-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
GHA workflow that builds CI base image (#20)
* GHA workflow that builds CI base image Co-authored-by: Al Berez <[email protected]> Co-authored-by: Michael Chinigo <[email protected]>
- Loading branch information
Showing
4 changed files
with
3,561 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
name: Ensure CI image | ||
|
||
on: | ||
workflow_dispatch: | ||
|
||
env: | ||
IMAGE_REGISTRY: ghcr.io | ||
CI_DOCKERFILE_DIR: ./ci # Relative to project root | ||
CI_DOCKERFILE_PATH: Dockerfile # Relative to CI_DOCKERFILE_DIR | ||
CI_DOCKERFILE_MOST_RECENT_SHA: # Determined dynamically later on | ||
|
||
jobs: | ||
calculate-latest-label: | ||
runs-on: ubuntu-latest | ||
|
||
permissions: | ||
contents: read | ||
|
||
outputs: | ||
ci_dockerfile_latest_sha: ${{ steps.calculate_latest_sha.outputs.ci_dockerfile_latest_sha }} | ||
|
||
steps: | ||
- name: Checkout repo | ||
uses: actions/checkout@v4 | ||
|
||
- name: Calculate label for CI image | ||
id: calculate_latest_sha | ||
env: | ||
IMAGE_NAME: ${{ github.repository }} | ||
run: | | ||
dockerfile_path=${CI_DOCKERFILE_DIR}/${CI_DOCKERFILE_PATH} | ||
[[ ! -f ${dockerfile_path} ]] && echo "Could not find Dockerfile at ${dockerfile_path}" 1>&2 && exit 1 | ||
echo "ci_dockerfile_latest_sha=$(git log --max-count 1 --pretty=format:%H "${dockerfile_path}")" >> $GITHUB_OUTPUT | ||
build-and-push-ci-image: | ||
runs-on: ubuntu-latest | ||
|
||
permissions: | ||
contents: read | ||
packages: write | ||
|
||
needs: | ||
- calculate-latest-label | ||
|
||
steps: | ||
- name: Checkout repo | ||
uses: actions/checkout@v4 | ||
|
||
- name: Login to GitHub container registry | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ${{ env.IMAGE_REGISTRY }} | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
|
||
- name: Extract metadata | ||
uses: docker/metadata-action@v5 | ||
id: meta | ||
with: | ||
images: ${{ env.IMAGE_REGISTRY }}/${{ github.repository }}-ci | ||
tags: | | ||
type=raw,value=${{ needs.calculate-latest-label.outputs.ci_dockerfile_latest_sha }} | ||
type=raw,value=${{ github.ref_name }}-latest | ||
- name: Build and push CI image | ||
uses: docker/build-push-action@v5 | ||
with: | ||
push: true | ||
context: ${{ env.CI_DOCKERFILE_DIR }}/.. | ||
file: ${{ env.CI_DOCKERFILE_DIR }}/${{ env.CI_DOCKERFILE_PATH }} | ||
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,95 @@ | ||
FROM summerwind/actions-runner:latest | ||
|
||
ENV bbl_version 8.4.111 | ||
ENV bosh_cli_version 7.2.3 | ||
ENV NODE_VERSION 22.2.0 | ||
ENV terraform_version 0.11.5 | ||
|
||
USER root | ||
RUN usermod -a -G sudo root | ||
|
||
ENV PATH="./node_modules/.bin:/node_modules/.bin:${PATH}" | ||
|
||
RUN \ | ||
apt-get update && \ | ||
apt-get -y install \ | ||
shellcheck \ | ||
yamllint && \ | ||
apt list --installed | ||
|
||
COPY package.json \ | ||
package-lock.json \ | ||
./ | ||
|
||
RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ | ||
&& case "${dpkgArch##*-}" in \ | ||
amd64) ARCH='x64';; \ | ||
ppc64el) ARCH='ppc64le';; \ | ||
s390x) ARCH='s390x';; \ | ||
arm64) ARCH='arm64';; \ | ||
armhf) ARCH='armv7l';; \ | ||
i386) ARCH='x86';; \ | ||
*) echo "unsupported architecture"; exit 1 ;; \ | ||
esac \ | ||
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 | ||
&& export GNUPGHOME="$(mktemp -d)" \ | ||
# gpg keys listed at https://github.com/nodejs/node#release-keys | ||
&& set -ex \ | ||
&& for key in \ | ||
4ED778F539E3634C779C87C6D7062848A1AB005C \ | ||
141F07595B7B3FFE74309A937405533BE57C7D57 \ | ||
74F12602B6F1C4E913FAA37AD3A89613643B6201 \ | ||
DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ | ||
61FC681DFB92A079F1685E77973F295594EC4689 \ | ||
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ | ||
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ | ||
890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ | ||
C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ | ||
108F52B48DB57BB0CC439B2997B01419BD92F80A \ | ||
A363A499291CBBC940DD62E41F10027AF002F8B0 \ | ||
CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ | ||
; do \ | ||
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \ | ||
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \ | ||
done \ | ||
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ | ||
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ | ||
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ | ||
&& gpgconf --kill all \ | ||
&& rm -rf "$GNUPGHOME" \ | ||
&& grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ | ||
&& tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ | ||
&& rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ | ||
&& ln -s /usr/local/bin/node /usr/local/bin/nodejs \ | ||
# smoke tests | ||
&& node --version \ | ||
&& npm --version \ | ||
&& npm install-clean | ||
|
||
# bosh-cli | ||
RUN \ | ||
wget --no-verbose https://s3.amazonaws.com/bosh-cli-artifacts/bosh-cli-${bosh_cli_version}-linux-amd64 --output-document="/usr/local/bin/bosh" && \ | ||
chmod +x /usr/local/bin/bosh | ||
|
||
# bbl and dependencies | ||
RUN \ | ||
wget --no-verbose https://github.com/cloudfoundry/bosh-bootloader/releases/download/v${bbl_version}/bbl-v${bbl_version}_linux_x86-64 -P /tmp && \ | ||
mv /tmp/bbl-* /usr/local/bin/bbl && \ | ||
cd /usr/local/bin && \ | ||
chmod +x bbl | ||
|
||
RUN \ | ||
wget --no-verbose https://github.com/cloudfoundry/bosh-bootloader/archive/v${bbl_version}.tar.gz -P /tmp && \ | ||
mkdir -p /var/repos/bosh-bootloader && \ | ||
tar xvf /tmp/v${bbl_version}.tar.gz --strip-components=1 -C /var/repos/bosh-bootloader && \ | ||
rm -rf /tmp/* | ||
|
||
RUN \ | ||
wget --no-verbose "https://releases.hashicorp.com/terraform/${terraform_version}/terraform_${terraform_version}_linux_amd64.zip" -P /tmp && \ | ||
cd /tmp && \ | ||
curl https://releases.hashicorp.com/terraform/${terraform_version}/terraform_${terraform_version}_SHA256SUMS | grep linux_amd64 | shasum -c - && \ | ||
unzip "/tmp/terraform_${terraform_version}_linux_amd64.zip" -d /tmp && \ | ||
mv /tmp/terraform /usr/local/bin/terraform && \ | ||
cd /usr/local/bin && \ | ||
chmod +x terraform && \ | ||
rm -rf /tmp/* |
Oops, something went wrong.