TPA-708: merge tpaexec-ee repo to tpa-internal

Change to the github workflow that builds tpa-ee docker image to use the
new folders (tpa-ee/aap24/{rhel,alpine})instead of tpaexec-ee

Changes to the execution-environment.yml files to be used from their new
location

Changes to dockerignore file to reduce weight of docker image

Changes to the script.sh that was not being actively used, it now can be
used to generate an image for both base-image.

Add README.md files to give user more information about the usage of
these files.

.dockerignore

@@ -1 +1,33 @@
+.git
+requirements*.in
+requirements
+*.pyc
+.env
+.tox
+.coverage
+nosetests.xml
+coverage.xml
+*.log
+.git
+.github
+tox.ini
+sonar-project.properties
+runtime.txt
+pyrightconfig.json
+Dockerfile
+.yamllint.yaml
+.prospector.yaml
+.idea
+.gitignore
+.gitattributes
+.git-ignore-revs
+.editorconfig
+.dockerignore
+.coveragerc
+.ansible-lint
+.actrc
+docs
+tpa-ee
 tpa-venv
+relnotes
+release_notes

.github/workflows/ee-build.yml

@@ -14,14 +14,14 @@ on:
         description: "environment file to use"
         type: string
         required: true
-        default: "tpa-exec-ee.yml"
-      tpaexec-ee-ref:
-        description: "ref used for tpaexec-ee repo"
+        default: "execution-environment.yml"
+      base-image:
+        description: "base image (rhel, alpine)"
         type: choice
-        default: AAP24
+        default: RHEL
         options:
-        - AAP24
-        - AAP24-alpine
+        - RHEL
+        - Alpine
       tpa-internal-ref:
         description: "ref used for tpa-internal repo"
         type: string
@@ -35,37 +35,30 @@ jobs:
   Build:
     name: Build the Execution Environment
     runs-on: ubuntu-22.04
+    defaults:
+      run:
+        working-directory: ./tpa-ee/aap24/${{ github.event.inputs.base-image == 'RHEL' && 'rhel' || 'alpine' }}
     env:
-      IMAGE_NAME: ${{ github.event.inputs.tpaexec-ee-ref == 'AAP24' && 'tpa-ee' || 'tpa-ee-alpine' }}
+      IMAGE_NAME: ${{ github.event.inputs.base-image == 'RHEL' && 'tpa-ee' || 'tpa-ee-alpine' }}
     steps:
 
-    # checkout tpaexec-ee repo holding the build files
-    - name: Checkout tpaexec-ee
-      id: checkout-tpaexec-ee
-      uses: actions/checkout@v4
-      with:
-        repository: EnterpriseDB/tpaexec-ee
-        ref: ${{ github.event.inputs.tpaexec-ee-ref }}
-        token: ${{secrets.GH_SLONIK}}
-
     # checkout tpa-internal required to build the EE
     - name: Checkout tpa-internal
       id: checkout-tpa-internal
       uses: actions/checkout@v4
       with:
         repository: EnterpriseDB/tpa-internal
         token: ${{secrets.GH_SLONIK}}
-        path: 'tpa-internal'
         ref: ${{ github.event.inputs.tpa-internal-ref || github.ref }}
 
     # setup python
     - name: setup python
-      uses: ./tpa-internal/.github/actions/install-requirements
+      uses: ./.github/actions/install-requirements
 
     # install requirements needed for build
     - name: Install python build requirements
       run: |
-        python3 -m pip install -r build-requirements.txt
+        python3 -m pip install -r ../build-requirements.txt
       shell: bash
 
     # verify build environment
@@ -79,7 +72,7 @@ jobs:
 
     # login to redhat registry to pull minimal EE image on redhat9
     - name: Login to RedHat Container Registry
-      if: ${{ github.event.inputs.tpaexec-ee-ref == 'AAP24' }}
+      if: ${{ github.event.inputs.base-image == 'RHEL' }}
       uses: docker/login-action@v3
       with:
         registry: registry.redhat.io
@@ -100,13 +93,16 @@ jobs:
         --container-runtime docker \
         --tag ghcr.io/enterprisedb/tpa/${{ env.IMAGE_NAME }}:${{ github.event.inputs.tag }} \
         -f ${{ github.event.inputs.environment_file }} \
-        -c . --verbosity 3 --no-cache
+        -c ../../../ \
+        --verbosity 3 \
+        --no-cache \
+        --squash new
 
     - name: Archive build folder
       uses: actions/upload-artifact@v4
       with:
         name: build_artifact
-        path: .
+        path: ./tpa-ee/aap24/${{ github.event.inputs.base-image == 'RHEL' && 'rhel' || 'alpine' }}
 
     - name: Push to ghcr.io/enterprisedb/tpa
       run: |

.gitignore

@@ -234,3 +234,7 @@ coverage-reports/
 lib/tests/config/*
 requirements-dev.in
 requirements-dev.txt
+
+#execution environment venv
+tpa-ee/aap24/build-venv/
+_build

