Updated workflow actions, now all images running with user nginx or uid 10001

2024-12-13 03:41:39 +07:00 · 2024-12-13 03:41:39 +07:00 · 877333478e
parent 9bc44e4393
commit 877333478e
5 changed files with 223 additions and 71 deletions
--- a/.gitea/workflows/alpine-dockerio.yaml
+++ b/.gitea/workflows/alpine-dockerio.yaml
@ -6,7 +6,7 @@ on:

 jobs:
  build:
-    name: Build and push image (root user)
+    name: Build and push image
    runs-on: ubuntu-latest
    container:
      image: ghcr.io/catthehacker/ubuntu:act-latest
@ -19,42 +19,36 @@ jobs:
          registry: docker.io
          username: aprimediet
          password: ${{ secrets.DOCKER_TOKEN }}
-      - name: Build and push
+      - name: Build and push 1.22
        uses: docker/build-push-action@v5
        with:
          context: .
          file: Dockerfile.alpine
          build-args: |
-            REGISTRY_URL=aprimediet
+            ALPINE_VERSION=3.17
          push: true
          tags: |
-            aprimediet/nginx:alpine
-            aprimediet/nginx:latest-alpine
-            aprimediet/nginx:latest
-  build-rootless:
-    name: Build and push image (rootless)
-    runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/catthehacker/ubuntu:act-latest
-    steps:
-      - name: Check out repository code
-        uses: actions/checkout@v3
-      - name: Login to docker.io Registry
-        uses: docker/login-action@v3
-        with:
-          registry: docker.io
-          username: aprimediet
-          password: ${{ secrets.DOCKER_TOKEN }}
-      - name: Build and push
+            aprimediet/nginx:1.22-alpine
+      - name: Build and push 1.24
        uses: docker/build-push-action@v5
        with:
          context: .
-          file: Dockerfile.alpine-rootless
+          file: Dockerfile.alpine
          build-args: |
-            REGISTRY_URL=aprimediet
+            ALPINE_VERSION=3.19
          push: true
          tags: |
-            aprimediet/nginx:rootless-alpine
-            aprimediet/nginx:rootless
-            aprimediet/nginx:latest-rootless-alpine
-            aprimediet/nginx:latest-rootless
+            aprimediet/nginx:1.24-alpine
+      - name: Build and push 1.26
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile.alpine
+          build-args: |
+            ALPINE_VERSION=3.21
+          push: true
+          tags: |
+            aprimediet/nginx:1.26-alpine
+            aprimediet/nginx:1.26
+            aprimediet/nginx:alpine
+            aprimediet/nginx:latest
--- a/.gitea/workflows/alpine-winter.yaml
+++ b/.gitea/workflows/alpine-winter.yaml
@ -1,4 +1,4 @@
-name: Build and Push Alpine NodeJS Image to Winter Access Registry
+name: Build and Push Alpine NGINX Image to docker.io Registry
 on:
  push:
    branches:
@ -6,51 +6,52 @@ on:

 jobs:
  build:
-    name: Build and push image (Root User)
+    name: Build and push image
    runs-on: ubuntu-latest
    container:
      image: ghcr.io/catthehacker/ubuntu:act-latest
    steps:
      - name: Check out repository code
        uses: actions/checkout@v3
-      - name: Login to Docker Winter Access Git Registry
+      - name: Login to docker.io Registry
        uses: docker/login-action@v3
        with:
          registry: git.winteraccess.id
-          username: aditya.prima
-          password: ${{ secrets.PATOKEN }}
-      - name: Build and push
+          username: ${{ vars.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
+      - name: Build and push 1.22
        uses: docker/build-push-action@v5
        with:
          context: .
          file: Dockerfile.alpine
+          build-args: |
+            REGISTRY_URL=git.winteraccess.id/docker
+            ALPINE_VERSION=3.17
          push: true
          tags: |
-            git.winteraccess.id/${{ gitea.repository }}:alpine
-            git.winteraccess.id/${{ gitea.repository }}:latest-alpine
-            git.winteraccess.id/${{ gitea.repository }}:latest
-  build-rootless:
-    name: Build and push image (rootless)
-    runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/catthehacker/ubuntu:act-latest
-    steps:
-      - name: Check out repository code
-        uses: actions/checkout@v3
-      - name: Login to Docker Winter Access Git Registry
-        uses: docker/login-action@v3
-        with:
-          registry: git.winteraccess.id
-          username: aditya.prima
-          password: ${{ secrets.PATOKEN }}
-      - name: Build and push
+            git.winteraccess.id/${{ gitea.repository }}:1.22-alpine
+      - name: Build and push 1.24
        uses: docker/build-push-action@v5
        with:
          context: .
-          file: Dockerfile.alpine-rootless
+          file: Dockerfile.alpine
+          build-args: |
+            REGISTRY_URL=git.winteraccess.id/docker
+            ALPINE_VERSION=3.19
          push: true
          tags: |
-            git.winteraccess.id/${{ gitea.repository }}:rootless-alpine
-            git.winteraccess.id/${{ gitea.repository }}:rootless
-            git.winteraccess.id/${{ gitea.repository }}:latest-rootless-alpine
-            git.winteraccess.id/${{ gitea.repository }}:latest-rootless
+            git.winteraccess.id/${{ gitea.repository }}:1.24-alpine
+      - name: Build and push 1.26
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile.alpine
+          build-args: |
+            REGISTRY_URL=git.winteraccess.id/docker
+            ALPINE_VERSION=3.21
+          push: true
+          tags: |
+            git.winteraccess.id/${{ gitea.repository }}:1.26-alpine
+            git.winteraccess.id/${{ gitea.repository }}:1.26
+            git.winteraccess.id/${{ gitea.repository }}:alpine
+            git.winteraccess.id/${{ gitea.repository }}:latest
--- a/.gitea/workflows/ubi9-dockerio.yaml
+++ b/.gitea/workflows/ubi9-dockerio.yaml
@ -0,0 +1,79 @@
+name: Build and Push Alpine NGINX Image to docker.io Registry
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    name: Build and push ubi9 image
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/catthehacker/ubuntu:act-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v3
+      - name: Login to docker.io Registry
+        uses: docker/login-action@v3
+        with:
+          registry: docker.io
+          username: aprimediet
+          password: ${{ secrets.DOCKER_TOKEN }}
+      - name: Build and push 1.22
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile.ubi9
+          build-args: |
+            NGINX_VERSION=1.22
+          push: true
+          tags: |
+            aprimediet/nginx:1.22-ubi9
+      - name: Build and push 1.24
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile.ubi9
+          build-args: |
+            NGINX_VERSION=1.24
+          push: true
+          tags: |
+            aprimediet/nginx:1.24-ubi9
+            aprimediet/nginx:ubi9
+  build-micro:
+    name: Build and push ubi9-micro image
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/catthehacker/ubuntu:act-latest
+    needs:
+      - build
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v3
+      - name: Login to docker.io Registry
+        uses: docker/login-action@v3
+        with:
+          registry: docker.io
+          username: aprimediet
+          password: ${{ secrets.DOCKER_TOKEN }}
+      - name: Build and push 1.22
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile.ubi9-micro
+          build-args: |
+            NGINX_VERSION=1.22
+          push: true
+          tags: |
+            aprimediet/nginx:1.22-ubi9-micro
+      - name: Build and push 1.24
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile.ubi9-micro
+          build-args: |
+            NGINX_VERSION=1.24
+          push: true
+          tags: |
+            aprimediet/nginx:1.24-ubi9-micro
+            aprimediet/nginx:ubi9-micro
--- a/.gitea/workflows/ubi9-winter.yaml
+++ b/.gitea/workflows/ubi9-winter.yaml
@ -0,0 +1,79 @@
+name: Build and Push Alpine NGINX Image to git.winteraccess.id Registry
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    name: Build and push ubi9 image
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/catthehacker/ubuntu:act-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v3
+      - name: Login to git.winteraccess.id Registry
+        uses: docker/login-action@v3
+        with:
+          registry: git.winteraccess.id
+          username: ${{ vars.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
+      - name: Build and push 1.22
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile.ubi9
+          build-args: |
+            NGINX_VERSION=1.22
+          push: true
+          tags: |
+            git.winteraccess.id/${{ gitea.repository }}:1.22-ubi9
+      - name: Build and push 1.24
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile.ubi9
+          build-args: |
+            NGINX_VERSION=1.24
+          push: true
+          tags: |
+            git.winteraccess.id/${{ gitea.repository }}:1.24-ubi9
+            git.winteraccess.id/${{ gitea.repository }}:ubi9
+  build-micro:
+    name: Build and push ubi9-micro image
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/catthehacker/ubuntu:act-latest
+    needs:
+      - build
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v3
+      - name: Login to git.winteraccess.id Registry
+        uses: docker/login-action@v3
+        with:
+          registry: git.winteraccess.id
+          username: ${{ vars.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
+      - name: Build and push 1.22
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile.ubi9-micro
+          build-args: |
+            NGINX_VERSION=1.22
+          push: true
+          tags: |
+            git.winteraccess.id/${{ gitea.repository }}:1.22-ubi9-micro
+      - name: Build and push 1.24
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile.ubi9-micro
+          build-args: |
+            NGINX_VERSION=1.24
+          push: true
+          tags: |
+            git.winteraccess.id/${{ gitea.repository }}:1.24-ubi9-micro
+            git.winteraccess.id/${{ gitea.repository }}:ubi9-micro
--- a/Dockerfile.alpine
+++ b/Dockerfile.alpine
@ -1,7 +1,7 @@
 # 1.22.1 Alpine 3.17
 # 1.24.0 Alpine 3.19
 # 1.26.2 Alpine 3.21
-ARG REGISTRY_URL=git.winteraccess.id/docker
+ARG REGISTRY_URL=docker.io/aprimediet
 ARG ALPINE_VERSION=3.21

