mirror of
https://github.com/zokradonh/kopano-docker
synced 2025-06-06 15:36:40 +00:00
f19cf274f7
* add todo for docker wait * add makefile target to scan containers with trivy * pin version of trivy in travis file * add trivy cache to persistent storage of travis (commented since not part of ci for the moment) * reorg travis file + remove goss as it is not used * add a fixed version for the base image * add file with tags to gitignore * introduce tag-all target * remove after_failure step * add ignore file for trivy * store the tag for the builder as well * remove tag_file after completing scans * replace manual build and publish commands with generated ones * update kdav builder to resolve CVE-2019-3855 * ignore CVE-2019-3855 which is thrown in kdav build container * exclude the build-webapp-demo from build-all
369 lines
13 KiB
Makefile
369 lines
13 KiB
Makefile
# if not run in travis, get docker_login and _pwd from file
|
|
ifndef TRAVIS
|
|
docker_repo := zokradonh
|
|
docker_login := `cat ~/.docker-account-user`
|
|
docker_pwd := `cat ~/.docker-account-pwd`
|
|
endif
|
|
|
|
base_download_version := $(shell ./version.sh core)
|
|
core_download_version := $(shell ./version.sh core)
|
|
meet_download_version := $(shell ./version.sh meet)
|
|
webapp_download_version := $(shell ./version.sh webapp)
|
|
zpush_download_version := $(shell ./version.sh zpush)
|
|
|
|
KOPANO_CORE_REPOSITORY_URL := file:/kopano/repo/core
|
|
KOPANO_MEET_REPOSITORY_URL := file:/kopano/repo/meet
|
|
KOPANO_WEBAPP_REPOSITORY_URL := file:/kopano/repo/webapp
|
|
KOPANO_WEBAPP_FILES_REPOSITORY_URL := file:/kopano/repo/files
|
|
KOPANO_WEBAPP_MDM_REPOSITORY_URL := file:/kopano/repo/mdm
|
|
KOPANO_WEBAPP_SMIME_REPOSITORY_URL := file:/kopano/repo/smime
|
|
KOPANO_ZPUSH_REPOSITORY_URL := http://repo.z-hub.io/z-push:/final/Debian_9.0/
|
|
RELEASE_KEY_DOWNLOAD := 0
|
|
DOWNLOAD_COMMUNITY_PACKAGES := 1
|
|
|
|
COMPOSE_FILE := docker-compose.yml
|
|
TAG_FILE := build.tags
|
|
-include .env
|
|
export
|
|
|
|
# convert lowercase componentname to uppercase
|
|
COMPONENT = $(shell echo $(component) | tr a-z A-Z)
|
|
|
|
.PHONY: default
|
|
default: help
|
|
|
|
.PHONY: help
|
|
help:
|
|
@eval $$(sed -r -n 's/^([a-zA-Z0-9_-]+):.*?## (.*)$$/printf "\\033[36m%-30s\\033[0m %s\\n" "\1" "\2" ;/; ta; b; :a p' $(MAKEFILE_LIST) | sort)
|
|
|
|
.PHONY: build-all
|
|
all: build-all
|
|
|
|
build-all:
|
|
make $(shell grep -o ^build-.*: Makefile | grep -Ev 'build-all|build-simple|build-builder|build-webapp-demo' | uniq | sed s/://g | xargs)
|
|
|
|
.PHONY: build
|
|
build: component ?= base
|
|
build: ## Helper target to build a given image. Defaults to the "base" image.
|
|
ifdef TRAVIS
|
|
@echo "fetching previous build to warm up build cache (only on travis)"
|
|
docker pull $(docker_repo)/kopano_$(component) || true
|
|
docker pull $(docker_repo)/kopano_$(component):builder || true
|
|
endif
|
|
docker build \
|
|
--build-arg docker_repo=${docker_repo} \
|
|
--build-arg KOPANO_CORE_VERSION=${core_download_version} \
|
|
--build-arg KOPANO_$(COMPONENT)_VERSION=${$(component)_download_version} \
|
|
--build-arg KOPANO_CORE_REPOSITORY_URL=$(KOPANO_CORE_REPOSITORY_URL) \
|
|
--build-arg KOPANO_MEET_REPOSITORY_URL=$(KOPANO_MEET_REPOSITORY_URL) \
|
|
--build-arg KOPANO_WEBAPP_REPOSITORY_URL=$(KOPANO_WEBAPP_REPOSITORY_URL) \
|
|
--build-arg KOPANO_WEBAPP_FILES_REPOSITORY_URL=$(KOPANO_WEBAPP_FILES_REPOSITORY_URL) \
|
|
--build-arg KOPANO_WEBAPP_MDM_REPOSITORY_URL=$(KOPANO_WEBAPP_MDM_REPOSITORY_URL) \
|
|
--build-arg KOPANO_WEBAPP_SMIME_REPOSITORY_URL=$(KOPANO_WEBAPP_SMIME_REPOSITORY_URL) \
|
|
--build-arg KOPANO_ZPUSH_REPOSITORY_URL=$(KOPANO_ZPUSH_REPOSITORY_URL) \
|
|
--build-arg RELEASE_KEY_DOWNLOAD=$(RELEASE_KEY_DOWNLOAD) \
|
|
--build-arg DOWNLOAD_COMMUNITY_PACKAGES=$(DOWNLOAD_COMMUNITY_PACKAGES) \
|
|
--build-arg ADDITIONAL_KOPANO_PACKAGES="$(ADDITIONAL_KOPANO_PACKAGES)" \
|
|
--build-arg ADDITIONAL_KOPANO_WEBAPP_PLUGINS="$(ADDITIONAL_KOPANO_WEBAPP_PLUGINS)" \
|
|
--cache-from $(docker_repo)/kopano_$(component) \
|
|
--cache-from $(docker_repo)/kopano_$(component):builder \
|
|
-t $(docker_repo)/kopano_$(component) $(component)/
|
|
|
|
.PHONY: build-simple
|
|
build-simple: component ?= ssl
|
|
build-simple: ## Helper target to build a simplified image (no Kopano repo integration).
|
|
ifdef TRAVIS
|
|
@echo "fetching previous build to warm up build cache (only on travis)"
|
|
docker pull $(docker_repo)/kopano_$(component) || true
|
|
docker pull $(docker_repo)/kopano_$(component):builder || true
|
|
endif
|
|
docker build \
|
|
--cache-from $(docker_repo)/kopano_$(component) \
|
|
--cache-from $(docker_repo)/kopano_$(component):builder \
|
|
--build-arg docker_repo=$(docker_repo) \
|
|
-t $(docker_repo)/kopano_$(component) $(component)/
|
|
|
|
.PHONY: build-builder
|
|
build-builder: component ?= kdav
|
|
build-builder: ## Helper target for images with a build stage.
|
|
ifdef TRAVIS
|
|
@echo "fetching previous build to warm up build cache (only on travis)"
|
|
docker pull $(docker_repo)/kopano_$(component):builder || true
|
|
endif
|
|
docker build --target builder \
|
|
--build-arg docker_repo=${docker_repo} \
|
|
--build-arg KOPANO_CORE_VERSION=${core_download_version} \
|
|
--build-arg KOPANO_$(COMPONENT)_VERSION=${$(component)_download_version} \
|
|
--build-arg KOPANO_CORE_REPOSITORY_URL=$(KOPANO_CORE_REPOSITORY_URL) \
|
|
--build-arg KOPANO_MEET_REPOSITORY_URL=$(KOPANO_MEET_REPOSITORY_URL) \
|
|
--build-arg KOPANO_WEBAPP_REPOSITORY_URL=$(KOPANO_WEBAPP_REPOSITORY_URL) \
|
|
--build-arg KOPANO_WEBAPP_FILES_REPOSITORY_URL=$(KOPANO_WEBAPP_FILES_REPOSITORY_URL) \
|
|
--build-arg KOPANO_WEBAPP_MDM_REPOSITORY_URL=$(KOPANO_WEBAPP_MDM_REPOSITORY_URL) \
|
|
--build-arg KOPANO_WEBAPP_SMIME_REPOSITORY_URL=$(KOPANO_WEBAPP_SMIME_REPOSITORY_URL) \
|
|
--build-arg KOPANO_ZPUSH_REPOSITORY_URL=$(KOPANO_ZPUSH_REPOSITORY_URL) \
|
|
--build-arg RELEASE_KEY_DOWNLOAD=$(RELEASE_KEY_DOWNLOAD) \
|
|
--build-arg DOWNLOAD_COMMUNITY_PACKAGES=$(DOWNLOAD_COMMUNITY_PACKAGES) \
|
|
--build-arg ADDITIONAL_KOPANO_PACKAGES="$(ADDITIONAL_KOPANO_PACKAGES)" \
|
|
--build-arg ADDITIONAL_KOPANO_WEBAPP_PLUGINS="$(ADDITIONAL_KOPANO_WEBAPP_PLUGINS)" \
|
|
--cache-from $(docker_repo)/kopano_$(component) \
|
|
--cache-from $(docker_repo)/kopano_$(component):builder \
|
|
-t $(docker_repo)/kopano_$(component):builder $(component)/
|
|
@echo $(docker_repo)/kopano_$(component):builder >> $(TAG_FILE)
|
|
|
|
build-base: ## Build new base image.
