From d9bb74140213aae8d4098234f3883871e45069b1 Mon Sep 17 00:00:00 2001 From: Faustin Lammler Date: Mon, 5 Sep 2022 17:15:05 +0200 Subject: [PATCH] Build a container for CI usage The purpose of this is to build a container image to be usable in CI context. TODO: - decide which registry to use - add secrets of the registry - implement tags/versions --- .github/workflows/container.yml | 72 +++++++++++++++++++++++++++++++++ .hadolint.yaml | 3 ++ Dockerfile | 18 +++++++++ 3 files changed, 93 insertions(+) create mode 100644 .github/workflows/container.yml create mode 100644 .hadolint.yaml create mode 100644 Dockerfile diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml new file mode 100644 index 0000000..afe8b1a --- /dev/null +++ b/.github/workflows/container.yml @@ -0,0 +1,72 @@ +--- +name: build container + +on: + push: + paths: + - .github/workflows/container.yml + - Dockerfile + - gnitpick.py + pull_request: + paths: + - .github/workflows/container.yml + - Dockerfile + - gnitpick.py + +jobs: + build: + runs-on: ubuntu-latest + services: + registry: + image: registry:2 + ports: + - 5000:5000 + env: + DEPLOY_IMAGES: false + + steps: + - uses: actions/checkout@v2 + - name: Check Dockerfile with hadolint + run: | + docker run -i -v $(pwd):/mnt -w /mnt hadolint/hadolint:latest hadolint /mnt/Dockerfile + - name: Build image + uses: docker/build-push-action@v2 + with: + context: . + push: true + tags: localhost:5000/test/gnitpick:latest + - name: Check container + run: | + docker run -i -v $(pwd):/mnt -w /mnt localhost:5000/test/gnitpick:latest gnitpick -h + - name: Check for registry credentials + if: > + github.ref == 'refs/heads/master' && + github.repository == 'Seravo/gnitpick' + run: | + missing=() + [[ -n "${{ secrets.REGISTRY_USER }}" ]] || missing+=(REGISTRY_USER) + [[ -n "${{ secrets.REGISTRY_TOKEN }}" ]] || missing+=(REGISTRY_TOKEN) + for i in "${missing[@]}"; do + echo "Missing github secret: $i" + done + if (( ${#missing[@]} == 0 )); then + echo "DEPLOY_IMAGES=true" >> $GITHUB_ENV + else + echo "Not pushing images to registry" + fi + - name: Login to registry + if: ${{ env.DEPLOY_IMAGES == 'true' }} + uses: docker/login-action@v1 + with: + registry: registry.com + username: ${{ secrets.REGISTRY_USER }} + password: ${{ secrets.REGISTRY_TOKEN }} + - name: Push images to registry + if: ${{ env.DEPLOY_IMAGES == 'true' }} + run: | + msg="Push docker image to registry" + line="${msg//?/=}" + printf "\n${line}\n${msg}\n${line}\n" + skopeo copy --all --src-tls-verify=0 \ + docker://localhost:5000/test/gnitpick:latest \ + docker://registry.com/Seravo/gnitpick:latest diff --git a/.hadolint.yaml b/.hadolint.yaml new file mode 100644 index 0000000..22537ae --- /dev/null +++ b/.hadolint.yaml @@ -0,0 +1,3 @@ +--- +ignored: + - DL3008 diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..490e719 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,18 @@ +FROM debian:11-slim + +RUN set -eux \ + && apt-get update \ + && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ + ca-certificates \ + curl \ + git \ + python3-minimal \ + && rm -rf /var/lib/apt/lists/* \ + /var/cache/debconf/* \ + && apt-get clean + +COPY gnitpick.py /usr/bin/gnitpick + +RUN chmod +x /usr/bin/gnitpick + +CMD ["/usr/bin/gnitpick"]