diff --git a/.github/workflows/build-docker-images.yml b/.github/workflows/build-docker-images.yml index 77dc5be..af8e285 100644 --- a/.github/workflows/build-docker-images.yml +++ b/.github/workflows/build-docker-images.yml @@ -128,7 +128,7 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} - - name: Build and push + - name: Build and push full Docker image uses: docker/build-push-action@v5 with: context: . @@ -141,6 +141,19 @@ jobs: no-cache: true provenance: false + - name: Build and push slim Docker image + uses: docker/build-push-action@v5 + with: + context: . + platforms: linux/${{ matrix.platform }} + file: Dockerfile-slim.ci + push: ${{ startsWith(github.ref, 'refs/tags/') }} + tags: | + ${{ env.DOCKER_IMAGE_NAME }}:latest-${{ matrix.platform }}-slim + ${{ env.DOCKER_IMAGE_NAME }}:${{ github.ref_name }}-${{ matrix.platform }}-slim + no-cache: true + provenance: false + create-release: name: Create a release if: startsWith(github.ref, 'refs/tags/') @@ -176,9 +189,16 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} - - name: Create and push manifest images + - name: Create and push full manifest images uses: Noelware/docker-manifest-action@master # or use a pinned version in the Releases tab with: inputs: ${{ env.DOCKER_IMAGE_NAME }}:latest,${{ env.DOCKER_IMAGE_NAME }}:${{ github.ref_name }} images: ${{ env.DOCKER_IMAGE_NAME }}:latest-amd64,${{ env.DOCKER_IMAGE_NAME }}:latest-arm64 push: true + + - name: Create and push slim manifest images + uses: Noelware/docker-manifest-action@master # or use a pinned version in the Releases tab + with: + inputs: ${{ env.DOCKER_IMAGE_NAME }}:latest-slim,${{ env.DOCKER_IMAGE_NAME }}:${{ github.ref_name }}-slim + images: ${{ env.DOCKER_IMAGE_NAME }}:latest-amd64-slim,${{ env.DOCKER_IMAGE_NAME }}:latest-arm64-slim + push: true diff --git a/Dockerfile-slim.ci b/Dockerfile-slim.ci new file mode 100644 index 0000000..ab6cf9d --- /dev/null +++ b/Dockerfile-slim.ci @@ -0,0 +1,45 @@ +FROM ubuntu:24.04 + +ARG TARGETPLATFORM +ARG TARGETARCH +ARG TARGETVARIANT +RUN printf "I'm building for TARGETPLATFORM=${TARGETPLATFORM}" \ + && printf ", TARGETARCH=${TARGETARCH}" \ + && printf ", TARGETVARIANT=${TARGETVARIANT} \n" \ + && printf "With uname -s : " && uname -s \ + && printf "and uname -m : " && uname -m + +RUN apt-get update && \ + apt-get dist-upgrade --yes && \ + apt-get install -y \ + curl \ + zip && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +# Create an application user +RUN useradd app_user --create-home + +ARG APP_DIR=/opt/flight_sql + +RUN mkdir --parents ${APP_DIR} && \ + chown app_user:app_user ${APP_DIR} && \ + chown --recursive app_user:app_user /usr/local + +# Switch to a less privileged user... +USER app_user + +WORKDIR ${APP_DIR} + +# Copy the scripts directory into the image (we copy directory-by-directory in order to maximize Docker caching) +COPY --chown=app_user:app_user scripts scripts + +COPY --chown=app_user:app_user flight_sql_server /usr/local/bin/flight_sql_server +RUN chmod +x /usr/local/bin/flight_sql_server + +COPY --chown=app_user:app_user flight_sql_client /usr/local/bin/flight_sql_client +RUN chmod +x /usr/local/bin/flight_sql_client + +EXPOSE 31337 + +ENTRYPOINT scripts/start_flight_sql_slim.sh diff --git a/README.md b/README.md index 68b4c7a..c8f745b 100644 --- a/README.md +++ b/README.md @@ -363,3 +363,33 @@ Allowed options: certificate MUST be in PEM format. -Q [ --print-queries ] Print queries run by clients to stdout ``` + +## Slim Docker image +There is now a slim docker image available, without Python, tls certificate generation, sample database files, etc. + +You must supply the following environment variables to the slim image: +- `DATABASE_FILENAME` - the path to the database file to use +- `FLIGHT_PASSWORD` - the password to use for the Flight SQL server + +You can optionally supply the following environment variables: +- `TLS_ENABLED` - set to "1" to enable TLS (default is "0" - disabled) +- `TLS_CERT` - If `TLS_ENABLED` is 1 - provide the path to the TLS certificate file (it must be mounted in the container) +- `TLS_KEY` - If `TLS_ENABLED` is 1 - provide the path to the TLS key file (it must be mounted in the container) + +To run that image - use the following command: +```bash +docker run --name flight-sql-slim \ + --detach \ + --rm \ + --tty \ + --init \ + --publish 31337:31337 \ + --env DATABASE_FILENAME="data/some_database.duckdb" \ + --env TLS_ENABLED="0" \ + --env FLIGHT_PASSWORD="flight_password" \ + --env PRINT_QUERIES="1" \ + --pull missing \ + voltrondata/flight-sql:latest-slim +``` + +See [start_flight_sql_slim.sh](scripts/start_flight_sql_slim.sh) - the container's entrypoint script for more details. diff --git a/scripts/start_flight_sql_slim.sh b/scripts/start_flight_sql_slim.sh new file mode 100755 index 0000000..0a7f05d --- /dev/null +++ b/scripts/start_flight_sql_slim.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +set -e + +L_DATABASE_FILENAME=${1:-${DATABASE_FILENAME?"You must specify a database filename."}} +L_DATABASE_BACKEND=${2:-${DATABASE_BACKEND:-"duckdb"}} +L_PRINT_QUERIES=${3:-${PRINT_QUERIES:-"1"}} +L_TLS_ENABLED=${4:-${TLS_ENABLED:-"0"}} +L_TLS_CERT=${5:-${TLS_CERT}} +L_TLS_KEY=${6:-${TLS_KEY}} + +TLS_ARG="" +if [ "${L_TLS_ENABLED}" == "1" ] +then + # Make sure L_TLS_CERT and L_TLS_KEY were provided + if [ -z "${L_TLS_CERT}" ] || [ -z "${L_TLS_KEY}" ] + then + echo "TLS_CERT and TLS_KEY must be passed when TLS is enabled." + exit 1 + fi + + TLS_ARG="--tls ${L_TLS_CERT} ${L_TLS_KEY}" +fi + +# Setup the print_queries option +PRINT_QUERIES_FLAG="" +if [ "${L_PRINT_QUERIES}" == "1" ] +then + PRINT_QUERIES_FLAG="--print-queries" +fi + +flight_sql_server --backend="${L_DATABASE_BACKEND}" --database-filename="${L_DATABASE_FILENAME}" ${TLS_ARG} ${PRINT_QUERIES_FLAG}