|
|
docker pull debian:stretch
|
|
component=base make build
|
|
|
|
build-core: build-base
|
|
component=core make build
|
|
|
|
build-konnect:
|
|
component=konnect make build-simple
|
|
|
|
build-kwmserver:
|
|
component=kwmserver make build-simple
|
|
|
|
build-ldap:
|
|
component=ldap make build-simple
|
|
|
|
build-ldap-demo: build-ldap
|
|
component=ldap_demo make build-simple
|
|
|
|
build-meet: build-base
|
|
component=meet make build
|
|
|
|
build-php: build-base
|
|
component=php make build
|
|
|
|
build-playground:
|
|
component=playground make build-builder
|
|
component=playground make build-simple
|
|
|
|
build-python:
|
|
component=python make build
|
|
|
|
build-kdav:
|
|
component=kdav make build-builder
|
|
component=kdav make build
|
|
|
|
build-scheduler:
|
|
component=scheduler make build-simple
|
|
|
|
build-ssl:
|
|
component=ssl make build-simple
|
|
|
|
build-utils: build-core
|
|
component=utils make build
|
|
|
|
build-web:
|
|
component=web make build-simple
|
|
|
|
build-webapp: build-php
|
|
component=webapp make build
|
|
|
|
build-webapp-demo: ## Replaces the actual kopano_webapp container with one that has login hints for demo.kopano.com.
|
|
docker build \
|
|
-f webapp/Dockerfile.demo \
|
|
-t $(docker_repo)/kopano_webapp webapp/
|
|
|
|
build-zpush:
|
|
component=zpush make build
|
|
|
|
tag-all: build-all ## Helper target to create tags for all images.
|
|
make $(shell grep -o ^tag-.*: Makefile | grep -Ev 'tag-all|tag-container' | uniq | sed s/://g | xargs)
|
|
|
|
tag-container: component ?= base
|
|
tag-container: ## Helper target to tag a given image. Defaults to the base image.
|
|
@echo 'create tag $($(component)_version)'
|
|
docker tag $(docker_repo)/kopano_$(component) $(docker_repo)/kopano_$(component):${$(component)_version}
|
|
@echo $(docker_repo)/kopano_$(component):${$(component)_version} >> $(TAG_FILE)
|
|
@echo 'create tag latest'
|
|
docker tag $(docker_repo)/kopano_$(component) $(docker_repo)/kopano_$(component):latest
|
|
git commit -m 'ci: committing changes for $(component)' -- $(component) || true
|
|
git tag $(component)/${$(component)_version} || true
|
|
|
|
tag-base:
|
|
$(eval base_version := \
|
|
$(shell docker run --rm $(docker_repo)/kopano_base cat /kopano/buildversion))
|
|
component=base make tag-container
|
|
|
|
tag-core:
|
|
$(eval core_version := \
|
|
$(shell docker run --rm $(docker_repo)/kopano_core cat /kopano/buildversion | cut -d- -f2))
|
|
component=core make tag-container
|
|
|
|
tag-konnect:
|
|
$(eval konnect_version := \
|
|
$(shell docker run --rm $(docker_repo)/kopano_konnect env | grep CODE_VERSION | cut -d'=' -f2))
|
|
component=konnect make tag-container
