Compare commits
No commits in common. "develop" and "r24.29.0" have entirely different histories.
6 changed files with 118 additions and 120 deletions
|
|
@ -1,43 +1,41 @@
|
||||||
on:
|
on: [push]
|
||||||
push:
|
env:
|
||||||
env:
|
REGISTRY: forgejo.sbox.hornwitser.no
|
||||||
REGISTRY_IMAGE: ${{ vars.REGISTRY }}/${{ github.repository }}:${{ github.ref_name }}
|
REGISTRY_IMAGE: forgejo.sbox.hornwitser.no/furnavia/builder
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build:
|
build:
|
||||||
runs-on: debian
|
runs-on: docker
|
||||||
steps:
|
container:
|
||||||
-
|
image: sif.g100.hornwitser.no:3000/furnavia/builder:latest
|
||||||
name: Install and configure dependencies
|
steps:
|
||||||
run: |
|
-
|
||||||
apt-get update
|
name: Get image tags
|
||||||
apt-get install -y --no-install-recommends \
|
id: info
|
||||||
buildah \
|
shell: bash
|
||||||
ca-certificates \
|
run: |
|
||||||
containers-storage \
|
tee -a ${GITHUB_OUTPUT} <<EOF
|
||||||
crun \
|
TAGS<<EOT
|
||||||
git \
|
$(
|
||||||
netavark \
|
echo ${{ env.REGISTRY_IMAGE }}:${{ github.ref_name }}
|
||||||
;
|
if [[ "${{ github.ref_name }}" =~ ^r[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
|
||||||
shared=/var/lib/shared/storage
|
echo ${{ env.REGISTRY_IMAGE }}:latest
|
||||||
sed /usr/share/containers/storage.conf \
|
elif [[ "${{ github.ref_name }}" == forgejo ]]; then
|
||||||
-e "/^additionalimagestores/a"'\
|
echo ${{ env.REGISTRY_IMAGE }}:development
|
||||||
'"\"$shared\"" \
|
fi
|
||||||
> /etc/containers/storage.conf
|
)
|
||||||
-
|
EOT
|
||||||
name: Checkout repository
|
EOF
|
||||||
run: |
|
-
|
||||||
git config --global credential.helper store
|
name: Authenticate
|
||||||
echo "https://runner:${{ secrets.GITHUB_TOKEN }}@$(echo "${{ github.server_url }}" | cut -b 9-)" > ~/.git-credentials
|
uses: docker/login-action@v3
|
||||||
git clone --branch ${{ github.ref_name }} ${{ github.server_url }}/${{ github.repository }} ${{ github.workspace }}
|
with:
|
||||||
-
|
username: ${{ secrets.REGISTRY_USERNAME }}
|
||||||
name: Authenticate with registry
|
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||||
run: |
|
registry: ${{ env.REGISTRY }}
|
||||||
echo "${{ secrets.REGISTRY_TOKEN }}" | buildah login ${{ vars.REGISTRY }} --username runner --password-stdin
|
-
|
||||||
-
|
name: Build and push
|
||||||
name: Build and push
|
uses: docker/build-push-action@v6
|
||||||
run: |
|
with:
|
||||||
export BUILDAH_ISOLATION=chroot
|
push: true
|
||||||
export _BUILDAH_STARTED_IN_USERNS=""
|
tags: ${{ steps.info.outputs.TAGS }}
|
||||||
${{ github.workspace }}/builder.sh ${{ env.REGISTRY_IMAGE }}
|
|
||||||
buildah push ${{ env.REGISTRY_IMAGE }}
|
|
||||||
|
|
|
||||||
17
.gitlab-ci.yml
Normal file
17
.gitlab-ci.yml
Normal file
|
|
@ -0,0 +1,17 @@
|
||||||
|
default:
|
||||||
|
image: docker:24.0.5
|
||||||
|
|
||||||
|
build:
|
||||||
|
stage: build
|
||||||
|
script:
|
||||||
|
- docker build $CI_PROJECT_DIR
|
||||||
|
--tag ${REGISTRY_IMAGE}:${CI_COMMIT_REF_SLUG}
|
||||||
|
$(echo "$CI_COMMIT_TAG" | if grep -q $(date -u '+^r%g\.%-V\.\(0\|[1-9][0-9]*\)$');
|
||||||
|
then echo --tag ${REGISTRY_IMAGE}:latest;
|
||||||
|
fi)
|
||||||
|
|
||||||
|
deploy:
|
||||||
|
stage: deploy
|
||||||
|
script:
|
||||||
|
- echo "$REGISTRY_PASSWORD" | docker login $CI_REGISTRY -u $REGISTRY_USER --password-stdin
|
||||||
|
- docker push --all-tags ${REGISTRY_IMAGE}
