From f0947e15d9f75f4b1b5e2b6f6ae707eafdc953dd Mon Sep 17 00:00:00 2001 From: asadarafat Date: Wed, 7 May 2025 11:49:08 +0000 Subject: [PATCH 1/5] add docker CI --- .github/workflows/dockerCi.yml | 58 ++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 .github/workflows/dockerCi.yml diff --git a/.github/workflows/dockerCi.yml b/.github/workflows/dockerCi.yml new file mode 100644 index 00000000..a9ab0993 --- /dev/null +++ b/.github/workflows/dockerCi.yml @@ -0,0 +1,58 @@ +name: Docker Image CI + +on: [workflow_dispatch] + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + build-and-push-image: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Create temporary Dockerfile + run: | + cat <<'EOF' > Dockerfile + FROM alpine:3.18 + + RUN apk add --no-cache curl ca-certificates + + ENV KAF_REPO=birdayz/kaf + + RUN KAF_LATEST_URL=$(curl -s https://api.github.com/repos/${KAF_REPO}/releases/latest \ + | grep "browser_download_url.*kaf-linux-amd64" \ + | cut -d '"' -f 4) \ + && curl -L "$KAF_LATEST_URL" -o /usr/local/bin/kaf \ + && chmod +x /usr/local/bin/kaf + + ENTRYPOINT ["/usr/local/bin/kaf"] + EOF + + - name: Log in to the Container registry + uses: docker/login-action@v2 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + - name: Build and push Docker image + uses: docker/build-push-action@v4 + with: + context: . + file: ./Dockerfile + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} From 82f4e22d26be8cda670a83bb3ec679904350db63 Mon Sep 17 00:00:00 2001 From: asadarafat Date: Wed, 7 May 2025 12:02:31 +0000 Subject: [PATCH 2/5] update dockerCI --- .github/workflows/dockerCi.yml | 71 +++++++++++++++++++++++++--------- 1 file changed, 53 insertions(+), 18 deletions(-) diff --git a/.github/workflows/dockerCi.yml b/.github/workflows/dockerCi.yml index a9ab0993..5c014f5b 100644 --- a/.github/workflows/dockerCi.yml +++ b/.github/workflows/dockerCi.yml @@ -1,58 +1,93 @@ -name: Docker Image CI +name: Build and Push Docker Image -on: [workflow_dispatch] +on: + release: + types: [published] + workflow_dispatch: # 👈 Allow manual execution env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} jobs: - build-and-push-image: + build-and-push: runs-on: ubuntu-latest permissions: contents: read packages: write steps: - - name: Checkout repository + - name: Checkout repo (optional) uses: actions/checkout@v3 - - name: Create temporary Dockerfile + - name: Set KAF version + id: vars run: | - cat <<'EOF' > Dockerfile - FROM alpine:3.18 + if [ "${{ github.event_name }}" == "release" ]; then + echo "version=${{ github.event.release.tag_name }}" >> $GITHUB_OUTPUT + else + # fallback to latest release from upstream + latest=$(curl -s https://api.github.com/repos/birdayz/kaf/releases/latest | jq -r .tag_name) + echo "version=$latest" >> $GITHUB_OUTPUT + fi - RUN apk add --no-cache curl ca-certificates + - name: Generate Dockerfile dynamically + run: | + cat < Dockerfile + FROM registry.access.redhat.com/ubi8/ubi-minimal + + # Install essential tools, including busybox, jq, yq, and other useful CLI packages + RUN microdnf install -y \ + curl \ + bash \ + ca-certificates \ + shadow-utils \ + passwd \ + findutils \ + iproute \ + iputils \ + procps-ng \ + jq \ + tar \ + zip \ + unzip \ + && microdnf clean all + + # Install yq (Go-based binary from GitHub) + RUN curl -sL https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 \ + -o /usr/local/bin/yq && chmod +x /usr/local/bin/yq + + RUN useradd -m admin && \ + echo 'admin:admin' | chpasswd - ENV KAF_REPO=birdayz/kaf + ENV KAF_VERSION=${{ steps.vars.outputs.version }} - RUN KAF_LATEST_URL=$(curl -s https://api.github.com/repos/${KAF_REPO}/releases/latest \ - | grep "browser_download_url.*kaf-linux-amd64" \ - | cut -d '"' -f 4) \ - && curl -L "$KAF_LATEST_URL" -o /usr/local/bin/kaf \ - && chmod +x /usr/local/bin/kaf + RUN curl https://raw.githubusercontent.com/birdayz/kaf/master/godownloader.sh | BINDIR=/usr/local/bin bash - ENTRYPOINT ["/usr/local/bin/kaf"] + USER admin EOF - - name: Log in to the Container registry + - name: Log in to GitHub Container Registry uses: docker/login-action@v2 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Extract metadata (tags, labels) for Docker + - name: Extract Docker metadata id: meta uses: docker/metadata-action@v4 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=raw,value=${{ steps.vars.outputs.version }} + type=raw,value=latest - name: Build and push Docker image uses: docker/build-push-action@v4 with: context: . - file: ./Dockerfile + file: Dockerfile push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} From 2f1c5877794655e385cbe90d8d81dd4f96cf4b7b Mon Sep 17 00:00:00 2001 From: asadarafat Date: Wed, 7 May 2025 17:53:20 +0000 Subject: [PATCH 3/5] add admin as wheel group --- .github/workflows/dockerCi.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/dockerCi.yml b/.github/workflows/dockerCi.yml index 5c014f5b..3a4cf90f 100644 --- a/.github/workflows/dockerCi.yml +++ b/.github/workflows/dockerCi.yml @@ -51,6 +51,7 @@ jobs: tar \ zip \ unzip \ + sudo \ && microdnf clean all # Install yq (Go-based binary from GitHub) @@ -60,6 +61,8 @@ jobs: RUN useradd -m admin && \ echo 'admin:admin' | chpasswd + RUN usermod -aG wheel admin + ENV KAF_VERSION=${{ steps.vars.outputs.version }} RUN curl https://raw.githubusercontent.com/birdayz/kaf/master/godownloader.sh | BINDIR=/usr/local/bin bash From d80e1a148a23cadf704781f64d74938e6a2927b1 Mon Sep 17 00:00:00 2001 From: asadarafat Date: Fri, 9 May 2025 09:29:49 +0000 Subject: [PATCH 4/5] Create the .kaf directory and assign ownership before switching to admin user --- .github/workflows/dockerCi.yml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/dockerCi.yml b/.github/workflows/dockerCi.yml index 3a4cf90f..6badb161 100644 --- a/.github/workflows/dockerCi.yml +++ b/.github/workflows/dockerCi.yml @@ -58,13 +58,17 @@ jobs: RUN curl -sL https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 \ -o /usr/local/bin/yq && chmod +x /usr/local/bin/yq + # Create user and set password RUN useradd -m admin && \ - echo 'admin:admin' | chpasswd - - RUN usermod -aG wheel admin - + echo 'admin:admin' | chpasswd && \ + usermod -aG wheel admin + + # Create the .kaf directory and assign ownership before switching to admin user + RUN mkdir -p /home/admin/.kaf && \ + chown -R admin:admin /home/admin/.kaf + + # Install kaf ENV KAF_VERSION=${{ steps.vars.outputs.version }} - RUN curl https://raw.githubusercontent.com/birdayz/kaf/master/godownloader.sh | BINDIR=/usr/local/bin bash USER admin From d1d0741f25a4d9dce0e25470a55bb74987421eda Mon Sep 17 00:00:00 2001 From: asadarafat Date: Fri, 9 May 2025 10:05:32 +0000 Subject: [PATCH 5/5] # Create user and give sudo without password --- .github/workflows/dockerCi.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/dockerCi.yml b/.github/workflows/dockerCi.yml index 6badb161..b86e1d89 100644 --- a/.github/workflows/dockerCi.yml +++ b/.github/workflows/dockerCi.yml @@ -57,11 +57,15 @@ jobs: # Install yq (Go-based binary from GitHub) RUN curl -sL https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 \ -o /usr/local/bin/yq && chmod +x /usr/local/bin/yq - - # Create user and set password + + # Create user and give sudo without password RUN useradd -m admin && \ echo 'admin:admin' | chpasswd && \ - usermod -aG wheel admin + usermod -aG wheel admin && \ + mkdir -p /home/admin/.kaf && \ + chown -R admin:admin /home/admin/.kaf && \ + echo 'admin ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/admin && \ + chmod 0440 /etc/sudoers.d/admin # Create the .kaf directory and assign ownership before switching to admin user RUN mkdir -p /home/admin/.kaf && \