jumpserver · ibuler · Jul 25, 2024 · Jul 23, 2024 · Jul 25, 2024 · Jul 25, 2024
diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml
@@ -0,0 +1,71 @@
+name: Build and Push Base Image
+
+on:
+  push:
+    branches:
+      - 'pr*'
+    paths:
+      - 'versions.txt'
+      - 'prepare.sh'
+      - 'Dockerfile'
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Extract date
+        id: vars
+        run: echo "IMAGE_TAG=$(date +'%Y%m%d_%H%M%S')" >> $GITHUB_ENV
+
+      - name: Extract repository name
+        id: repo
+        run: echo "REPO=$(basename ${{ github.repository }})" >> $GITHUB_ENV
+
+      - name: Build and push multi-arch image
+        uses: docker/build-push-action@v6
+        with:
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: jumpserver/${{ env.REPO }}:${{ env.IMAGE_TAG }}
+          file: Dockerfile
+
+      - name: Get current branch name
+        id: get_branch
+        run: echo "current_branch=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV
+
+      - name: Set up Git
+        run: |
+          git config --global user.name 'github-actions[bot]'
+          git config --global user.email 'github-actions[bot]@users.noreply.github.com'
+
+      - name: Update docker-web dependencies applets
+        run: |
+          git clone https://github.com/jumpserver/docker-web.git
+          cd docker-web
+          git checkout -b ${{ env.current_branch }}
+          sed -i 's|jumpserver/web-static:\w+ |jumpserver/web-static:${{ env.IMAGE_TAG }} |' Dockerfile-ee
+          sed -i 's|jumpserver/web-static:\w+ |jumpserver/web-static:${{ env.IMAGE_TAG }} |' Dockerfile
+          git add Dockerfile-ee Dockerfile
+          git commit -m "perf: Update web static version"
+
+      - name: Push changes
+        run: |
+          cd docker-web
+          git remote set-url origin https://${{ secrets.PRIVATE_TOKEN }}@github.com/jumpserver/docker-web.git
+          git push origin ${{ env.current_branch }}
diff --git a/.github/workflows/jms-build-test.yml → .github/workflows/jms-build-test.yml.bak b/.github/workflows/jms-build-test.yml → .github/workflows/jms-build-test.yml.bak
diff --git a/.github/workflows/release.yml → .github/workflows/release.yml.bak b/.github/workflows/release.yml → .github/workflows/release.yml.bak
@@ -1,8 +1,8 @@
 on:
-
   push:
-    branches:
-      - master
+    paths:
+      - 'prepare.sh'
+      - 'Dockerfile'
 
 name: Checkout and Create Release Version
 
@@ -29,13 +29,6 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: Login to FIT2CLOUD Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: registry.fit2cloud.com
-          username: ${{ secrets.FIT2CLOUD_USERNAME }}
-          password: ${{ secrets.FIT2CLOUD_TOKEN }}
-
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
@@ -101,4 +94,4 @@ jobs:
         run: |
           ossutil mkdir oss://jms-pkg/jumpserver/web-static/releases/download/${{ steps.get-version.outputs.upload_version }}/ || echo "Path already exists"
           ossutil cp -r opt/download/applets/ oss://jms-pkg/jumpserver/web-static/releases/download/${{ steps.get-version.outputs.upload_version }}/ --update
-          ossutil cp -r opt/download/public/ oss://jms-pkg/jumpserver/web-static/releases/download/${{ steps.get-version.outputs.upload_version }}/ --update
+          ossutil cp -r opt/download/public/ oss://jms-pkg/jumpserver/web-static/releases/download/${{ steps.get-version.outputs.upload_version }}/ --update
diff --git a/.github/workflows/sync.yml → .github/workflows/sync.yml.bak b/.github/workflows/sync.yml → .github/workflows/sync.yml.bak
diff --git a/Dockerfile b/Dockerfile
@@ -1,3 +1,57 @@
-FROM scratch
+FROM python:3.11-slim-bullseye AS stage-build
 ARG TARGETARCH
-COPY opt /opt
+
+ARG DEPENDENCIES="            \
+        ca-certificates       \
+        curl                  \
+        wget                  \
+        zip"
+
+ARG APT_MIRROR=http://deb.debian.org
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    set -ex \
+    && rm -f /etc/apt/apt.conf.d/docker-clean \
+    && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \
+    && sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
+    && apt-get update \
+    && apt-get -y install --no-install-recommends ${DEPENDENCIES} \
+    && apt-get clean all \
+    && echo "no" | dpkg-reconfigure dash
+
+ARG CHECK_VERSION=v1.0.2
+RUN set -ex \
+    && wget https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
+    && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
+    && mv check /usr/local/bin/ \
+    && chown root:root /usr/local/bin/check \
+    && chmod 755 /usr/local/bin/check \
+    && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz
+
+WORKDIR /opt/applets
+
+COPY requirements.txt ./requirements.txt
+
+ARG PIP_MIRROR=https://pypi.org/simple
+RUN set -ex \
+    && mkdir pip_packages build \
+    && pip config set global.index-url ${PIP_MIRROR} \
+    && pip download \
+          --only-binary=:all: --platform win_amd64 \
+          --python-version 3.11.6 --abi cp311 \
+          -d pip_packages -r requirements.txt -i${PIP_MIRROR} \
+    && cp requirements.txt pip_packages \
+    && zip -r pip_packages.zip pip_packages \
+    && mv pip_packages.zip build
+
+
+FROM alpine:3.20
+
+WORKDIR /tmp
+COPY . .
+RUN set -ex \
+    && apk add --no-cache bash \
+    && bash ./prepare.sh
+
+COPY --from=stage-build /opt/applets/build /opt/download/applets
+COPY --from=stage-build /usr/local/bin/check /usr/local/bin/check
diff --git a/prepare.sh b/prepare.sh
@@ -1,57 +1,48 @@
 #!/bin/bash
 set -ex
 
