From ea031a476abab10d699613dd1f7bc02a2ca3b868 Mon Sep 17 00:00:00 2001 From: Corey Date: Sat, 24 Dec 2022 17:58:26 -0500 Subject: [PATCH 01/11] Create Dockerfile.alpine --- Dockerfile.alpine | 133 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 133 insertions(+) create mode 100644 Dockerfile.alpine diff --git a/Dockerfile.alpine b/Dockerfile.alpine new file mode 100644 index 0000000..4ee3554 --- /dev/null +++ b/Dockerfile.alpine @@ -0,0 +1,133 @@ +FROM postgres:15-alpine3.17 + +LABEL maintainer="Network Reconnaissance Lab baker@cs.uky.edu" + +ENV POSTGIS_VERSION 3.3.2 +ENV POSTGIS_SHA256 2a6858d1df06de1c5f85a5b780773e92f6ba3a5dc09ac31120ac895242f5a77b + +RUN set -eux \ + \ + && if [ $(printf %.1s "$POSTGIS_VERSION") == 3 ]; then \ + set -eux ; \ + # + # using only v3.17 + # + #GEOS: https://pkgs.alpinelinux.org/packages?name=geos&branch=v3.17 \ + export GEOS_ALPINE_VER=3.11 ; \ + #GDAL: https://pkgs.alpinelinux.org/packages?name=gdal&branch=v3.17 \ + export GDAL_ALPINE_VER=3.5 ; \ + #PROJ: https://pkgs.alpinelinux.org/packages?name=proj&branch=v3.17 \ + export PROJ_ALPINE_VER=9.1 ; \ + # + elif [ $(printf %.1s "$POSTGIS_VERSION") == 2 ]; then \ + set -eux ; \ + # + # using older branches v3.13; v3.14 for GEOS,GDAL,PROJ + # + #GEOS: https://pkgs.alpinelinux.org/packages?name=geos&branch=v3.13 \ + export GEOS_ALPINE_VER=3.8 ; \ + #GDAL: https://pkgs.alpinelinux.org/packages?name=gdal&branch=v3.14 \ + export GDAL_ALPINE_VER=3.2 ; \ + #PROJ: https://pkgs.alpinelinux.org/packages?name=proj&branch=v3.14 \ + export PROJ_ALPINE_VER=7.2 ; \ + # + \ + echo 'https://dl-cdn.alpinelinux.org/alpine/v3.14/main' >> /etc/apk/repositories ; \ + echo 'https://dl-cdn.alpinelinux.org/alpine/v3.14/community' >> /etc/apk/repositories ; \ + echo 'https://dl-cdn.alpinelinux.org/alpine/v3.13/main' >> /etc/apk/repositories ; \ + echo 'https://dl-cdn.alpinelinux.org/alpine/v3.13/community' >> /etc/apk/repositories ; \ + \ + else \ + set -eux ; \ + echo ".... unknown \$POSTGIS_VERSION ...." ; \ + exit 1 ; \ + fi \ + \ + && apk add --no-cache --virtual .fetch-deps \ + ca-certificates \ + openssl \ + tar \ + \ + && wget -O postgis.tar.gz "https://github.com/postgis/postgis/archive/${POSTGIS_VERSION}.tar.gz" \ + && echo "${POSTGIS_SHA256} *postgis.tar.gz" | sha256sum -c - \ + && mkdir -p /usr/src/postgis \ + && tar \ + --extract \ + --file postgis.tar.gz \ + --directory /usr/src/postgis \ + --strip-components 1 \ + && rm postgis.tar.gz \ + \ + && apk add --no-cache --virtual .build-deps \ + \ + gdal-dev~=${GDAL_ALPINE_VER} \ + geos-dev~=${GEOS_ALPINE_VER} \ + proj-dev~=${PROJ_ALPINE_VER} \ + \ + autoconf \ + automake \ + clang-dev \ + file \ + g++ \ + gcc \ + gettext-dev \ + json-c-dev \ + libtool \ + libxml2-dev \ + llvm-dev \ + make \ + pcre-dev \ + perl \ + protobuf-c-dev \ + \ +# build PostGIS + \ + && cd /usr/src/postgis \ + && gettextize \ + && ./autogen.sh \ + && ./configure \ + --with-pcredir="$(pcre-config --prefix)" \ + && make -j$(nproc) \ + && make install \ + \ +# regress check + && mkdir /tempdb \ + && chown -R postgres:postgres /tempdb \ + && su postgres -c 'pg_ctl -D /tempdb init' \ + && su postgres -c 'pg_ctl -D /tempdb start' \ + && cd regress \ + && make -j$(nproc) check RUNTESTFLAGS=--extension PGUSER=postgres \ + #&& make -j$(nproc) check RUNTESTFLAGS=--dumprestore PGUSER=postgres \ + #&& make garden PGUSER=postgres \ + \ + && su postgres -c 'psql -c "CREATE EXTENSION IF NOT EXISTS postgis;"' \ + && su postgres -c 'psql -t -c "SELECT version();"' >> /_pgis_full_version.txt \ + && su postgres -c 'psql -t -c "SELECT PostGIS_Full_Version();"' >> /_pgis_full_version.txt \ + \ + && su postgres -c 'pg_ctl -D /tempdb --mode=immediate stop' \ + && rm -rf /tempdb \ + && rm -rf /tmp/pgis_reg \ +# add .postgis-rundeps + && apk add --no-cache --virtual .postgis-rundeps \ + \ + gdal~=${GDAL_ALPINE_VER} \ + geos~=${GEOS_ALPINE_VER} \ + proj~=${PROJ_ALPINE_VER} \ + \ + json-c \ + libstdc++ \ + pcre \ + protobuf-c \ + \ + # ca-certificates: for accessing remote raster files + # fix https://github.com/postgis/docker-postgis/issues/307 + ca-certificates \ +# clean + && cd / \ + && rm -rf /usr/src/postgis \ + && apk del .fetch-deps .build-deps \ +# print PostGIS_Full_Version() for the log. ( experimental & internal ) + && cat /_pgis_full_version.txt + +COPY ./initdb-postgis.sh /docker-entrypoint-initdb.d/10_postgis.sh +COPY ./update-postgis.sh /usr/local/bin From 20cdb3b8d635a666e4a98038fd00381f7b7925a0 Mon Sep 17 00:00:00 2001 From: Corey Date: Sat, 24 Dec 2022 17:59:39 -0500 Subject: [PATCH 02/11] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 8b82919..a54dff6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ FROM postgres:15-bullseye -MAINTAINER Network Reconnaissance Lab +LABEL maintainer="Network Reconnaissance Lab baker@cs.uky.edu" ENV POSTGIS_MAJOR 3 ENV POSTGIS_VERSION 3.3.2+dfsg-1.pgdg110+1 From a8a68d35eb37f63b5a076cd495be8756aff8c7eb Mon Sep 17 00:00:00 2001 From: Corey Date: Sat, 24 Dec 2022 18:24:45 -0500 Subject: [PATCH 03/11] Build alpine --- .github/workflows/build.yml | 47 +++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 46c4345..76dd308 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -70,6 +70,53 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + docker-alpine: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Set up QEMU + id: qemu + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into dockerhub + if: github.event_name != 'pull_request' + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + flavor: | + suffix=alpine,onlatest=true + + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image + uses: docker/build-push-action@v3 + with: + file: Dockerfile.alpine + platforms: linux/amd64, linux/arm64/v8, linux/ppc64le + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + singularity: needs: docker runs-on: ubuntu-latest From 3dc2751abc1603dff0da066c9cb9e9950bf332f5 Mon Sep 17 00:00:00 2001 From: Corey Date: Sat, 24 Dec 2022 18:40:35 -0500 Subject: [PATCH 04/11] Update and rename Dockerfile.alpine to alpine/Dockerfile --- Dockerfile.alpine => alpine/Dockerfile | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) rename Dockerfile.alpine => alpine/Dockerfile (85%) diff --git a/Dockerfile.alpine b/alpine/Dockerfile similarity index 85% rename from Dockerfile.alpine rename to alpine/Dockerfile index 4ee3554..fbfd495 100644 --- a/Dockerfile.alpine +++ b/alpine/Dockerfile @@ -129,5 +129,19 @@ RUN set -eux \ # print PostGIS_Full_Version() for the log. ( experimental & internal ) && cat /_pgis_full_version.txt -COPY ./initdb-postgis.sh /docker-entrypoint-initdb.d/10_postgis.sh -COPY ./update-postgis.sh /usr/local/bin +COPY ../scripts/initdb-postgis.sh /docker-entrypoint-initdb.d/10_postgis.sh +COPY ../scripts/update-postgis.sh /usr/local/bin + +#Install additional scripts. These are run in abc order during initial start +COPY ../scripts/setup-0-pgaudit.sh /docker-entrypoint-initdb.d/setup-0-pgaudit.sh +COPY ../scripts/setup-dbs.sh /docker-entrypoint-initdb.d/setup-dbs.sh +RUN chmod +x /docker-entrypoint-initdb.d/setup-0-pgaudit.sh /docker-entrypoint-initdb.d/setup-dbs.sh + +#Install script for ParseCareKit to be run after first run +RUN mkdir parseScripts +COPY ../scripts/setup-parse-index.sh ./parseScripts/setup-parse-index.sh +RUN chmod +x ./parseScripts/setup-parse-index.sh + +ENV POSTGRES_INITDB_ARGS "--data-checksums" + +CMD ["postgres", "-c", "shared_preload_libraries=pgaudit"] From f70ae061a45ef5e7160fadf9e6101570e4d58f18 Mon Sep 17 00:00:00 2001 From: Corey Date: Sat, 24 Dec 2022 18:41:49 -0500 Subject: [PATCH 05/11] Update build.yml --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 76dd308..a4d7d10 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -111,7 +111,7 @@ jobs: - name: Build and push Docker image uses: docker/build-push-action@v3 with: - file: Dockerfile.alpine + context: alpine/ platforms: linux/amd64, linux/arm64/v8, linux/ppc64le push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} From 2cec75f81fd35341cd0989b2f08d7eb95e845da4 Mon Sep 17 00:00:00 2001 From: Corey Date: Sat, 24 Dec 2022 18:44:24 -0500 Subject: [PATCH 06/11] Update build.yml --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a4d7d10..1afc8ab 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -111,7 +111,7 @@ jobs: - name: Build and push Docker image uses: docker/build-push-action@v3 with: - context: alpine/ + context: alpine/. platforms: linux/amd64, linux/arm64/v8, linux/ppc64le push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} From c4338582c130f916034be3bc945c4e2aa424096a Mon Sep 17 00:00:00 2001 From: Corey Date: Sat, 24 Dec 2022 19:13:45 -0500 Subject: [PATCH 07/11] Update build.yml --- .github/workflows/build.