|
||||||
45
Dockerfile
Normal file
45
Dockerfile
Normal file
|
|
@ -0,0 +1,45 @@
|
||||||
|
FROM debian:bookworm
|
||||||
|
|
||||||
|
ARG KUBE_RELEASE=v1.30.2
|
||||||
|
ARG YQ_VERSION=v4.44.2
|
||||||
|
ARG NODE_VERSION=20.x
|
||||||
|
ARG PNPM_VERSION=v9.5.0
|
||||||
|
|
||||||
|
RUN set -eux; \
|
||||||
|
apt-get update; \
|
||||||
|
apt-get install -y --no-install-recommends \
|
||||||
|
ca-certificates \
|
||||||
|
curl \
|
||||||
|
git \
|
||||||
|
openssh-client \
|
||||||
|
; \
|
||||||
|
install -m 0755 -d /etc/apt/keyrings; \
|
||||||
|
curl -sSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc; \
|
||||||
|
chmod a+r /etc/apt/keyrings/docker.asc; \
|
||||||
|
echo \
|
||||||
|
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] \
|
||||||
|
https://download.docker.com/linux/debian \
|
||||||
|
bookworm stable" \
|
||||||
|
> /etc/apt/sources.list.d/docker.list; \
|
||||||
|
apt-get update; \
|
||||||
|
apt-get install -y --no-install-recommends \
|
||||||
|
docker-ce-cli \
|
||||||
|
docker-buildx-plugin \
|
||||||
|
docker-compose-plugin \
|
||||||
|
; \
|
||||||
|
curl --silent --location "https://dl.k8s.io/release/$KUBE_RELEASE/bin/linux/amd64/kubectl" \
|
||||||
|
| install --owner=root --group=root --mode=0755 /dev/stdin /usr/local/bin/kubectl \
|
||||||
|
; \
|
||||||
|
curl --silent --location "https://github.com/mikefarah/yq/releases/download/$YQ_VERSION/yq_linux_amd64.tar.gz" \
|
||||||
|
| tar --extract --gzip --to-stdout ./yq_linux_amd64 \
|
||||||
|
| install --owner=root --group=root --mode=0755 /dev/stdin /usr/local/bin/yq \
|
||||||
|
; \
|
||||||
|
curl --silent --location "https://deb.nodesource.com/setup_$NODE_VERSION" | bash; \
|
||||||
|
apt-get install -y --no-install-recommends nodejs; \
|
||||||
|
corepack install --global pnpm@$PNPM_VERSION; \
|
||||||
|
corepack enable pnpm; \
|
||||||
|
rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
# References:
|
||||||
|
# - docker: https://docs.docker.com/engine/install/debian/#install-from-a-package
|
||||||
|
# - node: https://github.com/nodesource/distributions#installation-instructions-deb
|
||||||
18
Readme.md
18
Readme.md
|
|
@ -1,14 +1,14 @@
|
||||||
# Builder
|
# Builder
|
||||||
|
|
||||||
Common container image used for running application builds, CI pipelines, and deployment scripts based on Debian Trixie.
|
Common docker image used for running application builds, CI pipelines, and deployment scripts based on Debian 12.
|
||||||
|
|
||||||
## Tools included
|
## Tools included
|
||||||
|
|
||||||
- `buildah` trixie - https://packages.debian.org/trixie/buildah
|
- `docker`
|
||||||
- `curl` trixie - https://packages.debian.org/trixie/curl
|
- `curl`
|
||||||
- `git` trixie - https://packages.debian.org/trixie/git
|
- `git`
|
||||||
- `node` v22.x - https://github.com/nodesource/distributions
|
- `kubectl`
|
||||||
- `pnpm` v9.5.0 - https://pnpm.io/
|
- `node`
|
||||||
- `podman` trixie - https://packages.debian.org/trixie/podman
|
- `pnpm`
|
||||||
- `ssh` trixie - https://packages.debian.org/trixie/openssh-client
|
- `ssh`
|
||||||
- `yq` v4.44.2 - https://github.com/mikefarah/yq
|
- `yq` - https://github.com/mikefarah/yq
|
||||||
|
|
|
||||||
62
builder.sh
62
builder.sh
|
|
@ -1,62 +0,0 @@
|
||||||
#!/usr/bin/env bash
|
|
||||||
set -xe
|
|
||||||
|
|
||||||
YQ_VERSION=v4.44.2
|
|
||||||
NODE_VERSION=22.x
