debug* .idea machinery/www yarn.lock diff --git a/Dockerfile b/Dockerfile index c7ed14d..e9fd495 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ -FROM mcr.microsoft.com/devcontainers/go:1.24-bookworm AS build-machinery +FROM golang:1.24.5-bullseye AS build-machinery LABEL AUTHOR=uug.ai ########################################## From 0a84744e49bba19c5641cd6d2da6a02a3accc055 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Verstraeten?= Date: Tue, 9 Sep 2025 14:38:51 +0000 Subject: [PATCH 04/12] Remove arm-v6 architecture from build matrix in PR workflow --- .github/workflows/pr-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml index 2da4805..4fcf066 100644 --- a/.github/workflows/pr-build.yml +++ b/.github/workflows/pr-build.yml @@ -13,7 +13,7 @@ jobs: contents: write strategy: matrix: - architecture: [amd64, arm64, arm-v7, arm-v6] + architecture: [amd64, arm64, arm-v7] steps: - name: Login to DockerHub uses: docker/login-action@v2 From a4a032d9944de7b0e6288a40201a9f92b46fdb61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Verstraeten?= Date: Thu, 11 Sep 2025 10:17:51 +0200 Subject: [PATCH 05/12] Update GitHub Actions workflow and Dockerfiles for architecture support and dependency management --- .github/workflows/pr-build.yml | 35 +++++--- Dockerfile | 49 +++++------ Dockerfile.arm64 | 149 +++++++++++++++++++++++++++++++++ 3 files changed, 193 insertions(+), 40 deletions(-) create mode 100644 Dockerfile.arm64 diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml index 4fcf066..8d02c2a 100644 --- a/.github/workflows/pr-build.yml +++ b/.github/workflows/pr-build.yml @@ -8,12 +8,12 @@ env: jobs: build-amd64: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 permissions: contents: write strategy: matrix: - architecture: [amd64, arm64, arm-v7] + architecture: [amd64] steps: - name: Login to DockerHub uses: docker/login-action@v2 @@ -26,11 +26,26 @@ jobs: id: short-sha with: length: 7 - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Available platforms - run: echo ${{ steps.buildx.outputs.platforms }} - - name: Run Buildx - run: docker buildx build --platform linux/$(echo ${{matrix.architecture}} | tr - /) -t ${{matrix.architecture}} . \ No newline at end of file + - name: Run Build + run: docker build -t ${{matrix.architecture}} . + build-arm64: + runs-on: ubuntu-24.04-arm + permissions: + contents: write + strategy: + matrix: + architecture: [arm64] + steps: + - name: Login to DockerHub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Checkout + uses: actions/checkout@v3 + - uses: benjlevesque/short-sha@v2.1 + id: short-sha + with: + length: 7 + - name: Run Build + run: docker build -t ${{matrix.architecture}} . \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index e9fd495..09c2bcb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,43 +1,32 @@ -FROM golang:1.24.5-bullseye AS build-machinery +ARG BASE_IMAGE_VERSION=amd64-ddbe40e +FROM kerberos/base:${BASE_IMAGE_VERSION} AS build-machinery LABEL AUTHOR=uug.ai +ENV GOROOT=/usr/local/go +ENV GOPATH=/go +ENV PATH=$GOPATH/bin:$GOROOT/bin:/usr/local/lib:$PATH +ENV GOSUMDB=off + ########################################## # Installing some additional dependencies. -RUN apt-get update && apt-get upgrade -y && apt-get install -y --fix-missing --no-install-recommends \ +RUN apt-get upgrade -y && apt-get update && apt-get install -y --fix-missing --no-install-recommends \ git build-essential cmake pkg-config unzip libgtk2.0-dev \ - curl ca-certificates libcurl4-openssl-dev libssl-dev libjpeg62-turbo-dev \ - libc-ares-dev uuid-dev daemon libwebsockets-dev \ - dh-autoreconf autotools-dev autoconf automake gcc \ - libtool make nasm tar && \ + curl ca-certificates libcurl4-openssl-dev libssl-dev libjpeg62-turbo-dev && \ rm -rf /var/lib/apt/lists/* -############################# -# Static build x264 +############################ +# Build Golang -RUN git clone https://code.videolan.org/videolan/x264.git && \ - cd x264 && git checkout 0a84d986 && \ - ./configure --prefix=/usr/local --enable-static --enable-pic && \ - make && \ - make install && \ - cd .. && rm -rf x264 - -################################# -# Clone and build FFMpeg & OpenCV - -RUN git clone https://github.com/FFmpeg/FFmpeg && \ - cd FFmpeg && git checkout n6.0.1 && \ - ./configure --prefix=/usr/local --target-os=linux --enable-nonfree \ - --extra-ldflags="-latomic" \ - --enable-avfilter \ - --disable-zlib \ - --enable-gpl \ - --extra-libs=-latomic \ - --enable-static --disable-shared && \ - make && \ - make install && \ - cd .. && rm -rf FFmpeg +RUN ARCH=$(uname -m) && \ + ARCH=$([ "$(uname -m)" = "armv7l" ] && echo "armv6l" || echo $ARCH) && \ + ARCH=$([ "$(uname -m)" = "x86_64" ] && echo "amd64" || echo $ARCH) && \ + ARCH=$([ "$(uname -m)" = "aarch64" ] && echo "arm64" || echo $ARCH) && \ + wget "https://dl.google.com/go/go1.24.5.linux-$ARCH.tar.gz" && \ + tar -xvf "go1.24.5.linux-$ARCH.tar.gz" && \ + rm -rf go1.24.5.linux-$ARCH.tar.gz && \ + mv go /usr/local ############################################################################## # Copy all the relevant source code in the Docker image, so we can build this. diff --git a/Dockerfile.arm64 b/Dockerfile.arm64 new file mode 100644 index 0000000..3549bc6 --- /dev/null +++ b/Dockerfile.arm64 @@ -0,0 +1,149 @@ + +ARG BASE_IMAGE_VERSION=arm64-ddbe40e +FROM kerberos/base:${BASE_IMAGE_VERSION} AS build-machinery +LABEL AUTHOR=uug.ai +ENV GOROOT=/usr/local/go +ENV GOPATH=/go +ENV PATH=$GOPATH/bin:$GOROOT/bin:/usr/local/lib:$PATH +ENV GOSUMDB=off + +########################################## +# Installing some additional dependencies. + +RUN apt-get upgrade -y && apt-get update && apt-get install -y --fix-missing --no-install-recommends \ + git build-essential cmake pkg-config unzip libgtk2.0-dev \ + curl ca-certificates libcurl4-openssl-dev libssl-dev libjpeg62-turbo-dev && \ + rm -rf /var/lib/apt/lists/* + +############################ +# Build Golang + +RUN ARCH=$(uname -m) && \ + ARCH=$([ "$(uname -m)" = "armv7l" ] && echo "armv6l" || echo $ARCH) && \ + ARCH=$([ "$(uname -m)" = "x86_64" ] && echo "amd64" || echo $ARCH) && \ + ARCH=$([ "$(uname -m)" = "aarch64" ] && echo "arm64" || echo $ARCH) && \ + wget "https://dl.google.com/go/go1.24.5.linux-$ARCH.tar.gz" && \ + tar -xvf "go1.24.5.linux-$ARCH.tar.gz" && \ + rm -rf go1.24.5.linux-$ARCH.tar.gz && \ + mv go /usr/local + +############################################################################## +# Copy all the relevant source code in the Docker image, so we can build this. + +RUN mkdir -p /go/src/github.com/kerberos-io/agent +COPY machinery /go/src/github.com/kerberos-io/agent/machinery +RUN rm -rf /go/src/github.com/kerberos-io/agent/machinery/.env + +################################################################## +# Get the latest commit hash, so we know which version we're running +COPY .git /go/src/github.com/kerberos-io/agent/.git +RUN cd /go/src/github.com/kerberos-io/agent/.git && git log --format="%H" -n 1 | head -c7 > /go/src/github.com/kerberos-io/agent/machinery/version +RUN cat /go/src/github.com/kerberos-io/agent/machinery/version + +################## +# Build Machinery + +RUN cd /go/src/github.com/kerberos-io/agent/machinery && \ + go mod download && \ + go build -tags timetzdata,netgo,osusergo --ldflags '-s -w -extldflags "-static -latomic"' main.go && \ + mkdir -p /agent && \ + mv main /agent && \ + mv version /agent && \ + mv data /agent && \ + mkdir -p /agent/data/cloud && \ + mkdir -p /agent/data/snapshots && \ + mkdir -p /agent/data/log && \ + mkdir -p /agent/data/recordings && \ + mkdir -p /agent/data/capture-test && \ + mkdir -p /agent/data/config + +#################################### +# Let's