Merge pull request #4 from coreweave/mc/bump-versions

.gitlab-ci.yaml

@@ -0,0 +1,38 @@
+default:
+  image:
+    name: $KANIKO_IMAGE
+    entrypoint: [ "" ]
+  tags:
+    - ord1-tenant
+
+stages:
+  - build
+
+variables:
+  REF_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
+  FIXED_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA
+  DOCKERFILE: $CI_PROJECT_DIR/Dockerfile
+
+  KANIKO_IMAGE: gcr.io/kaniko-project/executor:debug
+
+  # cache
+  CACHE_REGISTRY_HOST: 'kaniko-cache-docker-registry.kaniko.svc'
+  CACHE_REGISTRY_PORT: '5000'
+  CACHE_REGISTRY_REPO: "${CACHE_REGISTRY_HOST}:${CACHE_REGISTRY_PORT}/${CI_PROJECT_NAME}/${CI_JOB_NAME}/cache"
+  CACHE_PROXY: 'http://193.25.126.17:3128'
+  KANIKO_ADDTL_ARGS: "--cache=true --cache-copy-layers=true --cache-repo=${CACHE_REGISTRY_REPO} --skip-tls-verify --insecure"
+
+build-image:
+  stage: build
+  before_script:
+    - export HTTP_PROXY=${CACHE_PROXY}
+    - export NO_PROXY=${CACHE_REGISTRY_HOST}
+    - mkdir -p /kaniko/.docker
+    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
+  script: |-
+    /kaniko/executor \
+      $KANIKO_ADDTL_ARGS \
+      --context $CI_PROJECT_DIR \
+      --dockerfile $CI_PROJECT_DIR/Dockerfile \
+      --destination $REF_IMAGE \
+      --destination $FIXED_IMAGE

