Add s6 type of images. Upgrade to trixie.

Author: dkorunic

.github/workflows/docker_auto.yml

@@ -6,7 +6,7 @@ on:
       - "[0-9]+.[0-9]+-dev[0-9]+"
 jobs:
   main:
-    runs-on: ubuntu-22.04
+    runs-on: large_runner
     permissions:
       contents: read
       packages: write
@@ -84,7 +84,47 @@ jobs:
             ghcr.io/${{ github.repository }}:${{ env.BUILD_BRANCH }}
             ghcr.io/${{ github.repository }}:${{ env.BUILD_VER }}
           cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache-new
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
+
+      - name: Move cache
+        if: ${{ env.BUILD_BRANCH == env.STABLE_BRANCH }}
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+
+      - name: Build and push latest stable branch for s6
+        if: ${{ env.BUILD_BRANCH == env.STABLE_BRANCH }}
+        id: docker_build_latest_s6
+        uses: docker/build-push-action@v6
+        with:
+          context: ${{ env.BUILD_BRANCH }}
+          file: ${{ env.BUILD_BRANCH }}/Dockerfile.api
+          builder: ${{ steps.buildx.outputs.name }}
+          platforms: ${{ env.DOCKER_PLATFORMS }}
+          push: true
+          labels: |
+            org.opencontainers.image.authors=${{ github.repository_owner }}
+            org.opencontainers.image.created=${{ env.BUILD_DATE }}
+            org.opencontainers.image.description=Created from commit ${{ env.GIT_SHA }} and ref ${{ env.GIT_REF }}
+            org.opencontainers.image.ref.name=${{ env.GIT_REF }}
+            org.opencontainers.image.revision=${{ github.sha }}
+            org.opencontainers.image.source=https://github.com/${{ github.repository }}
+            org.opencontainers.image.version=${{ env.BUILD_VER }}
+          tags: |
+            ${{ env.DOCKER_IMAGE }}:s6-latest
+            ${{ env.DOCKER_IMAGE }}:s6-${{ env.BUILD_BRANCH }}
+            ${{ env.DOCKER_IMAGE }}:s6-${{ env.BUILD_VER }}
+            ghcr.io/${{ github.repository }}:s6-latest
+            ghcr.io/${{ github.repository }}:s6-${{ env.BUILD_BRANCH }}
+            ghcr.io/${{ github.repository }}:s6-${{ env.BUILD_VER }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
+
+      - name: Move cache for s6
+        if: ${{ env.BUILD_BRANCH == env.STABLE_BRANCH }}
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
 
       - name: Build and push everything else
         if: ${{ env.BUILD_BRANCH != env.STABLE_BRANCH }}
@@ -110,9 +150,42 @@ jobs:
             ghcr.io/${{ github.repository }}:${{ env.BUILD_BRANCH }}
             ghcr.io/${{ github.repository }}:${{ env.BUILD_VER }}
           cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache-new
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
 
       - name: Move cache
+        if: ${{ env.BUILD_BRANCH != env.STABLE_BRANCH }}
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+
+      - name: Build and push everything else for s6
+        if: ${{ env.BUILD_BRANCH != env.STABLE_BRANCH }}
+        id: docker_build_regular_s6
+        uses: docker/build-push-action@v6
+        with:
+          context: ${{ env.BUILD_BRANCH }}
+          file: ${{ env.BUILD_BRANCH }}/Dockerfile.api
+          builder: ${{ steps.buildx.outputs.name }}
+          platforms: ${{ env.DOCKER_PLATFORMS }}
+          push: true
+          labels: |
+            org.opencontainers.image.authors=${{ github.repository_owner }}
+            org.opencontainers.image.created=${{ env.BUILD_DATE }}
+            org.opencontainers.image.description=Created from commit ${{ env.GIT_SHA }} and ref ${{ env.GIT_REF }}
+            org.opencontainers.image.ref.name=${{ env.GIT_REF }}
+            org.opencontainers.image.revision=${{ github.sha }}
+            org.opencontainers.image.source=https://github.com/${{ github.repository }}
+            org.opencontainers.image.version=${{ env.BUILD_VER }}
+          tags: |
+            ${{ env.DOCKER_IMAGE }}:s6-${{ env.BUILD_BRANCH }}
+            ${{ env.DOCKER_IMAGE }}:s6-${{ env.BUILD_VER }}
+            ghcr.io/${{ github.repository }}:s6-${{ env.BUILD_BRANCH }}
+            ghcr.io/${{ github.repository }}:s6-${{ env.BUILD_VER }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
+
+      - name: Move cache for s6
+        if: ${{ env.BUILD_BRANCH != env.STABLE_BRANCH }}
         run: |
           rm -rf /tmp/.buildx-cache
           mv /tmp/.buildx-cache-new /tmp/.buildx-cache

.github/workflows/docker_description.yml

@@ -8,7 +8,7 @@ on:
   workflow_dispatch:
 jobs:
   main:
-    runs-on: ubuntu-22.04
+    runs-on: large_runner
     env:
       DOCKER_IMAGE: haproxytech/haproxy-debian
     steps:

.github/workflows/docker_manual.yml

@@ -3,7 +3,7 @@ on:
   workflow_dispatch:
 jobs:
   main:
-    runs-on: ubuntu-22.04
+    runs-on: large_runner
     permissions:
       contents: read
       packages: write
@@ -84,7 +84,47 @@ jobs:
             ghcr.io/${{ github.repository }}:${{ env.BUILD_BRANCH }}
             ghcr.io/${{ github.repository }}:${{ env.BUILD_VER }}
           cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache-new
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
+
+      - name: Move cache
+        if: ${{ env.BUILD_BRANCH == env.STABLE_BRANCH }}
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+
+      - name: Build and push latest stable branch for s6
+        if: ${{ env.BUILD_BRANCH == env.STABLE_BRANCH }}
+        id: docker_build_latest_s6
+        uses: docker/build-push-action@v6
+        with:
+          context: ${{ env.BUILD_BRANCH }}
+          file: ${{ env.BUILD_BRANCH }}/Dockerfile.api
+          builder: ${{ steps.buildx.outputs.name }}
+          platforms: ${{ env.DOCKER_PLATFORMS }}
+          push: true
+          labels: |
+            org.opencontainers.image.authors=${{ github.repository_owner }}
+            org.opencontainers.image.created=${{ env.BUILD_DATE }}
+            org.opencontainers.image.description=Created from commit ${{ env.GIT_SHA }} and ref ${{ env.GIT_REF }}
+            org.opencontainers.image.ref.name=${{ env.GIT_REF }}
+            org.opencontainers.image.revision=${{ github.sha }}
+            org.opencontainers.image.source=https://github.com/${{ github.repository }}
+            org.opencontainers.image.version=${{ env.BUILD_VER }}
+          tags: |
+            ${{ env.DOCKER_IMAGE }}:s6-latest
+            ${{ env.DOCKER_IMAGE }}:s6-${{ env.BUILD_BRANCH }}
+            ${{ env.DOCKER_IMAGE }}:s6-${{ env.BUILD_VER }}
+            ghcr.io/${{ github.repository }}:s6-latest
+            ghcr.io/${{ github.repository }}:s6-${{ env.BUILD_BRANCH }}
+            ghcr.io/${{ github.repository }}:s6-${{ env.BUILD_VER }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
+
+      - name: Move cache
+        if: ${{ env.BUILD_BRANCH == env.STABLE_BRANCH }}
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
 
       - name: Build and push everything else
         if: ${{ env.BUILD_BRANCH != env.STABLE_BRANCH }}
@@ -110,9 +150,42 @@ jobs:
             ghcr.io/${{ github.repository }}:${{ env.BUILD_BRANCH }}
             ghcr.io/${{ github.repository }}:${{ env.BUILD_VER }}
           cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache-new
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
 