create a /dist folder containing just the files necessary for runtime. +# Later, it will be copied as the / (root) of the output image. + +WORKDIR /dist +RUN cp -r /agent ./ + +#################################################################################### +# This will collect dependent libraries so they're later copied to the final image. + +RUN /dist/agent/main version + +FROM node:18.14.0-alpine3.16 AS build-ui + +RUN apk update && apk upgrade --available && sync + +######################## +# Build Web (React app) + +RUN mkdir -p /go/src/github.com/kerberos-io/agent/machinery/www +COPY ui /go/src/github.com/kerberos-io/agent/ui +RUN cd /go/src/github.com/kerberos-io/agent/ui && rm -rf yarn.lock && yarn config set network-timeout 300000 && \ + yarn && yarn build + +#################################### +# Let's create a /dist folder containing just the files necessary for runtime. +# Later, it will be copied as the / (root) of the output image. + +WORKDIR /dist +RUN mkdir -p ./agent && cp -r /go/src/github.com/kerberos-io/agent/machinery/www ./agent/ + +############################################ +# Publish main binary to GitHub release + +FROM alpine:latest + +############################ +# Protect by non-root user. + +RUN addgroup -S kerberosio && adduser -S agent -G kerberosio && addgroup agent video + +################################# +# Copy files from previous images + +COPY --chown=0:0 --from=build-machinery /dist / +COPY --chown=0:0 --from=build-ui /dist / + +RUN apk update && apk add ca-certificates curl libstdc++ libc6-compat --no-cache && rm -rf /var/cache/apk/* + +################## +# Try running agent + +RUN mv /agent/* /home/agent/ +RUN /home/agent/main version + +####################### +# Make template config + +RUN cp /home/agent/data/config/config.json /home/agent/data/config.template.json + +########################### +# Set permissions correctly + +RUN chown -R agent:kerberosio /home/agent/data +RUN chown -R agent:kerberosio /home/agent/www + +########################### +# Grant the necessary root capabilities to the process trying to bind to the privileged port +RUN apk add libcap && setcap 'cap_net_bind_service=+ep' /home/agent/main + +################### +# Run non-root user + +USER agent + +###################################### +# By default the app runs on port 80 + +EXPOSE 80 + +###################################### +# Check if agent is still running + +HEALTHCHECK CMD curl --fail http://localhost:80 || exit 1 + +################################################### +# Leeeeettttt'ssss goooooo!!! +# Run the shizzle from the right working directory. +WORKDIR /home/agent +CMD ["./main", "-action", "run", "-port", "80"] \ No newline at end of file From ec7f2e03034fa235c95d1a90b6544d1df755345e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Verstraeten?= Date: Thu, 11 Sep 2025 10:18:19 +0200 Subject: [PATCH 06/12] Update ARM64 build step to specify Dockerfile for architecture --- .github/workflows/pr-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml index 8d02c2a..f71a6c0 100644 --- a/.github/workflows/pr-build.yml +++ b/.github/workflows/pr-build.yml @@ -48,4 +48,4 @@ jobs: with: length: 7 - name: Run Build - run: docker build -t ${{matrix.architecture}} . \ No newline at end of file + run: docker build -t ${{matrix.architecture}} -f Dockerfile.arm64 . \ No newline at end of file From 243c9696667e9549861d1f7768b171c5397c3c3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Verstraeten?= Date: Thu, 11 Sep 2025 10:26:54 +0200 Subject: [PATCH 07/12] Add missing go version check in Dockerfile build step --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 09c2bcb..2b201d3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,7 @@ RUN apt-get upgrade -y && apt-get update && apt-get install -y --fix-missing --n ############################ # Build Golang - +RUN go version RUN ARCH=$(uname -m) && \ ARCH=$([ "$(uname -m)" = "armv7l" ] && echo "armv6l" || echo $ARCH) && \ ARCH=$([ "$(uname -m)" = "x86_64" ] && echo "amd64" || echo $ARCH) && \ From f55e25db075713175d16634c9e7b6257e7b50880 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Verstraeten?