|
|
|
|
tag-kwmserver:
|
|
$(eval kwmserver_version := \
|
|
$(shell docker run --rm $(docker_repo)/kopano_kwmserver env | grep CODE_VERSION | cut -d'=' -f2))
|
|
component=kwmserver make tag-container
|
|
|
|
tag-ldap:
|
|
$(eval ldap_version := \
|
|
$(shell docker run --rm $(docker_repo)/kopano_ldap env | grep CODE_VERSION | cut -d'=' -f2))
|
|
component=ldap make tag-container
|
|
$(eval ldap_demo_version := $(ldap_version))
|
|
component=ldap_demo make tag-container
|
|
|
|
tag-meet:
|
|
$(eval meet_version := \
|
|
$(shell docker run --rm $(docker_repo)/kopano_meet cat /kopano/buildversion | grep meet | cut -d- -f2 | cut -d+ -f1))
|
|
component=meet make tag-container
|
|
|
|
tag-php:
|
|
$(eval php_version := \
|
|
$(shell docker run --rm $(docker_repo)/kopano_php cat /kopano/buildversion | cut -d- -f2))
|
|
component=php make tag-container
|
|
|
|
tag-python:
|
|
$(eval python_version := \
|
|
$(shell docker run --rm $(docker_repo)/kopano_python cat /kopano/buildversion | cut -d- -f2))
|
|
component=python make tag-container
|
|
|
|
tag-scheduler:
|
|
$(eval scheduler_version := \
|
|
$(shell docker run --rm $(docker_repo)/kopano_scheduler env | grep SUPERCRONIC_VERSION | cut -d'=' -f2))
|
|
component=scheduler make tag-container
|
|
|
|
tag-ssl:
|
|
$(eval ssl_version := \
|
|
$(shell docker run --rm $(docker_repo)/kopano_ssl env | grep CODE_VERSION | cut -d'=' -f2))
|
|
component=ssl make tag-container
|
|
|
|
tag-utils:
|
|
$(eval utils_version := \
|
|
$(shell docker run --rm $(docker_repo)/kopano_utils cat /kopano/buildversion | cut -d- -f2))
|
|
component=utils make tag-container
|
|
|
|
tag-web:
|
|
$(eval web_version := \
|
|
$(shell docker run --rm $(docker_repo)/kopano_web env | grep CODE_VERSION | cut -d'=' -f2))
|
|
component=web make tag-container
|
|
|
|
tag-webapp:
|
|
$(eval webapp_version := \
|
|
$(shell docker run --rm $(docker_repo)/kopano_webapp cat /kopano/buildversion | grep webapp | cut -d- -f2 | cut -d+ -f1))
|
|
component=webapp make tag-container
|
|
|
|
tag-zpush:
|
|
$(eval zpush_version := \
|
|
$(shell docker run --rm $(docker_repo)/kopano_zpush cat /kopano/buildversion | tail -n 1 | grep -o -P '(?<=-).*(?=\+)'))
|
|
component=zpush make tag-container
|
|
|
|
# Docker publish
|
|
repo-login: ## Login at hub.docker.com
|
|
@docker login -u $(docker_login) -p $(docker_pwd)
|
|
|
|
.PHONY: publish
|
|
publish: repo-login
|
|
make $(shell grep -o ^publish-.*: Makefile | grep -Ev 'publish-container' | uniq | sed s/://g | xargs)
|
|
|
|
publish-container: component ?= base
|
|
publish-container: ## Helper target to push a given image to a registry. Defaults to the base image.
