Compare commits

...

36 Commits

Author SHA1 Message Date
30419ebfc3
ci,dockerile,makefile: use FQ image paths
All checks were successful
continuous-integration/drone/push Build is passing
2023-10-18 15:02:18 +02:00
584e8c97a5
ci: switch from hourly to nightly builds
All checks were successful
continuous-integration/drone/push Build is passing
2023-10-18 14:21:55 +02:00
3d38d7a5ff
makefile, ci: bump hadolint to v2.12.0
All checks were successful
continuous-integration/drone/push Build is passing
2023-10-18 14:11:14 +02:00
e52089322f
chore: update readme [skip ci] 2023-10-18 13:57:14 +02:00
1161612ef2
dockerfile: add proper OCI annotations
All checks were successful
continuous-integration/drone/push Build is passing
2022-10-10 16:19:53 +02:00
33790a3be4
readme: deprecate 'docker build' badge [skip ci] 2022-10-10 15:05:58 +02:00
9d50738195
ci: start signing .drone.yml
All checks were successful
continuous-integration/drone/push Build is passing
2022-09-08 14:34:22 +02:00
6d1e164bb3
makefile: SELinux-related fix for hadolint
All checks were successful
continuous-integration/drone/push Build is passing
2022-04-21 14:18:16 +02:00
68ac3ba380
fix: make kaniko work on SELinux-enabled systems
All checks were successful
continuous-integration/drone/push Build is passing
2022-04-21 14:15:32 +02:00
a8f514fed8
makefile: bump kaniko to v1.8.1-debug [skip ci] 2022-04-21 14:14:18 +02:00
b6d194191d
makefile: separate hadolint tag into its own var
All checks were successful
continuous-integration/drone/push Build is passing
2022-03-24 16:38:15 +01:00
85d8cf5359
refactor: consolidate consecutive RUN options
All checks were successful
continuous-integration/drone/push Build is passing
2022-03-24 16:33:28 +01:00
1a80496abd
ci,makefile: bump hadolint to v2.9.3-alpine
All checks were successful
continuous-integration/drone/push Build is passing
2022-03-24 16:24:28 +01:00
ea4edd505b
ci: bump hadolint to v2.9.2-alpine
All checks were successful
continuous-integration/drone/push Build is passing
2022-03-23 16:55:42 +01:00
fdc5dd6f1c
makefile: bump kaniko executor to v1.8.0-debug
All checks were successful
continuous-integration/drone/push Build is passing
2022-03-23 16:54:50 +01:00
fcd83eb9c5
makefile: bump kaniko executor to v1.7.0-debug
[skip ci]
2021-12-04 15:12:24 +01:00
b92babe0e9
ci: bump hadolint to v2.8.0
All checks were successful
continuous-integration/drone/push Build is passing
2021-11-16 23:04:24 +01:00
6f62b808d7
fix(kaniko): supply build args {in ci,locally}
All checks were successful
continuous-integration/drone/push Build is passing
since the switch to kaniko as a container image builder, proper
BUILD_DATE and VCS_REF values previously filled in by a build hook were
left empty. that changes now.
2021-10-20 00:18:19 +02:00
01c9a0fbc4
add Makefile for easy local testing
All checks were successful
continuous-integration/drone/push Build is passing
2021-09-30 13:15:26 +02:00
866b668074
chore(ci): bump hadolint to tag 'v2.7.0-alpine'
All checks were successful
continuous-integration/drone/push Build is passing
add ignore of the multiple consecutive 'RUN' statements notice
2021-09-30 13:13:03 +02:00
be7d4b9716
chore(hadolint): unignore;base-devel is pinned now
All checks were successful
continuous-integration/drone/push Build is passing
the ignore was in place due to a latest tag being utilised in the past
2021-09-30 13:04:33 +02:00
75e7bade0c
feat: switch to 'base-devel' tag
All checks were successful
continuous-integration/drone/push Build is passing
2021-09-30 12:49:39 +02:00
1cf40505fd
update docker frontend to version 1.3
All checks were successful
continuous-integration/drone/push Build is passing
2021-09-30 12:48:45 +02:00
2a068ab9de
readme: microbadger is no more [skip ci] 2021-07-16 13:23:26 +02:00
4dfede6778
chore: update README badges [skip ci] 2021-05-05 02:54:27 +02:00
4bc7b193c4
ci: use linux-amd64 stable tag
All checks were successful
continuous-integration/drone/push Build is passing
the tag's also moving but efforts are made to only push working code
there so it should do in terms of stability
2021-05-02 03:57:38 +02:00
f896b8b6d4
ci: build locally with kaniko + push to DockerHub
All checks were successful
continuous-integration/drone/push Build is passing
* add hadolint Dockerfile linter step
* update Dockerfile to implement hadolint suggestions (cbp)
* switch to immawanderer/drone-kaniko as the kaniko flavour of choice
* get a typo in README
2021-04-22 20:46:54 +02:00
1614c3bcee
chore: bump drone-kaniko to 0.8.2
All checks were successful
continuous-integration/drone/push Build is passing
2021-04-01 09:13:09 +02:00
d17acf67e9
fix: licensor field [skip ci] 2021-03-09 21:42:58 +01:00
84d5bd2f1b
build: attempt to leverage latest enhancements
All checks were successful
continuous-integration/drone/push Build is passing
could potentially remedy failing builds on hosts with older docker daemon
refs:
  * https://docs.docker.com/develop/develop-images/build_enhancements/#overriding-default-frontends
  * https://pythonspeed.com/articles/docker-buildkit/
2021-03-09 21:39:05 +01:00
a19c42eeb9
build: enable BuildKit via build hook env var
All checks were successful
continuous-integration/drone/push Build is passing
once DockeHub builds stop failing anyway
2021-03-09 21:25:56 +01:00
68d8fcd537
[skip ci] dockerhub issue: link to the write-up
Alright, let me tell you what this is all about. 🐋

