├── .gitignore ├── output └── .gitignore ├── post-install-apisix-base.sh ├── post-install-apisix-runtime.sh ├── test └── apisix │ ├── config.yaml │ ├── Dockerfile.test.apisix.arm64.ubuntu24.04 │ └── Dockerfile.test.apisix.deb.ubuntu24.04 ├── usr └── lib │ └── systemd │ └── system │ ├── apisix-dashboard.service │ ├── openresty.service │ └── apisix.service ├── dockerfiles ├── Dockerfile.fpm ├── Dockerfile.apisix-base.rpm ├── Dockerfile.package.apisix-dashboard ├── Dockerfile.dashboard.deb ├── Dockerfile.package.apisix-base ├── Dockerfile.dashboard.rpm ├── Dockerfile.package.apisix-runtime ├── Dockerfile.apisix-runtime.rpm ├── Dockerfile.apisix-base.deb ├── Dockerfile.package.apisix ├── Dockerfile.apisix-runtime.deb ├── Dockerfile.apisix.deb ├── Dockerfile.apisix.rpm └── Dockerfile.apisix-base.apk ├── utils ├── determine-dist.sh ├── build-common.sh ├── publish-rpm.sh ├── publish-deb.sh └── install-common.sh ├── package-apisix-dashboard.sh ├── package-apisix-runtime.sh ├── .github └── workflows │ ├── push-apisix-base-image.yml │ ├── push-apisix-runtime-image.yml │ ├── package-apisix-runtime-deb-openresty-1.21.yml │ ├── package-apisix-runtime-deb-ubuntu20.04.yml │ ├── package-apisix-runtime-rpm-ubi.yml │ ├── package-apisix-dashboard-deb-ubuntu20.04.yml │ ├── package-apisix-deb-ubuntu20.04.yml │ ├── package-apisix-rpm-ubi.yml │ ├── publish-deb.yml │ └── publish.yml ├── package-apisix-base.sh ├── package-apisix.sh ├── CHANGELOG.md ├── README.md ├── LICENSE ├── Makefile └── conf └── openssl3 └── openssl.cnf /.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | apisix 3 | apisix-runtime 4 | -------------------------------------------------------------------------------- /output/.gitignore: -------------------------------------------------------------------------------- 1 | # Ignore everything in this directory 2 | * 3 | # Except this file 4 | !.gitignore 5 | -------------------------------------------------------------------------------- /post-install-apisix-base.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ln -sf /usr/local/openresty/bin/resty /usr/bin/resty 3 | ln -sf /usr/local/openresty/bin/openresty /usr/bin/openresty -------------------------------------------------------------------------------- /post-install-apisix-runtime.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ln -sf /usr/local/openresty/bin/resty /usr/bin/resty 3 | ln -sf /usr/local/openresty/bin/openresty /usr/bin/openresty -------------------------------------------------------------------------------- /test/apisix/config.yaml: -------------------------------------------------------------------------------- 1 | deployment: 2 | admin: 3 | allow_admin: 4 | - 0.0.0.0/0 5 | admin_key: 6 | - name: admin 7 | key: 'edd1c9f034335f136f87ad84b625c8f1' 8 | role: admin 9 | -------------------------------------------------------------------------------- /usr/lib/systemd/system/apisix-dashboard.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=apisix-dashboard 3 | Conflicts=apisix-dashboard.service 4 | After=network-online.target 5 | 6 | [Service] 7 | WorkingDirectory=/usr/local/apisix/dashboard 8 | ExecStart=/usr/local/apisix/dashboard/manager-api -c /usr/local/apisix/dashboard/conf/conf.yaml 9 | -------------------------------------------------------------------------------- /dockerfiles/Dockerfile.fpm: -------------------------------------------------------------------------------- 1 | FROM ubuntu:focal 2 | 3 | RUN DEBIAN_FRONTEND=noninteractive apt-get update \ 4 | && DEBIAN_FRONTEND=noninteractive apt-get install -y git \ 5 | && DEBIAN_FRONTEND=noninteractive apt-get install -y ruby ruby-dev rubygems build-essential rpm \ 6 | && gem install dotenv -v 2.8.1 \ 7 | && gem install fpm \ 8 | && fpm --version 9 | 10 | CMD /usr/local/bin/fpm -------------------------------------------------------------------------------- /utils/determine-dist.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | set -x 4 | 5 | if [ "${IMAGE_BASE}" == "ubuntu" ] 6 | then 7 | dist="${IMAGE_BASE}${IMAGE_TAG}" 8 | elif [ "${IMAGE_BASE}" == "debian" ] 9 | then 10 | dist="${IMAGE_BASE}${IMAGE_TAG}" 11 | elif [ "${IMAGE_BASE}" == "registry.access.redhat.com/ubi9/ubi" ] 12 | then 13 | dist="ubi${IMAGE_TAG}" 14 | fi 15 | 16 | echo "${dist}" > /tmp/dist 17 | 18 | echo `cat /etc/os-release |grep VERSION_CODENAME|awk -F '=' '{print $2}'` > /tmp/codename 19 | -------------------------------------------------------------------------------- /usr/lib/systemd/system/openresty.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=APISIX's OpenResty distribution 3 | After=syslog.target network-online.target remote-fs.target nss-lookup.target 4 | Wants=network-online.target 5 | 6 | [Service] 7 | Type=forking 8 | PIDFile=/usr/local/openresty/nginx/logs/nginx.pid 9 | ExecStartPre=/usr/local/openresty/nginx/sbin/nginx -t 10 | ExecStart=/usr/local/openresty/nginx/sbin/nginx 11 | ExecReload=/bin/kill -s HUP $MAINPID 12 | ExecStop=/bin/kill -s QUIT $MAINPID 13 | PrivateTmp=true 14 | 15 | [Install] 16 | WantedBy=multi-user.target 17 | -------------------------------------------------------------------------------- /usr/lib/systemd/system/apisix.service: -------------------------------------------------------------------------------- 1 | # apisix systemd service 2 | # https://github.com/api7/apisix-build-tools/blob/master/usr/lib/systemd/system/apisix.service 3 | [Unit] 4 | Description=apisix 5 | #Conflicts=apisix.service 6 | After=network-online.target 7 | Wants=network-online.target 8 | 9 | [Service] 10 | Type=forking 11 | Restart=on-failure 12 | WorkingDirectory=/usr/local/apisix 13 | ExecStartPre=/bin/rm -f /usr/local/apisix/logs/worker_events.sock 14 | ExecStart=/usr/bin/apisix start 15 | ExecStop=/usr/bin/apisix stop 16 | ExecReload=/usr/bin/apisix reload 17 | LimitNOFILE=65536 18 | 19 | [Install] 20 | WantedBy=multi-user.target 21 | -------------------------------------------------------------------------------- /dockerfiles/Dockerfile.apisix-base.rpm: -------------------------------------------------------------------------------- 1 | ARG IMAGE_BASE="registry.access.redhat.com/ubi9/ubi" 2 | ARG IMAGE_TAG="9.6" 3 | 4 | FROM ${IMAGE_BASE}:${IMAGE_TAG} 5 | 6 | 7 | COPY ./utils/build-common.sh /tmp/build-common.sh 8 | COPY build-apisix-base.sh /tmp/build-apisix-base.sh 9 | COPY ./utils/determine-dist.sh /tmp/determine-dist.sh 10 | 11 | WORKDIR /tmp 12 | 13 | ARG VERSION 14 | ARG IMAGE_BASE 15 | ARG IMAGE_TAG 16 | 17 | ENV IMAGE_BASE=${IMAGE_BASE} 18 | ENV IMAGE_TAG=${IMAGE_TAG} 19 | ENV version=${VERSION} 20 | 21 | RUN ./build-common.sh build_apisix_base_rpm \ 22 | # determine dist and write it into /tmp/dist file 23 | && /tmp/determine-dist.sh 24 | -------------------------------------------------------------------------------- /dockerfiles/Dockerfile.package.apisix-dashboard: -------------------------------------------------------------------------------- 1 | ARG VERSION 2 | ARG PACKAGE_TYPE 3 | 4 | FROM apache/apisix-dashboard-${PACKAGE_TYPE}:${VERSION} AS APISIX 5 | FROM api7/fpm 6 | 7 | ARG ITERATION 8 | ARG PACKAGE_VERSION 9 | ARG PACKAGE_TYPE 10 | ARG ARTIFACT 11 | 12 | ENV ITERATION=${ITERATION} 13 | ENV PACKAGE_VERSION=${PACKAGE_VERSION} 14 | ENV PACKAGE_TYPE=${PACKAGE_TYPE} 15 | ENV ARTIFACT=${ARTIFACT} 16 | 17 | COPY --from=APISIX /tmp/build/output /tmp/build/output 18 | COPY --from=APISIX /tmp/dist /tmp/dist 19 | COPY --from=APISIX /tmp/codename /tmp/codename 20 | COPY package-apisix-dashboard.sh /package-apisix-dashboard.sh 21 | COPY usr /usr 22 | 23 | RUN /package-apisix-dashboard.sh -------------------------------------------------------------------------------- /dockerfiles/Dockerfile.dashboard.deb: -------------------------------------------------------------------------------- 1 | ARG IMAGE_BASE="ubuntu" 2 | ARG IMAGE_TAG="20.04" 3 | 4 | FROM ${IMAGE_BASE}:${IMAGE_TAG} 5 | 6 | COPY ./utils/install-common.sh /install-common.sh 7 | COPY ./utils/determine-dist.sh /determine-dist.sh 8 | 9 | # install dependencies 10 | RUN /install-common.sh install_dashboard_dependencies_deb 11 | 12 | ARG checkout_v="v2.3" 13 | ARG iteration="0" 14 | ARG goproxy="" 15 | ARG IMAGE_BASE 16 | ARG IMAGE_TAG 17 | ARG CODE_PATH 18 | 19 | ENV IMAGE_BASE=${IMAGE_BASE} 20 | ENV IMAGE_TAG=${IMAGE_TAG} 21 | 22 | COPY ${CODE_PATH} /apisix-dashboard 23 | 24 | # install APISIX dashboard 25 | RUN /install-common.sh install_dashboard \ 26 | # determine dist and write it into /tmp/dist file 27 | && /determine-dist.sh 28 | -------------------------------------------------------------------------------- /dockerfiles/Dockerfile.package.apisix-base: -------------------------------------------------------------------------------- 1 | ARG VERSION 2 | ARG PACKAGE_TYPE 3 | 4 | FROM apache/apisix-base-${PACKAGE_TYPE}:${VERSION} AS APISIX-BASE 5 | FROM api7/fpm 6 | 7 | ARG ITERATION 8 | ARG PACKAGE_VERSION 9 | ARG PACKAGE_TYPE 10 | ARG ARTIFACT 11 | 12 | ENV ITERATION=${ITERATION} 13 | ENV PACKAGE_VERSION=${PACKAGE_VERSION} 14 | ENV PACKAGE_TYPE=${PACKAGE_TYPE} 15 | ENV ARTIFACT=${ARTIFACT} 16 | 17 | COPY --from=APISIX-BASE /usr/local/openresty /tmp/build/output/openresty 18 | COPY --from=APISIX-BASE /tmp/dist /tmp/dist 19 | COPY --from=APISIX-BASE /tmp/codename /tmp/codename 20 | COPY package-apisix-base.sh /package-apisix-base.sh 21 | COPY post-install-apisix-base.sh /post-install-apisix-base.sh 22 | COPY usr /usr 23 | 24 | RUN /package-apisix-base.sh -------------------------------------------------------------------------------- /dockerfiles/Dockerfile.dashboard.rpm: -------------------------------------------------------------------------------- 1 | ARG IMAGE_BASE="registry.access.redhat.com/ubi9/ubi" 2 | ARG IMAGE_TAG="9.6" 3 | 4 | FROM ${IMAGE_BASE}:${IMAGE_TAG} 5 | 6 | COPY ./utils/install-common.sh /install-common.sh 7 | COPY ./utils/determine-dist.sh /determine-dist.sh 8 | 9 | # install dependencies 10 | RUN /install-common.sh install_dashboard_dependencies_rpm 11 | 12 | ARG checkout_v="v2.3" 13 | ARG iteration="0" 14 | ARG goproxy="" 15 | ARG IMAGE_BASE 16 | ARG IMAGE_TAG 17 | ARG CODE_PATH 18 | 19 | ENV IMAGE_BASE=${IMAGE_BASE} 20 | ENV IMAGE_TAG=${IMAGE_TAG} 21 | 22 | COPY ${CODE_PATH} /apisix-dashboard 23 | 24 | # install APISIX dashboard 25 | RUN /install-common.sh install_dashboard \ 26 | # determine dist and write it into /tmp/dist file 27 | && /determine-dist.sh 28 | -------------------------------------------------------------------------------- /dockerfiles/Dockerfile.package.apisix-runtime: -------------------------------------------------------------------------------- 1 | ARG PACKAGE_TYPE 2 | ARG RUNTIME_VERSION 3 | 4 | FROM apache/apisix-runtime-${PACKAGE_TYPE}:${RUNTIME_VERSION} AS APISIX-RUNTIME 5 | FROM api7/fpm 6 | 7 | ARG ITERATION 8 | ARG PACKAGE_VERSION 9 | ARG RUNTIME_VERSION 10 | ARG PACKAGE_TYPE 11 | ARG ARTIFACT 12 | 13 | ENV ITERATION=${ITERATION} 14 | ENV PACKAGE_VERSION=${PACKAGE_VERSION} 15 | ENV RUNTIME_VERSION=${RUNTIME_VERSION} 16 | ENV PACKAGE_TYPE=${PACKAGE_TYPE} 17 | ENV ARTIFACT=${ARTIFACT} 18 | 19 | COPY --from=APISIX-RUNTIME /usr/local/openresty /tmp/build/output/openresty 20 | COPY --from=APISIX-RUNTIME /tmp/dist /tmp/dist 21 | COPY --from=APISIX-RUNTIME /tmp/codename /tmp/codename 22 | COPY package-apisix-runtime.sh /package-apisix-runtime.sh 23 | COPY post-install-apisix-runtime.sh /post-install-apisix-runtime.sh 24 | COPY usr /usr 25 | 26 | RUN /package-apisix-runtime.sh 27 | -------------------------------------------------------------------------------- /dockerfiles/Dockerfile.apisix-runtime.rpm: -------------------------------------------------------------------------------- 1 | ARG IMAGE_BASE="registry.access.redhat.com/ubi9/ubi" 2 | ARG IMAGE_TAG="9.6" 3 | 4 | FROM ${IMAGE_BASE}:${IMAGE_TAG} 5 | 6 | WORKDIR /tmp 7 | 8 | ARG VERSION 9 | ARG RUNTIME_VERSION 10 | ARG IMAGE_BASE 11 | ARG IMAGE_TAG 12 | ARG CODE_PATH 13 | 14 | ENV IMAGE_BASE=${IMAGE_BASE} 15 | ENV IMAGE_TAG=${IMAGE_TAG} 16 | ENV version=${VERSION} 17 | ENV runtime_version=${RUNTIME_VERSION} 18 | 19 | COPY ${CODE_PATH} ./ 20 | 21 | RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \ 22 | && source "$HOME/.cargo/env" \ 23 | && rustup install 1.69 \ 24 | && rustup default 1.69 \ 25 | # build apisix runtime 26 | && mv ./utils/build-common.sh ./utils/determine-dist.sh ./ \ 27 | && ./build-common.sh build_apisix_runtime_rpm \ 28 | # determine dist and write it into /tmp/dist file 29 | && ./determine-dist.sh 30 | -------------------------------------------------------------------------------- /dockerfiles/Dockerfile.apisix-base.deb: -------------------------------------------------------------------------------- 1 | ARG IMAGE_BASE="debian" 2 | ARG IMAGE_TAG="bullseye-slim" 3 | 4 | FROM ${IMAGE_BASE}:${IMAGE_TAG} as build 5 | 6 | COPY ./utils/build-common.sh /tmp/build-common.sh 7 | COPY build-apisix-base.sh /tmp/build-apisix-base.sh 8 | COPY ./utils/determine-dist.sh /tmp/determine-dist.sh 9 | 10 | WORKDIR /tmp 11 | 12 | ARG VERSION 13 | ARG IMAGE_BASE 14 | ARG IMAGE_TAG 15 | ARG BUILD_LATEST 16 | 17 | ENV IMAGE_BASE=${IMAGE_BASE} 18 | ENV IMAGE_TAG=${IMAGE_TAG} 19 | ENV version=${VERSION} 20 | ENV build_latest=${BUILD_LATEST:-} 21 | 22 | RUN ./build-common.sh build_apisix_base_deb ${build_latest} \ 23 | # determine dist and write it into /tmp/dist file 24 | && /tmp/determine-dist.sh 25 | 26 | FROM ${IMAGE_BASE}:${IMAGE_TAG} as prod 27 | 28 | COPY --from=build /usr/local /usr/local 29 | COPY --from=build /tmp/dist /tmp/dist 30 | COPY --from=build /tmp/codename /tmp/codename 31 | -------------------------------------------------------------------------------- /dockerfiles/Dockerfile.package.apisix: -------------------------------------------------------------------------------- 1 | ARG VERSION 2 | ARG PACKAGE_TYPE 3 | 4 | FROM apache/apisix-${PACKAGE_TYPE}:${VERSION} AS APISIX 5 | FROM api7/fpm 6 | 7 | ARG ITERATION 8 | ARG PACKAGE_VERSION 9 | ARG PACKAGE_TYPE 10 | ARG OPENRESTY 11 | ARG ARTIFACT 12 | ARG RUNTIME_VERSION 13 | 14 | ENV ITERATION=${ITERATION} 15 | ENV PACKAGE_VERSION=${PACKAGE_VERSION} 16 | ENV PACKAGE_TYPE=${PACKAGE_TYPE} 17 | ENV OPENRESTY=${OPENRESTY} 18 | ENV RUNTIME_VERSION=${RUNTIME_VERSION} 19 | ENV ARTIFACT=${ARTIFACT} 20 | 21 | COPY --from=APISIX /tmp/build/output/apisix /tmp/build/output/apisix 22 | COPY --from=APISIX /tmp/dist /tmp/dist 23 | COPY --from=APISIX /tmp/codename /tmp/codename 24 | COPY --from=APISIX /usr/local/openresty /tmp/build/output/apisix/usr/local/openresty 25 | COPY package-apisix.sh /package-apisix.sh 26 | COPY post-install-apisix-runtime.sh /post-install-apisix-runtime.sh 27 | COPY usr /usr 28 | 29 | RUN /package-apisix.sh -------------------------------------------------------------------------------- /dockerfiles/Dockerfile.apisix-runtime.deb: -------------------------------------------------------------------------------- 1 | ARG IMAGE_BASE="debian" 2 | ARG IMAGE_TAG="bullseye-slim" 3 | 4 | FROM ${IMAGE_BASE}:${IMAGE_TAG} as build 5 | 6 | WORKDIR /tmp 7 | 8 | ARG VERSION 9 | ARG RUNTIME_VERSION 10 | ARG IMAGE_BASE 11 | ARG IMAGE_TAG 12 | ARG BUILD_LATEST 13 | ARG CODE_PATH 14 | 15 | ENV IMAGE_BASE=${IMAGE_BASE} 16 | ENV IMAGE_TAG=${IMAGE_TAG} 17 | ENV version=${VERSION} 18 | ENV runtime_version=${RUNTIME_VERSION} 19 | ENV build_latest=${BUILD_LATEST:-} 20 | 21 | COPY ${CODE_PATH} ./ 22 | 23 | RUN mv ./utils/build-common.sh ./utils/determine-dist.sh ./ \ 24 | && ./build-common.sh build_apisix_runtime_deb ${build_latest} \ 25 | # determine dist and write it into /tmp/dist file 26 | && ./determine-dist.sh 27 | 28 | FROM ${IMAGE_BASE}:${IMAGE_TAG} as prod 29 | 30 | COPY --from=build /usr/local /usr/local 31 | COPY --from=build /tmp/dist /tmp/dist 32 | COPY --from=build /tmp/codename /tmp/codename 33 | -------------------------------------------------------------------------------- /package-apisix-dashboard.