ci: build locally with kaniko + push to DockerHub
All checks were successful
continuous-integration/drone/push Build is passing

* add hadolint Dockerfile linter step
* update Dockerfile to implement hadolint suggestions (cbp)
* switch to immawanderer/drone-kaniko as the kaniko flavour of choice
This commit is contained in:
surtur 2021-04-23 01:42:09 +02:00
parent 9696733ec3
commit 9415138735
Signed by: wanderer
GPG Key ID: 19CE1EC1D9E0486D
3 changed files with 76 additions and 44 deletions

@ -1,50 +1,62 @@
---
kind: pipeline
type: docker
name: dockerhub-build-trigger
name: testing
platform:
os: linux
arch: amd64
clone:
disable: true
steps:
- name: call webhook
- name: hadolint
pull: always
image: bash:latest
environment:
ENDPOINT:
from_secret: DOCKERHUB_ENDPOINT
image: hadolint/hadolint:v1.23.0-8-gb01c5a9-alpine
commands:
- apk add --no-cache curl
- curl -sO https://git.dotya.ml/${DRONE_REPO}/raw/branch/master/curl.it
- bash ./curl.it $ENDPOINT
- hadolint --version
- hadolint Dockerfile
when:
ref:
- refs/heads/master
- "refs/heads/feature-**"
- "refs/pull/**"
- "refs/tags/**"
event:
exclude: [cron]
trigger:
branch:
- master
event:
- push
- cron
---
kind: pipeline
type: docker
name: kaniko-build
platform:
os: linux
arch: amd64
steps:
- name: build
- name: kaniko-build
pull: always
image: immawanderer/drone-kaniko:efd19c50
settings:
dockerfile: Dockerfile
context: .
when:
ref:
- "refs/heads/feature-**"
- "refs/pull/**"
- "refs/tags/**"
event:
exclude: [cron]
- name: kaniko-publish
pull: always
image: immawanderer/drone-kaniko:efd19c50
settings:
dockerfile: Dockerfile
context: .
tags:
- latest
- linux-amd64
- ${DRONE_COMMIT_SHA:0:8}
repo: immawanderer/alpine-android
username:
from_secret: docker_username
password:
from_secret: docker_password
when:
ref:
- refs/heads/master
event:
exclude: [pull_request, tag]
trigger:
event: [push, pull_request, cron, tag]
depends_on:
- dockerhub-build-trigger

15
.hadolint.yaml Normal file

@ -0,0 +1,15 @@
ignored:
# ad "SC2028" we actually want that here
- SC2028
# ad "DL4006" no luck - sh doesn't know `set -o pipefail`
- DL4006
# ad "DL3018" ignore recommendation to pin apk package versions
- DL3018
# ad "SC2016" we actually don't want that here and now
- SC2016
# ad "SC2039" that still works
- SC2039
# ad "DL4005" TODO - set SHELL
- DL4005
# ad "SC2086" precisely that one cannot be quoted
- SC2086

@ -1,3 +1,8 @@
# syntax=docker/dockerfile:1.2
# refs:
# https://docs.docker.com/develop/develop-images/build_enhancements/#overriding-default-frontends
# https://pythonspeed.com/articles/docker-buildkit/
FROM frolvlad/alpine-java:jdk8-full as build
ARG BUILD_DATE
ARG VCS_REF
@ -18,13 +23,13 @@ RUN apk update
RUN apk add --no-cache binutils ca-certificates curl git openssl unzip --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing
WORKDIR /tmp
RUN curl -o sdk.zip -s https://dl.google.com/android/repository/sdk-tools-linux-${VERSION_SDK_TOOLS}.zip
RUN unzip ./sdk.zip -d ${ANDROID_SDK_ROOT}
RUN curl -o sdk.zip -s https://dl.google.com/android/repository/sdk-tools-linux-"${VERSION_SDK_TOOLS}".zip
RUN unzip ./sdk.zip -d "${ANDROID_SDK_ROOT}"
RUN rm -f ./sdk.zip
RUN curl -o tools.zip -s https://dl.google.com/android/repository/commandlinetools-linux-${VERSION_TOOLS}_latest.zip \
&& mkdir -p ${ANDROID_SDK_ROOT}/cmdline-tools \
&& unzip ./tools.zip -d ${ANDROID_SDK_ROOT}/cmdline-tools \
RUN curl -o tools.zip -s https://dl.google.com/android/repository/commandlinetools-linux-"${VERSION_TOOLS}"_latest.zip \
&& mkdir -p "${ANDROID_SDK_ROOT}"/cmdline-tools \
&& unzip ./tools.zip -d "${ANDROID_SDK_ROOT}"/cmdline-tools \
&& rm -v ./tools.zip
RUN mkdir -p $ANDROID_SDK_ROOT/licenses/ \
@ -32,14 +37,14 @@ RUN mkdir -p $ANDROID_SDK_ROOT/licenses/ \
&& echo "84831b9409646a918e30573bab4c9c91346d8abd\n504667f4c0de7af1a06de9f4b1727b84351f2910" > $ANDROID_SDK_ROOT/licenses/android-sdk-preview-license \
&& yes | ${ANDROID_SDK_ROOT}/cmdline-tools/tools/bin/sdkmanager --sdk_root=${ANDROID_SDK_ROOT} --licenses >/dev/null
ADD packages.txt ${ANDROID_SDK_ROOT}
RUN mkdir -p /$(whoami)/.android
RUN touch /$(whoami)/.android/repositories.cfg
COPY packages.txt "${ANDROID_SDK_ROOT}"
RUN mkdir -p /"$(whoami)"/.android
RUN touch /"$(whoami)"/.android/repositories.cfg
RUN yes | ${ANDROID_SDK_ROOT}/tools/bin/sdkmanager --verbose --licenses
RUN ${ANDROID_SDK_ROOT}/tools/bin/sdkmanager --verbose --update
RUN yes | "${ANDROID_SDK_ROOT}"/tools/bin/sdkmanager --verbose --licenses
RUN "${ANDROID_SDK_ROOT}"/tools/bin/sdkmanager --verbose --update
RUN while read -r package; do PACKAGES="${PACKAGES}${package} "; done < ${ANDROID_SDK_ROOT}/packages.txt && ${ANDROID_SDK_ROOT}/tools/bin/sdkmanager --verbose ${PACKAGES}
RUN while read -r package; do PACKAGES="${PACKAGES}${package} "; done < "${ANDROID_SDK_ROOT}"/packages.txt && ${ANDROID_SDK_ROOT}/tools/bin/sdkmanager --verbose ${PACKAGES}
FROM adoptopenjdk/openjdk11:alpine-slim
COPY --from=build /tmp/sdk /sdk
@ -56,7 +61,7 @@ ENV GRADLE_VERSION "7.0-milestone-3"
RUN apk add --no-cache bash curl git vim xz --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing
# gradle pls
RUN git clone https://github.com/asdf-vm/asdf.git ~/.asdf --branch ${ASDF_VERSION} \
RUN git clone https://github.com/asdf-vm/asdf.git ~/.asdf --branch "${ASDF_VERSION}" \
&& sed -i 's/\/bin\/ash/\/bin\/bash/' /etc/passwd && cat /etc/passwd \
&& echo -e '\n. $HOME/.asdf/asdf.sh' >> ~/.bashrc \
&& echo -e '\n. $HOME/.asdf/completions/asdf.bash' >> ~/.bashrc \