diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6dcff90..0f07eff 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,7 +3,7 @@ name: Build and Publish on: create: tags: - - '*' + - '*' jobs: build-and-push-docker-image: @@ -12,24 +12,31 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - name: Docker meta id: meta - uses: docker/metadata-action@v4 + uses: docker/metadata-action@v5 with: images: polydice/base tags: type=ref,event=tag - name: Login to DockerHub - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Build image and push to Docker Hub - uses: docker/build-push-action@v3 + - name: Build and push + uses: docker/build-push-action@v6 with: push: true context: . - tags: ${{ steps.meta.outputs.tags }} \ No newline at end of file + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.meta.outputs.tags }} diff --git a/Dockerfile b/Dockerfile index 7fe06bb..91f57d1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,30 @@ ARG RUBY_VERSION=2.7.8 -ARG VARIANT=jemalloc-slim -FROM quay.io/evl.ms/fullstaq-ruby:${RUBY_VERSION}-${VARIANT} as base +FROM ruby:${RUBY_VERSION}-slim -ARG BUNDLER_VERSION=2.4.20 +# jemalloc for better memory management +RUN apt-get update && apt-get install -y --no-install-recommends libjemalloc2 \ + && JEMALLOC_PATH=$(find /usr/lib -name "libjemalloc.so.2" | head -1) \ + && [ -n "$JEMALLOC_PATH" ] || (echo "libjemalloc.so.2 not found" && exit 1) \ + && ln -sf "$JEMALLOC_PATH" /usr/lib/libjemalloc.so.2 \ + && rm -rf /var/lib/apt/lists/* +ENV LD_PRELOAD=/usr/lib/libjemalloc.so.2 + +# 安裝 build tools 和 native extension 依賴 +RUN apt-get update && apt-get install -y --no-install-recommends \ + build-essential \ + libpq-dev \ + libffi-dev \ + && rm -rf /var/lib/apt/lists/* + +ARG BUNDLER_VERSION=2.4.22 RUN gem install -N bundler -v ${BUNDLER_VERSION} ARG NODE_VERSION=18.18.0 ARG YARN_VERSION=1.22.22 ARG PNPM_VERSION=9.9.0 -RUN curl https://get.volta.sh | bash +RUN apt-get update && apt-get install -y --no-install-recommends curl ca-certificates \ + && rm -rf /var/lib/apt/lists/* \ + && curl https://get.volta.sh | bash ENV VOLTA_HOME /root/.volta ENV VOLTA_FEATURE_PNPM=1 ENV PATH $VOLTA_HOME/bin:/usr/local/bin:$PATH @@ -23,28 +39,22 @@ RUN apt-get update \ graphicsmagick \ file \ tar \ - curl \ - ca-certificates \ - libmcrypt4 \ shared-mime-info \ + libmcrypt4 \ && rm -rf /var/lib/apt/lists/* +# Don't add g++/make to buildDeps, or purge will remove build-essential RUN set -ex \ - \ && buildDeps=' \ - g++ \ - make \ cmake \ - python \ + python3 \ ' \ && apt-get update \ && apt-get install -y --no-install-recommends $buildDeps \ && rm -rf /var/lib/apt/lists/* \ - \ && curl -L https://github.com/BYVoid/OpenCC/archive/refs/tags/ver.1.1.9.tar.gz | tar -xz \ - && cd OpenCC-ver.1.1.9 \ + && cd OpenCC-ver.1.1.9 \ && REL_BUILD_DOCUMENTATION=OFF make install \ - \ && apt-get purge -y --auto-remove $buildDeps \ && cd ../ \ && rm -rf OpenCC-ver.1.1.9 diff --git a/README.md b/README.md index 5fbdb5e..098c142 100644 --- a/README.md +++ b/README.md @@ -7,11 +7,37 @@ Polydice's base docker image for Rails applications. - `x.y.z` - Standard image for running on production - `x.y.z-testing` - Image for testing which includes additional packages. +## Architectures + +- `linux/amd64` (x86_64) +- `linux/arm64` (Graviton, Apple Silicon) + ## Versions -| Version | Ruby | Node.js | Yarn | Bundler | pnpm | -|---------|-------|---------|---------|---------|-------| -| 0.31.2 | 2.7.8 | 18.18.0 | 1.22.22 | 2.4.20 | 9.9.0 | -| 0.31.1 | 2.7.8 | 18.18.0 | 1.22.19 | 2.4.20 | 8.8.0 | -| 0.31.0 | 2.7.7 | 18.18.0 | 1.22.19 | 2.4.5 | 8.8.0 | -| 0.30.3 | 2.7.7 | 14.21.2 | 1.22.19 | 2.4.5 | | \ No newline at end of file +| Version | Ruby | Node.js | Yarn | Bundler | pnpm | ARM64 | +|---------|-------|---------|---------|---------|-------|-------| +| 0.32.0 | 2.7.8 | 18.18.0 | 1.22.22 | 2.4.20 | 9.9.0 | ✅ | +| 0.31.2 | 2.7.8 | 18.18.0 | 1.22.22 | 2.4.20 | 9.9.0 | ❌ | +| 0.31.1 | 2.7.8 | 18.18.0 | 1.22.19 | 2.4.20 | 8.8.0 | ❌ | +| 0.31.0 | 2.7.7 | 18.18.0 | 1.22.19 | 2.4.5 | 8.8.0 | ❌ | +| 0.30.3 | 2.7.7 | 14.21.2 | 1.22.19 | 2.4.5 | | ❌ | + +## Release + +1. Update version in README.md +2. Commit and push tag: + ```bash + git tag + git push origin + ``` +3. Wait for GitHub Actions to build and push to DockerHub +4. Sync to ECR Public: + ```bash + ./sync-to-ecr.sh + ``` + +## Changes in 0.32.0 + +- Switched from fullstaq-ruby to official Ruby image +- Added jemalloc via `LD_PRELOAD` +- Added ARM64 (linux/arm64) support diff --git a/sync-to-ecr.sh b/sync-to-ecr.sh new file mode 100755 index 0000000..3095825 --- /dev/null +++ b/sync-to-ecr.sh @@ -0,0 +1,23 @@ +#!/bin/bash +set -e + +VERSION=${1:?Usage: ./sync-to-ecr.sh } +SOURCE="polydice/base" +TARGET="public.ecr.aws/z1n0q3w1/base" + +# Check AWS permissions +if ! aws ecr-public get-authorization-token --region us-east-1 &>/dev/null; then + echo "❌ No permission to push to ECR Public. Run 'aws configure' first." + exit 1 +fi + +# Login to ECR Public +aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws + +# Sync multi-arch image +echo "🔄 Syncing ${VERSION}..." +docker buildx imagetools create \ + --tag ${TARGET}:${VERSION} \ + ${SOURCE}:${VERSION} + +echo "✅ Done syncing to ECR Public"