linux - bring back jammy to life

2026-05-24 09:28:37 +00:00 · 2024-06-01 10:11:34 +02:00 · 2024-06-01 10:11:34 +02:00 · 3a478efaac
commit 3a478efaac
parent 121199cc86
13 changed files with 238 additions and 13 deletions
--- a/.github/workflows/dev.yml
+++ b/.github/workflows/dev.yml
@ -43,10 +43,12 @@ jobs:
      packages: write
    strategy:
      matrix:
-        linux: [ubuntu, debian, fedora, rhel, rhel9]
+        linux: [ubuntu, debian, fedora, rhel, rhel9, ubuntu-jammy]
        include:
          - linux: ubuntu
            package: deb
+          - linux: ubuntu-jammy
+            package: deb
          - linux: debian
            package: deb
          - linux: fedora
@ -185,7 +187,7 @@ jobs:
    needs: [tests-ui-linux, tests-core-linux]
    strategy:
      matrix:
-        linux: [ubuntu, debian, fedora, el, el9]
+        linux: [ubuntu, debian, fedora, el, el9, ubuntu-jammy]
        arch: [amd64]
        include:
          - release: dev
@ -220,6 +222,12 @@ jobs:
            suffix: "1."
            version: 9
            package: rpm
+          - linux: ubuntu
+            package_arch: amd64
+            separator: _
+            suffix: ""
+            version: jammy
+            package: deb
    uses: ./.github/workflows/push-packagecloud.yml
    with:
      SEPARATOR: ${{ matrix.separator }}
--- a/.github/workflows/push-packagecloud.yml
+++ b/.github/workflows/push-packagecloud.yml
@ -60,7 +60,7 @@ jobs:
          path: /tmp/${{ inputs.LINUX }}
      # Remove existing packages
      - name: Remove existing package
-        if: inputs.LINUX != 'el9'
+        if: inputs.LINUX != 'el9' && inputs.LINUX != 'ubuntu-jammy'
        run: package_cloud yank bunkerity/${{ inputs.REPO }}/${{ inputs.LINUX }}/${{ inputs.VERSION }} bunkerweb${{ inputs.SEPARATOR }}${{ inputs.BW_VERSION }}${{ inputs.SEPARATOR }}${{ inputs.SUFFIX }}${{ inputs.PACKAGE_ARCH }}.${{ inputs.PACKAGE }}
        continue-on-error: true
        env:
@ -71,13 +71,19 @@ jobs:
        continue-on-error: true
        env:
          PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
+      - name: Remove existing package ubuntu-jammy
+        if: inputs.LINUX == 'ubuntu-jammy'
+        run: package_cloud yank bunkerity/${{ inputs.REPO }}/ubuntu/jammy bunkerweb${{ inputs.SEPARATOR }}${{ inputs.BW_VERSION }}${{ inputs.SEPARATOR }}${{ inputs.SUFFIX }}${{ inputs.PACKAGE_ARCH }}.${{ inputs.PACKAGE }}
+        continue-on-error: true
+        env:
+          PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
      # Update name
      # - name: Rename package
      #   if: inputs.BW_VERSION == 'testing'
      #   run: sudo apt install -y rename && rename 's/[0-9]\.[0-9]\.[0-9]/testing/' /tmp/${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
      # Push package
      - name: Push package to packagecloud
-        if: inputs.LINUX != 'el9'
+        if: inputs.LINUX != 'el9' && inputs.LINUX != 'ubuntu-jammy'
        uses: danielmundi/upload-packagecloud@46cd0e61152bf952dbc0d1759e609d3d22649030 # v1
        with:
          PACKAGE-NAME: /tmp/${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
@ -94,3 +100,12 @@ jobs:
          PACKAGECLOUD-REPO: ${{ inputs.REPO }}
          PACKAGECLOUD-DISTRIB: el/9
          PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
+      - name: Push package to packagecloud for ubuntu-jammy
+        if: inputs.LINUX == 'ubuntu-jammy'
+        uses: danielmundi/upload-packagecloud@46cd0e61152bf952dbc0d1759e609d3d22649030 # v1
+        with:
+          PACKAGE-NAME: /tmp/${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
+          PACKAGECLOUD-USERNAME: bunkerity
+          PACKAGECLOUD-REPO: ${{ inputs.REPO }}
+          PACKAGECLOUD-DISTRIB: ubuntu/jammy
+          PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -104,7 +104,7 @@ jobs:
    needs: [create-arm]
    strategy:
      matrix:
-        linux: [ubuntu, debian, fedora, rhel, rhel9]
+        linux: [ubuntu, debian, fedora, rhel, rhel9, ubuntu-jammy]
        platforms: [linux/amd64, linux/arm64]
        include:
          - release: latest
@ -118,6 +118,8 @@ jobs:
            package: rpm
          - linux: rhel9
            package: rpm
+          - linux: ubuntu-jammy
+            package: deb
    uses: ./.github/workflows/linux-build.yml
    with:
      RELEASE: ${{ matrix.release }}
@ -191,7 +193,7 @@ jobs:
    needs: [wait-builds]
    strategy:
      matrix:
-        linux: [ubuntu, debian, fedora, el, el9]
+        linux: [ubuntu, debian, fedora, el, el9, ubuntu-jammy]
        arch: [amd64, arm64]
        include:
          - release: latest
@ -221,6 +223,11 @@ jobs:
            suffix: "1."
