diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 77cd6a28..99e94755 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -21,10 +21,13 @@ jobs: docker_pkg: - debian - alpine - - distroless optional_deps: - true - false + include: + - os: ubuntu-latest + docker_pkg: distroless + optional_deps: false steps: - name: Checkout uses: actions/checkout@v2 @@ -65,9 +68,9 @@ jobs: VERSION="${VERSION}-alpine" VERSION_SLIM="${VERSION}-slim" DOCKERFILE=Dockerfile.alpine - fi - if [[ $DOCKER_PKG == distroless ]]; then - VERSION_SLIM="${VERSION}-distroless-slim" + elif [[ $DOCKER_PKG == distroless ]]; then + VERSION="${VERSION}-distroless" + VERSION_SLIM="${VERSION}-slim" DOCKERFILE=Dockerfile.distroless fi DOCKER_IMAGES=("drakkan/sftpgo" "ghcr.io/drakkan/sftpgo") @@ -89,9 +92,11 @@ jobs: TAGS_SLIM="${TAGS_SLIM},${DOCKER_IMAGE}:slim" elif [[ $DOCKER_PKG == distroless ]]; then if [[ -n $MAJOR && -n $MINOR ]]; then + TAGS="${TAGS},${DOCKER_IMAGE}:${MINOR}-distroless,${DOCKER_IMAGE}:${MAJOR}-distroless" TAGS_SLIM="${TAGS_SLIM},${DOCKER_IMAGE}:${MINOR}-distroless-slim,${DOCKER_IMAGE}:${MAJOR}-distroless-slim" fi - TAGS_SLIM="${TAGS_SLIM},${DOCKER_IMAGE}:slim" + TAGS="${TAGS},${DOCKER_IMAGE}:distroless" + TAGS_SLIM="${TAGS_SLIM},${DOCKER_IMAGE}:distroless-slim" else if [[ -n $MAJOR && -n $MINOR ]]; then TAGS="${TAGS},${DOCKER_IMAGE}:${MINOR}-alpine,${DOCKER_IMAGE}:${MAJOR}-alpine" @@ -104,14 +109,9 @@ jobs: done if [[ $OPTIONAL_DEPS == true ]]; then - if [[ $DOCKER_PKG != distroless ]]; then - echo ::set-output name=version::${VERSION} - echo ::set-output name=tags::${TAGS} - echo ::set-output name=full::true - else - # skip for distroless no slim - echo ::set-output name=skip_build_and_push_step::true - fi + echo ::set-output name=version::${VERSION} + echo ::set-output name=tags::${TAGS} + echo ::set-output name=full::true else echo ::set-output name=version::${VERSION_SLIM} echo ::set-output name=tags::${TAGS_SLIM} @@ -167,6 +167,4 @@ jobs: org.opencontainers.image.version=${{ steps.info.outputs.version }} org.opencontainers.image.created=${{ steps.info.outputs.created }} org.opencontainers.image.revision=${{ github.sha }} - org.opencontainers.image.licenses=${{ fromJson(steps.repo.outputs.result).license.spdx_id }} - # skip for distroless no slim - if: ${{ steps.info.outputs.skip_build_and_push_step != 'true' }} + org.opencontainers.image.licenses=${{ fromJson(steps.repo.outputs.result).license.spdx_id }} \ No newline at end of file diff --git a/Dockerfile.distroless b/Dockerfile.distroless index 4b880b38..e27cdbd7 100644 --- a/Dockerfile.distroless +++ b/Dockerfile.distroless @@ -13,8 +13,8 @@ RUN go mod download ARG COMMIT_SHA # This ARG allows to disable some optional features and it might be useful if you build the image yourself. -# For example you can disable S3 and GCS support like this: -# --build-arg FEATURES=nos3,nogcs +# For this variant we disable SQLite support since it requires CGO and so a C runtime which is not installed +# in distroless/static-* images ARG FEATURES=nosqlite COPY . . @@ -48,6 +48,10 @@ ENV SFTPGO_LOG_FILE_PATH="" # templates and static paths are inside the container ENV SFTPGO_HTTPD__TEMPLATES_PATH=/usr/share/sftpgo/templates ENV SFTPGO_HTTPD__STATIC_FILES_PATH=/usr/share/sftpgo/static +# These env vars are required to avoid the following error when calling user.Current(): +# unable to get the current user: user: Current requires cgo or $USER set in environment +ENV USER=sftpgo +ENV HOME=/var/lib/sftpgo WORKDIR /var/lib/sftpgo USER 1000:1000 diff --git a/docker/README.md b/docker/README.md index bd1e48a4..62f2cda9 100644 --- a/docker/README.md +++ b/docker/README.md @@ -88,7 +88,7 @@ The logs are available through Docker's container log: docker logs some-sftpgo ``` -**Note:** [distroless](../Dockerfile.distroless) image contains only application and its runtime dependencies. Shell access is not available on this image. +**Note:** [distroless](../Dockerfile.distroless) image contains only a statically linked sftpgo binary and its minimal runtime dependencies. Shell is not available on this image. ### Where to Store Data @@ -169,11 +169,11 @@ RUN chown -R 1100:1100 /etc/sftpgo && chown 1100:1100 /var/lib/sftpgo /srv/sftpg USER 1100:1100 ``` -**Note:** the above Dockerfile will not work for [distroless](../Dockerfile.distroless) image since the `chown` command is not available there. +**Note:** the above Dockerfile will not work if you use the [distroless](../Dockerfile.distroless) image as base since the `chown` command is not available there. ## Image Variants -The `sftpgo` images comes in many flavors, each designed for a specific use case. The `edge` and `edge-alpine`tags are updated after each new commit. +The `sftpgo` images comes in many flavors, each designed for a specific use case. The `edge`, `edge-slim`, `edge-alpine`, `edge-alpine-slim` and `edge-distroless-slim` tags are updated after each new commit. ### `sftpgo:` @@ -189,9 +189,10 @@ This variant is highly recommended when final image size being as small as possi This image is based on the popular [Distroless project](https://github.com/GoogleContainerTools/distroless). We use the latest Debian based distroless image as base. -Distroless image contains only application and its runtime dependencies and so it doesn't allow shell access (no shell is installed). -SQLite support is disabled since it requires CGO and so a C runtime. We use a statically linked SFTPGo binary here. -The default data-provider is `bolt`, all the supported data providers expect `sqlite` work. +Distroless variant contains only a statically linked sftpgo binary and its minimal runtime dependencies and so it doesn't allow shell access (no shell is installed). +SQLite support is disabled since it requires CGO and so a C runtime which is not installed. +The default data provider is `bolt`, all the supported data providers expect `sqlite` work. +We only provide the slim variant and so the optional `git` and `rsync` dependencies are not available. ### `sftpgo:-slim`