= Date: Thu, 11 Sep 2025 10:29:05 +0200 Subject: [PATCH 08/12] Remove Golang build steps from Dockerfiles for amd64 and arm64 --- Dockerfile | 12 ------------ Dockerfile.arm64 | 13 +------------ 2 files changed, 1 insertion(+), 24 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2b201d3..bcfd399 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,18 +16,6 @@ RUN apt-get upgrade -y && apt-get update && apt-get install -y --fix-missing --n curl ca-certificates libcurl4-openssl-dev libssl-dev libjpeg62-turbo-dev && \ rm -rf /var/lib/apt/lists/* -############################ -# Build Golang -RUN go version -RUN ARCH=$(uname -m) && \ - ARCH=$([ "$(uname -m)" = "armv7l" ] && echo "armv6l" || echo $ARCH) && \ - ARCH=$([ "$(uname -m)" = "x86_64" ] && echo "amd64" || echo $ARCH) && \ - ARCH=$([ "$(uname -m)" = "aarch64" ] && echo "arm64" || echo $ARCH) && \ - wget "https://dl.google.com/go/go1.24.5.linux-$ARCH.tar.gz" && \ - tar -xvf "go1.24.5.linux-$ARCH.tar.gz" && \ - rm -rf go1.24.5.linux-$ARCH.tar.gz && \ - mv go /usr/local - ############################################################################## # Copy all the relevant source code in the Docker image, so we can build this. diff --git a/Dockerfile.arm64 b/Dockerfile.arm64 index 3549bc6..a1cf1ac 100644 --- a/Dockerfile.arm64 +++ b/Dockerfile.arm64 @@ -2,6 +2,7 @@ ARG BASE_IMAGE_VERSION=arm64-ddbe40e FROM kerberos/base:${BASE_IMAGE_VERSION} AS build-machinery LABEL AUTHOR=uug.ai + ENV GOROOT=/usr/local/go ENV GOPATH=/go ENV PATH=$GOPATH/bin:$GOROOT/bin:/usr/local/lib:$PATH @@ -15,18 +16,6 @@ RUN apt-get upgrade -y && apt-get update && apt-get install -y --fix-missing --n curl ca-certificates libcurl4-openssl-dev libssl-dev libjpeg62-turbo-dev && \ rm -rf /var/lib/apt/lists/* -############################ -# Build Golang - -RUN ARCH=$(uname -m) && \ - ARCH=$([ "$(uname -m)" = "armv7l" ] && echo "armv6l" || echo $ARCH) && \ - ARCH=$([ "$(uname -m)" = "x86_64" ] && echo "amd64" || echo $ARCH) && \ - ARCH=$([ "$(uname -m)" = "aarch64" ] && echo "arm64" || echo $ARCH) && \ - wget "https://dl.google.com/go/go1.24.5.linux-$ARCH.tar.gz" && \ - tar -xvf "go1.24.5.linux-$ARCH.tar.gz" && \ - rm -rf go1.24.5.linux-$ARCH.tar.gz && \ - mv go /usr/local - ############################################################################## # Copy all the relevant source code in the Docker image, so we can build this. From 8b59828126c8c68073a3d7b83731a271a9a2ffbc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Verstraeten?= Date: Thu, 11 Sep 2025 13:39:27 +0200 Subject: [PATCH 09/12] Add steps to strip binary and upload artifact in PR build workflow --- .github/workflows/pr-build.yml | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml index f71a6c0..8e4324a 100644 --- a/.github/workflows/pr-build.yml +++ b/.github/workflows/pr-build.yml @@ -28,6 +28,14 @@ jobs: length: 7 - name: Run Build run: docker build -t ${{matrix.architecture}} . + - name: Strip binary + run: mkdir -p output/ && tar -xf output-${{matrix.architecture}}.tar -C output && rm output-${{matrix.architecture}}.tar && cd output/ && tar -cf ../agent-${{matrix.architecture}}.tar -C home/agent . && rm -rf output + - name: Upload artifact + uses: actions/upload-artifact@v3 + with: + name: agent-${{matrix.architecture}}.tar + path: agent-${{matrix.architecture}}.tar + build-arm64: runs-on: ubuntu-24.04-arm permissions: @@ -48,4 +56,12 @@ jobs: with: length: 7 - name: Run Build - run: docker build -t ${{matrix.architecture}} -f Dockerfile.arm64 . \ No newline