Update to alpine

2023-05-17 00:18:41 +10:00 · 2023-05-17 00:18:41 +10:00 · 3d11c9ccc2
commit 3d11c9ccc2
parent 28ba2b6497
6 changed files with 80 additions and 26 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,17 +1,31 @@
 stages:
 - build
+- build-manifest

 variables:
-  CACHETAG: build-${VERSION}
+  VERSION: latest
  DOCKER_HOST: tcp://docker:2375
+  VERSIONARCH: ${VERSION}-${ARCH}

+cache:
+  key: ${CI_JOB_NAME_SLUG}-${CI_COMMIT_REF_SLUG}
+  paths:
+  - build-cache
+
+image: docker:latest
 services:
 - docker:dind

 before_script:
- docker info
- docker version
+- if [ ! -d build-cache ]; then mkdir build-cache; fi
+- sed -ie s'/https/http/' /etc/apk/repositories
+- HTTP_PROXY=http://proxy.dege.lan:3128 apk add git curl
+- docker info && docker version
+# env|sort
 - echo "$CI_JOB_TOKEN" | docker login -u "$CI_REGISTRY_USER" "$CI_REGISTRY" --password-stdin
- env|sort

-include: .gitlab-docker-x86_64.yml
+include:
+- .gitlab-docker-x86_64.yml
+# .gitlab-docker-armv7l.yml
+# .gitlab-docker-arm64.yml
+- .gitlab-docker-manifest.yml
--- a/.gitlab-docker-manifest.yml
+++ b/.gitlab-docker-manifest.yml
@ -0,0 +1,10 @@
+x86_64:build-manifest:
+  stage: build-manifest
+  script:
+  - docker manifest create ${CI_REGISTRY_IMAGE}:${VERSION} ${CI_REGISTRY_IMAGE}:${VERSION}-x86_64 #${CI_REGISTRY_IMAGE}:${VERSION}-arm64 ${CI_REGISTRY_IMAGE}:${VERSION}armv7l
+  - docker manifest push --purge ${CI_REGISTRY_IMAGE}:${VERSION}
+  tags:
+  - docker
+  - x86_64
+  only:
+  - master
--- a/.gitlab-docker-x86_64.yml
+++ b/.gitlab-docker-x86_64.yml
@ -1,14 +1,14 @@
 x86_64:build:
  variables:
-    VERSION: x86_64
+    ARCH: x86_64
  stage: build
-  image: docker:latest
  script:
  - if [ -f init ]; then chmod 500 init; fi
-  - ([ -z "$REFRESH" ] && docker pull ${CI_REGISTRY_IMAGE}:${CACHETAG}) || echo "true"
-  - docker build --cache-from ${CI_REGISTRY_IMAGE}:${CACHETAG} -t ${CI_REGISTRY_IMAGE}:${VERSION} -t ${CI_REGISTRY_IMAGE}:${CACHETAG} .
-  - docker push ${CI_REGISTRY_IMAGE}:${VERSION}
-  - docker push ${CI_REGISTRY_IMAGE}:${CACHETAG}
+  - ([ -z "$REFRESH" -a -f build-cache/${CI_COMMIT_REF_SLUG} ]) && docker load < build-cache/${CI_COMMIT_REF_SLUG} || true
+  - rm build-cache/* || true
+  - docker build --build-arg HTTP_PROXY=http://proxy.dege.lan:3128 --cache-from ${CI_REGISTRY_IMAGE}:${VERSIONARCH} -t ${CI_REGISTRY_IMAGE}:${VERSIONARCH} .
+  - docker push ${CI_REGISTRY_IMAGE}:${VERSIONARCH}
+  - docker save ${CI_REGISTRY_IMAGE}:${VERSIONARCH} > build-cache/${CI_COMMIT_REF_SLUG}
  tags:
  - docker
  - x86_64
--- a/16
+++ b/16
@ -1,21 +1,17 @@
 # NAME leenooks/rspamd
 # VERSION latest

-FROM debian:stretch-slim
+FROM alpine

-RUN apt-get update \
-	&& apt-get install curl gnupg2 procps -yyq \
-	&& curl -L https://rspamd.com/apt-stable/gpg.key | apt-key add - \
-	&& apt-get purge curl gnupg2 -yyq && apt autoremove -yyq \
-	&& echo "deb http://rspamd.com/apt-stable/ stretch main" > /etc/apt/sources.list.d/rspamd.list \
-	&& apt-get update \
-	&& apt-get install rspamd iputils-ping -yyq \
-	&& rm -rf /var/lib/apt/lists/* /tmp/*
+# Change to http respositories, so they we can cache the install packages
+RUN if [ -n ${HTTP_PROXY} ] ; then sed -i -e s'/https/http/' /etc/apk/repositories; fi

+RUN apk add --no-cache rspamd
+
+ADD rspamd.conf.local.override /etc/rspamd/
 EXPOSE 11332 11333 11334

 COPY init /sbin/

 # Starting
 ENTRYPOINT [ "/sbin/init" ]
-CMD [ "start" ]
--- a/23
+++ b/23
@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 set -e

 NAME="RSPAMD"
@ -13,12 +13,25 @@ function stop {

 trap 'stop' SIGTERM

-if [ "$1" == "start" ]; then
-	if [ -z "${NO_CLAMAV}" ]; then
-		x=0; until ping -c1 ${CLAMAV} &>/dev/null; do echo "Waiting for [${CLAMAV}]..."; let x=$x+1; if [ $x -ge ${TRIES} ]; then NOTON=1; break; fi ; sleep ${WAIT}; done ; [ -n "${NOTON}" ] && echo "No [${CLAMAV}]?" && exit 1
+if [ -z "$@" ]; then
+	if [ -n "${ENABLE_CLAMAV}" ]; then
+		x=0;
+		until ping -c1 ${CLAMAV} &>/dev/null; do
+			echo "Waiting for [${CLAMAV}]...";
+			let x=$x+1;
+			if [ $x -ge ${TRIES} ]; then
+				NOTON=1;
+				 break;
+			fi
+			sleep ${WAIT};
+		done
+		[ -n "${NOTON}" ] && echo "No [${CLAMAV}]?" && exit 1
 	fi

-	[ -x /usr/bin/rspamd ] && exec /usr/bin/rspamd -u _rspamd -g _rspamd -c /etc/rspamd/rspamd.conf -f -p /var/run/rspamd.pid &
+	# Set password
+	[ -n "${RSPAMD_PASSWD}" ] && sed -i -e 's/^#\s*password/    password/' -e "s/@PASSWORD@/${RSPAMD_PASSWD}/" /etc/rspamd/rspamd.conf.local.override
+
+	[ -x /usr/bin/rspamd ] && exec /usr/bin/rspamd -u rspamd -g rspamd -c /etc/rspamd/rspamd.conf -f -p /var/run/rspamd.pid &

 	wait
 else
--- a/rspamd.conf.local.override
+++ b/rspamd.conf.local.override
@ -0,0 +1,21 @@
+worker "normal" {
+    bind_socket = "*:11333";
+    .include "$CONFDIR/worker-normal.inc"
+    .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-normal.inc"
+    .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-normal.inc"
+}
+
+worker "controller" {
+    bind_socket = "*:11334";
+#    password = "@PASSWORD@";
+    .include "$CONFDIR/worker-controller.inc"
+    .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-controller.inc"
+    .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-controller.inc"
+}
+
+worker "rspamd_proxy" {
+    bind_socket = "*:11332";
+    .include "$CONFDIR/worker-proxy.inc"
+    .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-proxy.inc"
+    .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-proxy.inc"
+}