diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 0000000..d5acdb7 --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,32 @@ +name: Docker + +on: + workflow_dispatch: + inputs: + tag: + description: 'Image tag to build' + required: true + type: string + default: 0.0.1 + +jobs: + build-image: + runs-on: ubuntu-latest + steps: + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to ghcr + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push image + run: | + ./build.sh ${{ github.event.inputs.tag }} ${{ secrets.GITHUB_TOKEN }} diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..11b6e09 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,38 @@ +ARG metabase_repo=metabase +# Feed in version number from bash script +ARG metabase_version +ARG metabase_version=v0.45.3 +FROM metabase/${metabase_repo}:${metabase_version} as metabase + +FROM ubuntu:22.04 + +ENV FC_LANG en-US LC_CTYPE en_US.UTF-8 + +# dependencies +RUN apt-get update -y && apt-get upgrade -y && apt-get install -y --no-install-recommends bash fonts-dejavu-core fonts-dejavu-extra fontconfig curl openjdk-11-jre-headless && \ + mkdir -p /app/certs && \ + curl https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem -o /app/certs/rds-combined-ca-bundle.pem && \ + keytool -noprompt -import -trustcacerts -alias aws-rds -file /app/certs/rds-combined-ca-bundle.pem -keystore /etc/ssl/certs/java/cacerts -keypass changeit -storepass changeit && \ + curl https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem -o /app/certs/DigiCertGlobalRootG2.crt.pem && \ + keytool -noprompt -import -trustcacerts -alias azure-cert -file /app/certs/DigiCertGlobalRootG2.crt.pem -keystore /etc/ssl/certs/java/cacerts -keypass changeit -storepass changeit && \ + mkdir -p /plugins && chmod a+rwx /plugins && \ + useradd --shell /bin/bash metabase && \ + apt-get purge -y curl && \ + apt-get -y autoremove && \ + apt-get -y clean && \ + rm -rf /var/lib/{apt,dpkg,cache,log}/ + + + +WORKDIR /app + +# copy app from the official image +COPY --from=metabase --chown=metabase /app /app +RUN chown metabase /app + +USER metabase +# expose our default runtime port +EXPOSE 3000 + +# run it +ENTRYPOINT ["/app/run_metabase.sh"] \ No newline at end of file diff --git a/build.sh b/build.sh new file mode 100644 index 0000000..3029bee --- /dev/null +++ b/build.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +TAG=$1 +GITHUB_TOKEN=$2 + +if [ "${TAG}" == "" ]; then + echo "TAG is required. Try TAG=your-tag $0" + exit 1 +fi + +docker buildx build --platform linux/arm64,linux/amd64 --build-arg GITHUB_TOKEN="${GITHUB_TOKEN}" --push -t ghcr.io/risingwavelabs/risingwave-metabase:"${TAG}" .