From ba98d5a5a48037ecb238641b93e64b329ba11d9e Mon Sep 17 00:00:00 2001 From: "ryan.kuba" Date: Thu, 8 Sep 2022 13:40:13 -0400 Subject: [PATCH] KASM-3188 adding vivaldi image along with new array for multi build jobs as we hit the 50 job gitlab limit --- .gitlab-ci.yml | 107 +++++++++++++++++- dockerfile-kasm-vivaldi | 47 ++++++++ docs/vivaldi/README.md | 14 +++ docs/vivaldi/description.txt | 1 + src/ubuntu/install/vivaldi/custom_startup.sh | 84 ++++++++++++++ src/ubuntu/install/vivaldi/install_vivaldi.sh | 49 ++++++++ 6 files changed, 299 insertions(+), 3 deletions(-) create mode 100644 dockerfile-kasm-vivaldi create mode 100644 docs/vivaldi/README.md create mode 100644 docs/vivaldi/description.txt create mode 100644 src/ubuntu/install/vivaldi/custom_startup.sh create mode 100644 src/ubuntu/install/vivaldi/install_vivaldi.sh diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b78790a..407ed0d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -4,7 +4,7 @@ services: variables: DOCKER_AUTH_CONFIG: ${_DOCKER_AUTH_CONFIG} PLATFORM: "linux/amd64" - ARM_BUILDS: ",chromium,firefox,gimp,rdesktop,remmina,terminal,ubuntu-bionic-desktop,ubuntu-focal-desktop,ubuntu-jammy-desktop,vlc,vs-code,doom,sublime-text,tor-browser,java-dev,telegram,opensuse-15-desktop,oracle-8-desktop,libre-office,thunderbird,audacity,deluge,filezilla,inkscape,pinta,qbittorrent," + ARM_BUILDS: ",chromium,firefox,gimp,rdesktop,remmina,terminal,ubuntu-bionic-desktop,ubuntu-focal-desktop,ubuntu-jammy-desktop,vlc,vs-code,doom,sublime-text,tor-browser,java-dev,telegram,opensuse-15-desktop,oracle-8-desktop,libre-office,thunderbird,audacity,deluge,filezilla,inkscape,pinta,qbittorrent,vivaldi," CORE_IMAGE_TAG: "develop" CORE_IMAGE: "core-ubuntu-focal" USE_PRIVATE_IMAGES: 0 @@ -37,6 +37,9 @@ variables: - vlc - vs-code +.MULTI_ARCH_BUILDS2: &MULTI_ARCH_BUILDS2 + - vivaldi + .SINGLE_ARCH_BUILDS: &SINGLE_ARCH_BUILDS - atom - blender @@ -104,7 +107,7 @@ build_browser_images: - aws-autoscale parallel: matrix: - - KASM_IMAGE: [chrome, chromium, firefox, firefox-mobile, tor-browser, edge, brave] + - KASM_IMAGE: [chrome, chromium, firefox, firefox-mobile, tor-browser, edge, brave, vivaldi] build_app_images: stage: build @@ -235,6 +238,39 @@ build_multi_arch_dev: - TAG: [ aws-autoscale, aws-autoscale-arm64 ] KASM_IMAGE: *MULTI_ARCH_BUILDS +build_multi_arch_dev2: + stage: build + image: ${ORG_NAME}/docker-buildx-private:develop + script: + # Ensure readme and description files are present + - ls docs/$KASM_IMAGE/README.md + - ls docs/$KASM_IMAGE/description.txt + # Set core image names + - if [[ $KASM_IMAGE =~ 'centos-7-desktop' ]]; then CORE_IMAGE=core-centos-7; fi + - if [[ $KASM_IMAGE =~ 'tracelabs' ]]; then CORE_IMAGE=core-kali-rolling; fi + - if [[ $KASM_IMAGE =~ 'oracle-7-desktop' ]]; then CORE_IMAGE=core-oracle-7; fi + - if [[ $KASM_IMAGE =~ 'oracle-8-desktop' ]]; then CORE_IMAGE=core-oracle-8; fi + - if [[ $KASM_IMAGE =~ 'opensuse-15-desktop' ]]; then CORE_IMAGE=core-opensuse-15; fi + - if [[ $KASM_IMAGE =~ 'ubuntu-jammy-desktop' ]]; then CORE_IMAGE=core-ubuntu-jammy; fi + # Check for private variable to build against private core images + - if [[ $USE_PRIVATE_IMAGES -eq 1 ]]; then CORE_IMAGE=$CORE_IMAGE-private; fi; + - > + docker build + -t ${ORG_NAME}/$KASM_IMAGE-private:$(arch)-$SANITIZED_BRANCH + --build-arg BASE_IMAGE=$CORE_IMAGE + --build-arg BASE_TAG=$CORE_IMAGE_TAG + -f dockerfile-kasm-$KASM_IMAGE . + - docker push ${ORG_NAME}/$KASM_IMAGE-private:$(arch)-$SANITIZED_BRANCH + except: + - develop + - /^release\/.