at end of file + run: docker build -t ${{matrix.architecture}} -f Dockerfile.arm64 . + - name: Strip binary + run: mkdir -p output/ && tar -xf output-${{matrix.architecture}}.tar -C output && rm output-${{matrix.architecture}}.tar && cd output/ && tar -cf ../agent-${{matrix.architecture}}.tar -C home/agent . && rm -rf output + - name: Upload artifact + uses: actions/upload-artifact@v3 + with: + name: agent-${{matrix.architecture}}.tar + path: agent-${{matrix.architecture}}.tar + From 2bff868de651e71243b09a4791318e7710770ba7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Verstraeten?= Date: Thu, 11 Sep 2025 13:45:34 +0200 Subject: [PATCH 10/12] Update upload artifact action to v4 in PR build workflow --- .github/workflows/pr-build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml index 8e4324a..1fa9a6b 100644 --- a/.github/workflows/pr-build.yml +++ b/.github/workflows/pr-build.yml @@ -31,7 +31,7 @@ jobs: - name: Strip binary run: mkdir -p output/ && tar -xf output-${{matrix.architecture}}.tar -C output && rm output-${{matrix.architecture}}.tar && cd output/ && tar -cf ../agent-${{matrix.architecture}}.tar -C home/agent . && rm -rf output - name: Upload artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: agent-${{matrix.architecture}}.tar path: agent-${{matrix.architecture}}.tar @@ -60,7 +60,7 @@ jobs: - name: Strip binary run: mkdir -p output/ && tar -xf output-${{matrix.architecture}}.tar -C output && rm output-${{matrix.architecture}}.tar && cd output/ && tar -cf ../agent-${{matrix.architecture}}.tar -C home/agent . && rm -rf output - name: Upload artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: agent-${{matrix.architecture}}.tar path: agent-${{matrix.architecture}}.tar From 0aa0b8ad8fb95600166738d7f7e1f8e6e06e4b66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Verstraeten?= Date: Thu, 11 Sep 2025 14:09:22 +0200 Subject: [PATCH 11/12] Refactor build steps in PR workflow to streamline Docker operations and improve artifact handling --- .github/workflows/pr-build.yml | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml index 1fa9a6b..3725aab 100644 --- a/.github/workflows/pr-build.yml +++ b/.github/workflows/pr-build.yml @@ -27,9 +27,13 @@ jobs: with: length: 7 - name: Run Build - run: docker build -t ${{matrix.architecture}} . + run: | + docker build -t ${{matrix.architecture}} . + CID=$(docker create ${{matrix.architecture}}) + docker cp ${CID}:/home/agent ./output-${{matrix.architecture}} + docker rm ${CID} - name: Strip binary - run: mkdir -p output/ && tar -xf output-${{matrix.architecture}}.tar -C output && rm output-${{matrix.architecture}}.tar && cd output/ && tar -cf ../agent-${{matrix.architecture}}.tar -C home/agent . && rm -rf output + run: tar -cf agent-${{matrix.architecture}}.tar -C output-${{matrix.architecture}} . && rm -rf output-${{matrix.architecture}} - name: Upload artifact uses: actions/upload-artifact@v4 with: @@ -56,9 +60,13 @@ jobs: with: length: 7 - name: Run Build - run: docker build -t ${{matrix.architecture}} -f Dockerfile.arm64 . + run: | + docker build -t ${{matrix.architecture}} -f Dockerfile.arm64 . + CID=$(docker create ${{matrix.architecture}}) + docker cp ${CID}:/home/agent ./output-${{matrix.architecture}} + docker rm ${CID} - name: Strip binary - run: mkdir -p output/ && tar -xf output-${{matrix.architecture}}.tar -C output && rm output-${{matrix.architecture}}.tar && cd output/ && tar -cf ../agent-${{matrix.architecture}}.tar -C home/agent . && rm -rf output + run: tar -cf agent-${{matrix.architecture}}.tar -C output-${{matrix.architecture}} . && rm -rf output-${{matrix.architecture}} - name: Upload artifact uses: actions/upload-artifact@v4 with: From b7a87f95e529df521810d8abb8ee329023dfbc0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Verstraeten?= Date: Thu, 11 Sep 2025 15:00:37 +0200 Subject: [PATCH 12/12] Update Docker workflow to use Ubuntu 24.04 and simplify build steps for multi-arch images --- .github/workflows/docker.yml | 133 +++++++++++++++++++---------------- 1 file changed, 74 insertions(+), 59 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 7c93fc2..1202257 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -14,7 +14,7 @@ env: jobs: build-amd64: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 permissions: contents: write strategy: @@ -32,53 +32,36 @@ jobs: id: short-sha with: length: 7 - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Available platforms - run: echo ${{ steps.buildx.outputs.platforms }} - - name: Run Buildx - run: docker buildx build --platform linux/$(echo ${{matrix.architecture}} | tr - /) -t $REPO-arch:arch-${{matrix.architecture}}-${{github.event.inputs.tag || github.ref_name}} --push . - - name: Create new and append to manifest - run: docker buildx imagetools create -t $REPO:${{ github.event.inputs.tag || github.ref_name }} $REPO-arch:arch-${{matrix.architecture}}-${{github.event.inputs.tag || github.ref_name}} - - name: Create new and append to manifest latest - run: docker buildx imagetools create -t $REPO:latest $REPO-arch:arch-${{matrix.architecture}}-${{github.event.inputs.tag || github.ref_name}} - if: github.event.inputs.tag == 'test' - - name: Run Buildx with output - run: docker buildx build --platform linux/$(echo ${{matrix.architecture}} | tr - /) -t $REPO-arch:arch-$(echo ${{matrix.architecture}} | tr / -)-${{github.event.inputs.tag || github.ref_name}} --output type=tar,dest=output-${{matrix.architecture}}.tar . + - name: Run Build + run: | + docker build -t ${{matrix.architecture}} . + CID=$(docker create ${{matrix.architecture}}) + docker cp ${CID}:/home/agent ./output-${{matrix.architecture}} + docker rm ${CID} - name: Strip binary - run: mkdir -p output/ && tar -xf output-${{matrix.architecture}}.tar -C output && rm output-${{matrix.architecture}}.tar && cd output/ && tar -cf ../agent-${{matrix.architecture}}.tar -C home/agent . && rm -rf output - - name: Create a release - uses: ncipollo/release-action@v1 + run: tar -cf agent-${{matrix.architecture}}.tar -C output-${{matrix.architecture}} . && rm -rf output-${{matrix.architecture}} + - name: Build and push Docker image + run: | + docker tag ${{matrix.architecture}} $REPO-arch:arch-${{matrix.architecture}}-${{github.event.inputs.tag || github.ref_name}} + docker push $REPO-arch:arch-${{matrix.architecture}}-${{github.event.inputs.tag || github.ref_name}} + - name: Create new manifest + run: docker manifest create $REPO:${{ github.event.inputs.tag || github.ref_name }} $REPO-arch:arch-${{matrix.architecture}}-${{github.event.inputs.tag || github.ref_name}} + - name: Create latest manifest + run: docker manifest create $REPO:latest $REPO-arch:arch-${{matrix.architecture}}-${{github.event.inputs.tag || github.ref_name}} + if: github.event.inputs.tag == 'test' + - name: Upload artifact + uses: actions/upload-artifact@v4 with: - latest: true - allowUpdates: true - name: ${{ github.event.inputs.tag || github.ref_name }} - tag: ${{ github.event.inputs.tag || github.ref_name }} - generateReleaseNotes: false - omitBodyDuringUpdate: true - artifacts: "agent-${{matrix.architecture}}.tar" - # Taken from GoReleaser's own release workflow. - # The available Snapcraft Action has some bugs described in the issue below. - # The mkdirs are a hack for https://github.com/goreleaser/goreleaser/issues/1715. - #- name: Setup Snapcraft - # run: | - # sudo apt-get update - # sudo apt-get -yq --no-install-suggests --no-install-recommends install snapcraft - # mkdir -p $HOME/.cache/snapcraft/download - # mkdir -p $HOME/.cache/snapcraft/stage-packages - #- name: Use Snapcraft - # run: tar -xf agent-${{matrix.architecture}}.tar && snapcraft - build-other: - runs-on: ubuntu-latest + name: agent-${{matrix.architecture}}.tar + path: agent-${{matrix.architecture}}.tar + + build-arm64: + runs-on: ubuntu-24.04-arm permissions: contents: write - needs: build-amd64 strategy: matrix: - architecture: [arm64, arm-v7, arm-v6] - #architecture: [arm64, arm-v7] + architecture: [arm64] steps: - name: Login to DockerHub uses: docker/login-action@v2 @@ -91,23 +74,55 @@ jobs: id: short-sha with: length: 7 - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Available platforms - run: echo ${{ steps.buildx.outputs.platforms }} - - name: Run Buildx - run: docker buildx build --platform linux/$(echo ${{matrix.architecture}} | tr - /) -t $REPO-arch:arch-${{matrix.architecture}}-${{github.event.inputs.tag || github.ref_name}} --push . - - name: Create new and append to manifest - run: docker buildx imagetools create --append -t $REPO:${{ github.event.inputs.tag || github.ref_name }} $REPO-arch:arch-${{matrix.architecture}}-${{github.event.inputs.tag || github.ref_name}} - - name: Create new and append to manifest latest - run: docker buildx imagetools create --append -t $REPO:latest $REPO-arch:arch-${{matrix.architecture}}-${{github.event.inputs.tag || github.ref_name}} - if: github.event.inputs.tag == 'test' - - name: Run Buildx with output - run: docker buildx build --platform linux/$(echo ${{matrix.architecture}} | tr - /) -t $REPO-arch:arch-$(echo ${{matrix.architecture}} | tr / -)-${{github.event.inputs.tag || github.ref_name}} --output type=tar,dest=output-${{matrix.architecture}}.tar . + - name: Run Build + run: | + docker build -t ${{matrix.architecture}} -f Dockerfile.arm64 . + CID=$(docker create ${{matrix.architecture}}) + docker cp ${CID}:/home/agent ./output-${{matrix.architecture}} + docker rm ${CID} - name: Strip binary - run: mkdir -p output/ && tar -xf output-${{matrix.architecture}}.tar -C output && rm output-${{matrix.architecture}}.tar && cd output/ && tar -cf ../agent-${{matrix.architecture}}.tar -C home/agent . && rm -rf output + run: tar -cf agent-${{matrix.architecture}}.tar -C output-${{matrix.architecture}} . && rm -rf output-${{matrix.architecture}} + - name: Build and push Docker image + run: | + docker tag ${{matrix.architecture}} $REPO-arch:arch-${{matrix.architecture}}-${{github.event.inputs.tag || github.ref_name}} + docker push $REPO-arch:arch-${{matrix.architecture}}-${{github.event.inputs.tag || github.ref_name}} + - name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: agent-${{matrix.architecture}}.tar + path: agent-${{matrix.architecture}}.tar + + create-manifest: + runs-on: ubuntu-24.04 + needs: [build-amd64, build-arm64] + steps: + - name: Login to DockerHub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Create and push multi-arch manifest + run: | + docker manifest create $REPO:${{ github.event.inputs.tag || github.ref_name }} \ + $REPO-arch:arch-amd64-${{github.event.inputs.tag || github.ref_name}} \ + $REPO-arch:arch-arm64-${{github.event.inputs.tag || github.ref_name}} + docker manifest push $REPO:${{ github.event.inputs.tag || github.ref_name }} + - name: Create and push latest manifest + run: | + docker manifest create $REPO:latest \ + $REPO-arch:arch-amd64-${{github.event.inputs.tag || github.ref_name}} \ + $REPO-arch:arch-arm64-${{github.event.inputs.tag || github.ref_name}} + docker manifest push $REPO:latest + if: github.event.inputs.tag == 'test' + + create-release: + runs-on: ubuntu-24.04 + needs: [build-amd64, build-arm64] + permissions: + contents: write + steps: + - name: Download all artifacts + uses: actions/download-artifact@v4 - name: Create a release uses: ncipollo/release-action@v1 with: @@ -117,4 +132,4 @@ jobs: tag: ${{ github.event.inputs.tag || github.ref_name }} generateReleaseNotes: false omitBodyDuringUpdate: true - artifacts: "agent-${{matrix.architecture}}.tar" + artifacts: "agent-*.tar/agent-*.tar"