From ae5b2cd2f833644d3206ef9988c1eb759d527d4c Mon Sep 17 00:00:00 2001 From: Finn Date: Thu, 29 Aug 2024 11:29:08 -0700 Subject: [PATCH] Add openbao image build --- .forgejo/workflows/build-openbao.yaml | 22 +++++++++++ containers/openbao/Containerfile | 53 +++++++++++++++++++++++++++ 2 files changed, 75 insertions(+) create mode 100644 .forgejo/workflows/build-openbao.yaml create mode 100644 containers/openbao/Containerfile diff --git a/.forgejo/workflows/build-openbao.yaml b/.forgejo/workflows/build-openbao.yaml new file mode 100644 index 0000000..0bc2f98 --- /dev/null +++ b/.forgejo/workflows/build-openbao.yaml @@ -0,0 +1,22 @@ +on: + push: + paths: + - containers/openbao/* + - .forgejo/workflows/build-openbao.yaml +jobs: + build-openbao: + runs-on: docker + container: + image: library/docker:dind + steps: + - run: apk add --no-cache nodejs git + - name: login to container registry + run: echo "${{ secrets.DEPLOY_TOKEN }}" | docker login --username ${{ secrets.DEPLOY_USER }} --password-stdin git.janky.solutions + - name: build container image + uses: docker/build-push-action@v4 + with: + file: Containerfile + context: "{{defaultContext}}:containers/openbao" + tags: git.janky.solutions/jankysolutions/infra/openbao:latest + platforms: linux/amd64 + push: true diff --git a/containers/openbao/Containerfile b/containers/openbao/Containerfile new file mode 100644 index 0000000..7a31188 --- /dev/null +++ b/containers/openbao/Containerfile @@ -0,0 +1,53 @@ +FROM node:22 AS web-build +RUN git clone -b v2.0.0 https://github.com/openbao/openbao /usr/src/openbao +WORKDIR /usr/src/openbao +RUN make ember-dist + +FROM golang:1.22 AS build +RUN git clone -b v2.0.0 https://github.com/openbao/openbao /usr/src/openbao +WORKDIR /usr/src/openbao +COPY --from=web-build /usr/src/openbao/http/web_ui /usr/src/openbao/http/web_ui +RUN make bootstrap +RUN make bin + +# Final image based on openbao Dockerfile +FROM alpine:3.20 +ARG NAME=openbao + +# Create a non-root user to run the software. +RUN addgroup ${NAME} && adduser -S -G ${NAME} ${NAME} + +RUN apk add --no-cache libcap su-exec dumb-init tzdata + +COPY --from=build /usr/src/openbao/bin/bao /bin/bao + +# /vault/logs is made available to use as a location to store audit logs, if +# desired; /vault/file is made available to use as a location with the file +# storage backend, if desired; the server will be started with /vault/config as +# the configuration directory so you can add additional config files in that +# location. +RUN mkdir -p /openbao/logs && \ + mkdir -p /openbao/file && \ + mkdir -p /openbao/config && \ + chown -R ${NAME}:${NAME} /openbao + +# Expose the logs directory as a volume since there's potentially long-running +# state in there +VOLUME /openbao/logs + +# Expose the file directory as a volume since there's potentially long-running +# state in there +VOLUME /openbao/file + +# 8200/tcp is the primary interface that applications use to interact with +# OpenBao. +EXPOSE 8200 + +# The entry point script uses dumb-init as the top-level process to reap any +# zombie processes created by OpenBao sub-processes. +COPY --from=build /usr/src/openbao/.release/docker/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh +ENTRYPOINT ["docker-entrypoint.sh"] + +# # By default you'll get a single-node development server that stores everything +# # in RAM and bootstraps itself. Don't use this configuration for production. +CMD ["server", "-dev"]