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | set -x 4 | 5 | mkdir /output 6 | dist=$(cat /tmp/dist) 7 | 8 | # Determine the name of artifact 9 | # The defaut is apisix-dashboard 10 | artifact="apisix-dashboard" 11 | if [ "$ARTIFACT" != "0" ] 12 | then 13 | artifact=${ARTIFACT} 14 | fi 15 | 16 | fpm -f -s dir -t "$PACKAGE_TYPE" \ 17 | --"$PACKAGE_TYPE"-dist "$dist" \ 18 | -n "$artifact" \ 19 | -a "$(uname -i)" \ 20 | -v "$PACKAGE_VERSION" \ 21 | --iteration "$ITERATION" \ 22 | --description 'Apache APISIX Dashboard is designed to make it as easy as possible for users to operate Apache APISIX through a frontend interface.' \ 23 | --license "ASL 2.0" \ 24 | -C /tmp/build/output/apisix/dashboard/ \ 25 | -p /output/ \ 26 | --url 'https://github.com/apache/apisix-dashboard' \ 27 | --config-files usr/lib/systemd/system/apisix-dashboard.service \ 28 | --config-files usr/local/apisix/dashboard/conf/conf.yaml 29 | 30 | # Rename deb file with adding $DIST section 31 | if [ "$PACKAGE_TYPE" == "deb" ] 32 | then 33 | mv /output/apisix-dashboard_"${PACKAGE_VERSION}"-"${ITERATION}"_amd64.deb /output/apisix-dashboard_"${PACKAGE_VERSION}"-"${ITERATION}"~"${dist}"_amd64.deb 34 | fi 35 | -------------------------------------------------------------------------------- /dockerfiles/Dockerfile.apisix.deb: -------------------------------------------------------------------------------- 1 | ARG IMAGE_BASE="ubuntu" 2 | ARG IMAGE_TAG="20.04" 3 | ARG PACKAGE_TYPE 4 | ARG RUNTIME_VERSION 5 | 6 | FROM apache/apisix-runtime-${PACKAGE_TYPE}:${RUNTIME_VERSION} AS APISIX-RUNTIME 7 | FROM ${IMAGE_BASE}:${IMAGE_TAG} 8 | 9 | 10 | 11 | COPY ./utils/install-common.sh /install-common.sh 12 | COPY ./utils/determine-dist.sh /determine-dist.sh 13 | COPY --from=APISIX-RUNTIME /usr/local/openresty /usr/local/openresty 14 | 15 | ENV PATH=$PATH:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/usr/local/openresty/bin 16 | 17 | ARG iteration="0" 18 | ARG apisix_repo="https://github.com/apache/apisix" 19 | ARG checkout_v 20 | ARG IMAGE_BASE 21 | ARG IMAGE_TAG 22 | ARG CODE_PATH 23 | 24 | # install dependencies 25 | RUN apt-get update && apt-get install -y libyaml-dev 26 | RUN /install-common.sh install_apisix_dependencies_deb 27 | 28 | ENV checkout_v=${checkout_v} 29 | ENV iteration=${iteration} 30 | ENV apisix_repo=${apisix_repo} 31 | ENV IMAGE_BASE=${IMAGE_BASE} 32 | ENV IMAGE_TAG=${IMAGE_TAG} 33 | 34 | COPY ${CODE_PATH} /apisix 35 | 36 | # install apisix 37 | RUN /install-common.sh install_apisix \ 38 | # determine dist and write it into /tmp/dist file 39 | && /determine-dist.sh 40 | -------------------------------------------------------------------------------- /dockerfiles/Dockerfile.apisix.rpm: -------------------------------------------------------------------------------- 1 | ARG IMAGE_BASE="registry.access.redhat.com/ubi9/ubi" 2 | ARG IMAGE_TAG="9.6" 3 | 4 | ARG PACKAGE_TYPE 5 | ARG RUNTIME_VERSION 6 | 7 | FROM apache/apisix-runtime-${PACKAGE_TYPE}:${RUNTIME_VERSION} AS APISIX-RUNTIME 8 | FROM ${IMAGE_BASE}:${IMAGE_TAG} 9 | 10 | COPY ./utils/install-common.sh /install-common.sh 11 | COPY ./utils/determine-dist.sh /determine-dist.sh 12 | COPY --from=APISIX-RUNTIME /usr/local/openresty /usr/local/openresty 13 | 14 | ENV PATH=$PATH:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/usr/local/openresty/bin 15 | 16 | ARG iteration="0" 17 | ARG apisix_repo="https://github.com/apache/apisix" 18 | ARG checkout_v 19 | ARG IMAGE_BASE 20 | ARG IMAGE_TAG 21 | ARG CODE_PATH 22 | 23 | # install dependencies 24 | RUN yum install -y libyaml-devel 25 | RUN /install-common.sh install_apisix_dependencies_rpm 26 | 27 | ENV checkout_v=${checkout_v} 28 | ENV iteration=${iteration} 29 | ENV apisix_repo=${apisix_repo} 30 | ENV IMAGE_BASE=${IMAGE_BASE} 31 | ENV IMAGE_TAG=${IMAGE_TAG} 32 | 33 | COPY ${CODE_PATH} /apisix 34 | 35 | # install apisix 36 | RUN /install-common.sh install_apisix \ 37 | # determine dist and write it into /tmp/dist file 38 | && /determine-dist.sh 39 | -------------------------------------------------------------------------------- /package-apisix-runtime.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | set -x 4 | mkdir /output 5 | dist=$(cat /tmp/dist) 6 | codename=$(cat /tmp/codename) 7 | 8 | # Determine the name of artifact 9 | # The defaut is apisix-runtime 10 | artifact="apisix-runtime" 11 | if [ "$ARTIFACT" != "0" ]; then 12 | artifact=${ARTIFACT} 13 | fi 14 | 15 | ARCH=${ARCH:-`(uname -m | tr '[:upper:]' '[:lower:]')`} 16 | 17 | fpm -f -s dir -t "$PACKAGE_TYPE" \ 18 | --"$PACKAGE_TYPE"-dist "$dist" \ 19 | -n "$artifact" \ 20 | -a "$(uname -i)" \ 21 | -v "$RUNTIME_VERSION" \ 22 | --iteration "$ITERATION" \ 23 | --post-install post-install-apisix-runtime.sh \ 24 | --description "APISIX's OpenResty distribution." \ 25 | --license "ASL 2.0" \ 26 | -C /tmp/build/output \ 27 | -p /output \ 28 | --url 'http://apisix.apache.org/' \ 29 | --conflicts openresty \ 30 | --config-files usr/lib/systemd/system/openresty.service \ 31 | --prefix=/usr/local 32 | 33 | PACKAGE_ARCH="amd64" 34 | if [[ $ARCH == "arm64" ]] || [[ $ARCH == "aarch64" ]]; then 35 | PACKAGE_ARCH="arm64" 36 | fi 37 | 38 | if [ "$PACKAGE_TYPE" == "deb" ]; then 39 | # Rename deb file with adding $DIST section 40 | mv /output/apisix-runtime_"${RUNTIME_VERSION}"-"${ITERATION}"_"${PACKAGE_ARCH}".deb /output/apisix-runtime_"${RUNTIME_VERSION}"-"${ITERATION}"~"${dist}"_"${PACKAGE_ARCH}".deb 41 | fi 42 | -------------------------------------------------------------------------------- /test/apisix/Dockerfile.test.apisix.arm64.ubuntu24.04: -------------------------------------------------------------------------------- 1 | ARG IMAGE_BASE="ubuntu" 2 | ARG IMAGE_TAG="24.04" 3 | 4 | FROM ${IMAGE_BASE}:${IMAGE_TAG} 5 | 6 | ARG ETCD_VERSION="v3.4.18" 7 | ARG APISIX_VERSION 8 | ARG IMAGE_BASE 9 | ARG IMAGE_TAG 10 | 11 | ENV RUNNING_ETCD_VERSION=${ETCD_VERSION} 12 | 13 | COPY ./output/apisix_${APISIX_VERSION}-0~${IMAGE_BASE}${IMAGE_TAG}_arm64.deb /apisix_${APISIX_VERSION}-0~${IMAGE_BASE}${IMAGE_TAG}_arm64.deb 14 | COPY ./utils/install-common.sh /install-common.sh 15 | 16 | 17 | RUN set -x \ 18 | && apt-get update \ 19 | && apt-get install -y sudo git libreadline-dev lsb-release libssl-dev perl build-essential \ 20 | && apt-get -y install --no-install-recommends wget gnupg ca-certificates \ 21 | && wget -O - https://openresty.org/package/pubkey.gpg | apt-key add - \ 22 | && echo "deb http://openresty.org/package/arm64/ubuntu $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/openresty.list \ 23 | && apt-get update 24 | 25 | # install apisix 26 | RUN set -x \ 27 | && /install-common.sh install_etcd \ 28 | && apt install -y libldap2-dev libyaml-dev \ 29 | && dpkg -i /apisix_${APISIX_VERSION}-0~${IMAGE_BASE}${IMAGE_TAG}_arm64.deb 30 | 31 | # start etcd and test 32 | CMD ["sh", "-c", "(ETCD_UNSUPPORTED_ARCH=arm64 nohup etcd-$RUNNING_ETCD_VERSION-linux-arm64/etcd >/tmp/etcd.log 2>&1 &) && sleep 10 && apisix start && sleep 3600"] 33 | 34 | EXPOSE 9180 9080 9443 35 | -------------------------------------------------------------------------------- /.github/workflows/push-apisix-base-image.yml: -------------------------------------------------------------------------------- 1 | name: Build and Push image 2 | 3 | on: 4 | create 5 | 6 | jobs: 7 | publish_image: 8 | name: Build and Push apisix-base image 9 | runs-on: ubuntu-latest 10 | steps: 11 | - name: Check out code 12 | uses: actions/checkout@v2.3.5 13 | with: 14 | submodules: recursive 15 | 16 | - name: Extract Tags name 17 | if: ${{ startsWith(github.ref, 'refs/tags/') }} 18 | id: tag_env 19 | shell: bash 20 | run: | 21 | echo "##[set-output name=version;]$(echo ${GITHUB_REF##*/})" 22 | 23 | - name: Extract Tags Type 24 | if: ${{ startsWith(github.ref, 'refs/tags/') }} 25 | id: tag_type 26 | shell: bash 27 | run: | 28 | echo "##[set-output name=version;]$(echo ${GITHUB_REF#refs/tags/})" 29 | 30 | - name: Set up QEMU 31 | uses: docker/setup-qemu-action@v2 32 | 33 | - name: Set up Docker Buildx 34 | uses: docker/setup-buildx-action@v2 35 | 36 | - name: Login to Docker Hub 37 | if: ${{ startsWith(steps.tag_type.outputs.version, 'apisix-base/') }} 38 | uses: docker/login-action@v2 39 | with: 40 | username: ${{ secrets.DOCKERHUB_USERNAME }} 41 | password: ${{ secrets.DOCKERHUB_TOKEN }} 42 | 43 | - name: Build and Push Docker Image 44 | if: ${{ startsWith(steps.tag_type.outputs.version, 'apisix-base/') }} 45 | run: | 46 | docker buildx build -t api7/apisix-base:${{ steps.tag_env.outputs.version }} --push \ 47 | --build-arg VERSION=${{ steps.tag_env.outputs.version }} --platform linux/amd64,linux/arm64 \ 48 | -f ./dockerfiles/Dockerfile.apisix-base.apk . 49 | -------------------------------------------------------------------------------- /test/apisix/Dockerfile.test.apisix.deb.ubuntu24.04: -------------------------------------------------------------------------------- 1 | ARG IMAGE_BASE="ubuntu" 2 | ARG IMAGE_TAG="24.04" 3 | 4 | FROM ${IMAGE_BASE}:${IMAGE_TAG} 5 | 6 | ARG ETCD_VERSION="v3.4.14" 7 | ARG APISIX_VERSION 8 | ARG IMAGE_BASE 9 | ARG IMAGE_TAG 10 | 11 | ENV RUNNING_ETCD_VERSION=${ETCD_VERSION} 12 | 13 | COPY ./output/apisix_${APISIX_VERSION}-0~${IMAGE_BASE}${IMAGE_TAG}_amd64.deb /apisix_${APISIX_VERSION}-0~${IMAGE_BASE}${IMAGE_TAG}_amd64.deb 14 | COPY ./utils/install-common.sh /install-common.sh 15 | 16 | # install 17 | RUN set -x \ 18 | && DEBIAN_FRONTEND=noninteractive apt-get update \ 19 | && DEBIAN_FRONTEND=noninteractive apt-get install -y libreadline-dev lsb-release libpcre3 libpcre3-dev libldap2-dev libssl-dev perl build-essential \ 20 | && DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends wget gnupg ca-certificates \ 21 | && wget -O - https://openresty.org/package/pubkey.gpg | apt-key add - \ 22 | && wget -O - http://repos.apiseven.com/pubkey.gpg | apt-key add - \ 23 | && echo "deb http://openresty.org/package/${arch_path}ubuntu $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/openresty.list \ 24 | && echo "deb http://repos.apiseven.com/packages/debian bullseye main" | tee /etc/apt/sources.list.d/apisix.list \ 25 | && DEBIAN_FRONTEND=noninteractive apt-get update 26 | 27 | # install etcd 28 | RUN /install-common.sh install_etcd 29 | 30 | # install apisix 31 | RUN set -x \ 32 | && apt install -y libldap2-dev libyaml-dev \ 33 | && dpkg -i /apisix_${APISIX_VERSION}-0~${IMAGE_BASE}${IMAGE_TAG}_amd64.deb 34 | 35 | # start etcd and test 36 | CMD ["sh", "-c", "(nohup etcd-$RUNNING_ETCD_VERSION-linux-amd64/etcd >/tmp/etcd.log 2>&1 &) && sleep 10 && apisix start && sleep 3600"] 37 | 38 | EXPOSE 9180 9080 9443 39 | -------------------------------------------------------------------------------- /.github/workflows/push-apisix-runtime-image.yml: -------------------------------------------------------------------------------- 1 | name: Build and Push apisix-runtime image 2 | 3 | on: 4 | create 5 | 6 | jobs: 7 | publish_image: 8 | name: Build and Push apisix-runtime image 9 | runs-on: ubuntu-latest 10 | steps: 11 | - name: Check out code 12 | uses: actions/checkout@v2.3.5 13 | with: 14 | submodules: recursive 15 | 16 | - name: Extract Tags name 17 | if: ${{ startsWith(github.ref, 'refs/tags/') }} 18 | id: tag_env 19 | shell: bash 20 | run: | 21 | echo "##[set-output name=version;]$(echo ${GITHUB_REF##*/})" 22 | 23 | - name: Extract Tags Type 24 | if: ${{ startsWith(github.ref, 'refs/tags/') }} 25 | id: tag_type 26 | shell: bash 27 | run: | 28 | echo "##[set-output name=version;]$(echo ${GITHUB_REF#refs/tags/})" 29 | 30 | - name: Set up QEMU 31 | uses: docker/setup-qemu-action@v2 32 | 33 | - name: Set up Docker Buildx 34 | uses: docker/setup-buildx-action@v2 35 | 36 | - name: Login to Docker Hub 37 | if: ${{ startsWith(steps.tag_type.outputs.version, 'apisix-runtime/') }} 38 | uses: docker/login-action@v2 39 | with: 40 | username: ${{ secrets.DOCKERHUB_USERNAME }} 41 | password: ${{ secrets.DOCKERHUB_TOKEN }} 42 | 43 | - name: Build and Push Docker Image 44 | if: ${{ startsWith(steps.tag_type.outputs.version, 'apisix-runtime/') }} 45 | run: | 46 | docker buildx build -t api7/apisix-runtime:${{ steps.tag_env.outputs.version }} --push \ 47 | --build-arg VERSION=${{ steps.tag_env.outputs.version }} --platform linux/amd64,linux/arm64 \ 48 | -f ./dockerfiles/Dockerfile.apisix-runtime.apk . 49 | -------------------------------------------------------------------------------- /.github/workflows/package-apisix-runtime-deb-openresty-1.21.yml: -------------------------------------------------------------------------------- 1 | name: package apisix-runtime deb for debianbullseye-slim with openresty 1.21 2 | 3 | on: 4 | workflow_dispatch: 5 | inputs: 6 | tag_name: 7 | description: 'Tag name for the release' 8 | required: true 9 | default: '' 10 | 11 | jobs: 12 | build: 13 | timeout-minutes: 60 14 | env: 15 | BUILD_APISIX_RUNTIME_VERSION: 1.1.3 16 | strategy: 17 | matrix: 18 | platform: 19 | - runner: ubuntu-latest 20 | arch: amd64 21 | - runner: ubuntu-24.04-arm 22 | arch: arm64 23 | runs-on: ${{ matrix.platform.runner }} 24 | steps: 25 | - uses: actions/checkout@v2 26 | with: 27 | ref: openresty/1.21.4 28 | 29 | - name: Check arch 30 | run: | 31 | echo "ARCH: ${{ matrix.platform.arch }}" 32 | 33 | - name: Install dependencies 34 | run: | 35 | sudo apt-get install -y make ruby ruby-dev rubygems build-essential 36 | 37 | - name: Build apisix-runtime deb 38 | run: | 39 | if [ "${{ matrix.platform.arch }}" == "arm64" ]; then 40 | make package type=deb app=apisix-runtime runtime_version=${BUILD_APISIX_RUNTIME_VERSION} image_base=debian image_tag=bullseye-slim arch=linux/arm64/v8 41 | else 42 | make package type=deb app=apisix-runtime runtime_version=${BUILD_APISIX_RUNTIME_VERSION} image_base=debian image_tag=bullseye-slim arch=linux/amd64 43 | fi 44 | 45 | - name: Release with Notes 46 | uses: softprops/action-gh-release@v1 47 | with: 48 | tag_name: ${{ github.event.inputs.tag_name }} 49 | body: | 50 | Release apisix-runtime ${{ github.event.inputs.tag_name }} 51 | files: | 52 | ./output/apisix-runtime_${{ env.BUILD_APISIX_RUNTIME_VERSION }}-0~debianbullseye-slim_${{ matrix.platform.arch }}.deb 53 | env: 54 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 55 | 56 | -------------------------------------------------------------------------------- /package-apisix-base.