diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 94fb04ae5..1a89ea14a 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -24,16 +24,6 @@ jobs: with: version: v3.7.1 - # TODO: Maintainer of repository to follow: - # https://github.com/docker/login-action#google-container-registry-gcr to add credentials so - # we can push from github actions - # - name: log in to google container registry - # uses: docker/login-action@v1 - # with: - # registry: gcr.io - # username: ${{ secrets.DOCKER_USERNAME }} - # password: ${{ secrets.DOCKER_PASSWORD }} - - name: Login to Packages Container registry uses: docker/login-action@v1 with: @@ -43,23 +33,7 @@ jobs: - name: Build and Push Spark-Operator Docker Image to github container registry run: | + export DOCKER_BUILDKIT=1 DOCKER_TAG=$(cat charts/spark-operator-chart/Chart.yaml | grep "appVersion: .*" | cut -c13-) - docker build -t gcr.io/teamziax/spark-operator:${DOCKER_TAG} -f Dockerfile.rh . - echo "Ideally, we'd release the docker container at this point, but the maintainer of this repo needs to approve..." - docker tag gcr.io/teamziax/spark-operator:${DOCKER_TAG} ghcr.io/googlecloudplatform/spark-operator:${DOCKER_TAG} - if ! docker pull ghcr.io/teamziax/spark-operator:${DOCKER_TAG}; then - docker push ghcr.io/teamziax/spark-operator:${DOCKER_TAG} - else - echo "Spark-Operator Docker Image alredy exists" - fi - - - name: Release Spark-Operator Docker Image - run: | - DOCKER_TAG=$(cat charts/spark-operator-chart/Chart.yaml | grep "appVersion: .*" | cut -c13-) - if git rev-parse -q --verify "refs/tags/$DOCKER_TAG"; then - echo "Spark-Operator Docker Image Tag $DOCKER_TAG already exists!" - else - git tag $DOCKER_TAG - git push origin $DOCKER_TAG - echo "Spark-Operator Docker Image new tag: $DOCKER_TAG released" - fi + docker build -t ghcr.io/teamziax/spark-operator:${DOCKER_TAG} -f Dockerfile.rh --build-arg SPARK_IMAGE=gcr.io/datamechanics/custom/spark:netapp-spark-support-image-v3.5.0-dev-amd64 . + docker push ghcr.io/teamziax/spark-operator:${DOCKER_TAG} diff --git a/Dockerfile.rh b/Dockerfile.rh index 4fe0110ca..8879a2a94 100644 --- a/Dockerfile.rh +++ b/Dockerfile.rh @@ -22,7 +22,9 @@ ARG SPARK_IMAGE=gcr.io/spark-operator/spark:v3.1.1 -FROM golang:1.14.0-alpine as builder +FROM golang:1.20-alpine as builder + +RUN apk update && apk add --no-cache libcap WORKDIR /workspace @@ -39,19 +41,26 @@ COPY pkg/ pkg/ # Build RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o /usr/bin/spark-operator main.go +RUN setcap cap_net_bind_service=+ep /usr/bin/spark-operator FROM ${SPARK_IMAGE} -COPY --from=builder /usr/bin/spark-operator /usr/bin/ USER root +RUN yum install -y openssl \ + && yum clean all \ + && curl -fsSL "https://github.com/krallin/tini/releases/download/v0.19.0/tini-static-amd64" -o /sbin/tini \ + && chmod +x /sbin/tini # Comment out the following three lines if you do not have a RedHat subscription. -COPY hack/install_packages.sh / -RUN --mount=target=/opt/spark/credentials,type=secret,id=credentials,required /install_packages.sh -RUN rm /install_packages.sh +# COPY hack/install_packages.sh / +# RUN --mount=target=/opt/spark/credentials,type=secret,id=credentials,required /install_packages.sh +# RUN rm /install_packages.sh -RUN chmod -R u+x /tmp +# RUN chmod -R u+x /tmp + +USER 185 +COPY --from=builder /usr/bin/spark-operator /usr/bin/ COPY hack/gencerts.sh /usr/bin/ + COPY entrypoint.sh /usr/bin/ -USER 185 -ENTRYPOINT ["/usr/bin/entrypoint.sh"] +ENTRYPOINT ["/usr/bin/entrypoint.sh"] \ No newline at end of file