public/builder
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Compare commits

base: public:r24.29.0
Branches Tags
public:develop
public:r2025.5.2
public:r24.30.0
public:r24.29.0
..
compare: public:develop
Branches Tags
public:develop
public:r2025.5.2
public:r24.30.0
public:r24.29.0

5 commits
r24.29.0 ... develop

Author SHA1 Message Date
Hornwitser
cb076ab796 Tag releases based on <year>.<month>.<increment>
All checks were successful
/ build (push) Successful in 2m33s
Details 
Move away from the week based increment because I don't use week numbers
for anything in my daily life, which makes them hard to evaluate time
from, and replace the per week bump with a global increment.  This means
that it's easy to see at a glance from two version numbers how far
appart they are in both time and number of releases.
 2025-05-18 23:17:30 +02:00
Hornwitser
402bc210aa Rewrite for Podman based infrastructure
All checks were successful
/ build (push) Successful in 2m28s
Details 
Replace Docker buildx based container building with buildah configured
for running in a Forgejo runner that's inside a rootless Podman
deployment.

This also removes kubectl and ansible as my infrastructure is not going
to target these technologies for deployment.
 2025-05-18 22:44:50 +02:00
Hornwitser
466c9ef7be Document versions included and link to sources 
Add version pinned if pinned to the readme along with links to the
website for each tool included. Add missing links to references used
when creating the Dockerfile.
 2024-08-02 13:34:49 +02:00
Hornwitser
5d235f2e9a Avoid circular dependency in build script 
Use the node image and install docker onto it in the CI pipeline
building the builder image to avoid a circular dependency loop of
requiring the builder image in order to build it.
 2024-08-02 13:14:43 +02:00
Hornwitser
df6cc16f8b Add ansible to builder image 2024-07-29 00:10:36 +02:00
6 changed files with 120 additions and 118 deletions
Download patch file Download diff file Expand all files Collapse all files

64
.forgejo/workflows/build.yaml
View file

@ -1,41 +1,43 @@
on: [push] on:
push:
env: env:
REGISTRY: forgejo.sbox.hornwitser.no REGISTRY_IMAGE: ${{ vars.REGISTRY }}/${{ github.repository }}:${{ github.ref_name }}
REGISTRY_IMAGE: forgejo.sbox.hornwitser.no/furnavia/builder
jobs: jobs:
build: build:
runs-on: docker runs-on: debian
container:
image: sif.g100.hornwitser.no:3000/furnavia/builder:latest
steps: steps:
- -
name: Get image tags name: Install and configure dependencies
id: info
shell: bash
run: | run: |
tee -a ${GITHUB_OUTPUT} <<EOF apt-get update
TAGS<<EOT apt-get install -y --no-install-recommends \
$( buildah \
echo ${{ env.REGISTRY_IMAGE }}:${{ github.ref_name }} ca-certificates \
if [[ "${{ github.ref_name }}" =~ ^r[0-9]+\.[0-9]+\.[0-9]+$ ]]; then containers-storage \
echo ${{ env.REGISTRY_IMAGE }}:latest crun \
elif [[ "${{ github.ref_name }}" == forgejo ]]; then git \
echo ${{ env.REGISTRY_IMAGE }}:development netavark \
fi ;
) shared=/var/lib/shared/storage
EOT sed /usr/share/containers/storage.conf \
EOF -e "/^additionalimagestores/a"'\
'"\"$shared\"" \
> /etc/containers/storage.conf
- -
name: Authenticate name: Checkout repository
uses: docker/login-action@v3 run: |
with: git config --global credential.helper store
username: ${{ secrets.REGISTRY_USERNAME }} echo "https://runner:${{ secrets.GITHUB_TOKEN }}@$(echo "${{ github.server_url }}" | cut -b 9-)" > ~/.git-credentials
password: ${{ secrets.REGISTRY_TOKEN }} git clone --branch ${{ github.ref_name }} ${{ github.server_url }}/${{ github.repository }} ${{ github.workspace }}
registry: ${{ env.REGISTRY }} -
name: Authenticate with registry
run: |
echo "${{ secrets.REGISTRY_TOKEN }}" | buildah login ${{ vars.REGISTRY }} --username runner --password-stdin
- -
name: Build and push name: Build and push
uses: docker/build-push-action@v6 run: |
with: export BUILDAH_ISOLATION=chroot
push: true export _BUILDAH_STARTED_IN_USERNS=""
tags: ${{ steps.info.outputs.TAGS }} ${{ github.workspace }}/builder.sh ${{ env.REGISTRY_IMAGE }}
buildah push ${{ env.REGISTRY_IMAGE }}

17
.gitlab-ci.yml
View file

@ -1,17 +0,0 @@
default:
image: docker:24.0.5
build:
stage: build
script:
- docker build $CI_PROJECT_DIR
--tag ${REGISTRY_IMAGE}:${CI_COMMIT_REF_SLUG}
$(echo "$CI_COMMIT_TAG" | if grep -q $(date -u '+^r%g\.%-V\.\(0\|[1-9][0-9]*\)$');
then echo --tag ${REGISTRY_IMAGE}:latest;
fi)
deploy:
stage: deploy
script:
- echo "$REGISTRY_PASSWORD" | docker login $CI_REGISTRY -u $REGISTRY_USER --password-stdin
- docker push --all-tags ${REGISTRY_IMAGE}

45
Dockerfile
View file

@ -1,45 +0,0 @@
FROM debian:bookworm
ARG KUBE_RELEASE=v1.30.2
ARG YQ_VERSION=v4.44.2
ARG NODE_VERSION=20.x
ARG PNPM_VERSION=v9.5.0
RUN set -eux; \
apt-get update; \
apt-get install -y --no-install-recommends \
ca-certificates \
curl \
git \
openssh-client \
; \
install -m 0755 -d /etc/apt/keyrings; \
curl -sSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc; \
chmod a+r /etc/apt/keyrings/docker.asc; \
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] \
https://download.docker.com/linux/debian \
bookworm stable" \
> /etc/apt/sources.list.d/docker.list; \
apt-get update; \
apt-get install -y --no-install-recommends \
docker-ce-cli \
docker-buildx-plugin \
docker-compose-plugin \
; \
curl --silent --location "https://dl.k8s.io/release/$KUBE_RELEASE/bin/linux/amd64/kubectl" \
| install --owner=root --group=root --mode=0755 /dev/stdin /usr/local/bin/kubectl \
; \
curl --silent --location "https://github.com/mikefarah/yq/releases/download/$YQ_VERSION/yq_linux_amd64.tar.gz" \
| tar --extract --gzip --to-stdout ./yq_linux_amd64 \
| install --owner=root --group=root --mode=0755 /dev/stdin /usr/local/bin/yq \
; \
curl --silent --location "https://deb.nodesource.com/setup_$NODE_VERSION" | bash; \
apt-get install -y --no-install-recommends nodejs; \
corepack install --global pnpm@$PNPM_VERSION; \
corepack enable pnpm; \
rm -rf /var/lib/apt/lists/*
# References:
# - docker: https://docs.docker.com/engine/install/debian/#install-from-a-package
# - node: https://github.com/nodesource/distributions#installation-instructions-deb

18
Readme.md
View file

@ -1,14 +1,14 @@
# Builder # Builder
Common docker image used for running application builds, CI pipelines, and deployment scripts based on Debian 12. Common container image used for running application builds, CI pipelines, and deployment scripts based on Debian Trixie.
## Tools included ## Tools included
- `docker` - `buildah` trixie - https://packages.debian.org/trixie/buildah
- `curl` - `curl` trixie - https://packages.debian.org/trixie/curl
- `git` - `git` trixie - https://packages.debian.org/trixie/git
- `kubectl` - `node` v22.x - https://github.com/nodesource/distributions
- `node` - `pnpm` v9.5.0 - https://pnpm.io/
- `pnpm` - `podman` trixie - https://packages.debian.org/trixie/podman
- `ssh` - `ssh` trixie - https://packages.debian.org/trixie/openssh-client
- `yq` - https://github.com/mikefarah/yq - `yq` v4.44.2 - https://github.com/mikefarah/yq

62
builder.sh Executable file
View file

@ -0,0 +1,62 @@
#!/usr/bin/env bash
set -xe
YQ_VERSION=v4.44.2
NODE_VERSION=22.x
PNPM_VERSION=v9.5.0
ctr=$(buildah from "docker.io/library/debian:trixie-20250428")
mnt=$(buildah mount $ctr) # Used to verify mounts work
# Install dependencies
buildah run $ctr -- apt-get update
buildah run $ctr -- apt-get install -y --no-install-recommends \
buildah \
ca-certificates \
containers-storage \
crun \
curl \
git \
netavark \
openssh-client \
podman \
podman-docker \
;
# Configure container storage
shared=/var/lib/shared/storage
buildah run $ctr -- sh -c "sed /usr/share/containers/storage.conf \
-e '/^additionalimagestores/a"'\
'" \"$shared\"' \
> /etc/containers/storage.conf"
buildah run $ctr -- sh -c "\
mkdir -p $shared/overlay-images $shared/overlay-layers; \
touch $shared/overlay-images/images.lock; \
touch $shared/overlay-layers/layers.lock; \
"
# yq https://github.com/mikefarah/yq?tab=readme-ov-file#install
buildah run $ctr -- sh -c "curl --silent --location \"https://github.com/mikefarah/yq/releases/download/$YQ_VERSION/yq_linux_amd64.tar.gz\" \
| tar --extract --gzip --to-stdout ./yq_linux_amd64 \
| install --owner=root --group=root --mode=0755 /dev/stdin /usr/local/bin/yq \
;"
# node https://github.com/nodesource/distributions?tab=readme-ov-file#using-debian-as-root-nodejs-22
buildah run $ctr -- sh -c "curl --silent --location \"https://deb.nodesource.com/setup_$NODE_VERSION\" | bash"
buildah run $ctr -- apt-get install -y --no-install-recommends nodejs
# pnpm https://nodejs.org/api/corepack.html#upgrading-the-global-versions
buildah run $ctr -- corepack install --global pnpm@$PNPM_VERSION
buildah run $ctr -- corepack enable pnpm
# Clear caches
buildah run $ctr -- rm -rf /var/lib/apt/lists/*
# Config
buildah config \
--env BUILDAH_ISOLATION=chroot \
--env _BUILDAH_STARTED_IN_USERNS= \
$ctr;
buildah unmount $ctr
buildah commit --rm $ctr $1

12
tag-release.sh
View file

@ -1,11 +1,11 @@
#!/bin/bash #!/bin/bash
# Finds the next available r<year>.<week>.<bump> identifier for the current year and week # Finds the next available r<year>.<month>.<increment> identifier
YEAR_WEEK=$(date -u +%g.%-V) YEAR_MONTH=$(date -u +%Y.%-m)
YEAR=${YEAR_WEEK:0:2} YEAR=${YEAR_MONTH:0:4}
WEEK=${YEAR_WEEK:3} MONTH=${YEAR_MONTH:5}
LAST_BUMP=$(git tag --list | grep '^r'$YEAR'\.'$WEEK'\.\(0\|[1-9][0-9]*\)$' | cut -d . -f 3 | sort -nr | head -n 1) LAST_INCREMENT=$(git tag --list | grep '^r[1-9][0-9]*\.\([1-9]\|1[0-2]\)\.\(0\|[1-9][0-9]*\)$' | cut -d . -f 3 | sort -nr | head -n 1)
RELEASE=r${YEAR_WEEK}.$(( ${LAST_BUMP:--1} + 1 )) RELEASE=r${YEAR_MONTH}.$(( ${LAST_INCREMENT:--1} + 1 ))
git tag $RELEASE git tag $RELEASE
echo Tagged $RELEASE echo Tagged $RELEASE