From df6cc16f8be4a66bcb85724df1a60eabdac49ca5 Mon Sep 17 00:00:00 2001 From: Hornwitser Date: Mon, 29 Jul 2024 00:10:36 +0200 Subject: [PATCH 1/5] Add ansible to builder image --- Dockerfile | 12 ++++++++++++ Readme.md | 1 + 2 files changed, 13 insertions(+) diff --git a/Dockerfile b/Dockerfile index d268858..6c1226e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,6 +4,7 @@ ARG KUBE_RELEASE=v1.30.2 ARG YQ_VERSION=v4.44.2 ARG NODE_VERSION=20.x ARG PNPM_VERSION=v9.5.0 +ARG UBUNTU_CODENAME=jammy RUN set -eux; \ apt-get update; \ @@ -11,9 +12,18 @@ RUN set -eux; \ ca-certificates \ curl \ git \ + gpg \ openssh-client \ ; \ install -m 0755 -d /etc/apt/keyrings; \ + curl -sSL "https://keyserver.ubuntu.com/pks/lookup?fingerprint=on&op=get&search=0x6125E2A8C77F2818FB7BD15B93C4A3FD7BB9C367" \ + > /etc/apt/keyrings/ansible.asc \ + ; \ + echo \ + "deb [signed-by=/etc/apt/keyrings/ansible.asc] \ + http://ppa.launchpad.net/ansible/ansible/ubuntu \ + $UBUNTU_CODENAME main" \ + > /etc/apt/sources.list.d/ansible.list; \ curl -sSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc; \ chmod a+r /etc/apt/keyrings/docker.asc; \ echo \ @@ -23,6 +33,7 @@ RUN set -eux; \ > /etc/apt/sources.list.d/docker.list; \ apt-get update; \ apt-get install -y --no-install-recommends \ + ansible \ docker-ce-cli \ docker-buildx-plugin \ docker-compose-plugin \ @@ -41,5 +52,6 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* # References: +# - ansible: https://docs.ansible.com/ansible/latest/installation_guide/installation_distros.html#installing-ansible-on-debian # - docker: https://docs.docker.com/engine/install/debian/#install-from-a-package # - node: https://github.com/nodesource/distributions#installation-instructions-deb diff --git a/Readme.md b/Readme.md index e5d77ec..d35c954 100644 --- a/Readme.md +++ b/Readme.md @@ -4,6 +4,7 @@ Common docker image used for running application builds, CI pipelines, and deplo ## Tools included +- `ansible` - https://www.ansible.com/ - `docker` - `curl` - `git` From 5d235f2e9abd4e36b6df91bb7e05e08113aee46e Mon Sep 17 00:00:00 2001 From: Hornwitser Date: Fri, 2 Aug 2024 13:14:43 +0200 Subject: [PATCH 2/5] Avoid circular dependency in build script Use the node image and install docker onto it in the CI pipeline building the builder image to avoid a circular dependency loop of requiring the builder image in order to build it. --- .forgejo/workflows/build.yaml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/.forgejo/workflows/build.yaml b/.forgejo/workflows/build.yaml index 3635ed4..a9e6da6 100644 --- a/.forgejo/workflows/build.yaml +++ b/.forgejo/workflows/build.yaml @@ -7,8 +7,23 @@ jobs: build: runs-on: docker container: - image: sif.g100.hornwitser.no:3000/furnavia/builder:latest + image: node:20-bookworm steps: + - + name: Install docker + run: | + apt-get update + apt-get install -y --no-install-recommends ca-certificates curl git + install -m 0755 -d /etc/apt/keyrings + curl -sSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc + chmod a+r /etc/apt/keyrings/docker.asc + echo \ + "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] \ + https://download.docker.com/linux/debian \ + bookworm stable" \ + > /etc/apt/sources.list.d/docker.list + apt-get update + apt-get install -y --no-install-recommends docker-ce-cli docker-buildx-plugin docker-compose-plugin - name: Get image tags id: info From 466c9ef7be33580b2c6a14f84cf09cba9a3df046 Mon Sep 17 00:00:00 2001 From: Hornwitser Date: Fri, 2 Aug 2024 13:34:49 +0200 Subject: [PATCH 3/5] Document versions included and link to sources Add version pinned if pinned to the readme along with links to the website for each tool included. Add missing links to references used when creating the Dockerfile. --- Dockerfile | 3 +++ Readme.md | 19 ++++++++++--------- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6c1226e..2b77912 100644 --- a/Dockerfile +++ b/Dockerfile @@ -54,4 +54,7 @@ RUN set -eux; \ # References: # - ansible: https://docs.ansible.com/ansible/latest/installation_guide/installation_distros.html#installing-ansible-on-debian # - docker: https://docs.docker.com/engine/install/debian/#install-from-a-package +# - kubectl: https://kubectl.docs.kubernetes.io/installation/kubectl/binaries/ # - node: https://github.com/nodesource/distributions#installation-instructions-deb +# - pnpm: https://nodejs.org/api/corepack.html#upgrading-the-global-versions +# - yq: https://github.com/mikefarah/yq?tab=readme-ov-file#install diff --git a/Readme.md b/Readme.md index d35c954..dd1d54d 100644 --- a/Readme.md +++ b/Readme.md @@ -4,12 +4,13 @@ Common docker image used for running application builds, CI pipelines, and deplo ## Tools included -- `ansible` - https://www.ansible.com/ -- `docker` -- `curl` -- `git` -- `kubectl` -- `node` -- `pnpm` -- `ssh` -- `yq` - https://github.com/mikefarah/yq +- `ansible` latest - https://www.ansible.com/ +- `docker` latest - https://www.docker.com/ +- `curl` bookworm - https://packages.debian.org/bookworm/curl +- `git` bookworm - https://packages.debian.org/bookworm/git +- `gpg` bookworm - https://packages.debian.org/bookworm/gpg +- `kubectl` v1.30.2 - https://kubectl.docs.kubernetes.io/ +- `node` v20.x - https://nodejs.org/ +- `pnpm` v9.5.0 - https://pnpm.io/ +- `ssh` bookworm - https://packages.debian.org/bookworm/openssh-client +- `yq` v4.44.2 - https://github.com/mikefarah/yq From 402bc210aafb9270473195888abb98c313c8b2cc Mon Sep 17 00:00:00 2001 From: Hornwitser Date: Sun, 18 May 2025 22:16:49 +0200 Subject: [PATCH 4/5] Rewrite for Podman based infrastructure Replace Docker buildx based container building with buildah configured for running in a Forgejo runner that's inside a rootless Podman deployment. This also removes kubectl and ansible as my infrastructure is not going to target these technologies for deployment. --- .forgejo/workflows/build.yaml | 99 +++++++++++++++-------------------- .gitlab-ci.yml | 17 ------ Dockerfile | 60 --------------------- Readme.md | 16 +++--- builder.sh | 62 ++++++++++++++++++++++ 5 files changed, 112 insertions(+), 142 deletions(-) delete mode 100644 .gitlab-ci.yml delete mode 100644 Dockerfile create mode 100755 builder.sh diff --git a/.forgejo/workflows/build.yaml b/.forgejo/workflows/build.yaml index a9e6da6..d356930 100644 --- a/.forgejo/workflows/build.yaml +++ b/.forgejo/workflows/build.yaml @@ -1,56 +1,43 @@ -on: [push] -env: - REGISTRY: forgejo.sbox.hornwitser.no - REGISTRY_IMAGE: forgejo.sbox.hornwitser.no/furnavia/builder - -jobs: - build: - runs-on: docker - container: - image: node:20-bookworm - steps: - - - name: Install docker - run: | - apt-get update - apt-get install -y --no-install-recommends ca-certificates curl git - install -m 0755 -d /etc/apt/keyrings - curl -sSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc - chmod a+r /etc/apt/keyrings/docker.asc - echo \ - "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] \ - https://download.docker.com/linux/debian \ - bookworm stable" \ - > /etc/apt/sources.list.d/docker.list - apt-get update - apt-get install -y --no-install-recommends docker-ce-cli docker-buildx-plugin docker-compose-plugin - - - name: Get image tags - id: info - shell: bash - run: | - tee -a ${GITHUB_OUTPUT} < /etc/containers/storage.conf + - + name: Checkout repository + run: | + git config --global credential.helper store + echo "https://runner:${{ secrets.GITHUB_TOKEN }}@$(echo "${{ github.server_url }}" | cut -b 9-)" > ~/.git-credentials + git clone --branch ${{ github.ref_name }} ${{ github.server_url }}/${{ github.repository }} ${{ github.workspace }} + - + name: Authenticate with registry + run: | + echo "${{ secrets.REGISTRY_TOKEN }}" | buildah login ${{ vars.REGISTRY }} --username runner --password-stdin + - + name: Build and push + run: | + export BUILDAH_ISOLATION=chroot + export _BUILDAH_STARTED_IN_USERNS="" + ${{ github.workspace }}/builder.sh ${{ env.REGISTRY_IMAGE }} + buildah push ${{ env.REGISTRY_IMAGE }} diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index 01defa6..