-      - name: Move cache
+      - name: Move cache for s6
+        if: ${{ env.BUILD_BRANCH != env.STABLE_BRANCH }}
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+
+      - name: Build and push everything else for s6
+        if: ${{ env.BUILD_BRANCH != env.STABLE_BRANCH }}
+        id: docker_build_regular_s6
+        uses: docker/build-push-action@v6
+        with:
+          context: ${{ env.BUILD_BRANCH }}
+          file: ${{ env.BUILD_BRANCH }}/Dockerfile.api
+          builder: ${{ steps.buildx.outputs.name }}
+          platforms: ${{ env.DOCKER_PLATFORMS }}
+          push: true
+          labels: |
+            org.opencontainers.image.authors=${{ github.repository_owner }}
+            org.opencontainers.image.created=${{ env.BUILD_DATE }}
+            org.opencontainers.image.description=Created from commit ${{ env.GIT_SHA }} and ref ${{ env.GIT_REF }}
+            org.opencontainers.image.ref.name=${{ env.GIT_REF }}
+            org.opencontainers.image.revision=${{ github.sha }}
+            org.opencontainers.image.source=https://github.com/${{ github.repository }}
+            org.opencontainers.image.version=${{ env.BUILD_VER }}
+          tags: |
+            ${{ env.DOCKER_IMAGE }}:s6-${{ env.BUILD_BRANCH }}
+            ${{ env.DOCKER_IMAGE }}:s6-${{ env.BUILD_VER }}
+            ghcr.io/${{ github.repository }}:s6-${{ env.BUILD_BRANCH }}
+            ghcr.io/${{ github.repository }}:s6-${{ env.BUILD_VER }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
+
+      - name: Move cache for s6
+        if: ${{ env.BUILD_BRANCH != env.STABLE_BRANCH }}
         run: |
           rm -rf /tmp/.buildx-cache
           mv /tmp/.buildx-cache-new /tmp/.buildx-cache

.github/workflows/update.yml

@@ -7,7 +7,7 @@ on:
 
 jobs:
   main:
-    runs-on: ubuntu-22.04
+    runs-on: large_runner
     steps:
       - name: Check out repo
         id: checkout

3.0/Dockerfile

@@ -1,6 +1,6 @@
 FROM golang:alpine AS builder
 
-ENV DATAPLANE_MINOR 3.2.4
+ENV DATAPLANE_MINOR 3.0.13
 ENV DATAPLANE_V2_MINOR 2.9.17
 ENV DATAPLANE_URL https://github.com/haproxytech/dataplaneapi.git
 
@@ -13,7 +13,7 @@ RUN apk add --no-cache ca-certificates git make && \
     git checkout "v${DATAPLANE_V2_MINOR}" && \
     make build && cp build/dataplaneapi /dataplaneapi-v2
 
