From cad15eb72ff734fc32e43954ad5267563332141f Mon Sep 17 00:00:00 2001 From: Dave Henderson Date: Tue, 29 Oct 2019 19:49:38 -0400 Subject: [PATCH] Distill to single Dockerfile Signed-off-by: Dave Henderson --- .github/workflows/docker.yml | 12 + Dockerfile | 77 +++++ build/Dockerfile.alpine | 31 -- build/Dockerfile.scratch | 31 -- build/files/etc/caddy/Caddyfile | 25 -- build/files/usr/share/caddy/index.html | 268 ------------------ build/templates/.gomplateignore | 2 - build/templates/Dockerfile.alpine.tmpl | 11 - build/templates/Dockerfile.scratch.tmpl | 11 - .../templates/partials/Dockerfile.common.tmpl | 21 -- hooks/build | 28 ++ hooks/post_push | 41 +++ 12 files changed, 158 insertions(+), 400 deletions(-) create mode 100644 .github/workflows/docker.yml create mode 100644 Dockerfile delete mode 100644 build/Dockerfile.alpine delete mode 100644 build/Dockerfile.scratch delete mode 100644 build/files/etc/caddy/Caddyfile delete mode 100644 build/files/usr/share/caddy/index.html delete mode 100644 build/templates/.gomplateignore delete mode 100644 build/templates/Dockerfile.alpine.tmpl delete mode 100644 build/templates/Dockerfile.scratch.tmpl delete mode 100644 build/templates/partials/Dockerfile.common.tmpl create mode 100755 hooks/build create mode 100755 hooks/post_push diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 0000000..5a6f3b8 --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,12 @@ +name: Docker Build +on: [push] + +jobs: + docker-build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + - name: Build Docker images + run: hooks/build + env: + DOCKER_BUILDKIT: '1' diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..6a05ab3 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,77 @@ +FROM golang:1.13.3-alpine as builder + +WORKDIR /src + +RUN apk add --no-cache \ + git \ + ca-certificates + +ARG CADDY_SOURCE_VERSION=v2 + +RUN git clone -b $CADDY_SOURCE_VERSION https://github.com/caddyserver/caddy.git --depth 1 + +WORKDIR /src/caddy/cmd/caddy + +RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \ + go build -trimpath -tags netgo -ldflags '-extldflags "-static" -s -w' -o /usr/bin/caddy + +# Fetch the latest default welcome page and default Caddy config +FROM alpine:3.10.3 AS fetch-assets + +RUN apk add --no-cache git + +ARG DIST_COMMIT=97bcdfccf5392c650216ebb0634a5ed4c680ad6a + +WORKDIR /src/dist +RUN git clone https://github.com/caddyserver/dist . +RUN git checkout $DIST_COMMIT + +RUN cp config/Caddyfile /Caddyfile +RUN cp welcome/index.html /index.html + +FROM alpine:3.10.3 AS alpine + +COPY --from=builder /usr/bin/caddy /usr/bin/caddy +COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs +COPY --from=builder /etc/passwd /etc/passwd + +COPY --from=fetch-assets /Caddyfile /etc/caddy/Caddyfile +COPY --from=fetch-assets /index.html /usr/share/caddy/index.html + +ARG VCS_REF +ARG VERSION +LABEL org.opencontainers.image.revision=$VCS_REF +LABEL org.opencontainers.image.version=$VERSION +LABEL org.opencontainers.image.title=Caddy +LABEL org.opencontainers.image.description="a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go" +LABEL org.opencontainers.image.url=https://caddyserver.com +LABEL org.opencontainers.image.documentation=https://github.com/caddyserver/caddy/wiki/v2:-Documentation +LABEL org.opencontainers.image.vendor="Light Code Labs" +LABEL org.opencontainers.image.licenses=Apache-2.0 +LABEL org.opencontainers.image.source="https://github.com/caddyserver/caddy-docker" + +CMD [ "caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile" ] + +FROM scratch AS scratch + +COPY --from=builder /usr/bin/caddy /usr/bin/caddy +COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs +COPY --from=builder /etc/passwd /etc/passwd + +COPY --from=fetch-assets /Caddyfile /etc/caddy/Caddyfile +COPY --from=fetch-assets /index.html /usr/share/caddy/index.html + +ARG VCS_REF +ARG VERSION +LABEL org.opencontainers.image.revision=$VCS_REF +LABEL