 FROM ${REGISTRY_URL}/alpine:${ALPINE_VERSION}
@ -9,34 +9,33 @@ LABEL maintainer="<Muhamad Aditya Prima> aprimediet@gmail.com"

 USER root

-WORKDIR /app
-
 # Add nginx user and group
-RUN addgroup -g 10001 nginx && adduser -D -u 10001 -G nginx -s /sbin/nologin -h /app nginx
+RUN addgroup -g 10001 nginx && \
+    adduser -D -u 10001 -G nginx -s /sbin/nologin -h /app nginx && \
+    mkdir -p /var/run/nginx && \
+    chown nginx:nginx /var/run/nginx

 # INSTALL WGET AND REQUIRED BUILD TOOLS
 RUN --mount=type=cache,target=/var/cache/apk \
    apk update && apk upgrade && apk add \
-    nginx nginx-mod-http-naxsi
+    nginx

 # COPY CONFIGURATION FILES
-ADD ./etc/nginx/nginx-rootless.conf /etc/nginx/nginx.conf
-ADD ./etc/nginx/naxsi_core.rules /etc/nginx/
-ADD ./etc/nginx/proxy_params /etc/nginx/
-ADD ./etc/nginx/ssl_params /etc/nginx/
-ADD ./etc/nginx/conf.d /etc/nginx/conf.d
-
-ADD ./app .
+ADD ./etc/alpine /etc/nginx
+ADD ./app /app

 RUN chown -R nginx:nginx /app && \
    chown -R nginx:nginx /var/lib/nginx

 # CLEAR CACHE
 RUN apk del curl && \
-    rm -rf /var/cache/apk/*
+    rm -rf /var/cache/apk/* && \
+    rm -rf /etc/nginx/http.d

 USER nginx

-CMD ["nginx"]
+WORKDIR /app

-EXPOSE 80
+EXPOSE 80
+
+CMD ["nginx"]