*$/ + tags: + - ${TAG} + parallel: + matrix: + - TAG: [ aws-autoscale, aws-autoscale-arm64 ] + KASM_IMAGE: *MULTI_ARCH_BUILDS2 + build_single_arch_dev: stage: build image: ${ORG_NAME}/docker-buildx-private:develop @@ -298,6 +334,37 @@ test_multi_arch_dev: - TAG: [ aws-autoscale, aws-autoscale-arm64 ] KASM_IMAGE: *MULTI_ARCH_BUILDS +test_multi_arch_dev2: + stage: test + script: + - docker pull kasmweb/kasm-tester:1.11.0 + - > + docker run --rm --privileged + -e KASM_PORT=443 + -e KASM_PATH=/opt/kasm + -e KASM_PASSWORD=password123 + -e PUID=1000 + -e DOCKERUSER=$DOCKER_HUB_USERNAME + -e DOCKERPASS=$DOCKER_HUB_PASSWORD + -e TEST_IMAGE="${ORG_NAME}/${KASM_IMAGE}-private:$(arch)-$SANITIZED_BRANCH" + -e TEST_WEBFILTER="false" + -e AWS_KEY=${KASM_TEST_AWS_KEY} + -e AWS_SECRET="${KASM_TEST_AWS_SECRET}" + -e SLACK_TOKEN=${SLACK_TOKEN} + -e S3_BUCKET=kasm-ci + -e COMMIT=${CI_COMMIT_SHA} + -e REPO=workspaces-images + kasmweb/kasm-tester:1.11.0 + except: + - develop + - /^release\/.*$/ + tags: + - ${TAG} + parallel: + matrix: + - TAG: [ aws-autoscale, aws-autoscale-arm64 ] + KASM_IMAGE: *MULTI_ARCH_BUILDS2 + test_single_arch_dev: stage: test script: @@ -346,6 +413,24 @@ manifest_dev: matrix: - KASM_IMAGE: *MULTI_ARCH_BUILDS +manifest_dev2: + stage: manifest + script: + - docker pull ${ORG_NAME}/${KASM_IMAGE}-private:x86_64-$SANITIZED_BRANCH + - docker pull ${ORG_NAME}/${KASM_IMAGE}-private:aarch64-$SANITIZED_BRANCH + - "docker manifest push --purge ${ORG_NAME}/${KASM_IMAGE}-private:$SANITIZED_BRANCH || :" + - docker manifest create ${ORG_NAME}/${KASM_IMAGE}-private:$SANITIZED_BRANCH ${ORG_NAME}/${KASM_IMAGE}-private:x86_64-$SANITIZED_BRANCH ${ORG_NAME}/${KASM_IMAGE}-private:aarch64-$SANITIZED_BRANCH + - docker manifest annotate ${ORG_NAME}/${KASM_IMAGE}-private:$SANITIZED_BRANCH ${ORG_NAME}/${KASM_IMAGE}-private:aarch64-$SANITIZED_BRANCH --os linux --arch arm64 --variant v8 + - docker manifest push --purge ${ORG_NAME}/${KASM_IMAGE}-private:$SANITIZED_BRANCH + except: + - develop + - /^release\/.*$/ + tags: + - aws-autoscale + parallel: + matrix: + - KASM_IMAGE: *MULTI_ARCH_BUILDS2 + link_tests_single_arch_dev: stage: linktests script: @@ -375,6 +460,21 @@ link_tests_multi_arch_dev: - ARCH: [ aarch64, x86_64 ] KASM_IMAGE: *MULTI_ARCH_BUILDS +link_tests_multi_arch_dev2: + stage: linktests + script: + - apk add curl + - STATUS=$(curl -sL https://kasm-ci.s3.amazonaws.com/${CI_COMMIT_SHA}/${ARCH}/kasmweb/${KASM_IMAGE}-private/${ARCH}-${SANITIZED_BRANCH}/ci-status.yml | awk -F'"' '{print $2}') + - if [ "${STATUS}" == "PASS" ]; then STATE=success; else STATE=failed; fi; + - curl --request POST --header "PRIVATE-TOKEN:${GITLAB_API_TOKEN}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/statuses/${CI_COMMIT_SHA}?state=${STATE}&name=${KASM_IMAGE}-private_${ARCH}&target_url=https://kasm-ci.s3.amazonaws.com/${CI_COMMIT_SHA}/${ARCH}/kasmweb/${KASM_IMAGE}-private/${ARCH}-${SANITIZED_BRANCH}/index.html" + except: + - develop + - /^release\/.*$/ + parallel: + matrix: + - ARCH: [ aarch64, x86_64 ] + KASM_IMAGE: *MULTI_ARCH_BUILDS2 + # These jobs are for the "rolling" release of the images. They should only run for scheduled jobs and should only push the rolling tags build_schedules_browser_images: image: ${ORG_NAME}/docker-buildx-private:develop @@ -402,7 +502,7 @@ build_schedules_browser_images: - aws-autoscale parallel: matrix: - - KASM_IMAGE: [chrome, chromium, firefox, firefox-mobile, tor-browser, edge, brave] + - KASM_IMAGE: [chrome, chromium, firefox, firefox-mobile, tor-browser, edge, brave, vivaldi] build_schedules_app_images: image: ${ORG_NAME}/docker-buildx-private:develop @@ -573,6 +673,7 @@ update_readmes: - ubuntu-focal-dind - ubuntu-focal-dind-rootless - unityhub + - vivaldi - vlc - vs-code - zoom diff --git a/dockerfile-kasm-vivaldi b/dockerfile-kasm-vivaldi new file mode 100644 index 0000000..8f15bdb --- /dev/null +++ b/dockerfile-kasm-vivaldi @@ -0,0 +1,47 @@ +ARG BASE_TAG="develop" +ARG BASE_IMAGE="core-ubuntu-focal" +FROM kasmweb/$BASE_IMAGE:$BASE_TAG +USER root + +ENV HOME /home/kasm-default-profile +ENV STARTUPDIR /dockerstartup +ENV INST_SCRIPTS $STARTUPDIR/install +WORKDIR $HOME + +######### Customize Container Here ########### + + +# Install Vivaldi +COPY ./src/ubuntu/install/vivaldi $INST_SCRIPTS/vivaldi/ +RUN bash $INST_SCRIPTS/vivaldi/install_vivaldi.sh && rm -rf $INST_SCRIPTS/vivaldi/ + +# Update the desktop environment to be optimized for a single application +RUN cp $HOME/.config/xfce4/xfconf/single-application-xfce-perchannel-xml/* $HOME/.config/xfce4/xfconf/xfce-perchannel-xml/ +RUN cp /usr/share/extra/backgrounds/bg_kasm.png /usr/share/extra/backgrounds/bg_default.png +RUN apt-get remove -y xfce4-panel + +# Setup the custom startup script that will be invoked when the container starts +#ENV LAUNCH_URL http://kasmweb.com + +COPY ./src/ubuntu/install/vivaldi/custom_startup.sh $STARTUPDIR/custom_startup.sh +RUN chmod +x $STARTUPDIR/custom_startup.sh + +# Install Custom Certificate Authority +# COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/ +# RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/ + +ENV KASM_RESTRICTED_FILE_CHOOSER=1 +COPY ./src/ubuntu/install/gtk/ $INST_SCRIPTS/gtk/ +RUN bash $INST_SCRIPTS/gtk/install_restricted_file_chooser.sh + + +######### End Customizations ########### + +RUN chown 1000:0 $HOME +RUN $STARTUPDIR/set_user_permission.sh $HOME + +ENV HOME /home/kasm-user +WORKDIR $HOME +RUN mkdir -p $HOME && chown -R 1000:0 $HOME + +USER 1000 diff --git a/docs/vivaldi/README.md b/docs/vivaldi/README.md new file mode 100644 index 0000000..fd3fbe0 --- /dev/null +++ b/docs/vivaldi/README.md @@ -0,0 +1,14 @@ +# About This Image + +This Image contains a browser-accessible version of [Vivaldi](https://vivaldi.com/). + +![Screenshot][Image_Screenshot] + +[Image_Screenshot]: https://5856039.fs1.hubspotusercontent-na1.net/hubfs/5856039/dockerhub/vivaldi.png "Image Screenshot" + +# Environment Variables + +* `LAUNCH_URL` - The default URL the browser launches to when created. +* `APP_ARGS` - Additional arguments to pass to the browser when launched. +* `KASM_RESTRICTED_FILE_CHOOSER` - Confine "File Upload" and "File Save" + dialogs to ~/Desktop. On by default. diff --git a/docs/vivaldi/description.txt b/docs/vivaldi/description.txt new file mode 100644 index 0000000..96cb634 --- /dev/null +++ b/docs/vivaldi/description.txt @@ -0,0 +1 @@ +Vivaldi for Kasm Workspaces diff --git a/src/ubuntu/install/vivaldi/custom_startup.sh b/src/ubuntu/install/vivaldi/custom_startup.sh new file mode 100644 index 0000000..e7aed7f --- /dev/null +++ b/src/ubuntu/install/vivaldi/custom_startup.sh @@ -0,0 +1,84 @@ +#!/usr/bin/env bash +set -ex +START_COMMAND="vivaldi" +PGREP="vivaldi" +MAXIMIZE="true" +DEFAULT_ARGS="" + +if [[ $MAXIMIZE == 'true' ]] ; then + DEFAULT_ARGS+=" --start-maximized" +fi +ARGS=${APP_ARGS:-$DEFAULT_ARGS} + +options=$(getopt -o gau: -l go,assign,url: -n "$0" -- "$@") || exit +eval set -- "$options" + +while [[ $1 != -- ]]; do + case $1 in + -g|--go) GO='true'; shift 1;; + -a|--assign) ASSIGN='true'; shift 1;; + -u|--url) OPT_URL=$2; shift 2;; + *) echo "bad option: $1" >&2; exit 1;; + esac +done +shift + +# Process non-option arguments. +for arg; do + echo "arg! $arg" +done + +FORCE=$2 + +kasm_exec() { + if [ -n "$OPT_URL" ] ; then + URL=$OPT_URL + elif [ -n "$1" ] ; then + URL=$1 + fi + + # Since we are execing into a container that already has the browser running from startup, + # when we don't have a URL to open we want to do nothing. Otherwise a second browser instance would open. + if [ -n "$URL" ] ; then + /usr/bin/filter_ready + /usr/bin/desktop_ready + $START_COMMAND $ARGS $OPT_URL + else + echo "No URL specified for exec command. Doing nothing." + fi +} + +kasm_startup() { + if [ -n "$KASM_URL" ] ; then + URL=$KASM_URL + elif [ -z "$URL" ] ; then + URL=$LAUNCH_URL + fi + + if [ -z "$DISABLE_CUSTOM_STARTUP" ] || [ -n "$FORCE" ] ; then + + echo "Entering process startup loop" + set +x + while true + do + if ! pgrep -x $PGREP > /dev/null + then + /usr/bin/filter_ready + /usr/bin/desktop_ready + set +e + $START_COMMAND $ARGS $URL + set -e + fi + sleep 1 + done + set -x + + fi + +} + +if [ -n "$GO" ] || [ -n "$ASSIGN" ] ; then + kasm_exec +else + kasm_startup +fi diff --git a/src/ubuntu/install/vivaldi/install_vivaldi.sh b/src/ubuntu/install/vivaldi/install_vivaldi.sh new file mode 100644 index 0000000..bae318c --- /dev/null +++ b/src/ubuntu/install/vivaldi/install_vivaldi.sh @@ -0,0 +1,49 @@ +#!/usr/bin/env bash +set -ex + +VIVALDI_ARGS="--password-store=basic --no-sandbox --ignore-gpu-blocklist --user-data-dir --no-first-run --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" + +# Install Vivaldi (Ubuntu) +wget -qO- https://repo.vivaldi.com/archive/linux_signing_key.pub | gpg --dearmor > /usr/share/keyrings/vivaldi-browser.gpg +echo "deb [signed-by=/usr/share/keyrings/vivaldi-browser.gpg arch=$(dpkg --print-architecture)] https://repo.vivaldi.com/archive/deb/ stable main" > /etc/apt/sources.list.d/vivaldi-archive.list +apt-get update && apt-get install -y vivaldi-stable +/opt/vivaldi/update-ffmpeg + +# Add Desktop Icon +cp /usr/share/applications/vivaldi-stable.desktop $HOME/Desktop/ +chown 1000:1000 $HOME/Desktop/vivaldi-stable.desktop + +# Use wrapper to launch application +mv /opt/vivaldi/vivaldi /opt/vivaldi/vivaldi-orig +cat >/opt/vivaldi/vivaldi <>/usr/bin/x-www-browser <>/etc/opt/chrome/policies/managed/default_managed_policy.json <