Use minimum distroless base image

#228 was reverted due to deployment to Fly requires `bash`. The bash script is replaced with a Go binary (`uptermd-fly`). Dockerfile.upterm is adjusted to accomondate for Fly deployment and self-hosting with different build targets.
owenthereal · May 21, 2024 · 540df7e · 540df7e
1 parent 1b54c1d
commit 540df7e
Show file tree

Hide file tree

Showing 10 changed files with 226 additions and 117 deletions.
diff --git a/Dockerfile.uptermd b/Dockerfile.uptermd
@@ -1,23 +1,25 @@
-FROM golang:alpine as builder
+# syntax=docker/dockerfile:1
 
-WORKDIR $GOPATH/src/github.com/owenthereal/upterm
-COPY . .
-ENV CGO_ENABLED=0 GOOS=linux GOARCH=amd64
-RUN go install ./cmd/uptermd/...
+FROM golang:latest as builder
 
-# Prepare for image
-FROM alpine:latest
+ARG TARGETOS TARGETARCH
 
-MAINTAINER Owen Ou
-LABEL org.opencontainers.image.source https://github.com/owenthereal/upterm
+WORKDIR /src
+ENV CGO_ENABLED=0
+RUN --mount=target=. \
+    --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg \
+    GOOS=$TARGETOS GOARCH=$TARGETARCH go install \
+    ./cmd/...
 
-RUN adduser -D uptermd
-USER uptermd
+FROM gcr.io/distroless/static
+
+USER nonroot:nonroot
 
 WORKDIR /app
 ENV PATH="/app:${PATH}"
 
-COPY --from=builder /go/bin/* /app
+COPY --from=builder /go/bin/uptermd /app/
 
 # sshd
 EXPOSE 2222
@@ -27,3 +29,14 @@ EXPOSE 8080
 EXPOSE 9090
 
 ENTRYPOINT ["uptermd"]
+
+FROM gcr.io/distroless/static as uptermd-fly
+
+USER nonroot:nonroot
+
+WORKDIR /app
+ENV PATH="/app:${PATH}"
+
+COPY --from=builder /go/bin/uptermd /go/bin/uptermd-fly /app/
+
+ENTRYPOINT ["uptermd-fly"]
diff --git a/Makefile b/Makefile
@@ -33,13 +33,11 @@ install:
 	go install ./cmd/...
 
 TAG ?= latest
+REPO ?= ghcr.io/owenthereal/upterm/uptermd
+DOCKER_BUILD_FLAGS ?= --load
 .PHONY: docker_build
 docker_build:
-	docker build -t ghcr.io/owenthereal/upterm/uptermd:$(TAG) -f Dockerfile.uptermd .
-
-.PHONY: docker_push
-docker_push: docker_build
-	docker push ghcr.io/owenthereal/upterm/uptermd:$(TAG)
+	docker buildx build -t $(REPO):$(TAG) -f Dockerfile.uptermd $(DOCKER_BUILD_FLAGS) .
 
 GO_TEST_FLAGS ?= ""
 .PHONY: test

diff --git a/cmd/uptermd-fly/main.go b/cmd/uptermd-fly/main.go
@@ -0,0 +1,32 @@
+package main
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/owenthereal/upterm/cmd/uptermd/command"
+	log "github.com/sirupsen/logrus"
+)
+
+func main() {
+	logger := log.New()
+
+	flyAppName := os.Getenv("FLY_APP_NAME")
+	if flyAppName == "" {
+		logger.Fatal("FLY_APP_NAME is not set")
+	}
+
+	flyMachineID := os.Getenv("FLY_MACHINE_ID")
+	if flyMachineID == "" {
+		logger.Fatal("FLY_MACHINE_ID is not set")
+	}
+
+	os.Setenv("UPTERMD_NODE_ADDR", fmt.Sprintf("%s.vm.%s.internal:2222", flyMachineID, flyAppName))
+	os.Setenv("UPTERMD_SSH_ADDR", "0.0.0.0:2222")
+	os.Setenv("UPTERMD_WS_ADDR", "0.0.0.0:8080")
+	os.Setenv("UPTERMD_HOSTNAME", "uptermd.upterm.dev")
+
+	if err := command.Root(logger).Execute(); err != nil {
+		logger.Fatal(err)
+	}
+}
diff --git a/cmd/uptermd/command/root.go b/cmd/uptermd/command/root.go
@@ -0,0 +1,85 @@
+package command
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/owenthereal/upterm/server"
+	"github.com/owenthereal/upterm/utils"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+	"github.com/spf13/viper"
+)
+
+func Root(logger log.FieldLogger) *cobra.Command {
+	rootCmd := &rootCmd{}
+	cmd := &cobra.Command{
+		Use:   "uptermd",
+		Short: "Upterm Daemon",
+		RunE:  rootCmd.Run,
+	}
+
+	cmd.PersistentFlags().String("config", "", "server config")
+
+	cmd.PersistentFlags().StringP("ssh-addr", "", utils.DefaultLocalhost("2222"), "ssh server address")
+	cmd.PersistentFlags().StringP("ws-addr", "", "", "websocket server address")
+	cmd.PersistentFlags().StringP("node-addr", "", "", "node address")
+	cmd.PersistentFlags().StringSliceP("private-key", "", nil, "server private key")
+	cmd.PersistentFlags().StringSliceP("hostname", "", nil, "server hostname for public-key authentication certificate principals. If empty, public-key authentication is used instead.")
+
+	cmd.PersistentFlags().StringP("network", "", "mem", "network provider")
+	cmd.PersistentFlags().StringSliceP("network-opt", "", nil, "network provider option")
+
+	cmd.PersistentFlags().StringP("metric-addr", "", "", "metric server address")
+	cmd.PersistentFlags().BoolP("debug", "", os.Getenv("DEBUG") != "", "debug")
+
+	return cmd
+}
+
+type rootCmd struct {
+}
+
+func (cmd *rootCmd) Run(c *cobra.Command, args []string) error {
+	var opt server.Opt
+	if err := unmarshalFlags(c, &opt); err != nil {
+		return err
+	}
+
+	return server.Start(opt)
+}
+
+func unmarshalFlags(cmd *cobra.Command, opts interface{}) error {
+	v := viper.New()
+
+	cmd.Flags().VisitAll(func(flag *pflag.Flag) {
+		flagName := flag.Name
+		if flagName != "config" && flagName != "help" {
+			if err := v.BindPFlag(flagName, flag); err != nil {
+				panic(fmt.Errorf("error binding flag '%s': %w", flagName, err).Error())
+			}
+		}
+	})
+
+	v.AutomaticEnv()
+	v.SetEnvKeyReplacer(strings.NewReplacer("-", "_"))
+	v.SetEnvPrefix("UPTERMD")
+
+	cfgFile, err := cmd.Flags().GetString("config")
+	if err != nil {
+		return err
+	}
+
+	if _, err := os.Stat(cfgFile); err == nil {
+		v.SetConfigFile(cfgFile)
+	}
+
+	if err := v.ReadInConfig(); err != nil {
+		if _, ok := err.(viper.ConfigFileNotFoundError); !ok {
+			return fmt.Errorf("error loading config file %s: %w", cfgFile, err)
+		}
+	}
+
+	return v.Unmarshal(opts)
+}
diff --git a/cmd/uptermd/internal/command/root.go b/cmd/uptermd/internal/command/root.go
diff --git a/cmd/uptermd/main.go b/cmd/uptermd/main.go
@@ -4,7 +4,7 @@ import (
 	"os"
 