Dockerfile

@@ -1,63 +1,83 @@
-# © Copyright EnterpriseDB UK Limited 2015-2024 - All rights reserved.
-
-# Build this container image like this
-#
-#  docker build -t tpaexec:$(git describe --tags) -t tpaexec:latest .
-
-# To use the container image, create a shell alias like this
-#
-#   alias tpaexec="docker run --rm -v $PWD:/work -v $HOME/.git:/root/.git -v $HOME/.gitconfig:/root/.gitconfig \
-#      -v /var/run/docker.sock:/var/run/docker.sock \
-#      -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) tpaexec"
-#
-# Then run commands like this
-#
-#   tpaexec configure cluster -a M1 --postgresql 15 --failover-manager patroni --platform docker
-#   tpaexec deploy cluster
-
-FROM debian:bookworm-slim
-
-LABEL maintainer="EDB <[email protected]>"
-
-# Copy tpaexec sources from the current directory into the image
-ENV TPA_DIR=/opt/EDB/TPA
-
-COPY . ${TPA_DIR}
-
-# Set up repositories and install packages, including the Docker CE CLI
-# (https://docs.docker.com/engine/install/debian/).
-
-RUN apt-get -y update && \
-    apt-get -y install --no-install-recommends \
-      curl gnupg apt-transport-https \
-      python3 python3-dev python3-pip python3-venv \
-      openvpn patch git gcc && \
-    curl -fsSL https://download.docker.com/linux/debian/gpg >/etc/apt/trusted.gpg.d/docker.asc && \
-    codename=$(awk -F= '/VERSION_CODENAME/{print $2}' /etc/os-release) && \
-    arch=$(dpkg --print-architecture) && \
-    echo "deb [arch=$arch] https://download.docker.com/linux/debian $codename stable" \
-      >/etc/apt/sources.list.d/docker.list && \
-    apt-get -y update && \
-    apt-get -y install --no-install-recommends docker-ce-cli && \
-    \
-    # run `tpaexec setup` to complete the installation, and then `tpaexec selftest` to verify it. \
-    \
-    ln -sf ${TPA_DIR}/bin/tpaexec /usr/local/bin && \
-    mkdir /opt/2ndQuadrant/ && \
-    ln -sf ${TPA_DIR} /opt/2ndQuadrant/TPA && \
-    tpaexec setup --use-community-ansible && \
-    tpaexec selftest && \
-    (cd "${TPA_DIR}" && git describe --tags >VERSION) && \
-    \
-    # Clean up unnecessary files and packages \
-    \
-    rm -rf ${TPA_DIR}/.[a-z]* && \
-    apt purge -y gcc python3-dev python3-pip python3-venv build-essential && \
-    apt autoremove -y && \
-    apt autoclean -y && \
-    apt clean -y && \
-    rm -rf /var/cache/apt /var/lib/apt/lists
-
-WORKDIR /work
-CMD ["--help"]
-ENTRYPOINT ["/opt/EDB/TPA/entrypoint.sh"]
+ARG EE_BASE_IMAGE="registry.redhat.io/ansible-automation-platform-24/ee-minimal-rhel9:latest"
+ARG PYCMD="/usr/bin/python3"
+ARG PKGMGR_PRESERVE_CACHE=""
+ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS=""
+ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS=""
+ARG PKGMGR="/usr/bin/microdnf"
+
+# Base build stage
+FROM $EE_BASE_IMAGE as base
+USER root
+ARG EE_BASE_IMAGE
+ARG PYCMD
+ARG PKGMGR_PRESERVE_CACHE
+ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS
+ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS
+ARG PKGMGR
+
+RUN $PYCMD -m ensurepip
+COPY _build/scripts/ /output/scripts/
+COPY _build/scripts/entrypoint /opt/builder/bin/entrypoint
+
+# Galaxy build stage
+FROM base as galaxy
+ARG EE_BASE_IMAGE
+ARG PYCMD
+ARG PKGMGR_PRESERVE_CACHE
+ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS
+ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS
+ARG PKGMGR
+
+RUN /output/scripts/check_galaxy
+COPY _build /build
+WORKDIR /build
+
+RUN ansible-galaxy role install $ANSIBLE_GALAXY_CLI_ROLE_OPTS -r requirements.yml --roles-path "/usr/share/ansible/roles"
+RUN ANSIBLE_GALAXY_DISABLE_GPG_VERIFY=1 ansible-galaxy collection install $ANSIBLE_GALAXY_CLI_COLLECTION_OPTS -r requirements.yml --collections-path "/usr/share/ansible/collections"
+
+# Builder build stage
+FROM base as builder
+WORKDIR /build
+ARG EE_BASE_IMAGE
+ARG PYCMD
+ARG PKGMGR_PRESERVE_CACHE
+ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS
+ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS
+ARG PKGMGR
+
+RUN $PYCMD -m pip install --no-cache-dir bindep pyyaml requirements-parser
+
+COPY --from=galaxy /usr/share/ansible /usr/share/ansible
+
+COPY _build/requirements.txt requirements.txt
+RUN $PYCMD /output/scripts/introspect.py introspect --sanitize --user-pip=requirements.txt --write-bindep=/tmp/src/bindep.txt --write-pip=/tmp/src/requirements.txt
+RUN /output/scripts/assemble
+
+# Final build stage
+FROM base as final
+ARG EE_BASE_IMAGE
+ARG PYCMD
+ARG PKGMGR_PRESERVE_CACHE
+ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS
+ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS
+ARG PKGMGR
+
+RUN /output/scripts/check_ansible $PYCMD
+
+COPY --from=galaxy /usr/share/ansible /usr/share/ansible
+
+COPY --from=builder /output/ /output/
+RUN /output/scripts/install-from-bindep && rm -rf /output/wheels
+RUN chmod ug+rw /etc/passwd
+RUN mkdir -p /runner && chgrp 0 /runner && chmod -R ug+rwx /runner
+WORKDIR /runner
+RUN $PYCMD -m pip install --no-cache-dir 'dumb-init==1.2.5'
+RUN mkdir -p /opt/EDB/TPA
+RUN ls . -als
+COPY . /opt/EDB/TPA
+ENV PYTHONPATH="${PYTHONPATH:+${PYTHONPATH}:}/opt/EDB/TPA/lib"
+RUN rm -rf /output
+LABEL ansible-execution-environment=true
+USER 1000
+ENTRYPOINT ["/opt/builder/bin/entrypoint", "dumb-init"]
+CMD ["bash"]

tpa-ee/aap24/alpine/README.md

@@ -0,0 +1,46 @@
+# Generate a RhedHat based TPA compatible Execution environment Image
+
+## the objective
+
+The objective is to generate an execution environment containing all the requirement
+for TPA to run deployments of bare platform using Ansible Automation Platform 2.4.
+
+The basic requirements to achieve this are:
+
+- python 3.19 installed and configured
+- ansible-runner
+- ansible-core-2.15
+- TPA source code at the correct tag reference (matching the version you have installed or plan on using on your workstation).
+
+## python:3.9-alpine3.19 as base image
+
+python 3.9 pre-installed and configured.
+smallest and most up to date security wise.
+
+## requirements
+
+Building an execution image requires the following environment:
+
+python
+ansible-builder
+ansible-navigator
+
+
+## environment file
+
+tpa-exec-ee.yml
+
+## .dockerignore file
+
+lists files part of TPA repo that is not required for the EE image
+
+## Build the image
+
+build.sh script
+
+```bash
+./build.sh --tag registry_address/namespace/tpa-ee:vA.B.C
+```
+
+
+

tpa-ee/aap24/alpine/execution-environment.yml

@@ -0,0 +1,36 @@
+#build_arg_defaults:
+#  # redhat minimal EE image using redhat9 and ansible-core 2.15
+#  EE_BASE_IMAGE: 'registry.redhat.io/ansible-automation-platform-24/ee-minimal-rhel9:latest'
+#  # redhat EE image + redhat supported collections using redhat9 and ansible-core 2.15
+#  #EE_BASE_IMAGE: 'registry.redhat.io/ansible-automation-platform-24/ee-supported-rhel9:latest'
+#  # redhat EE image  using redhat8 and ansible-core 2.9
+#  #EE_BASE_IMAGE: 'registry.redhat.io/ansible-automation-platform-24/ee-29-rhel8:latest'
+
+version: 3
+images:
+  base_image:
+    name: 'python:3.9-alpine3.19'
+dependencies:
+  python_interpreter:
+    python_path: /usr/local/bin/python3
+  ansible_core:
+    package_pip: ansible-core==2.15.*
+  ansible_runner:
+    package_pip: ansible-runner
+  python: ../../../requirements-aap.txt
+  galaxy: ../../../collections/requirements.yml
+options:
+  package_manager_path: /sbin/apk
+build_arg_defaults:
+  PKGMGR_PRESERVE_CACHE: 'always'
+additional_build_steps:
+  prepend_base:
+   - RUN $PKGMGR upgrade && $PKGMGR add bash openssh gcc build-base linux-headers libexpat && $PKGMGR cache clean && rm -f /var/cache/apk/*
+   - RUN $PYCMD -m pip install --upgrade pip
+
+  append_final:
+   - RUN mkdir -p /opt/EDB/TPA
+   - COPY . /opt/EDB/TPA
+   - ENV PYTHONPATH="${PYTHONPATH:+${PYTHONPATH}:}/opt/EDB/TPA/lib"
+   - RUN $PKGMGR cache clean && rm -f /var/cache/apk/*
+   - RUN $PYCMD -m pip cache purge

tpa-ee/aap24/build-requirements.in

@@ -0,0 +1,3 @@
+ansible-navigator
+ansible-builder
+