-FROM debian:bookworm-slim
+FROM debian:trixie-slim
 
 MAINTAINER Dinko Korunic <[email protected]>
 

3.0/Dockerfile.api

@@ -0,0 +1,100 @@
+FROM debian:trixie-slim
+
+MAINTAINER Dinko Korunic <[email protected]>
+
+LABEL Name HAProxy
+LABEL Release Community Edition
+LABEL Vendor HAProxy
+LABEL Version 3.0.11
+LABEL RUN /usr/bin/docker -d IMAGE
+
+ENV HAPROXY_BRANCH 3.0
+ENV HAPROXY_MINOR 3.0.11
+ENV HAPROXY_SHA256 a133e2d550c5fd9a849b5c7ab17bb945bcdad209ca140d41f45ebf31943ae783
+ENV HAPROXY_SRC_URL http://www.haproxy.org/download
+
+ENV HAPROXY_UID haproxy
+ENV HAPROXY_GID haproxy
+
+ENV DEBIAN_FRONTEND noninteractive
+
+ENV DATAPLANE_MINOR 3.0.13
+ENV DATAPLANE_URL https://github.com/haproxytech/dataplaneapi/releases/download
+
+ARG TARGETPLATFORM
+
+ARG S6_OVERLAY_VERSION=3.2.1.0
+ENV S6_OVERLAY_VERSION $S6_OVERLAY_VERSION
+ENV S6_READ_ONLY_ROOT=1
+ENV S6_USER=haproxy
+ENV S6_GROUP=haproxy
+
+COPY /fs /
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends procps libssl3 zlib1g "libpcre2-*" liblua5.4-0 libatomic1 tar xz-utils curl socat ca-certificates libjemalloc2 && \
+    apt-get install -y --no-install-recommends gcc make libc6-dev libssl-dev libpcre2-dev zlib1g-dev liblua5.4-dev libjemalloc-dev && \
+    c_rehash && \
+    curl -sfSL "${HAPROXY_SRC_URL}/${HAPROXY_BRANCH}/src/haproxy-${HAPROXY_MINOR}.tar.gz" -o haproxy.tar.gz && \
+    echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c - && \
+    groupadd "$HAPROXY_GID" && \
+    useradd -g "$HAPROXY_GID" "$HAPROXY_UID" && \
+    mkdir -p /tmp/haproxy && \
+    tar -xzf haproxy.tar.gz -C /tmp/haproxy --strip-components=1 && \
+    rm -f haproxy.tar.gz && \
+    make -C /tmp/haproxy -j"$(nproc)" TARGET=linux-glibc CPU=generic USE_PCRE2=1 USE_PCRE2_JIT=1 \
+                            USE_TFO=1 USE_LINUX_TPROXY=1 USE_LUA=1 USE_GETADDRINFO=1 \
+                            USE_PROMEX=1 USE_SLZ=1 \
+                            USE_OPENSSL=1 USE_PTHREAD_EMULATION=1 \
+                            USE_QUIC=1 USE_QUIC_OPENSSL_COMPAT=1 \
+                            ADDLIB=-ljemalloc \
+                            all && \
+    make -C /tmp/haproxy TARGET=linux-glibc install-bin install-man && \
+    ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy && \
+    mkdir -p /var/lib/haproxy && \
+    chown "$HAPROXY_UID:$HAPROXY_GID" /var/lib/haproxy && \
+    mkdir -p /usr/local/etc/haproxy && \
+    chown "$HAPROXY_UID:$HAPROXY_GID" /usr/local/etc/haproxy && \
+    ln -s /usr/local/etc/haproxy /etc/haproxy && \
+    cp -R /tmp/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors && \
+    rm -rf /tmp/haproxy && \
+    case "${TARGETPLATFORM}" in \
+        "linux/arm64")      API_ARCH=arm64      ;; \
+        "linux/amd64")      API_ARCH=x86_64     ;; \
+        "linux/arm/v6")     API_ARCH=arm        ;; \
+        "linux/arm/v7")     API_ARCH=arm        ;; \
+        *) echo "ARG TARGETPLATFORM undeclared" >&2 && exit 1 ;; \
+    esac && \
+    curl -sfSL "${DATAPLANE_URL}/v${DATAPLANE_MINOR}/dataplaneapi_${DATAPLANE_MINOR}_linux_${API_ARCH}.tar.gz" -o dataplaneapi.tar.gz && \
+    mkdir -p /tmp/dataplaneapi && \
+    tar -xzf dataplaneapi.tar.gz -C /tmp/dataplaneapi && \
+    rm -f dataplaneapi.tar.gz && \
+    cp /tmp/dataplaneapi/dataplaneapi /usr/local/bin/dataplaneapi && \
+    chown "$HAPROXY_UID:$HAPROXY_GID" /usr/local/etc/haproxy/dataplaneapi.yml && \
+    mkdir -p /usr/local/var/lib/dataplaneapi && \
+    chown "$HAPROXY_UID:$HAPROXY_GID" /usr/local/var/lib/dataplaneapi && \
+    ln -s /usr/local/var/lib/dataplaneapi /var/lib/dataplaneapi && \
+    rm -rf /tmp/dataplaneapi && \
+    case "${TARGETPLATFORM}" in \
+        "linux/arm64")      S6_ARCH=aarch64      ;; \
+        "linux/amd64")      S6_ARCH=x86_64       ;; \
+        "linux/arm/v6")     S6_ARCH=arm          ;; \
+        "linux/arm/v7")     S6_ARCH=armhf        ;; \
+        *) echo "ARG TARGETPLATFORM undeclared" >&2 && exit 1 ;; \
+    esac && \
+    curl -sS -L -o /tmp/s6-overlay-scripts.tar.xz "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz" && \
+    tar -C / -Jxpf /tmp/s6-overlay-scripts.tar.xz && \
+    curl -sS -L -o /tmp/s6-overlay-binaries.tar.xz "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${S6_ARCH}.tar.xz" && \
+    tar -C / -Jxpf /tmp/s6-overlay-binaries.tar.xz && \
+    rm -f /tmp/s6-overlay-scripts.tar.xz /tmp/s6-overlay-binaries.tar.xz && \
+    chown -R "${S6_USER}:${S6_GROUP}" /init /etc/s6-overlay && \
+    chmod u+x /init /etc/s6-overlay/scripts/* && \
+    apt-get purge -y --auto-remove gcc make libc6-dev libssl-dev libpcre2-dev zlib1g-dev liblua5.4-dev libjemalloc-dev && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+EXPOSE 80
+EXPOSE 443
+EXPOSE 5555
+
+ENTRYPOINT ["/start.sh"]

3.0/fs/etc/s6-overlay/s6-rc.d/dataplaneapi/dependencies.d/base

@@ -0,0 +1,49 @@
+#!/command/with-contenv sh
+
+DP_CONF="/usr/local/etc/haproxy/dataplaneapi.yml"
+
+if grep -q "password: admin" "${DP_CONF}"; then
+    echo "Generated admin password for Dataplaneapi"
+
+    PASS=$(tr -cd 'A-Za-z0-9!?%=' < /dev/urandom | head -c8)
+    sed -i "s,password: admin,password: ${PASS},g" "${DP_CONF}"
+fi
+
+SERVICE_DIRS="/run/s6-rc/servicedirs"
+HAP_CONF="/usr/local/etc/haproxy/haproxy.cfg"
+
+if grep -q "user admin insecure-password admin" "${HAP_CONF}"; then
+    echo "Generated admin password for Dataplaneapi"
+
+    PASS=$(tr -cd 'A-Za-z0-9!?%=' < /dev/urandom | head -c8)
+    sed -i "s,user admin insecure-password admin,user admin insecure-password ${PASS},g" "${HAP_CONF}"
+
+    /package/admin/s6/command/s6-svc -2 "${SERVICE_DIRS}/haproxy"
+fi
+
+MEMLIMIT=$(free -m | awk '/Mem:/ {printf "%d\n", int($2 / 3)}')
+
+CG_LIMIT_FILE="/sys/fs/cgroup/memory/memory.limit_in_bytes"
+if [ -f "/sys/fs/cgroup/cgroup.controllers" ]; then
+    CG_LIMIT_FILE="/sys/fs/cgroup/memory.max"
+fi
+
+if [ -r "${CG_LIMIT_FILE}" ]; then
+    if grep -q '^max$' "${CG_LIMIT_FILE}"; then
+        MEMLIMIT_CG="${MEMLIMIT}"
+    else
+        MEMLIMIT_CG=$(awk '{printf "%d\n", int($1 / 1024 / 1024 / 3)}' "${CG_LIMIT_FILE}")
+    fi
+
+    if [ "${MEMLIMIT_CG}" -gt 0 ]; then
+        if [ "${MEMLIMIT_CG}" -lt "${MEMLIMIT}" ]; then
+            MEMLIMIT="${MEMLIMIT_CG}"
+        fi
+    fi
+fi
+
+export GOMEMLIMIT="${MEMLIMIT}MiB"
+
+echo "Memory limit for Dataplaneapi: ${GOMEMLIMIT}"
+
+exec /usr/local/bin/dataplaneapi -f=/usr/local/etc/haproxy/dataplaneapi.yml