From 9415138735c377dc0036582ae1f702b01ab1a437 Mon Sep 17 00:00:00 2001 From: surtur Date: Fri, 23 Apr 2021 01:42:09 +0200 Subject: [PATCH] ci: build locally with kaniko + push to DockerHub * add hadolint Dockerfile linter step * update Dockerfile to implement hadolint suggestions (cbp) * switch to immawanderer/drone-kaniko as the kaniko flavour of choice --- .drone.yml | 76 +++++++++++++++++++++++++++++--------------------- .hadolint.yaml | 15 ++++++++++ Dockerfile | 29 +++++++++++-------- 3 files changed, 76 insertions(+), 44 deletions(-) create mode 100644 .hadolint.yaml diff --git a/.drone.yml b/.drone.yml index 1a889f4..ced9f78 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1,50 +1,62 @@ --- kind: pipeline type: docker -name: dockerhub-build-trigger +name: testing platform: os: linux arch: amd64 -clone: - disable: true - steps: -- name: call webhook +- name: hadolint pull: always - image: bash:latest - environment: - ENDPOINT: - from_secret: DOCKERHUB_ENDPOINT + image: hadolint/hadolint:v1.23.0-8-gb01c5a9-alpine commands: - - apk add --no-cache curl - - curl -sO https://git.dotya.ml/${DRONE_REPO}/raw/branch/master/curl.it - - bash ./curl.it $ENDPOINT + - hadolint --version + - hadolint Dockerfile + when: + ref: + - refs/heads/master + - "refs/heads/feature-**" + - "refs/pull/**" + - "refs/tags/**" + event: + exclude: [cron] -trigger: - branch: - - master - event: - - push - - cron - ---- -kind: pipeline -type: docker -name: kaniko-build - -platform: - os: linux - arch: amd64 - -steps: -- name: build +- name: kaniko-build pull: always image: immawanderer/drone-kaniko:efd19c50 settings: dockerfile: Dockerfile context: . + when: + ref: + - "refs/heads/feature-**" + - "refs/pull/**" + - "refs/tags/**" + event: + exclude: [cron] + +- name: kaniko-publish + pull: always + image: immawanderer/drone-kaniko:efd19c50 + settings: + dockerfile: Dockerfile + context: . + tags: + - latest + - linux-amd64 + - ${DRONE_COMMIT_SHA:0:8} + repo: immawanderer/alpine-android + username: + from_secret: docker_username + password: + from_secret: docker_password + when: + ref: + - refs/heads/master + event: + exclude: [pull_request, tag] +trigger: + event: [push, pull_request, cron, tag] -depends_on: -- dockerhub-build-trigger diff --git a/.hadolint.yaml b/.hadolint.yaml new file mode 100644 index 0000000..a48a644 --- /dev/null +++ b/.hadolint.yaml @@ -0,0 +1,15 @@ +ignored: + # ad "SC2028" we actually want that here + - SC2028 + # ad "DL4006" no luck - sh doesn't know `set -o pipefail` + - DL4006 + # ad "DL3018" ignore recommendation to pin apk package versions + - DL3018 + # ad "SC2016" we actually don't want that here and now + - SC2016 + # ad "SC2039" that still works + - SC2039 + # ad "DL4005" TODO - set SHELL + - DL4005 + # ad "SC2086" precisely that one cannot be quoted + - SC2086 diff --git a/Dockerfile b/Dockerfile index c75299b..aa68c19 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,8 @@ +# syntax=docker/dockerfile:1.2 +# refs: +# https://docs.docker.com/develop/develop-images/build_enhancements/#overriding-default-frontends +# https://pythonspeed.com/articles/docker-buildkit/ + FROM frolvlad/alpine-java:jdk8-full as build ARG BUILD_DATE ARG VCS_REF @@ -18,13 +23,13 @@ RUN apk update RUN apk add --no-cache binutils ca-certificates curl git openssl unzip --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing WORKDIR /tmp -RUN curl -o sdk.zip -s https://dl.google.com/android/repository/sdk-tools-linux-${VERSION_SDK_TOOLS}.zip -RUN unzip ./sdk.zip -d ${ANDROID_SDK_ROOT} +RUN curl -o sdk.zip -s https://dl.google.com/android/repository/sdk-tools-linux-"${VERSION_SDK_TOOLS}".zip +RUN unzip ./sdk.zip -d "${ANDROID_SDK_ROOT}" RUN rm -f ./sdk.zip -RUN curl -o tools.zip -s https://dl.google.com/android/repository/commandlinetools-linux-${VERSION_TOOLS}_latest.zip \ - && mkdir -p ${ANDROID_SDK_ROOT}/cmdline-tools \ - && unzip ./tools.zip -d ${ANDROID_SDK_ROOT}/cmdline-tools \ +RUN curl -o tools.zip -s https://dl.google.com/android/repository/commandlinetools-linux-"${VERSION_TOOLS}"_latest.zip \ + && mkdir -p "${ANDROID_SDK_ROOT}"/cmdline-tools \ + && unzip ./tools.zip -d "${ANDROID_SDK_ROOT}"/cmdline-tools \ && rm -v ./tools.zip RUN mkdir -p $ANDROID_SDK_ROOT/licenses/ \ @@ -32,14 +37,14 @@ RUN mkdir -p $ANDROID_SDK_ROOT/licenses/ \ && echo "84831b9409646a918e30573bab4c9c91346d8abd\n504667f4c0de7af1a06de9f4b1727b84351f2910" > $ANDROID_SDK_ROOT/licenses/android-sdk-preview-license \ && yes | ${ANDROID_SDK_ROOT}/cmdline-tools/tools/bin/sdkmanager --sdk_root=${ANDROID_SDK_ROOT} --licenses >/dev/null -ADD packages.txt ${ANDROID_SDK_ROOT} -RUN mkdir -p /$(whoami)/.android -RUN touch /$(whoami)/.android/repositories.cfg +COPY packages.txt "${ANDROID_SDK_ROOT}" +RUN mkdir -p /"$(whoami)"/.android +RUN touch /"$(whoami)"/.android/repositories.cfg -RUN yes | ${ANDROID_SDK_ROOT}/tools/bin/sdkmanager --verbose --licenses -RUN ${ANDROID_SDK_ROOT}/tools/bin/sdkmanager --verbose --update +RUN yes | "${ANDROID_SDK_ROOT}"/tools/bin/sdkmanager --verbose --licenses +RUN "${ANDROID_SDK_ROOT}"/tools/bin/sdkmanager --verbose --update -RUN while read -r package; do PACKAGES="${PACKAGES}${package} "; done < ${ANDROID_SDK_ROOT}/packages.txt && ${ANDROID_SDK_ROOT}/tools/bin/sdkmanager --verbose ${PACKAGES} +RUN while read -r package; do PACKAGES="${PACKAGES}${package} "; done < "${ANDROID_SDK_ROOT}"/packages.txt && ${ANDROID_SDK_ROOT}/tools/bin/sdkmanager --verbose ${PACKAGES} FROM adoptopenjdk/openjdk11:alpine-slim COPY --from=build /tmp/sdk /sdk @@ -56,7 +61,7 @@ ENV GRADLE_VERSION "7.0-milestone-3" RUN apk add --no-cache bash curl git vim xz --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing # gradle pls -RUN git clone https://github.com/asdf-vm/asdf.git ~/.asdf --branch ${ASDF_VERSION} \ +RUN git clone https://github.com/asdf-vm/asdf.git ~/.asdf --branch "${ASDF_VERSION}" \ && sed -i 's/\/bin\/ash/\/bin\/bash/' /etc/passwd && cat /etc/passwd \ && echo -e '\n. $HOME/.asdf/asdf.sh' >> ~/.bashrc \ && echo -e '\n. $HOME/.asdf/completions/asdf.bash' >> ~/.bashrc \