            version: 9
            package: rpm
+          - linux: ubuntu-jammy
+            separator: _
+            suffix: ""
+            version: jammy
+            package: deb
          - linux: ubuntu
            arch: amd64
            package_arch: amd64
@ -236,6 +243,9 @@ jobs:
          - linux: el9
            arch: amd64
            package_arch: x86_64
+          - linux: ubuntu-jammy
+            arch: amd64
+            package_arch: amd64
          - linux: ubuntu
            arch: arm64
            package_arch: arm64
@ -251,6 +261,9 @@ jobs:
          - linux: el9
            arch: arm64
            package_arch: aarch64
+          - linux: ubuntu-jammy
+            arch: arm64
+            package_arch: arm64
    uses: ./.github/workflows/push-packagecloud.yml
    with:
      SEPARATOR: ${{ matrix.separator }}
--- a/.github/workflows/staging-create-infra.yml
+++ b/.github/workflows/staging-create-infra.yml
@ -28,7 +28,7 @@ jobs:
        uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f # v4.0.0
        if: inputs.TYPE == 'k8s'
        with:
-          version: "v1.28.6"
+          version: "v1.29.1"
      - name: Set up Python 3.12
        uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
        if: inputs.TYPE != 'k8s'
--- a/.github/workflows/staging-delete-infra.yml
+++ b/.github/workflows/staging-delete-infra.yml
@ -37,7 +37,7 @@ jobs:
      - uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f # v4.0.0
        if: inputs.TYPE == 'k8s'
        with:
-          version: "v1.28.2"
+          version: "v1.29.1"
      # Remove infra
      - run: kubectl delete daemonsets,replicasets,services,deployments,pods,rc,ingress,statefulsets --all --all-namespaces --timeout=60s ; kubectl delete pvc --all --timeout=60s ; kubectl delete pv --all --timeout=60s
        if: inputs.TYPE == 'k8s'
--- a/.github/workflows/staging-tests.yml
+++ b/.github/workflows/staging-tests.yml
@ -145,3 +145,9 @@ jobs:
        env:
          TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
          ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
+      - name: Run Linux ubuntu-jammy tests
+        if: inputs.TYPE == 'linux'
+        run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "ubuntu-jammy"
+        env:
+          TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
+          ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
--- a/.github/workflows/staging.yml
+++ b/.github/workflows/staging.yml
@ -43,7 +43,7 @@ jobs:
      packages: write
    strategy:
      matrix:
-        linux: [ubuntu, debian, fedora, rhel, rhel9]
+        linux: [ubuntu, debian, fedora, rhel, rhel9, ubuntu-jammy]
        include:
          - linux: ubuntu
            package: deb
@ -55,6 +55,8 @@ jobs:
            package: rpm
          - linux: rhel9
            package: rpm
+          - linux: ubuntu-jammy
+            package: deb
    uses: ./.github/workflows/linux-build.yml
    with:
      RELEASE: testing
@ -221,7 +223,7 @@ jobs:
    needs: [staging-tests, tests-ui-linux, tests-core-linux]
    strategy:
      matrix:
-        linux: [ubuntu, debian, fedora, el, el9]
+        linux: [ubuntu, debian, fedora, el, el9, ubuntu-jammy]
        arch: [amd64]
        include:
          - release: testing
@ -256,6 +258,12 @@ jobs:
            suffix: "1."
            version: 9
            package: rpm
+          - linux: ubuntu-jammy
+            package_arch: amd64
+            separator: _
+            suffix: ""
+            version: jammy
+            package: deb
    uses: ./.github/workflows/push-packagecloud.yml
    with:
      SEPARATOR: ${{ matrix.separator }}
--- a/src/linux/Dockerfile-ubuntu-jammy
+++ b/src/linux/Dockerfile-ubuntu-jammy
@ -0,0 +1,110 @@
+FROM ubuntu:22.04@sha256:2af372c1e2645779643284c7dc38775e3dbbc417b2d784a27c5a9eb784014fb8 as builder
+
+ENV OS=ubuntu
+ENV NGINX_VERSION 1.26.0
+
+# Install Nginx and dependencies
+RUN apt update && \
+    apt install -y --no-install-recommends curl gnupg2 ca-certificates lsb-release ubuntu-keyring software-properties-common \
+    bash libssl-dev git zlib1g-dev libyajl2 libyajl-dev yajl-tools pkgconf libcurl4-openssl-dev libgeoip-dev liblmdb-dev apt-utils build-essential autoconf libtool automake g++ gcc libxml2-dev make musl-dev gnupg patch libreadline-dev libpcre3-dev libgd-dev python3 python3-dev python3-pip -y && \
+    echo "deb https://nginx.org/packages/ubuntu/ jammy nginx" > /etc/apt/sources.list.d/nginx.list && \
+    echo "deb-src https://nginx.org/packages/ubuntu/ jammy nginx" >> /etc/apt/sources.list.d/nginx.list && \
+    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ABF5BD827BD9BF62 && \
+    apt-get update && \
+    apt-get install -y --no-install-recommends nginx=${NGINX_VERSION}-1~jammy
+
+WORKDIR /tmp/bunkerweb/deps
+
+# Copy dependencies sources folder
+COPY src/deps/misc misc
+COPY src/deps/src src
+COPY src/deps/deps.json deps.json
+COPY --chmod=644 src/deps/install.sh install.sh
+
+# Compile and install dependencies
+RUN bash install.sh
+
+# Copy dependencies sources folder
+COPY src/deps/requirements.txt /tmp/requirements-deps.txt
+COPY src/scheduler/requirements.txt /tmp/req/requirements-scheduler.txt
+COPY src/ui/requirements.txt /tmp/req/requirements-ui.txt
+COPY src/common/gen/requirements.txt /tmp/req/requirements-gen.txt
+COPY src/common/db/requirements.txt /tmp/req/requirements-db.txt
+
+WORKDIR /usr/share/bunkerweb
+
+# Compile and install dependencies
+RUN export MAKEFLAGS="-j$(nproc)" && \
+    mkdir -p deps/python && \
+    pip install --no-cache-dir --require-hashes --break-system-packages --ignore-installed -r /tmp/requirements-deps.txt && \
+    pip install --no-cache-dir --require-hashes --break-system-packages --target deps/python $(for file in $(ls /tmp/req/requirements*.txt) ; do echo "-r ${file}" ; done | xargs)
+
+# Copy files
+# can't exclude deps from . so we are copying everything by hand
+COPY src/bw/loading loading
+COPY src/bw/lua lua
+COPY src/bw/misc misc
+COPY src/common/api api
+COPY src/common/cli cli
+COPY src/common/confs confs
+COPY src/common/core core
+COPY src/common/db db
+COPY src/common/gen gen
+COPY src/common/helpers helpers
+COPY src/common/settings.json settings.json
+COPY src/common/utils utils
+COPY src/common/templates templates
+COPY src/scheduler scheduler
+COPY src/ui ui
+COPY src/VERSION VERSION
+
+FROM ubuntu:22.04@sha256:2af372c1e2645779643284c7dc38775e3dbbc417b2d784a27c5a9eb784014fb8
+
+# Set default umask to prevent huge recursive chmod increasing the final image size
+RUN umask 027
+
+# Copy dependencies
+COPY --from=builder --chown=0:101 /etc/nginx /etc/nginx
+COPY --from=builder --chown=0:101 /usr/share/bunkerweb /usr/share/bunkerweb
+
+WORKDIR /usr/share/bunkerweb
+
+# Install fpm
+RUN apt-get update && \
+    apt-get -y install ruby ruby-dev rubygems build-essential autoconf libtool rpm binutils && \
+    gem install -N fpm
+
+# Setup BW
+RUN cp helpers/bwcli /usr/bin/ && \
+    chmod 755 /usr/bin/bwcli && \
+    mkdir -p /etc/bunkerweb/configs /etc/bunkerweb/plugins /var/cache/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb /var/lib/bunkerweb /var/www/html && \
+    echo "Linux" > INTEGRATION && \
+    for dir in $(echo "plugins pro/plugins configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir -p "/etc/bunkerweb/${dir}" ; done && \
+    find . -path deps -prune -o -type f -exec chmod 0740 {} \; && \
+    find . -path deps -prune -o -type d -exec chmod 0750 {} \; && \
+    chmod 755 /var/log/bunkerweb && \
+    touch /var/log/bunkerweb/error.log /var/log/bunkerweb/access.log /var/log/bunkerweb/modsec_audit.log && \
+    chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ && \
+    chmod 750 gen/*.py scheduler/*.py cli/*.py ui/*.py ui/src/*.py helpers/*.sh /var/www/ && \
+    find core/*/jobs/* -type f -exec chmod 750 {} \; && \
+    chmod 755 .