Docker builds (locally and also in DockerHub) started failing after
glibc 3.34 has been updated during jan-feb 2021 and thas caught me on
both fedora 33 and archlinux workstation/server boxes (talking OS, not
containers now).

A hotfix patch has been issued as a workaround to remedy failing builds
-
bd4c5abe4d.

Recently, I have started building [`moby`](https://github.com/moby/moby)
from sources myself (moby is `docker-{c,e}e`'s upstream that's directly
being shipped on fedora instad of the "docker-\*" product) and installed
it on my fedora 33 box, while archlinux gradually updated to a fairly
recent docker (`Docker version 20.10.5, build 363e9a88a1` as of
writing).

Latest `moby` commit on which I was able to run `docker build` for this
image on fedora 33 was
[`dbc3365da2`](dbc3365da2).

For these reasons I decided to revert the hotfix just today in
[`dbeddd89be`](dbeddd89be),
after which DockerHub builds started to fail again.

That is because Dockerhub build servers are probably not running a
latest master `moby`/`docker` and as such don't have the necessary fixes
required to build images that run glibc >=3.34 (see the original hotfix
commit message for more reasoning and references).

That basically means that until they (the DockerHub) run a reasonably
recent docker/moby, we're going to see just more of `dockerhub build:
failing` and anyone expecting these images to work will either have to
update in a similar fashion to what I've done or wait until the patched
versions reach whatever distro you're using.

Unless that distro happens to be Arch, cause then you're ok anyway :D 🐳
2021-03-09 12:25:49 +01:00
dbeddd89be
dockerfile: revert new-glibc-old-docker fix
All checks were successful
continuous-integration/drone/push Build is passing
* the issue that manifested itself when new glibc has been used with
  older docker was temporarily worked around for this image in
  bd4c5abe4dca475965548cb8332ef9b9d2a4953c. if you still need this
  workaround, feel free to revert.

