From c2bb89fd9976f98db8b6efd136e81fe9497a6432 Mon Sep 17 00:00:00 2001 From: kiblik <5609770+kiblik@users.noreply.github.com> Date: Fri, 15 Aug 2025 17:15:53 +0200 Subject: [PATCH] feat(docker): Drop nginx debian --- .../build-docker-images-for-testing.yml | 2 + .github/workflows/integration-tests.yml | 6 +- .github/workflows/k8s-tests.yml | 7 +- .../release-x-manual-docker-containers.yml | 3 + ...lease-x-manual-merge-container-digests.yml | 8 +- .../release-x-manual-tag-as-latest.yml | 3 +- .github/workflows/rest-framework-tests.yml | 1 - Dockerfile.nginx-debian | 101 ------------------ docker-compose.yml | 2 +- 9 files changed, 19 insertions(+), 114 deletions(-) delete mode 100644 Dockerfile.nginx-debian diff --git a/.github/workflows/build-docker-images-for-testing.yml b/.github/workflows/build-docker-images-for-testing.yml index ed2fa097166..1d9eab75e39 100644 --- a/.github/workflows/build-docker-images-for-testing.yml +++ b/.github/workflows/build-docker-images-for-testing.yml @@ -24,6 +24,8 @@ jobs: os: [alpine, debian] platform: ["${{ inputs.platform }}"] exclude: + - docker-image: nginx + os: debian - docker-image: integration-tests os: alpine - docker-image: integration-tests diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index 6684c8be4d4..9802ad91d3b 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -61,7 +61,7 @@ jobs: - name: Load docker images timeout-minutes: 10 run: |- - docker load -i built-docker-image/nginx-${{ matrix.os }}-linux-amd64_img + docker load -i built-docker-image/nginx-alpine-linux-amd64_img docker load -i built-docker-image/django-${{ matrix.os }}-linux-amd64_img docker load -i built-docker-image/integration-tests-debian-linux-amd64_img docker images @@ -73,14 +73,14 @@ jobs: run: docker compose up --no-deps -d postgres nginx celerybeat celeryworker mailhog uwsgi redis env: DJANGO_VERSION: ${{ matrix.os }} - NGINX_VERSION: ${{ matrix.os }} + NGINX_VERSION: alpine - name: Initialize timeout-minutes: 10 run: docker compose up --no-deps --exit-code-from initializer initializer env: DJANGO_VERSION: ${{ matrix.os }} - NGINX_VERSION: ${{ matrix.os }} + NGINX_VERSION: alpine - name: Integration tests timeout-minutes: 10 diff --git a/.github/workflows/k8s-tests.yml b/.github/workflows/k8s-tests.yml index d53cf6357dc..6ce6ecc9ae8 100644 --- a/.github/workflows/k8s-tests.yml +++ b/.github/workflows/k8s-tests.yml @@ -57,8 +57,10 @@ jobs: timeout-minutes: 15 run: |- eval $(minikube docker-env) - docker load -i built-docker-image/nginx-${{ matrix.os }}-linux-amd64_img + docker load -i built-docker-image/nginx-alpine-linux-amd64_img docker load -i built-docker-image/django-${{ matrix.os }}-linux-amd64_img + docker tag defectdojo/defectdojo-nginx:alpine defectdojo/defectdojo-nginx:latest + docker tag defectdojo/defectdojo-django:${{ matrix.os }} defectdojo/defectdojo-django:latest docker images - name: Configure HELM repos @@ -87,8 +89,7 @@ jobs: --set initializer.keepSeconds="-1" \ ${{ env[matrix.databases] }} \ ${{ env[matrix.brokers] }} \ - --set createSecret=true \ - --set tag=${{ matrix.os }} + --set createSecret=true - name: Check deployment status if: always() diff --git a/.github/workflows/release-x-manual-docker-containers.yml b/.github/workflows/release-x-manual-docker-containers.yml index a620006c0e7..779db6daf99 100644 --- a/.github/workflows/release-x-manual-docker-containers.yml +++ b/.github/workflows/release-x-manual-docker-containers.yml @@ -36,6 +36,9 @@ jobs: matrix: docker-image: [django, nginx] os: [alpine, debian] + exclude: + - docker-image: nginx + os: debian steps: # Replace slashes so we can use this in filenames - name: Set-platform diff --git a/.github/workflows/release-x-manual-merge-container-digests.yml b/.github/workflows/release-x-manual-merge-container-digests.yml index a6a4807acdc..54ca05b8be3 100644 --- a/.github/workflows/release-x-manual-merge-container-digests.yml +++ b/.github/workflows/release-x-manual-merge-container-digests.yml @@ -31,7 +31,9 @@ jobs: matrix: docker-image: [django, nginx] os: [alpine, debian] - + exclude: + - docker-image: nginx + os: debian steps: # deduce docker org name from git repo to make the build also work in forks - id: Set-docker-org @@ -69,7 +71,7 @@ jobs: # debian images are the default / official ones, so these get the os-less tag - name: Tag Debian with os-less tags - if: ${{ matrix.os == 'debian' }} + if: ${{ (matrix.docker-image == 'django' && matrix.os == 'debian') || (matrix.docker-image == 'nginx' && matrix.os == 'alpine') }} working-directory: ${{ runner.temp }}/digests run: | set -x @@ -77,6 +79,6 @@ jobs: # just for logging - name: Inspect default images - if: ${{ matrix.os == 'debian' }} + if: ${{ (matrix.docker-image == 'django' && matrix.os == 'debian') || (matrix.docker-image == 'nginx' && matrix.os == 'alpine') }} run: | docker buildx imagetools inspect ${{ env.DOCKER_ORG }}/defectdojo-${{ matrix.docker-image}}:${{ inputs.release_number }} diff --git a/.github/workflows/release-x-manual-tag-as-latest.yml b/.github/workflows/release-x-manual-tag-as-latest.yml index ffd6eddd686..61237863780 100644 --- a/.github/workflows/release-x-manual-tag-as-latest.yml +++ b/.github/workflows/release-x-manual-tag-as-latest.yml @@ -45,8 +45,7 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - # debian images are the default / official ones, and these were already tagged, so these get the latest tag - - name: Tag Debian with latest tags + - name: Tag with latest tags run: | set -x docker buildx imagetools create -t "${{ env.DOCKER_ORG }}/defectdojo-${{ matrix.docker-image}}:latest" ${{ env.DOCKER_ORG }}/defectdojo-${{ matrix.docker-image}}:${{ inputs.release_number }} diff --git a/.github/workflows/rest-framework-tests.yml b/.github/workflows/rest-framework-tests.yml index de5d4682691..0b222fed842 100644 --- a/.github/workflows/rest-framework-tests.yml +++ b/.github/workflows/rest-framework-tests.yml @@ -40,7 +40,6 @@ jobs: - name: Load docker images timeout-minutes: 10 run: |- - docker load -i built-docker-image/nginx-${{ matrix.os }}-${{ env.PLATFORM }}_img docker load -i built-docker-image/django-${{ matrix.os }}-${{ env.PLATFORM }}_img docker images diff --git a/Dockerfile.nginx-debian b/Dockerfile.nginx-debian deleted file mode 100644 index 6f9ef629c26..00000000000 --- a/Dockerfile.nginx-debian +++ /dev/null @@ -1,101 +0,0 @@ - -# code: language=Dockerfile - -# The code for the build image should be identical with the code in -# Dockerfile.django-debian to use the caching mechanism of Docker. - -# Ref: https://devguide.python.org/#branchstatus -FROM python:3.11.11-slim-bookworm@sha256:42420f737ba91d509fc60d5ed65ed0492678a90c561e1fa08786ae8ba8b52eda AS base -FROM base AS build -WORKDIR /app -RUN \ - apt-get -y update && \ - apt-get -y install --no-install-recommends \ - gcc \ - build-essential \ - dnsutils \ - libpq-dev \ - postgresql-client \ - xmlsec1 \ - git \ - uuid-runtime \ - # libcurl4-openssl-dev is required for installing pycurl python package - libcurl4-openssl-dev \ - && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists && \ - true -COPY requirements.txt ./ -# CPUCOUNT=1 is needed, otherwise the wheel for uwsgi won't always be build succesfully -# https://github.com/unbit/uwsgi/issues/1318#issuecomment-542238096 -RUN CPUCOUNT=1 pip3 wheel --wheel-dir=/tmp/wheels -r ./requirements.txt - - -FROM build AS collectstatic - -USER root -ENV \ - # This will point yarn to whatever version of node you decide to use - # due to the use of nodejs instead of node name in some distros - node="nodejs" -RUN \ - apt-get -y update && \ - apt-get -y install --no-install-recommends apt-transport-https ca-certificates curl wget gnupg && \ - curl -sSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add --no-tty - && \ - echo 'deb https://deb.nodesource.com/node_20.x bookworm main' > /etc/apt/sources.list.d/nodesource.list && \ - echo 'deb-src https://deb.nodesource.com/node_20.x bookworm main' >> /etc/apt/sources.list.d/nodesource.list && \ - apt-get update -y -o Dir::Etc::sourcelist="sources.list.d/nodesource.list" \ - -o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0" && \ - curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \ - wget https://github.com/yarnpkg/yarn/releases/download/v1.22.10/yarn_1.22.10_all.deb && \ - dpkg -i yarn_1.22.10_all.deb && \ - echo "$(yarn --version)" && \ - apt-get -y install --no-install-recommends nodejs && \ - echo "$(node --version)" && \ - apt-get clean && \ - rm yarn_1.22.10_all.deb && \ - rm -rf /var/lib/apt/lists && \ - true - -RUN pip3 install \ - --no-cache-dir \ - --no-index \ - --find-links=/tmp/wheels \ - -r ./requirements.txt - -COPY components/ ./components/ -RUN \ - cd components && \ - yarn - -COPY manage.py ./ -COPY dojo/ ./dojo/ - -RUN env DD_SECRET_KEY='.' python3 manage.py collectstatic --noinput && true - -FROM nginx:1.29.1-alpine3.22@sha256:42a516af16b852e33b7682d5ef8acbd5d13fe08fecadc7ed98605ba5e3b26ab8 -ARG uid=1001 -ARG appuser=defectdojo -COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/ -COPY wsgi_params nginx/nginx.conf nginx/nginx_TLS.conf /etc/nginx/ -COPY docker/entrypoint-nginx.sh / -RUN \ - apk add --no-cache openssl && \ - chmod -R g=u /var/cache/nginx && \ - mkdir /var/run/defectdojo && \ - chmod -R g=u /var/run/defectdojo && \ - mkdir -p /etc/nginx/ssl && \ - chmod -R g=u /etc/nginx && \ - true -ENV \ - DD_UWSGI_PASS="uwsgi_server" \ - DD_UWSGI_HOST="uwsgi" \ - DD_UWSGI_PORT="3031" \ - GENERATE_TLS_CERTIFICATE="false" \ - USE_TLS="false" \ - NGINX_METRICS_ENABLED="false" \ - METRICS_HTTP_AUTH_USER="" \ - METRICS_HTTP_AUTH_PASSWORD="" -USER ${uid} -EXPOSE 8080 -ENTRYPOINT ["/entrypoint-nginx.sh"] diff --git a/docker-compose.yml b/docker-compose.yml index 4d9518e7674..727492e474d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,7 +10,7 @@ services: nginx: build: context: ./ - dockerfile: "Dockerfile.nginx-${DEFECT_DOJO_OS:-debian}" + dockerfile: "Dockerfile.nginx-alpine" image: "defectdojo/defectdojo-nginx:${NGINX_VERSION:-latest}" depends_on: uwsgi: