From da4a397fc0648e1f62e9d99ce8cf40eb7d878ccb Mon Sep 17 00:00:00 2001 From: Franck Nijhof Date: Fri, 6 Jul 2018 20:53:14 +0200 Subject: [PATCH] :rocket: Improves the build system (#23) * :rocket: Improves the build system * :arrow_up: Upgrades Hadolint to latest * :shirt: Fixes Hadolint warnings * :ambulance: Fixes the incorrect shell * :shirt: Fixes hadolint warnings * :shirt: Fixes hadolint warnings * :ambulance: Temporary work around for hadolint/hadolint#234 * :shirt: Fixes yamllint warnings --- .gitlab-ci.yml | 241 ++++++++++++++++++++++++++++++++++-------------- .hadolint.yaml | 3 + base/Dockerfile | 22 ++--- 3 files changed, 184 insertions(+), 82 deletions(-) create mode 100644 .hadolint.yaml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6acc785..75d3a99 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ --- -image: docker:stable +image: docker:latest variables: ADDON_GITHUB_REPO: hassio-addons/addon-base @@ -13,12 +13,12 @@ stages: - build - scan - deploy + - manifest # Generic DIND template .dind: &dind before_script: - docker info - - docker login -u gitlab-ci-token -p "${CI_JOB_TOKEN}" registry.gitlab.com services: - name: docker:dind command: ["--experimental"] @@ -33,33 +33,43 @@ stages: .build: &build <<: *dind stage: build - script: + before_script: + - docker info + - | + echo "${CI_JOB_TOKEN}" | docker login \ + --username gitlab-ci-token \ + --password-stdin \ + registry.gitlab.com + - docker pull "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:cache" || true + - | + if [ "$(apk --print-arch)" = "amd64" ]; then + docker run --rm --privileged hassioaddons/qemu-user-static:latest + fi - apk --no-cache add curl + script: - | - curl -L -s \ - "https://github.com/hassio-addons/qemu-user-static/releases/download/v2.12.0/qemu-aarch64-static.tar.gz" | \ - tar zxvf - -C ./base/rootfs/usr/bin/ + if [ "$(apk --print-arch)" = "aarch64" ]; then + curl -L -s \ + "https://github.com/hassio-addons/qemu-user-static/releases/download/v2.12.0/qemu-aarch64-static.tar.gz" | \ + tar zxvf - -C ./base/rootfs/usr/bin/ + fi - | - curl -L -s \ - "https://github.com/hassio-addons/qemu-user-static/releases/download/v2.12.0/qemu-arm-static.tar.gz" | \ - tar zxvf - -C ./base/rootfs/usr/bin/ + if [ "$(apk --print-arch)" = "armhf" ]; then + curl -L -s \ + "https://github.com/hassio-addons/qemu-user-static/releases/download/v2.12.0/qemu-arm-static.tar.gz" | \ + tar zxvf - -C ./base/rootfs/usr/bin/ + fi - | - docker run \ - --privileged \ - --volume /var/run/docker.sock:/var/run/docker.sock \ - --volume "$PWD":/docker \ - hassioaddons/build-env:latest \ - --image "addon" \ - --no-cache \ - --git-url "https://github.com/${ADDON_GITHUB_REPO}" \ - --target "${ADDON_TARGET}" \ - --tag-latest \ - --git \ - --${ADDON_ARCH} - - | - docker tag \ - "addon:latest" \ - "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" + docker build \ + --build-arg "BUILD_FROM=${FROM}" \ + --build-arg "BUILD_DATE=$(date +"%Y-%m-%dT%H:%M:%SZ")" \ + --build-arg "BUILD_ARCH=${ADDON_ARCH}" \ + --build-arg "BUILD_REF=${CI_COMMIT_SHA}" \ + --build-arg "BUILD_VERSION=${CI_COMMIT_TAG:-${CI_COMMIT_SHA:0:7}}" \ + --cache-from "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:cache" \ + --tag \ + "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" \ + "${ADDON_TARGET}" - | docker push \ "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" @@ -113,44 +123,109 @@ stages: <<: *dind stage: deploy before_script: - - apk --no-cache add curl - docker info - - docker login -u gitlab-ci-token -p "${CI_JOB_TOKEN}" registry.gitlab.com - docker pull "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" - - docker pull hassioaddons/build-env:latest - | - curl -L -s \ - "https://github.com/hassio-addons/qemu-user-static/releases/download/v2.12.0/qemu-aarch64-static.tar.gz" | \ - tar zxvf - -C ./base/rootfs/usr/bin/ + echo "${CI_JOB_TOKEN}" | docker login \ + --username gitlab-ci-token \ + --password-stdin \ + registry.gitlab.com - | - curl -L -s \ - "https://github.com/hassio-addons/qemu-user-static/releases/download/v2.12.0/qemu-arm-static.tar.gz" | \ - tar zxvf - -C ./base/rootfs/usr/bin/ + echo "${DOCKER_PASSWORD}" | docker login \ + --username "${DOCKER_LOGIN}" \ + --password-stdin script: - | - docker run \ - --privileged \ - --volume /var/run/docker.sock:/var/run/docker.sock \ - --volume "$PWD":/docker \ - hassioaddons/build-env:latest \ - --image "${DOCKER_HUB_ORG}/${ADDON_SLUG}-${ADDON_ARCH}" \ - --cache-from "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}" \ - --cache-tag "${CI_COMMIT_SHA}" \ - --git-url "https://github.com/${ADDON_GITHUB_REPO}" \ - --target "${ADDON_TARGET}" \ - --login "${DOCKER_LOGIN}" \ - --password "${DOCKER_PASSWORD}" \ - --git \ - --push \ - --squash \ - --${ADDON_ARCH} + docker tag \ + "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" \ + "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:cache" + - docker push "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:cache" + - TAG="${CI_COMMIT_TAG#v}" + - TAG="${TAG:-${CI_COMMIT_SHA:0:7}}" + - | + docker tag \ + "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${ADDON_ARCH}-${TAG}" + - | + docker push \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${ADDON_ARCH}-${TAG}" + - | + docker tag \ + "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}-${ADDON_ARCH}:${TAG}" + - | + docker push \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}-${ADDON_ARCH}:${TAG}" tags: - deploy + only: + - master + - /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/ + except: + - /^(?!master).+@/ + +# Generic manifest template +.manifest: &manifest + <<: *dind + stage: manifest + before_script: + - mkdir -p ~/.docker + - echo '{"experimental":"enabled"}' > ~/.docker/config.json + - docker info + - | + echo "${DOCKER_PASSWORD}" | docker login \ + --username "${DOCKER_LOGIN}" \ + --password-stdin + script: + - TAG="${TAG#v}" + - TAG="${TAG:-${CI_COMMIT_SHA:0:7}}" + - REF="${CI_COMMIT_TAG#v}" + - REF="${REF:-${CI_COMMIT_SHA:0:7}}" + - | + docker manifest create \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:aarch64-${REF}" \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:amd64-${REF}" \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:armhf-${REF}" \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:i386-${REF}" + - | + docker manifest annotate \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:aarch64-${REF}" \ + --os=linux \ + --arch=arm64 \ + --variant=v8 + - | + docker manifest annotate \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:amd64-${REF}" \ + --os=linux \ + --arch=amd64 + - | + docker manifest annotate \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:armhf-${REF}" \ + --os=linux \ + --arch=arm \ + --variant=v6 + - | + docker manifest annotate \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:i386-${REF}" \ + --os=linux \ + --arch=386 + - | + docker manifest push \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" + tags: + - manifest + except: + - /^(?!master).+@/ # Preflight jobs hadolint: <<: *preflight - image: hadolint/hadolint:v1.6.6 + image: hadolint/hadolint:latest-debian before_script: - hadolint --version script: @@ -222,21 +297,37 @@ build:armhf: <<: *build variables: ADDON_ARCH: armhf + FROM: arm32v6/alpine:3.8 + tags: + - build + - armhf build:aarch64: <<: *build variables: ADDON_ARCH: aarch64 + FROM: arm64v8/alpine:3.8 + tags: + - build + - aarch64 build:i386: <<: *build variables: ADDON_ARCH: i386 + FROM: i386/alpine:3.8 + tags: + - build + - i386 build:amd64: <<: *build variables: ADDON_ARCH: amd64 + FROM: amd64/alpine:3.8 + tags: + - build + - amd64 # Scan jobs clair:armhf: @@ -264,38 +355,52 @@ deploy:armhf: <<: *deploy variables: ADDON_ARCH: armhf - only: - - master - - /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/ - except: - - /^(?!master).+@/ deploy:aarch64: <<: *deploy variables: ADDON_ARCH: aarch64 - only: - - master - - /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/ - except: - - /^(?!master).+@/ deploy:i386: <<: *deploy variables: ADDON_ARCH: i386 - only: - - master - - /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/ - except: - - /^(?!master).+@/ deploy:amd64: <<: *deploy variables: ADDON_ARCH: amd64 + +# Manifest jobs +manifest:sha: + <<: *manifest only: - master + +manifest:version: + <<: *manifest + variables: + TAG: "${CI_COMMIT_TAG}" + only: - /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/ - except: - - /^(?!master).+@/ + +manifest:stable: + <<: *manifest + variables: + TAG: latest + only: + - /^v\d+\.\d+\.\d+(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?$/ + +manifest:beta: + <<: *manifest + variables: + TAG: beta + only: + - /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/ + +manifest:edge: + <<: *manifest + variables: + TAG: edge + only: + - master diff --git a/.hadolint.yaml b/.hadolint.yaml new file mode 100644 index 0000000..ef344ec --- /dev/null +++ b/.hadolint.yaml @@ -0,0 +1,3 @@ +--- +ignored: + - SC2187 diff --git a/base/Dockerfile b/base/Dockerfile index b8b907a..4073de6 100644 --- a/base/Dockerfile +++ b/base/Dockerfile @@ -14,10 +14,15 @@ ENV \ # Copy root filesystem COPY rootfs / +# Set shell +SHELL ["/bin/ash", "-o", "pipefail", "-c"] + # Install base system ARG BUILD_ARCH=amd64 RUN \ - echo '@edge http://dl-cdn.alpinelinux.org/alpine/edge/main' >> /etc/apk/repositories \ + set -o pipefail \ + \ + && echo '@edge http://dl-cdn.alpinelinux.org/alpine/edge/main' >> /etc/apk/repositories \ && echo '@edge http://dl-cdn.alpinelinux.org/alpine/edge/community' >> /etc/apk/repositories \ && echo '@edge http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories \ \ @@ -35,7 +40,7 @@ RUN \ musl=1.1.19-r10 \ tzdata=2018d-r1 \ \ - && if [[ "${BUILD_ARCH}" = "i386" ]]; then S6_ARCH="x86"; else S6_ARCH="${BUILD_ARCH}"; fi \ + && if [ "${BUILD_ARCH}" = "i386" ]; then S6_ARCH="x86"; else S6_ARCH="${BUILD_ARCH}"; fi \ \ && curl -L -s "https://github.com/just-containers/s6-overlay/releases/download/v1.21.4.0/s6-overlay-${S6_ARCH}.tar.gz" \ | tar zxvf - -C / \ @@ -44,22 +49,11 @@ RUN \ && mkdir -p /etc/services.d \ \ && apk del --purge .build-dependencies \ - \ - && \ - if [[ "${BUILD_ARCH}" != "armhf" ]]; then \ - rm -f /usr/bin/qemu-arm-static; \ - fi \ - \ - && \ - if [[ "${BUILD_ARCH}" != "aarch64" ]]; then \ - rm -f /usr/bin/qemu-aarch64-static; \ - fi \ - \ && rm -f -r \ /tmp/* # Entrypoint & CMD -ENTRYPOINT [ "/init" ] +ENTRYPOINT ["/init"] # Build arugments ARG BUILD_DATE