ref: bd4c5abe4d
2021-03-08 21:37:12 +01:00
2d15e3f2dc
Dockerfile: reduce verbosity on rm
All checks were successful
continuous-integration/drone/push Build is passing
2021-03-08 19:57:12 +01:00
5a8e8dfa5d
[skip ci] fix: use correct build status badge link 2021-03-08 19:19:04 +01:00
38d765ec1b
ci: only trigger DH rebuilds on changes in master
All checks were successful
continuous-integration/drone/push Build is passing
2021-03-08 19:14:29 +01:00
7 changed files with 139 additions and 57 deletions

@ -1,43 +1,70 @@
---
kind: pipeline
name: dockerhub-build-trigger
platform:
arch: amd64
trigger:
exclude:
event: pull_request
steps:
- name: call webhook
pull: always
image: curlimages/curl:latest
environment:
ENDPOINT:
from_secret: dockerhub_endpoint
commands:
- curl -s -X POST $ENDPOINT
--- ---
kind: pipeline kind: pipeline
type: docker type: docker
name: kaniko-build name: testing
platform: platform:
os: linux os: linux
arch: amd64 arch: amd64
depends_on:
- dockerhub-build-trigger
steps: steps:
- name: build - name: hadolint
pull: always pull: always
image: ghcr.io/finitum/drone-kaniko:0.8.1 image: docker.io/hadolint/hadolint:v2.12.0-alpine
commands:
- hadolint --version
- hadolint Dockerfile
when:
ref:
- refs/heads/master
- "refs/heads/feature-**"
- "refs/pull/**"
- "refs/tags/**"
event:
exclude: [cron]
- name: kaniko-build
pull: always
image: docker.io/immawanderer/drone-kaniko:linux-amd64
settings: settings:
dockerfile: Dockerfile dockerfile: Dockerfile
context: . context: .
args:
- BUILD_DATE="$(date -u +"%Y-%m-%dT%H:%M:%SZ")"
- VCS_REF=${DRONE_COMMIT_SHA:0:7}
when:
ref:
- "refs/heads/feature-**"
- "refs/pull/**"
- "refs/tags/**"
event:
exclude: [cron]
- name: kaniko-publish
pull: always
image: docker.io/immawanderer/drone-kaniko:linux-amd64
settings:
dockerfile: Dockerfile
context: .
args:
- BUILD_DATE="$(date -u +"%Y-%m-%dT%H:%M:%SZ")"
- VCS_REF=${DRONE_COMMIT_SHA:0:7}
tags:
- latest
- linux-amd64
- ${DRONE_COMMIT_SHA:0:8}
repo: immawanderer/archlinux
username:
from_secret: docker_username
password:
from_secret: docker_password
when:
ref:
- refs/heads/master
event:
exclude: [pull_request, tag]
trigger:
event: [push, pull_request, cron, tag]
--- ---
kind: pipeline kind: pipeline
@ -62,12 +89,12 @@ trigger:
- cron - cron
depends_on: depends_on:
- kaniko-build - testing
steps: steps:
- name: discord - name: discord
pull: if-not-exists pull: if-not-exists
image: appleboy/drone-discord:latest image: docker.io/appleboy/drone-discord:latest
settings: settings:
message: "{{#success build.status}} ✅ [Build #{{build.number}}]({{build.link}}) of `{{repo.name}}` succeeded.\nevent: **`{{build.event}}`**\ncommit [`${DRONE_COMMIT_SHA:0:7}`](https://git.dotya.ml/${DRONE_REPO}/commit/${DRONE_COMMIT_SHA}) by {{commit.author}} on `{{commit.branch}}`\n```{{commit.message}}``` {{else}} ❌ [Build #{{build.number}}]({{build.link}}) of `{{repo.name}}` failed.\nevent: **`${DRONE_BUILD_EVENT}`**\ncommit [`${DRONE_COMMIT_SHA:0:7}`](https://git.dotya.ml/${DRONE_REPO}/commit/${DRONE_COMMIT_SHA}) by {{commit.author}} on `{{commit.branch}}`\n```{{commit.message}}``` {{/success}}\n" message: "{{#success build.status}} ✅ [Build #{{build.number}}]({{build.link}}) of `{{repo.name}}` succeeded.\nevent: **`{{build.event}}`**\ncommit [`${DRONE_COMMIT_SHA:0:7}`](https://git.dotya.ml/${DRONE_REPO}/commit/${DRONE_COMMIT_SHA}) by {{commit.author}} on `{{commit.branch}}`\n```{{commit.message}}``` {{else}} ❌ [Build #{{build.number}}]({{build.link}}) of `{{repo.name}}` failed.\nevent: **`${DRONE_BUILD_EVENT}`**\ncommit [`${DRONE_COMMIT_SHA:0:7}`](https://git.dotya.ml/${DRONE_REPO}/commit/${DRONE_COMMIT_SHA}) by {{commit.author}} on `{{commit.branch}}`\n```{{commit.message}}``` {{/success}}\n"
webhook_id: webhook_id:
@ -92,21 +119,27 @@ trigger:
event: event:
- cron - cron
cron: cron:
- hourly-build - nightly-build
status: status:
- success - success
- failure - failure
depends_on: depends_on:
- kaniko-build - testing
steps: steps:
- name: discord - name: discord
pull: always pull: always
image: appleboy/drone-discord:latest image: docker.io/appleboy/drone-discord:latest
settings: settings:
message: "{{#success build.status}} ✅ [Hourly build #{{build.number}}]({{build.link}}) of `{{repo.name}}` succeeded.\nevent: **`{{build.event}}`**\ncommit [`${DRONE_COMMIT_SHA:0:7}`](https://git.dotya.ml/${DRONE_REPO}/commit/${DRONE_COMMIT_SHA}) by {{commit.author}} on `{{commit.branch}}`\n {{else}} ❌ [Hourly build #{{build.number}}]({{build.link}}) of `{{repo.name}}` failed.\nevent: **`${DRONE_BUILD_EVENT}`**\ncommit [`${DRONE_COMMIT_SHA:0:7}`](https://git.dotya.ml/${DRONE_REPO}/commit/${DRONE_COMMIT_SHA}) by {{commit.author}} on `{{commit.branch}}`\n {{/success}}\n" message: "{{#success build.status}} ✅ [Scheduled build #{{build.number}}]({{build.link}}) of `{{repo.name}}` succeeded.\nevent: **`{{build.event}}`**\ncommit [`${DRONE_COMMIT_SHA:0:7}`](https://git.dotya.ml/${DRONE_REPO}/commit/${DRONE_COMMIT_SHA}) by {{commit.author}} on `{{commit.branch}}`\n {{else}} ❌ [Scheduled build #{{build.number}}]({{build.link}}) of `{{repo.name}}` failed.\nevent: **`${DRONE_BUILD_EVENT}`**\ncommit [`${DRONE_COMMIT_SHA:0:7}`](https://git.dotya.ml/${DRONE_REPO}/commit/${DRONE_COMMIT_SHA}) by {{commit.author}} on `{{commit.branch}}`\n {{/success}}\n"
webhook_id: webhook_id:
from_secret: discord_webhook_hourly_id from_secret: discord_webhook_hourly_id
webhook_token: webhook_token:
from_secret: discord_webhook_hourly_token from_secret: discord_webhook_hourly_token
---
kind: signature
hmac: bc36fd53d1d57053f660e05df07722e8cb2e82edc732ec8898d7308ad891b905
...

2
.hadolint.yaml Normal file

@ -0,0 +1,2 @@
---
ignored:

@ -1,24 +1,35 @@
FROM archlinux:latest # syntax=docker/dockerfile:1.3
# refs:
# https://docs.docker.com/develop/develop-images/build_enhancements/#overriding-default-frontends
# https://pythonspeed.com/articles/docker-buildkit/
FROM docker.io/library/archlinux:base-devel
ARG BUILD_DATE ARG BUILD_DATE
ARG VCS_REF ARG VCS_REF
LABEL description="Hourly updated archlinux base image" # as per https://github.com/opencontainers/image-spec/blob/main/annotations.md,
# keep Label Schema labels for backward compatibility.
LABEL org.label-schema.build-date=$BUILD_DATE \ LABEL description="hourly updated archlinux base(-devel) image" \
org.label-schema.build-date=$BUILD_DATE \
org.label-schema.vcs-url="https://git.dotya.ml/wanderer/docker-archlinux.git" \ org.label-schema.vcs-url="https://git.dotya.ml/wanderer/docker-archlinux.git" \
org.label-schema.vcs-ref=$VCS_REF \ org.label-schema.vcs-ref=$VCS_REF \
org.label-schema.license=GPL-3.0 org.label-schema.license=GPL-3.0 \
org.opencontainers.image.title="docker-archlinux" \
org.opencontainers.image.description="hourly updated archlinux base(-devel) image" \
org.opencontainers.image.created=$BUILD_DATE \
org.opencontainers.image.authors=wanderer \
org.opencontainers.image.url="https://git.dotya.ml/wanderer/docker-archlinux.git" \
org.opencontainers.image.source="https://git.dotya.ml/wanderer/docker-archlinux.git" \
org.opencontainers.image.revision=$VCS_REF \
org.opencontainers.image.licenses=GPL-3.0
# WORKAROUND for glibc 2.33 and old Docker # if you need the WORKAROUND for glibc 2.33 and old Docker
# See https://github.com/actions/virtual-environments/issues/2658 # have a look at https://git.dotya.ml/wanderer/docker-archlinux/commit/bd4c5abe4dca475965548cb8332ef9b9d2a4953c
# Thanks to https://github.com/lxqt/lxqt-panel/pull/1562
ENV patched_glibc glibc-linux4-2.33-4-x86_64.pkg.tar.zst
RUN curl -LO "https://repo.archlinuxcn.org/x86_64/$patched_glibc" && \
bsdtar -C / -xvf "$patched_glibc"
RUN pacman --version
RUN pacman -Syu --ignore glibc --noconfirm --needed RUN pacman --version && \
RUN pacman --noconfirm -Rn $(pacman -Qdtq) || true \
RUN pacman -Scc && rm -rfv /var/cache/pacman/* /var/lib/pacman/sync/* \ \
rm -rv /tmp/* || true pacman -Syu --noconfirm --needed && \
pacman --noconfirm -Rn "$(pacman -Qdtq)" || true && \
pacman -Scc && rm -rf /var/cache/pacman/* /var/lib/pacman/sync/*

@ -2,7 +2,7 @@ GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007 Version 3, 29 June 2007
Copyright © 2007 Free Software Foundation, Inc. <https://fsf.org/> Copyright © 2020-2021 Adam Mirre <a_mirre@utb.cz>
Everyone is permitted to copy and distribute verbatim copies of this license Everyone is permitted to copy and distribute verbatim copies of this license
document, but changing it is not allowed. document, but changing it is not allowed.

34
Makefile Normal file

@ -0,0 +1,34 @@
dcmd = docker
dfile = Dockerfile
dtag = immawanderer/archlinux:testbuild
dargs = build -t $(dtag) --no-cache --pull - < $(dfile)
cleanargs = image rm -f $(dtag)
pruneargs = system prune -af
dargskaniko = run --rm -it -w=$(kanikowdir) -v $$PWD:$(kanikowdir):z
kanikoexecutorimg = gcr.io/kaniko-project/executor:v1.8.1-debug
kanikowdir = /src
kanikocontext = .
kanikoargs = -f=$(dfile) -c=$(kanikocontext) --use-new-run --snapshotMode=redo --build-arg BUILD_DATE=$(build_date) --build-arg VCS_REF=$(vcs_ref) --no-push
vcs_ref = $$(git rev-parse --short HEAD)
build_date= $$(date -u +"%Y-%m-%dT%H:%M:%SZ")
hadolintimg = docker.io/hadolint/hadolint
hadolinttag = v2.12.0-alpine
hadolintargs = run --rm -i -v $$PWD:/src:z --workdir=/src
.PHONY: hadolint build kaniko clean test prune
hadolint:
$(dcmd) $(hadolintargs) $(hadolintimg):$(hadolinttag) < $(dfile)
kaniko:
$(dcmd) $(dargskaniko) $(kanikoexecutorimg) $(kanikoargs)
build:
$(dcmd) $(dargs)
clean:
$(dcmd) $(cleanargs)
test: hadolint build kaniko
prune:
$(dcmd) $(pruneargs)