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | set -x 4 | mkdir /output 5 | dist=$(cat /tmp/dist) 6 | codename=$(cat /tmp/codename) 7 | 8 | # Determine the name of artifact 9 | # The defaut is apisix-base 10 | artifact="apisix-base" 11 | if [ "$ARTIFACT" != "0" ]; then 12 | artifact=${ARTIFACT} 13 | fi 14 | 15 | ARCH=${ARCH:-`(uname -m | tr '[:upper:]' '[:lower:]')`} 16 | 17 | openresty_zlib_version="1.2.12-1" 18 | openresty_openssl111_version="1.1.1n-1" 19 | openresty_pcre_version="8.45-1" 20 | if [ "$PACKAGE_TYPE" == "deb" ]; then 21 | pkg_suffix="${codename}1" 22 | openresty_zlib_version="$openresty_zlib_version~$pkg_suffix" 23 | openresty_openssl111_version="$openresty_openssl111_version~$pkg_suffix" 24 | openresty_pcre_version="$openresty_pcre_version~$pkg_suffix" 25 | fi 26 | 27 | fpm -f -s dir -t "$PACKAGE_TYPE" \ 28 | --"$PACKAGE_TYPE"-dist "$dist" \ 29 | -n "$artifact" \ 30 | -a "$(uname -i)" \ 31 | -v "$PACKAGE_VERSION" \ 32 | --iteration "$ITERATION" \ 33 | -x openresty/zlib \ 34 | -x openresty/openssl111 \ 35 | -x openresty/pcre \ 36 | -d "openresty-zlib >= $openresty_zlib_version" \ 37 | -d "openresty-openssl111 >= $openresty_openssl111_version" \ 38 | -d "openresty-pcre >= $openresty_pcre_version" \ 39 | --post-install post-install-apisix-base.sh \ 40 | --description "APISIX's OpenResty distribution." \ 41 | --license "ASL 2.0" \ 42 | -C /tmp/build/output \ 43 | -p /output \ 44 | --url 'http://apisix.apache.org/' \ 45 | --conflicts openresty \ 46 | --config-files usr/lib/systemd/system/openresty.service \ 47 | --prefix=/usr/local 48 | 49 | PACKAGE_ARCH="amd64" 50 | if [[ $ARCH == "arm64" ]] || [[ $ARCH == "aarch64" ]]; then 51 | PACKAGE_ARCH="arm64" 52 | fi 53 | 54 | if [ "$PACKAGE_TYPE" == "deb" ]; then 55 | # Rename deb file with adding $DIST section 56 | mv /output/apisix-base_"${PACKAGE_VERSION}"-"${ITERATION}"_"${PACKAGE_ARCH}".deb /output/apisix-base_"${PACKAGE_VERSION}"-"${ITERATION}"~"${dist}"_"${PACKAGE_ARCH}".deb 57 | fi 58 | -------------------------------------------------------------------------------- /.github/workflows/package-apisix-runtime-deb-ubuntu20.04.yml: -------------------------------------------------------------------------------- 1 | name: package apisix-runtime deb for ubuntu 24.04 2 | 3 | on: 4 | push: 5 | branches: [ master ] 6 | tags: 7 | - "v*" 8 | paths-ignore: 9 | - '*.md' 10 | pull_request: 11 | branches: [ master ] 12 | paths-ignore: 13 | - '*.md' 14 | schedule: 15 | - cron: '0 0 * * *' 16 | 17 | jobs: 18 | build: 19 | runs-on: ubuntu-latest 20 | timeout-minutes: 60 21 | env: 22 | BUILD_APISIX_RUNTIME_VERSION: 1.0.1 23 | steps: 24 | - uses: actions/checkout@v2 25 | 26 | - name: install dependencies 27 | run: | 28 | sudo apt-get install -y make ruby ruby-dev rubygems build-essential 29 | 30 | - name: build apisix-runtime deb 31 | run: | 32 | make package type=deb app=apisix-runtime runtime_version=${BUILD_APISIX_RUNTIME_VERSION} image_base=ubuntu image_tag=24.04 33 | 34 | - name: run ubuntu 24.04 docker and mapping apisix-runtime deb into container 35 | run: | 36 | docker run -itd -v /home/runner/work/apisix-build-tools/apisix-build-tools/output:/output --name ubuntu24.04Instance --net="host" docker.io/ubuntu:24.04 /bin/bash 37 | 38 | - name: install deb in container 39 | run: | 40 | docker exec ubuntu24.04Instance bash -c "dpkg -i /output/apisix-runtime_${BUILD_APISIX_RUNTIME_VERSION}-0~ubuntu24.04_amd64.deb" 41 | 42 | - name: check and ensure apisix-runtime is installed 43 | run: | 44 | docker exec ubuntu24.04Instance bash -c "/usr/local/openresty/bin/etcdctl -h" || exit 1 45 | export APISIX_RUNTIME_VER=$(docker exec ubuntu24.04Instance bash -c "openresty -V" 2>&1 | awk '/-O2 -DAPISIX_RUNTIME_VER=/{print $5}' | awk -v FS="=" '{print $2}') 46 | if [ "$APISIX_RUNTIME_VER" != "${BUILD_APISIX_RUNTIME_VERSION}" ]; then exit 1; fi 47 | 48 | - name: Publish Artifact 49 | uses: actions/upload-artifact@v4.0.0 50 | with: 51 | name: apisix-runtime_${{ env.BUILD_APISIX_RUNTIME_VERSION }}-0~ubuntu24.04_amd64.deb 52 | path: output/apisix-runtime_${{ env.BUILD_APISIX_RUNTIME_VERSION }}-0~ubuntu24.04_amd64.deb 53 | retention-days: 5 54 | if-no-files-found: error 55 | -------------------------------------------------------------------------------- /.github/workflows/package-apisix-runtime-rpm-ubi.yml: -------------------------------------------------------------------------------- 1 | name: package apisix-runtime rpm for ubi 2 | 3 | on: 4 | push: 5 | branches: [ master ] 6 | tags: 7 | - "v*" 8 | paths-ignore: 9 | - '*.md' 10 | pull_request: 11 | branches: [ master ] 12 | paths-ignore: 13 | - '*.md' 14 | 15 | jobs: 16 | build: 17 | runs-on: ubuntu-latest 18 | timeout-minutes: 60 19 | env: 20 | BUILD_APISIX_RUNTIME_VERSION: 1.0.1 21 | steps: 22 | - uses: actions/checkout@v2 23 | 24 | - name: install dependencies 25 | run: | 26 | sudo apt-get install -y make ruby ruby-dev rubygems build-essential 27 | 28 | - name: build apisix-runtime rpm 29 | run: | 30 | make package type=rpm app=apisix-runtime runtime_version=${BUILD_APISIX_RUNTIME_VERSION} image_base=registry.access.redhat.com/ubi9/ubi image_tag=9.6 31 | 32 | - name: run ubi9 docker and mapping apisix-runtime rpm into container 33 | run: | 34 | docker run -itd -v /home/runner/work/apisix-build-tools/apisix-build-tools/output:/output --name ubiInstance --net="host" registry.access.redhat.com/ubi9/ubi:9.6 /bin/bash 35 | 36 | - name: install rpm in container 37 | run: | 38 | docker exec ubiInstance bash -c "ls -la /output" 39 | docker exec ubiInstance bash -c "yum -y localinstall /output/apisix-runtime-${BUILD_APISIX_RUNTIME_VERSION}-0.ubi9.6.x86_64.rpm" 40 | 41 | - name: check and ensure apisix-runtime is installed 42 | run: | 43 | docker exec ubiInstance bash -c "/usr/local/openresty/bin/etcdctl -h" || exit 1 44 | export APISIX_RUNTIME_VER=$(docker exec ubiInstance bash -c "openresty -V" 2>&1 | awk '/-O2 -DAPISIX_RUNTIME_VER=/{print $5}' | awk -v FS="=" '{print $2}') 45 | if [ "$APISIX_RUNTIME_VER" != "${BUILD_APISIX_RUNTIME_VERSION}" ]; then exit 1; fi 46 | 47 | - name: Publish Artifact 48 | uses: actions/upload-artifact@v4.0.0 49 | with: 50 | name: apisix-runtime-${{ env.BUILD_APISIX_RUNTIME_VERSION }}-0.ubi9.6.x86_64.rpm 51 | path: output/apisix-runtime-${{ env.BUILD_APISIX_RUNTIME_VERSION }}-0.ubi9.6.x86_64.rpm 52 | retention-days: 5 53 | if-no-files-found: error 54 | -------------------------------------------------------------------------------- /.github/workflows/package-apisix-dashboard-deb-ubuntu20.04.yml: -------------------------------------------------------------------------------- 1 | name: package apisix-dashboard deb for ubuntu 20.04(Focal Fossa) 2 | 3 | on: 4 | push: 5 | branches: [ master ] 6 | tags: 7 | - "v*" 8 | paths-ignore: 9 | - '*.md' 10 | pull_request: 11 | branches: [ master ] 12 | paths-ignore: 13 | - '*.md' 14 | schedule: 15 | - cron: '0 0 * * *' 16 | 17 | jobs: 18 | build: 19 | runs-on: ubuntu-latest 20 | timeout-minutes: 60 21 | env: 22 | DASHBOARD_VERSION: "3.0.1" 23 | DASHBOARD_BRANCH: "release/3.0" 24 | services: 25 | etcd: 26 | image: bitnami/etcd:3.4.0 27 | ports: 28 | - 2379:2379 29 | - 2380:2380 30 | env: 31 | ALLOW_NONE_AUTHENTICATION: yes 32 | ETCD_ADVERTISE_CLIENT_URLS: http://0.0.0.0:2379 33 | 34 | steps: 35 | - uses: actions/checkout@v2 36 | 37 | - name: install dependencies 38 | run: | 39 | sudo apt-get install -y make build-essential 40 | 41 | - name: package apisix-dashboard 42 | run: | 43 | make package type=deb app=dashboard version=${DASHBOARD_VERSION} checkout=${DASHBOARD_BRANCH} image_base=ubuntu image_tag=20.04 44 | 45 | - name: run ubuntu 20.04 docker and mapping deb into container 46 | run: | 47 | docker run -itd -v $PWD/output:/apisix-dashboard --name ubuntu20.04Instance --net="host" docker.io/ubuntu:20.04 /bin/bash 48 | 49 | - name: install deb package 50 | run: | 51 | docker exec ubuntu20.04Instance bash -c "dpkg -i /apisix-dashboard/apisix-dashboard_${DASHBOARD_VERSION}-0~ubuntu20.04_amd64.deb" 52 | docker logs ubuntu20.04Instance 53 | docker exec ubuntu20.04Instance bash -c "cd /usr/local/apisix/dashboard/ && nohup ./manager-api &" 54 | 55 | - name: run test cases 56 | run: | 57 | code=$(curl -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9000) 58 | if [ ! $code -eq 200 ]; then 59 | echo "failed: failed to install Apache APISIX Dashboard by deb" 60 | exit 1 61 | fi 62 | 63 | - name: Publish Artifact 64 | uses: actions/upload-artifact@v4.0.0 65 | with: 66 | name: apisix-dashboard_${{ env.DASHBOARD_VERSION }}-0~ubuntu20.04_amd64.deb 67 | path: output/apisix-dashboard_${{ env.DASHBOARD_VERSION }}-0~ubuntu20.04_amd64.deb 68 | retention-days: 5 69 | if-no-files-found: error 70 | -------------------------------------------------------------------------------- /.github/workflows/package-apisix-deb-ubuntu20.04.yml: -------------------------------------------------------------------------------- 1 | name: package apisix deb for ubuntu 24.04 2 | 3 | on: 4 | push: 5 | branches: [ master ] 6 | tags: 7 | - "v*" 8 | paths-ignore: 9 | - '*.md' 10 | pull_request: 11 | branches: [ master ] 12 | paths-ignore: 13 | - '*.md' 14 | schedule: 15 | - cron: '0 0 * * *' 16 | 17 | jobs: 18 | build: 19 | runs-on: ubuntu-latest 20 | timeout-minutes: 60 21 | env: 22 | PACKAGE_APISIX_VERSION: 0.0.0 23 | APISIX_VERSION: master 24 | steps: 25 | - uses: actions/checkout@v2 26 | 27 | - name: install dependencies 28 | run: | 29 | sudo apt-get install -y make 30 | # install node.js and pnpm 31 | sudo n lts 32 | corepack enable pnpm 33 | 34 | - name: run apisix packaging 35 | run: | 36 | make package type=deb app=apisix version=${PACKAGE_APISIX_VERSION} checkout=${APISIX_VERSION} image_base=ubuntu image_tag=24.04 37 | 38 | - name: install apisix deb into container 39 | run: | 40 | docker build -t apache/apisix:${PACKAGE_APISIX_VERSION}-deb-test --build-arg APISIX_VERSION=${PACKAGE_APISIX_VERSION} -f test/apisix/Dockerfile.test.apisix.deb.ubuntu24.04 . 41 | 42 | - name: start apisix and test 43 | run: | 44 | docker run -d --name apisix-${PACKAGE_APISIX_VERSION}-deb-test -v $(pwd)/test/apisix/config.yaml:/usr/local/apisix/conf/config.yaml -p 9180:9180 -p 9080:9080 -p 9443:9443 apache/apisix:${PACKAGE_APISIX_VERSION}-deb-test 45 | sleep 20 46 | 47 | docker ps -a 48 | docker logs apisix-${PACKAGE_APISIX_VERSION}-deb-test 49 | 50 | curl http://127.0.0.1:9180/apisix/admin/routes/1 \ 51 | -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' 52 | { 53 | "uri": "/get", 54 | "upstream": { 55 | "type": "roundrobin", 56 | "nodes": { 57 | "httpbin.org:80": 1 58 | } 59 | } 60 | }' 61 | result_code=`curl -I -m 10 -o /dev/null -s -w %{http_code} http://127.0.0.1:9080/get` 62 | if [[ $result_code -ne 200 ]]; then 63 | printf "result_code: %s\n" "$result_code" 64 | exit 125 65 | fi 66 | 67 | code=$(curl -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/ui/) 68 | if [ ! $code -eq 200 ]; then 69 | echo "failed: failed to access Apache APISIX UI" 70 | exit 1 71 | fi 72 | 73 | - name: Publish Artifact 74 | uses: actions/upload-artifact@v4.0.0 75 | with: 76 | name: apisix_${{ env.PACKAGE_APISIX_VERSION }}-0~ubuntu24.04_amd64.deb 77 | path: output/apisix_${{ env.PACKAGE_APISIX_VERSION }}-0~ubuntu24.04_amd64.deb 78 | retention-days: 5 79 | if-no-files-found: error 80 | -------------------------------------------------------------------------------- /package-apisix.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | set -x 4 | mkdir /output 5 | dist=$(cat /tmp/dist) 6 | 7 | ARCH=${ARCH:-`(uname -m | tr '[:upper:]' '[:lower:]')`} 8 | 9 | # Determine the dependencies 10 | dep_ldap="openldap-devel" 11 | dep_libyaml="libyaml-devel" 12 | if [ "$PACKAGE_TYPE" == "deb" ] 13 | then 14 | # the pkg contains the so library could be libldap-2.5 or libldap-2.4-2 15 | dep_ldap="libldap2-dev" 16 | dep_libyaml="libyaml-dev" 17 | fi 18 | dep_pcre="pcre" 19 | if [ "$PACKAGE_TYPE" == "deb" ] 20 | then 21 | dep_pcre="libpcre3" 22 | fi 23 | dep_which="which" 24 | if [ "$PACKAGE_TYPE" == "deb" ] 25 | then 26 | dep_which="debianutils" 27 | fi 28 | 29 | # Determine the min version of openresty or apisix-base 30 | if [ "$OPENRESTY" == "apisix-base" ] 31 | then 32 | min_or_version="1.21.4.1.7" 33 | max_or_version="1.21.5" 34 | elif [ "$OPENRESTY" == "apisix-base-latest" ] 35 | then 36 | # For CI 37 | OPENRESTY="apisix-base" 38 | min_or_version="latest" 39 | max_or_version="latest-1" 40 | else 41 | min_or_version="1.19.3.2" 42 | max_or_version="1.21.5" 43 | fi 44 | 45 | # Determine the name of artifact 46 | # The defaut is apisix 47 | artifact="apisix" 48 | if [ "$ARTIFACT" != "0" ] 49 | then 50 | artifact=${ARTIFACT} 51 | fi 52 | 53 | if [ "$OPENRESTY" == "apisix-runtime" ] 54 | then 55 | fpm -f -s dir -t "$PACKAGE_TYPE" \ 56 | --"$PACKAGE_TYPE"-dist "$dist" \ 57 | -n "$artifact" \ 58 | -a "$(uname -i)" \ 59 | -v "$PACKAGE_VERSION" \ 60 | --iteration "$ITERATION" \ 61 | -d "$dep_ldap" \ 62 | -d "$dep_pcre" \ 63 | -d "$dep_which" \ 64 | -d "$dep_libyaml" \ 65 | --post-install post-install-apisix-runtime.sh \ 66 | --description 'Apache APISIX is a distributed gateway for APIs and Microservices, focused on high performance and reliability.' \ 67 | --license "ASL 2.0" \ 68 | -C /tmp/build/output/apisix \ 69 | -p /output \ 70 | --url 'http://apisix.apache.org/' \ 71 | --config-files usr/lib/systemd/system/apisix.service \ 72 | --config-files usr/lib/systemd/system/openresty.service \ 73 | --config-files usr/local/apisix/conf/config.yaml 74 | else 75 | fpm -f -s dir -t "$PACKAGE_TYPE" \ 76 | --"$PACKAGE_TYPE"-dist "$dist" \ 77 | -n "$artifact" \ 78 | -a "$(uname -i)" \ 79 | -v "$PACKAGE_VERSION" \ 80 | --iteration "$ITERATION" \ 81 | -d "$OPENRESTY >= $min_or_version" \ 82 | -d "$OPENRESTY < $max_or_version" \ 83 | -d "$dep_ldap" \ 84 | -d "$dep_pcre" \ 85 | -d "$dep_which" \ 86 | --description 'Apache APISIX is a distributed gateway for APIs and Microservices, focused on high performance and reliability.' \ 87 | --license "ASL 2.0" \ 88 | -C /tmp/build/output/apisix \ 89 | -p /output \ 90 | --url 'http://apisix.apache.org/' \ 91 | --config-files usr/lib/systemd/system/apisix.service \ 92 | --config-files usr/local/apisix/conf/config.yaml 93 | fi 94 | 95 | PACKAGE_ARCH="amd64" 96 | if [[ $ARCH == "arm64" ]] || [[ $ARCH == "aarch64" ]]; then 97 | PACKAGE_ARCH="arm64" 98 | fi 99 | 100 | # Rename deb file with adding $DIST section 101 | if [ "$PACKAGE_TYPE" == "deb" ] 102 | then 103 | mv /output/apisix_${PACKAGE_VERSION}-${ITERATION}_"${PACKAGE_ARCH}".deb /output/apisix_${PACKAGE_VERSION}-${ITERATION}~${dist}_"${PACKAGE_ARCH}".deb 104 | fi 105 | -------------------------------------------------------------------------------- /dockerfiles/Dockerfile.apisix-base.apk: -------------------------------------------------------------------------------- 1 | ARG IMAGE_BASE="alpine" 2 | ARG IMAGE_TAG="3.15" 3 | 4 | FROM ${IMAGE_BASE}:${IMAGE_TAG} as build 5 | 6 | COPY ./utils/build-common.sh \ 7 | ./utils/install-common.sh \ 8 | build-apisix-base.sh \ 9 | ./utils/determine-dist.sh \ 10 | /tmp/ 11 | 12 | 13 | ARG RESTY_OPENSSL_VERSION="1.1.1g" 14 | ARG RESTY_OPENSSL_PATCH_VERSION="1.1.1f" 15 | ARG RESTY_OPENSSL_URL_BASE="https://www.openssl.org/source" 16 | ARG RESTY_PCRE_VERSION="8.44" 17 | ARG RESTY_J="1" 18 | ARG RESTY_EVAL_PRE_CONFIGURE="" 19 | ARG VERSION 20 | 21 | LABEL resty_image_base="${RESTY_IMAGE_BASE}" 22 | LABEL resty_image_tag="${IMAGE_TAG}" 23 | LABEL resty_openssl_version="${RESTY_OPENSSL_VERSION}" 24 | LABEL resty_openssl_patch_version="${RESTY_OPENSSL_PATCH_VERSION}" 25 | LABEL resty_openssl_url_base="${RESTY_OPENSSL_URL_BASE}" 26 | LABEL resty_pcre_version="${RESTY_PCRE_VERSION}" 27 | LABEL resty_eval_pre_configure="${RESTY_EVAL_PRE_CONFIGURE}" 28 | 29 | 30 | ENV PATH=$PATH:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/usr/local/openresty/bin 31 | 32 | RUN apk add --no-cache \ 33 | build-base \ 34 | coreutils \ 35 | curl \ 36 | gd \ 37 | gd-dev \ 38 | geoip \ 39 | geoip-dev \ 40 | libxslt \ 41 | libxslt-dev \ 42 | linux-headers \ 43 | make \ 44 | perl-dev \ 45 | readline-dev \ 46 | zlib \ 47 | zlib-dev \ 48 | unzip \ 49 | git \ 50 | sudo \ 51 | bash \ 52 | libstdc++ 53 | 54 | # install latest Rust to build wasmtime 55 | RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y 56 | 57 | RUN cd /tmp \ 58 | && if [ -n "${RESTY_EVAL_PRE_CONFIGURE}" ]; then eval $(echo ${RESTY_EVAL_PRE_CONFIGURE}); fi \ 59 | && cd /tmp \ 60 | && curl -fSL "${RESTY_OPENSSL_URL_BASE}/openssl-${RESTY_OPENSSL_VERSION}.tar.gz" -o openssl-${RESTY_OPENSSL_VERSION}.tar.gz \ 61 | && tar xzf openssl-${RESTY_OPENSSL_VERSION}.tar.gz \ 62 | && cd openssl-${RESTY_OPENSSL_VERSION} \ 63 | && echo 'patching OpenSSL 1.1.1 for OpenResty' \ 64 | && curl -s https://raw.githubusercontent.com/openresty/openresty/master/patches/openssl-${RESTY_OPENSSL_PATCH_VERSION}-sess_set_get_cb_yield.patch | patch -p1 \ 65 | && ./config \ 66 | no-threads shared zlib -g \ 67 | enable-ssl3 enable-ssl3-method \ 68 | --prefix=/usr/local/openresty/openssl111 \ 69 | --libdir=lib \ 70 | -Wl,-rpath,/usr/local/openresty/openssl111/lib \ 71 | && make -j${RESTY_J} \ 72 | && make -j${RESTY_J} install_sw 73 | 74 | RUN cd /tmp \ 75 | && curl -fSL https://downloads.sourceforge.net/project/pcre/pcre/${RESTY_PCRE_VERSION}/pcre-${RESTY_PCRE_VERSION}.tar.gz -o pcre-${RESTY_PCRE_VERSION}.tar.gz \ 76 | && tar xzf pcre-${RESTY_PCRE_VERSION}.tar.gz \ 77 | && cd /tmp/pcre-${RESTY_PCRE_VERSION} \ 78 | && ./configure \ 79 | --prefix=/usr/local/openresty/pcre \ 80 | --disable-cpp \ 81 | --enable-jit \ 82 | --enable-utf \ 83 | --enable-unicode-properties \ 84 | && make -j${RESTY_J} \ 85 | && make -j${RESTY_J} install 86 | 87 | ENV version=${VERSION} 88 | RUN cd /tmp \ 89 | && curl --version \ 90 | && source /root/.cargo/env \ 91 | && ./build-common.sh build_apisix_base_apk \ 92 | && rm /usr/local/openresty/wasmtime-c-api/lib/libwasmtime.a \ 93 | && rm /usr/local/openresty/wasmtime-c-api/lib/libwasmtime.d \ 94 | && /usr/local/openresty/bin/openresty -V 95 | 96 | 97 | FROM ${IMAGE_BASE}:${IMAGE_TAG} as prod 98 | 99 | COPY --from=build /usr/local/openresty /usr/local/openresty 100 | 101 | RUN apk add --no-cache \ 102 | gd \ 103 | geoip \ 104 | libxslt \ 105 | zlib \ 106 | libstdc++ \ 107 | && apk add --no-cache --virtual .build-deps \ 108 | curl \ 109 | make \ 110 | sudo \ 111 | && curl https://raw.githubusercontent.com/apache/apisix/master/utils/linux-install-luarocks.sh -sL | sh - \ 112 | && apk del .build-deps 113 | 114 | 115 | ENV PATH=$PATH:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/usr/local/openresty/bin 116 | 117 | CMD /bin/sh 118 | -------------------------------------------------------------------------------- /.github/workflows/package-apisix-rpm-ubi.yml: -------------------------------------------------------------------------------- 1 | name: package apisix rpm for ubi 2 | 3 | on: 4 | push: 5 | branches: [ master ] 6 | tags: 7 | - "v*" 8 | paths-ignore: 9 | - '*.md' 10 | pull_request: 11 | branches: [ master ] 12 | paths-ignore: 13 | - '*.md' 14 | 15 | jobs: 16 | build: 17 | runs-on: ubuntu-latest 18 | timeout-minutes: 60 19 | env: 20 | APISIX_VERSION: master 21 | services: 22 | etcd: 23 | image: bitnami/etcd:3.4.0 24 | ports: 25 | - 2379:2379 26 | - 2380:2380 27 | env: 28 | ALLOW_NONE_AUTHENTICATION: yes 29 | ETCD_ADVERTISE_CLIENT_URLS: http://0.0.0.0:2379 30 | 31 | steps: 32 | - uses: actions/checkout@v2 33 | 34 | - name: install dependencies 35 | run: | 36 | sudo apt-get install -y make ruby ruby-dev rubygems build-essential 37 | sudo gem install --no-document fpm 38 | sudo apt-get install -y rpm 39 | # install node.js and pnpm 40 | sudo n lts 41 | corepack enable pnpm 42 | 43 | - name: packaging APISIX(-remote) with remote code 44 | run: | 45 | make package type=rpm app=apisix version=master checkout=${APISIX_VERSION} image_base=registry.access.redhat.com/ubi9/ubi image_tag=9.6 artifact=apisix-remote 46 | 47 | - name: packaging APISIX(-local) with local code 48 | run: | 49 | git clone -b ${APISIX_VERSION} https://github.com/apache/apisix.git 50 | ./build-apisix-dashboard.sh ./apisix 51 | make package type=rpm app=apisix version=master checkout=${APISIX_VERSION} image_base=registry.access.redhat.com/ubi9/ubi image_tag=9.6 local_code_path=./apisix artifact=apisix-local 52 | 53 | - name: Publish Artifact 54 | uses: actions/upload-artifact@v4.0.0 55 | with: 56 | name: apisix-remote-master-0.ubi9.6.x86_64.rpm 57 | path: output/apisix-remote-master-0.ubi9.6.x86_64.rpm 58 | retention-days: 5 59 | if-no-files-found: error 60 | 61 | - name: run ubi9 docker and mapping rpm into container 62 | run: | 63 | docker run -itd -v $PWD/output:/output -v $(pwd)/test/apisix/config.yaml:/usr/local/apisix/conf/config.yaml --name ubiInstance --net="host" registry.access.redhat.com/ubi9/ubi:9.6 /bin/bash 64 | 65 | - name: install APISIX(-remote) master by rpm in container 66 | run: | 67 | docker exec ubiInstance bash -c "yum -y localinstall /output/apisix-remote-master-0.ubi9.6.x86_64.rpm" 68 | docker exec ubiInstance bash -c "apisix start" 69 | 70 | - name: check and ensure APISIX(-remote) master is installed 71 | run: | 72 | code=$(curl -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/apisix/admin/routes -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1') 73 | if [ ! $code -eq 200 ]; then 74 | echo "failed: failed to install Apache APISIX by rpm" 75 | exit 1 76 | fi 77 | 78 | - name: stop and uninstall APISIX(-remote) master 79 | run: | 80 | docker exec ubiInstance bash -c 'yum -y install procps-ng' 81 | docker exec ubiInstance bash -c 'PIDS=$(pgrep -f nginx); for PID in $PIDS; do kill -TERM $PID; done' || echo "this echo will make exit code 0" 82 | docker exec ubiInstance bash -c "yum -y erase apisix-remote-master" 83 | 84 | - name: install APISIX(-local) by rpm in container 85 | run: | 86 | docker exec ubiInstance bash -c "yum -y localinstall /output/apisix-local-master-0.ubi9.6.x86_64.rpm" 87 | docker exec ubiInstance bash -c "apisix start" 88 | 89 | - name: check and ensure APISIX(-local) is installed 90 | run: | 91 | code=$(curl -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/apisix/admin/routes -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1') 92 | if [ ! $code -eq 200 ]; then 93 | echo "failed: failed to install Apache APISIX by rpm" 94 | exit 1 95 | fi 96 | 97 | code=$(curl -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/ui/) 98 | if [ ! $code -eq 200 ]; then 99 | echo "failed: failed to access Apache APISIX UI" 100 | exit 1 101 | fi 102 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | 19 | 20 | 21 | ## Table of Contents 22 | 23 | - [2.5.1](#251) 24 | - [2.5.0](#250) 25 | - [2.4.0](#240) 26 | - [2.3.0](#230) 27 | - [2.2.1](#221) 28 | - [2.2.0](#220) 29 | - [2.1.0](#210) 30 | - [2.0.0](#200) 31 | 32 | ## 2.5.1 33 | 34 | This release update wasm-nginx-module 35 | 36 | ### New Feature 37 | 38 | - feat: update wasm-nginx-module to 0.6.5 [#328](https://github.com/api7/apisix-build-tools/issues/328) 39 | 40 | ## 2.5.0 41 | 42 | This release contains serveral new features and important bugfixes. 43 | 44 | ### New Feature 45 | - feat: Update apisix-build-tools workflow: add parameter "timeout-minutes: 60" in all files [#124](https://github.com/api7/apisix-build-tools/pull/124) 46 | - ci: auto build and push apisix-base image [#118](https://github.com/api7/apisix-build-tools/pull/118) 47 | - ci(workflow): auto build and publish rpm package [#115](https://github.com/api7/apisix-build-tools/pull/115) 48 | - feat: build apisix-base docker image [#114](https://github.com/api7/apisix-build-tools/pull/114) 49 | - feat: release wasm-nginx-module 0.1.0 [#116](https://github.com/api7/apisix-build-tools/pull/116) 50 | - chore: Use apache apisix rpm repository [#111](https://github.com/api7/apisix-build-tools/pull/111) 51 | 52 | ### Bugfix 53 | - ci: Fix incorrect shebang in rpm package for 2.10.x [#125](https://github.com/api7/apisix-build-tools/pull/125) 54 | - fix: Add ldap dev dependency for building apisix [#112](https://github.com/api7/apisix-build-tools/pull/112) 55 | 56 | ## 2.4.0 57 | 58 | This release mainly contains several new features. 59 | 60 | ### New Feature 61 | - ci: Disable CI for doc changes [#106](https://github.com/api7/apisix-build-tools/pull/106) 62 | - feat: add wasm-nginx-module [#98](https://github.com/api7/apisix-build-tools/pull/98) 63 | - chore: Ignore cert check when downloading openresty [#105](https://github.com/api7/apisix-build-tools/pull/105) 64 | 65 | ## 2.3.0 66 | 67 | This release mainly contains two new features. 68 | 69 | ### New Feature 70 | - chore: Rename apisix-openresty to apisix-base [#103](https://github.com/api7/apisix-build-tools/pull/103) 71 | - ci: Upload apisix-openresty/apisix/dashboard artifact [#102](https://github.com/api7/apisix-build-tools/pull/102) 72 | 73 | ## 2.2.1 74 | 75 | This release mainly contains two important bugfixes, as well as a feature. 76 | 77 | ### New Feature 78 | - feat: add apisix-openresty deb support [#92](https://github.com/api7/apisix-build-tools/pull/92) 79 | 80 | ### Bugfix 81 | - ci: Fix no setting config files [95](https://github.com/api7/apisix-build-tools/pull/95) 82 | - fix: failed to get metalink from epel [#93](https://github.com/api7/apisix-build-tools/pull/93) 83 | 84 | ## 2.2.0 85 | 86 | This release mainly contains several new features, as well as a bugfix. 87 | 88 | ### New Feature 89 | - ci: Using Buildx as Docker builder [#74](https://github.com/api7/apisix-build-tools/pull/74) 90 | - feat: add apisix dashboard deb support [#82](https://github.com/api7/apisix-build-tools/pull/82) 91 | - feat: Reduce CI files with combined test [#86](https://github.com/api7/apisix-build-tools/pull/86) 92 | - docs: update the recommened way to build APISIX OpenResty [#85](https://github.com/api7/apisix-build-tools/pull/85) 93 | 94 | ### Bugfix 95 | - fix: failed to get metalink from epel [#88](https://github.com/api7/apisix-build-tools/pull/88) 96 | 97 | ## 2.1.0 98 | 99 | This release mainly contains several new features. 100 | 101 | ### New Feature 102 | - feat: Support setting artifact name [#83](https://github.com/api7/apisix-build-tools/pull/83) 103 | - feat: upgrade apisix_nginx_module_ver [#81](https://github.com/api7/apisix-build-tools/pull/81) 104 | - feat: Support packaging apisix which depends on apisix-openresty [#80](https://github.com/api7/apisix-build-tools/pull/80) 105 | - feat: Support use local code for packaging [#79](https://github.com/api7/apisix-build-tools/pull/79) 106 | 107 | 108 | ## 2.0.0 109 | 110 | This release is the initial release, which is mainly to support building apisix, 111 | apisix-dashboard and apisix-openrestyboth for rpm and deb artifacts. 112 | 113 | 114 | [Back to TOC](#table-of-contents) 115 | -------------------------------------------------------------------------------- /.github/workflows/publish-deb.yml: -------------------------------------------------------------------------------- 1 | name: Build and Publish DEB Package 2 | 3 | on: 4 | push: 5 | tags: 6 | - "apisix/*" 7 | 8 | concurrency: 9 | group: ${{ github.workflow }}-${{ github.ref == 'refs/heads/main' && github.run_number || github.ref }} 10 | cancel-in-progress: true 11 | 12 | jobs: 13 | publish_apisix: 14 | name: Build and Publish deb Package 15 | strategy: 16 | fail-fast: false 17 | matrix: 18 | platform: 19 | - runner: ubuntu-latest 20 | arch: amd64 21 | - runner: ubuntu-24.04-arm 22 | arch: arm64 23 | target: 24 | - os: debian 25 | codename: bullseye 26 | release: bullseye-slim 27 | - os: ubuntu 28 | codename: noble 29 | release: 24.04 30 | runs-on: ${{ matrix.platform.runner }} 31 | timeout-minutes: 60 32 | env: 33 | VAR_DEB_WORKBENCH_DIR: /tmp/output 34 | VAR_COS_BUCKET_REPO: ${{ secrets.VAR_COS_BUCKET_REPO }} 35 | VAR_COS_BUCKET_CI: ${{ secrets.VAR_COS_BUCKET_CI }} 36 | VAR_OS: ${{ matrix.target.os }} 37 | VAR_CODENAME: ${{ matrix.target.codename }} 38 | VAR_OS_RELEASE: ${{ matrix.target.release }} 39 | ARCH: ${{ matrix.platform.arch }} 40 | 41 | steps: 42 | - name: Check out code 43 | uses: actions/checkout@v2.3.5 44 | with: 45 | submodules: recursive 46 | 47 | - name: Init basic publish env 48 | run: | 49 | sudo apt-get update 50 | # install node.js and pnpm 51 | sudo n lts 52 | corepack enable pnpm 53 | mkdir -p "${VAR_DEB_WORKBENCH_DIR}" 54 | 55 | - name: Extract Tags version 56 | if: ${{ startsWith(github.ref, 'refs/tags/') }} 57 | shell: bash 58 | run: | 59 | echo "TAG_VERSION=${GITHUB_REF##*/}" >> "$GITHUB_ENV" 60 | 61 | - name: Extract Tags Type 62 | if: ${{ startsWith(github.ref, 'refs/tags/') }} 63 | shell: bash 64 | run: | 65 | type=$(echo ${GITHUB_REF} | awk -F '/' '{print $3}') 66 | echo "TAG_TYPE=${type}" >> "$GITHUB_ENV" 67 | 68 | - name: Check Tags Type 69 | if: ${{ env.TAG_TYPE != 'apisix' && env.TAG_TYPE != 'apisix-base' }} 70 | run: | 71 | echo "##[error]Tag type is not correct, or not support, please check it." 72 | exit 1 73 | 74 | - name: Build apisix-base deb Package 75 | if: ${{ env.TAG_TYPE == 'apisix-base' }} 76 | run: | 77 | make package type=deb app=${TAG_TYPE} checkout=${TAG_VERSION} version=${TAG_VERSION} image_base=${VAR_OS} image_tag=${VAR_OS_RELEASE} openresty=apisix-base 78 | mv ./output/${TAG_TYPE}_${TAG_VERSION}-0~${VAR_OS}${VAR_OS_RELEASE}_${ARCH}.deb ${VAR_DEB_WORKBENCH_DIR} 79 | 80 | - name: Build apisix deb Package 81 | if: ${{ env.TAG_TYPE == 'apisix' }} 82 | run: | 83 | wget https://raw.githubusercontent.com/apache/apisix/${TAG_VERSION}/.requirements && source .requirements 84 | 85 | make package type=deb app=${TAG_TYPE} checkout=${TAG_VERSION} version=${TAG_VERSION} image_base=${VAR_OS} image_tag=${VAR_OS_RELEASE} openresty=apisix-runtime runtime_version=${APISIX_RUNTIME} 86 | mv ./output/${TAG_TYPE}_${TAG_VERSION}-0~${VAR_OS}${VAR_OS_RELEASE}_${ARCH}.deb ${VAR_DEB_WORKBENCH_DIR} 87 | 88 | - name: Build apisix-runtime deb Package 89 | if: ${{ env.TAG_TYPE == 'apisix-runtime' }} 90 | run: | 91 | echo build ${TAG_TYPE} deb package 92 | echo version ${TAG_VERSION} 93 | 94 | make package type=deb app=${TAG_TYPE} checkout=${TAG_VERSION} version=${TAG_VERSION} image_base=${VAR_OS} image_tag=${VAR_OS_RELEASE} openresty=apisix-runtime 95 | mv ./output/${TAG_TYPE}_${TAG_VERSION}-0~${VAR_OS}${VAR_OS_RELEASE}_${ARCH}.deb ${VAR_DEB_WORKBENCH_DIR} 96 | 97 | - name: Upload apisix/apisix-runtime/apisix-base Artifact 98 | uses: actions/upload-artifact@v4.0.0 99 | with: 100 | name: "${{ env.TAG_TYPE }}_${{ env.TAG_VERSION }}-0~${{ env.VAR_OS }}${{ env.VAR_OS_RELEASE }}_${{ env.ARCH }}.deb" 101 | path: "${{ env.VAR_DEB_WORKBENCH_DIR }}/${{ env.TAG_TYPE}}_${{ env.TAG_VERSION }}-0~${{ env.VAR_OS }}${{ env.VAR_OS_RELEASE }}_${{ env.ARCH }}.deb" 102 | 103 | - name: DEB repo deps init 104 | env: 105 | TENCENT_COS_SECRETID: ${{ secrets.TENCENT_COS_SECRETID }} 106 | TENCENT_COS_SECRETKEY: ${{ secrets.TENCENT_COS_SECRETKEY }} 107 | run: | 108 | sudo pip install coscmd 109 | sudo -E ./utils/publish-deb.sh init_cos_utils 110 | 111 | - name: DEB repo init for debian 112 | run: | 113 | sudo -E ./utils/publish-deb.sh repo_clone 114 | 115 | - name: DEB repo package update 116 | env: 117 | DEB_GPG_MAIL: ${{ secrets.DEB_GPG_MAIL }} 118 | GPG_NAME: ${{ secrets.GPG_NAME }} 119 | GPG_MAIL: ${{ secrets.GPG_MAIL }} 120 | run: | 121 | echo "${{ secrets.DEB_GPG_PRIV_KEY }}" >> /tmp/deb-gpg-publish.private 122 | echo "${{ secrets.DEB_GPG_PASSPHRASE }}" >> /tmp/deb-gpg-publish.passphrase 123 | sudo -E ./utils/publish-deb.sh init_freight_utils 124 | sudo -E ./utils/publish-deb.sh init_gpg 125 | 126 | - name: DEB repo backup for debian 127 | run: | 128 | sudo -E ./utils/publish-deb.sh dists_backup 129 | 130 | - name: DEB repo refresh for debian 131 | run: | 132 | sudo -E ./utils/publish-deb.sh repo_rebuild 133 | sudo -E ./utils/publish-deb.sh repo_ci_upload 134 | 135 | - name: DEB repo publish for debian 136 | env: 137 | UPLOAD_TARGET_FILE: "${{ env.TAG_TYPE }}_${{ env.TAG_VERSION }}-0_${{ env.ARCH }}.deb" 138 | run: | 139 | sudo -E ./utils/publish-deb.sh repo_upload 140 | sudo -E ./utils/publish-deb.sh repo_publish 141 | -------------------------------------------------------------------------------- /utils/build-common.