danial/docker-registry
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore(ci): 添加 alpine-base 镜像构建流水线和基础镜像文件

Browse Source 
- 在 .drone.yml 中新增 alpine-base 镜像构建的 SSH Pipeline
- 添加基于阿里云镜像源和自定义证书的 Alpine 基础镜像 Dockerfile
- 创建构建基础镜像的脚本 build-base-image.sh,支持构建并推送镜像
- 新增 alpine-base 目录下的 README.md,详细说明镜像特点和使用方法
- 设置非 root 用户 appuser 及应用目录,提升安全性
- 支持根据 alpine-base 目录变更触发自动构建流程
This commit is contained in:
danial
2025-11-09 16:27:27 +08:00
parent 34f2aa3ad9
commit dc22011d51
4 changed files with 243 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
.drone.yml
View File

@@ -116,6 +116,70 @@ steps:
DOCKER_TOKEN:
from_secret: docker_token
trigger:
branch:
- main
- master
- develop
- production
when:
event:
- push
---
kind: pipeline
type: ssh
name: alpine-base-image
server:
host: 38.38.251.113:34156
user: root
password:
from_secret: www_password
clone:
depth: 50
steps:
- name: build-alpine-base
commands:
- echo "🏔️ Checking alpine-base changes..."
- |
# 检查 alpine-base 变更
if [ "$DRONE_BUILD_EVENT" = "push" ] && git rev-parse --verify HEAD~1 >/dev/null 2>&1; then
if git diff --name-only HEAD~1 HEAD | grep "^alpine-base/" >/dev/null; then
echo "✅ Alpine base changes detected"
BUILD=true
else
echo "⏭️ No alpine-base changes"
BUILD=false
fi
else
echo "🏗️ Force build"
BUILD=true
fi
# 构建 alpine 基础镜像
if [ "$BUILD" = "true" ]; then
cd alpine-base
if [ -f "build-base-image.sh" ] && [ -f "Dockerfile.base" ]; then
chmod +x build-base-image.sh
export DOCKER_REGISTRY="git.oceanpay.cc/danial"
docker login git.oceanpay.cc -u $DOCKER_LOGIN -p $DOCKER_TOKEN
./build-base-image.sh
docker logout git.oceanpay.cc
echo "✅ Alpine base image built"
else
echo "❌ Alpine base build files missing"
exit 1
fi
fi
environment:
DOCKER_LOGIN:
from_secret: docker_login
DOCKER_TOKEN:
from_secret: docker_token
trigger:
branch:
- main

58
alpine-base/Dockerfile.base Normal file
View File

@@ -0,0 +1,58 @@
# Base Image for Alpine Linux applications
# Optimized Alpine base with Chinese mirrors, certificates, and common tools
FROM alpine:latest
# Set environment variables
ENV TZ=Asia/Shanghai
# Set up Alpine repositories (use China mirror for faster downloads)
RUN echo "https://mirrors.aliyun.com/alpine/v3.22/main/" > /etc/apk/repositories && \
echo "https://mirrors.aliyun.com/alpine/v3.22/community/" >> /etc/apk/repositories
# Install basic packages
RUN apk update && \
apk upgrade && \
apk add --no-cache \
# Time zone support
tzdata \
# Network tools
curl \
wget \
ca-certificates \
git \
# Compression
gzip \
tar \
# System tools
bash \
# Package management
apk-tools && \
# Set timezone
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
echo "Asia/Shanghai" > /etc/timezone && \
# Clean up
rm -rf /var/cache/apk/*
# Download custom certificates (skip problematic Alpine package)
RUN curl -fsSL -o /usr/local/share/ca-certificates/aaa-certificate-services.crt https://www.tbs-x509.com/Comodo_AAA_Certificate_Services.crt && \
update-ca-certificates
# Create non-root user
RUN addgroup -g 1001 -S appuser && \
adduser -u 1001 -S appuser -G appuser -h /app -s /bin/sh
# Create application directory
RUN mkdir -p /app && \
chown -R appuser:appuser /app
# Switch to appuser
USER appuser
# Set working directory
WORKDIR /app
# Label the image
LABEL maintainer="alpine-base-team" \
version="1.0.0" \
description="Optimized Alpine base image with Chinese mirrors, certificates, and common tools"

70
alpine-base/README.md Normal file
View File

@@ -0,0 +1,70 @@
# Alpine Base Image
优化的 Alpine Linux 基础镜像,适用于各种容器化应用。
## 文件说明
- `Dockerfile.base` - 基础镜像定义
- `build-base-image.sh` - 基础镜像构建脚本
## 镜像特性
### 基础环境
- 基于 `alpine:latest`
- 配置中国镜像源 (阿里云)
- 时区设置为 `Asia/Shanghai`
### 预装工具
- **网络工具**: curl, wget, git
- **系统工具**: bash, tar, gzip
- **证书管理**: ca-certificates + 自定义证书
- **包管理**: apk-tools
### 用户配置
- 非 root 用户 `appuser` (UID: 1001)
- 应用目录 `/app`
- 安全的文件权限
## 构建命令
### 构建基础镜像
```bash
# 构建基础镜像
./build-base-image.sh
# 推送到镜像仓库
DOCKER_REGISTRY=git.oceanpay.cc/danial ./build-base-image.sh
```
### 使用基础镜像
```bash
# 在其他 Dockerfile 中使用
FROM git.oceanpay.cc/danial/alpine-base:latest
# 复制应用代码
COPY --chown=appuser:appuser . /app/
# 切换到非 root 用户
USER appuser
# 运行应用
CMD ["./your-app"]
```
## 镜像信息
- **基础镜像**: Alpine Linux Latest
- **镜像大小**: ~50MB
- **用户权限**: 非 root 用户运行
- **时区**: Asia/Shanghai
- **证书**: 包含 CA 证书和自定义证书
## 优势
- **快速构建**: 预装常用工具和配置
- **安全**: 非 root 用户运行
- **网络优化**: 中国镜像源加速下载
- **证书支持**: 预装自定义证书
- **轻量化**: 基于 Alpine Linux体积小
构建完成后镜像将标记为 `alpine-base:latest`

51
alpine-base/build-base-image.sh Executable file
View File

@@ -0,0 +1,51 @@
#!/bin/bash
# Build script for alpine-base Docker image
# This script creates an optimized Alpine base image
set -e
# Configuration
BASE_IMAGE_NAME="alpine-base"
REGISTRY="${DOCKER_REGISTRY:-git.oceanpay.cc/danial}"
VERSION="${VERSION:-latest}"
echo "🏗️ Building alpine-base Docker image..."
echo "Registry: $REGISTRY"
echo "Version: $VERSION"
echo
# Build the base image (Alpine Linux with optimizations)
echo "📦 Building base image ($BASE_IMAGE_NAME)..."
docker build \
--file Dockerfile.base \
--tag "$BASE_IMAGE_NAME:$VERSION" \
--tag "$BASE_IMAGE_NAME:latest" \
.
# Tag for registry if specified
if [ "$REGISTRY" != "localhost:5000" ]; then
docker tag "$BASE_IMAGE_NAME:$VERSION" "$REGISTRY/$BASE_IMAGE_NAME:$VERSION"
docker tag "$BASE_IMAGE_NAME:latest" "$REGISTRY/$BASE_IMAGE_NAME:latest"
fi
echo "✅ Base image built successfully!"
# Push to registry if specified
if [ "$REGISTRY" != "localhost:5000" ]; then
echo "🚀 Pushing image to registry..."
docker push "$REGISTRY/$BASE_IMAGE_NAME:$VERSION"
docker push "$REGISTRY/$BASE_IMAGE_NAME:latest"
echo "✅ Image pushed to registry successfully!"
fi
echo
echo "🎉 Build completed successfully!"
echo "Available images:"
echo " - $BASE_IMAGE_NAME:$VERSION"
echo " - $BASE_IMAGE_NAME:latest"
# Display image size
echo
echo "📊 Image size:"
docker images --format "table {{.Repository}}\t{{.Tag}}\t{{.Size}}" | grep "$BASE_IMAGE_NAME"