From d44c78b819489d4278b78a55e1ac2f2a6c46b28f Mon Sep 17 00:00:00 2001 From: Meow <197331664+Meo597@users.noreply.github.com> Date: Fri, 6 Jun 2025 09:50:05 +0800 Subject: [PATCH] Workflows: Refactor docker (#4738) * Workflows: Rewrite Docker image build process * Docker: Merge Multi-Arch Manifests --- .github/docker/Dockerfile | 71 +++++++++++++++++++++++--------- .github/docker/Dockerfile.usa | 70 +++++++++++++++++++++++++++++++ .github/docker/files/config.json | 18 -------- .github/workflows/docker.yml | 61 ++++++++++++++++----------- 4 files changed, 160 insertions(+), 60 deletions(-) create mode 100644 .github/docker/Dockerfile.usa delete mode 100644 .github/docker/files/config.json diff --git a/.github/docker/Dockerfile b/.github/docker/Dockerfile index c32bb844..b7a871f0 100644 --- a/.github/docker/Dockerfile +++ b/.github/docker/Dockerfile @@ -1,28 +1,61 @@ -# syntax=docker/dockerfile:1 -FROM --platform=$BUILDPLATFORM golang:alpine AS build +# syntax=docker/dockerfile:latest +FROM --platform=$BUILDPLATFORM golang:latest AS build + +# Build xray-core WORKDIR /src COPY . . ARG TARGETOS ARG TARGETARCH RUN GOOS=$TARGETOS GOARCH=$TARGETARCH CGO_ENABLED=0 go build -o xray -trimpath -ldflags "-s -w -buildid=" ./main -ADD https://github.com/v2fly/geoip/releases/latest/download/geoip.dat /v2fly/geoip.dat -ADD https://github.com/v2fly/domain-list-community/releases/latest/download/dlc.dat /v2fly/geosite.dat -ADD https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat /loyalsoldier/geoip.dat -ADD https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat /loyalsoldier/geosite.dat -# chainguard/static contains only tzdata and ca-certificates, can be built with multiarch static binaries. -FROM --platform=linux/amd64 chainguard/static:latest -WORKDIR /var/log/xray -COPY .github/docker/files/config.json /etc/xray/config.json -COPY --from=build --chmod=755 /src/xray /usr/bin/xray +# Download geodat into a staging directory +ADD https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/geoip.dat /tmp/geodat/geoip.dat +ADD https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/geosite.dat /tmp/geodat/geosite.dat -USER root -WORKDIR /root -VOLUME /etc/xray -ARG TZ=Asia/Shanghai +RUN mkdir -p /tmp/empty + +# Create config files with empty JSON content +RUN mkdir -p /tmp/usr/local/etc/xray +RUN cat </tmp/usr/local/etc/xray/00_log.json +{ + "log": { + "error": "/var/log/xray/error.log", + "loglevel": "warning", + "access": "none", + "dnsLog": false + } +} +EOF +RUN echo '{}' >/tmp/usr/local/etc/xray/01_api.json +RUN echo '{}' >/tmp/usr/local/etc/xray/02_dns.json +RUN echo '{}' >/tmp/usr/local/etc/xray/03_routing.json +RUN echo '{}' >/tmp/usr/local/etc/xray/04_policy.json +RUN echo '{}' >/tmp/usr/local/etc/xray/05_inbounds.json +RUN echo '{}' >/tmp/usr/local/etc/xray/06_outbounds.json +RUN echo '{}' >/tmp/usr/local/etc/xray/07_transport.json +RUN echo '{}' >/tmp/usr/local/etc/xray/08_stats.json +RUN echo '{}' >/tmp/usr/local/etc/xray/09_reverse.json + +# Create log files +RUN mkdir -p /tmp/var/log/xray && touch \ + /tmp/var/log/xray/access.log \ + /tmp/var/log/xray/error.log + +# Build finally image +FROM gcr.io/distroless/static:nonroot + +COPY --from=build --chown=0:0 --chmod=755 /src/xray /usr/local/bin/xray +COPY --from=build --chown=0:0 --chmod=644 /tmp/geodat/*.dat /usr/local/share/xray/ +COPY --from=build --chown=0:0 --chmod=755 /tmp/empty /usr/local/etc/xray +COPY --from=build --chown=0:0 --chmod=644 /tmp/usr/local/etc/xray/*.json /usr/local/etc/xray/ +COPY --from=build --chown=0:0 --chmod=755 /tmp/empty /var/log/xray +COPY --from=build --chown=65532:65532 --chmod=600 /tmp/var/log/xray/*.log /var/log/xray/ + +VOLUME /usr/local/etc/xray +VOLUME /var/log/xray + +ARG TZ=Etc/UTC ENV TZ=$TZ -ENTRYPOINT [ "/usr/bin/xray" ] -CMD [ "-confdir", "/etc/xray/" ] -ARG flavor=v2fly -COPY --from=build --chmod=644 /$flavor /usr/share/xray +ENTRYPOINT [ "/usr/local/bin/xray" ] +CMD [ "-confdir", "/usr/local/etc/xray/" ] diff --git a/.github/docker/Dockerfile.usa b/.github/docker/Dockerfile.usa new file mode 100644 index 00000000..5709e246 --- /dev/null +++ b/.github/docker/Dockerfile.usa @@ -0,0 +1,70 @@ +# syntax=docker/dockerfile:latest +FROM --platform=$BUILDPLATFORM golang:latest AS build + +# Build xray-core +WORKDIR /src +COPY . . +ARG TARGETOS +ARG TARGETARCH +RUN GOOS=$TARGETOS GOARCH=$TARGETARCH CGO_ENABLED=0 go build -o xray -trimpath -ldflags "-s -w -buildid=" ./main + +# Download geodat into a staging directory +ADD https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/geoip.dat /tmp/geodat/geoip.dat +ADD https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/geosite.dat /tmp/geodat/geosite.dat + +RUN mkdir -p /tmp/empty + +# Create config files with empty JSON content +RUN mkdir -p /tmp/usr/local/etc/xray +RUN cat </tmp/usr/local/etc/xray/00_log.json +{ + "log": { + "error": "/var/log/xray/error.log", + "loglevel": "warning", + "access": "none", + "dnsLog": false + } +} +EOF +RUN echo '{}' >/tmp/usr/local/etc/xray/01_api.json +RUN echo '{}' >/tmp/usr/local/etc/xray/02_dns.json +RUN echo '{}' >/tmp/usr/local/etc/xray/03_routing.json +RUN echo '{}' >/tmp/usr/local/etc/xray/04_policy.json +RUN echo '{}' >/tmp/usr/local/etc/xray/05_inbounds.json +RUN echo '{}' >/tmp/usr/local/etc/xray/06_outbounds.json +RUN echo '{}' >/tmp/usr/local/etc/xray/07_transport.json +RUN echo '{}' >/tmp/usr/local/etc/xray/08_stats.json +RUN echo '{}' >/tmp/usr/local/etc/xray/09_reverse.json + +# Create log files +RUN mkdir -p /tmp/var/log/xray && touch \ + /tmp/var/log/xray/access.log \ + /tmp/var/log/xray/error.log + +# Build finally image +# Note on Distroless Base Image and Architecture Support: +# - The official 'gcr.io/distroless/static' image provided by Google only supports a limited set of architectures for Linux: +# - linux/amd64 +# - linux/arm/v7 +# - linux/arm64/v8 +# - linux/ppc64le +# - linux/s390x +# - Upon inspection, the blob contents of the Distroless images across these architectures are nearly identical, with only minor differences in metadata (e.g., 'Architecture' field in the manifest). +# - Due to this similarity in content, it is feasible to forcibly specify a single platform (e.g., '--platform=linux/amd64') for unsupported architectures, as the core image content remains compatible with statically compiled binaries like Go applications. +FROM --platform=linux/amd64 gcr.io/distroless/static:nonroot + +COPY --from=build --chown=0:0 --chmod=755 /src/xray /usr/local/bin/xray +COPY --from=build --chown=0:0 --chmod=644 /tmp/geodat/*.dat /usr/local/share/xray/ +COPY --from=build --chown=0:0 --chmod=755 /tmp/empty /usr/local/etc/xray +COPY --from=build --chown=0:0 --chmod=644 /tmp/usr/local/etc/xray/*.json /usr/local/etc/xray/ +COPY --from=build --chown=0:0 --chmod=755 /tmp/empty /var/log/xray +COPY --from=build --chown=65532:65532 --chmod=600 /tmp/var/log/xray/*.log /var/log/xray/ + +VOLUME /usr/local/etc/xray +VOLUME /var/log/xray + +ARG TZ=Etc/UTC +ENV TZ=$TZ + +ENTRYPOINT [ "/usr/local/bin/xray" ] +CMD [ "-confdir", "/usr/local/etc/xray/" ] diff --git a/.github/docker/files/config.json b/.github/docker/files/config.json deleted file mode 100644 index 10675856..00000000 --- a/.github/docker/files/config.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "inbounds": [{ - "port": 9000, - "protocol": "vmess", - "settings": { - "clients": [ - { - "id": "1eb6e917-774b-4a84-aff6-b058577c60a5", - "level": 1 - } - ] - } - }], - "outbounds": [{ - "protocol": "freedom", - "settings": {} - }] -} \ No newline at end of file diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index c0945db3..dc7759cc 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -3,9 +3,6 @@ name: Build docker image on: release: types: [published] - push: - branches: - - main jobs: build-image: @@ -14,6 +11,7 @@ jobs: packages: write steps: - uses: actions/checkout@v4 + - name: Docker metadata id: meta uses: docker/metadata-action@v5 @@ -21,56 +19,73 @@ jobs: images: ghcr.io/${{ github.repository_owner }}/xray-core flavor: latest=auto tags: | - type=sha - type=ref,event=branch - type=ref,event=pr type=semver,pattern={{version}} - - name: Docker metadata Loyalsoldier flavor - id: loyalsoldier + + - name: Docker metadata (unsupported architectures) + id: metausa uses: docker/metadata-action@v5 with: images: ghcr.io/${{ github.repository_owner }}/xray-core flavor: | latest=auto - suffix=-ls,onlatest=true + suffix=-usa,onlatest=true tags: | - type=sha - type=ref,event=branch - type=ref,event=pr type=semver,pattern={{version}} + - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Build and push uses: docker/build-push-action@v6 with: context: . platforms: | linux/amd64 - linux/arm64 - linux/loong64 - linux/riscv64 + linux/arm/v7 + linux/arm64/v8 + linux/ppc64le + linux/s390x provenance: false file: .github/docker/Dockerfile push: true tags: ${{ steps.meta.outputs.tags }} - - name: Build and push Loyalsoldier flavor + + - name: Build and push (unsupported architectures) uses: docker/build-push-action@v6 with: context: . platforms: | - linux/amd64 - linux/arm64 - linux/loong64 + linux/386 + linux/arm/v6 linux/riscv64 + linux/loong64 provenance: false - file: .github/docker/Dockerfile - build-args: flavor=loyalsoldier + file: .github/docker/Dockerfile.usa push: true - tags: | - ${{ steps.loyalsoldier.outputs.tags }} + tags: ${{ steps.metausa.outputs.tags }} + + - name: Merge Multi-Arch Manifests + run: | + echo "Starting to merge multi-architecture manifests..." + + # Convert newlines to spaces and split into array + TAGS=($(echo "${{ steps.meta.outputs.tags }}" | tr '\n' ' ')) + + echo "Total tags to process: ${#TAGS[@]}" + for tag in "${TAGS[@]}"; do + echo "Merging tag: $tag with unsupported architectures ($tag-usa)" + docker buildx imagetools create --append --tag "$tag" "$tag-usa" + if [ $? -ne 0 ]; then + echo "Error: Failed to merge $tag-usa into $tag" + exit 1 + fi + done + + echo "Multi-architecture manifest merge completed successfully."