+
+# Cleanup
+RUN apt-get -f -y --auto-remove remove build-essential autoconf libtool && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+COPY --chmod=660 src/bw/misc/asn.mmdb /var/tmp/bunkerweb/asn.mmdb
+COPY --chmod=660 src/bw/misc/country.mmdb /var/tmp/bunkerweb/country.mmdb
+
+# Copy Linux files
+COPY --chmod=740 src/linux/scripts scripts
+COPY --chmod=740 src/linux/fpm.sh /usr/share/fpm.sh
+COPY src/linux/fpm-ubuntu-jammy /usr/share/.fpm
+COPY --chmod=644 src/linux/*.service /lib/systemd/system/
+COPY --chmod=644 src/linux/bunkerweb.logrotate /etc/logrotate.d/bunkerweb
+
+# Generate DEB at startup
+VOLUME /data
+WORKDIR /usr/share/
+ENTRYPOINT [ "./fpm.sh", "deb" ]
--- a/src/linux/fpm-ubuntu-jammy
+++ b/src/linux/fpm-ubuntu-jammy
@ -0,0 +1,14 @@
+-s dir
+--name bunkerweb
+--license agpl3
+--version %VERSION%
+--architecture %ARCH%
+--depends bash --depends python3 --depends python3-pip --depends 'nginx = 1.26.0-1~jammy' --depends libcurl4 --depends libgeoip-dev --depends libxml2 --depends libyajl2 --depends libmagic1 --depends net-tools --depends sudo --depends procps --depends lsof --depends libpq5 --depends libcap2-bin --depends logrotate --depends mariadb-client --depends postgresql-client --depends sqlite3 --depends unzip --depends libpcre3
+--description "BunkerWeb %VERSION% for Ubuntu 22.04"
+--url "https://www.bunkerweb.io"
+--maintainer "Bunkerity <contact at bunkerity dot com>"
+--before-install /usr/share/bunkerweb/scripts/beforeInstall.sh
+--after-install /usr/share/bunkerweb/scripts/postinstall.sh
+--after-remove /usr/share/bunkerweb/scripts/afterRemoveDEB.sh
+--deb-no-default-config-files
+/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/run/bunkerweb/=/var/run/bunkerweb /var/log/bunkerweb/=/var/log/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb/=/var/lib/bunkerweb /etc/logrotate.d/bunkerweb=/etc/logrotate.d/bunkerweb
--- a/tests/LinuxTest.py
+++ b/tests/LinuxTest.py
@ -24,7 +24,7 @@ class LinuxTest(Test):
            proc = run(cmd, shell=True)
            if proc.returncode != 0:
                raise Exception("docker run failed (linux stack)")
-            if distro in ("ubuntu", "debian"):
+            if distro in ("ubuntu", "debian", "ubuntu-jammy"):
                cmd = "echo force-bad-version >> /etc/dpkg/dpkg.cfg ; apt install -y /opt/\\$(ls /opt | grep deb)"
            elif distro in ("centos", "fedora") or distro.startswith("rhel"):
                cmd = "dnf install -y /opt/\\$(ls /opt | grep rpm)"
@ -34,7 +34,7 @@ class LinuxTest(Test):
            proc = LinuxTest.docker_exec(distro, "systemctl start bunkerweb")
            if proc.returncode != 0:
                raise Exception("docker exec systemctl start failed (linux stack)")
-            if distro in ("ubuntu", "debian"):
+            if distro in ("ubuntu", "debian", "ubuntu-jammy"):
                LinuxTest.docker_exec(
                    distro,
                    "DEBIAN_FRONTEND=noninteractive apt-get install -y php-fpm unzip",
@ -53,6 +53,13 @@ class LinuxTest(Test):
                        "/etc/php/8.2/fpm/pool.d/www.conf",
                    )
                    LinuxTest.docker_exec(distro, "systemctl stop php8.2-fpm ; systemctl start php8.2-fpm")
+                elif distro == "ubuntu-jammy":
+                    LinuxTest.docker_cp(
+                        distro,
+                        "./tests/www-deb.conf",
+                        "/etc/php/8.1/fpm/pool.d/www.conf",
+                    )
+                    LinuxTest.docker_exec(distro, "systemctl stop php8.1-fpm ; systemctl start php8.1-fpm")
            elif distro in ("centos", "fedora") or distro.startswith("rhel"):
                LinuxTest.docker_exec(distro, "dnf install -y php-fpm unzip")
                LinuxTest.docker_cp(distro, "./tests/www-rpm.conf", "/etc/php-fpm.d/www.conf")
--- a/tests/linux/Dockerfile-ubuntu-jammy
+++ b/tests/linux/Dockerfile-ubuntu-jammy
@ -0,0 +1,38 @@
+FROM ubuntu:22.04@sha256:a6d2b38300ce017add71440577d5b0a90460d0e57fd7aec21dd0d1b0761bbfb2
+
+ENV container docker
+ENV LC_ALL C
+ENV DEBIAN_FRONTEND noninteractive
+ENV NGINX_VERSION 1.26.0
+
+RUN apt-get update \
+    && apt-get install -y systemd systemd-sysv \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+RUN cd /lib/systemd/system/sysinit.target.wants/ \
+    && rm $(ls | grep -v systemd-tmpfiles-setup)
+
+RUN rm -f /lib/systemd/system/multi-user.target.wants/* \
+    /etc/systemd/system/*.wants/* \
+    /lib/systemd/system/local-fs.target.wants/* \
+    /lib/systemd/system/sockets.target.wants/*udev* \
+    /lib/systemd/system/sockets.target.wants/*initctl* \
+    /lib/systemd/system/basic.target.wants/* \
+    /lib/systemd/system/anaconda.target.wants/* \
+    /lib/systemd/system/plymouth* \
+    /lib/systemd/system/systemd-update-utmp*
+
+RUN apt update && \
+    apt-get install php-fpm curl gnupg2 ca-certificates lsb-release ubuntu-keyring software-properties-common python3-pip -y && \
+    echo "deb https://nginx.org/packages/ubuntu/ jammy nginx" > /etc/apt/sources.list.d/nginx.list && \
+    echo "deb-src https://nginx.org/packages/ubuntu/ jammy nginx" >> /etc/apt/sources.list.d/nginx.list && \
+    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ABF5BD827BD9BF62 && \
+    apt-get update && \
+    apt-get install -y --no-install-recommends nginx=${NGINX_VERSION}-1~jammy
+
+COPY ./package-ubuntu/*.deb /opt
+
+VOLUME ["/sys/fs/cgroup"]
+
+CMD ["/lib/systemd/systemd"]
--- a/tests/linux/Linux.sh
+++ b/tests/linux/Linux.sh
@ -37,6 +37,9 @@ function buildPackage() {
    if [ "$DISTRO" = "rhel9" ]; then
      sudo docker build -t linux-rhel9 -f src/linux/Dockerfile-rhel9 .
    fi
+    if [ "$DISTRO" = "ubuntu-jammy" ]; then
+      sudo docker build -t linux-ubuntu-jammy -f src/linux/Dockerfile-ubuntu-jammy .
+    fi
  fi
 }

@ -62,6 +65,9 @@ function createContainer() {
    if [ "$DISTRO" = "rhel9" ]; then
      sudo docker run -v /tmp/rhel9:/data linux-rhel9
    fi
+    if [ "$DISTRO" = "ubuntu-jammy" ]; then
+      sudo docker run -v /tmp/ubuntu-jammy:/data linux-ubuntu-jammy
+    fi
  fi
 }

--- a/tests/terraform/k8s.tf
+++ b/tests/terraform/k8s.tf
@ -12,7 +12,7 @@ resource "scaleway_vpc_private_network" "pn" {
 resource "scaleway_k8s_cluster" "cluster" {
  type = "kapsule"
  name = "bw_k8s"
-  version = "1.28.6"
+  version = "1.29.1"
  cni = "cilium"
  private_network_id = scaleway_vpc_private_network.pn.id
  delete_additional_resources = true