If you are using CI/CD pipelines and you want to be completely independent of the host that the pipeline is running on (Example GitHub Runner, or Jenkins), then it is best to use a docker image as part of your pipeline instead of trying to install everything on the (GitHub host runner or Jenkins)
This requires that you only need to have docker running on the host of the pipeline.
The below creates a docker image which sets up the following:
- JDK, Maven
- OpenShift Client
- Helm Client
- Company Proxies and Certificates
DockerFile:
FROM registry.access.redhat.com/ubi8/openjdk-11:1.13-1.1653918221
#Setup Proxies by uncommenting below and specifying proxies to use
#ENV HTTP_PROXY="http://company.proxy.com:8080"
#ENV HTTPS_PROXY="http://company.proxy.com:8080"
#ENV NO_PROXY="company.com"
ARG maintainer="Maintainer"
LABEL maintainer=${maintainer}
LABEL name="github-action-base-image"
LABEL description="ubi-based with Maven, OpenShift, Helm, Proxy Configurations and Certificates"
USER root
# Copy Company root/issuer CA Certificates by uncommenting below and specifying proper crts.
COPY ./certificates/company_issuing.crt /etc/pki/ca-trust/source/anchors/
COPY ./certificates/company_root.crt /etc/pki/ca-trust/source/anchors/
# Install CA certs
RUN update-ca-trust
# update microdnf packages; install tar gzip and git
RUN microdnf -y update && \
microdnf -y install tar gzip git && microdnf clean all
# Install OpenShift Client
COPY ./libs/openshift-client-linux.tar.gz /tmp/openshift-client-linux.tar.gz
RUN mkdir -p /opt/oc && \
tar zxf /tmp/openshift-client-linux.tar.gz -C /opt/oc && \
chmod a+x /opt/oc/oc && \
ln -s /opt/oc/oc /usr/local/bin/oc && \
ln -s /opt/oc/kubectl /usr/local/bin/kubectl && \
rm -f /tmp/openshift-client-linux.tar.gz
# Specify openshift configuration file
RUN mkdir /.kube && chmod -R a+rx /.kube
COPY ./oc/oc_config /.kube/config
RUN chmod go-r /.kube/config
ENV KUBECONFIG /.kube/config
# Install helm Client
COPY ./libs/helm-linux-amd64.tar.gz /tmp/helm-linux-amd64.tar.gz
RUN mkdir -p /opt/helm && \
tar zxf /tmp/helm-linux-amd64.tar.gz -C /opt/helm && \
chmod a+x /opt/helm/helm && \
ln -s /opt/helm/helm /usr/local/bin/helm && \
rm -f /tmp/helm-linux-amd64.tar.gz
# Uncomment and modify the custom settings.xml file if you have it.
#COPY ./maven/settings.xml /root/.m2/settings.xml
ENTRYPOINT [""]
The Proxies/Certificates sections are optional, and only required if you want your image to connect to external resources that your company routes through a proxy or an https://internal address that requires valid Certificates (Example: Organization Maven Registry or SonarQube)
The settings.xml file is also optional and required only if you have a custom settings.xml that routes through specific mirrors
Build:
Using base image registry.access.redhat.com/ubi8/openjdk-11:1.13-1.165391822 which has JDK11 + Maven prebuilt.
user@Machine /cygdrive/c/MyProjects/github
$ docker build -t github-action-base-image -f github-action-base-image/Dockerfile ./github-action-base-image/
[+] Building 1.1s (15/15) FINISHED
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 1.91kB 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for registry.access.redhat.com/ubi8/openjdk-11:1.13-1.1653918221 0.6s
=> [ 1/10] FROM registry.access.redhat.com/ubi8/openjdk-11:1.13-1.1653918221@sha256:ae7c1717 0.0s
=> [internal] load build context 0.4s
=> => transferring context: 63.15MB 0.4s
=> CACHED [ 2/10] RUN update-ca-trust 0.0s
=> CACHED [ 3/10] RUN microdnf -y update && microdnf -y install tar gzip git && microdnf 0.0s
=> CACHED [ 4/10] COPY ./libs/openshift-client-linux.tar.gz /tmp/openshift-client-linux.tar. 0.0s
=> CACHED [ 5/10] RUN mkdir -p /opt/oc && tar zxf /tmp/openshift-client-linux.tar.gz -C 0.0s
=> CACHED [ 6/10] RUN mkdir /.kube && chmod -R a+rx /.kube 0.0s
=> CACHED [ 7/10] COPY ./oc/oc_config /.kube/config 0.0s
=> CACHED [ 8/10] RUN chmod go-r /.kube/config 0.0s
=> CACHED [ 9/10] COPY ./libs/helm-linux-amd64.tar.gz /tmp/helm-linux-amd64.tar.gz 0.0s
=> CACHED [10/10] RUN mkdir -p /opt/helm && tar zxf /tmp/helm-linux-amd64.tar.gz -C /opt 0.0s
=> exporting to image 0.0s
=> => exporting layers 0.0s
=> => writing image sha256:cde6abe19861817e4691c1f01937209845f50d867d2b6a02b75e6c19a69d7f51 0.0s
=> => naming to docker.io/library/github-action-base-image 0.0s
[+] Building 1.1s (15/15) FINISHED
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 1.91kB 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for registry.access.redhat.com/ubi8/openjdk-11:1.13-1.1653918221 0.6s
=> [ 1/10] FROM registry.access.redhat.com/ubi8/openjdk-11:1.13-1.1653918221@sha256:ae7c1717 0.0s
=> [internal] load build context 0.4s
=> => transferring context: 63.15MB 0.4s
=> CACHED [ 2/10] RUN update-ca-trust 0.0s
=> CACHED [ 3/10] RUN microdnf -y update && microdnf -y install tar gzip git && microdnf 0.0s
=> CACHED [ 4/10] COPY ./libs/openshift-client-linux.tar.gz /tmp/openshift-client-linux.tar. 0.0s
=> CACHED [ 5/10] RUN mkdir -p /opt/oc && tar zxf /tmp/openshift-client-linux.tar.gz -C 0.0s
=> CACHED [ 6/10] RUN mkdir /.kube && chmod -R a+rx /.kube 0.0s
=> CACHED [ 7/10] COPY ./oc/oc_config /.kube/config 0.0s
=> CACHED [ 8/10] RUN chmod go-r /.kube/config 0.0s
=> CACHED [ 9/10] COPY ./libs/helm-linux-amd64.tar.gz /tmp/helm-linux-amd64.tar.gz 0.0s
=> CACHED [10/10] RUN mkdir -p /opt/helm && tar zxf /tmp/helm-linux-amd64.tar.gz -C /opt 0.0s
=> exporting to image 0.0s
=> => exporting layers 0.0s
=> => writing image sha256:cde6abe19861817e4691c1f01937209845f50d867d2b6a02b75e6c19a69d7f51 0.0s
=> => naming to docker.io/library/github-action-base-image 0.0s
Maven Usage:
Use the maven binary in the docker image to build your local applications.
In this example we mounted our local application (MyApplication) folder, which has pom.xml file into a docker volume titled (mavenAppDir).
The format of docker volume -v is /source:/destination specified in full-path format
We then build by specifying the location of the pom.xml file using -f /mavenAppDir/pom.xml
The maven being used to run clean install is what exists inside the docker image, not your local machine.
docker run -v /c/MyProjects/github/MyApplication:/mavenAppDir github-action-base-image:latest mvn clean install -f /mavenAppDir/pom.xml
To inspect your volume mount and verify the contents of the attached volume, sh into the docker image.
docker run -it -v /c/MyProjects/github/MyApplication:/mavenAppDir github-action-base-image:latest sh
sh-4.4# cd /
sh-4.4# ls -ltr
total 124
drwxr-xr-x 2 root root 4096 Jun 21 2021 srv
lrwxrwxrwx 1 root root 8 Jun 21 2021 sbin -> usr/sbin
drwxr-xr-x 2 root root 4096 Jun 21 2021 mnt
drwxr-xr-x 2 root root 4096 Jun 21 2021 media
lrwxrwxrwx 1 root root 9 Jun 21 2021 lib64 -> usr/lib64
lrwxrwxrwx 1 root root 7 Jun 21 2021 lib -> usr/lib
dr-xr-xr-x 2 root root 4096 Jun 21 2021 boot
lrwxrwxrwx 1 root root 7 Jun 21 2021 bin -> usr/bin
drwx------ 2 root root 4096 May 3 08:55 lost+found
drwxr-xr-x 1 root root 4096 May 3 08:55 var
dr-xr-x--- 1 root root 4096 May 3 08:58 root
drwxrwxr-x 1 jboss root 4096 May 30 14:01 usr
-rw-r--r-- 1 root root 23428 May 30 14:02 help.md
-rw-r--r-- 1 root root 29199 May 30 14:02 help.1
drwxr-xr-x 1 root root 4096 May 30 14:02 home
drwxrwxr-x 3 jboss root 4096 May 30 14:07 deployments
drwxrwxrwx 1 root root 4096 Jun 2 14:01 mavenAppDir
drwxr-xr-x 1 root root 4096 Jun 3 09:40 run
drwxrwxr-x 1 jboss root 4096 Jun 3 09:40 opt
drwxrwxrwt 1 root root 4096 Jun 3 09:40 tmp
drwxr-xr-x 1 root root 4096 Jun 3 11:00 etc
dr-xr-xr-x 13 root root 0 Jun 3 11:00 sys
dr-xr-xr-x 229 root root 0 Jun 3 11:00 proc
drwxr-xr-x 5 root root 360 Jun 3 11:00 dev
sh-4.4#
OpenShift:
Verify openshit client is setup and working from docker container
docker run github-action-base-image:latest oc version
Client Version: 4.9.35
Helm:
Verify helm client is setup and working from docker container
docker run github-action-base-image:latest helm version
V
version.BuildInfo{Version:"v3.7.1+7.el8",
GitCommit:"8f33223fe17957f11ba7a88b016bc860f034c4e6", GitT
reeState:"clean", GoVersion:"go1.16.7"}
Kube Configuration
Verify the cluster configurations specified in oc_config file
docker run github-action-base-image:latest kubectl config view
apiVersion: v1
clusters:
- cluster:
server: https://cluster1.company.com:8443
name: Cluster-1
contexts:
- context:
cluster: Cluster-1
namespace: default
user: ""
name: Cluster-1
current-context: ""
kind: Config
preferences: {}
users: null
The code is on GitHub
In the next part, we will cover how to create a GitHub Action Workflow and use this base image.
JCompetence AB 