ratigorsk/podman-in-docker
2
0
Fork 0
Code Actions Packages Activity

Merge pull request #4 from JamesJonesConsulting/develop
Some checks failed
Build podman-dind-like / build-and-push (GITHUB_TOKEN, HOME_NEXUS_DOCKER_PASSWORD, NEXUS_DOCKER_USER, ghcr.io, $NEXUS_PROXY_REGISTRY, GITHUB_DOCKER_USER) (push) Has been cancelled
Details
Build podman-dind-like / build-and-push (HOME_NEXUS_DOCKER_PASSWORD, HOME_NEXUS_DOCKER_PASSWORD, NEXUS_DOCKER_USER, nexus.jamesjonesconsulting.com:5443, $NEXUS_PROXY_REGISTRY, NEXUS_DOCKER_USER) (push) Has been cancelled
Details

Browse Source 
Reworking the pipeline to use Nexus as the proxy source for the podman container
This commit is contained in:
James Jones
2023-02-19 20:00:05 -05:00
committed by GitHub
parent f15c3e6da6 2a7b12e716
commit 8a57e7aa46
4 changed files with 63 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
.github/workflows/build.yml vendored
View File

@@ -17,25 +17,36 @@ on:
env: env:
GITHUB_DOCKER_USER: ${{ github.actor }} GITHUB_DOCKER_USER: ${{ github.actor }}
NEXUS_DOCKER_USER: ${{ secrets.HOME_NEXUS_DOCKER_USER }} NEXUS_DOCKER_USER: ${{ secrets.HOME_NEXUS_DOCKER_USER }}
NEXUS_PROXY_REGISTRY: nexus.jamesjonesconsulting.com:5444
jobs: jobs:
build-and-push: build-and-push:
runs-on: self-hosted runs-on: [ self-hosted, medium, build ]
container: container:
image: quay.io/podman/stable:latest image: nexus.jamesjonesconsulting.com:5444/podman/stable:latest
options: --userns=keep-id --privileged --user root # image: quay.io/podman/stable:latest
options: --userns=keep-id --group-add keep-groups --privileged --user root
credentials:
username: ${{ secrets.HOME_NEXUS_DOCKER_USER }}
password: ${{ secrets.HOME_NEXUS_DOCKER_PASSWORD }}
strategy: strategy:
fail-fast: false fail-fast: false
max-parallel: 2 max-parallel: 2
matrix: matrix:
registry: [ 'ghcr.io', 'nexus.jamjon3.sytes.net:5443' ] registry: [ 'ghcr.io', 'nexus.jamesjonesconsulting.com:5443' ]
include: include:
- registry: ghcr.io - registry: ghcr.io
user: GITHUB_DOCKER_USER user: GITHUB_DOCKER_USER
password: GITHUB_TOKEN password: GITHUB_TOKEN
- registry: nexus.jamjon3.sytes.net:5443 registry_proxy: $NEXUS_PROXY_REGISTRY
proxy_user: NEXUS_DOCKER_USER
proxy_password: HOME_NEXUS_DOCKER_PASSWORD
- registry: nexus.jamesjonesconsulting.com:5443
user: NEXUS_DOCKER_USER user: NEXUS_DOCKER_USER
password: HOME_NEXUS_DOCKER_PASSWORD password: HOME_NEXUS_DOCKER_PASSWORD
registry_proxy: $NEXUS_PROXY_REGISTRY
proxy_user: NEXUS_DOCKER_USER
proxy_password: HOME_NEXUS_DOCKER_PASSWORD
steps: steps:
# Downloads a copy of the code in your repository before running CI tests # Downloads a copy of the code in your repository before running CI tests
- name: Check out repository code - name: Check out repository code
@@ -49,6 +60,12 @@ jobs:
login-server: ${{ matrix.registry }} login-server: ${{ matrix.registry }}
username: ${{ env[matrix.user] }} username: ${{ env[matrix.user] }}
password: ${{ secrets[matrix.password] }} password: ${{ secrets[matrix.password] }}
- name: Docker Login
uses: azure/docker-login@v1
with:
login-server: ${{ matrix.registry_proxy }}
username: ${{ env[matrix.proxy_user] }}
password: ${{ secrets[matrix.proxy_password] }}
# This requires docker buildx which podman doesn't support # This requires docker buildx which podman doesn't support
# - name: Extract metadata (tags, labels) for Docker # - name: Extract metadata (tags, labels) for Docker
# id: meta # id: meta
@@ -70,7 +87,7 @@ jobs:
else else
VERSION=$(echo "${GITHUB_REF_NAME}" | sed 's|/|-|g') VERSION=$(echo "${GITHUB_REF_NAME}" | sed 's|/|-|g')
fi fi
podman build . --file Dockerfile --tag "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" podman build . --file Dockerfile --tag "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" --build-arg ARTIFACTORY=${{ matrix.registry_proxy }}
podman push "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" podman push "${{ matrix.registry }}/$IMAGE_NAME:$VERSION"
if [[ "$GITHUB_REF" =~ ^refs/tags.* ]]; then if [[ "$GITHUB_REF" =~ ^refs/tags.* ]]; then
podman tag "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" "${{ matrix.registry }}/$IMAGE_NAME:latest" podman tag "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" "${{ matrix.registry }}/$IMAGE_NAME:latest"

