diff --git a/.github/docker/.gitignore b/.github/docker/.gitignore new file mode 100644 index 00000000000..567609b1234 --- /dev/null +++ b/.github/docker/.gitignore @@ -0,0 +1 @@ +build/ diff --git a/.github/docker/Makefile b/.github/docker/Makefile new file mode 100644 index 00000000000..2199f5da9f7 --- /dev/null +++ b/.github/docker/Makefile @@ -0,0 +1,56 @@ +SERVER_VERSION ?= 1.29.1 +CLI_VERSION ?= 1.5.0 +TCTL_VERSION ?= 1.18.4 +IMAGE_REPO ?= temporaliotest +TAG_LATEST ?= false + +TEMPORAL_SHA := $(shell git rev-parse HEAD) +IMAGE_SHA_TAG := $(shell git rev-parse --short HEAD) +IMAGE_BRANCH_TAG := $(shell git rev-parse --abbrev-ref HEAD) +ALPINE_IMAGE ?= alpine:3.22@sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412 + +BAKE_ENV := SERVER_VERSION=$(SERVER_VERSION) \ + CLI_VERSION=$(CLI_VERSION) \ + TCTL_VERSION=$(TCTL_VERSION) \ + IMAGE_REPO=$(IMAGE_REPO) \ + IMAGE_SHA_TAG=$(IMAGE_SHA_TAG) \ + IMAGE_BRANCH_TAG=$(IMAGE_BRANCH_TAG) \ + TEMPORAL_SHA=$(TEMPORAL_SHA) \ + TAG_LATEST=$(TAG_LATEST) \ + ALPINE_IMAGE=$(ALPINE_IMAGE) + +.PHONY: build-tools +build-admin-tools: + ./build-from-source.sh $(CLI_VERSION) amd64 $(TEMPORAL_SHA) + ./build-from-source.sh $(CLI_VERSION) arm64 $(TEMPORAL_SHA) + $(BAKE_ENV) docker buildx bake admin-tools + +.PHONY: build-admin-tools-legacy +build-admin-tools-legacy: + ./download-binaries.sh $(SERVER_VERSION) $(CLI_VERSION) $(TCTL_VERSION) amd64 + ./download-binaries.sh $(SERVER_VERSION) $(CLI_VERSION) $(TCTL_VERSION) arm64 + ./copy-schema.sh + $(BAKE_ENV) docker buildx bake legacy-admin-tools + +.PHONY: build-server +build-server: + ./build-from-source.sh $(CLI_VERSION) amd64 $(TEMPORAL_SHA) + ./build-from-source.sh $(CLI_VERSION) arm64 $(TEMPORAL_SHA) + $(BAKE_ENV) docker buildx bake server + +.PHONY: build-server-legacy +build-server-legacy: + ./download-binaries.sh $(SERVER_VERSION) $(CLI_VERSION) $(TCTL_VERSION) amd64 + ./download-binaries.sh $(SERVER_VERSION) $(CLI_VERSION) $(TCTL_VERSION) arm64 + $(BAKE_ENV) docker buildx bake legacy-server + +.PHONY: push +push: + ./download-binaries.sh $(SERVER_VERSION) $(CLI_VERSION) $(TCTL_VERSION) amd64 + ./download-binaries.sh $(SERVER_VERSION) $(CLI_VERSION) $(TCTL_VERSION) arm64 + ./copy-schema.sh + $(BAKE_ENV) docker buildx bake --push + +.PHONY: clean +clean: + rm -rf ./build diff --git a/.github/docker/build-from-source.sh b/.github/docker/build-from-source.sh new file mode 100755 index 00000000000..74cf5833fb9 --- /dev/null +++ b/.github/docker/build-from-source.sh @@ -0,0 +1,89 @@ +#!/bin/bash + +set -euo pipefail + +# Build binaries from source by cloning temporal repo at specific SHA using goreleaser +# Usage: ./build-from-source.sh [temporal-sha] +# Example: ./build-from-source.sh 1.5.0 amd64 +# Example: ./build-from-source.sh 1.5.0 amd64 abc123def456 + +CLI_VERSION="${1:?CLI version required (e.g., 1.5.0)}" +ARCH="${2:-amd64}" +# Default to latest commit on main if not specified +TEMPORAL_SHA="${3:-$(git ls-remote https://github.com/temporalio/temporal.git HEAD | awk '{print $1}')}" + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +BUILD_DIR="${SCRIPT_DIR}/build/${ARCH}" +TEMP_DIR="${SCRIPT_DIR}/build/temp" +TEMPORAL_CLONE_DIR="${SCRIPT_DIR}/build/temporal" + +echo "Building binaries from source for ${ARCH}..." +echo " Temporal SHA: ${TEMPORAL_SHA}" +echo " CLI version: ${CLI_VERSION}" + +# Create build directories +mkdir -p "${BUILD_DIR}" +mkdir -p "${TEMP_DIR}" + +# Clone temporal repo at specific SHA (only once, not per architecture) +if [ ! -d "${TEMPORAL_CLONE_DIR}/.git" ]; then + echo "Cloning temporal repository at SHA ${TEMPORAL_SHA}..." + rm -rf "${TEMPORAL_CLONE_DIR}" + git clone https://github.com/temporalio/temporal.git "${TEMPORAL_CLONE_DIR}" + cd "${TEMPORAL_CLONE_DIR}" + git checkout "${TEMPORAL_SHA}" +else + echo "Using existing temporal clone at ${TEMPORAL_CLONE_DIR}" + cd "${TEMPORAL_CLONE_DIR}" + # Ensure we're at the correct SHA + CURRENT_SHA=$(git rev-parse HEAD) + if [ "${CURRENT_SHA}" != "${TEMPORAL_SHA}" ]; then + echo "Updating temporal clone to SHA ${TEMPORAL_SHA}..." + git fetch origin + git checkout "${TEMPORAL_SHA}" + fi +fi + +# Verify elasticsearch tool exists +if [ ! -d "./cmd/tools/elasticsearch" ]; then + echo "Error: temporal-elasticsearch-tool source not found at ./cmd/tools/elasticsearch" + exit 1 +fi + +# Build temporal server binaries individually using goreleaser +echo "Building temporal binaries with goreleaser for linux/${ARCH}..." +# Use goreleaser v1 if available in /tmp, otherwise use system goreleaser +GORELEASER_BIN="goreleaser" +if [ -f "/tmp/goreleaser" ]; then + GORELEASER_BIN="/tmp/goreleaser" +fi + +# Build each binary individually with --single-target and --id +# Set GOOS and GOARCH to ensure we build for Linux +echo "Building temporal-server..." +GOOS=linux GOARCH=${ARCH} ${GORELEASER_BIN} build --single-target --id temporal-server --output "${BUILD_DIR}/temporal-server" --snapshot --clean + +echo "Building temporal-cassandra-tool..." +GOOS=linux GOARCH=${ARCH} ${GORELEASER_BIN} build --single-target --id temporal-cassandra-tool --output "${BUILD_DIR}/temporal-cassandra-tool" --snapshot --clean + +echo "Building temporal-sql-tool..." +GOOS=linux GOARCH=${ARCH} ${GORELEASER_BIN} build --single-target --id temporal-sql-tool --output "${BUILD_DIR}/temporal-sql-tool" --snapshot --clean + +echo "Building temporal-elasticsearch-tool..." +GOOS=linux GOARCH=${ARCH} ${GORELEASER_BIN} build --single-target --id temporal-elasticsearch-tool --output "${BUILD_DIR}/temporal-elasticsearch-tool" --snapshot --clean + +echo "Building tdbg..." +GOOS=linux GOARCH=${ARCH} ${GORELEASER_BIN} build --single-target --id tdbg --output "${BUILD_DIR}/tdbg" --snapshot --clean + +# Download temporal CLI from releases (separate repository) +echo "Downloading temporal CLI..." +curl -fsSL "https://github.com/temporalio/cli/releases/download/v${CLI_VERSION}/temporal_cli_${CLI_VERSION}_linux_${ARCH}.tar.gz" \ + | tar -xz -C "${BUILD_DIR}" temporal + +# Schema is already available in the cloned repo at build/temporal/schema +# The Dockerfile expects it at ./build/temporal/schema which is where we cloned it +echo "Schema directory available at ${TEMPORAL_CLONE_DIR}/schema" + + +echo "Done building binaries for ${ARCH}" +ls -lh "${BUILD_DIR}" diff --git a/.github/docker/copy-schema.sh b/.github/docker/copy-schema.sh new file mode 100755 index 00000000000..46f2e4281eb --- /dev/null +++ b/.github/docker/copy-schema.