org.opencontainers.image.version=$VERSION +LABEL org.opencontainers.image.title=Caddy +LABEL org.opencontainers.image.description="a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go" +LABEL org.opencontainers.image.url=https://caddyserver.com +LABEL org.opencontainers.image.documentation=https://github.com/caddyserver/caddy/wiki/v2:-Documentation +LABEL org.opencontainers.image.vendor="Light Code Labs" +LABEL org.opencontainers.image.licenses=Apache-2.0 +LABEL org.opencontainers.image.source="https://github.com/caddyserver/caddy-docker" + +ENTRYPOINT [ "caddy" ] +CMD [ "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile" ] diff --git a/build/Dockerfile.alpine b/build/Dockerfile.alpine deleted file mode 100644 index c03f6d7..0000000 --- a/build/Dockerfile.alpine +++ /dev/null @@ -1,31 +0,0 @@ -ARG GO_TAG_VERSION -ARG ALPINE_TAG_VERSION -FROM golang:$GO_TAG_VERSION as builder - -WORKDIR /src - -RUN apk add --no-cache --no-progress \ - git=2.22.0-r0 \ - musl-dev=1.1.22-r3 \ - gcc=8.3.0-r0 \ - libc-dev=0.7.1-r0 \ - ca-certificates=20190108-r0 - -ARG CADDY_SOURCE_VERSION=v2 - -RUN git clone -b $CADDY_SOURCE_VERSION https://github.com/caddyserver/caddy.git --depth 1 - -WORKDIR /src/caddy/cmd/caddy - -RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \ - go build -trimpath -tags netgo -ldflags '-extldflags "-static" -s -w' -o /usr/bin/caddy - -ARG ALPINE_TAG_VERSION -FROM alpine:$ALPINE_TAG_VERSION - -COPY --from=builder /usr/bin/caddy /usr/bin/caddy -COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs -COPY --from=builder /etc/passwd /etc/passwd -COPY build/files . - -CMD ["/usr/bin/caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"] diff --git a/build/Dockerfile.scratch b/build/Dockerfile.scratch deleted file mode 100644 index f7e18a2..0000000 --- a/build/Dockerfile.scratch +++ /dev/null @@ -1,31 +0,0 @@ -ARG GO_TAG_VERSION -ARG ALPINE_TAG_VERSION -FROM golang:$GO_TAG_VERSION as builder - -WORKDIR /src - -RUN apk add --no-cache --no-progress \ - git=2.22.0-r0 \ - musl-dev=1.1.22-r3 \ - gcc=8.3.0-r0 \ - libc-dev=0.7.1-r0 \ - ca-certificates=20190108-r0 - -ARG CADDY_SOURCE_VERSION=v2 - -RUN git clone -b $CADDY_SOURCE_VERSION https://github.com/caddyserver/caddy.git --depth 1 - -WORKDIR /src/caddy/cmd/caddy - -RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \ - go build -trimpath -tags netgo -ldflags '-extldflags "-static" -s -w' -o /usr/bin/caddy - -FROM scratch - -COPY --from=builder /usr/bin/caddy /usr/bin/caddy -COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs -COPY --from=builder /etc/passwd /etc/passwd -COPY build/files . - -ENTRYPOINT ["/usr/bin/caddy"] -CMD ["run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"] diff --git a/build/files/etc/caddy/Caddyfile b/build/files/etc/caddy/Caddyfile deleted file mode 100644 index 54a92e3..0000000 --- a/build/files/etc/caddy/Caddyfile +++ /dev/null @@ -1,25 +0,0 @@ -# The Caddyfile is an easy way to configure your Caddy web server. -# -# Unless the file starts with a global options block, the first -# uncommented line is always the address of your site. -# -# To use your own domain name (with automatic HTTPS), first make -# sure your domain's A/AAAA DNS records are properly pointed to -# this machine's public IP, then replace the line below with your -# domain name. -:80 - -# Set this path to your site's directory. -root * /usr/share/caddy - -# Enable the static file server. -file_server - -# Another common task is to set up a reverse proxy: -# reverse_proxy localhost:8080 - -# Or serve a PHP site through php-fpm: -# php_fastcgi localhost:9000 - -# Refer to the Caddy docs for more information: -# https://github.com/caddyserver/caddy/wiki/v2:-Documentation diff --git a/build/files/usr/share/caddy/index.html b/build/files/usr/share/caddy/index.html deleted file mode 100644 index 48c7952..0000000 --- a/build/files/usr/share/caddy/index.html +++ /dev/null @@ -1,268 +0,0 @@ - - - - Caddy works! - - - - - -
-
-
-
- - -