-PLAY_VERSION=1.1.0-1
-PYTHON_VERSION=3.11.6
-CHROME_VERSION=118.0.5993.118
-CHROME_DRIVER_VERSION=118.0.5993.70
-DBEAVER_VERSION=22.3.4
-TINKER_VERSION=v0.1.6
-MRD_VERSION=10.6.7
-VIDEO_PLAYER_VERSION=0.1.9
-OPENSSH_VERSION=v9.4.0.0
-Client_VERSION=v2.1.3
-MONGOSH_VERSION=2.2.12
-
-DOWNLOAD_URL=https://download.jumpserver.org
+echo "check_certificate = off
+      no_clobber = on" > /tmp/.wgetrc
+export WGETRC=/tmp/.wgetrc
 
 PROJECT_DIR=$(cd `dirname $0`; pwd)
-if [ -d "/opt/lina" ] && [ -d "/opt/luna" ]; then
-    PROJECT_DIR=/
-fi
 
-cd ${PROJECT_DIR} || exit 1
+. "${PROJECT_DIR}"/versions.txt
+
+DOWNLOAD_URL=https://download.jumpserver.org
 
-mkdir -p ${PROJECT_DIR}/opt/player
-cd ${PROJECT_DIR}/opt/player || exit 1
-wget --no-clobber ${DOWNLOAD_URL}/public/glyptodon-enterprise-player-${PLAY_VERSION}.tar.gz
+mkdir -p /opt/player
+cd /opt/player || exit 1
+wget ${DOWNLOAD_URL}/public/glyptodon-enterprise-player-${PLAY_VERSION}.tar.gz
 tar -xf glyptodon-enterprise-player-${PLAY_VERSION}.tar.gz -C ${PROJECT_DIR}/opt/player --strip-components 1
 rm -f glyptodon-enterprise-player-${PLAY_VERSION}.tar.gz
 
-mkdir -p ${PROJECT_DIR}/opt/download/applets
-cd ${PROJECT_DIR}/opt/download/applets
-wget --no-clobber -O chromedriver-${CHROME_DRIVER_VERSION}-win64.zip https://github.com/jumpserver-dev/Chrome-Portable-Win64/releases/download/${CHROME_DRIVER_VERSION}/chromedriver-win64.zip
-wget --no-clobber -O chrome-${CHROME_VERSION}-win.zip https://github.com/jumpserver-dev/Chrome-Portable-Win64/releases/download/${CHROME_VERSION}/chrome-win.zip
-wget --no-clobber https://www.python.org/ftp/python/${PYTHON_VERSION}/python-${PYTHON_VERSION}-amd64.exe
-wget --no-clobber ${DOWNLOAD_URL}/public/dbeaver-ce-${DBEAVER_VERSION}-x86_64-setup.exe
-wget --no-clobber ${DOWNLOAD_URL}/public/dbeaver-patch-${DBEAVER_VERSION}-x86_64-setup.msi
-wget --no-clobber ${DOWNLOAD_URL}/public/Tinker_Installer_${TINKER_VERSION}.exe
-
-mkdir -p ${PROJECT_DIR}/opt/download/public
-cd ${PROJECT_DIR}/opt/download/public || exit 1
-wget --no-clobber ${DOWNLOAD_URL}/public/Microsoft_Remote_Desktop_${MRD_VERSION}_installer.pkg
-wget --no-clobber https://github.com/jumpserver/VideoPlayer/releases/download/v0.1.9/JumpServer.Video.Player-${VIDEO_PLAYER_VERSION}.dmg
-wget --no-clobber https://github.com/jumpserver/VideoPlayer/releases/download/v0.1.9/JumpServer.Video.Player.Setup.${VIDEO_PLAYER_VERSION}.exe
-wget --no-clobber https://github.com/PowerShell/Win32-OpenSSH/releases/download/${OPENSSH_VERSION}p1-Beta/OpenSSH-Win64-${OPENSSH_VERSION}.msi
-wget --no-clobber https://github.com/jumpserver/clients/releases/download/${Client_VERSION}/JumpServer-Client-Installer-win-${Client_VERSION}-x64.msi
-wget --no-clobber https://github.com/jumpserver/clients/releases/download/${Client_VERSION}/JumpServer-Client-Installer-win-${Client_VERSION}-x64.exe
-wget --no-clobber https://github.com/jumpserver/clients/releases/download/${Client_VERSION}/JumpServer-Client-Installer-mac-${Client_VERSION}-x64.dmg
-wget --no-clobber https://github.com/jumpserver/clients/releases/download/${Client_VERSION}/JumpServer-Client-Installer-mac-${Client_VERSION}-arm64.dmg
-wget --no-clobber https://github.com/jumpserver/clients/releases/download/${Client_VERSION}/JumpServer-Client-Installer-linux-${Client_VERSION}-amd64.deb
-wget --no-clobber https://github.com/jumpserver/clients/releases/download/${Client_VERSION}/JumpServer-Client-Installer-linux-${Client_VERSION}-arm64.deb
-
-if [ "${USE_XPACK}" = "0" ]; then
-    for arch in x64 arm64 ppc64le s390x; do
-        wget --no-clobber https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-${arch}.tgz
-    done
-fi
+DOWNLOAD_DIR=/opt/download
+mkdir -p ${DOWNLOAD_DIR}/applets
+cd ${DOWNLOAD_DIR}/applets || exit 1
+wget -O chromedriver-${CHROME_DRIVER_VERSION}-win64.zip https://github.com/jumpserver-dev/Chrome-Portable-Win64/releases/download/${CHROME_DRIVER_VERSION}/chromedriver-win64.zip
+wget -O chrome-${CHROME_VERSION}-win.zip https://github.com/jumpserver-dev/Chrome-Portable-Win64/releases/download/${CHROME_VERSION}/chrome-win.zip
+wget https://www.python.org/ftp/python/${PYTHON_VERSION}/python-${PYTHON_VERSION}-amd64.exe
+wget ${DOWNLOAD_URL}/public/dbeaver-ce-${DBEAVER_VERSION}-x86_64-setup.exe
+wget ${DOWNLOAD_URL}/public/dbeaver-patch-${DBEAVER_VERSION}-x86_64-setup.msi
+wget ${DOWNLOAD_URL}/public/Tinker_Installer_${TINKER_VERSION}.exe
+
+mkdir -p ${DOWNLOAD_DIR}/public
+cd ${DOWNLOAD_DIR}/public || exit 1
+wget ${DOWNLOAD_URL}/public/Microsoft_Remote_Desktop_${MRD_VERSION}_installer.pkg
+wget https://github.com/jumpserver/VideoPlayer/releases/download/v${VIDEO_PLAYER_VERSION}/JumpServer.Video.Player-${VIDEO_PLAYER_VERSION}.dmg
+wget https://github.com/jumpserver/VideoPlayer/releases/download/v${VIDEO_PLAYER_VERSION}/JumpServer.Video.Player.Setup.${VIDEO_PLAYER_VERSION}.exe
+
+wget https://github.com/PowerShell/Win32-OpenSSH/releases/download/${OPENSSH_VERSION}p1-Beta/OpenSSH-Win64-${OPENSSH_VERSION}.msi
+
+clients=("win-${CLIENT_VERSION}-x64.exe" "mac-${CLIENT_VERSION}-x64.dmg" "mac-${CLIENT_VERSION}-arm64.dmg"
+         "linux-${CLIENT_VERSION}-amd64.deb" "linux-${CLIENT_VERSION}-arm64.deb")
+for client in "${clients[@]}"; do
+    wget "https://github.com/jumpserver/clients/releases/download/${CLIENT_VERSION}/JumpServer-Client-Installer-${client}"
+done
+
+for arch in x64 arm64; do
+    wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-${arch}.tgz
+done
+
+cp "${PROJECT_DIR}"/versions.txt ${DOWNLOAD_DIR}
diff --git a/requirements.txt b/requirements.txt
@@ -0,0 +1,5 @@
+pywinauto==0.6.6
+selenium==4.4.0
+pywin32==304
+PyYAML==6.0
+cffi==1.16.0
diff --git a/versions.txt b/versions.txt
@@ -0,0 +1,11 @@
+PLAY_VERSION=1.1.0-1
+PYTHON_VERSION=3.11.6
+CHROME_VERSION=118.0.5993.118
+CHROME_DRIVER_VERSION=118.0.5993.70
+DBEAVER_VERSION=22.3.4
+MRD_VERSION=10.6.7
+OPENSSH_VERSION=v9.4.0.0
+MONGOSH_VERSION=2.2.12
+TINKER_VERSION=v0.1.6
+VIDEO_PLAYER_VERSION=0.1.9
+CLIENT_VERSION=v2.1.3