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +set -euo pipefail + +# Copy schema directory from the repo root +# Usage: ./copy-schema.sh + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +REPO_ROOT="$(cd "${SCRIPT_DIR}/../.." && pwd)" +BUILD_DIR="${SCRIPT_DIR}/build" + +echo "Copying schema directory..." + +# Create build directory if it doesn't exist +mkdir -p "${BUILD_DIR}/temporal" + +# Copy schema directory from repo root +cp -r "${REPO_ROOT}/schema" "${BUILD_DIR}/temporal/" + +echo "Schema directory copied to ${BUILD_DIR}/temporal/schema" diff --git a/.github/docker/docker-bake.hcl b/.github/docker/docker-bake.hcl new file mode 100644 index 00000000000..85c4cd4cbe2 --- /dev/null +++ b/.github/docker/docker-bake.hcl @@ -0,0 +1,143 @@ +variable "SERVER_VERSION" { + default = "1.29.1" +} +variable "ALPINE_IMAGE" { + default = "alpine:3.22@sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412" +} + + +variable "CLI_VERSION" { + default = "1.5.0" +} + +variable "TCTL_VERSION" { + default = "1.18.4" +} + +variable "IMAGE_REPO" { + default = "temporaliotest" +} + +variable "IMAGE_SHA_TAG" {} + +variable "IMAGE_BRANCH_TAG" {} + +variable "SAFE_IMAGE_BRANCH_TAG" { + default = join("-", [for c in regexall("[a-z0-9]+", lower(IMAGE_BRANCH_TAG)) : c]) +} + +variable "TEMPORAL_SHA" { + default = "" +} + +variable "TAG_LATEST" { + default = false +} + +# Legacy targets (legacy-admin-tools, legacy-server) are for building images with server versions +# older than v1.27.0 (3 minor versions behind v1.30.0). Once support for pre-1.27.0 versions is +# no longer needed, these legacy targets can be removed and only the standard targets should be used. + +target "admin-tools" { + dockerfile = "targets/admin-tools.Dockerfile" + tags = compact([ + "${IMAGE_REPO}/admin-tools:${IMAGE_SHA_TAG}", + "${IMAGE_REPO}/admin-tools:${SAFE_IMAGE_BRANCH_TAG}", + TAG_LATEST ? "${IMAGE_REPO}/admin-tools:latest" : "", + ]) + platforms = ["linux/amd64", "linux/arm64"] + args = { + ALPINE_IMAGE = "${ALPINE_IMAGE}" + } + labels = { + "org.opencontainers.image.title" = "admin-tools" + "org.opencontainers.image.description" = "Temporal admin tools" + "org.opencontainers.image.url" = "https://github.com/temporalio/temporal" + "org.opencontainers.image.source" = "https://github.com/temporalio/temporal" + "org.opencontainers.image.licenses" = "MIT" + "org.opencontainers.image.version" = "${SERVER_VERSION}" + "org.opencontainers.image.revision" = "${TEMPORAL_SHA}" + "org.opencontainers.image.created" = timestamp() + "com.temporal.server.version" = "${SERVER_VERSION}" + "com.temporal.cli.version" = "${CLI_VERSION}" + } +} + +target "legacy-admin-tools" { + dockerfile = "targets/legacy-admin-tools.Dockerfile" + target = "temporal-admin-tools" + tags = compact([ + "${IMAGE_REPO}/admin-tools:${IMAGE_SHA_TAG}", + "${IMAGE_REPO}/admin-tools:${SAFE_IMAGE_BRANCH_TAG}", + TAG_LATEST ? "${IMAGE_REPO}/admin-tools:latest" : "", + ]) + platforms = ["linux/amd64", "linux/arm64"] + args = { + ALPINE_IMAGE = "${ALPINE_IMAGE}" + } + labels = { + "org.opencontainers.image.title" = "admin-tools" + "org.opencontainers.image.description" = "Temporal admin tools with database clients" + "org.opencontainers.image.url" = "https://github.com/temporalio/temporal" + "org.opencontainers.image.source" = "https://github.com/temporalio/temporal" + "org.opencontainers.image.licenses" = "MIT" + "org.opencontainers.image.version" = "${SERVER_VERSION}" + "org.opencontainers.image.revision" = "${TEMPORAL_SHA}" + "org.opencontainers.image.created" = timestamp() + "com.temporal.server.version" = "${SERVER_VERSION}" + "com.temporal.cli.version" = "${CLI_VERSION}" + "com.temporal.tctl.version" = "${TCTL_VERSION}" + } +} + +target "server" { + dockerfile = "targets/server.Dockerfile" + tags = compact([ + "${IMAGE_REPO}/server:${IMAGE_SHA_TAG}", + "${IMAGE_REPO}/server:${SAFE_IMAGE_BRANCH_TAG}", + TAG_LATEST ? "${IMAGE_REPO}/server:latest" : "", + ]) + platforms = ["linux/amd64", "linux/arm64"] + args = { + ALPINE_IMAGE = "${ALPINE_IMAGE}" + } + labels = { + "org.opencontainers.image.title" = "server" + "org.opencontainers.image.description" = "Temporal Server" + "org.opencontainers.image.url" = "https://github.com/temporalio/temporal" + "org.opencontainers.image.source" = "https://github.com/temporalio/temporal" + "org.opencontainers.image.licenses" = "MIT" + "org.opencontainers.image.version" = "${SERVER_VERSION}" + "org.opencontainers.image.revision" = "${TEMPORAL_SHA}" + "org.opencontainers.image.created" = timestamp() + "com.temporal.server.version" = "${SERVER_VERSION}" + } +} + +target "legacy-server" { + dockerfile = "targets/legacy-server.Dockerfile" + tags = compact([ + "${IMAGE_REPO}/server:${IMAGE_SHA_TAG}", + "${IMAGE_REPO}/server:${SAFE_IMAGE_BRANCH_TAG}", + TAG_LATEST ? "${IMAGE_REPO}/server:latest" : "", + ]) + platforms = ["linux/amd64", "linux/arm64"] + args = { + ALPINE_IMAGE = "${ALPINE_IMAGE}" + TEMPORAL_VERSION = "${SERVER_VERSION}" + TEMPORAL_SHA = "${TEMPORAL_SHA}" + } + labels = { + "org.opencontainers.image.title" = "server" + "org.opencontainers.image.description" = "Temporal Server with tctl" + "org.opencontainers.image.url" = "https://github.com/temporalio/temporal" + "org.opencontainers.image.source" = "https://github.com/temporalio/temporal" + "org.opencontainers.image.licenses" = "MIT" + "org.opencontainers.image.version" = "${SERVER_VERSION}" + "org.opencontainers.image.revision" = "${TEMPORAL_SHA}" + "org.opencontainers.image.created" = timestamp() + "com.temporal.server.version" = "${SERVER_VERSION}" + "com.temporal.cli.version" = "${CLI_VERSION}" + "com.temporal.tctl.version" = "${TCTL_VERSION}" + } +} diff --git a/.github/docker/download-binaries.sh b/.github/docker/download-binaries.sh new file mode 100755 index 00000000000..ef33a5a379b --- /dev/null +++ b/.github/docker/download-binaries.sh @@ -0,0 +1,91 @@ +#!