From 3ee1511de55312636b57a9a14e09b3674dcfc652 Mon Sep 17 00:00:00 2001 From: Sebastian Tobie Date: Sun, 2 Feb 2025 10:47:58 +0100 Subject: [PATCH] made the images for building packages --- .editorconfig | 12 ++++ .forgejo/workflows/steps/push/action.yml | 53 +++++++++++++++ .../workflows/workflows/container-build.yml | 65 +++++++++++++++++++ .gitignore | 3 + .shellcheckrc | 1 + README.md | 2 + build_arch.sh | 8 +++ build_debian.sh | 22 +++++++ build_ubi.sh | 23 +++++++ common.sh | 16 +++++ repos/debian.list | 1 + 11 files changed, 206 insertions(+) create mode 100644 .editorconfig create mode 100644 .forgejo/workflows/steps/push/action.yml create mode 100644 .forgejo/workflows/workflows/container-build.yml create mode 100644 .gitignore create mode 100644 .shellcheckrc create mode 100644 README.md create mode 100755 build_arch.sh create mode 100755 build_debian.sh create mode 100755 build_ubi.sh create mode 100644 common.sh create mode 100644 repos/debian.list diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..bb53136 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,12 @@ +# EditorConfig is awesome: https://EditorConfig.org + +# top-most EditorConfig file +root = true + +[*] +indent_style = space +indent_size = 4 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = true \ No newline at end of file diff --git a/.forgejo/workflows/steps/push/action.yml b/.forgejo/workflows/steps/push/action.yml new file mode 100644 index 0000000..720c865 --- /dev/null +++ b/.forgejo/workflows/steps/push/action.yml @@ -0,0 +1,53 @@ +author: Sebastian Tobie +description: pushes images via skopeo to an target +name: push images + +inputs: + tags: + required: true + description: tags that are send to the registry + registry: + required: true + description: "the desired registry, default is the forgejo instance" + path: + required: true + description: "path under the registry for the image" + image: + required: true + description: | + the image that is copied with the storage. + Examples: + + - dir:image + - container-storage:image:tag + - docker://registry/path:tag + username: + default: USER + description: "Username in case its important" + password: + required: true + description: "password for authentication" + +runs: + using: composite + steps: + - name: login + shell: sh + run: 'skopeo login -u "${{ inputs.username }}" -p "${{ inputs.password }}" ${{ inputs.registry }}' + env: + REGISTRY_AUTH_FILE: ${{env.RUNNER_TEMP}}/auth.json + - name: skopeo copy + shell: sh + env: + REGISTRY_AUTH_FILE: ${{env.RUNNER_TEMP}}/auth.json + REGISTRY: "${{ inputs.registry }}" + run: | + server=${REGISTRY//https:/docker:} + if [[ "$server" != docker://* ]] ; then + server="docker://$server" + fi + for tag in ${{ inputs.tags }}; do + name="${server}/${{ inputs.path }}:${tag}" + printf "pushing image to %s" "$name" + skopeo copy -q -a --dest-precompute-digests ${{ inputs.image }} "$name" + done \ No newline at end of file diff --git a/.forgejo/workflows/workflows/container-build.yml b/.forgejo/workflows/workflows/container-build.yml new file mode 100644 index 0000000..fcc3d59 --- /dev/null +++ b/.forgejo/workflows/workflows/container-build.yml @@ -0,0 +1,65 @@ +on: + workflow_dispatch: + #push: + # branches: + # - stable + #schedule: + # - cron: "0 0 1 * *" + +jobs: + debian: + runs-on: private-vault + strategy: + matrix: + version: + - bookworm + steps: + - name: Fetch repo + uses: actions/checkout@v3 + - name: Container build + run: "./build_debian.sh ${{ matrix.version }}" + - uses: ./.forgejo/steps/push + with: + tags: ${{ matrix.version }}-${{ github.run_number }} + registry: ${{ github.server_url }} + path: ${{ github.repository_owner }}/debian + image: oci:debian:${{ matrix.version }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Cleanup + run: podman image prune -f + ubi: + runs-on: private-vault + strategy: + matrix: + version: + - 9 + steps: + - name: Fetch repo + uses: actions/checkout@v3 + - name: Container build + run: "./build_ubi.sh ${{ matrix.version }}" + - uses: ./.forgejo/steps/push + with: + tags: ${{ matrix.version }}-${{ github.run_number }} + registry: ${{ github.server_url }} + path: ${{ github.repository_owner }}/ubi + image: oci:ubi:${{ matrix.version }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Cleanup + run: podman image prune -f + archlinux: + runs-on: private-vault + steps: + - name: Fetch repo + uses: actions/checkout@v3 + - name: Container build + run: "./build_arch.sh" + - uses: ./.forgejo/steps/push + with: + tags: latest ${{ github.run_number }} + registry: ${{ github.server_url }} + path: ${{ github.repository_owner }}/archlinux + image: oci:archlinux + password: ${{ secrets.DOCKER_TOKEN }} + - name: Cleanup + run: podman image prune -f diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..89fea13 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +/debian +/ubi +/archlinux \ No newline at end of file diff --git a/.shellcheckrc b/.shellcheckrc new file mode 100644 index 0000000..256d0e6 --- /dev/null +++ b/.shellcheckrc @@ -0,0 +1 @@ +external-sources=true \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..a3773bf --- /dev/null +++ b/README.md @@ -0,0 +1,2 @@ +# Packagebuild + diff --git a/build_arch.sh b/build_arch.sh new file mode 100755 index 0000000..314d69f --- /dev/null +++ b/build_arch.sh @@ -0,0 +1,8 @@ +#!/bin/sh +. ./common.sh +set -e + +init_container "archlinux" "docker.io/archlinux" + +buildah run --user 0:0 "archlinux" pacman --noconfirm -Syu nodejs git base-devel +commit "archlinux" "oci:archlinux" diff --git a/build_debian.sh b/build_debian.sh new file mode 100755 index 0000000..955a01e --- /dev/null +++ b/build_debian.sh @@ -0,0 +1,22 @@ +#!/bin/sh +. ./common.sh +set -e +version="$1" +container="debian_${version}" + + +debian_install(){ + buildah run --user _apt --workdir /tmp "$1" curl -o package.deb "$2" + buildah run --user 0:0 "$1" apt install /tmp/package.deb +} + + +init_container "$container" "docker.io/debian:${version}" +debian_list=$(mktemp) +sed "s;VERSION;${version};g" repos/debian.list >"$debian_list" +buildah run --user 0:0 "$container" apt update +buildah run --user 0:0 "$container" apt install -y ca-certificates +buildah copy "$container" "$debian_list" /etc/apt/sources.list.d/eigene.list +buildah run --user 0:0 "$container" apt update +buildah run --user 0:0 "$container" apt install -y build-essential nodejs git +commit "$container" "oci:debian:${version}" diff --git a/build_ubi.sh b/build_ubi.sh new file mode 100755 index 0000000..3af8dc1 --- /dev/null +++ b/build_ubi.sh @@ -0,0 +1,23 @@ +#!/bin/sh +. ./common.sh +set -e +version="${1}" +container="ubi_${version}" + +add_repo(){ + container="$1" + forgejo="$2" + org="$3" + group="$4" + if [ -z "$group" ] ; then + group="rpm.repo" + else + group="rpm/${group}.repo" + fi + buildah run --user 0:0 "$container" dnf config-manager --add-repo "${forgejo}/api/packages/${org}/${group}" +} + + +init_container "$container" "registry.access.redhat.com/ubi${version}:latest" +buildah run --user 0:0 "$container" dnf install nodejs git rpm-build +commit "$container" "oci:ubi:$version" diff --git a/common.sh b/common.sh new file mode 100644 index 0000000..a4c11e9 --- /dev/null +++ b/common.sh @@ -0,0 +1,16 @@ +#!/bin/bash +empty_dir=$(mktemp -d) + +init_container () { + local container_name="$1" + local image="$2" + buildah from -v "$empty_dir":/tmp:slave -v "$empty_dir":/var/cache:slave -v "$empty_dir":/var/tmp:slave -v "$empty_dir":/var/log:slave --pull=newer --name="$container_name" "${image}" >/dev/null + buildah run --user 0:0 "$container_name" chmod -c 1777 /tmp /var/tmp + buildah run --user 0:0 "$container_name" touch /tmp/test +} + +commit(){ + buildah config -e - -l - -a - -p - "$1" + buildah config -e PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin" "$1" + buildah commit --rm -f oci --squash "$1" "$2" +} diff --git a/repos/debian.list b/repos/debian.list new file mode 100644 index 0000000..eb2c120 --- /dev/null +++ b/repos/debian.list @@ -0,0 +1 @@ +#deb https://gitea.sebastian-tobie.de/api/packages/packete/debian VERSION certs \ No newline at end of file