This directory contains scripts to build, test, push and promote docker image for kafka. All of the steps can be either performed locally or by using Github Actions.
branch
.Make sure the DOCKERHUB_USER
and DOCKERHUB_TOKEN
secrets are added and made available to Github Actions in Github Repository settings. This is required for pushing the docker image.
This is the recommended way to build, test and get a CVE report for the docker image.
Just choose the image type and provide kafka url to Docker Build Test
workflow. It will generate a test report and CVE report that can be shared with the community.
kafka-url - This is the url to download kafka tarball from. For example kafka tarball url from (https://archive.apache.org/dist/kafka). For building RC image this will be an RC tarball url.
image-type - This is the type of image that we intend to build. This will be dropdown menu type selection in the workflow. jvm
image type is for official docker image (to be hosted on apache/kafka) as described in KIP-975
Example:- To build and test a jvm image type ensuring kafka to be containerised should be https://archive.apache.org/dist/kafka/3.6.0/kafka_2.13-3.6.0.tgz (it is recommended to use scala 2.13 binary tarball), following inputs in github actions workflow are recommended.
image_type: jvm kafka_url: https://archive.apache.org/dist/kafka/3.6.0/kafka_2.13-3.6.0.tgz
Build and Push Release Candidate Docker Image
Github Actions Workflow.image_type
and provide kafka_url
that needs to be containerised in the rc_docker_image
that will be pushed to github.image_type: jvm kafka_url: https://archive.apache.org/dist/kafka/3.6.0/kafka_2.13-3.6.0.tgz rc_docker_image: apache/kafka:3.6.0-rc0
Promote Release Candidate Docker Image
Github Actions Workflow.rc_docker_image
) that you want to promote and where it needs to be pushed to (promoted_docker_image
), i.e. the final docker image release.rc_docker_image: apache/kafka:3.6.0-rc0 promoted_docker_image: apache/kafka:3.6.0
Docker Image CVE Scanner
Github Action Workflow (present in .github/workflows/docker_scan.yml
) will run nightly CVE scans and generate reports for docker image tags mentioned in the supported_image_tag
array.For supporting apache/kafka:3.6.0, apache/kafka:latest and apache/kafka:3.7.0-rc0, supported_image_tag array should be supported_image_tag: ['3.6.0', 'latest', '3.7.0-rc0']
For supporting apache/kafka:3.6.1, apache/kafka:latest and apache/kafka:3.7.0-rc1, tag array should be supported_image_tag: ['3.6.1', 'latest', '3.7.0-rc1']
Make sure you have python (>= 3.7.x) and java (>= 17) (java needed only for running tests) installed before running the tests and scripts.
Run pip install -r requirements.txt
to get all the requirements for running the scripts.
Make sure you have docker installed with support for buildx enabled. (For pushing multi-architecture image to docker registry)
docker_build_test.py
script builds and tests the docker image.python docker_build_test.py --help
.--build
(or -b
) flag and if you only want to test the given image pass --test
(or -t
) flag.python docker_build_test.py kafka/test --image-tag=3.6.0 --image-type=jvm --kafka-url=https://archive.apache.org/dist/kafka/3.6.0/kafka_2.13-3.6.0.tgz
docker_release.py
script builds a multi-architecture image and pushes it to provided docker registry.<registry>/<namespace>/<image_name>:<image_tag>
) and type is needed to build the image. For detailed usage description check python docker_release.py --help
.# kafka/test is an example repo. Please replace with the docker hub repo you have push access to. python docker_release.py kafka/test:3.6.0 --kafka-url https://archive.apache.org/dist/kafka/3.6.0/kafka_2.13-3.6.0.tgz
# Ensure docker buildx is enabled in your system and you have access to apache/kafka docker buildx imagetools create --tag apache/kafka:3.6.0 apache/kafka:3.6.0-rc0
Please check this for usage guide of the docker image.