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | set -x 4 | 5 | ARCH=${ARCH:-`(uname -m | tr '[:upper:]' '[:lower:]')`} 6 | BUILD_PATH=${BUILD_PATH:-`pwd`} 7 | 8 | build_apisix_base_rpm() { 9 | dnf install -y yum-utils 10 | yum -y install --disablerepo=* --enablerepo=ubi-9-appstream-rpms --enablerepo=ubi-9-baseos-rpms gcc gcc-c++ patch wget git make sudo xz 11 | 12 | command -v gcc 13 | gcc --version 14 | 15 | yum-config-manager --add-repo https://openresty.org/package/centos/openresty.repo 16 | yum -y install openresty-openssl111-devel openresty-pcre-devel openresty-zlib-devel 17 | 18 | export_apisix_base_openresty_variables 19 | ${BUILD_PATH}/build-apisix-base.sh 20 | } 21 | 22 | build_apisix_base_deb() { 23 | arch_path="" 24 | if [[ $ARCH == "arm64" ]] || [[ $ARCH == "aarch64" ]]; then 25 | arch_path="arm64/" 26 | fi 27 | DEBIAN_FRONTEND=noninteractive apt-get update 28 | DEBIAN_FRONTEND=noninteractive apt-get install -y sudo git libreadline-dev lsb-release libssl-dev perl build-essential 29 | DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends wget gnupg ca-certificates 30 | wget -O - https://openresty.org/package/pubkey.gpg | apt-key add - 31 | wget -O - http://repos.apiseven.com/pubkey.gpg | apt-key add - 32 | 33 | if [[ $IMAGE_BASE == "ubuntu" ]]; then 34 | echo "deb http://openresty.org/package/${arch_path}ubuntu $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/openresty.list 35 | fi 36 | 37 | if [[ $IMAGE_BASE == "debian" ]]; then 38 | echo "deb http://openresty.org/package/${arch_path}debian $(lsb_release -sc) openresty" | tee /etc/apt/sources.list.d/openresty.list 39 | fi 40 | 41 | DEBIAN_FRONTEND=noninteractive apt-get update 42 | DEBIAN_FRONTEND=noninteractive apt-get install -y openresty-openssl111-dev openresty-pcre-dev openresty-zlib-dev 43 | 44 | export_apisix_base_openresty_variables 45 | # fix OR_PREFIX 46 | if [[ $build_latest == "latest" ]]; then 47 | unset OR_PREFIX 48 | fi 49 | ${BUILD_PATH}/build-apisix-base.sh ${build_latest} 50 | } 51 | 52 | build_apisix_base_apk() { 53 | export_apisix_base_openresty_variables 54 | ${BUILD_PATH}/build-apisix-base.sh 55 | } 56 | 57 | build_apisix_runtime_rpm() { 58 | dnf install -y yum-utils 59 | yum -y install --disablerepo=* --enablerepo=ubi-9-appstream-rpms --enablerepo=ubi-9-baseos-rpms gcc gcc-c++ patch wget git make sudo xz cpanminus 60 | 61 | command -v gcc 62 | gcc --version 63 | 64 | yum-config-manager --add-repo https://openresty.org/package/centos/openresty.repo 65 | yum -y install --nogpgcheck openresty-pcre-devel openresty-zlib-devel 66 | 67 | export_openresty_variables 68 | ${BUILD_PATH}/build-apisix-runtime.sh 69 | } 70 | 71 | build_apisix_runtime_deb() { 72 | arch_path="" 73 | if [[ $ARCH == "arm64" ]] || [[ $ARCH == "aarch64" ]]; then 74 | arch_path="arm64/" 75 | fi 76 | DEBIAN_FRONTEND=noninteractive apt-get update --fix-missing 77 | DEBIAN_FRONTEND=noninteractive apt-get install -y sudo git libreadline-dev lsb-release libssl-dev perl build-essential gcc g++ xz-utils curl cpanminus 78 | DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends wget gnupg ca-certificates 79 | wget -O - https://openresty.org/package/pubkey.gpg | apt-key add - 80 | 81 | if [[ $IMAGE_BASE == "ubuntu" ]]; then 82 | echo "deb http://openresty.org/package/${arch_path}ubuntu $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/openresty.list 83 | fi 84 | 85 | if [[ $IMAGE_BASE == "debian" ]]; then 86 | echo "deb http://openresty.org/package/${arch_path}debian $(lsb_release -sc) openresty" | tee /etc/apt/sources.list.d/openresty.list 87 | fi 88 | 89 | DEBIAN_FRONTEND=noninteractive apt-get update 90 | DEBIAN_FRONTEND=noninteractive apt-get install -y openresty-pcre-dev openresty-zlib-dev 91 | 92 | export_openresty_variables 93 | # fix OR_PREFIX 94 | if [[ $build_latest == "latest" ]]; then 95 | unset OR_PREFIX 96 | fi 97 | ${BUILD_PATH}/build-apisix-runtime.sh ${build_latest} 98 | } 99 | 100 | build_apisix_runtime_apk() { 101 | export_openresty_variables 102 | ${BUILD_PATH}/build-apisix-runtime.sh 103 | } 104 | 105 | export_openresty_variables() { 106 | export openssl_prefix=/usr/local/openresty/openssl3 107 | export zlib_prefix=/usr/local/openresty/zlib 108 | export pcre_prefix=/usr/local/openresty/pcre 109 | export OR_PREFIX=/usr/local/openresty 110 | 111 | export cc_opt="-DNGX_LUA_ABORT_AT_PANIC -I${zlib_prefix}/include -I${pcre_prefix}/include -I${openssl_prefix}/include" 112 | export ld_opt="-L${zlib_prefix}/lib -L${pcre_prefix}/lib -L${openssl_prefix}/lib -Wl,-rpath,${zlib_prefix}/lib:${pcre_prefix}/lib:${openssl_prefix}/lib" 113 | } 114 | 115 | export_apisix_base_openresty_variables() { 116 | export openssl_prefix=/usr/local/openresty/openssl111 117 | export zlib_prefix=/usr/local/openresty/zlib 118 | export pcre_prefix=/usr/local/openresty/pcre 119 | export OR_PREFIX=/usr/local/openresty 120 | 121 | export cc_opt="-DNGX_LUA_ABORT_AT_PANIC -I${zlib_prefix}/include -I${pcre_prefix}/include -I${openssl_prefix}/include" 122 | export ld_opt="-L${zlib_prefix}/lib -L${pcre_prefix}/lib -L${openssl_prefix}/lib -Wl,-rpath,${zlib_prefix}/lib:${pcre_prefix}/lib:${openssl_prefix}/lib" 123 | } 124 | 125 | case_opt=$1 126 | 127 | case ${case_opt} in 128 | build_apisix_base_rpm) 129 | build_apisix_base_rpm 130 | ;; 131 | build_apisix_base_deb) 132 | build_apisix_base_deb 133 | ;; 134 | build_apisix_base_apk) 135 | build_apisix_base_apk 136 | ;; 137 | build_apisix_runtime_rpm) 138 | build_apisix_runtime_rpm 139 | ;; 140 | build_apisix_runtime_deb) 141 | build_apisix_runtime_deb 142 | ;; 143 | build_apisix_runtime_apk) 144 | build_apisix_runtime_apk 145 | ;; 146 | esac 147 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Prerequisites 2 | 3 | - Docker 4 | - fpm 5 | - Make 6 | - rpm (if your host system is Ubuntu, should install rpmbuild by `sudo apt-get install rpm`) 7 | 8 | ## Parameters 9 | | Parameter | Required | Description | Example | 10 | |-----------------|----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------| 11 | | type | True | it can be `deb` or `rpm` or `apk` | type=rpm | 12 | | app | True | it can be `apisix`, `dashboard`, `apisix-base` or `apisix-runtime` | app=apisix | 13 | | checkout | True | the code branch or tag of the app which you want to package | checkout=2.1 or checkout=v2.1 | 14 | | version | True | the version of the package | version=10.10 | 15 | | local_code_path | False | the path of local code diretory of apisix or dashboard, which depends on the app parameter | local_code_path=/home/vagrant/apisix | 16 | | openresty | False | the openresty type that apisix depends on, its value can be `openresty`, `apisix-base` or `apisix-runtime`, the default is `openresty` | openresty=apisix-base | 17 | | artifact | False | the final name of the generated artifact, if not specified, this will be the same as `app` | artifact=apisix | 18 | | image_base | False | the environment for packaging, if type is `rpm` the default image_base is `centos`, if type is `deb` the default image_base is `ubuntu` | image_base=centos | 19 | | image_tag | False | the environment for packaging, it's value can be `16.04\|18.04\|20.04\|6\|7\|8`, if type is `rpm` the default image_tag is `7`, if type is `deb` the default image_tag is `20.04` | image_tag=7 | 20 | | buildx | False | if `True`, use buildx to build docker images, which may speed up GitHub Actions | buildx=True | 21 | 22 | ## Example 23 | 24 | ### build APISIX 25 | 26 | Packaging a Centos 7 package of Apache APISIX 27 | ```sh 28 | make package type=rpm app=apisix version=2.2 checkout=2.2 image_base=centos image_tag=7 29 | ls output/ 30 | apisix-2.2-0.el7.x86_64.rpm 31 | ``` 32 | or just leave `image_base` and `image_tag` as the default values. 33 | ``` 34 | make package type=rpm app=apisix version=2.2 checkout=2.2 35 | ls output/ 36 | apisix-2.2-0.el7.x86_64.rpm 37 | ``` 38 | 39 | Packaging a Centos 8 package of Apache APISIX 40 | ```sh 41 | make package type=rpm app=apisix version=2.2 checkout=2.2 image_base=centos image_tag=8 42 | ls output/ 43 | apisix-2.2-0.el8.x86_64.rpm 44 | ``` 45 | 46 | Packaging an Ubuntu 20.04 package of Apache APISIX 47 | ```sh 48 | make package type=deb app=apisix version=2.2 checkout=2.2 49 | ls output/ 50 | apisix_2.2-0~ubuntu20.04_amd64.deb 51 | ``` 52 | 53 | ### build dashboard 54 | 55 | Packaging a Centos 7 package of Apache APISIX Dashboard 56 | ```sh 57 | make package type=rpm app=dashboard version=2.4 checkout=v2.4 image_base=centos image_tag=7 58 | ls output/ 59 | apisix-dashboard-2.4-0.el7.x86_64.rpm 60 | ``` 61 | 62 | Packaging an Ubuntu 20.04 package of Apache APISIX Dashboard 63 | ```sh 64 | make package type=deb app=dashboard version=2.2 checkout=2.2 65 | ls output/ 66 | apisix-dashboard_2.2-0~ubuntu20.04_amd64.deb 67 | ``` 68 | 69 | ### build apisix-base 70 | 71 | Packaging a Centos 7 package of APISIX's OpenResty distribution 72 | ```sh 73 | make package type=rpm app=apisix-base version=1.0.0 image_base=centos image_tag=7 74 | ls output/ 75 | apisix-base-1.0.0-0.el7.x86_64.rpm 76 | ``` 77 | 78 | Packaging an Ubuntu 20.04 package of Apache APISIX's OpenResty distribution 79 | ```sh 80 | make package type=deb app=apisix-base version=1.0.0 81 | ls output/ 82 | apisix-base_1.0.0-0~ubuntu20.04_amd64.deb 83 | ``` 84 | 85 | Packaging an Alpine docker image of Apache APISIX's OpenResty distribution 86 | ```sh 87 | make package version=1.19.3.2.1 image_base=alpine image_tag=3.12 app=apisix-base type=apk 88 | docker images 89 | REPOSITORY TAG 90 | apache/apisix-base-apk 1.19.3.2.1 91 | ``` 92 | 93 | ### build APISIX-runtime 94 | 95 | Packaging a Centos 7 package of APISIX's OpenResty distribution 96 | ```sh 97 | make package type=rpm app=apisix-runtime version=1.0.0 image_base=centos image_tag=7 98 | ls output/ 99 | apisix-runtime-1.0.0-0.el7.x86_64.rpm 100 | ``` 101 | 102 | Packaging an Ubuntu 20.04 package of Apache APISIX's OpenResty distribution 103 | ```sh 104 | make package type=deb app=apisix-runtime version=1.0.0 105 | ls output/ 106 | apisix-runtime_1.0.0-0~ubuntu20.04_amd64.deb 107 | ``` 108 | 109 | ## Details 110 | 111 | - `Makefile` the entrance of the packager 112 | - `dockerfiles` directory for dockerfiles 113 | - `output` directory for packages 114 | -------------------------------------------------------------------------------- /utils/publish-rpm.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # pre-set 4 | set -euo pipefail 5 | set -x 6 | 7 | env 8 | 9 | # ======================================= 10 | # Runtime default config 11 | # ======================================= 12 | VAR_RPM_WORKBENCH_DIR=${VAR_RPM_WORKBENCH_DIR:-/tmp/output} 13 | VAR_GPG_PRIV_KET=${VAR_GPG_PRIV_KET:-/tmp/rpm-gpg-publish.private} 14 | VAR_GPG_PASSPHRASE=${VAR_GPG_PASSPHRASE:-/tmp/rpm-gpg-publish.passphrase} 15 | ARCH=${ARCH:-`(uname -m | tr '[:upper:]' '[:lower:]')`} 16 | 17 | COS_REGION=${COS_REGION:-"ap-guangzhou"} 18 | COS_GLOBAL_REGION=${COS_GLOBAL_REGION:-"accelerate"} 19 | COS_PART_SIZE=${COS_PART_SIZE:-"10"} 20 | VAR_COS_REGION_DNS="cos.${COS_REGION}.myqcloud.com" 21 | VAR_COS_GLOBAL_REGION_DNS="cos.${COS_GLOBAL_REGION}.myqcloud.com" 22 | 23 | # ======================================= 24 | # GPG extension 25 | # ======================================= 26 | func_rpmsign_macros_init() { 27 | cat > ~/.rpmmacros <<_EOC_ 28 | # Macros for signing RPMs. 29 | %_signature gpg 30 | %_gpg_path ${HOME}/.gnupg 31 | %_gpg_name ${GPG_MAIL} 32 | %_gpgbin /usr/bin/gpg 33 | %__gpg_sign_cmd %{__gpg} gpg --batch --verbose --no-armor --pinentry-mode loopback --passphrase-file ${VAR_GPG_PASSPHRASE} --no-secmem-warning -u "%{_gpg_name}" -sbo %{__signature_filename} --digest-algo sha256 %{__plaintext_filename} 34 | _EOC_ 35 | } 36 | 37 | func_gpg_key_load() { 38 | # ${1} gpg private key 39 | # ${2} gpg key passphrase 40 | gpg --import --pinentry-mode loopback --batch --passphrase-file "${2}" "${1}" 41 | 42 | gpg --list-keys --fingerprint | grep "${GPG_MAIL}" -B 1 \ 43 | | tr -d ' ' | head -1 | awk 'BEGIN { FS = "\n" } ; { print $1":6:" }' \ 44 | | gpg --import-ownertrust 45 | } 46 | 47 | # ======================================= 48 | # COS extension 49 | # ======================================= 50 | func_cos_utils_credential_init() { 51 | # ${1} - COS SECRET_ID 52 | # ${2} - COS SECRET_KEY 53 | # ${3} - COS bucket name 54 | coscmd config -a "${1}" -s "${2}" -b "${3}" -r ${COS_REGION} -p ${COS_PART_SIZE} 55 | } 56 | 57 | # ======================================= 58 | # COS repo extension 59 | # ======================================= 60 | func_repo_init() { 61 | # ${1} - repo workbench path 62 | mkdir -p "${1}"/redhat/9/${ARCH} 63 | } 64 | 65 | func_repo_clone() { 66 | # ${1} - bucket name 67 | # ${2} - COS path 68 | # ${3} - target path 69 | 70 | # --part-size indicates the file chunk size. 71 | # when the file is larger than --part-size, coscmd will chunk the file by --part-size. 72 | # when uploading/downloading the file in chunks, it will enable breakpoint transfer by default, 73 | # which will generate cosresumabletask file and interfere with the file integrity. 74 | # ref: https://cloud.tencent.com/document/product/436/63669 75 | coscmd -b "${1}" -r "${COS_GLOBAL_REGION}" download -r "/packages/${2}" "${3}" 76 | } 77 | 78 | func_repo_backup() { 79 | # ${1} - bucket name 80 | # ${2} - COS path 81 | # ${3} - backup tag 82 | coscmd copy -r "${1}.${VAR_COS_REGION_DNS}/packages/${2}" "/packages/backup/${2}_${3}" 83 | } 84 | 85 | func_repo_backup_remove() { 86 | # ${1} - bucket name 87 | # ${2} - COS path 88 | # ${3} - backup tag 89 | coscmd -b "${1}" delete -r -f "/packages/backup/${2}_${3}" 90 | } 91 | 92 | func_repo_repodata_rebuild() { 93 | # ${1} - repo parent path 94 | find "${1}" -type d -name "${ARCH}" \ 95 | -exec echo "createrepo_c for: {}" \; \ 96 | -exec rm -rf {}/repodata \; \ 97 | -exec createrepo_c {} \; 98 | } 99 | 100 | func_repo_repodata_sign() { 101 | # ${1} - repo parent path 102 | find "${1}" -type f -name "*repomd.xml" \ 103 | -exec echo "sign repodata for: {}" \; \ 104 | -exec gpg --batch --pinentry-mode loopback --passphrase-file "${VAR_GPG_PASSPHRASE}" --detach-sign --armor {} \; 105 | } 106 | 107 | func_repo_upload() { 108 | # ${1} - local path 109 | # ${2} - bucket name 110 | # ${3} - COS path 111 | coscmd -b "${2}" delete -r -f "/packages/${3}" || true 112 | coscmd -b "${2}" -r ${COS_GLOBAL_REGION} upload -r "${1}" "/packages/${3}" 113 | } 114 | 115 | func_repo_publish() { 116 | # ${1} - CI bucket 117 | # ${2} - repo publish bucket 118 | # ${3} - COS path 119 | coscmd delete -r -f "/packages/${3}" || true 120 | coscmd -b "${2}" copy -r "${1}.${VAR_COS_REGION_DNS}/packages/${3}" "packages/${3}" 121 | } 122 | 123 | # ======================================= 124 | # publish utils entry 125 | # ======================================= 126 | case_opt=$1 127 | case ${case_opt} in 128 | init_cos_utils) 129 | func_cos_utils_credential_init "${TENCENT_COS_SECRETID}" "${TENCENT_COS_SECRETKEY}" "${VAR_COS_BUCKET_REPO}" 130 | ;; 131 | repo_init) 132 | # create basic repo directory structure 133 | # useful when a new repo added 134 | func_repo_init /tmp 135 | ;; 136 | repo_backup) 137 | func_repo_backup "${VAR_COS_BUCKET_REPO}" "redhat" "${TAG_DATE}" 138 | ;; 139 | repo_clone) 140 | func_repo_clone "${VAR_COS_BUCKET_REPO}" "redhat" /tmp/redhat 141 | ;; 142 | repo_package_sync) 143 | find "${VAR_RPM_WORKBENCH_DIR}" -type f -name "*ubi9.6.${ARCH}.rpm" \ 144 | -exec echo "repo sync for: {}" \; \ 145 | -exec cp -a {} /tmp/redhat/9/${ARCH} \; 146 | ;; 147 | repo_repodata_rebuild) 148 | func_repo_repodata_rebuild /tmp/redhat 149 | func_repo_repodata_sign /tmp/redhat 150 | ;; 151 | repo_upload) 152 | func_repo_upload /tmp/redhat "${VAR_COS_BUCKET_CI}" "redhat" 153 | ;; 154 | repo_publish) 155 | func_repo_publish "${VAR_COS_BUCKET_CI}" "${VAR_COS_BUCKET_REPO}" "redhat" 156 | ;; 157 | repo_backup_remove) 158 | func_repo_backup_remove "${VAR_COS_BUCKET_REPO}" "redhat" "${TAG_DATE}" 159 | ;; 160 | rpm_gpg_sign) 161 | func_rpmsign_macros_init 162 | func_gpg_key_load "${VAR_GPG_PRIV_KET}" "${VAR_GPG_PASSPHRASE}" 163 | 164 | find "${VAR_RPM_WORKBENCH_DIR}" -type f -name "*.rpm" \ 165 | -exec echo "rpmsign for: {}" \; \ 166 | -exec rpmsign --addsign {} \; 167 | ;; 168 | *) 169 | echo "Unknown method!" 170 | esac 171 | -------------------------------------------------------------------------------- /.github/workflows/publish.yml: -------------------------------------------------------------------------------- 1 | name: Build and Publish RPM Package 2 | 3 | on: 4 | push: 5 | tags: 6 | - "apisix/*" 7 | 8 | concurrency: 9 | group: ${{ github.workflow }}-${{ github.ref == 'refs/heads/master' && github.run_number || github.ref }} 10 | cancel-in-progress: true 11 | 12 | jobs: 13 | publish_apisix: 14 | name: Build and Publish RPM Package 15 | strategy: 16 | fail-fast: false 17 | matrix: 18 | platform: 19 | - runner: ubuntu-latest 20 | arch: x86_64 21 | - runner: ubuntu-24.04-arm 22 | arch: aarch64 23 | runs-on: ${{ matrix.platform.runner }} 24 | timeout-minutes: 180 25 | env: 26 | VAR_COS_BUCKET_CI: ${{ secrets.VAR_COS_BUCKET_CI }} 27 | VAR_COS_BUCKET_REPO: ${{ secrets.VAR_COS_BUCKET_REPO }} 28 | VAR_COS_ENDPOINT: ${{ secrets.VAR_COS_ENDPOINT }} 29 | VAR_RPM_WORKBENCH_DIR: /tmp/output 30 | ARCH: ${{ matrix.platform.arch }} 31 | 32 | steps: 33 | - name: Check out code 34 | uses: actions/checkout@v2.3.5 35 | with: 36 | submodules: recursive 37 | 38 | - name: Init basic publish env 39 | run: | 40 | # install publish env deps 41 | sudo apt-get update 42 | sudo apt install -y createrepo-c 43 | # install node.js and pnpm 44 | sudo n lts 45 | corepack enable pnpm 46 | mkdir -p "${VAR_RPM_WORKBENCH_DIR}" 47 | # init env var 48 | TAG_DATE=$(date +%Y%m%d) 49 | echo "TAG_DATE=${TAG_DATE}" >> "$GITHUB_ENV" 50 | 51 | - name: Extract Tags version 52 | if: ${{ startsWith(github.ref, 'refs/tags/') }} 53 | shell: bash 54 | run: | 55 | echo "TAG_VERSION=${GITHUB_REF##*/}" >> "$GITHUB_ENV" 56 | 57 | - name: Extract Tags Type 58 | if: ${{ startsWith(github.ref, 'refs/tags/') }} 59 | shell: bash 60 | run: | 61 | type=$(echo ${GITHUB_REF} | awk -F '/' '{print $3}') 62 | echo "TAG_TYPE=${type}" >> "$GITHUB_ENV" 63 | 64 | - name: Check Tags Type 65 | if: ${{ env.TAG_TYPE != 'apisix' && env.TAG_TYPE != 'apisix-base' && env.TAG_TYPE != 'dashboard' }} 66 | run: | 67 | echo "##[error]Tag type is not correct, or not support, please check it." 68 | exit 1 69 | 70 | - name: Build apisix RPM Package 71 | if: ${{ env.TAG_TYPE == 'apisix' }} 72 | env: 73 | APISIX_TAG_VERSION: ${{ env.TAG_VERSION }} 74 | run: | 75 | wget https://raw.githubusercontent.com/apache/apisix/${APISIX_TAG_VERSION}/.requirements 76 | source .requirements 77 | 78 | # build apisix 79 | make package type=rpm app=apisix openresty=apisix-runtime runtime_version=${APISIX_RUNTIME} checkout=${APISIX_TAG_VERSION} version=${APISIX_TAG_VERSION} image_base=registry.access.redhat.com/ubi9/ubi image_tag=9.6 80 | mv ./output/apisix-${APISIX_TAG_VERSION}-0.ubi9.6.