|
|
@echo 'publish latest to $(docker_repo)/kopano_$(component)'
|
|
docker push $(docker_repo)/kopano_$(component):${$(component)_version}
|
|
docker push $(docker_repo)/kopano_$(component):latest
|
|
|
|
publish-base: build-base tag-base
|
|
component=base make publish-container
|
|
|
|
publish-core: build-core tag-core
|
|
component=core make publish-container
|
|
|
|
publish-konnect: build-konnect tag-konnect
|
|
component=konnect make publish-container
|
|
|
|
publish-kwmserver: build-kwmserver tag-kwmserver
|
|
component=kwmserver make publish-container
|
|
|
|
publish-ldap: build-ldap
|
|
docker push $(docker_repo)/kopano_ldap:latest
|
|
|
|
publish-ldap-demo: build-ldap-demo
|
|
docker push $(docker_repo)/kopano_ldap_demo:latest
|
|
|
|
publish-meet: build-meet tag-meet
|
|
component=meet make publish-container
|
|
|
|
publish-php: build-php tag-php
|
|
component=php make publish-container
|
|
|
|
publish-playground: build-playground
|
|
docker push $(docker_repo)/kopano_playground:latest
|
|
docker push $(docker_repo)/kopano_playground:builder
|
|
|
|
publish-python: build-python tag-python
|
|
component=python make publish-container
|
|
|
|
publish-kdav: build-kdav #tag-kdav
|
|
docker push $(docker_repo)/kopano_kdav:latest
|
|
docker push $(docker_repo)/kopano_kdav:builder
|
|
|
|
publish-scheduler: build-scheduler tag-scheduler
|
|
component=scheduler make publish-container
|
|
|
|
publish-ssl: build-ssl tag-ssl
|
|
component=scheduler make publish-container
|
|
|
|
publish-utils: build-utils tag-utils
|
|
component=utils make publish-container
|
|
|
|
publish-web: build-web tag-web
|
|
component=web make publish-container
|
|
|
|
publish-webapp: build-webapp tag-webapp
|
|
component=webapp make publish-container
|
|
|
|
publish-zpush: build-zpush tag-zpush
|
|
component=zpush make publish-container
|
|
|
|
check-scripts:
|
|
grep -rIl '^#![[:blank:]]*/bin/\(bash\|sh\|zsh\)' \
|
|
--exclude-dir=.git --exclude=*.sw? \
|
|
| xargs shellcheck -x
|
|
# List files which name starts with 'Dockerfile'
|
|
# eg. Dockerfile, Dockerfile.build, etc.
|
|
git ls-files --exclude='Dockerfile*' --ignored | xargs --max-lines=1 hadolint
|
|
|
|
.PHONY: clean
|
|
clean:
|
|
docker-compose -f $(COMPOSE_FILE) down -v --remove-orphans || true
|
|
|
|
.PHONY: test
|
|
test: ## Build and start new containers for testing (also deletes existing data volumes).
|
|
docker-compose -f $(COMPOSE_FILE) down -v --remove-orphans || true
|
|
make build-all
|
|
docker-compose -f $(COMPOSE_FILE) build
|
|
docker-compose -f $(COMPOSE_FILE) up -d
|
|
docker-compose -f $(COMPOSE_FILE) ps
|
|
|
|
test-update-env: ## Recreate containers based on updated .env.
|
|
docker-compose -f $(COMPOSE_FILE) up -d
|
|
|
|
test-ci: ## Test if all containers start up
|
|
docker-compose -f $(COMPOSE_FILE) -f tests/test-container.yml build
|
|
docker-compose -f $(COMPOSE_FILE) -f tests/test-container.yml up -d
|
|
docker-compose -f $(COMPOSE_FILE) -f tests/test-container.yml ps
|
|
# TODO this just echos the exit code of the kopano_test container. if this is not 0 we should do something with it.
|
|
docker wait kopano_test_1
|
|
docker logs --tail 10 kopano_test_1
|
|
docker-compose -f $(COMPOSE_FILE) -f tests/test-container.yml stop 2>/dev/null
|
|
docker rm kopano_test_1
|
|
|
|
test-security: ## Scan containers with Trivy for known security risks (not part of CI workflow for now).
|
|
cat $(TAG_FILE) | xargs -I % sh -c 'trivy --exit-code 0 --severity HIGH --quiet --auto-refresh %'
|
|
cat $(TAG_FILE) | xargs -I % sh -c 'trivy --exit-code 1 --severity CRITICAL --quiet --auto-refresh %'
|
|
rm $(TAG_FILE)
|
|
|
|
test-quick: ## Similar to test target, but does not delete existing data volumes and does not rebuild images.
|
|
docker-compose -f $(COMPOSE_FILE) stop || true
|
|
docker-compose -f $(COMPOSE_FILE) up -d
|
|
docker-compose -f $(COMPOSE_FILE) ps
|
|
|
|
test-stop:
|
|
docker-compose -f $(COMPOSE_FILE) stop || true
|