dustin
/
sshca-cli
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ci: Build container image
dustin/sshca-cli/pipeline/pr-master Build started... Details
dustin/sshca-cli/pipeline/head This commit looks good Details 

In addition to building an RPM package for regular Fedora machines, we
now build a container image containing a statically-linked `sshca-cli`
executable.
dev/auto-reload
Dustin 2024-01-17 21:18:24 -06:00
parent 2b87aca9f1
commit 9679c78419
7 changed files with 143 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.containerignore Normal file
View File

@ -0,0 +1,4 @@
*
!src
!Cargo.lock
!Cargo.toml

18
Containerfile Normal file
View File

@ -0,0 +1,18 @@
FROM docker.io/library/rust:1.73-alpine AS build
COPY . /build
WORKDIR /build
RUN --mount=type=cache,target=/var/cache \
apk add --no-cache g++ \
&& :
RUN cargo build --release --no-default-features --features rustls \
&& strip target/release/sshca-cli
FROM scratch
COPY --from=build /build/target/release/sshca-cli /
ENTRYPOINT ["/sshca-cli"]

71
ci/Jenkinsfile vendored
View File

@ -2,7 +2,7 @@ pipeline {
agent none
stages {
stage('SSHCA CLI') {
stage('RPM') {
matrix {
axes {
axis {
@ -16,7 +16,7 @@ pipeline {
}
stages {
stage('CLI') {
stage('Build RPM') {
agent {
kubernetes {
yamlFile 'ci/podTemplate.yaml'
@ -79,8 +79,73 @@ pipeline {
}
}
}
}
}
stage('Build Container') {
matrix {
axes {
axis {
name 'ARCH'
values 'amd64', 'arm64'
}
}
stages {
stage('Container') {
agent {
kubernetes {
yamlFile 'ci/podTemplate-container.yaml'
yamlMergeStrategy merge()
defaultContainer 'buildah'
nodeSelector "kubernetes.io/arch=${ARCH}"
}
}
stages {
stage('Build') {
steps {
sh '. ci/build-container.sh'
stash name: env.ARCH, includes: "*.oci.tar"
}
}
}
}
}
}
}
stage('Publish Container') {
agent {
kubernetes {
yamlFile 'ci/podTemplate-container.yaml'
yamlMergeStrategy merge()
defaultContainer 'buildah'
}
}
environment {
REGISTRY_AUTH_FILE = "${env.WORKSPACE_TMP}/auth.json"
}
steps {
unstash 'amd64'
unstash 'arm64'
withCredentials([usernamePassword(
credentialsId: 'jenkins-packages',
usernameVariable: 'BUILDAH_USERNAME',
passwordVariable: 'BUILDAH_PASSWORD',
)]) {
sh """
buildah login \
--username \${BUILDAH_USERNAME} \
--password \${BUILDAH_PASSWORD} \
git.pyrocufflink.net
"""
}
sh '. ci/publish-container.sh'
}
}
}
}

6
ci/build-container.sh Normal file
View File

@ -0,0 +1,6 @@
. ci/common.sh
buildah build -t "${IMAGE_NAME}:${TAG}" .
buildah push \
"${IMAGE_NAME}:${TAG}" \
oci-archive:"${PWD}/${NAME}-${ARCH}.oci.tar:${IMAGE_NAME}:${TAG}"

13
ci/common.sh Normal file
View File

@ -0,0 +1,13 @@
escape_name() {
echo "$1" \
| tr A-Z a-z \
| sed -e 's/[^a-zA-Z0-9._-]/-/g' -e 's/^[.-]/_/'
}
REGISTRY_URL=git.pyrocufflink.net
NAMESPACE=containerimages
NAME="${JOB_NAME#*/}"
NAME=$(escape_name "${NAME%/*}")
TAG=$(escape_name "${BRANCH_NAME}")
IMAGE_NAME="${REGISTRY_URL}/${NAMESPACE}/${NAME}"

19
ci/podTemplate-container.yaml Normal file
View File

@ -0,0 +1,19 @@
spec:
containers:
- name: buildah
image: quay.io/containers/buildah:v1
command:
- cat
stdin: true
tty: true
securityContext:
capabilities:
add:
- SYS_ADMIN
- MKNOD
- SYS_CHROOT
- SETFCAP
resources:
limits:
github.com/fuse: 1
hostUsers: false

15
ci/publish-container.sh Normal file
View File

@ -0,0 +1,15 @@
. ci/common.sh
buildah manifest create "${IMAGE_NAME}:${TAG}"
for arch in amd64 arm64; do
buildah manifest add "${IMAGE_NAME}:${TAG}" \
oci-archive:"${PWD}/${NAME}-${arch}.oci.tar:${IMAGE_NAME}:${TAG}"
done
buildah manifest push --all "${IMAGE_NAME}:${TAG}" \
"docker://${IMAGE_NAME}:${TAG}-${BUILD_NUMBER}"
buildah manifest push "${IMAGE_NAME}:${TAG}" "docker://${IMAGE_NAME}:${TAG}"
if [ ${BRANCH_NAME} = master ]; then
buildah manifest push "${IMAGE_NAME}:${TAG}" \
"docker://${IMAGE_NAME}:latest"
fi