feat: build and push custom images on ghcr registry

- 2 workflows + 1 reusable workflow
- 3 customs dockerfiles

Signed-off-by: sylvain-pierrot <[email protected]>

Author: sylvain-pierrot

.github/workflows/build-push-action.yml

@@ -0,0 +1,65 @@
+name: Build and push action
+
+on:
+  workflow_call:
+    inputs:
+      registry:
+        required: true
+        type: string
+      image-name:
+        required: true
+        type: string
+      context:
+        required: true
+        type: string
+      target:
+        required: true
+        type: string
+      file:
+        required: true
+        type: string
+
+jobs:
+  build-and-push:
+    name: Build and publish image webapp to ghcr.io
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+
+      ## Authenticate to registry repo github
+      ##
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ inputs.registry }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      ## Build and push Docker image
+      ##
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ inputs.registry }}/${{ github.repository }}/${{ inputs.image-name }}
+          tags: |
+            type=sha
+            type=raw,value=latest
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: ${{ inputs.context }}
+          file: ${{ inputs.context }}/${{ inputs.file }}
+          target: ${{ inputs.target }}
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=registry,ref=${{ inputs.registry }}/${{ github.repository }}/${{ inputs.image-name }}:buildcache
+          cache-to: type=registry,ref=${{ inputs.registry }}/${{ github.repository }}/${{ inputs.image-name }}:buildcache,mode=max

.github/workflows/ci-kasm-desktop.yml

@@ -0,0 +1,23 @@
+name: "[CI] Desktop"
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - "develop"
+    paths:
+      - "images/desktop/**"
+
+jobs:
+  build-and-push:
+    name: Build and push action
+    permissions:
+      contents: read
+      packages: write
+    uses: ./.github/workflows/build-push-action.yml
+    with:
+      registry: ghcr.io
+      image-name: desktop
+      context: "."
+      target: ""
+      file: custom-images/desktop/Dockerfile-kasm-desktop

.github/workflows/ci-kasm-terminal.yml

@@ -0,0 +1,23 @@
+name: "[CI] Terminal"
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - "develop"
+    paths:
+      - "images/terminal/**"
+
+jobs:
+  build-and-push:
+    name: Build and push action
+    permissions:
+      contents: read
+      packages: write
+    uses: ./.github/workflows/build-push-action.yml
+    with:
+      registry: ghcr.io
+      image-name: terminal
+      context: "."
+      target: ""
+      file: custom-images/terminal/Dockerfile-kasm-terminal

custom-images/desktop/Dockerfile-kasm-desktop

@@ -0,0 +1,46 @@
+ARG BASE_TAG="develop"
+ARG BASE_IMAGE="core-ubuntu-focal"
+FROM kasmweb/$BASE_IMAGE:$BASE_TAG
+USER root
+
+ENV HOME=/home/kasm-default-profile
+ENV STARTUPDIR=/dockerstartup
+ENV INST_SCRIPTS=$STARTUPDIR/install
+WORKDIR $HOME
+
+######### Customize Container Here ###########
+
+# Add Kasm Branding
+RUN cp /usr/share/backgrounds/bg_kasm.png /usr/share/backgrounds/bg_default.png
+RUN cp /usr/share/extra/icons/icon_kasm.png /usr/share/extra/icons/icon_default.png
+RUN sed -i 's/ubuntu-mono-dark/elementary-xfce/g' $HOME/.config/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml
+
+# Install Utilities
+COPY ./src/ubuntu/install/misc $INST_SCRIPTS/misc/
+RUN bash $INST_SCRIPTS/misc/install_tools.sh && rm -rf $INST_SCRIPTS/misc/
+
+# Install Google Chrome
+COPY ./src/ubuntu/install/chrome $INST_SCRIPTS/chrome/
+RUN bash $INST_SCRIPTS/chrome/install_chrome.sh  && rm -rf $INST_SCRIPTS/chrome/
+
+# Install Firefox
+COPY ./src/ubuntu/install/firefox/ $INST_SCRIPTS/firefox/
+COPY ./src/ubuntu/install/firefox/firefox.desktop $HOME/Desktop/
+RUN bash $INST_SCRIPTS/firefox/install_firefox.sh && rm -rf $INST_SCRIPTS/firefox/
+
+# Install Custom Certificate Authority
+# COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/
+# RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/
+
+
+
+######### End Customizations ###########
+
+RUN chown 1000:0 $HOME
+RUN $STARTUPDIR/set_user_permission.sh $HOME
+
+ENV HOME=/home/kasm-user
+WORKDIR $HOME
+RUN mkdir -p $HOME && chown -R 1000:0 $HOME
+
+USER 1000

