diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 42921ff..cb7646f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -17,25 +17,36 @@ on: env: GITHUB_DOCKER_USER: ${{ github.actor }} NEXUS_DOCKER_USER: ${{ secrets.HOME_NEXUS_DOCKER_USER }} + NEXUS_PROXY_REGISTRY: nexus.jamesjonesconsulting.com:5444 jobs: build-and-push: - runs-on: self-hosted + runs-on: [ self-hosted, medium, build ] container: - image: quay.io/podman/stable:latest - options: --userns=keep-id --privileged --user root + image: nexus.jamesjonesconsulting.com:5444/podman/stable:latest + # image: quay.io/podman/stable:latest + options: --userns=keep-id --group-add keep-groups --privileged --user root + credentials: + username: ${{ secrets.HOME_NEXUS_DOCKER_USER }} + password: ${{ secrets.HOME_NEXUS_DOCKER_PASSWORD }} strategy: fail-fast: false max-parallel: 2 matrix: - registry: [ 'ghcr.io', 'nexus.jamjon3.sytes.net:5443' ] + registry: [ 'ghcr.io', 'nexus.jamesjonesconsulting.com:5443' ] include: - registry: ghcr.io user: GITHUB_DOCKER_USER password: GITHUB_TOKEN - - registry: nexus.jamjon3.sytes.net:5443 + registry_proxy: $NEXUS_PROXY_REGISTRY + proxy_user: NEXUS_DOCKER_USER + proxy_password: HOME_NEXUS_DOCKER_PASSWORD + - registry: nexus.jamesjonesconsulting.com:5443 user: NEXUS_DOCKER_USER password: HOME_NEXUS_DOCKER_PASSWORD + registry_proxy: $NEXUS_PROXY_REGISTRY + proxy_user: NEXUS_DOCKER_USER + proxy_password: HOME_NEXUS_DOCKER_PASSWORD steps: # Downloads a copy of the code in your repository before running CI tests - name: Check out repository code @@ -49,6 +60,12 @@ jobs: login-server: ${{ matrix.registry }} username: ${{ env[matrix.user] }} password: ${{ secrets[matrix.password] }} + - name: Docker Login + uses: azure/docker-login@v1 + with: + login-server: ${{ matrix.registry_proxy }} + username: ${{ env[matrix.proxy_user] }} + password: ${{ secrets[matrix.proxy_password] }} # This requires docker buildx which podman doesn't support # - name: Extract metadata (tags, labels) for Docker # id: meta @@ -70,7 +87,7 @@ jobs: else VERSION=$(echo "${GITHUB_REF_NAME}" | sed 's|/|-|g') fi - podman build . --file Dockerfile --tag "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" + podman build . --file Dockerfile --tag "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" --build-arg ARTIFACTORY=${{ matrix.registry_proxy }} podman push "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" if [[ "$GITHUB_REF" =~ ^refs/tags.* ]]; then podman tag "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" "${{ matrix.registry }}/$IMAGE_NAME:latest" diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d811262..0331c48 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,32 +1,59 @@ stages: - dind-build -before_script: - - dnf install -y podman-docker - - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY +.base: + # See https://gitlab.com/gitlab-org/cluster-integration/cluster-applications/ + variables: + DOCKER_AUTH_CONFIG: ${HOME_NEXUS_DOCKER_AUTH_CONFIG} + image: "$HOME_NEXUS_DOCKER_REGISTRY_SHARED/podman/stable:latest" + parallel: + matrix: + - REGISTRY_USER: $CI_REGISTRY_USER + REGISTRY_PASSWORD: $CI_REGISTRY_PASSWORD + REGISTRY: $CI_REGISTRY + REGISTRY_IMAGE: $CI_REGISTRY_IMAGE + - REGISTRY_USER: $HOME_NEXUS_DOCKER_USER + REGISTRY_PASSWORD: $HOME_NEXUS_DOCKER_PASSWORD + REGISTRY: $HOME_NEXUS_DOCKER_REGISTRY + REGISTRY_IMAGE: $HOME_NEXUS_DOCKER_REGISTRY/$CI_PROJECT_PATH + +.shared_resources: + script: &build_push + - docker login -u "$REGISTRY_USER" -p "$REGISTRY_PASSWORD" $REGISTRY + - export REGISTRY_IMAGE_LOWER=$(echo "$REGISTRY_IMAGE" | tr '[:upper:]' '[:lower:]') + - docker build --pull -t "$REGISTRY_IMAGE_LOWER:$IMAGE_TAG" --build-arg ARTIFACTORY=$HOME_NEXUS_DOCKER_REGISTRY_SHARED . + - docker push "$REGISTRY_IMAGE_LOWER:$IMAGE_TAG" + before_script: &before_auth + - dnf install -y podman-docker + - docker login -u "$HOME_NEXUS_DOCKER_USER" -p "$HOME_NEXUS_DOCKER_PASSWORD" $HOME_NEXUS_DOCKER_REGISTRY_SHARED build:prereleases: stage: dind-build + extends: .base tags: - big-build + before_script: + - *before_auth script: - export IMAGE_TAG=$(echo -en $CI_COMMIT_REF_NAME | sed 's|/|-|g') - - docker build --pull -t "$CI_REGISTRY_IMAGE:$IMAGE_TAG" . - - docker push "$CI_REGISTRY_IMAGE:$IMAGE_TAG" + - *build_push only: - branches except: - main build:releases: + extends: .base stage: dind-build tags: - big-build + before_script: + - *before_auth script: - - docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG" . - - docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG" - - docker tag "$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG" "$CI_REGISTRY_IMAGE:latest" - - docker push "$CI_REGISTRY_IMAGE:latest" + - export IMAGE_TAG=$CI_COMMIT_TAG + - *build_push + - docker tag "$REGISTRY_IMAGE_LOWER:$IMAGE_TAG" "$REGISTRY_IMAGE_LOWER:latest" + - docker push "$REGISTRY_IMAGE_LOWER:latest" only: - tags diff --git a/Dockerfile b/Dockerfile index c6972ad..9720d69 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,10 @@ -FROM quay.io/podman/stable:latest +ARG ARTIFACTORY +FROM ${ARTIFACTORY}/podman/stable:latest # Adding on the docker alias, docker-compose and other useful stuff RUN dnf install -y podman-docker buildah skopeo docker-compose \ util-linux ansible-core openssh-clients krb5-devel krb5-libs krb5-workstation git jq unzip coreutils \ - helm doctl kubernetes-client gnupg2 pinentry expect + helm doctl kubernetes-client gnupg2 pinentry expect gh awscli # Adding the Azure CLI RUN rpm --import https://packages.microsoft.com/keys/microsoft.asc \ diff --git a/rpm-sign-expect b/rpm-sign-expect index de17dfc..112f8ab 100644 --- a/rpm-sign-expect +++ b/rpm-sign-expect @@ -7,7 +7,7 @@ set name [lindex $argv 3] ### rpm-sign-expect -- Sign RPMs by sending passphrase and other elements -spawn rpm --define "_gpg_name $name <$email>" --addsign $rpm +spawn rpm --define {"_gpg_name $name <$email>"} --addsign $rpm expect -exact "Enter pass phrase: " send -- "$passphrase\r" expect eof \ No newline at end of file