From 0d1736d7f73637b9541f02193c34506bd8056bf2 Mon Sep 17 00:00:00 2001 From: Lxeon <1277454443@qq.com> Date: Mon, 4 Aug 2025 21:25:49 +0800 Subject: [PATCH] Docker: Image optimization (#111) --- .github/workflows/build-docker-images.yaml | 59 --------- .github/workflows/build.yaml | 138 +++++++++++++++++++++ README.md | 6 +- docker/Dockerfile | 10 +- 4 files changed, 146 insertions(+), 67 deletions(-) delete mode 100644 .github/workflows/build-docker-images.yaml diff --git a/.github/workflows/build-docker-images.yaml b/.github/workflows/build-docker-images.yaml deleted file mode 100644 index 3d1b3a6..0000000 --- a/.github/workflows/build-docker-images.yaml +++ /dev/null @@ -1,59 +0,0 @@ -name: Build Docker images and push - -on: - workflow_run: - workflows: ["Build"] - types: - - completed - workflow_dispatch: - -jobs: - release: - runs-on: ubuntu-latest - if: > - (github.event_name == 'workflow_run' && - github.event.workflow_run.conclusion == 'success' && - github.event.workflow_run.event == 'release') || - github.event_name == 'workflow_dispatch' - strategy: - matrix: - include: - - arch: amd64 - docker_arch: x86_64 - - arch: arm64 - docker_arch: arm64 - steps: - - uses: actions/checkout@v4 - - uses: docker/setup-buildx-action@v3 - - name: Get release version - id: vars - run: | - LATEST_TAG=$(curl -s https://api.github.com/repos/heiher/natmap/releases/latest | jq -r .tag_name) - if [ -z "$LATEST_TAG" ]; then - LATEST_TAG="master" - fi - echo "version=$LATEST_TAG" >> $GITHUB_OUTPUT - echo "Using version: $LATEST_TAG" - - - name: Login GitHub Packages Docker Image Repository - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Set lowercase owner name - run: echo "REPO_OWNER_LC=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV - - - uses: docker/build-push-action@v5 - with: - context: . - file: ./docker/Dockerfile - push: true - platforms: linux/${{ matrix.arch }} - build-args: | - VERSION=${{ steps.vars.outputs.version }} - ARCH=${{ matrix.docker_arch }} - tags: | - ghcr.io/${{ env.REPO_OWNER_LC }}/natmap:${{ steps.vars.outputs.version }}-${{ matrix.arch }} - ghcr.io/${{ env.REPO_OWNER_LC }}/natmap:latest-${{ matrix.arch }} \ No newline at end of file diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index b25444e..75f4a1e 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -275,3 +275,141 @@ jobs: - name: Build run: | make CC=clang ENABLE_STATIC=1 -j`nproc` + + docker-prepare: + needs: linux + runs-on: ubuntu-latest + outputs: + repo_name_lc: ${{ steps.set-repo.outputs.repo_name_lc }} + steps: + - name: Set lowercase repo name + id: set-repo + run: | + REPO_NAME_LC=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]') + echo "repo_name_lc=$REPO_NAME_LC" >> $GITHUB_OUTPUT + + docker-build-and-push: + needs: docker-prepare + runs-on: ubuntu-latest + strategy: + matrix: + include: + - arch: amd64 + natmap_arch: x86_64 + - arch: arm64 + natmap_arch: arm64 + - arch: arm + natmap_arch: arm32v7 + - arch: riscv64 + natmap_arch: riscv64 + - arch: s390x + natmap_arch: s390x + steps: + - uses: actions/checkout@v4 + + - uses: docker/setup-buildx-action@v3 + with: + driver: docker-container + platforms: linux/${{ matrix.arch }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Download built arch artifacts + uses: actions/download-artifact@v4 + with: + pattern: natmap-linux-${{matrix.natmap_arch}} + path: ./tmp/artifact + + - name: Build and push platform-specific image + id: build + uses: docker/build-push-action@v5 + with: + context: . + file: ./docker/Dockerfile + platforms: linux/${{ matrix.arch }} + outputs: type=image,name=ghcr.io/${{ needs.docker-prepare.outputs.repo_name_lc }},push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' }} + build-args: | + NATMAP_ARCH=${{ matrix.natmap_arch }} + provenance: false + sbom: false + + - name: Export Digest + if: github.event_name != 'pull_request' + run: | + mkdir -p /tmp/digests + digest="${{ steps.build.outputs.digest }}" + touch "/tmp/digests/${digest#sha256:}" + ls -l /tmp/digests/ + + - name: Upload Digest + uses: actions/upload-artifact@v4 + if: github.event_name != 'pull_request' + with: + name: docker-digest-${{ matrix.arch }} + path: /tmp/digests/* + if-no-files-found: error + retention-days: 1 + + docker-merge: + needs: [docker-prepare, docker-build-and-push] + runs-on: ubuntu-latest + if: github.event_name != 'pull_request' + steps: + - name: Download Digests + uses: actions/download-artifact@v4 + with: + path: /tmp/digests + pattern: docker-digest-* + merge-multiple: true + + - name: Prepare Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Format Docker Image Meta + uses: docker/metadata-action@v5 + id: docker_meta + with: + images: ghcr.io/${{ needs.docker-prepare.outputs.repo_name_lc }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=raw,value=nightly,enable={{is_default_branch}} + type=ref,event=tag + - name: Create Manifest List and Push + working-directory: /tmp/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf 'ghcr.io/${{ needs.docker-prepare.outputs.repo_name_lc }}@sha256:%s ' *) + - name: Inspect image + run: | + docker buildx imagetools inspect ghcr.io/${{ needs.docker-prepare.outputs.repo_name_lc }}:${{ steps.docker_meta.outputs.version }} + + - name: Delete current run's built artifacts + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + RUN_ID: ${{ github.run_id }} + run: | + sudo apt-get update && sudo apt-get install -y gh + echo "Deleting docker-digests artifacts for run ID: $RUN_ID" + + gh api \ + "repos/${{ github.repository }}/actions/runs/$RUN_ID/artifacts" \ + -q '.artifacts[] | select(.name | startswith("docker-digest")) | .id' | + while read ARTIFACT_ID; do + echo "Deleting artifact ID: $ARTIFACT_ID" + gh api --method DELETE "repos/${{ github.repository }}/actions/artifacts/$ARTIFACT_ID" + done diff --git a/README.md b/README.md index 7a87d80..c0290f4 100644 --- a/README.md +++ b/README.md @@ -171,8 +171,8 @@ ports for easy distribution through DNS AAAA records. ### Docker -* Support **amd64** and **arm64**. -* image tags: latest-amd64, latest-arm64 or [release tags]-amd64 like 20250512-amd64 +* Support **amd64**, **arm64**, **arm**, **riscv64**, **s390x**. +* image tags: latest, [release tags] like 20250512 * Change command to what you want. * volumes script path, and make sure have permission to run. @@ -181,7 +181,7 @@ docker-compose.yml services: natmap: container_name: natmap - image: heiher/natmap:latest-amd64 + image: ghcr.io/heiher/natmap:latest command: -u -s stun.qq.com -b 30101 -t 127.0.0.1 -p 51820 -e /opt/cf_ip4p.sh -k 60 volumes: - ./natmap/cf_ip4p.sh:/opt/cf_ip4p.sh diff --git a/docker/Dockerfile b/docker/Dockerfile index 3acdaa5..849a02f 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,14 +1,14 @@ FROM ubuntu:latest -ARG VERSION -ARG ARCH +ARG NATMAP_ARCH + +LABEL org.opencontainers.image.source="https://github.com/heiher/natmap" RUN apt update \ && apt upgrade -y \ && apt install -y curl WORKDIR /opt - -ADD https://github.com/heiher/natmap/releases/download/${VERSION}/natmap-linux-${ARCH} /opt/natmap +COPY ./tmp/artifact/natmap-linux-${NATMAP_ARCH}/natmap-linux-${NATMAP_ARCH} /opt/natmap RUN chmod +x /opt/natmap -ENTRYPOINT ["/opt/natmap"] +ENTRYPOINT ["/opt/natmap"] \ No newline at end of file