This commit is contained in:
parent
49d2740813
commit
ae5b2cd2f8
2 changed files with 75 additions and 0 deletions
22
.forgejo/workflows/build-openbao.yaml
Normal file
22
.forgejo/workflows/build-openbao.yaml
Normal file
|
|
@ -0,0 +1,22 @@
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
paths:
|
||||||
|
- containers/openbao/*
|
||||||
|
- .forgejo/workflows/build-openbao.yaml
|
||||||
|
jobs:
|
||||||
|
build-openbao:
|
||||||
|
runs-on: docker
|
||||||
|
container:
|
||||||
|
image: library/docker:dind
|
||||||
|
steps:
|
||||||
|
- run: apk add --no-cache nodejs git
|
||||||
|
- name: login to container registry
|
||||||
|
run: echo "${{ secrets.DEPLOY_TOKEN }}" | docker login --username ${{ secrets.DEPLOY_USER }} --password-stdin git.janky.solutions
|
||||||
|
- name: build container image
|
||||||
|
uses: docker/build-push-action@v4
|
||||||
|
with:
|
||||||
|
file: Containerfile
|
||||||
|
context: "{{defaultContext}}:containers/openbao"
|
||||||
|
tags: git.janky.solutions/jankysolutions/infra/openbao:latest
|
||||||
|
platforms: linux/amd64
|
||||||
|
push: true
|
||||||
53
containers/openbao/Containerfile
Normal file
53
containers/openbao/Containerfile
Normal file
|
|
@ -0,0 +1,53 @@
|
||||||
|
FROM node:22 AS web-build
|
||||||
|
RUN git clone -b v2.0.0 https://github.com/openbao/openbao /usr/src/openbao
|
||||||
|
WORKDIR /usr/src/openbao
|
||||||
|
RUN make ember-dist
|
||||||
|
|
||||||
|
FROM golang:1.22 AS build
|
||||||
|
RUN git clone -b v2.0.0 https://github.com/openbao/openbao /usr/src/openbao
|
||||||
|
WORKDIR /usr/src/openbao
|
||||||
|
COPY --from=web-build /usr/src/openbao/http/web_ui /usr/src/openbao/http/web_ui
|
||||||
|
RUN make bootstrap
|
||||||
|
RUN make bin
|
||||||
|
|
||||||
|
# Final image based on openbao Dockerfile
|
||||||
|
FROM alpine:3.20
|
||||||
|
ARG NAME=openbao
|
||||||
|
|
||||||
|
# Create a non-root user to run the software.
|
||||||
|
RUN addgroup ${NAME} && adduser -S -G ${NAME} ${NAME}
|
||||||
|
|
||||||
|
RUN apk add --no-cache libcap su-exec dumb-init tzdata
|
||||||
|
|
||||||
|
COPY --from=build /usr/src/openbao/bin/bao /bin/bao
|
||||||
|
|
||||||
|
# /vault/logs is made available to use as a location to store audit logs, if
|
||||||
|
# desired; /vault/file is made available to use as a location with the file
|
||||||
|
# storage backend, if desired; the server will be started with /vault/config as
|
||||||
|
# the configuration directory so you can add additional config files in that
|
||||||
|
# location.
|
||||||
|
RUN mkdir -p /openbao/logs && \
|
||||||
|
mkdir -p /openbao/file && \
|
||||||
|
mkdir -p /openbao/config && \
|
||||||
|
chown -R ${NAME}:${NAME} /openbao
|
||||||
|
|
||||||
|
# Expose the logs directory as a volume since there's potentially long-running
|
||||||
|
# state in there
|
||||||
|
VOLUME /openbao/logs
|
||||||
|
|
||||||
|
# Expose the file directory as a volume since there's potentially long-running
|
||||||
|
# state in there
|
||||||
|
VOLUME /openbao/file
|
||||||
|
|
||||||
|
# 8200/tcp is the primary interface that applications use to interact with
|
||||||
|
# OpenBao.
|
||||||
|
EXPOSE 8200
|
||||||
|
|
||||||
|
# The entry point script uses dumb-init as the top-level process to reap any
|
||||||
|
# zombie processes created by OpenBao sub-processes.
|
||||||
|
COPY --from=build /usr/src/openbao/.release/docker/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
|
||||||
|
ENTRYPOINT ["docker-entrypoint.sh"]
|
||||||
|
|
||||||
|
# # By default you'll get a single-node development server that stores everything
|
||||||
|
# # in RAM and bootstraps itself. Don't use this configuration for production.
|
||||||
|
CMD ["server", "-dev"]
|
||||||
Loading…
Reference in a new issue