diff --git a/.github/workflows/uberjar.yml b/.github/workflows/uberjar.yml
index 9fa4fefc940e8ee8ff2ab4cd0d5af2b5452d4fae..9340278f48f9e3b2e540c70992ccf589d2e14097 100644
--- a/.github/workflows/uberjar.yml
+++ b/.github/workflows/uberjar.yml
@@ -186,3 +186,75 @@ jobs:
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'
+
+ containerize_multi_arch:
+ runs-on: ubuntu-22.04
+ name: Containerize multi-arch ${{ matrix.edition }}
+ if: ${{ github.ref_name == 'master' }}
+ needs: check_jar_health
+ strategy:
+ matrix:
+ edition: [ee, oss]
+ services:
+ registry:
+ image: registry:2
+ ports:
+ - 5000:5000
+ steps:
+ - name: Extract and clean branch name
+ shell: bash
+ run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/} | sed 's/[^-._a-zA-Z0-9]/-/g')"
+ id: extract_branch
+ - name: Check out the code (Dockerfile needed)
+ uses: actions/checkout@v3
+ with:
+ ref: ${{ github.event.inputs.commit }}
+ - name: Download uploaded artifacts to insert into container
+ uses: actions/download-artifact@v3
+ with:
+ name: metabase-${{ matrix.edition }}-uberjar
+ path: bin/docker/
+ - name: Move the ${{ matrix.edition }} uberjar to the context dir
+ run: mv bin/docker/target/uberjar/metabase.jar bin/docker/.
+ # We need it for multi-arch build
+ - name: Set up QEMU
+ uses: docker/setup-qemu-action@v2
+ with:
+ platforms: 'arm64'
+ - name: Set up Docker Buildx
+ id: buildx
+ uses: docker/setup-buildx-action@v1
+ with:
+ driver-opts: network=host
+ # Build experimental ubuntu-based images only for master
+ - name: Build ${{ matrix.edition }} Ubuntu based multi-arch container
+ uses: docker/build-push-action@v2
+ with:
+ context: bin/docker/.
+ platforms: linux/amd64,linux/arm64
+ file: bin/docker/Dockerfile_ubuntu
+ network: host
+ tags: localhost:5000/metabase-dev:${{ steps.extract_branch.outputs.branch }}-${{ matrix.edition }}-ubuntu
+ no-cache: true
+ push: true
+ - name: Launch ${{ matrix.edition }} Ubuntu based container
+ run: docker run --rm -dp 3001:3000 localhost:5000/metabase-dev:${{ steps.extract_branch.outputs.branch }}-${{ matrix.edition }}-ubuntu
+ timeout-minutes: 5
+ - name: Is Docker with Ubuntu running?
+ run: docker ps
+ - name: Wait for Ubuntu-based Metabase container to start and reach 100% health
+ run: while ! curl -s 'http://localhost:3001/api/health' | grep '{"status":"ok"}'; do sleep 1; done
+ timeout-minutes: 3
+ - name: Login to Docker Hub
+ uses: docker/login-action@v1
+ with:
+ username: ${{ secrets.DOCKERHUB_USERNAME }}
+ password: ${{ secrets.DOCKERHUB_TOKEN }}
+ # Push experimental ubuntu image only for versions based on a master
+ - name: Retag and push ubuntu-based images if master (ee)
+ if: ${{ matrix.edition == 'ee' }}
+ run: docker tag localhost:5000/metabase-dev:${{ steps.extract_branch.outputs.branch }}-ee-ubuntu metabase/metabase-enterprise-head-ubuntu:latest && docker push metabase/metabase-enterprise-head-ubuntu:latest
+
+ - name: Retag and push ubuntu-based images if master (oss)
+ if: ${{ matrix.edition == 'oss' }}
+ run: docker tag localhost:5000/metabase-dev:${{ steps.extract_branch.outputs.branch }}-oss-ubuntu metabase/metabase-head-ubuntu:latest && docker push metabase/metabase-head-ubuntu:latest
diff --git a/bin/docker/Dockerfile_ubuntu b/bin/docker/Dockerfile_ubuntu
new file mode 100644
index 0000000000000000000000000000000000000000..c83ba1b7bded069f16c709de90876237388bed56
--- /dev/null
+++ b/bin/docker/Dockerfile_ubuntu
@@ -0,0 +1,28 @@
+FROM eclipse-temurin:11-jre-jammy as runner
+
+ENV FC_LANG=en-US LC_CTYPE=en_US.UTF-8
+
+# Dependencies
+RUN apt-get update && \
+ apt-get upgrade -y && \
+ apt-get install -y ca-certificates ca-certificates-java fonts-dejavu && \
+ apt-get clean && \
+ curl https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem -o /usr/local/share/ca-certificates/rds-combined-ca-bundle.pem && \
+ curl https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem -o /usr/local/share/ca-certificates/DigiCertGlobalRootG2.crt.pem && \
+ update-ca-certificates && \
+ mkdir -p /plugins && chmod a+rwx /plugins && \
+ keytool -list -cacerts
+
+# add Metabase jar & add our run script to the image
+COPY ./metabase.jar ./run_metabase.sh /app/
+
+# expose our default runtime port
+EXPOSE 3000
+
+# if you have an H2 database that you want to initialize the new Metabase
+# instance with, mount it in the container as a volume that will match the
+# pattern /app/initial*.db:
+# $ docker run ... -v $PWD/metabase.db.mv.db:/app/initial.db.mv.db ...
+
+# run it
+ENTRYPOINT ["/app/run_metabase.sh"]
diff --git a/bin/docker/run_metabase.sh b/bin/docker/run_metabase.sh
index 44b47863311864508d5cb0c51b8257b8156990a5..6df941779df5c29278bcdbf6544a3bbb8c2b9154 100755
--- a/bin/docker/run_metabase.sh
+++ b/bin/docker/run_metabase.sh
@@ -1,5 +1,4 @@
#!/bin/bash
-
# if nobody manually set a host to listen on then go with all available interfaces and host names
if [ -z "$MB_JETTY_HOST" ]; then
export MB_JETTY_HOST=0.0.0.0
@@ -74,7 +73,7 @@ else
getent group metabase > /dev/null 2>&1
group_exists=$?
if [ $group_exists -ne 0 ]; then
- addgroup -g $MGID -S metabase
+ addgroup --gid $MGID --system metabase
fi
# create the user if it does not exist
@@ -82,7 +81,7 @@ else
id -u metabase > /dev/null 2>&1
user_exists=$?
if [[ $user_exists -ne 0 ]]; then
- adduser -D -u $MUID -G metabase metabase
+ adduser --disabled-password -u $MUID --ingroup metabase metabase
fi
db_file=${MB_DB_FILE:-/metabase.db}