/bin/bash + +set -euo pipefail + +# Download binaries from GitHub release assets and build tdbg +# Usage: ./download-binaries.sh +# Example: ./download-binaries.sh 1.29.1 1.5.0 1.18.4 amd64 + +SERVER_VERSION="${1:?Server version required (e.g., 1.29.1)}" +CLI_VERSION="${2:?CLI version required (e.g., 1.5.0)}" +TCTL_VERSION="${3:?tctl version required (e.g., 1.18.4)}" +ARCH="${4:-amd64}" +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +BUILD_DIR="${SCRIPT_DIR}/build/${ARCH}" +TEMP_DIR="${SCRIPT_DIR}/build/temp" + +echo "Downloading binaries for ${ARCH}..." +echo " Server: ${SERVER_VERSION}" +echo " CLI: ${CLI_VERSION}" +echo " tctl: ${TCTL_VERSION}" + +# Create build directory +mkdir -p "${BUILD_DIR}" + +# Download Temporal server tools +echo "Downloading Temporal server tools..." +curl -fsSL "https://github.com/temporalio/temporal/releases/download/v${SERVER_VERSION}/temporal_${SERVER_VERSION}_linux_${ARCH}.tar.gz" \ + | tar -xz -C "${BUILD_DIR}" temporal-server temporal-cassandra-tool temporal-sql-tool + +# Download temporal CLI +echo "Downloading temporal CLI..." +curl -fsSL "https://github.com/temporalio/cli/releases/download/v${CLI_VERSION}/temporal_cli_${CLI_VERSION}_linux_${ARCH}.tar.gz" \ + | tar -xz -C "${BUILD_DIR}" temporal + +# Download tctl +echo "Downloading tctl..." +curl -fsSL "https://github.com/temporalio/tctl/releases/download/v${TCTL_VERSION}/tctl_${TCTL_VERSION}_linux_${ARCH}.tar.gz" \ + | tar -xz -C "${BUILD_DIR}" tctl tctl-authorization-plugin + +# Build tdbg from source (version-specific) +echo "Building tdbg from source..." +mkdir -p "${TEMP_DIR}" +cd "${TEMP_DIR}" + +# Remove any existing temporal directory to ensure we get the correct version +rm -rf temporal + +# Clone the temporal repo at the specific version +git clone --depth 1 --branch "v${SERVER_VERSION}" https://github.com/temporalio/temporal.git + +cd temporal + +# Build tdbg using Go +echo "Building tdbg for ${ARCH}..." +GOOS=linux GOARCH=${ARCH} CGO_ENABLED=0 go build -o "${BUILD_DIR}/tdbg" ./cmd/tools/tdbg + +# Build temporal-elasticsearch-tool if it exists using goreleaser +if [ -d "./cmd/tools/elasticsearch" ]; then + echo "Building temporal-elasticsearch-tool for ${ARCH} using goreleaser..." + goreleaser build --single-target --id temporal-elasticsearch-tool --output "${BUILD_DIR}/temporal-elasticsearch-tool" --snapshot --clean +fi + +# Copy config template from the cloned temporal repo (version-specific) +# Only copy once (for the first architecture built) +if [ ! -f "${SCRIPT_DIR}/build/config_template.yaml" ]; then + echo "Copying config template from temporal repo..." + # config_template.yaml is only needed for legacy-server (dockerize templating) + cp "${TEMP_DIR}/temporal/docker/config_template.yaml" "${SCRIPT_DIR}/build/config_template.yaml" +fi + +# Clean up temp directory +cd "${SCRIPT_DIR}" +rm -rf "${TEMP_DIR}" + +# Build temporal-elasticsearch-tool from current repository +# This tool is not available in older server versions, so we build from current repo +echo "Building temporal-elasticsearch-tool for ${ARCH}..." +REPO_ROOT="$(cd "${SCRIPT_DIR}/../.." && pwd)" +if [ -d "${REPO_ROOT}/cmd/tools/elasticsearch" ]; then + cd "${REPO_ROOT}" + GOOS=linux GOARCH=${ARCH} CGO_ENABLED=0 go build -o "${BUILD_DIR}/temporal-elasticsearch-tool" ./cmd/tools/elasticsearch +else + echo "Warning: temporal-elasticsearch-tool source not found in current repository, skipping..." +fi +cd "${SCRIPT_DIR}" + +# Make binaries executable +chmod +x "${BUILD_DIR}"/* + +echo "Done downloading and building binaries for ${ARCH}" +ls -lh "${BUILD_DIR}" diff --git a/.github/docker/scripts/bash/entrypoint.sh b/.github/docker/scripts/bash/entrypoint.sh new file mode 100755 index 00000000000..c81e75aab64 --- /dev/null +++ b/.github/docker/scripts/bash/entrypoint.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -eu -o pipefail + +# Resolve hostname to IP address for binding if not already set (supports both IPv4 and IPv6) +: "${BIND_ON_IP:=$(getent hosts "$(hostname)" | awk '{print $1;}')}" +export BIND_ON_IP + +# If binding to wildcard address (0.0.0.0 or ::0), set broadcast address if not already set +if [[ "${BIND_ON_IP}" == "0.0.0.0" || "${BIND_ON_IP}" == "::0" ]]; then + : "${TEMPORAL_BROADCAST_ADDRESS:=$(getent hosts "$(hostname)" | awk '{print $1;}')}" + export TEMPORAL_BROADCAST_ADDRESS +fi + +# Set default Temporal server address if not already configured +if [[ -z "${TEMPORAL_ADDRESS:-}" ]]; then + echo "TEMPORAL_ADDRESS is not set, setting it to ${BIND_ON_IP}:7233" + + # IPv6 addresses contain colons and must be wrapped in brackets to avoid ambiguity with port separator + if [[ "${BIND_ON_IP}" =~ ":" ]]; then + # ipv6 + export TEMPORAL_ADDRESS="[${BIND_ON_IP}]:7233" + else + # ipv4 + export TEMPORAL_ADDRESS="${BIND_ON_IP}:7233" + fi +fi + +# Support TEMPORAL_CLI_ADDRESS for backwards compatibility. +# TEMPORAL_CLI_ADDRESS is deprecated and support for it will be removed in the future release. +if [[ -z "${TEMPORAL_CLI_ADDRESS:-}" ]]; then + export TEMPORAL_CLI_ADDRESS="${TEMPORAL_ADDRESS}" +fi + +# Process config template with environment variable substitution +dockerize -template /etc/temporal/config/config_template.yaml:/etc/temporal/config/docker.yaml + +# Support "bash" argument for debugging (drops into shell instead of starting server) +for arg; do + if [[ ${arg} == bash ]]; then + bash + exit 0 + fi +done + +exec /etc/temporal/start-temporal.sh diff --git a/.github/docker/scripts/bash/start-temporal.sh b/.github/docker/scripts/bash/start-temporal.sh new file mode 100755 index 00000000000..ba36b4cefbf --- /dev/null +++ b/.github/docker/scripts/bash/start-temporal.