@ -1,13 +1,14 @@
# docker-archlinux # docker-archlinux
[![Build Status](https://drone.dotya.ml/api/badges/wanderer/docker-archlinux-hugo/status.svg)](https://drone.dotya.ml/wanderer/docker-archlinux-hugo) [![Build Status](https://drone.dotya.ml/api/badges/wanderer/docker-archlinux/status.svg)](https://drone.dotya.ml/wanderer/docker-archlinux)
[![Docker Cloud Build Status](https://img.shields.io/docker/cloud/build/immawanderer/archlinux)](https://hub.docker.com/r/immawanderer/archlinux/builds) [![Docker Image Version (latest by date)](https://img.shields.io/docker/v/immawanderer/archlinux)](https://hub.docker.com/r/immawanderer/archlinux/tags/?page=1&ordering=last_updated)
[![](https://images.microbadger.com/badges/version/immawanderer/archlinux.svg)](https://microbadger.com/images/immawanderer/archlinux) [![Docker Image Version (tag latest semver)](https://img.shields.io/docker/v/immawanderer/archlinux/linux-amd64)](https://hub.docker.com/r/immawanderer/archlinux/tags/?page=1&ordering=last_updated&name=linux-amd64)
[![](https://images.microbadger.com/badges/commit/immawanderer/archlinux.svg)](https://microbadger.com/images/immawanderer/archlinux) [![Docker Image Size (tag)](https://img.shields.io/docker/image-size/immawanderer/archlinux/linux-amd64)](https://hub.docker.com/r/immawanderer/archlinux/tags/?page=1&ordering=last_updated&name=linux-amd64)
[![Docker pulls](https://img.shields.io/docker/pulls/immawanderer/archlinux)](https://hub.docker.com/r/immawanderer/archlinux/)
This repository provides the Dockerfile to create an updated Arch Linux base image. This repository provides a Dockerfile to create an *updated* Arch Linux base(-devel) image.
The image is rebuilt approximately every hour to ensure it always has the latest packages. The image is rebuilt nightly to ensure it always has the latest packages.
push mirror lives in [this GitHub repo](https://github.com/wULLSnpAXbWZGYDYyhWTKKspEQoaYxXyhoisqHf/docker-archlinux) push mirror lives in [this GitHub repo](https://github.com/wULLSnpAXbWZGYDYyhWTKKspEQoaYxXyhoisqHf/docker-archlinux)
development happens on [this Gitea instance](https://git.dotya.ml/wanderer/docker-archlinux) development happens on [this Gitea instance](https://git.dotya.ml/wanderer/docker-archlinux)
@ -21,7 +22,7 @@ That's just it. This makes it possible to just grab the image and install whatev
* Arch Linux image with freshly updated package base to build upon * Arch Linux image with freshly updated package base to build upon
## Running the image ## Running the image
* edit the `yourlocalpath` and `containerpath` variabled or remove them entirely (along with `-v`) if you have *nothing to mount* * edit the `yourlocalpath` and `containerpath` variables or remove them entirely (along with `-v`) if you have *nothing to mount*
```bash ```bash
docker run -it -v yourlocalpath:containerpath immawanderer/archlinux:latest docker run -it -v yourlocalpath:containerpath immawanderer/archlinux:latest

@ -4,6 +4,7 @@
# $IMAGE_NAME var is injected into the build so the tag is correct. # $IMAGE_NAME var is injected into the build so the tag is correct.
export DOCKER_BUILDKIT=1
echo "Build hook running" echo "Build hook running"
docker build --build-arg BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"` \ docker build --build-arg BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"` \
--build-arg VCS_REF=`git rev-parse --short HEAD` \ --build-arg VCS_REF=`git rev-parse --short HEAD` \