Build experimental multi-arch docker image (#29857)

* Build experimental multi-arch docker image (partially #13119)

Build experimental multi-arch docker image (#29857)
0aa57b4c · Anton Kostenko · GitHub · 78a1d86b · 0aa57b4c · 0aa57b4c
Unverified Commit 0aa57b4c authored 1 year ago by Anton Kostenko Committed by GitHub 1 year ago
--- a/.github/workflows/uberjar.yml
+++ b/.github/workflows/uberjar.yml
@@ -186,3 +186,75 @@ jobs:
      uses: github/codeql-action/upload-sarif@v2
      with:
        sarif_file: 'trivy-results.sarif'
+
+  containerize_multi_arch:
+    runs-on: ubuntu-22.04
+    name: Containerize multi-arch ${{ matrix.edition }}
+    if: ${{ github.ref_name == 'master' }}
+    needs: check_jar_health
+    strategy:
+      matrix:
+        edition: [ee, oss]
+    services:
+      registry:
+        image: registry:2
+        ports:
+          - 5000:5000
+    steps:
+      - name: Extract and clean branch name
+        shell: bash
+        run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/} | sed 's/[^-._a-zA-Z0-9]/-/g')"
+        id: extract_branch
+      - name: Check out the code (Dockerfile needed)
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.inputs.commit }}
+      - name: Download uploaded artifacts to insert into container
+        uses: actions/download-artifact@v3
+        with:
+          name: metabase-${{ matrix.edition }}-uberjar
+          path: bin/docker/
+      - name: Move the ${{ matrix.edition }} uberjar to the context dir
+        run: mv bin/docker/target/uberjar/metabase.jar bin/docker/.
+      # We need it for multi-arch build
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+        with:
+          platforms: 'arm64'
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
+        with:
+          driver-opts: network=host
+      # Build experimental ubuntu-based images only for master
+      - name: Build ${{ matrix.edition }} Ubuntu based multi-arch container
+        uses: docker/build-push-action@v2
+        with:
+          context: bin/docker/.
+          platforms: linux/amd64,linux/arm64
+          file: bin/docker/Dockerfile_ubuntu
+          network: host
+          tags: localhost:5000/metabase-dev:${{ steps.extract_branch.outputs.branch }}-${{ matrix.edition }}-ubuntu
+          no-cache: true
+          push: true
+      - name: Launch ${{ matrix.edition }} Ubuntu based container
+        run: docker run --rm -dp 3001:3000 localhost:5000/metabase-dev:${{ steps.extract_branch.outputs.branch }}-${{ matrix.edition }}-ubuntu
+        timeout-minutes: 5
+      - name: Is Docker with Ubuntu running?
+        run: docker ps
+      - name: Wait for Ubuntu-based Metabase container to start and reach 100% health
+        run: while ! curl -s 'http://localhost:3001/api/health' | grep '{"status":"ok"}'; do sleep 1; done
+        timeout-minutes: 3
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      # Push experimental ubuntu image only for versions based on a master
+      - name: Retag and push ubuntu-based images if master (ee)
+        if: ${{ matrix.edition == 'ee' }}
+        run: docker tag localhost:5000/metabase-dev:${{ steps.extract_branch.outputs.branch }}-ee-ubuntu metabase/metabase-enterprise-head-ubuntu:latest && docker push metabase/metabase-enterprise-head-ubuntu:latest
+
+      - name: Retag and push ubuntu-based images if master (oss)
+        if: ${{ matrix.edition == 'oss' }}
+        run: docker tag localhost:5000/metabase-dev:${{ steps.extract_branch.outputs.branch }}-oss-ubuntu metabase/metabase-head-ubuntu:latest && docker push metabase/metabase-head-ubuntu:latest
--- a/bin/docker/Dockerfile_ubuntu
+++ b/bin/docker/Dockerfile_ubuntu
+FROM eclipse-temurin:11-jre-jammy as runner
+
+ENV FC_LANG=en-US LC_CTYPE=en_US.UTF-8
+
+# Dependencies
+RUN apt-get update && \
+  apt-get upgrade -y && \
+  apt-get install -y ca-certificates ca-certificates-java fonts-dejavu && \
+  apt-get clean && \
+  curl https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem -o /usr/local/share/ca-certificates/rds-combined-ca-bundle.pem && \
+  curl https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem -o /usr/local/share/ca-certificates/DigiCertGlobalRootG2.crt.pem && \
+  update-ca-certificates && \
+  mkdir -p /plugins && chmod a+rwx /plugins && \
+  keytool -list -cacerts
+
+# add Metabase jar & add our run script to the image
+COPY ./metabase.jar ./run_metabase.sh /app/
+
+# expose our default runtime port
+EXPOSE 3000
+
+# if you have an H2 database that you want to initialize the new Metabase
+# instance with, mount it in the container as a volume that will match the
+# pattern /app/initial*.db:
+# $ docker run ... -v $PWD/metabase.db.mv.db:/app/initial.db.mv.db ...
+
+# run it
+ENTRYPOINT ["/app/run_metabase.sh"]
--- a/bin/docker/run_metabase.sh
+++ b/bin/docker/run_metabase.sh
 #!/bin/bash
-
 # if nobody manually set a host to listen on then go with all available interfaces and host names
 if [ -z "$MB_JETTY_HOST" ]; then
    export MB_JETTY_HOST=0.0.0.0
@@ -74,7 +73,7 @@ else
    getent group metabase > /dev/null 2>&1
    group_exists=$?
    if [ $group_exists -ne 0 ]; then
-        addgroup -g $MGID -S metabase
+        addgroup --gid $MGID --system metabase
    fi

    # create the user if it does not exist
@@ -82,7 +81,7 @@ else
    id -u metabase > /dev/null 2>&1
    user_exists=$?
    if [[ $user_exists -ne 0 ]]; then
-        adduser -D -u $MUID -G metabase metabase
+        adduser --disabled-password -u $MUID --ingroup metabase metabase
    fi

    db_file=${MB_DB_FILE:-/metabase.db}