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1afc8ab..be669c9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -111,7 +111,8 @@ jobs: - name: Build and push Docker image uses: docker/build-push-action@v3 with: - context: alpine/. + file: alpine/Dockerfile + context: ./ platforms: linux/amd64, linux/arm64/v8, linux/ppc64le push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} From 38f942bee9f284c8ef34e983d6b157a1a6bd7592 Mon Sep 17 00:00:00 2001 From: Corey Date: Sat, 24 Dec 2022 20:30:04 -0500 Subject: [PATCH 08/11] Update build.yml --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index be669c9..c76ad9b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -113,7 +113,7 @@ jobs: with: file: alpine/Dockerfile context: ./ - platforms: linux/amd64, linux/arm64/v8, linux/ppc64le + platforms: linux/amd64, linux/arm64/v8 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} From d62389545a8d43625786b85870866b8223a1448a Mon Sep 17 00:00:00 2001 From: Corey Date: Sat, 24 Dec 2022 21:00:37 -0500 Subject: [PATCH 09/11] deactivate JIT for buildx This docker file is courtesy of the postgis repo --- alpine/Dockerfile | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/alpine/Dockerfile b/alpine/Dockerfile index fbfd495..95d2de3 100644 --- a/alpine/Dockerfile +++ b/alpine/Dockerfile @@ -90,11 +90,32 @@ RUN set -eux \ && make -j$(nproc) \ && make install \ \ +# buildx platform check for debug. + && uname -a && uname -m && cat /proc/cpuinfo \ + \ # regress check && mkdir /tempdb \ && chown -R postgres:postgres /tempdb \ && su postgres -c 'pg_ctl -D /tempdb init' \ - && su postgres -c 'pg_ctl -D /tempdb start' \ + \ + # QEMU7.0/BUILDX - JIT workaround + && if [[ "$(uname -m)" == "aarch64" && "15" != "10" ]] || \ + [[ "$(uname -m)" == "ppc64le" && "15" != "10" ]]; then \ + set -eux \ + # for the buildx/qemu workflow + # with (aarch64 ppc64le) and PG>10 .. we are testing with JIT=OFF to avoid QEMU7.0/BUILDX error + && echo "WARNING: JIT=OFF testing (aarch64 ppc64le)!" \ + && echo "## WARNING: tested with JIT=OFF (aarch64 ppc64le)!" >> /_pgis_full_version.txt \ + && su postgres -c 'pg_ctl -o "--jit=off" -D /tempdb start' \ + && su postgres -c 'psql -c "SHOW JIT;"' \ + ; \ + else \ + set -eux \ + # default test .. no problem expected. + && su postgres -c 'pg_ctl -D /tempdb start' \ + ; \ + fi \ + \ && cd regress \ && make -j$(nproc) check RUNTESTFLAGS=--extension PGUSER=postgres \ #&& make -j$(nproc) check RUNTESTFLAGS=--dumprestore PGUSER=postgres \ From 29fe5d85f6724f364880658f7fcc2c3f70dc8d16 Mon Sep 17 00:00:00 2001 From: Corey Date: Sat, 24 Dec 2022 22:02:49 -0500 Subject: [PATCH 10/11] Update build.yml --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c76ad9b..f48f2fd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -113,7 +113,7 @@ jobs: with: file: alpine/Dockerfile context: ./ - platforms: linux/amd64, linux/arm64/v8 + platforms: linux/arm64/v8, linux/ppc64le push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} From df6733b1ca8738a8df4efa15a1a5060099f3610d Mon Sep 17 00:00:00 2001 From: Corey Date: Sat, 24 Dec 2022 22:17:17 -0500 Subject: [PATCH 11/11] Update build.yml --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f48f2fd..86a8ecd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -113,7 +113,7 @@ jobs: with: file: alpine/Dockerfile context: ./ - platforms: linux/arm64/v8, linux/ppc64le + platforms: linux/arm64/v8 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }}