diff --git a/.containerignore b/.containerignore new file mode 100644 index 0000000..bc0e1f0 --- /dev/null +++ b/.containerignore @@ -0,0 +1,4 @@ +* +!src +!Cargo.toml +!Cargo.lock diff --git a/Containerfile b/Containerfile new file mode 100644 index 0000000..a561900 --- /dev/null +++ b/Containerfile @@ -0,0 +1,25 @@ +FROM registry.fedoraproject.org/fedora-minimal:39 AS build + +RUN --mount=type=cache,target=/var/cache \ + microdnf install -y \ + --setopt install_weak_deps=0 \ + cargo\ + && : + +COPY . /src + +WORKDIR /src + +RUN cargo build --release --locked + + +FROM registry.fedoraproject.org/fedora-minimal:39 + +COPY --from=build /src/target/release/tmpl /usr/local/bin + +ENTRYPOINT ["/usr/local/bin/tmpl"] + +LABEL name='tmpl' \ + vendor='Dustin C. Hatch' \ + license='MIT OR APACHE-2.0' \ + version='0.1.0' diff --git a/ci/Jenkinsfile b/ci/Jenkinsfile new file mode 100644 index 0000000..2f9205b --- /dev/null +++ b/ci/Jenkinsfile @@ -0,0 +1,70 @@ +pipeline { + agent none + + stages { + stage('Build') { + matrix { + axes { + axis { + name 'ARCH' + values 'amd64', 'arm64' + } + } + + stages { + stage('Build') { + agent { + kubernetes { + yamlFile 'ci/podTemplate.yaml' + yamlMergeStrategy merge() + defaultContainer 'buildah' + nodeSelector "kubernetes.io/arch=${ARCH}" + } + } + + stages { + stage("Build") { + steps { + sh '. ci/build.sh' + stash name: env.ARCH, includes: "*.oci.tar" + } + } + } + } + } + } + } + + stage('Publish') { + agent { + kubernetes { + yamlFile 'ci/podTemplate.yaml' + yamlMergeStrategy merge() + defaultContainer 'buildah' + } + } + + environment { + REGISTRY_AUTH_FILE = "${env.WORKSPACE_TMP}/auth.json" + } + + steps { + unstash 'amd64' + unstash 'arm64' + withCredentials([usernamePassword( + credentialsId: 'jenkins-packages', + usernameVariable: 'BUILDAH_USERNAME', + passwordVariable: 'BUILDAH_PASSWORD', + )]) { + sh """ + buildah login \ + --username \${BUILDAH_USERNAME} \ + --password \${BUILDAH_PASSWORD} \ + git.pyrocufflink.net + """ + } + sh '. ci/publish.sh' + } + } + } +} diff --git a/ci/build.sh b/ci/build.sh new file mode 100644 index 0000000..5e1315e --- /dev/null +++ b/ci/build.sh @@ -0,0 +1,6 @@ +. ci/common.sh + +buildah build -t "${IMAGE_NAME}:${TAG}" . +buildah push \ + "${IMAGE_NAME}:${TAG}" \ + oci-archive:"${PWD}/${NAME}-${ARCH}.oci.tar:${IMAGE_NAME}:${TAG}" diff --git a/ci/common.sh b/ci/common.sh new file mode 100644 index 0000000..060e8cb --- /dev/null +++ b/ci/common.sh @@ -0,0 +1,13 @@ +escape_name() { + echo "$1" \ + | tr A-Z a-z \ + | sed -e 's/[^a-zA-Z0-9._-]/-/g' -e 's/^[.-]/_/' +} + +REGISTRY_URL=git.pyrocufflink.net +NAMESPACE=containerimages +NAME="${JOB_NAME#*/}" +NAME=$(escape_name "${NAME%/*}") +TAG=$(escape_name "${BRANCH_NAME}") + +IMAGE_NAME="${REGISTRY_URL}/${NAMESPACE}/${NAME}" diff --git a/ci/podTemplate.yaml b/ci/podTemplate.yaml new file mode 100644 index 0000000..5da469f --- /dev/null +++ b/ci/podTemplate.yaml @@ -0,0 +1,19 @@ +spec: + containers: + - name: buildah + image: quay.io/containers/buildah:v1 + command: + - cat + stdin: true + tty: true + securityContext: + capabilities: + add: + - SYS_ADMIN + - MKNOD + - SYS_CHROOT + - SETFCAP + resources: + limits: + github.com/fuse: 1 + hostUsers: false diff --git a/ci/publish.sh b/ci/publish.sh new file mode 100644 index 0000000..5e69dd7 --- /dev/null +++ b/ci/publish.sh @@ -0,0 +1,15 @@ +. ci/common.sh + +buildah manifest create "${IMAGE_NAME}:${TAG}" +for arch in amd64 arm64; do + buildah manifest add "${IMAGE_NAME}:${TAG}" \ + oci-archive:"${PWD}/${NAME}-${arch}.oci.tar:${IMAGE_NAME}:${TAG}" +done + +buildah manifest push --all "${IMAGE_NAME}:${TAG}" \ + "docker://${IMAGE_NAME}:${TAG}-${BUILD_NUMBER}" +buildah manifest push "${IMAGE_NAME}:${TAG}" "docker://${IMAGE_NAME}:${TAG}" +if [ ${BRANCH_NAME} = master ]; then + buildah manifest push "${IMAGE_NAME}:${TAG}" \ + "docker://${IMAGE_NAME}:latest" +fi