43
.gitlab-ci.yml
View File

@@ -1,32 +1,59 @@
stages: stages:
- dind-build - dind-build
before_script: .base:
# See https://gitlab.com/gitlab-org/cluster-integration/cluster-applications/
variables:
DOCKER_AUTH_CONFIG: ${HOME_NEXUS_DOCKER_AUTH_CONFIG}
image: "$HOME_NEXUS_DOCKER_REGISTRY_SHARED/podman/stable:latest"
parallel:
matrix:
- REGISTRY_USER: $CI_REGISTRY_USER
REGISTRY_PASSWORD: $CI_REGISTRY_PASSWORD
REGISTRY: $CI_REGISTRY
REGISTRY_IMAGE: $CI_REGISTRY_IMAGE
- REGISTRY_USER: $HOME_NEXUS_DOCKER_USER
REGISTRY_PASSWORD: $HOME_NEXUS_DOCKER_PASSWORD
REGISTRY: $HOME_NEXUS_DOCKER_REGISTRY
REGISTRY_IMAGE: $HOME_NEXUS_DOCKER_REGISTRY/$CI_PROJECT_PATH
.shared_resources:
script: &build_push
- docker login -u "$REGISTRY_USER" -p "$REGISTRY_PASSWORD" $REGISTRY
- export REGISTRY_IMAGE_LOWER=$(echo "$REGISTRY_IMAGE" | tr '[:upper:]' '[:lower:]')
- docker build --pull -t "$REGISTRY_IMAGE_LOWER:$IMAGE_TAG" --build-arg ARTIFACTORY=$HOME_NEXUS_DOCKER_REGISTRY_SHARED .
- docker push "$REGISTRY_IMAGE_LOWER:$IMAGE_TAG"
before_script: &before_auth
- dnf install -y podman-docker - dnf install -y podman-docker
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY - docker login -u "$HOME_NEXUS_DOCKER_USER" -p "$HOME_NEXUS_DOCKER_PASSWORD" $HOME_NEXUS_DOCKER_REGISTRY_SHARED
build:prereleases: build:prereleases:
stage: dind-build stage: dind-build
extends: .base
tags: tags:
- big-build - big-build
before_script:
- *before_auth
script: script:
- export IMAGE_TAG=$(echo -en $CI_COMMIT_REF_NAME | sed 's|/|-|g') - export IMAGE_TAG=$(echo -en $CI_COMMIT_REF_NAME | sed 's|/|-|g')
- docker build --pull -t "$CI_REGISTRY_IMAGE:$IMAGE_TAG" . - *build_push
- docker push "$CI_REGISTRY_IMAGE:$IMAGE_TAG"
only: only:
- branches - branches
except: except:
- main - main
build:releases: build:releases:
extends: .base
stage: dind-build stage: dind-build
tags: tags:
- big-build - big-build
before_script:
- *before_auth
script: script:
- docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG" . - export IMAGE_TAG=$CI_COMMIT_TAG
- docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG" - *build_push
- docker tag "$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG" "$CI_REGISTRY_IMAGE:latest" - docker tag "$REGISTRY_IMAGE_LOWER:$IMAGE_TAG" "$REGISTRY_IMAGE_LOWER:latest"
- docker push "$CI_REGISTRY_IMAGE:latest" - docker push "$REGISTRY_IMAGE_LOWER:latest"
only: only:
- tags - tags

5
Dockerfile
View File

@@ -1,9 +1,10 @@
FROM quay.io/podman/stable:latest ARG ARTIFACTORY
FROM ${ARTIFACTORY}/podman/stable:latest
# Adding on the docker alias, docker-compose and other useful stuff # Adding on the docker alias, docker-compose and other useful stuff
RUN dnf install -y podman-docker buildah skopeo docker-compose \ RUN dnf install -y podman-docker buildah skopeo docker-compose \
util-linux ansible-core openssh-clients krb5-devel krb5-libs krb5-workstation git jq unzip coreutils \ util-linux ansible-core openssh-clients krb5-devel krb5-libs krb5-workstation git jq unzip coreutils \
helm doctl kubernetes-client gnupg2 pinentry expect helm doctl kubernetes-client gnupg2 pinentry expect gh awscli
# Adding the Azure CLI # Adding the Azure CLI
RUN rpm --import https://packages.microsoft.com/keys/microsoft.asc \ RUN rpm --import https://packages.microsoft.com/keys/microsoft.asc \

2
rpm-sign-expect
View File

@@ -7,7 +7,7 @@ set name [lindex $argv 3]
### rpm-sign-expect -- Sign RPMs by sending passphrase and other elements ### rpm-sign-expect -- Sign RPMs by sending passphrase and other elements
spawn rpm --define "_gpg_name $name <$email>" --addsign $rpm spawn rpm --define {"_gpg_name $name <$email>"} --addsign $rpm
expect -exact "Enter pass phrase: " expect -exact "Enter pass phrase: "
send -- "$passphrase\r" send -- "$passphrase\r"
expect eof expect eof