This is an automated email from the ASF dual-hosted git repository.
abhi pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/ranger-tools.git
commit 25a75e359a39f91336f82526221ed509e1c34a2e
Author: Attila Doroszlai <adorosz...@apache.org>
AuthorDate: Sun Jun 29 17:31:02 2025 -0700
RANGER-5158: Enable building ranger base images with CI in
apache/ranger-tools
Co-authored-by: Abhishek Kumar <a...@apache.org>
---
.github/workflows/build-and-tag.yaml | 86 ++++++++++++++++++++++++++++++++
.github/workflows/build.yaml | 95 ++++++++++++++++++++++++++++++++++++
.github/workflows/pr.yaml | 30 ++++++++++++
.github/workflows/push.yaml | 42 ++++++++++++++++
README.md | 22 +++++++++
docker/Dockerfile | 67 +++++++++++++++++++++++++
docker/README.md | 24 +++++++++
docker/build.sh | 24 +++++++++
8 files changed, 390 insertions(+)
diff --git a/.github/workflows/build-and-tag.yaml
b/.github/workflows/build-and-tag.yaml
new file mode 100644
index 0000000..d190e94
--- /dev/null
+++ b/.github/workflows/build-and-tag.yaml
@@ -0,0 +1,86 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: build-and-tag
+
+# This workflow builds (if necessary) and tags the Docker image.
+
+on:
+ workflow_call:
+ inputs:
+ java-version:
+ type: string
+ description: "JDK version (default: 8)"
+ default: '8'
+ required: false
+
+jobs:
+ build:
+ uses: ./.github/workflows/build.yaml
+ with:
+ java-version: ${{ inputs.java-version }}
+
+ tag:
+ needs: build
+ if: ${{ github.ref_type == 'tag' }}
+ runs-on: ubuntu-latest
+ env:
+ DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
+ IMAGE_ID: ${{ needs.build.outputs.image-id }}
+ REGISTRIES: ghcr.io # docker.io is appended dynamically
+ steps:
+ - name: Generate tags
+ uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81
+ with:
+ images: |
+ ${{ github.repository_owner }}/ranger-base
+ tags: |
+ type=ref,event=tag
+ flavor: |
+ latest=false
+ suffix=-${{ inputs.java-version }}
+
+ - name: Add Docker Hub to targets
+ if: ${{ env.DOCKERHUB_USER }}
+ run: |
+ echo "REGISTRIES=${{ env.REGISTRIES }} docker.io" >> $GITHUB_ENV
+
+ - name: Pull image
+ run: |
+ docker pull "$IMAGE_ID"
+
+ - name: Login to GitHub Container Registry
+ uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
+ with:
+ registry: ghcr.io
+ username: ${{ github.repository_owner }}
+ password: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Login to Docker Hub
+ if: ${{ env.DOCKERHUB_USER }}
+ uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
+ with:
+ username: ${{ env.DOCKERHUB_USER }}
+ password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+ - name: Apply tags to existing image
+ run: |
+ set -x
+ for registry in $REGISTRIES; do
+ opts="$(echo "$DOCKER_METADATA_OUTPUT_TAGS" | sed "s@^@--tag
$registry/@g" | xargs echo)"
+ if [[ -n "$opts" ]]; then
+ docker buildx imagetools create $opts "$IMAGE_ID"
+ fi
+ done
\ No newline at end of file
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
new file mode 100644
index 0000000..48f41e8
--- /dev/null
+++ b/.github/workflows/build.yaml
@@ -0,0 +1,95 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: build
+
+# This workflow builds the Ranger Base Docker Image if it does not exist
already.
+# For non-PR runs, it also publishes the image to the registry, tagging it by
the full SHA of the commit.
+
+on:
+ workflow_call:
+ inputs:
+ java-version:
+ type: string
+ description: "JDK version (default: 8)"
+ default: '8'
+ required: false
+ outputs:
+ image-id:
+ description: "Docker image ID in repo/owner/name:tag format"
+ value: ${{ jobs.build.outputs.image-id }}
+
+concurrency:
+ group: ${{ github.sha }}-${{ inputs.java-version }}
+ cancel-in-progress: false
+
+env:
+ RANGER_BASE_JAVA_VERSION: ${{ inputs.java-version }}
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ outputs:
+ image-id: ${{ steps.meta.outputs.tags }}
+ steps:
+ - name: Generate image ID
+ id: meta
+ uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81
+ with:
+ images: |
+ ghcr.io/${{ github.repository_owner }}/ranger-base
+ tags: |
+ # keep single item
+ # any further tags should be added only in build-and-tag.yaml, not
here
+ type=sha,format=long,prefix=,suffix=-${{ inputs.java-version }}
+
+ - name: Check if image exists
+ id: pull
+ run: |
+ success=false
+ if docker pull "$DOCKER_METADATA_OUTPUT_TAGS"; then
+ success=true
+ fi
+
+ echo "success=$success" >> $GITHUB_OUTPUT
+
+ - name: Set up QEMU
+ if: ${{ steps.pull.outputs.success == 'false' }}
+ uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf
+
+ - name: Set up Docker Buildx
+ if: ${{ steps.pull.outputs.success == 'false' }}
+ uses:
docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349
+
+ - name: Login to GitHub Container Registry
+ id: login
+ if: ${{ github.event_name != 'pull_request' &&
steps.pull.outputs.success == 'false' }}
+ uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
+ with:
+ registry: ghcr.io
+ username: ${{ github.repository_owner }}
+ password: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Build and push image to GitHub Container Registry
+ id: build
+ if: ${{ steps.pull.outputs.success == 'false' }}
+ uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75
+ with:
+ file: docker/Dockerfile
+ build-args: RANGER_BASE_JAVA_VERSION
+ platforms: linux/amd64,linux/arm64
+ push: ${{ github.event_name != 'pull_request' }}
+ tags: ${{ steps.meta.outputs.tags }}
+ labels: ${{ steps.meta.outputs.labels }}
\ No newline at end of file
diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml
new file mode 100644
index 0000000..bd64a29
--- /dev/null
+++ b/.github/workflows/pr.yaml
@@ -0,0 +1,30 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: PR
+
+# This workflow builds the image for pull requests.
+
+on:
+ pull_request:
+ types: [opened, ready_for_review, synchronize]
+ paths:
+ - 'docker/**'
+ - '.github/workflows/build.yaml'
+ - '.github/workflows/pr.yaml'
+
+jobs:
+ build:
+ uses: ./.github/workflows/build.yaml
diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml
new file mode 100644
index 0000000..83c57a6
--- /dev/null
+++ b/.github/workflows/push.yaml
@@ -0,0 +1,42 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: push
+
+# This workflow builds (if necessary) and tags the Docker image,
+# possibly for multiple Java versions.
+
+on:
+ push:
+ paths:
+ - 'docker/**'
+ - '.github/workflows/build.yaml'
+ - '.github/workflows/build-and-tag.yaml'
+ - '.github/workflows/push.yaml'
+
+permissions:
+ contents: read
+ packages: write
+
+jobs:
+ build-and-tag:
+ uses: ./.github/workflows/build-and-tag.yaml
+ strategy:
+ matrix:
+ java: [ 8, 11, 17 ]
+ fail-fast: false
+ with:
+ java-version: ${{ matrix.java }}
+ secrets: inherit
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..708d1bb
--- /dev/null
+++ b/README.md
@@ -0,0 +1,22 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+# Apache Ranger Tools
+
+[ranger-tools](https://github.com/apache/ranger-tools) contains utilities for:
+- ranger docker base image development
+- examples of how an application can be used with Apache Ranger as the
authorization framework
diff --git a/docker/Dockerfile b/docker/Dockerfile
new file mode 100644
index 0000000..6ba1a83
--- /dev/null
+++ b/docker/Dockerfile
@@ -0,0 +1,67 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# see https://hub.docker.com/_/eclipse-temurin/tags
+ARG RANGER_BASE_JAVA_VERSION=8
+
+# Ubuntu 22.04 LTS
+FROM eclipse-temurin:${RANGER_BASE_JAVA_VERSION}-jdk-jammy
+
+# Install packages
+RUN apt update -q \
+ && DEBIAN_FRONTEND="noninteractive" apt install -y --no-install-recommends
\
+ bc \
+ iputils-ping \
+ pdsh \
+ python3 \
+ python3-pip \
+ python-is-python3 \
+ ssh \
+ tzdata \
+ vim \
+ xmlstarlet \
+ && apt clean
+
+# Install Python modules
+RUN pip install apache-ranger requests \
+ && rm -rf ~/.cache/pip
+
+# Set environment variables
+ENV RANGER_DIST=/home/ranger/dist
+ENV RANGER_SCRIPTS=/home/ranger/scripts
+ENV RANGER_HOME=/opt/ranger
+ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+# setup groups, users, directories
+RUN groupadd ranger \
+ && for u in ranger rangeradmin rangerusersync rangertagsync rangerkms; do \
+ useradd -g ranger -ms /bin/bash $u; \
+ done
+
+RUN groupadd hadoop \
+ && for u in hdfs yarn hive hbase kafka ozone; do \
+ useradd -g hadoop -ms /bin/bash $u; \
+ done
+
+RUN groupadd knox \
+ && useradd -g knox -ms /bin/bash knox
+
+# setup directories
+RUN mkdir -p /home/ranger/dist /home/ranger/scripts /opt/ranger && \
+ chown -R ranger:ranger /home/ranger /opt/ranger && \
+ chmod +rx /home/ranger /home/ranger/dist /home/ranger/scripts
+
+ENTRYPOINT [ "/bin/bash" ]
diff --git a/docker/README.md b/docker/README.md
new file mode 100644
index 0000000..50dc913
--- /dev/null
+++ b/docker/README.md
@@ -0,0 +1,24 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+# Apache Ranger Base Image
+
+This directory contains utilities for ranger docker base image development,
base images are the underlying images used to run and test Apache Ranger in
Docker containers.
+
+Images come in multiple flavors: `jdk8` and `jdk11` and `jdk17` and for
multiple arch: `linux/arm64` and `linux/amd64`.
+
+Docker base images are published to [Docker
Hub](https://hub.docker.com/r/apache/ranger-base) and
[GitHub](https://github.com/apache/ranger-tools/pkgs/container/ranger-base).
diff --git a/docker/build.sh b/docker/build.sh
new file mode 100755
index 0000000..51890e8
--- /dev/null
+++ b/docker/build.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -u -o pipefail
+
+docker build \
+ --build-arg RANGER_BASE_JAVA_VERSION \
+ -t apache/ranger-base:dev \
+ "$@" - < Dockerfile