Dockerfile

@@ -1,147 +1,54 @@
-FROM alpine:3.12
-
-LABEL maintainer="NGINX Docker Maintainers <docker-maint@nginx.com>"
-
-ENV NGINX_VERSION 1.21.1
-
-RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \
-	&& CONFIG="\
-		--prefix=/etc/nginx \
-		--sbin-path=/usr/sbin/nginx \
-		--modules-path=/usr/lib/nginx/modules \
-		--conf-path=/etc/nginx/nginx.conf \
-		--error-log-path=/var/log/nginx/error.log \
-		--http-log-path=/var/log/nginx/access.log \
-		--pid-path=/var/run/nginx.pid \
-		--lock-path=/var/run/nginx.lock \
-		--http-client-body-temp-path=/var/cache/nginx/client_temp \
-		--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
-		--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
-		--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
-		--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
-		--user=nginx \
-		--group=nginx \
-		--with-http_ssl_module \
-		--with-http_realip_module \
-		--with-http_addition_module \
-		--with-http_sub_module \
-		--with-http_dav_module \
-		--with-http_flv_module \
-		--with-http_mp4_module \
-		--with-http_gunzip_module \
-		--with-http_gzip_static_module \
-		--with-http_random_index_module \
-		--with-http_secure_link_module \
-		--with-http_stub_status_module \
-		--with-http_auth_request_module \
-		--with-http_xslt_module=dynamic \
-		--with-http_image_filter_module=dynamic \
-		--with-http_geoip_module=dynamic \
-		--with-threads \
-		--with-stream \
-		--with-stream_ssl_module \
-		--with-stream_ssl_preread_module \
-		--with-stream_realip_module \
-		--with-stream_geoip_module=dynamic \
-		--with-http_slice_module \
-		--with-mail \
-		--with-mail_ssl_module \
-		--with-compat \
-		--with-file-aio \
-		--with-http_v2_module \
-		--add-module=../mod_zip-1.2.0 \
-	" \
-	&& addgroup -S nginx \
-	&& adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \
-	&& apk add --no-cache --virtual .build-deps \
-		gcc \
-		libc-dev \
-		make \
-		openssl-dev \
-		pcre-dev \
-		zlib-dev \
-		linux-headers \
-		curl \
-		gnupg \
-		libxslt-dev \
-		gd-dev \
-		geoip-dev \
-	&& curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \
-	&& curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc  -o nginx.tar.gz.asc \
-	&& curl -fSL https://github.com/evanmiller/mod_zip/archive/1.2.0.tar.gz -o mod_zip-1.2.0.tar.gz \
-	&& export GNUPGHOME="$(mktemp -d)" \
-	&& found=''; \
-	for server in \
-		ha.pool.sks-keyservers.net \
-		hkp://keyserver.ubuntu.com:80 \
-		hkp://p80.pool.sks-keyservers.net:80 \
-		pgp.mit.edu \
-	; do \
-		echo "Fetching GPG key $GPG_KEYS from $server"; \
-		gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \
-	done; \
-	test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \
-	gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \
-	&& rm -r "$GNUPGHOME" nginx.tar.gz.asc \
-	&& mkdir -p /usr/src \
-	&& tar -zxC /usr/src -f nginx.tar.gz \
-	&& tar -zxC /usr/src -f mod_zip-1.2.0.tar.gz \
-	&& rm nginx.tar.gz mod_zip-1.2.0.tar.gz \
-	&& cd /usr/src/nginx-$NGINX_VERSION \
-	&& ./configure $CONFIG --with-debug \
-	&& make -j$(getconf _NPROCESSORS_ONLN) \
-	&& mv objs/nginx objs/nginx-debug \
-	&& mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \
-	&& mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \
-	&& mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \
-	&& mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \
-	&& ./configure $CONFIG \
-	&& make -j$(getconf _NPROCESSORS_ONLN) \
-	&& make install \
-	&& rm -rf /etc/nginx/html/ \
-	&& mkdir /etc/nginx/conf.d/ \
-	&& mkdir -p /usr/share/nginx/html/ \
-	&& install -m644 html/index.html /usr/share/nginx/html/ \
-	&& install -m644 html/50x.html /usr/share/nginx/html/ \
-	&& install -m755 objs/nginx-debug /usr/sbin/nginx-debug \
-	&& install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \
-	&& install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \
-	&& install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \
-	&& install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \
-	&& ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \
-	&& strip /usr/sbin/nginx* \
-	&& strip /usr/lib/nginx/modules/*.so \
-	&& rm -rf /usr/src/nginx-$NGINX_VERSION \
-	\
-	# Bring in gettext so we can get `envsubst`, then throw
-	# the rest away. To do this, we need to install `gettext`
-	# then move `envsubst` out of the way so `gettext` can
-	# be deleted completely, then move `envsubst` back.
-	&& apk add --no-cache --virtual .gettext gettext \
-	&& mv /usr/bin/envsubst /tmp/ \
-	\
-	&& runDeps="$( \
-		scanelf --needed --nobanner --format '%n#p' /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \
-			| tr ',' '\n' \
-			| sort -u \
-			| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
-	)" \
-	&& apk add --no-cache --virtual .nginx-rundeps $runDeps \
-	&& apk del .build-deps \
-	&& apk del .gettext \
-	&& mv /tmp/envsubst /usr/local/bin/ \
-	\
-	# forward request and error logs to docker log collector
-	&& ln -sf /dev/stdout /var/log/nginx/access.log \
-	&& ln -sf /dev/stderr /var/log/nginx/error.log
-
-COPY nginx.conf.template /etc/nginx/templates/nginx.conf.template
-
-EXPOSE 80
-
-STOPSIGNAL SIGTERM
-
-COPY entrypoint.sh .
-ENTRYPOINT ["./entrypoint.sh"]
-
-CMD ["nginx", "-g", "daemon off;"]
+FROM debian:stable AS builder
+
+LABEL maintainer="Matt Campbell <mcampbell@coreweave.com>"
+
+ARG MOD_ZIP_VERSION=5b2604b3914f87db2077f2239b8a98b66cf622af
+ARG NGINX_VERSION=1.23.1
+ARG build_dir="/usr/share/tmp"
+ARG nginx_module_dir="/usr/local/nginx/modules/"
+ARG USER=1001
+
+# Setup
+RUN apt-get update
+RUN apt-get install -y --no-install-recommends \
+  ca-certificates \
+  wget \
+  git \
+  build-essential \
+  libpcre3-dev \
+  zlib1g-dev \
+  libzstd-dev
+RUN mkdir -p ${build_dir}
+
+# Download NGINX
+RUN cd ${build_dir} \
+  && wget https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz \
+  && tar zxf nginx-${NGINX_VERSION}.tar.gz \
+  && rm nginx-${NGINX_VERSION}.tar.gz
+
+# Download Modules
+RUN cd ${build_dir} \
+  && git clone --recursive https://github.com/evanmiller/mod_zip mod_zip \
+    && cd mod_zip \
+    && git checkout $MOD_ZIP_VERSION
+
+# Install modules
+RUN cd ${build_dir}/nginx-${NGINX_VERSION} \
+  && ./configure --with-compat \
+  --add-dynamic-module=../mod_zip \
+  && make && make install
+
+# Move compiled modules
+RUN chmod -R 644 ${nginx_module_dir}
+
+FROM nginxinc/nginx-unprivileged:1.23.1
+ARG USER
+ARG nginx_module_dir="/usr/local/nginx/modules/"
+COPY --from=builder ${nginx_module_dir}/ngx_http_zip_module.so /etc/nginx/modules/
+RUN sed -i '1iload_module "modules/ngx_http_zip_module.so";' /etc/nginx/nginx.conf
+
+USER root
+
+RUN chmod 0777 /var/cache/nginx/
+
+USER $USER