${ARCH}.rpm ${VAR_RPM_WORKBENCH_DIR} 81 | echo "TARGET_APP=apisix" >> "$GITHUB_ENV" 82 | 83 | - name: Build apisix-base RPM Package 84 | if: ${{ env.TAG_TYPE == 'apisix-base' }} 85 | env: 86 | APISIX_BASE_TAG_VERSION: ${{ env.TAG_VERSION }} 87 | run: | 88 | # build apisix-base 89 | echo ${{ env.TAG_TYPE }} ${{ env.TAG_VERSION }} 90 | make package type=rpm app=apisix-base checkout=${APISIX_BASE_TAG_VERSION} version=${APISIX_BASE_TAG_VERSION} image_base=registry.access.redhat.com/ubi9/ubi image_tag=9.6 91 | mv ./output/apisix-base-${APISIX_BASE_TAG_VERSION}-0.ubi9.6.${ARCH}.rpm ${VAR_RPM_WORKBENCH_DIR} 92 | echo "TARGET_APP=apisix-base" >> "$GITHUB_ENV" 93 | 94 | - name: Build apisix-runtime RPM Package 95 | if: ${{ env.TAG_TYPE == 'apisix-runtime' }} 96 | env: 97 | APISIX_RUNTIME_TAG_VERSION: ${{ env.TAG_VERSION }} 98 | run: | 99 | # build apisix-runtime 100 | echo ${{ env.TAG_TYPE }} ${{ env.TAG_VERSION }} 101 | make package type=rpm app=apisix-runtime checkout=${APISIX_RUNTIME_TAG_VERSION} version=${APISIX_RUNTIME_TAG_VERSION} image_base=registry.access.redhat.com/ubi9/ubi image_tag=9.6 102 | mv ./output/apisix-runtime-${APISIX_RUNTIME_TAG_VERSION}-0.ubi9.6.${ARCH}.rpm ${VAR_RPM_WORKBENCH_DIR} 103 | echo "TARGET_APP=apisix-runtime" >> "$GITHUB_ENV" 104 | 105 | - name: Build apisix-dashboard RPM Package 106 | if: ${{ env.TAG_TYPE == 'dashboard' }} 107 | env: 108 | APISIX_DASHBOARD_TAG_VERSION: ${{ env.TAG_VERSION }} 109 | run: | 110 | # build apisix dashboard 111 | mv ./output/apisix-dashboard-${APISIX_DASHBOARD_TAG_VERSION}-0.el{7,8}.${ARCH}.rpm ${VAR_RPM_WORKBENCH_DIR} 112 | echo "TARGET_APP=apisix-dashboard" >> "$GITHUB_ENV" 113 | 114 | 115 | - name: Ensure the upload dir 116 | run: | 117 | ls -al "${VAR_RPM_WORKBENCH_DIR}" 118 | 119 | - name: Upload apisix Artifact for Redhat 120 | if: ${{ env.TAG_TYPE == 'apisix' }} 121 | uses: actions/upload-artifact@v4.0.0 122 | env: 123 | PACKAGE_NAME: apisix-${{ env.TAG_VERSION }}-0.ubi9.6.${{ env.ARCH }}.rpm 124 | with: 125 | name: "${{ env.PACKAGE_NAME }}" 126 | path: "${{ env.VAR_RPM_WORKBENCH_DIR }}/${{ env.PACKAGE_NAME }}" 127 | 128 | - name: Upload apisix-base Artifact for Redhat 129 | if: ${{ env.TAG_TYPE == 'apisix-base' }} 130 | uses: actions/upload-artifact@v4.0.0 131 | env: 132 | PACKAGE_NAME: apisix-base-${{ env.TAG_VERSION }}-0.ubi9.6.${{ env.ARCH }}.rpm 133 | with: 134 | name: "${{ env.PACKAGE_NAME }}" 135 | path: "${{ env.VAR_RPM_WORKBENCH_DIR }}/${{ env.PACKAGE_NAME }}" 136 | 137 | - name: Upload apisix-runtime Artifact for Redhat 138 | if: ${{ env.TAG_TYPE == 'apisix-runtime' }} 139 | uses: actions/upload-artifact@v4.0.0 140 | env: 141 | PACKAGE_NAME: apisix-runtime-${{ env.TAG_VERSION }}-0.ubi9.6.${{ env.ARCH }}.rpm 142 | with: 143 | name: "${{ env.PACKAGE_NAME }}" 144 | path: "${{ env.VAR_RPM_WORKBENCH_DIR }}/${{ env.PACKAGE_NAME }}" 145 | 146 | - name: Upload apisix-dashboard Artifact 147 | if: ${{ env.TAG_TYPE == 'dashboard' }} 148 | uses: actions/upload-artifact@v4.0.0 149 | env: 150 | PACKAGE_NAME: apisix-dashboard-${{ env.TAG_VERSION }}-0.el7.${{ env.ARCH }}.rpm 151 | with: 152 | name: "${{ env.PACKAGE_NAME }}" 153 | path: "${{ env.VAR_RPM_WORKBENCH_DIR }}/${{ env.PACKAGE_NAME }}" 154 | 155 | - name: RPM repo deps init 156 | env: 157 | TENCENT_COS_SECRETID: ${{ secrets.TENCENT_COS_SECRETID }} 158 | TENCENT_COS_SECRETKEY: ${{ secrets.TENCENT_COS_SECRETKEY }} 159 | run: | 160 | sudo pip install coscmd 161 | sudo -E ./utils/publish-rpm.sh init_cos_utils 162 | 163 | - name: RPM repo init for redhat 164 | run: | 165 | sudo -E ./utils/publish-rpm.sh repo_init 166 | sudo -E ./utils/publish-rpm.sh repo_clone 167 | 168 | - name: RPM repo package update 169 | env: 170 | GPG_NAME: ${{ secrets.GPG_NAME }} 171 | GPG_MAIL: ${{ secrets.GPG_MAIL }} 172 | run: | 173 | echo "${{ secrets.RPM_GPG_PRIV_KEY }}" >> /tmp/rpm-gpg-publish.private 174 | echo "${{ secrets.RPM_GPG_PASSPHRASE }}" >> /tmp/rpm-gpg-publish.passphrase 175 | echo "${{ secrets.RPM_GPG_PUB_KEY }}" >> /tmp/rpm-gpg-publish.public 176 | sudo -E ./utils/publish-rpm.sh rpm_gpg_sign 177 | sudo -E ./utils/publish-rpm.sh repo_package_sync 178 | 179 | - name: RPM repo backup for redhat 180 | run: | 181 | sudo -E ./utils/publish-rpm.sh repo_backup 182 | 183 | - name: RPM repo refresh for redhat 184 | run: | 185 | sudo -E ./utils/publish-rpm.sh repo_repodata_rebuild 186 | sudo -E ./utils/publish-rpm.sh repo_upload 187 | 188 | - name: RPM repo publish for redhat 189 | run: | 190 | sudo -E ./utils/publish-rpm.sh repo_publish 191 | -------------------------------------------------------------------------------- /utils/publish-deb.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # pre-set 4 | set -euo pipefail 5 | set -x 6 | 7 | env 8 | 9 | # ======================================= 10 | # Runtime default config 11 | # ======================================= 12 | VAR_FREIGHT_UTILS_VERSION=${VAR_FREIGHT_UTILS_VERSION:-v0.3.13} 13 | VAR_DEB_WORKBENCH_DIR=${VAR_DEB_WORKBENCH_DIR:-/tmp/output} 14 | VAR_GPG_PRIV_KET=${VAR_GPG_PRIV_KET:-/tmp/deb-gpg-publish.private} 15 | VAR_GPG_PASSPHRASE=${VAR_GPG_PASSPHRASE:-/tmp/deb-gpg-publish.passphrase} 16 | 17 | COS_REGION=${COS_REGION:-"ap-guangzhou"} 18 | COS_GLOBAL_REGION=${COS_GLOBAL_REGION:-"accelerate"} 19 | COS_PART_SIZE=${COS_PART_SIZE:-"10"} 20 | VAR_COS_REGION_DNS="cos.${COS_REGION}.myqcloud.com" 21 | VAR_COS_GLOBAL_REGION_DNS="cos.${COS_GLOBAL_REGION}.myqcloud.com" 22 | 23 | TAG_DATE=$(date +%Y%m%d) 24 | ARCH=${ARCH:-`(uname -m | tr '[:upper:]' '[:lower:]')`} 25 | arch_path="" 26 | if [[ $ARCH == "arm64" ]] || [[ $ARCH == "aarch64" ]]; then 27 | arch_path="arm64/" 28 | COS_CMD="${PWD}/coscli" 29 | fi 30 | 31 | func_gpg_key_load() { 32 | gpg --import --pinentry-mode loopback \ 33 | --batch --passphrase-file "${VAR_GPG_PASSPHRASE}" "${VAR_GPG_PRIV_KET}" 34 | 35 | gpg --list-keys --fingerprint | grep "${DEB_GPG_MAIL}" -B 1 \ 36 | | tr -d ' ' | head -1 | awk 'BEGIN { FS = "\n" } ; { print $1":6:" }' \ 37 | | gpg --import-ownertrust 38 | 39 | cat > "${HOME}/.gnupg/gpg.conf" <<_EOC_ 40 | pinentry-mode loopback 41 | passphrase-file ${VAR_GPG_PASSPHRASE} 42 | _EOC_ 43 | } 44 | 45 | # ======================================= 46 | # COS extension 47 | # ======================================= 48 | func_cos_utils_credential_init() { 49 | # ${1} - COS SECRET_ID 50 | # ${2} - COS SECRET_KEY 51 | # ${3} - COS bucket name 52 | coscmd config -a "${1}" -s "${2}" -b "${3}" -r ${COS_REGION} -p ${COS_PART_SIZE} 53 | } 54 | 55 | 56 | func_freight_utils_install() { 57 | wget https://github.com/freight-team/freight/archive/refs/tags/${VAR_FREIGHT_UTILS_VERSION}.tar.gz 58 | tar -zxvf ${VAR_FREIGHT_UTILS_VERSION}.tar.gz 59 | cd freight-* && make install 60 | } 61 | 62 | func_freight_utils_init() { 63 | # ${1} - gpg mail 64 | # ${2} - freight work dir 65 | mkdir -p ${2} 66 | archs="amd64" 67 | if [[ $ARCH == "arm64" ]] || [[ $ARCH == "aarch64" ]]; then 68 | archs="arm64" 69 | fi 70 | freight-init --gpg=${1} --libdir=${2}/lib \ 71 | --cachedir=${2}/cache --conf=${2}/freight.conf \ 72 | --archs=${archs} --origin="Apache APISIX" 73 | } 74 | 75 | func_dists_backup() { 76 | # ${1} - bucket name 77 | # ${2} - COS path 78 | # ${3} - backup tag 79 | coscmd copy -r "${1}.${VAR_COS_REGION_DNS}/packages/${arch_path}${2}/dists" "/packages/${arch_path}backup/${2}_dists_${3}" 80 | } 81 | 82 | func_pool_clone() { 83 | # ${1} - bucket name 84 | # ${2} - COS path 85 | # ${3} - local pool path 86 | mkdir -p ${3} 87 | # --part-size indicates the file chunk size. 88 | # when the file is larger than --part-size, coscli will chunk the file by --part-size. 89 | # when uploading/downloading the file in chunks, it will enable breakpoint transfer by default, 90 | # which will generate cosresumabletask file and interfere with the file integrity. 91 | # ref: https://cloud.tencent.com/document/product/436/63669 92 | coscmd -b "${1}" -r "${COS_GLOBAL_REGION}" download -r "/packages/${arch_path}${2}/pool" "${3}" 93 | } 94 | 95 | func_dists_rebuild() { 96 | # ${1} - local pool path 97 | # ${2} - freight work dir 98 | # ${3} - deb output dir 99 | # ${4} - codename 100 | 101 | # add old deb package 102 | for codename in `ls ${1}` 103 | do 104 | find "${1}/${codename}" -type f -name "*.deb" \ 105 | -exec echo "freight-add: {}" \; \ 106 | -exec freight-add -c ${2}/freight.conf {} apt/${codename} \; 107 | done 108 | 109 | 110 | # add the deb package built this time 111 | find "${3}" -type f -name "*.deb" \ 112 | -exec echo "freight-add: {}" \; \ 113 | -exec freight-add -c ${2}/freight.conf {} apt/${4} \; 114 | 115 | freight-cache -c ${2}/freight.conf 116 | 117 | for codename in `ls ${2}/cache/pool` 118 | do 119 | rm -rf ${2}/cache/dists/${codename} 120 | mv ${2}/cache/dists/${codename}-* ${2}/cache/dists/${codename} 121 | rm -rf ${2}/cache/dists/${codename}/.refs 122 | done 123 | } 124 | 125 | func_dists_upload_ci_repo() { 126 | coscmd -b "${2}" delete -r -f "/packages/${arch_path}${3}" || true 127 | coscmd -b "${2}" -r "${COS_GLOBAL_REGION}" upload -r "${1}" "/packages/${arch_path}${3}/dists" 128 | } 129 | 130 | func_deb_upload() { 131 | # ${1} - local path 132 | # ${2} - bucket name 133 | # ${3} - COS path 134 | # ${4} - codename 135 | 136 | # We will only upload apisix and apisix-base, 137 | # so the directory is fixed: pool/main/a. 138 | # Regardless of other packages. 139 | export arch_path=$arch_path 140 | export BUCKET=$2 141 | export OS=$3 142 | export CODENAME=$4 143 | export COS_GLOBAL_REGION=$COS_GLOBAL_REGION 144 | export UPLOAD_TARGET_FILE=$UPLOAD_TARGET_FILE 145 | find "${1}" -type f -name "apisix_*.deb" \ 146 | -exec echo "upload : {}" \; \ 147 | -exec sh -c 'coscmd -b "${BUCKET}" -r "${COS_GLOBAL_REGION}" upload {} "/packages/${arch_path}${OS}/pool/${CODENAME}/main/a/apisix/${UPLOAD_TARGET_FILE}"' \; 148 | 149 | find "${1}" -type f -name "apisix-base*.deb" \ 150 | -exec echo "upload : {}" \; \ 151 | -exec sh -c 'coscmd -b "${BUCKET}" -r "${COS_GLOBAL_REGION}" upload {} "/packages/${arch_path}${OS}/pool/${CODENAME}/main/a/apisix-base/${UPLOAD_TARGET_FILE}"' \; 152 | 153 | find "${1}" -type f -name "apisix-runtime*.deb" \ 154 | -exec echo "upload : {}" \; \ 155 | -exec sh -c 'coscmd -b "${BUCKET}" -r "${COS_GLOBAL_REGION}" upload {} "/packages/${arch_path}${OS}/pool/${CODENAME}/main/a/apisix-runtime/${UPLOAD_TARGET_FILE}"' \; 156 | 157 | } 158 | 159 | func_repo_publish() { 160 | # ${1} - CI bucket 161 | # ${2} - repo publish bucket 162 | # ${3} - COS path 163 | coscmd delete -r -f "/packages/${arch_path}${3}/dists" || true 164 | coscmd -b "${2}" copy -r "${1}.${VAR_COS_REGION_DNS}/packages/${arch_path}${3}/dists" "/packages/${arch_path}${3}/dists" 165 | } 166 | 167 | func_repo_backup_remove() { 168 | # ${1} - bucket name 169 | # ${2} - COS path 170 | # ${3} - backup tag 171 | coscmd -b "${1}" delete -r -f "/packages/${arch_path}backup/${2}_dists_${3}" || true 172 | } 173 | 174 | # ======================================= 175 | # publish utils entry 176 | # ======================================= 177 | case_opt=$1 178 | 179 | case ${case_opt} in 180 | init_cos_utils) 181 | func_cos_utils_credential_init "${TENCENT_COS_SECRETID}" "${TENCENT_COS_SECRETKEY}" "${VAR_COS_BUCKET_REPO}" 182 | ;; 183 | init_freight_utils) 184 | func_freight_utils_install 185 | func_freight_utils_init ${DEB_GPG_MAIL} "/tmp/freight" 186 | ;; 187 | init_gpg) 188 | func_gpg_key_load 189 | ;; 190 | dists_backup) 191 | # eg: arm64/debian/dists --> arm64/backup/debian_dists_$TAG_DATE 192 | # VAR_OS: debian or ubuntu 193 | func_dists_backup "${VAR_COS_BUCKET_REPO}" "${VAR_OS}" "${TAG_DATE}" 194 | ;; 195 | repo_clone) 196 | # eg: remote: debian/pool --> /tmp/old_pool 197 | func_pool_clone "${VAR_COS_BUCKET_REPO}" "${VAR_OS}" "/tmp/old_pool" 198 | ;; 199 | repo_rebuild) 200 | func_dists_rebuild "/tmp/old_pool" "/tmp/freight" ${VAR_DEB_WORKBENCH_DIR} ${VAR_CODENAME} 201 | ;; 202 | repo_ci_upload) 203 | func_dists_upload_ci_repo "/tmp/freight/cache/dists" "${VAR_COS_BUCKET_CI}" "${VAR_OS}" 204 | ;; 205 | repo_upload) 206 | func_deb_upload "${VAR_DEB_WORKBENCH_DIR}" "${VAR_COS_BUCKET_REPO}" "${VAR_OS}" "${VAR_CODENAME}" 207 | ;; 208 | repo_publish) 209 | func_repo_publish "${VAR_COS_BUCKET_CI}" "${VAR_COS_BUCKET_REPO}" "${VAR_OS}" 210 | ;; 211 | repo_backup_remove) 212 | func_repo_backup_remove "${VAR_COS_BUCKET_REPO}" "${VAR_OS}" "${TAG_DATE}" 213 | ;; 214 | *) 215 | echo "Unknown method!" 216 | esac 217 | -------------------------------------------------------------------------------- /utils/install-common.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | set -x 4 | 5 | ARCH=${ARCH:-`(uname -m | tr '[:upper:]' '[:lower:]')`} 6 | 7 | install_apisix_dependencies_deb() { 8 | install_dependencies_deb 9 | install_openresty_deb 10 | install_luarocks 11 | } 12 | 13 | install_apisix_dependencies_rpm() { 14 | install_dependencies_rpm 15 | install_openresty_rpm 16 | install_luarocks 17 | } 18 | 19 | install_dependencies_rpm() { 20 | # install basic dependencies 21 | if [[ $IMAGE_BASE == "registry.access.redhat.com/ubi9/ubi" ]]; then 22 | yum install -y --disablerepo=* --enablerepo=ubi-9-appstream-rpms --enablerepo=ubi-9-baseos-rpms wget tar gcc automake autoconf libtool make git which unzip sudo 23 | yum install -y --disablerepo=* --enablerepo=ubi-9-appstream-rpms --enablerepo=ubi-9-baseos-rpms yum-utils 24 | else 25 | yum install -y wget tar gcc automake autoconf libtool make curl git which unzip sudo 26 | yum install -y yum-utils 27 | fi 28 | } 29 | 30 | install_dependencies_deb() { 31 | # install basic dependencies 32 | DEBIAN_FRONTEND=noninteractive apt-get update 33 | DEBIAN_FRONTEND=noninteractive apt-get install -y wget tar gcc automake autoconf libtool make curl git unzip sudo libreadline-dev lsb-release gawk 34 | } 35 | 36 | install_openresty_deb() { 37 | DEBIAN_FRONTEND=noninteractive apt-get update 38 | DEBIAN_FRONTEND=noninteractive apt-get install -y libreadline-dev lsb-release libpcre3 libpcre3-dev libldap2-dev perl build-essential 39 | DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends wget gnupg ca-certificates 40 | } 41 | 42 | install_openresty_rpm() { 43 | yum install -y pcre pcre-devel openldap-devel 44 | } 45 | 46 | install_luarocks() { 47 | wget https://raw.githubusercontent.com/apache/apisix/master/utils/linux-install-luarocks.sh 48 | chmod +x linux-install-luarocks.sh 49 | ./linux-install-luarocks.sh 50 | } 51 | 52 | install_etcd() { 53 | ETCD_ARCH="amd64" 54 | if [[ $ARCH == "arm64" ]] || [[ $ARCH == "aarch64" ]]; then 55 | ETCD_ARCH="arm64" 56 | fi 57 | wget https://github.com/etcd-io/etcd/releases/download/"${RUNNING_ETCD_VERSION}"/etcd-"${RUNNING_ETCD_VERSION}"-linux-"${ETCD_ARCH}".tar.gz 58 | tar -zxvf etcd-"${RUNNING_ETCD_VERSION}"-linux-"${ETCD_ARCH}".tar.gz 59 | } 60 | 61 | version_gt() { test "$(echo "$@" | tr " " "\n" | sort -V | head -n 1)" != "$1"; } 62 | 63 | is_newer_version() { 64 | if [ "${checkout_v}" = "master" -o "${checkout_v:0:7}" = "release" ];then 65 | return 0 66 | fi 67 | 68 | if [ "${checkout_v:0:1}" = "v" ];then 69 | version_gt "${checkout_v:1}" "2.2" 70 | else 71 | version_gt "${checkout_v}" "2.2" 72 | fi 73 | } 74 | 75 | install_rust() { 76 | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sudo sh -s -- -y 77 | source "$HOME/.cargo/env" 78 | } 79 | 80 | install_apisix() { 81 | mkdir -p /tmp/build/output/apisix/usr/bin/ 82 | cd /apisix 83 | 84 | # patch rockspec file to install with local repo 85 | sed -re '/^\s*source\s*=\s*\{$/{:src;n;s/^(\s*url\s*=).