- Congratulations! - おめでとう! - Felicidades! - 恭喜! - बधाई हो! - Поздравляю!
 - 🎊 -

- -

- Your web server is working. Now make it work for you. 💪 -

-

- Caddy is ready to serve your site over HTTPS: -

-
    -
  1. Point your domain's A/AAAA DNS records at this machine.
    2. -
  2. Upload your site's files to /var/www/html. -
  3. - Edit your Caddyfile at /etc/caddy/Caddyfile: -
      -
    1. Replace :80 with your domain name
      2. -
    2. Change the site root to /var/www/html
      3. -
    -
    4. -
  4. Reload the configuration: systemctl reload caddy
    5. -
  5. Visit your site!
    6. -
-

If that worked 🥳

-

- Awesome! You won't have to look at this slanted page anymore. -

-

- Remember, Caddy can do a lot more than serve static files. It's also a powerful reverse proxy and application platform. You can use the Caddyfile to enable any other features you need. Or you could use Caddy's API to configure it programmatically. -

-

- Everything you need to know is either in the 📖 Caddy documentation or the manual for your OS/platform. Have fun! -

- -

If that didn't work 😶

-

- It's okay, you can fix it! First check the following things: -

-
    -
  • Service status: systemctl status caddy
    • -
  • Logs: journalctl --no-pager -u caddy
    • -
  • Are your site's files readable by the caddy user and group? ls -la /var/www/html
    • -
  • Is the caddy home directory writeable? ls -la /var/lib/caddy
    • -
  • Ensure your domain's A and/or AAAA records point to your machine's public IP address: dig example.com
    • -
  • Are your ports 80 and 443 externally reachable, and is Caddy able to bind to them? Check your firewalls, port forwarding, and other network configuration.
    • -
-

- WAIT! Before trying again, switch to Let's Encrypt's staging environment to avoid being accidentally rate limited. Once you get everything else working, it's safe to switch back. -

-

- Depending on your DNS provider, it may take a while for the DNS records to propagate. Even when everything is configured properly, automated challenges to obtain TLS certificates usually take several seconds, but may take up to several minutes or hours. -

- If you still need help, we have a great community! First try a search, and if your question is original, go ahead and ask it! Remember to pay it forward and help others too. 😁 -

-

- Visit Caddy on: - GitHub - or - Twitter - or - Our Forum -

-
-
- - - - - diff --git a/build/templates/.gomplateignore b/build/templates/.gomplateignore deleted file mode 100644 index ee0e23e..0000000 --- a/build/templates/.gomplateignore +++ /dev/null @@ -1,2 +0,0 @@ -.gomplateignore -/partials/* diff --git a/build/templates/Dockerfile.alpine.tmpl b/build/templates/Dockerfile.alpine.tmpl deleted file mode 100644 index d4d4f1a..0000000 --- a/build/templates/Dockerfile.alpine.tmpl +++ /dev/null @@ -1,11 +0,0 @@ -{{ template "partials/Dockerfile.common.tmpl" }} - -ARG ALPINE_TAG_VERSION -FROM alpine:$ALPINE_TAG_VERSION - -COPY --from=builder /usr/bin/caddy /usr/bin/caddy -COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs -COPY --from=builder /etc/passwd /etc/passwd -COPY build/files . - -CMD ["/usr/bin/caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"] diff --git a/build/templates/Dockerfile.scratch.tmpl b/build/templates/Dockerfile.scratch.tmpl deleted file mode 100644 index c8d8242..0000000 --- a/build/templates/Dockerfile.scratch.tmpl +++ /dev/null @@ -1,11 +0,0 @@ -{{ template "partials/Dockerfile.common.tmpl" }} - -FROM scratch - -COPY --from=builder /usr/bin/caddy /usr/bin/caddy -COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs -COPY --from=builder /etc/passwd /etc/passwd -COPY build/files . - -ENTRYPOINT ["/usr/bin/caddy"] -CMD ["run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"] diff --git a/build/templates/partials/Dockerfile.common.tmpl b/build/templates/partials/Dockerfile.common.tmpl deleted file mode 100644 index 732eeb3..0000000 --- a/build/templates/partials/Dockerfile.common.tmpl +++ /dev/null @@ -1,21 +0,0 @@ -ARG GO_TAG_VERSION -ARG ALPINE_TAG_VERSION -FROM golang:$GO_TAG_VERSION as builder - -WORKDIR /src - -RUN apk add --no-cache --no-progress \ - git=2.22.0-r0 \ - musl-dev=1.1.22-r3 \ - gcc=8.3.0-r0 \ - libc-dev=0.7.1-r0 \ - ca-certificates=20190108-r0 - -ARG CADDY_SOURCE_VERSION=v2 - -RUN git clone -b $CADDY_SOURCE_VERSION https://github.com/caddyserver/caddy.git --depth 1 - -WORKDIR /src/caddy/cmd/caddy - -RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \ - go build -trimpath -tags netgo -ldflags '-extldflags "-static" -s -w' -o /usr/bin/caddy \ No newline at end of file diff --git a/hooks/build b/hooks/build new file mode 100755 index 0000000..cab0909 --- /dev/null +++ b/hooks/build @@ -0,0 +1,28 @@ +#!/bin/bash +set -exuo pipefail + +echo "=== Build hook running" +VCS_REF=$(git rev-parse --short HEAD) +export VCS_REF +export DOCKER_REPO=${DOCKER_REPO:-caddy/caddy} +export DOCKER_TAG=${DOCKER_TAG:-latest} +export IMAGE_NAME=${IMAGE_NAME:-${DOCKER_REPO}:${DOCKER_TAG}} + + +if (git describe --abbrev=0 --exact-match &>/dev/null); then + VERSION=$(git describe --abbrev=0 --exact-match) +else + VERSION=0.0.0-devel +fi +export VERSION + +tags=(alpine scratch) +for tag in "${tags[@]}"; do + echo "=== Building $DOCKER_REPO:$tag" + docker build \ + --build-arg VCS_REF \ + --build-arg VERSION \ + --target "$tag" \ + --tag "$DOCKER_REPO:$tag" \ + . +done diff --git a/hooks/post_push b/hooks/post_push new file mode 100755 index 0000000..ebac840 --- /dev/null +++ b/hooks/post_push @@ -0,0 +1,41 @@ +#!/bin/bash +set -exuo pipefail + +export DOCKER_REPO=${DOCKER_REPO:-caddy/caddy} +export DOCKER_TAG=${DOCKER_TAG:-latest} +export IMAGE_NAME=${IMAGE_NAME:-$DOCKER_REPO:$DOCKER_TAG} + +docker push "$DOCKER_REPO:alpine" +docker push "$DOCKER_REPO:scratch" + +# This magic figures out if we're currently on a tag (i.e. a release). +# We only want to have special tags for releases. +if (git describe --abbrev=0 --exact-match &>/dev/null); then + tag=$(git describe --abbrev=0 --exact-match) + # splits the major/minor versions from $tag - assumes it's a 3-part semver + major=${tag%%\.*} + minor=${tag%\.*} + + # make sure latest is tagged when it's a versioned build too + docker tag "$DOCKER_REPO:scratch" "$DOCKER_REPO:latest" + docker tag "$DOCKER_REPO:scratch" "$DOCKER_REPO:$tag" + docker tag "$DOCKER_REPO:scratch" "$DOCKER_REPO:$major" + docker tag "$DOCKER_REPO:scratch" "$DOCKER_REPO:$minor" + docker tag "$DOCKER_REPO:scratch" "$DOCKER_REPO:${tag}-scratch" + docker tag "$DOCKER_REPO:scratch" "$DOCKER_REPO:${major}-scratch" + docker tag "$DOCKER_REPO:scratch" "$DOCKER_REPO:${minor}-scratch" + docker tag "$DOCKER_REPO:alpine" "$DOCKER_REPO:${tag}-alpine" + docker tag "$DOCKER_REPO:alpine" "$DOCKER_REPO:${major}-alpine" + docker tag "$DOCKER_REPO:alpine" "$DOCKER_REPO:${minor}-alpine" + + docker push "$DOCKER_REPO:latest" + docker push "$DOCKER_REPO:$tag" + docker push "$DOCKER_REPO:$major" + docker push "$DOCKER_REPO:$minor" + docker push "$DOCKER_REPO:${tag}-scratch" + docker push "$DOCKER_REPO:${major}-scratch" + docker push "$DOCKER_REPO:${minor}-scratch" + docker push "$DOCKER_REPO:${tag}-alpine" + docker push "$DOCKER_REPO:${major}-alpine" + docker push "$DOCKER_REPO:${minor}-alpine" +fi