custom-images/proxy/Dockerfile-nchc-proxy

@@ -0,0 +1,36 @@
+FROM kasmweb/desktop:1.15.0
+USER root
+
+ENV HOME=/home/kasm-default-profile
+ENV STARTUPDIR=/dockerstartup
+ENV INST_SCRIPTS=$STARTUPDIR/install
+WORKDIR $HOME
+
+######### Customize Container Here ###########
+# Install tools
+ENV INST_DIR=$STARTUPDIR/install
+COPY ./src/ $INST_DIR
+RUN bash $INST_SCRIPTS/ubuntu/install/s3cmd/install_s3cmd.sh
+
+# Install Custom Certificate Authority
+COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/
+RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/
+
+ENV http_proxy=http://proxy.sensimesh.nchc.org.tw:3128
+ENV https_proxy=http://proxy.sensimesh.nchc.org.tw:3128
+ENV ftp_proxy=http://proxy.sensimesh.nchc.org.tw:3128
+ENV no_proxy=.sensimesh.nchc.org.tw
+
+COPY ./proxy.json /etc/opt/chrome/policies/managed/proxy.json
+COPY ./policies.json /usr/lib/firefox/distribution/policies.json
+
+######### End Customizations ###########
+
+RUN chown 1000:0 $HOME
+RUN $STARTUPDIR/set_user_permission.sh $HOME
+
+ENV HOME=/home/kasm-user
+WORKDIR $HOME
+RUN mkdir -p $HOME && chown -R 1000:0 $HOME
+
+USER 1000

custom-images/terminal/Dockerfile-kasm-terminal

@@ -0,0 +1,64 @@
+ARG BASE_TAG="develop"
+ARG BASE_IMAGE="core-ubuntu-focal"
+FROM kasmweb/$BASE_IMAGE:$BASE_TAG
+USER root
+
+ENV HOME=/home/kasm-default-profile
+ENV STARTUPDIR=/dockerstartup
+ENV INST_SCRIPTS=$STARTUPDIR/install
+WORKDIR $HOME
+
+######### Customize Container Here ###########
+
+RUN apt-get update && apt-get install -y tmux screen nano dnsutils zip p7zip-full rclone s3cmd wget curl net-tools
+
+RUN echo "set -g mouse on" > $HOME/.tmux.conf && chown 1000:1000  $HOME/.tmux.conf
+
+### Update .bashrc to run an arbitrary command if specified as an environment variable
+RUN echo "if [ ! -z \"\${SHELL_EXEC}\" ] && [ \"\${TERM}\" == \"xterm-256color\" ] ; \n\
+then \n\
+    set +e \n\
+    eval \${SHELL_EXEC} \n\
+fi  " >> $HOME/.bashrc && chown 1000:1000  $HOME/.bashrc
+
+# Install Custom Certificate Authority
+COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/
+RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/
+
+COPY ./proxy.json /etc/opt/chrome/policies/managed/proxy.json
+COPY ./policies.json /usr/lib/firefox/distribution/policies.json
+
+
+### Install Ansible
+COPY ./src/ubuntu/install/ansible $INST_SCRIPTS/ansible/
+RUN bash $INST_SCRIPTS/ansible/install_ansible.sh  && rm -rf $INST_SCRIPTS/ansible/
+
+### Install Terraform
+COPY ./src/ubuntu/install/terraform $INST_SCRIPTS/terraform/
+RUN bash $INST_SCRIPTS/terraform/install_terraform.sh  && rm -rf $INST_SCRIPTS/terraform/
+
+COPY ./src/ubuntu/install/terminal/custom_startup.sh $STARTUPDIR/custom_startup.sh
+RUN chmod +x $STARTUPDIR/custom_startup.sh
+RUN chmod 755 $STARTUPDIR/custom_startup.sh
+
+# Update the desktop environment to be optimized for a single application
+RUN cp $HOME/.config/xfce4/xfconf/single-application-xfce-perchannel-xml/* $HOME/.config/xfce4/xfconf/xfce-perchannel-xml/
+RUN cp /usr/share/backgrounds/bg_kasm.png /usr/share/backgrounds/bg_default.png
+RUN apt-get remove -y xfce4-panel
+
+
+######### End Customizations ###########
+
+ENV http_proxy=http://proxy.sensimesh.nchc.org.tw:3128
+ENV https_proxy=http://proxy.sensimesh.nchc.org.tw:3128
+ENV ftp_proxy=http://proxy.sensimesh.nchc.org.tw:3128
+ENV no_proxy=.sensimesh.nchc.org.tw
+
+RUN chown 1000:0 $HOME
+RUN $STARTUPDIR/set_user_permission.sh $HOME
+
+ENV HOME=/home/kasm-user
+WORKDIR $HOME
+RUN mkdir -p $HOME && chown -R 1000:0 $HOME
+
+USER 1000