build: improve Dockerfile (zmap#688)

* Use multi-stage building to reduce image size * Add GitHub Action to publish image automatically on GitHub container registry zmap#688
tumi8 · Apr 2, 2022 · aa42aa8 · aa42aa8
1 parent 1a6b597
commit aa42aa8
Show file tree

Hide file tree

Showing 2 changed files with 108 additions and 20 deletions.
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -0,0 +1,57 @@
+name: Docker
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - v*
+env:
+  IMAGE_NAME: zmap
+
+jobs:
+  push:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+    steps:
+      - uses: actions/checkout@v3
+      - uses: docker/setup-qemu-action@v1
+      - uses: docker/setup-buildx-action@v1
+
+      - name: Generate Image Tag
+        id: image-tag
+        run: |
+          IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME
+
+          # Change all uppercase to lowercase
+          IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
+
+          # Strip git ref prefix from version
+          VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
+
+          # Strip "v" prefix from tag name
+          [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
+
+          # Use Docker `latest` tag convention
+          [ "$VERSION" == "main" ] && VERSION=latest
+
+          echo IMAGE_ID=$IMAGE_ID
+          echo VERSION=$VERSION
+
+          echo "::set-output name=IMG_TAG::${IMAGE_ID}:${VERSION}"
+
+      - name: Log into GitHub Container Registry
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: true
+          pull: true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.image-tag.outputs.IMG_TAG }}
diff --git a/Dockerfile b/Dockerfile
@@ -3,32 +3,63 @@
 #
 # To build, beware of caching and:
 #
-#   * If you wish to build current master
+#   * If you wish to build current main
 #
-#        docker build -t zmap_ubuntu -f Dockerfile .
+#        docker build -t zmap .
 #
-#   * If you wish to build a specific commit, use the ZMAP_COMMIT build argument.
+#   * If you wish to build a specific commit, git checkout to that specific commit before building
 #
-#        docker build -t zmap_ubuntu -f Dockerfile --build-arg ZMAP_COMMIT=<your commit> .
+# To run CI pre-built images, use:
 #
-# To run:
-#
-#     docker run  -it --rm --net=host zmap_ubuntu <zmap args>
+#     docker run -it --rm --net=host ghcr.io/zmap/zmap <zmap args>
 ####
 
-FROM ubuntu:16.04
+FROM ubuntu:20.04 as builder
+
+ENV DEBIAN_FRONTEND=noninteractive
+ENV TZ=Etc/UTC
+
+RUN apt-get update \
+    && apt-get install -y \
+    build-essential \
+    cmake \
+    libgmp3-dev \
+    gengetopt \
+    libpcap-dev \
+    flex \
+    byacc \
+    libjson-c-dev \
+    pkg-config \
+    libunistring-dev \
+    && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /usr/local/src
+
+COPY . .
+
+RUN cd /usr/local/src \
+    && mkdir -p /opt/zmap \
+    && cmake . -DRESPECT_INSTALL_PREFIX_CONFIG=ON  \
+    && cmake --build . --parallel "$(nproc)" \
+    && cmake --install . --prefix "/opt/zmap" 
+
+FROM ubuntu:20.04
+
+LABEL org.opencontainers.image.source="https://github.com/zmap/zmap"
+
+RUN apt-get update \
+    && apt-get install -y \
+    libpcap0.8 \
+    libjson-c4 \
+    libhiredis0.14 \
+    libgmp10 \
+    dumb-init \
+    && rm -rf /var/lib/apt/lists/*
 
-ARG ZMAP_COMMIT=master
-ENV ZMAP_COMMIT ${ZMAP_COMMIT}
+COPY --from=builder /opt/zmap /opt/zmap
 
-RUN apt-get -qq update && apt-get -qqy upgrade
-# install zmap build dependencies
-RUN apt-get -qqy install build-essential cmake libgmp3-dev gengetopt libpcap-dev flex byacc libjson-c-dev pkg-config libunistring-dev wget unzip
-# install zmap+Docker specific things, currently just dumb-init, which allows
-# us to more easily send signals to zmap, for example by allowing ctrl-c of
-# a running container and zmap will stop.
-RUN apt-get -qqy install python-dev python-pip
-RUN pip install dumb-init
-RUN wget -q https://github.com/zmap/zmap/archive/${ZMAP_COMMIT}.zip && unzip -q ${ZMAP_COMMIT}.zip && cd zmap-${ZMAP_COMMIT} && (cmake . && make -j4 && make install) 2>&1 > /dev/null
+ENV PATH="/opt/zmap/sbin:${PATH}"
 
-ENTRYPOINT ["dumb-init", "/usr/local/sbin/zmap"]
+# dumb-init allows us to more easily send signals to zmap,
+# for example by allowing ctrl-c of a running container and zmap will stop.
+ENTRYPOINT ["dumb-init", "/opt/zmap/sbin/zmap"]