ci: Build container image

This image will be used to deploy the application on the Kubernetes cluster.
2022-08-01 18:29:08 -05:00 · 2022-08-01 18:29:08 -05:00 · 6443b64c02
parent 97f94450c5
commit 6443b64c02
10 changed files with 125 additions and 0 deletions
--- a/ci/Jenkinsfile
+++ b/ci/Jenkinsfile
@ -51,5 +51,21 @@ pipeline {
                }
            }
        }
+
+        stage('Build Container') {
+            steps {
+                container('podman') {
+                    sh '. ci/build-container.sh'
+                }
+            }
+        }
+
+        stage('Publish Container') {
+            steps {
+                container('podman') {
+                    sh '. ci/publish-container.sh'
+                }
+            }
+        }
    }
 }
--- a/ci/build-container.sh
+++ b/ci/build-container.sh
@ -0,0 +1,7 @@
+#!/bin/sh -ex
+
+. ci/container-common.sh
+
+cp -r svc/dist container/wheels
+cp -r ui/dist container/ui
+podman build -t hudctrl:$(tag_name ${BUILD_TAG}) container
--- a/ci/container-common.sh
+++ b/ci/container-common.sh
@ -0,0 +1,5 @@
+# shellcheck: shell=sh
+
+tag_name() {
+    echo "$1" | sed -e 's/[^a-zA-Z0-9._-]/-/g' -e 's/^[.-]/_/'
+}
--- a/ci/podTemplate.yaml
+++ b/ci/podTemplate.yaml
@ -25,3 +25,10 @@ spec:
    securityContext:
      readOnlyRootFilesystem: true
      runAsUser: 1000
+  - name: podman
+    image: quay.io/containers/podman:v3.4
+    command:
+    - sleep
+    - infinity
+    securityContext:
+      privileged: true
--- a/ci/publish-container.sh
+++ b/ci/publish-container.sh
@ -0,0 +1,17 @@
+#!/bin/sh -ex
+
+. ci/container-common.sh
+
+push() {
+    tag=$(tag_name "$1")
+    podman push hudctrl:$(tag_name ${BUILD_TAG}) registry.pyrocufflink.blue/hudctrl:${tag}
+}
+
+push ${BUILD_TAG}
+push ${BRANCH_NAME}
+if [ "${BRANCH_NAME}" = master ]; then
+    push latest
+fi
+if [ -n "${TAG_NAME}" ]; then
+    push "${TAG_NAME}"
+fi
--- a/container/.gitignore
+++ b/container/.gitignore
@ -0,0 +1,2 @@
+ui/
+wheels/
--- a/container/Containerfile
+++ b/container/Containerfile
@ -0,0 +1,19 @@
+FROM docker.io/python:3.10-slim AS build
+
+COPY wheels /tmp/wheels
+COPY requirements.txt /tmp
+RUN python -m venv /usr/local/hudctrl
+RUN /usr/local/hudctrl/bin/python -m \
+    pip install -f /tmp/wheels -r /tmp/requirements.txt
+
+COPY ui /usr/local/hudctrl/ui
+
+FROM docker.io/python:3.10-slim
+RUN apt-get update && \
+    apt-get install -y nginx tini && \
+    rm -rf /var/cache/apt /var/lib/apt
+COPY nginx.conf /etc/nginx/nginx.conf
+COPY --from=build /usr/local/hudctrl /usr/local/hudctrl
+COPY run.sh /
+
+CMD ["tini", "--", "/run.sh"] 
--- a/container/nginx.conf
+++ b/container/nginx.conf
@ -0,0 +1,42 @@
+# vim: set sw=4 ts=4 sts=4 et :
+
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+
+events {
+    worker_connections 768;
+}
+
+http {
+    sendfile on;
+    tcp_nopush on;
+    types_hash_max_size 2048;
+
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    access_log /dev/stderr;
+    error_log /var/log/nginx/error.log;
+
+    gzip on;
+
+    server {
+        listen 80 default_server;
+        listen [::]:80 default_server;
+        server_name _;
+
+        root /usr/local/hudctrl/ui;
+        index index.html;
+
+        location /api/ {
+            proxy_pass http://127.0.0.1:8000/;
+
+            real_ip_header X-Forwarded-For;
+            set_real_ip_from 0.0.0.0/0;
+            set_real_ip_from ::/0;
+            real_ip_recursive on;
+            proxy_set_header Host $proxy_host;
+        }
+    }
+}
--- a/container/requirements.txt
+++ b/container/requirements.txt
@ -0,0 +1,3 @@
+gunicorn
+hudctrl
+uvicorn
--- a/container/run.sh
+++ b/container/run.sh
@ -0,0 +1,7 @@
+#!/bin/sh
+# vim: set sw=4 ts=4 sts=4 et :
+
+nginx || exit $?
+exec /usr/local/hudctrl/bin/gunicorn \
+    -k uvicorn.workers.UvicornWorker \
+    hudctrl.api:app