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,17 +0,0 @@ -default: - image: docker:24.0.5 - -build: - stage: build - script: - - docker build $CI_PROJECT_DIR - --tag ${REGISTRY_IMAGE}:${CI_COMMIT_REF_SLUG} - $(echo "$CI_COMMIT_TAG" | if grep -q $(date -u '+^r%g\.%-V\.\(0\|[1-9][0-9]*\)$'); - then echo --tag ${REGISTRY_IMAGE}:latest; - fi) - -deploy: - stage: deploy - script: - - echo "$REGISTRY_PASSWORD" | docker login $CI_REGISTRY -u $REGISTRY_USER --password-stdin - - docker push --all-tags ${REGISTRY_IMAGE} diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 2b77912..0000000 --- a/Dockerfile +++ /dev/null @@ -1,60 +0,0 @@ -FROM debian:bookworm - -ARG KUBE_RELEASE=v1.30.2 -ARG YQ_VERSION=v4.44.2 -ARG NODE_VERSION=20.x -ARG PNPM_VERSION=v9.5.0 -ARG UBUNTU_CODENAME=jammy - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - ca-certificates \ - curl \ - git \ - gpg \ - openssh-client \ - ; \ - install -m 0755 -d /etc/apt/keyrings; \ - curl -sSL "https://keyserver.ubuntu.com/pks/lookup?fingerprint=on&op=get&search=0x6125E2A8C77F2818FB7BD15B93C4A3FD7BB9C367" \ - > /etc/apt/keyrings/ansible.asc \ - ; \ - echo \ - "deb [signed-by=/etc/apt/keyrings/ansible.asc] \ - http://ppa.launchpad.net/ansible/ansible/ubuntu \ - $UBUNTU_CODENAME main" \ - > /etc/apt/sources.list.d/ansible.list; \ - curl -sSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc; \ - chmod a+r /etc/apt/keyrings/docker.asc; \ - echo \ - "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] \ - https://download.docker.com/linux/debian \ - bookworm stable" \ - > /etc/apt/sources.list.d/docker.list; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - ansible \ - docker-ce-cli \ - docker-buildx-plugin \ - docker-compose-plugin \ - ; \ - curl --silent --location "https://dl.k8s.io/release/$KUBE_RELEASE/bin/linux/amd64/kubectl" \ - | install --owner=root --group=root --mode=0755 /dev/stdin /usr/local/bin/kubectl \ - ; \ - curl --silent --location "https://github.com/mikefarah/yq/releases/download/$YQ_VERSION/yq_linux_amd64.tar.gz" \ - | tar --extract --gzip --to-stdout ./yq_linux_amd64 \ - | install --owner=root --group=root --mode=0755 /dev/stdin /usr/local/bin/yq \ - ; \ - curl --silent --location "https://deb.nodesource.com/setup_$NODE_VERSION" | bash; \ - apt-get install -y --no-install-recommends nodejs; \ - corepack install --global pnpm@$PNPM_VERSION; \ - corepack enable pnpm; \ - rm -rf /var/lib/apt/lists/* - -# References: -# - ansible: https://docs.ansible.com/ansible/latest/installation_guide/installation_distros.html#installing-ansible-on-debian -# - docker: https://docs.docker.com/engine/install/debian/#install-from-a-package -# - kubectl: https://kubectl.docs.kubernetes.io/installation/kubectl/binaries/ -# - node: https://github.com/nodesource/distributions#installation-instructions-deb -# - pnpm: https://nodejs.org/api/corepack.html#upgrading-the-global-versions -# - yq: https://github.com/mikefarah/yq?tab=readme-ov-file#install diff --git a/Readme.md b/Readme.md index dd1d54d..efa1195 100644 --- a/Readme.md +++ b/Readme.md @@ -1,16 +1,14 @@ # Builder -Common docker image used for running application builds, CI pipelines, and deployment scripts based on Debian 12. +Common container image used for running application builds, CI pipelines, and deployment scripts based on Debian Trixie. ## Tools included -- `ansible` latest - https://www.ansible.com/ -- `docker` latest - https://www.docker.com/ -- `curl` bookworm - https://packages.debian.org/bookworm/curl -- `git` bookworm - https://packages.debian.org/bookworm/git -- `gpg` bookworm - https://packages.debian.org/bookworm/gpg -- `kubectl` v1.30.2 - https://kubectl.docs.kubernetes.io/ -- `node` v20.x - https://nodejs.org/ +- `buildah` trixie - https://packages.debian.org/trixie/buildah +- `curl` trixie - https://packages.debian.org/trixie/curl +- `git` trixie - https://packages.debian.org/trixie/git +- `node` v22.x - https://github.com/nodesource/distributions - `pnpm` v9.5.0 - https://pnpm.io/ -- `ssh` bookworm - https://packages.debian.org/bookworm/openssh-client +- `podman` trixie - https://packages.debian.org/trixie/podman +- `ssh` trixie - https://packages.debian.org/trixie/openssh-client - `yq` v4.44.2 - https://github.com/mikefarah/yq diff --git a/builder.sh b/builder.sh new file mode 100755 index 0000000..87e459e --- /dev/null +++ b/builder.sh @@ -0,0 +1,62 @@ +#!/usr/bin/env bash +set -xe + +YQ_VERSION=v4.44.2 +NODE_VERSION=22.x +PNPM_VERSION=v9.5.0 + +ctr=$(buildah from "docker.io/library/debian:trixie-20250428") +mnt=$(buildah mount $ctr) # Used to verify mounts work + +# Install dependencies +buildah run $ctr -- apt-get update +buildah run $ctr -- apt-get install -y --no-install-recommends \ + buildah \ + ca-certificates \ + containers-storage \ + crun \ + curl \ + git \ + netavark \ + openssh-client \ + podman \ + podman-docker \ +; + +# Configure container storage +shared=/var/lib/shared/storage +buildah run $ctr -- sh -c "sed /usr/share/containers/storage.conf \ + -e '/^additionalimagestores/a"'\ +'" \"$shared\"' \ +> /etc/containers/storage.conf" +buildah run $ctr -- sh -c "\ + mkdir -p $shared/overlay-images $shared/overlay-layers; \ + touch $shared/overlay-images/images.lock; \ + touch $shared/overlay-layers/layers.lock; \ +" + +# yq https://github.com/mikefarah/yq?tab=readme-ov-file#install +buildah run $ctr -- sh -c "curl --silent --location \"https://github.com/mikefarah/yq/releases/download/$YQ_VERSION/yq_linux_amd64.tar.gz\" \ + | tar --extract --gzip --to-stdout ./yq_linux_amd64 \ + | install --owner=root --group=root --mode=0755 /dev/stdin /usr/local/bin/yq \ +;" + +# node https://github.com/nodesource/distributions?tab=readme-ov-file#using-debian-as-root-nodejs-22 +buildah run $ctr -- sh -c "curl --silent --location \"https://deb.nodesource.com/setup_$NODE_VERSION\" | bash" +buildah run $ctr -- apt-get install -y --no-install-recommends nodejs + +# pnpm https://nodejs.org/api/corepack.html#upgrading-the-global-versions +buildah run $ctr -- corepack install --global pnpm@$PNPM_VERSION +buildah run $ctr -- corepack enable pnpm + +# Clear caches +buildah run $ctr -- rm -rf /var/lib/apt/lists/* + +# Config +buildah config \ + --env BUILDAH_ISOLATION=chroot \ + --env _BUILDAH_STARTED_IN_USERNS= \ +$ctr; + +buildah unmount $ctr +buildah commit --rm $ctr $1 From cb076ab796bf88bbf29951a2f7d751909b61b279 Mon Sep 17 00:00:00 2001 From: Hornwitser Date: Sun, 18 May 2025 23:17:30 +0200 Subject: [PATCH 5/5] Tag releases based on .. Move away from the week based increment because I don't use week numbers for anything in my daily life, which makes them hard to evaluate time from, and replace the per week bump with a global increment. This means that it's easy to see at a glance from two version numbers how far appart they are in both time and number of releases. --- tag-release.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tag-release.sh b/tag-release.sh index 24575c1..c5527fa 100644 --- a/tag-release.sh +++ b/tag-release.sh @@ -1,11 +1,11 @@ #!/bin/bash -# Finds the next available r.. identifier for the current year and week -YEAR_WEEK=$(date -u +%g.%-V) -YEAR=${YEAR_WEEK:0:2} -WEEK=${YEAR_WEEK:3} -LAST_BUMP=$(git tag --list | grep '^r'$YEAR'\.'$WEEK'\.\(0\|[1-9][0-9]*\)$' | cut -d . -f 3 | sort -nr | head -n 1) -RELEASE=r${YEAR_WEEK}.$(( ${LAST_BUMP:--1} + 1 )) +# Finds the next available r.. identifier +YEAR_MONTH=$(date -u +%Y.%-m) +YEAR=${YEAR_MONTH:0:4} +MONTH=${YEAR_MONTH:5} +LAST_INCREMENT=$(git tag --list | grep '^r[1-9][0-9]*\.\([1-9]\|1[0-2]\)\.\(0\|[1-9][0-9]*\)$' | cut -d . -f 3 | sort -nr | head -n 1) +RELEASE=r${YEAR_MONTH}.$(( ${LAST_INCREMENT:--1} + 1 )) git tag $RELEASE echo Tagged $RELEASE