*$/\1".\/apisix",/;/\}/!bsrc}' \ 86 | -e '/^\s*source\s*=\s*\{$/{:src;n;/^(\s*branch\s*=).*$/d;/\}/!bsrc}' \ 87 | -i apisix-master-${iteration}.rockspec 88 | 89 | # install rust 90 | install_rust 91 | 92 | # build the lib and specify the storage path of the package installed 93 | # To be removed after https://github.com/luarocks/luarocks/issues/1797 is fixed 94 | luarocks make ./apisix-master-${iteration}.rockspec --tree=/tmp/build/output/apisix/usr/local/apisix/deps --local 95 | chown -R "$(whoami)":"$(whoami)" /tmp/build/output 96 | cd .. 97 | # copy the compiled files to the package install directory 98 | cp /tmp/build/output/apisix/usr/local/apisix/deps/lib64/luarocks/rocks-5.1/apisix/master-"${iteration}"/bin/apisix /tmp/build/output/apisix/usr/bin/ || true 99 | cp /tmp/build/output/apisix/usr/local/apisix/deps/lib/luarocks/rocks-5.1/apisix/master-"${iteration}"/bin/apisix /tmp/build/output/apisix/usr/bin/ || true 100 | # modify the apisix entry shell to be compatible with version 2.2 and 2.3 101 | if is_newer_version "${checkout_v}"; then 102 | echo 'use shell ' 103 | else 104 | bin='#! /usr/local/openresty/luajit/bin/luajit\npackage.path = "/usr/local/apisix/?.lua;" .. package.path' 105 | sed -i "1s@.*@$bin@" /tmp/build/output/apisix/usr/bin/apisix 106 | fi 107 | cp -r /usr/local/apisix/* /tmp/build/output/apisix/usr/local/apisix/ 108 | cp -r /apisix/ui /tmp/build/output/apisix/usr/local/apisix/ui 109 | mv /tmp/build/output/apisix/usr/local/apisix/deps/share/lua/5.1/apisix /tmp/build/output/apisix/usr/local/apisix/ 110 | if is_newer_version "${checkout_v}"; then 111 | bin='package.path = "/usr/local/apisix/?.lua;" .. package.path' 112 | sed -i "1s@.*@$bin@" /tmp/build/output/apisix/usr/local/apisix/apisix/cli/apisix.lua 113 | else 114 | echo '' 115 | fi 116 | sed -i '1i package.path = "/usr/local/apisix/deps/share/lua/5.1/?/init.lua;" .. package.path' /tmp/build/output/apisix/usr/local/apisix/apisix/cli/apisix.lua 117 | # delete unnecessary files 118 | rm -rf /tmp/build/output/apisix/usr/local/apisix/deps/lib64/luarocks 119 | rm -rf /tmp/build/output/apisix/usr/local/apisix/deps/lib/luarocks/rocks-5.1/apisix/master-"${iteration}"/doc 120 | } 121 | 122 | install_golang() { 123 | GO_VERSION="1.19.6" 124 | GO_ARCH="amd64" 125 | if [[ $ARCH == "arm64" ]] || [[ $ARCH == "aarch64" ]]; then 126 | GO_ARCH="arm64" 127 | fi 128 | wget https://dl.google.com/go/go"${GO_VERSION}".linux-"${GO_ARCH}".tar.gz 129 | tar -xzf go"${GO_VERSION}".linux-"${GO_ARCH}".tar.gz 130 | mv go /usr/local 131 | } 132 | 133 | install_dashboard_dependencies_rpm() { 134 | yum install -y wget curl git which gcc make 135 | curl --silent --location https://dl.yarnpkg.com/rpm/yarn.repo | tee /etc/yum.repos.d/yarn.repo 136 | sh -c "$(curl -fsSL https://rpm.nodesource.com/setup_14.x)" 137 | yum install -y nodejs yarn 138 | install_golang 139 | } 140 | 141 | install_dashboard_dependencies_deb() { 142 | DEBIAN_FRONTEND=noninteractive apt-get update 143 | DEBIAN_FRONTEND=noninteractive apt-get install -y wget curl git gcc make 144 | curl -fsSL https://deb.nodesource.com/setup_14.x | bash - 145 | DEBIAN_FRONTEND=noninteractive apt-get install -y nodejs 146 | npm install -g yarn 147 | install_golang 148 | } 149 | 150 | install_dashboard() { 151 | mkdir -p /tmp/build/output/apisix/dashboard/usr/bin/ 152 | mkdir -p /tmp/build/output/apisix/dashboard/usr/local/apisix/dashboard/ 153 | # config golang 154 | export GO111MODULE=on 155 | export GOROOT=/usr/local/go 156 | export GOPATH=$HOME/gopath 157 | export PATH=$PATH:$GOROOT/bin:$GOPATH/bin 158 | cd "$HOME" 159 | mkdir gopath 160 | go env -w GOPROXY="${goproxy}" 161 | cd /tmp/ 162 | cd /apisix-dashboard 163 | # FIXME: when the certificate is valid 164 | yarn config set "strict-ssl" false -g 165 | make build 166 | # copy the compiled files to the specified directory for packaging 167 | cp -r output/* /tmp/build/output/apisix/dashboard/usr/local/apisix/dashboard 168 | # set the soft link for manager-api 169 | ln -s /usr/local/apisix/dashboard/manager-api /tmp/build/output/apisix/dashboard/usr/bin/manager-api 170 | # determine dist and write it into /tmp/dist file 171 | /determine-dist.sh 172 | } 173 | 174 | case_opt=$1 175 | shift 176 | 177 | case ${case_opt} in 178 | install_apisix_dependencies_rpm) 179 | install_apisix_dependencies_rpm 180 | ;; 181 | install_apisix_dependencies_deb) 182 | install_apisix_dependencies_deb 183 | ;; 184 | install_openresty_deb) 185 | install_openresty_deb 186 | ;; 187 | install_openresty_rpm) 188 | install_openresty_rpm 189 | ;; 190 | install_etcd) 191 | install_etcd 192 | ;; 193 | install_apisix) 194 | install_apisix 195 | ;; 196 | install_dashboard_dependencies_rpm) 197 | install_dashboard_dependencies_rpm 198 | ;; 199 | install_dashboard_dependencies_deb) 200 | install_dashboard_dependencies_deb 201 | ;; 202 | install_dashboard) 203 | install_dashboard 204 | ;; 205 | install_luarocks) 206 | install_luarocks 207 | ;; 208 | esac 209 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one or more 3 | # contributor license agreements. See the NOTICE file distributed with 4 | # this work for additional information regarding copyright ownership. 5 | # The ASF licenses this file to You under the Apache License, Version 2.0 6 | # (the "License"); you may not use this file except in compliance with 7 | # the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | version=0 19 | checkout=0 20 | app=0 21 | type=0 22 | image_base="registry.access.redhat.com/ubi9/ubi" 23 | image_tag="9.6" 24 | iteration=0 25 | local_code_path=0 26 | openresty="apisix-runtime" 27 | artifact="0" 28 | runtime_version=0 29 | apisix_repo="https://github.com/apache/apisix" 30 | apisix_runtime_repo="https://github.com/api7/apisix-build-tools.git" 31 | dashboard_repo="https://github.com/apache/apisix-dashboard" 32 | 33 | ### set the default image for deb package 34 | ifeq ($(type), deb) 35 | image_base="ubuntu" 36 | image_tag="20.04" 37 | endif 38 | # Set arch to linux/amd64 if it's not defined 39 | arch ?= linux/amd64 40 | 41 | # Detect the CPU architecture 42 | CPU_ARCH := $(shell uname -m) 43 | # Map the architecture to Docker platform 44 | ifeq ($(CPU_ARCH), arm64) 45 | arch := linux/arm64 46 | else ifeq ($(CPU_ARCH), aarch64) 47 | arch := linux/arm64 48 | endif 49 | 50 | buildx=0 51 | cache_from=type=local,src=/tmp/.buildx-cache 52 | cache_to=type=local,dest=/tmp/.buildx-cache 53 | ### function for building 54 | ### $(1) is name 55 | ### $(2) is dockerfile filename 56 | ### $(3) is package type 57 | ### $(4) is code path 58 | ifneq ($(buildx), True) 59 | define build 60 | docker build -t apache/$(1)-$(3):$(version) \ 61 | --build-arg checkout_v=$(checkout) \ 62 | --build-arg PACKAGE_TYPE=$(3) \ 63 | --build-arg VERSION=$(version) \ 64 | --build-arg RUNTIME_VERSION=$(runtime_version) \ 65 | --build-arg IMAGE_BASE=$(image_base) \ 66 | --build-arg IMAGE_TAG=$(image_tag) \ 67 | --build-arg CODE_PATH=$(4) \ 68 | --platform $(arch) \ 69 | -f ./dockerfiles/Dockerfile.$(2).$(3) . 70 | endef 71 | else 72 | define build 73 | docker buildx build -t apache/$(1)-$(3):$(version) \ 74 | --build-arg checkout_v=$(checkout) \ 75 | --build-arg PACKAGE_TYPE=$(3) \ 76 | --build-arg VERSION=$(version) \ 77 | --build-arg RUNTIME_VERSION=$(runtime_version) \ 78 | --build-arg IMAGE_BASE=$(image_base) \ 79 | --build-arg IMAGE_TAG=$(image_tag) \ 80 | --build-arg CODE_PATH=$(4) \ 81 | --load \ 82 | --cache-from=$(cache_from) \ 83 | --cache-to=$(cache_to) \ 84 | --platform $(arch) \ 85 | -f ./dockerfiles/Dockerfile.$(2).$(3) . 86 | endef 87 | endif 88 | 89 | ### function for building apisix-runtime 90 | ### $(1) is name 91 | ### $(2) is dockerfile filename 92 | ### $(3) is package type 93 | ### $(4) is code path 94 | ifneq ($(buildx), True) 95 | define build_runtime 96 | docker build -t apache/$(1)-$(3):$(runtime_version) \ 97 | --build-arg checkout_v=$(checkout) \ 98 | --build-arg VERSION=$(version) \ 99 | --build-arg RUNTIME_VERSION=$(runtime_version) \ 100 | --build-arg IMAGE_BASE=$(image_base) \ 101 | --build-arg IMAGE_TAG=$(image_tag) \ 102 | --build-arg CODE_PATH=$(4) \ 103 | --platform $(arch) \ 104 | -f ./dockerfiles/Dockerfile.$(2).$(3) . 105 | endef 106 | else 107 | define build_runtime 108 | docker buildx build -t apache/$(1)-$(3):$(runtime_version) \ 109 | --build-arg checkout_v=$(checkout) \ 110 | --build-arg VERSION=$(version) \ 111 | --build-arg RUNTIME_VERSION=$(runtime_version) \ 112 | --build-arg IMAGE_BASE=$(image_base) \ 113 | --build-arg IMAGE_TAG=$(image_tag) \ 114 | --build-arg CODE_PATH=$(4) \ 115 | --load \ 116 | --cache-from=$(cache_from) \ 117 | --cache-to=$(cache_to) \ 118 | --platform $(arch) \ 119 | -f ./dockerfiles/Dockerfile.$(2).$(3) . 120 | endef 121 | endif 122 | 123 | ### function for building image 124 | ### $(1) is name 125 | ### $(2) is dockerfile filename 126 | ### $(3) is package type 127 | ### $(4) is openresty image name 128 | ### $(5) is openresty image version 129 | ### $(6) is code path 130 | ifneq ($(buildx), True) 131 | define build-image 132 | docker build -t apache/$(1)-$(3):$(version) \ 133 | --build-arg OPENRESTY_NAME=$(4) \ 134 | --build-arg OPENRESTY_VERSION=$(5) \ 135 | --build-arg CODE_PATH=$(6) \ 136 | --platform $(arch) \ 137 | -f ./dockerfiles/Dockerfile.$(2).$(3) . 138 | endef 139 | else 140 | define build-image 141 | docker buildx build -t apache/$(1)-$(3):$(version) \ 142 | --build-arg OPENRESTY_NAME=$(4) \ 143 | --build-arg OPENRESTY_VERSION=$(5) \ 144 | --build-arg CODE_PATH=$(6) \ 145 | --load \ 146 | --cache-from=$(cache_from) \ 147 | --cache-to=$(cache_to) \ 148 | --platform $(arch) \ 149 | -f ./dockerfiles/Dockerfile.$(2).$(3) . 150 | endef 151 | endif 152 | 153 | ### function for packing 154 | ### $(1) is name 155 | ### $(2) is package type 156 | define package 157 | docker build -t apache/$(1)-packaged-$(2):$(version) \ 158 | --build-arg VERSION=$(version) \ 159 | --build-arg ITERATION=$(iteration) \ 160 | --build-arg PACKAGE_VERSION=$(version) \ 161 | --build-arg RUNTIME_VERSION=$(runtime_version) \ 162 | --build-arg PACKAGE_TYPE=$(2) \ 163 | --build-arg OPENRESTY=$(openresty) \ 164 | --build-arg ARTIFACT=$(artifact) \ 165 | --platform $(arch) \ 166 | -f ./dockerfiles/Dockerfile.package.$(1) . 167 | docker run -d --rm --name output --net="host" apache/$(1)-packaged-$(2):$(version) 168 | docker cp output:/output ${PWD} 169 | docker stop output 170 | docker system prune -a -f 171 | endef 172 | 173 | ### function for packing 174 | ### $(1) is name 175 | ### $(2) is package type 176 | define package_runtime 177 | docker build -t apache/$(1)-packaged-$(2):$(runtime_version) \ 178 | --build-arg VERSION=$(version) \ 179 | --build-arg ITERATION=$(iteration) \ 180 | --build-arg PACKAGE_VERSION=$(version) \ 181 | --build-arg RUNTIME_VERSION=$(runtime_version) \ 182 | --build-arg PACKAGE_TYPE=$(2) \ 183 | --build-arg OPENRESTY=$(openresty) \ 184 | --build-arg ARTIFACT=$(artifact) \ 185 | --platform $(arch) \ 186 | -f ./dockerfiles/Dockerfile.package.$(1) . 187 | docker run -d --rm --name output --net="host" apache/$(1)-packaged-$(2):$(runtime_version) 188 | docker cp output:/output ${PWD} 189 | docker stop output 190 | docker system prune -a -f 191 | endef 192 | 193 | ### build apisix: 194 | .PHONY: build-apisix-rpm 195 | build-apisix-rpm: 196 | ifeq ($(local_code_path), 0) 197 | git clone -b $(checkout) $(apisix_repo) --depth 1 ./apisix 198 | ./build-apisix-dashboard.sh ./apisix 199 | $(call build,apisix,apisix,rpm,"./apisix") 200 | rm -fr ./apisix 201 | else 202 | $(call build,apisix,apisix,rpm,$(local_code_path)) 203 | endif 204 | 205 | .PHONY: build-apisix-deb 206 | build-apisix-deb: 207 | ifeq ($(local_code_path), 0) 208 | git clone -b $(checkout) $(apisix_repo) --depth 1 ./apisix 209 | ./build-apisix-dashboard.sh ./apisix 210 | $(call build,apisix,apisix,deb,"./apisix") 211 | rm -fr ./apisix 212 | else 213 | $(call build,apisix,apisix,deb,$(local_code_path)) 214 | endif 215 | 216 | ### build rpm for apisix: 217 | .PHONY: package-apisix-rpm 218 | package-apisix-rpm: 219 | $(call package,apisix,rpm) 220 | 221 | .PHONY: package-apisix-deb 222 | package-apisix-deb: 223 | $(call package,apisix,deb) 224 | 225 | ### build dashboard: 226 | .PHONY: build-dashboard-rpm 227 | build-dashboard-rpm: 228 | ifeq ($(local_code_path), 0) 229 | git clone -b $(checkout) $(dashboard_repo) ./apisix-dashboard 230 | $(call build,apisix-dashboard,dashboard,rpm,"./apisix-dashboard") 231 | rm -fr ./apisix-dashboard 232 | else 233 | $(call build,apisix-dashboard,dashboard,rpm,$(local_code_path)) 234 | endif 235 | 236 | .PHONY: build-dashboard-deb 237 | build-dashboard-deb: 238 | ifeq ($(local_code_path), 0) 239 | git clone -b $(checkout) $(dashboard_repo) ./apisix-dashboard 240 | $(call build,apisix-dashboard,dashboard,deb,"./apisix-dashboard") 241 | rm -fr ./apisix-dashboard 242 | else 243 | $(call build,apisix-dashboard,dashboard,deb,$(local_code_path)) 244 | endif 245 | 246 | ### build rpm for apisix dashboard: 247 | .PHONY: package-dashboard-rpm 248 | package-dashboard-rpm: 249 | $(call package,apisix-dashboard,rpm) 250 | 251 | ### build deb for apisix dashboard: 252 | .PHONY: package-dashboard-deb 253 | package-dashboard-deb: 254 | $(call package,apisix-dashboard,deb) 255 | 256 | ### build apisix-runtime: 257 | .PHONY: build-apisix-runtime-rpm 258 | build-apisix-runtime-rpm: 259 | ifeq ($(app),apisix) 260 | ifneq ($(runtime_version),0) 261 | git clone -b apisix-runtime/$(runtime_version) $(apisix_runtime_repo) ./apisix-runtime 262 | $(call build_runtime,apisix-runtime,apisix-runtime,rpm,"./apisix-runtime") 263 | rm -fr ./apisix-runtime 264 | else 265 | $(call build_runtime,apisix-runtime,apisix-runtime,rpm,"./") 266 | endif 267 | else 268 | $(call build_runtime,apisix-runtime,apisix-runtime,rpm,"./") 269 | endif 270 | 271 | .PHONY: build-apisix-runtime-deb 272 | build-apisix-runtime-deb: 273 | ifeq ($(app),apisix) 274 | ifneq ($(runtime_version),0) 275 | git clone -b apisix-runtime/$(runtime_version) $(apisix_runtime_repo) ./apisix-runtime 276 | $(call build_runtime,apisix-runtime,apisix-runtime,deb,"./apisix-runtime") 277 | rm -fr ./apisix-runtime 278 | else 279 | $(call build_runtime,apisix-runtime,apisix-runtime,deb,"./") 280 | endif 281 | else 282 | $(call build_runtime,apisix-runtime,apisix-runtime,deb,"./") 283 | endif 284 | 285 | ### build rpm for apisix-runtime: 286 | .PHONY: package-apisix-runtime-rpm 287 | package-apisix-runtime-rpm: 288 | $(call package_runtime,apisix-runtime,rpm) 289 | 290 | ### build deb for apisix-runtime: 291 | .PHONY: package-apisix-runtime-deb 292 | package-apisix-runtime-deb: 293 | $(call package_runtime,apisix-runtime,deb) 294 | 295 | ### build apisix-base: 296 | .PHONY: build-apisix-base-rpm 297 | build-apisix-base-rpm: 298 | $(call build,apisix-base,apisix-base,rpm,$(local_code_path)) 299 | 300 | .PHONY: build-apisix-base-deb 301 | build-apisix-base-deb: 302 | $(call build,apisix-base,apisix-base,deb,$(local_code_path)) 303 | 304 | .PHONY: build-apisix-base-apk 305 | build-apisix-base-apk: 306 | $(call build,apisix-base,apisix-base,apk,$(local_code_path)) 307 | 308 | ### build rpm for apisix-base: 309 | .PHONY: package-apisix-base-rpm 310 | package-apisix-base-rpm: 311 | $(call package,apisix-base,rpm) 312 | 313 | ### build deb for apisix-base: 314 | .PHONY: package-apisix-base-deb 315 | package-apisix-base-deb: 316 | $(call package,apisix-base,deb) 317 | 318 | ### build fpm for packaging: 319 | .PHONY: build-fpm 320 | ifneq ($(buildx), True) 321 | build-fpm: 322 | docker build --platform $(arch) -t api7/fpm - < ./dockerfiles/Dockerfile.fpm 323 | else 324 | build-fpm: 325 | docker buildx build \ 326 | --load \ 327 | --cache-from=$(cache_from) \ 328 | --cache-to=$(cache_to) \ 329 | --platform $(arch) \ 330 | -t api7/fpm - < ./dockerfiles/Dockerfile.fpm 331 | endif 332 | 333 | ifeq ($(filter $(app),apisix dashboard apisix-base apisix-runtime),) 334 | $(info the app's value have to be apisix, dashboard, apisix-base and apisix-runtime!) 335 | 336 | else ifeq ($(filter $(type),rpm deb apk),) 337 | $(info the type's value have to be rpm, deb or apk!) 338 | 339 | else ifeq ($(app)_$(type),apisix-base_rpm) 340 | package: build-fpm 341 | package: build-apisix-base-rpm 342 | package: package-apisix-base-rpm 343 | 344 | else ifeq ($(app)_$(type),apisix-base_deb) 345 | package: build-fpm 346 | package: build-apisix-base-deb 347 | package: package-apisix-base-deb 348 | 349 | else ifeq ($(app)_$(type),apisix-runtime_deb) 350 | package: build-fpm 351 | package: build-apisix-runtime-deb 352 | package: package-apisix-runtime-deb 353 | 354 | else ifeq ($(app)_$(type),apisix-runtime_rpm) 355 | package: build-fpm 356 | package: build-apisix-runtime-rpm 357 | package: package-apisix-runtime-rpm 358 | 359 | else ifeq ($(app)_$(type),apisix-base_apk) 360 | package: build-apisix-base-apk 361 | 362 | else ifeq ($(checkout), 0) 363 | $(info you have to input a checkout value!) 364 | 365 | else ifeq ($(app)_$(type),apisix_rpm) 366 | package: build-fpm 367 | package: build-apisix-runtime-rpm 368 | package: build-apisix-rpm 369 | package: package-apisix-rpm 370 | 371 | else ifeq ($(app)_$(type),apisix_deb) 372 | package: build-fpm 373 | package: build-apisix-runtime-deb 374 | package: build-apisix-deb 375 | package: package-apisix-deb 376 | 377 | else ifeq ($(app)_$(type),dashboard_rpm) 378 | package: build-fpm 379 | package: build-dashboard-rpm 380 | package: package-dashboard-rpm 381 | 382 | else ifeq ($(app)_$(type),dashboard_deb) 383 | package: build-fpm 384 | package: build-dashboard-deb 385 | package: package-dashboard-deb 386 | 387 | endif 388 | -------------------------------------------------------------------------------- /conf/openssl3/openssl.cnf: -------------------------------------------------------------------------------- 1 | # 2 | # OpenSSL example configuration file. 3 | # See doc/man5/config.pod for more info. 4 | # 5 | # This is mostly being used for generation of certificate requests, 6 | # but may be used for auto loading of providers 7 | 8 | # Note that you can include other files from the main configuration 9 | # file using the .include directive. 10 | #.include filename 11 | 12 | # This definition stops the following lines choking if HOME isn't 13 | # defined. 14 | HOME = . 15 | 16 | # Use this in order to automatically load providers. 17 | openssl_conf = openssl_init 18 | 19 | # Comment out the next line to ignore configuration errors 20 | config_diagnostics = 1 21 | 22 | # Extra OBJECT IDENTIFIER info: 23 | # oid_file = $ENV::HOME/.oid 24 | oid_section = new_oids 25 | 26 | # To use this configuration file with the "-extfile" option of the 27 | # "openssl x509" utility, name here the section containing the 28 | # X.509v3 extensions to use: 29 | # extensions = 30 | # (Alternatively, use a configuration file that has only 31 | # X.509v3 extensions in its main [= default] section.) 32 | 33 | [ new_oids ] 34 | # We can add new OIDs in here for use by 'ca', 'req' and 'ts'. 35 | # Add a simple OID like this: 36 | # testoid1=1.2.3.4 37 | # Or use config file substitution like this: 38 | # testoid2=${testoid1}.5.6 39 | 40 | # Policies used by the TSA examples. 41 | tsa_policy1 = 1.2.3.4.1 42 | tsa_policy2 = 1.2.3.4.5.6 43 | tsa_policy3 = 1.2.3.4.5.7 44 | 45 | # For FIPS 46 | # Optionally include a file that is generated by the OpenSSL fipsinstall 47 | # application. This file contains configuration data required by the OpenSSL 48 | # fips provider. It contains a named section e.g. [fips_sect] which is 49 | # referenced from the [provider_sect] below. 50 | # Refer to the OpenSSL security policy for more information. 51 | # .include fipsmodule.cnf 52 | 53 | [openssl_init] 54 | providers = provider_sect 55 | ssl_conf = ssl_sect 56 | 57 | # List of providers to load 58 | [provider_sect] 59 | default = default_sect 60 | # The fips section name should match the section name inside the 61 | # included fipsmodule.cnf. 62 | # fips = fips_sect 63 | 64 | # If no providers are activated explicitly, the default one is activated implicitly. 65 | # See man 7 OSSL_PROVIDER-default for more details. 66 | # 67 | # If you add a section explicitly activating any other provider(s), you most 68 | # probably need to explicitly activate the default provider, otherwise it 69 | # becomes unavailable in openssl. As a consequence applications depending on 70 | # OpenSSL may not work correctly which could lead to significant system 71 | # problems including inability to remotely access the system. 72 | [default_sect] 73 | # activate = 1 74 | 75 | 76 | #################################################################### 77 | [ ca ] 78 | default_ca = CA_default # The default ca section 79 | 80 | #################################################################### 81 | [ CA_default ] 82 | 83 | dir = ./demoCA # Where everything is kept 84 | certs = $dir/certs # Where the issued certs are kept 85 | crl_dir = $dir/crl # Where the issued crl are kept 86 | database = $dir/index.txt # database index file. 87 | #unique_subject = no # Set to 'no' to allow creation of 88 | # several certs with same subject. 89 | new_certs_dir = $dir/newcerts # default place for new certs. 90 | 91 | certificate = $dir/cacert.pem # The CA certificate 92 | serial = $dir/serial # The current serial number 93 | crlnumber = $dir/crlnumber # the current crl number 94 | # must be commented out to leave a V1 CRL 95 | crl = $dir/crl.pem # The current CRL 96 | private_key = $dir/private/cakey.pem# The private key 97 | 98 | x509_extensions = usr_cert # The extensions to add to the cert 99 | 100 | # Comment out the following two lines for the "traditional" 101 | # (and highly broken) format. 102 | name_opt = ca_default # Subject Name options 103 | cert_opt = ca_default # Certificate field options 104 | 105 | # Extension copying option: use with caution. 106 | # copy_extensions = copy 107 | 108 | # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs 109 | # so this is commented out by default to leave a V1 CRL. 110 | # crlnumber must also be commented out to leave a V1 CRL. 111 | # crl_extensions = crl_ext 112 | 113 | default_days = 365 # how long to certify for 114 | default_crl_days= 30 # how long before next CRL 115 | default_md = default # use public key default MD 116 | preserve = no # keep passed DN ordering 117 | 118 | # A few difference way of specifying how similar the request should look 119 | # For type CA, the listed attributes must be the same, and the optional 120 | # and supplied fields are just that :-) 121 | policy = policy_match 122 | 123 | # For the CA policy 124 | [ policy_match ] 125 | countryName = match 126 | stateOrProvinceName = match 127 | organizationName = match 128 | organizationalUnitName = optional 129 | commonName = supplied 130 | emailAddress = optional 131 | 132 | # For the 'anything' policy 133 | # At this point in time, you must list all acceptable 'object' 134 | # types. 135 | [ policy_anything ] 136 | countryName = optional 137 | stateOrProvinceName = optional 138 | localityName = optional 139 | organizationName = optional 140 | organizationalUnitName = optional 141 | commonName = supplied 142 | emailAddress = optional 143 | 144 | #################################################################### 145 | [ req ] 146 | default_bits = 2048 147 | default_keyfile = privkey.pem 148 | distinguished_name = req_distinguished_name 149 | attributes = req_attributes 150 | x509_extensions = v3_ca # The extensions to add to the self signed cert 151 | 152 | # Passwords for private keys if not present they will be prompted for 153 | # input_password = secret 154 | # output_password = secret 155 | 156 | # This sets a mask for permitted string types. There are several options. 157 | # default: PrintableString, T61String, BMPString. 158 | # pkix : PrintableString, BMPString (PKIX recommendation before 2004) 159 | # utf8only: only UTF8Strings (PKIX recommendation after 2004). 160 | # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). 161 | # MASK:XXXX a literal mask value. 162 | # WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. 163 | string_mask = utf8only 164 | 165 | # req_extensions = v3_req # The extensions to add to a certificate request 166 | 167 | [ req_distinguished_name ] 168 | countryName = Country Name (2 letter code) 169 | countryName_default = AU 170 | countryName_min = 2 171 | countryName_max = 2 172 | 173 | stateOrProvinceName = State or Province Name (full name) 174 | stateOrProvinceName_default = Some-State 175 | 176 | localityName = Locality Name (eg, city) 177 | 178 | 0.organizationName = Organization Name (eg, company) 179 | 0.organizationName_default = Internet Widgits Pty Ltd 180 | 181 | # we can do this but it is not needed normally :-) 182 | #1.organizationName = Second Organization Name (eg, company) 183 | #1.organizationName_default = World Wide Web Pty Ltd 184 | 185 | organizationalUnitName = Organizational Unit Name (eg, section) 186 | #organizationalUnitName_default = 187 | 188 | commonName = Common Name (e.g. server FQDN or YOUR name) 189 | commonName_max = 64 190 | 191 | emailAddress = Email Address 192 | emailAddress_max = 64 193 | 194 | # SET-ex3 = SET extension number 3 195 | 196 | [ req_attributes ] 197 | challengePassword = A challenge password 198 | challengePassword_min = 4 199 | challengePassword_max = 20 200 | 201 | unstructuredName = An optional company name 202 | 203 | [ usr_cert ] 204 | 205 | # These extensions are added when 'ca' signs a request. 206 | 207 | # This goes against PKIX guidelines but some CAs do it and some software 208 | # requires this to avoid interpreting an end user certificate as a CA. 209 | 210 | basicConstraints=CA:FALSE 211 | 212 | # This is typical in keyUsage for a client certificate. 213 | # keyUsage = nonRepudiation, digitalSignature, keyEncipherment 214 | 215 | # PKIX recommendations harmless if included in all certificates. 216 | subjectKeyIdentifier=hash 217 | authorityKeyIdentifier=keyid,issuer 218 | 219 | # This stuff is for subjectAltName and issuerAltname. 220 | # Import the email address. 221 | # subjectAltName=email:copy 222 | # An alternative to produce certificates that aren't 223 | # deprecated according to PKIX. 224 | # subjectAltName=email:move 225 | 226 | # Copy subject details 227 | # issuerAltName=issuer:copy 228 | 229 | # This is required for TSA certificates. 230 | # extendedKeyUsage = critical,timeStamping 231 | 232 | [ v3_req ] 233 | 234 | # Extensions to add to a certificate request 235 | 236 | basicConstraints = CA:FALSE 237 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment 238 | 239 | [ v3_ca ] 240 | 241 | 242 | # Extensions for a typical CA 243 | 244 | 245 | # PKIX recommendation. 246 | 247 | subjectKeyIdentifier=hash 248 | 249 | authorityKeyIdentifier=keyid:always,issuer 250 | 251 | basicConstraints = critical,CA:true 252 | 253 | # Key usage: this is typical for a CA certificate. However since it will 254 | # prevent it being used as an test self-signed certificate it is best 255 | # left out by default. 256 | # keyUsage = cRLSign, keyCertSign 257 | 258 | # Include email address in subject alt name: another PKIX recommendation 259 | # subjectAltName=email:copy 260 | # Copy issuer details 261 | # issuerAltName=issuer:copy 262 | 263 | # DER hex encoding of an extension: beware experts only! 264 | # obj=DER:02:03 265 | # Where 'obj' is a standard or added object 266 | # You can even override a supported extension: 267 | # basicConstraints= critical, DER:30:03:01:01:FF 268 | 269 | [ crl_ext ] 270 | 271 | # CRL extensions. 272 | # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. 273 | 274 | # issuerAltName=issuer:copy 275 | authorityKeyIdentifier=keyid:always 276 | 277 | [ proxy_cert_ext ] 278 | # These extensions should be added when creating a proxy certificate 279 | 280 | # This goes against PKIX guidelines but some CAs do it and some software 281 | # requires this to avoid interpreting an end user certificate as a CA. 282 | 283 | basicConstraints=CA:FALSE 284 | 285 | # This is typical in keyUsage for a client certificate. 286 | # keyUsage = nonRepudiation, digitalSignature, keyEncipherment 287 | 288 | # PKIX recommendations harmless if included in all certificates. 289 | subjectKeyIdentifier=hash 290 | authorityKeyIdentifier=keyid,issuer 291 | 292 | # This stuff is for subjectAltName and issuerAltname. 293 | # Import the email address. 294 | # subjectAltName=email:copy 295 | # An alternative to produce certificates that aren't 296 | # deprecated according to PKIX. 297 | # subjectAltName=email:move 298 | 299 | # Copy subject details 300 | # issuerAltName=issuer:copy 301 | 302 | # This really needs to be in place for it to be a proxy certificate. 303 | proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo 304 | 305 | #################################################################### 306 | [ tsa ] 307 | 308 | default_tsa = tsa_config1 # the default TSA section 309 | 310 | [ tsa_config1 ] 311 | 312 | # These are used by the TSA reply generation only. 313 | dir = ./demoCA # TSA root directory 314 | serial = $dir/tsaserial # The current serial number (mandatory) 315 | crypto_device = builtin # OpenSSL engine to use for signing 316 | signer_cert = $dir/tsacert.pem # The TSA signing certificate 317 | # (optional) 318 | certs = $dir/cacert.pem # Certificate chain to include in reply 319 | # (optional) 320 | signer_key = $dir/private/tsakey.pem # The TSA private key (optional) 321 | signer_digest = sha256 # Signing digest to use. (Optional) 322 | default_policy = tsa_policy1 # Policy if request did not specify it 323 | # (optional) 324 | other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) 325 | digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) 326 | accuracy = secs:1, millisecs:500, microsecs:100 # (optional) 327 | clock_precision_digits = 0 # number of digits after dot. (optional) 328 | ordering = yes # Is ordering defined for timestamps? 329 | # (optional, default: no) 330 | tsa_name = yes # Must the TSA name be included in the reply? 331 | # (optional, default: no) 332 | ess_cert_id_chain = no # Must the ESS cert id chain be included? 333 | # (optional, default: no) 334 | ess_cert_id_alg = sha1 # algorithm to compute certificate 335 | # identifier (optional, default: sha1) 336 | 337 | [insta] # CMP using Insta Demo CA 338 | # Message transfer 339 | server = pki.certificate.fi:8700 340 | # proxy = # set this as far as needed, e.g., http://192.168.1.1:8080 341 | # tls_use = 0 342 | path = pkix/ 343 | 344 | # Server authentication 345 | recipient = "/C=FI/O=Insta Demo/CN=Insta Demo CA" # or set srvcert or issuer 346 | ignore_keyusage = 1 # potentially needed quirk 347 | unprotected_errors = 1 # potentially needed quirk 348 | extracertsout = insta.extracerts.pem 349 | 350 | # Client authentication 351 | ref = 3078 # user identification 352 | secret = pass:insta # can be used for both client and server side 353 | 354 | # Generic message options 355 | cmd = ir # default operation, can be overridden on cmd line with, e.g., kur 356 | 357 | # Certificate enrollment 358 | subject = "/CN=openssl-cmp-test" 359 | newkey = insta.priv.pem 360 | out_trusted = insta.ca.crt 361 | certout = insta.cert.pem 362 | 363 | [pbm] # Password-based protection for Insta CA 364 | # Server and client authentication 365 | ref = $insta::ref # 3078 366 | secret = $insta::secret # pass:insta 367 | 368 | [signature] # Signature-based protection for Insta CA 369 | # Server authentication 370 | trusted = insta.ca.crt # does not include keyUsage digitalSignature 371 | 372 | # Client authentication 373 | secret = # disable PBM 374 | key = $insta::newkey # insta.priv.pem 375 | cert = $insta::certout # insta.cert.pem 376 | 377 | [ir] 378 | cmd = ir 379 | 380 | [cr] 381 | cmd = cr 382 | 383 | [kur] 384 | # Certificate update 385 | cmd = kur 386 | oldcert = $insta::certout # insta.cert.pem 387 | 388 | [rr] 389 | # Certificate revocation 390 | cmd = rr 391 | oldcert = $insta::certout # insta.cert.pem 392 | 393 | [ssl_sect] 394 | system_default = system_default_sect 395 | 396 | [system_default_sect] 397 | CipherString = DEFAULT:@SECLEVEL=0 398 | --------------------------------------------------------------------------------