Skip to content

Commit

Permalink
feat(code-server): new code-server image (#24)
Browse files Browse the repository at this point in the history 
* feat(code-server) implémentation image code server

* feat(code-server) ci-cd pour code-server

* chore(pipeline) fusion pipeline des deux images

Passage par un workflow générique pour supprimer le copier/coller

* chore(code-server) substitution de wget par ADD
  • Loading branch information
@Yannig
Yannig authored Jan 17, 2025
1 parent da5c4d9 commit 42a2767
Show file tree
Hide file tree
Showing 6 changed files with 168 additions and 65 deletions.
71 changes: 6 additions & 65 deletions .github/workflows/bats.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
---
name: Build bats docker image
run-name: ${{ github.actor }} is building bats
name: Build bats container image

on:
push:
Expand All @@ -12,67 +11,9 @@ on:
paths:
- "bats/**"

env:
REGISTRY: ghcr.io
IMAGE_TAG: ${{ github.repository }}/bats:v1.10.0-curl

jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Log into registry ${{ env.REGISTRY }}
uses: docker/[email protected]
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Build and push Docker image
uses: docker/build-push-action@v6
with:
context: bats
push: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_TAG }}

scan:
runs-on: ubuntu-latest
permissions:
contents: read
packages: read
needs: build
steps:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_TAG }}
format: "table"
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
severity: "CRITICAL,HIGH"
env:
TRIVY_USERNAME: ${{ github.actor }}
TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}

check:
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected]
- uses: docker/[email protected]
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Dockerfile linting
uses: hadolint/[email protected]
with:
dockerfile: bats/Dockerfile
ignore: DL3018
build-bats:
uses: ./.github/workflows/generic-docker-build.yml
with:
image-folder: bats
image-tag: v1.10.0-curl
19 changes: 19 additions & 0 deletions .github/workflows/code-server.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
---
name: Build code-server container image

on:
push:
branches: ["main"]
paths:
- "code-server/**"
pull_request:
branches: ["main"]
paths:
- "code-server/**"

jobs:
build-code-server:
uses: ./.github/workflows/generic-docker-build.yml
with:
image-folder: code-server
image-tag: 4.96.2-ubuntu
87 changes: 87 additions & 0 deletions .github/workflows/generic-docker-build.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
name: Reusable Docker Build and Scan

on:
workflow_call:
inputs:
image-folder:
required: true
type: string
image-name:
required: false
type: string
image-tag:
required: true
type: string
skip-dirs:
required: false
type: string
default: /usr/local/bin
ignored-dockerfile-lint-rules:
required: false
type: string
default: "DL3008,DL3015,DL3018"

env:
REGISTRY: ghcr.io

jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Log into registry ${{ env.REGISTRY }}
uses: docker/[email protected]
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Build and push Docker image
uses: docker/build-push-action@v6
with:
context: ${{ inputs.image-folder }}
push: true
tags: ${{ env.REGISTRY }}/${{ github.repository }}/${{ inputs.image-name || inputs.image-folder }}:${{ inputs.image-tag }}

scan:
runs-on: ubuntu-latest
permissions:
contents: read
packages: read
needs: build
steps:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.REGISTRY }}/${{ github.repository }}/${{ inputs.image-name || inputs.image-folder }}:${{ inputs.image-tag }}
format: "table"
exit-code: "1"
ignore-unfixed: true
skip-dirs: ${{ inputs.skip-dirs }}
vuln-type: "os,library"
severity: "CRITICAL,HIGH"
env:
TRIVY_USERNAME: ${{ github.actor }}
TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}

lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: docker/[email protected]
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Dockerfile linting
uses: hadolint/[email protected]
with:
dockerfile: ${{ inputs.image-folder }}/Dockerfile
ignore: ${{ inputs.ignored-dockerfile-lint-rules }}
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
*.idea
52 changes: 52 additions & 0 deletions code-server/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
# Référence de l'ensemble des versions à utiliser pour l'installation des outils
FROM docker.io/prom/prometheus:v3.1.0 AS prometheus
FROM docker.io/prom/alertmanager:v0.28.0 AS alertmanager
FROM public.ecr.aws/aws-cli/aws-cli:2.22.34 AS aws-cli
FROM docker.io/library/docker:27 AS docker-compose
FROM docker.io/bitnami/kubectl:1.32 AS kubectl
FROM docker.io/bitnami/trivy:0.58.2 AS trivy
FROM docker.io/derailed/k9s:v0.32.7 AS k9s
FROM docker.io/wagoodman/dive:v0.12 AS dive

FROM ghcr.io/coder/code-server:4.96.2-ubuntu
ARG KUBECTX_VERSION="v0.9.5"

# Nécessaire pour installer les paquets
USER root
WORKDIR /home/coder
# Mettre à jour les paquets et installer les dépendances
RUN export DEBIAN_FRONTEND=noninteractive ; export TZ=Europe/Paris ; apt-get -y update && apt-get -y install \
git vim wget htop amazon-ecr-credential-helper groff-base gnupg2 pass bind9-utils gettext-base apache2-utils && \
# Nettoyer les fichiers inutiles
apt-get clean && rm -rf /var/lib/apt/lists/*
# Et on revient à un utilisateur lambda pour la suite
USER coder

# Install AWS cli
COPY --from=aws-cli /usr/local /usr/local

# Installer docker-compose extension
COPY --from=docker-compose /usr/local/bin/docker-compose /usr/local/lib/docker/cli-plugins/docker-compose

# Installer kubectl/trivy/k9s/dive
COPY --from=kubectl /opt/bitnami/kubectl/bin/kubectl /usr/local/bin
COPY --from=trivy /opt/bitnami/trivy/bin/trivy /usr/local/bin
COPY --from=k9s /bin/k9s /usr/local/bin
COPY --from=dive /usr/local/bin/dive /usr/local/bin

# Installer kubectx
ADD --chmod=755 https://github.com/ahmetb/kubectx/releases/download/${KUBECTX_VERSION}/kubectx /usr/local/bin/kubectx
ADD --chmod=755 https://github.com/ahmetb/kubectx/releases/download/${KUBECTX_VERSION}/kubens /usr/local/bin/kubens

# Installer kube-ps1
COPY bash_completion.sh /etc/bash_completion
ADD --chmod=755 https://raw.githubusercontent.com/jonmosco/kube-ps1/refs/heads/master/kube-ps1.sh /usr/local/bin/kube-ps1.sh

# Installer promtool + prometheus + alertmanager + amtool
COPY --from=prometheus /bin/prometheus /usr/local/bin
COPY --from=prometheus /bin/promtool /usr/local/bin
COPY --from=alertmanager /bin/alertmanager /usr/local/bin
COPY --from=alertmanager /bin/amtool /usr/local/bin

# Définir le point d'entrée par défaut
CMD ["/bin/bash"]
3 changes: 3 additions & 0 deletions code-server/bash_completion.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
source /usr/local/bin/kube-ps1.sh
export PS1='[${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\] $(kube_ps1)] $ '
alias aws_ecr_login='aws ecr get-login-password --region $AWS_REGION | docker login --username $DOCKER_REGISTRY_USERNAME --password-stdin $REGISTRY_URL'

0 comments on commit 42a2767

Please sign in to comment.