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +set -eu -o pipefail + +: "${SERVICES:=}" + +flags=() +if [[ -n ${SERVICES} ]]; then + # Convert colon (or comma, for backward compatibility) separated string (i.e. "history:matching") + # to valid flag list (i.e. "--service=history --service=matching"). + SERVICES="${SERVICES//:/,}" + SERVICES="${SERVICES//,/ }" + for i in $SERVICES; do flags+=("--service=$i"); done +fi + +exec temporal-server --env docker start "${flags[@]}" diff --git a/.github/docker/targets/admin-tools.Dockerfile b/.github/docker/targets/admin-tools.Dockerfile new file mode 100644 index 00000000000..7461c9b7268 --- /dev/null +++ b/.github/docker/targets/admin-tools.Dockerfile @@ -0,0 +1,25 @@ +ARG ALPINE_IMAGE +FROM ${ALPINE_IMAGE} + +ARG TARGETARCH + +RUN apk add --no-cache \ + ca-certificates \ + tzdata \ + tini + +COPY --chmod=755 ./build/${TARGETARCH}/temporal /usr/local/bin/ +COPY --chmod=755 ./build/${TARGETARCH}/tdbg /usr/local/bin/ +COPY --chmod=755 ./build/${TARGETARCH}/temporal-cassandra-tool /usr/local/bin/ +COPY --chmod=755 ./build/${TARGETARCH}/temporal-sql-tool /usr/local/bin/ +COPY --chmod=755 ./build/${TARGETARCH}/temporal-elasticsearch-tool /usr/local/bin/ + +COPY ./build/temporal/schema /etc/temporal/schema + +RUN addgroup -g 1000 temporal && \ + adduser -u 1000 -G temporal -D temporal + +USER temporal +WORKDIR /etc/temporal + +ENTRYPOINT ["tini", "--", "sleep", "infinity"] diff --git a/.github/docker/targets/legacy-admin-tools.Dockerfile b/.github/docker/targets/legacy-admin-tools.Dockerfile new file mode 100644 index 00000000000..4fb4ec5bd3f --- /dev/null +++ b/.github/docker/targets/legacy-admin-tools.Dockerfile @@ -0,0 +1,63 @@ +ARG ALPINE_IMAGE + +FROM ${ALPINE_IMAGE} AS builder + +# These are necessary to install cqlsh +RUN apk add --update --no-cache \ + python3-dev \ + musl-dev \ + libev-dev \ + gcc \ + pipx + +RUN pipx install --global cqlsh + +FROM ${ALPINE_IMAGE} AS temporal-admin-tools + +RUN apk upgrade --no-cache +RUN apk add --no-cache \ + python3 \ + libev \ + ca-certificates \ + tzdata \ + bash \ + curl \ + jq \ + yq \ + mysql-client \ + postgresql-client \ + expat \ + tini + +COPY --from=builder /opt/pipx/venvs/cqlsh /opt/pipx/venvs/cqlsh +RUN ln -s /opt/pipx/venvs/cqlsh/bin/cqlsh /usr/local/bin/cqlsh + +# validate cqlsh installation +RUN cqlsh --version + +ARG TARGETARCH + +COPY ./build/${TARGETARCH}/tctl /usr/local/bin +COPY ./build/${TARGETARCH}/tctl-authorization-plugin /usr/local/bin +COPY ./build/${TARGETARCH}/temporal /usr/local/bin +COPY ./build/${TARGETARCH}/temporal-cassandra-tool /usr/local/bin +COPY ./build/${TARGETARCH}/temporal-sql-tool /usr/local/bin +COPY ./build/${TARGETARCH}/tdbg /usr/local/bin +COPY ./build/temporal/schema /etc/temporal/schema + +# Alpine has a /etc/bash/bashrc that sources all files named /etc/bash/*.sh for +# interactive shells, so we can add completion logic in /etc/bash/temporal-completion.sh +# Completion for temporal depends on the bash-completion package. + +RUN apk add bash-completion && \ + temporal completion bash > /etc/bash/temporal-completion.sh + +RUN addgroup -g 1000 temporal && adduser -u 1000 -G temporal -D temporal + +USER temporal +WORKDIR /etc/temporal + +SHELL ["/bin/bash", "-c"] + +# Keep the container running. +ENTRYPOINT ["tini", "--", "sleep", "infinity"] diff --git a/.github/docker/targets/legacy-server.Dockerfile b/.github/docker/targets/legacy-server.Dockerfile new file mode 100644 index 00000000000..437c81bac12 --- /dev/null +++ b/.github/docker/targets/legacy-server.Dockerfile @@ -0,0 +1,55 @@ +ARG ALPINE_IMAGE + +FROM ${ALPINE_IMAGE} +ARG TARGETARCH +ARG TEMPORAL_SHA=unknown +ARG DOCKERIZE_VERSION=v0.9.2 +ARG TEMPORAL_VERSION=dev + +# Install runtime dependencies and dockerize +RUN apk update --no-cache \ + && apk add --no-cache wget openssl ca-certificates tzdata bash curl \ + && set -eux; \ + case "${TARGETARCH}" in \ + amd64) DOCKERIZE_PLATFORM="alpine-linux"; DOCKERIZE_ARCH="amd64" ;; \ + arm64) DOCKERIZE_PLATFORM="linux"; DOCKERIZE_ARCH="arm64" ;; \ + arm) DOCKERIZE_PLATFORM="linux"; DOCKERIZE_ARCH="armhf" ;; \ + *) echo "unsupported TARGETARCH ${TARGETARCH}"; exit 1 ;; \ + esac; \ + wget -O - "https://github.com/jwilder/dockerize/releases/download/${DOCKERIZE_VERSION}/dockerize-${DOCKERIZE_PLATFORM}-${DOCKERIZE_ARCH}-${DOCKERIZE_VERSION}.tar.gz" | tar xzf - -C /usr/local/bin \ + && chmod +x /usr/local/bin/dockerize \ + && apk del wget + +# Use bash for subsequent RUN commands +SHELL ["/bin/bash", "-c"] + +# Setup temporal user and directories +RUN addgroup -g 1000 temporal && \ + adduser -u 1000 -G temporal -D temporal && \ + mkdir -p /etc/temporal/config/dynamicconfig && \ + touch /etc/temporal/config/dynamicconfig/docker.yaml && \ + chown -R temporal:temporal /etc/temporal/config + +WORKDIR /etc/temporal + +ENV TEMPORAL_HOME=/etc/temporal +ENV TEMPORAL_SHA=${TEMPORAL_SHA} + +EXPOSE 6933 6934 6935 6939 7233 7234 7235 7239 + +# Copy binaries +COPY --chmod=755 ./build/${TARGETARCH}/tctl /usr/local/bin/ +COPY --chmod=755 ./build/${TARGETARCH}/tctl-authorization-plugin /usr/local/bin/ +COPY --chmod=755 ./build/${TARGETARCH}/temporal-server /usr/local/bin/ +COPY --chmod=755 ./build/${TARGETARCH}/temporal /usr/local/bin/ + +# Copy configs +COPY ./build/config_template.yaml /etc/temporal/config/config_template.yaml + +# Copy scripts +COPY --chmod=755 ./scripts/bash/entrypoint.sh /etc/temporal/entrypoint.sh +COPY --chmod=755 ./scripts/bash/start-temporal.sh /etc/temporal/start-temporal.sh + +USER temporal + +ENTRYPOINT ["/etc/temporal/entrypoint.sh"] diff --git a/.github/docker/targets/server.Dockerfile b/.github/docker/targets/server.Dockerfile new file mode 100644 index 00000000000..e92e8de1232 --- /dev/null +++ b/.github/docker/targets/server.Dockerfile @@ -0,0 +1,17 @@ +ARG ALPINE_IMAGE + +FROM ${ALPINE_IMAGE} + +ARG TARGETARCH + +RUN apk add --no-cache \ + ca-certificates \ + tzdata && addgroup -g 1000 temporal && \ + adduser -u 1000 -G temporal -D temporal + +COPY --chmod=755 ./build/${TARGETARCH}/temporal-server /usr/local/bin/ + +WORKDIR /etc/temporal +USER temporal + +ENTRYPOINT [ "temporal-server", "start" ]