 	"github.com/heroku/rollrus"
-	"github.com/owenthereal/upterm/cmd/uptermd/internal/command"
+	"github.com/owenthereal/upterm/cmd/uptermd/command"
 	log "github.com/sirupsen/logrus"
 )
 

diff --git a/fly.toml b/fly.toml
@@ -2,15 +2,9 @@ app = "upterm"
 kill_signal = "SIGINT"
 kill_timeout = "5s"
 
-[experimental]
-cmd = [
-  "uptermd --ssh-addr 0.0.0.0:2222 --ws-addr 0.0.0.0:8080 --node-addr $(echo ${FLY_ALLOC_ID} | cut -f1 -d '-').vm.${FLY_APP_NAME}.internal:2222 --hostname uptermd.upterm.dev",
-]
-entrypoint = ["/bin/sh", "-c"]
-auto_rollback = true
-
 [build]
 dockerfile = "Dockerfile.uptermd"
+build-target = "uptermd-fly"
 
 [[services]]
 protocol = "tcp"

diff --git a/go.mod b/go.mod
@@ -51,8 +51,10 @@ require (
 	github.com/cli/go-gh/v2 v2.9.0
 	github.com/eiannone/keyboard v0.0.0-20220611211555-0d226195f203
 	github.com/google/go-github/v48 v48.2.0
+	github.com/spf13/pflag v1.0.5
+	github.com/spf13/viper v1.18.2
 	github.com/stretchr/testify v1.9.0
-	golang.org/x/exp v0.0.0-20220407100705-7b9b53b0aca4
+	golang.org/x/exp v0.0.0-20230905200255-921286631fa9
 	golang.org/x/term v0.20.0
 )
 
@@ -66,37 +68,49 @@ require (
 	github.com/cli/safeexec v1.0.0 // indirect
 	github.com/cli/shurcooL-graphql v0.0.4 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/go-kit/log v0.2.1 // indirect
 	github.com/go-logfmt/logfmt v0.5.1 // indirect
 	github.com/go-toast/toast v0.0.0-20190211030409-01e6764cf0a4 // indirect
 	github.com/godbus/dbus/v5 v5.1.0 // indirect
 	github.com/hashicorp/errwrap v1.0.0 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/henvic/httpretty v0.0.6 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jpillora/sizestr v1.0.0 // indirect
-	github.com/klauspost/compress v1.14.4 // indirect
+	github.com/klauspost/compress v1.17.0 // indirect
 	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
+	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mattn/go-runewidth v0.0.15 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/muesli/termenv v0.15.2 // indirect
 	github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d // indirect
+	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_model v0.5.0 // indirect
 	github.com/prometheus/common v0.48.0 // indirect
 	github.com/prometheus/procfs v0.12.0 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rollbar/rollbar-go v1.0.2 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/sagikazarmark/locafero v0.4.0 // indirect
+	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
+	github.com/sourcegraph/conc v0.3.0 // indirect
+	github.com/spf13/afero v1.11.0 // indirect
+	github.com/spf13/cast v1.6.0 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/tadvi/systray v0.0.0-20190226123456-11a2b8fa57af // indirect
 	github.com/thlib/go-timezone-local v0.0.0-20210907160436-ef149e42d28e // indirect
+	go.uber.org/atomic v1.9.0 // indirect
+	go.uber.org/multierr v1.9.0 // indirect
 	golang.org/x/net v0.23.0 // indirect
 	golang.org/x/sync v0.6.0 // indirect
 	golang.org/x/sys v0.20.0 // indirect
 	golang.org/x/text v0.15.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )