ADD Docker build images, test, release (#27)

* ADD Docker build images, test, release

* macos x64

* comment linux/s390x

* get version from official release

* get version from official release OpenICF

* get version from official release OpenICF

* get version from official release by API

* get version from official release by API

* fix context release.yml

Author: vharseko

.github/workflows/build.yml

@@ -11,7 +11,7 @@ jobs:
     strategy:
       matrix:
         java: [ '8', '11', '17', '21' ]
-        os: [ 'ubuntu-latest', 'macos-latest', 'windows-latest' ]
+        os: [ 'ubuntu-latest', 'macos-12', 'windows-latest' ]
       fail-fast: false
     steps:
       - uses: actions/checkout@v4
@@ -86,3 +86,98 @@ jobs:
             OpenICF-ssh-connector/target/*.jar
             OpenICF-xml-connector/target/*.jar
             !**/*-sources.jar
+  build-docker:
+    runs-on: 'ubuntu-latest'
+    services:
+      registry:
+        image: registry:2
+        ports:
+          - 5000:5000
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Get latest release version
+        shell: bash
+        run:   |
+          export git_version_last="$(curl -i -o - --silent https://api.github.com/repos/OpenIdentityPlatform/OpenICF/releases/latest | grep -m1 "\"name\"" | cut -d\" -f4)" ; echo "last release: $git_version_last"
+          echo "release_version=$git_version_last" >> $GITHUB_ENV
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            localhost:5000/${{ github.repository }}
+          tags: |
+            type=raw,value=${{ env.release_version }}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          driver-opts: network=host
+      - name: Build image (default)
+        uses: docker/build-push-action@v5
+        continue-on-error: true
+        with:
+          context: .
+          file: ./Dockerfile
+          build-args: |
+            VERSION=${{ env.release_version }}
+          platforms: linux/amd64, linux/arm64/8, linux/arm/v7, linux/ppc64le #, linux/s390x
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+      - name: Docker test
+        shell: bash
+        run: |
+          docker run --rm -it -d --memory="1g" --name=test localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}
+          timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test | grep -q \"healthy\"; do sleep 10; done'
+  build-docker-alpine:
+    runs-on: 'ubuntu-latest'
+    services:
+      registry:
+        image: registry:2
+        ports:
+          - 5000:5000
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Get latest release version
+        shell: bash
+        run:   |
+          export git_version_last="$(curl -i -o - --silent https://api.github.com/repos/OpenIdentityPlatform/OpenICF/releases/latest | grep -m1 "\"name\"" | cut -d\" -f4)" ; echo "last release: $git_version_last"
+          echo "release_version=$git_version_last" >> $GITHUB_ENV
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            localhost:5000/${{ github.repository }}
+          tags: |
+            type=raw,value=alpine
+            type=raw,value=${{ env.release_version }}-alpine
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          driver-opts: network=host
+      - name: Build image
+        continue-on-error: true
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile-alpine
+          build-args: |
+            VERSION=${{ env.release_version }}
+          platforms: linux/amd64,linux/arm64/8, linux/s390x, linux/386, linux/arm/v7, linux/arm/v6, linux/ppc64le
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+      - name: Docker test
+        shell: bash
+        run: |
+          docker run --rm -it -d --memory="1g" --name=test localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}-alpine
+          timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test | grep -q \"healthy\"; do sleep 10; done'

.github/workflows/release.yml

@@ -76,3 +76,99 @@ jobs:
             OpenICF-ldap-connector/target/*.jar
             OpenICF-ssh-connector/target/*.jar
             OpenICF-xml-connector/target/*.jar
+  release-docker:
+    name: Docker release
+    runs-on: 'ubuntu-latest'
+    needs:
+      - release-maven
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.inputs.releaseVersion }}
+          fetch-depth: 1
+          submodules: recursive
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ github.repository }}
+            ghcr.io/${{ github.repository }}/${{ github.event.repository.name }}
+          tags: |
+            type=raw,value=latest
+            type=raw,value=${{ github.event.inputs.releaseVersion }}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push image
+        uses: docker/build-push-action@v5
+        continue-on-error: true
+        with:
+          context: .
+          file: ./Dockerfile
+          build-args: |
+            VERSION=${{ github.event.inputs.releaseVersion }}
+          platforms: linux/amd64, linux/arm64/8, linux/arm/v7, linux/ppc64le #, linux/s390x
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+  release-docker-alpine:
+    name: Docker release
+    runs-on: 'ubuntu-latest'
+    needs:
+      - release-maven
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.inputs.releaseVersion }}
+          fetch-depth: 1
+          submodules: recursive
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ github.repository }}
+            ghcr.io/${{ github.repository }}/${{ github.event.repository.name }}
+          tags: |
+            type=raw,value=alpine
+            type=raw,value=${{ github.event.inputs.releaseVersion }}-alpine
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push image
+        continue-on-error: true
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile-alpine
+          build-args: |
+            VERSION=${{ github.event.inputs.releaseVersion }}
+          platforms: linux/amd64,linux/arm64/8, linux/s390x, linux/386, linux/arm/v7, linux/arm/v6, linux/ppc64le
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

Dockerfile

@@ -0,0 +1,33 @@
+FROM eclipse-temurin:8-jre-jammy
+
+MAINTAINER Open Identity Platform Community <[email protected]>
+
+ENV USER="openicf"
+ENV OPENICF_OPTS="-server -XX:+UseContainerSupport"
+
+ARG VERSION
+
+WORKDIR /opt
+
+#COPY OpenICF-java-framework/openicf-zip/target/*.zip ./
+
+RUN apt-get update
+RUN apt-get install -y --no-install-recommends curl unzip
+RUN if [ ! -z "$VERSION" ] ; then rm -rf ./*.zip ; curl -L https://github.com/OpenIdentityPlatform/OpenICF/releases/download/$VERSION/openicf-$VERSION.zip --output openicf-$VERSION.zip ; fi
+RUN unzip openicf-*.zip && rm -rf *.zip
+RUN apt-get remove -y --purge unzip
+RUN rm -rf /var/lib/apt/lists/*
+RUN groupadd $USER
+RUN useradd -m -r -u 1001 -g $USER $USER
+RUN install -d -o $USER /opt/openicf
+RUN chown -R $USER:$USER /opt/openicf
+RUN chmod -R g=u /opt/openicf
+RUN chmod +x /opt/openicf/bin/*.sh
+
+EXPOSE 8759
+
+USER $USER
+
+HEALTHCHECK --interval=30s --timeout=30s --start-period=1s --retries=3 CMD curl -i -o - --silent  http://127.0.0.1:8759/openicf | grep -q "OpenICF Connector Server"
+
+ENTRYPOINT ["/opt/openicf/bin/ConnectorServer.sh","/run"]

Dockerfile-alpine

@@ -0,0 +1,33 @@
+FROM openjdk:8-jre-alpine
+
+MAINTAINER Open Identity Platform Community <[email protected]>
+
+ENV USER="openicf"
+ENV OPENICF_OPTS="-server -XX:+UseContainerSupport"
+
+ARG VERSION
+
+WORKDIR /opt
+
+#COPY OpenICF-java-framework/openicf-zip/target/*.zip ./
+
+RUN apk add --update --no-cache --virtual builddeps curl unzip
+RUN apk upgrade --update --no-cache
+RUN apk add bash
+RUN if [ ! -z "$VERSION" ] ; then rm -rf ./*.zip ; curl -L https://github.com/OpenIdentityPlatform/OpenICF/releases/download/$VERSION/openicf-$VERSION.zip --output openicf-$VERSION.zip ; fi
+RUN unzip openicf-*.zip && rm -rf *.zip
+RUN apk del unzip
+RUN addgroup -S $USER
+RUN adduser -S -u 1001 -G  $USER $USER
+RUN install -d -o $USER /opt/openicf
+RUN chown -R $USER:$USER /opt/openicf
+RUN chmod -R g=u /opt/openicf
+RUN chmod +x /opt/openicf/bin/*.sh
+
+EXPOSE 8759
+
+USER $USER
+
+HEALTHCHECK --interval=30s --timeout=30s --start-period=1s --retries=3 CMD curl -i -o - --silent  http://127.0.0.1:8759/openicf | grep -q "OpenICF Connector Server"
+
+ENTRYPOINT ["/opt/openicf/bin/ConnectorServer.sh","/run"]

README.md

@@ -6,6 +6,7 @@
 [![Last commit](https://img.shields.io/github/last-commit/OpenIdentityPlatform/OpenICF.svg)](https://github.com/OpenIdentityPlatform/OpenICF/commits/master)
 [![License](https://img.shields.io/badge/license-CDDL-blue.svg)](https://github.com/OpenIdentityPlatform/OpenICF/blob/master/LICENSE.md)
 [![Downloads](https://img.shields.io/github/downloads/OpenIdentityPlatform/OpenICF/total.svg)](https://github.com/OpenIdentityPlatform/OpenICF/releases)
+[![Docker](https://img.shields.io/docker/pulls/openidentityplatform/openicf.svg)](https://hub.docker.com/r/openidentityplatform/openicf)
 [![Gitter](https://img.shields.io/gitter/room/nwjs/nw.js.svg)](https://gitter.im/OpenIdentityPlatform/OpenIDM)
 [![Top language](https://img.shields.io/github/languages/top/OpenIdentityPlatform/OpenICF.svg)](https://github.com/OpenIdentityPlatform/OpenICF)
 [![Code size in bytes](https://img.shields.io/github/languages/code-size/OpenIdentityPlatform/OpenICF.svg)](https://github.com/OpenIdentityPlatform/OpenICF)
@@ -26,6 +27,7 @@ This project is licensed under the [Common Development and Distribution License
 
 ## Downloads 
 * [OpenICF ZIP](https://github.com/OpenIdentityPlatform/OpenICF/releases)
+* [OpenICF Docker](https://hub.docker.com/r/openidentityplatform/openicf/)
 
 ### OpenICF Java connectors:
 * [csvfile-connector](https://github.com/OpenIdentityPlatform/OpenICF/releases)