ci,just,pre-commit: add Containerfile
All checks were successful
continuous-integration/drone/push Build is passing

* lint in pre-commit, ci, justfile
* build on feature branches and PRs and publish on tags.
* add a symlink to Dockerfile
This commit is contained in:
leo 2023-05-20 18:05:26 +02:00
parent 723c3fea5f
commit 6ebf092b9f
Signed by: wanderer
SSH Key Fingerprint: SHA256:Dp8+iwKHSlrMEHzE3bJnPng70I7LEsa3IJXRH/U+idQ
7 changed files with 160 additions and 0 deletions

2
.dockerignore Normal file

@ -0,0 +1,2 @@
.git
tmp

@ -202,3 +202,76 @@ steps:
- uname -r
- curl --version
- curl -sS -X POST https://godocs.io/git.dotya.ml/${DRONE_REPO}/refresh -o /dev/null
---
kind: pipeline
type: docker
name: container
platform:
os: linux
arch: amd64
node:
r: as
trigger:
event: [push, pull_request, cron, tag]
steps:
- name: hadolint
pull: always
image: ghcr.io/hadolint/hadolint:v2.12.0-alpine
commands:
- hadolint --version
- hadolint Containerfile
when:
ref:
- refs/heads/development
- "refs/heads/feature-**"
- "refs/pull/**"
- "refs/tags/**"
event:
exclude: [cron]
- name: kaniko-build
pull: always
image: docker.io/immawanderer/drone-kaniko:linux-amd64
settings:
dockerfile: Containerfile
context: .
args:
- BUILD_DATE="$(date -u +"%Y-%m-%dT%H:%M:%SZ")"
- VCS_REF=${DRONE_COMMIT_SHA:0:8}
when:
ref:
- "refs/heads/feature-**"
- "refs/pull/**"
event:
exclude: [cron]
- name: kaniko publish
pull: always
image: docker.io/immawanderer/drone-kaniko:linux-amd64
settings:
dockerfile: Containerfile
context: .
args:
- BUILD_DATE="$(date -u +"%Y-%m-%dT%H:%M:%SZ")"
- VCS_REF=${DRONE_COMMIT_SHA:0:8}
tags:
- latest
- linux-amd64
- ${DRONE_COMMIT_SHA:0:8}
- ${DRONE_TAG}
- ${DRONE_TAG}-linux-amd64
- ${DRONE_TAG}-g${DRONE_COMMIT_SHA:0:8}
repo: immawanderer/mt-${DRONE_REPO_NAME}
username: immawanderer
password:
from_secret: dh_token
when:
ref:
include:
- "refs/tags/**"
...

3
.hadolint.yaml Normal file

@ -0,0 +1,3 @@
---
failure-threshold: warning
...

@ -18,3 +18,7 @@ repos:
- id: go-test-mod
- id: go-build-mod
- id: golangci-lint-mod
- repo: https://git.dotya.ml/wanderer/hadolint-pre-commit
rev: v0.0.1
hooks:
- id: hadolint-container

50
Containerfile Normal file

@ -0,0 +1,50 @@
# syntax=docker/dockerfile-upstream:master-labs
FROM docker.io/library/alpine:3.18.0 as dhall-cache
ENV XDG_CACHE_HOME=/var/cache
ENV DHALL_VERSION=1.42.0
ADD https://git.dotya.ml/mirre-mt/pcmt/raw/branch/development/exampleConfig.dhall /tmp
ADD https://github.com/dhall-lang/dhall-haskell/releases/download/${DHALL_VERSION}/dhall-${DHALL_VERSION}-x86_64-linux.tar.bz2 /tmp/dhall.tar.bz2
WORKDIR /tmp
RUN tar xf /tmp/dhall.tar.bz2 \
&& mv /tmp/bin/dhall /usr/bin \
&& echo "Normalise exampleConfig.dhall (saving the result in cache)" \
&& time dhall --file /tmp/exampleConfig.dhall
FROM docker.io/library/golang:1.20.4-alpine3.17 as go-build
ARG VERSION
COPY . /go/pcmt
WORKDIR /go/pcmt
RUN CGO_ENABLED=0 \
GOLDFLAGS="-s -w -X main.version=${VERSION:-prod}" \
go build -v .
FROM docker.io/immawanderer/scratch-cacerts:linux-amd64
COPY --from=dhall-cache /var/cache/dhall-haskell /root/.cache/dhall-haskell
COPY --from=dhall-cache /var/cache/dhall /root/.cache/dhall
COPY --from=dhall-cache /tmp/exampleConfig.dhall /etc/pcmt/config.dhall
COPY --from=go-build /go/pcmt/pcmt /bin/pcmt
ARG BUILD_DATE
ARG VCS_REF
ENV XDG_CACHE_HOME=/root/.cache
LABEL description="Password Compromise Monitoring Tool" \
org.label-schema.build-date=$BUILD_DATE \
org.label-schema.vcs-url="https://git.dotya.ml/mirre-mt/pcmt.git" \
org.label-schema.vcs-ref=$VCS_REF \
org.label-schema.license=AGPL-3.0-only
ENTRYPOINT ["/bin/pcmt"]
CMD ["-help"]
# vim: set ts=4 ft=dockerfile fenc=utf-8 ff=unix :

1
Dockerfile Symbolic link

@ -0,0 +1 @@
Containerfile

@ -1,3 +1,18 @@
cmd := "podman"
cfile := "Containerfile"
tag := "docker.io/immawanderer/pcmt:testbuild"
args := "build -t "+ tag + " " + buildargs + " --no-cache --pull -f " + cfile
buildargs := "--build-arg VERSION=" + vcs_ref + " --build-arg BUILD_DATE=" + build_date + " --build-arg VCS_REF=" + vcs_ref
kanikoargs := "run -it -w=" + kanikowdir + " -v $(pwd):" + kanikowdir + ":z " + kanikoexecutorimg + " -f=" + cfile + " -c=" + kanikocontext + " --use-new-run --snapshotMode=redo --no-push " + buildargs
kanikoexecutorimg := "gcr.io/kaniko-project/executor:v1.9.0-debug"
kanikowdir := "/src"
kanikocontext := "."
vcs_ref := "$(git rev-parse --short HEAD || echo dev)"
build_date := "$(date -u +\"%Y-%m-%dT%H:%M:%SZ\")"
hadolintimg := "docker.io/hadolint/hadolint"
hadolinttag := "v2.12.0-alpine"
hadolintargs := "run --rm -i -v $(pwd):/src:z --workdir=/src"
# run tailwindcss tool in watch mode.
watch-tw:
npm i
@ -53,4 +68,16 @@ dbstop:
svgo:
svgo -i templates/svg-*.tmpl
# check Containerfile with hadolint.
hadolint:
{{cmd}} {{hadolintargs}} {{hadolintimg}}:{{hadolinttag}} < {{cfile}}
# build Container with kaniko.
kaniko:
{{cmd}} {{kanikoargs}}
# build container with podman.
container:
{{cmd}} {{args}}
# vim: set ts=2 ft=just syntax=make fenc=utf-8 ff=unix :