|
|
||||||
PNPM_VERSION=v9.5.0
|
|
||||||
|
|
||||||
ctr=$(buildah from "docker.io/library/debian:trixie-20250428")
|
|
||||||
mnt=$(buildah mount $ctr) # Used to verify mounts work
|
|
||||||
|
|
||||||
# Install dependencies
|
|
||||||
buildah run $ctr -- apt-get update
|
|
||||||
buildah run $ctr -- apt-get install -y --no-install-recommends \
|
|
||||||
buildah \
|
|
||||||
ca-certificates \
|
|
||||||
containers-storage \
|
|
||||||
crun \
|
|
||||||
curl \
|
|
||||||
git \
|
|
||||||
netavark \
|
|
||||||
openssh-client \
|
|
||||||
podman \
|
|
||||||
podman-docker \
|
|
||||||
;
|
|
||||||
|
|
||||||
# Configure container storage
|
|
||||||
shared=/var/lib/shared/storage
|
|
||||||
buildah run $ctr -- sh -c "sed /usr/share/containers/storage.conf \
|
|
||||||
-e '/^additionalimagestores/a"'\
|
|
||||||
'" \"$shared\"' \
|
|
||||||
> /etc/containers/storage.conf"
|
|
||||||
buildah run $ctr -- sh -c "\
|
|
||||||
mkdir -p $shared/overlay-images $shared/overlay-layers; \
|
|
||||||
touch $shared/overlay-images/images.lock; \
|
|
||||||
touch $shared/overlay-layers/layers.lock; \
|
|
||||||
"
|
|
||||||
|
|
||||||
# yq https://github.com/mikefarah/yq?tab=readme-ov-file#install
|
|
||||||
buildah run $ctr -- sh -c "curl --silent --location \"https://github.com/mikefarah/yq/releases/download/$YQ_VERSION/yq_linux_amd64.tar.gz\" \
|
|
||||||
| tar --extract --gzip --to-stdout ./yq_linux_amd64 \
|
|
||||||
| install --owner=root --group=root --mode=0755 /dev/stdin /usr/local/bin/yq \
|
|
||||||
;"
|
|
||||||
|
|
||||||
# node https://github.com/nodesource/distributions?tab=readme-ov-file#using-debian-as-root-nodejs-22
|
|
||||||
buildah run $ctr -- sh -c "curl --silent --location \"https://deb.nodesource.com/setup_$NODE_VERSION\" | bash"
|
|
||||||
buildah run $ctr -- apt-get install -y --no-install-recommends nodejs
|
|
||||||
|
|
||||||
# pnpm https://nodejs.org/api/corepack.html#upgrading-the-global-versions
|
|
||||||
buildah run $ctr -- corepack install --global pnpm@$PNPM_VERSION
|
|
||||||
buildah run $ctr -- corepack enable pnpm
|
|
||||||
|
|
||||||
# Clear caches
|
|
||||||
buildah run $ctr -- rm -rf /var/lib/apt/lists/*
|
|
||||||
|
|
||||||
# Config
|
|
||||||
buildah config \
|
|
||||||
--env BUILDAH_ISOLATION=chroot \
|
|
||||||
--env _BUILDAH_STARTED_IN_USERNS= \
|
|
||||||
$ctr;
|
|
||||||
|
|
||||||
buildah unmount $ctr
|
|
||||||
buildah commit --rm $ctr $1
|
|
||||||
|
|
@ -1,11 +1,11 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
# Finds the next available r<year>.<month>.<increment> identifier
|
# Finds the next available r<year>.<week>.<bump> identifier for the current year and week
|
||||||
YEAR_MONTH=$(date -u +%Y.%-m)
|
YEAR_WEEK=$(date -u +%g.%-V)
|
||||||
YEAR=${YEAR_MONTH:0:4}
|
YEAR=${YEAR_WEEK:0:2}
|
||||||
MONTH=${YEAR_MONTH:5}
|
WEEK=${YEAR_WEEK:3}
|
||||||
LAST_INCREMENT=$(git tag --list | grep '^r[1-9][0-9]*\.\([1-9]\|1[0-2]\)\.\(0\|[1-9][0-9]*\)$' | cut -d . -f 3 | sort -nr | head -n 1)
|
LAST_BUMP=$(git tag --list | grep '^r'$YEAR'\.'$WEEK'\.\(0\|[1-9][0-9]*\)$' | cut -d . -f 3 | sort -nr | head -n 1)
|
||||||
RELEASE=r${YEAR_MONTH}.$(( ${LAST_INCREMENT:--1} + 1 ))
|
RELEASE=r${YEAR_WEEK}.$(( ${LAST_BUMP:--1} + 1 ))
|
||||||
|
|
||||||
git tag $RELEASE
|
git tag $RELEASE
|
||||||
echo Tagged $RELEASE
|
echo Tagged $RELEASE
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue