Skip to content

Commit

Permalink
GHA workflow that builds CI base image (#20)
Browse files Browse the repository at this point in the history
* GHA workflow that builds CI base image

Co-authored-by:  Al Berez <[email protected]>
Co-authored-by: Michael Chinigo <[email protected]>
  • Loading branch information
a-b and chinigo authored Jun 14, 2024
1 parent d14848f commit 4e9434d
Show file tree
Hide file tree
Showing 4 changed files with 3,561 additions and 0 deletions.
77 changes: 77 additions & 0 deletions .github/workflows/ensure-ci-image.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
name: Ensure CI image

on:
workflow_dispatch:

env:
IMAGE_REGISTRY: ghcr.io
CI_DOCKERFILE_DIR: ./ci # Relative to project root
CI_DOCKERFILE_PATH: Dockerfile # Relative to CI_DOCKERFILE_DIR
CI_DOCKERFILE_MOST_RECENT_SHA: # Determined dynamically later on

jobs:
calculate-latest-label:
runs-on: ubuntu-latest

permissions:
contents: read

outputs:
ci_dockerfile_latest_sha: ${{ steps.calculate_latest_sha.outputs.ci_dockerfile_latest_sha }}

steps:
- name: Checkout repo
uses: actions/checkout@v4

- name: Calculate label for CI image
id: calculate_latest_sha
env:
IMAGE_NAME: ${{ github.repository }}
run: |
dockerfile_path=${CI_DOCKERFILE_DIR}/${CI_DOCKERFILE_PATH}
[[ ! -f ${dockerfile_path} ]] && echo "Could not find Dockerfile at ${dockerfile_path}" 1>&2 && exit 1
echo "ci_dockerfile_latest_sha=$(git log --max-count 1 --pretty=format:%H "${dockerfile_path}")" >> $GITHUB_OUTPUT
build-and-push-ci-image:
runs-on: ubuntu-latest

permissions:
contents: read
packages: write

needs:
- calculate-latest-label

steps:
- name: Checkout repo
uses: actions/checkout@v4

- name: Login to GitHub container registry
uses: docker/login-action@v3
with:
registry: ${{ env.IMAGE_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Extract metadata
uses: docker/metadata-action@v5
id: meta
with:
images: ${{ env.IMAGE_REGISTRY }}/${{ github.repository }}-ci
tags: |
type=raw,value=${{ needs.calculate-latest-label.outputs.ci_dockerfile_latest_sha }}
type=raw,value=${{ github.ref_name }}-latest
- name: Build and push CI image
uses: docker/build-push-action@v5
with:
push: true
context: ${{ env.CI_DOCKERFILE_DIR }}/..
file: ${{ env.CI_DOCKERFILE_DIR }}/${{ env.CI_DOCKERFILE_PATH }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
95 changes: 95 additions & 0 deletions ci/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
FROM summerwind/actions-runner:latest

ENV bbl_version 8.4.111
ENV bosh_cli_version 7.2.3
ENV NODE_VERSION 22.2.0
ENV terraform_version 0.11.5

USER root
RUN usermod -a -G sudo root

ENV PATH="./node_modules/.bin:/node_modules/.bin:${PATH}"

RUN \
apt-get update && \
apt-get -y install \
shellcheck \
yamllint && \
apt list --installed

COPY package.json \
package-lock.json \
./

RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
&& case "${dpkgArch##*-}" in \
amd64) ARCH='x64';; \
ppc64el) ARCH='ppc64le';; \
s390x) ARCH='s390x';; \
arm64) ARCH='arm64';; \
armhf) ARCH='armv7l';; \
i386) ARCH='x86';; \
*) echo "unsupported architecture"; exit 1 ;; \
esac \
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
&& export GNUPGHOME="$(mktemp -d)" \
# gpg keys listed at https://github.com/nodejs/node#release-keys
&& set -ex \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
141F07595B7B3FFE74309A937405533BE57C7D57 \
74F12602B6F1C4E913FAA37AD3A89613643B6201 \
DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \
61FC681DFB92A079F1685E77973F295594EC4689 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \
C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
108F52B48DB57BB0CC439B2997B01419BD92F80A \
A363A499291CBBC940DD62E41F10027AF002F8B0 \
CC68F5A3106FF448322E48ED27F5E38D5B0A215F \
; do \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \
done \
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
&& gpgconf --kill all \
&& rm -rf "$GNUPGHOME" \
&& grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
&& tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
&& rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
&& ln -s /usr/local/bin/node /usr/local/bin/nodejs \
# smoke tests
&& node --version \
&& npm --version \
&& npm install-clean

# bosh-cli
RUN \
wget --no-verbose https://s3.amazonaws.com/bosh-cli-artifacts/bosh-cli-${bosh_cli_version}-linux-amd64 --output-document="/usr/local/bin/bosh" && \
chmod +x /usr/local/bin/bosh

# bbl and dependencies
RUN \
wget --no-verbose https://github.com/cloudfoundry/bosh-bootloader/releases/download/v${bbl_version}/bbl-v${bbl_version}_linux_x86-64 -P /tmp && \
mv /tmp/bbl-* /usr/local/bin/bbl && \
cd /usr/local/bin && \
chmod +x bbl

RUN \
wget --no-verbose https://github.com/cloudfoundry/bosh-bootloader/archive/v${bbl_version}.tar.gz -P /tmp && \
mkdir -p /var/repos/bosh-bootloader && \
tar xvf /tmp/v${bbl_version}.tar.gz --strip-components=1 -C /var/repos/bosh-bootloader && \
rm -rf /tmp/*

RUN \
wget --no-verbose "https://releases.hashicorp.com/terraform/${terraform_version}/terraform_${terraform_version}_linux_amd64.zip" -P /tmp && \
cd /tmp && \
curl https://releases.hashicorp.com/terraform/${terraform_version}/terraform_${terraform_version}_SHA256SUMS | grep linux_amd64 | shasum -c - && \
unzip "/tmp/terraform_${terraform_version}_linux_amd64.zip" -d /tmp && \
mv /tmp/terraform /usr/local/bin/terraform && \
cd /usr/local/bin && \
chmod +x terraform && \
rm -rf /tmp/*
Loading

0 comments on commit 4e9434d

Please sign in to comment.