dustin
/
sshca-cli
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ci: Build container image
dustin/sshca-cli/pipeline/pr-master Something is wrong with the build of this commit Details 

In addition to building an RPM package for regular Fedora machines, we
now build a container image containing a statically-linked `sshca-cli`
executable.
Dustin 2024-01-17 21:18:24 -06:00
parent 2b87aca9f1
commit 0fccb1005e
7 changed files with 108 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.containerignore Normal file
View File

@ -0,0 +1,4 @@
*
!src
!Cargo.lock
!Cargo.toml

18
Containerfile Normal file
View File

@ -0,0 +1,18 @@
FROM docker.io/library/rust:1.73-alpine AS build
COPY . /build
WORKDIR /build
RUN --mount=type=cache,target=/var/cache \
apk add --no-cache g++ \
&& :
RUN cargo build --release --no-default-features --features rustls \
&& strip target/release/sshca-cli
FROM scratch
COPY --from=build /build/target/release/sshca-cli /
ENTRYPOINT ["/sshca-cli"]

48
ci/Jenkinsfile vendored
View File

@ -16,7 +16,7 @@ pipeline {
} }
stages { stages {
stage('CLI') { stage('RPM') {
agent { agent {
kubernetes { kubernetes {
yamlFile 'ci/podTemplate.yaml' yamlFile 'ci/podTemplate.yaml'
@ -78,6 +78,52 @@ pipeline {
} }
} }
} }
stage('Container') {
agent {
kubernetes {
yamlFile 'ci/podTemplate.yaml'
yamlMergeStrategy merge()
defaultContainer 'buildah'
nodeSelector "kubernetes.io/arch=${ARCH}"
}
}
stages {
stage('Build') {
steps {
sh '. ci/build-container.sh'
}
post {
success {
archiveArtifacts "${ARCH}/*"
}
}
}
stage('Publish') {
environment {
REGISTRY_AUTH_FILE = "${env.WORKSPACE_TMP}/auth.json"
}
steps {
withCredentials([usernamePassword(
credentialsId: 'jenkins-packages',
usernameVariable: 'BUILDAH_USERNAME',
passwordVariable: 'BUILDAH_PASSWORD',
)]) {
sh """
buildah login \
--username \${BUILDAH_USERNAME} \
--password \${BUILDAH_PASSWORD} \
git.pyrocufflink.net
"""
}
sh '. ci/publish-container.sh'
}
}
}
}
} }
} }

3
ci/build-container.sh Normal file
View File

@ -0,0 +1,3 @@
. ci/common.sh
buildah build -t "${IMAGE_NAME}:${TAG}" .

13
ci/common.sh Normal file
View File

@ -0,0 +1,13 @@
escape_name() {
echo "$1" \
| tr A-Z a-z \
| sed -e 's/[^a-zA-Z0-9._-]/-/g' -e 's/^[.-]/_/'
}
REGISTRY_URL=git.pyrocufflink.net
NAMESPACE=containerimages
NAME="${JOB_NAME#*/}"
NAME=$(escape_name "${NAME%/*}")
TAG=$(escape_name "${BRANCH_NAME}")
IMAGE_NAME="${REGISTRY_URL}/${NAMESPACE}/${NAME}"

16
ci/podTemplate.yaml
View File

@ -12,6 +12,22 @@ spec:
- mountPath: /etc/ssh/ssh_known_hosts - mountPath: /etc/ssh/ssh_known_hosts
name: ssh-known-hosts name: ssh-known-hosts
subPath: ssh_known_hosts subPath: ssh_known_hosts
- name: buildah
image: quay.io/containers/buildah:v1
command:
- cat
stdin: true
tty: true
securityContext:
capabilities:
add:
- SYS_ADMIN
- MKNOD
- SYS_CHROOT
- SETFCAP
resources:
limits:
github.com/fuse: 1
hostUsers: false hostUsers: false
volumes: volumes:
- name: ssh-known-hosts - name: ssh-known-hosts

7
ci/publish-container.sh Normal file
View File

@ -0,0 +1,7 @@
. ci/common.sh
buildah push "${IMAGE_NAME}:${TAG}"
buildah push "${IMAGE_NAME}:${TAG}" "${IMAGE_NAME}:${TAG}-${BUILD_NUMBER}"
if [ ${BRANCH_NAME} = master ]; then
buildah push "${IMAGE_NAME}:${TAG}" "${IMAGE_NAME}:latest"
fi