From c065d6f5e9af7a25d86611ac0a035655fc9de8e4 Mon Sep 17 00:00:00 2001 From: James Jones Date: Tue, 6 Dec 2022 18:49:44 -0500 Subject: [PATCH 1/7] Adding on home registry --- .github/workflows/build.yml | 16 ++++++++++++++++ Dockerfile | 2 +- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4a682f9..55c7f99 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,6 +16,7 @@ on: env: REGISTRY: ghcr.io + NEXUS_REGISTRY: nexus.jamjon3.sytes.net:5443 jobs: build-and-push: @@ -23,6 +24,11 @@ jobs: container: image: quay.io/podman/stable:latest options: --userns=keep-id --privileged --user root + strategy: + fail-fast: false + matrix: + language: [ 'python' ] + steps: # Downloads a copy of the code in your repository before running CI tests - name: Check out repository code @@ -36,6 +42,12 @@ jobs: login-server: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Docker Login + uses: azure/docker-login@v1 + with: + login-server: ${{ env.NEXUS_REGISTRY }} + username: ${{ secrets.HOME_NEXUS_DOCKER_USER }} + password: ${{ secrets.HOME_NEXUS_DOCKER_PASSWORD }} # This requires docker buildx which podman doesn't support # - name: Extract metadata (tags, labels) for Docker # id: meta @@ -58,10 +70,14 @@ jobs: VERSION=$(echo "${GITHUB_REF_NAME}" | sed 's|/|-|g') fi podman build . --file Dockerfile --tag "$REGISTRY/$IMAGE_NAME:$VERSION" + podman tag "$REGISTRY/$IMAGE_NAME:$VERSION" "$NEXUS_REGISTRY/$IMAGE_NAME:$VERSION" podman push "$REGISTRY/$IMAGE_NAME:$VERSION" + podman push "$NEXUS_REGISTRY/$IMAGE_NAME:$VERSION" if [[ "$GITHUB_REF" =~ ^refs/tags.* ]]; then podman tag "$REGISTRY/$IMAGE_NAME:$VERSION" "$REGISTRY/$IMAGE_NAME:latest" + podman tag "$NEXUS_REGISTRY/$IMAGE_NAME:$VERSION" "$NEXUS_REGISTRY/$IMAGE_NAME:latest" podman push "$REGISTRY/$IMAGE_NAME:latest" + podman push "$NEXUS_REGISTRY/$IMAGE_NAME:latest" fi # env: # REG_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/Dockerfile b/Dockerfile index f54a795..ff48fd1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ FROM quay.io/podman/stable:latest # Adding on the docker alias, docker-compose and other useful stuff RUN dnf install -y podman-docker buildah skopeo docker-compose \ util-linux ansible-core openssh-clients krb5-devel krb5-libs krb5-workstation git jq unzip coreutils \ - helm doctl kubernetes-client + helm doctl kubernetes-client pinentry # Adding some Ansible Key and Timeout setting ENV ANSIBLE_HOST_KEY_CHECKING=False From a48ef79b82411708585bd53180f3b172b3a8dcc7 Mon Sep 17 00:00:00 2001 From: James Jones Date: Tue, 6 Dec 2022 19:33:30 -0500 Subject: [PATCH 2/7] Adding on home registry --- .github/workflows/build.yml | 64 ++++++++++++++++++++++++++----------- 1 file changed, 46 insertions(+), 18 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 55c7f99..a194262 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -26,8 +26,16 @@ jobs: options: --userns=keep-id --privileged --user root strategy: fail-fast: false + max-parallel: 2 matrix: - language: [ 'python' ] + registry: [ 'ghcr.io', 'nexus.jamjon3.sytes.net:5443' ] + include: + - registry: ghcr.io + user: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - registry: nexus.jamjon3.sytes.net:5443 + user: ${{ secrets.HOME_NEXUS_DOCKER_USER }} + password: ${{ secrets.HOME_NEXUS_DOCKER_PASSWORD }} steps: # Downloads a copy of the code in your repository before running CI tests @@ -39,15 +47,21 @@ jobs: - name: Docker Login uses: azure/docker-login@v1 with: - login-server: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Docker Login - uses: azure/docker-login@v1 - with: - login-server: ${{ env.NEXUS_REGISTRY }} - username: ${{ secrets.HOME_NEXUS_DOCKER_USER }} - password: ${{ secrets.HOME_NEXUS_DOCKER_PASSWORD }} + login-server: ${{ matrix.registry }} + username: ${{ matrix.user }} + password: ${{ matrix.password }} + # - name: Docker Login + # uses: azure/docker-login@v1 + # with: + # login-server: ${{ env.REGISTRY }} + # username: ${{ github.actor }} + # password: ${{ secrets.GITHUB_TOKEN }} + # - name: Docker Login + # uses: azure/docker-login@v1 + # with: + # login-server: ${{ env.NEXUS_REGISTRY }} + # username: ${{ secrets.HOME_NEXUS_DOCKER_USER }} + # password: ${{ secrets.HOME_NEXUS_DOCKER_PASSWORD }} # This requires docker buildx which podman doesn't support # - name: Extract metadata (tags, labels) for Docker # id: meta @@ -69,16 +83,30 @@ jobs: else VERSION=$(echo "${GITHUB_REF_NAME}" | sed 's|/|-|g') fi - podman build . --file Dockerfile --tag "$REGISTRY/$IMAGE_NAME:$VERSION" - podman tag "$REGISTRY/$IMAGE_NAME:$VERSION" "$NEXUS_REGISTRY/$IMAGE_NAME:$VERSION" - podman push "$REGISTRY/$IMAGE_NAME:$VERSION" - podman push "$NEXUS_REGISTRY/$IMAGE_NAME:$VERSION" + podman build . --file Dockerfile --tag "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" + podman push "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" if [[ "$GITHUB_REF" =~ ^refs/tags.* ]]; then - podman tag "$REGISTRY/$IMAGE_NAME:$VERSION" "$REGISTRY/$IMAGE_NAME:latest" - podman tag "$NEXUS_REGISTRY/$IMAGE_NAME:$VERSION" "$NEXUS_REGISTRY/$IMAGE_NAME:latest" - podman push "$REGISTRY/$IMAGE_NAME:latest" - podman push "$NEXUS_REGISTRY/$IMAGE_NAME:latest" + podman tag "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" "${{ matrix.registry }}/$IMAGE_NAME:latest" + podman push "${{ matrix.registry }}/$IMAGE_NAME:latest" fi + # - name: Build the Docker image + # run: | + # IMAGE_NAME=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]') + # if [[ "$GITHUB_REF" =~ ^refs/tags.* ]]; then + # VERSION=$GITHUB_REF_NAME + # else + # VERSION=$(echo "${GITHUB_REF_NAME}" | sed 's|/|-|g') + # fi + # podman build . --file Dockerfile --tag "$REGISTRY/$IMAGE_NAME:$VERSION" + # podman tag "$REGISTRY/$IMAGE_NAME:$VERSION" "$NEXUS_REGISTRY/$IMAGE_NAME:$VERSION" + # podman push "$REGISTRY/$IMAGE_NAME:$VERSION" + # podman push "$NEXUS_REGISTRY/$IMAGE_NAME:$VERSION" + # if [[ "$GITHUB_REF" =~ ^refs/tags.* ]]; then + # podman tag "$REGISTRY/$IMAGE_NAME:$VERSION" "$REGISTRY/$IMAGE_NAME:latest" + # podman tag "$NEXUS_REGISTRY/$IMAGE_NAME:$VERSION" "$NEXUS_REGISTRY/$IMAGE_NAME:latest" + # podman push "$REGISTRY/$IMAGE_NAME:latest" + # podman push "$NEXUS_REGISTRY/$IMAGE_NAME:latest" + # fi # env: # REG_TOKEN: ${{ secrets.GITHUB_TOKEN }} # # REG_TOKEN: ${{ secrets.REPO_GITHUB_TOKEN }} From 985573e5d1d0661ddc6057eccc528ba00eecabeb Mon Sep 17 00:00:00 2001 From: James Jones Date: Tue, 6 Dec 2022 19:51:21 -0500 Subject: [PATCH 3/7] Adding on home registry --- .github/workflows/build.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a194262..7ae56d2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -17,6 +17,8 @@ on: env: REGISTRY: ghcr.io NEXUS_REGISTRY: nexus.jamjon3.sytes.net:5443 + GITHUB_DOCKER_USER: ${{ github.actor }} + NEXUS_DOCKER_USER: ${{ secrets.HOME_NEXUS_DOCKER_USER }} jobs: build-and-push: @@ -31,11 +33,11 @@ jobs: registry: [ 'ghcr.io', 'nexus.jamjon3.sytes.net:5443' ] include: - registry: ghcr.io - user: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + user: GITHUB_DOCKER_USER + password: GITHUB_TOKEN - registry: nexus.jamjon3.sytes.net:5443 - user: ${{ secrets.HOME_NEXUS_DOCKER_USER }} - password: ${{ secrets.HOME_NEXUS_DOCKER_PASSWORD }} + user: NEXUS_DOCKER_USER + password: HOME_NEXUS_DOCKER_PASSWORD steps: # Downloads a copy of the code in your repository before running CI tests @@ -48,8 +50,8 @@ jobs: uses: azure/docker-login@v1 with: login-server: ${{ matrix.registry }} - username: ${{ matrix.user }} - password: ${{ matrix.password }} + username: ${{ env[matrix.user] }} + password: ${{ secrets[matrix.password] }} # - name: Docker Login # uses: azure/docker-login@v1 # with: From 996d95cd6652fae24343dec5c3a5107f42d3fd85 Mon Sep 17 00:00:00 2001 From: James Jones Date: Tue, 6 Dec 2022 20:27:23 -0500 Subject: [PATCH 4/7] Adding on home registry --- .github/workflows/build.yml | 38 +------------------------------------ 1 file changed, 1 insertion(+), 37 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7ae56d2..42921ff 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -15,8 +15,6 @@ on: - develop env: - REGISTRY: ghcr.io - NEXUS_REGISTRY: nexus.jamjon3.sytes.net:5443 GITHUB_DOCKER_USER: ${{ github.actor }} NEXUS_DOCKER_USER: ${{ secrets.HOME_NEXUS_DOCKER_USER }} @@ -38,7 +36,6 @@ jobs: - registry: nexus.jamjon3.sytes.net:5443 user: NEXUS_DOCKER_USER password: HOME_NEXUS_DOCKER_PASSWORD - steps: # Downloads a copy of the code in your repository before running CI tests - name: Check out repository code @@ -52,24 +49,12 @@ jobs: login-server: ${{ matrix.registry }} username: ${{ env[matrix.user] }} password: ${{ secrets[matrix.password] }} - # - name: Docker Login - # uses: azure/docker-login@v1 - # with: - # login-server: ${{ env.REGISTRY }} - # username: ${{ github.actor }} - # password: ${{ secrets.GITHUB_TOKEN }} - # - name: Docker Login - # uses: azure/docker-login@v1 - # with: - # login-server: ${{ env.NEXUS_REGISTRY }} - # username: ${{ secrets.HOME_NEXUS_DOCKER_USER }} - # password: ${{ secrets.HOME_NEXUS_DOCKER_PASSWORD }} # This requires docker buildx which podman doesn't support # - name: Extract metadata (tags, labels) for Docker # id: meta # uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 # with: - # images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + # images: ${{ matrix.registry }}/${{ env.IMAGE_NAME }} # - name: Build and push Docker images # uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc # with: @@ -91,24 +76,3 @@ jobs: podman tag "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" "${{ matrix.registry }}/$IMAGE_NAME:latest" podman push "${{ matrix.registry }}/$IMAGE_NAME:latest" fi - # - name: Build the Docker image - # run: | - # IMAGE_NAME=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]') - # if [[ "$GITHUB_REF" =~ ^refs/tags.* ]]; then - # VERSION=$GITHUB_REF_NAME - # else - # VERSION=$(echo "${GITHUB_REF_NAME}" | sed 's|/|-|g') - # fi - # podman build . --file Dockerfile --tag "$REGISTRY/$IMAGE_NAME:$VERSION" - # podman tag "$REGISTRY/$IMAGE_NAME:$VERSION" "$NEXUS_REGISTRY/$IMAGE_NAME:$VERSION" - # podman push "$REGISTRY/$IMAGE_NAME:$VERSION" - # podman push "$NEXUS_REGISTRY/$IMAGE_NAME:$VERSION" - # if [[ "$GITHUB_REF" =~ ^refs/tags.* ]]; then - # podman tag "$REGISTRY/$IMAGE_NAME:$VERSION" "$REGISTRY/$IMAGE_NAME:latest" - # podman tag "$NEXUS_REGISTRY/$IMAGE_NAME:$VERSION" "$NEXUS_REGISTRY/$IMAGE_NAME:latest" - # podman push "$REGISTRY/$IMAGE_NAME:latest" - # podman push "$NEXUS_REGISTRY/$IMAGE_NAME:latest" - # fi - # env: - # REG_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # # REG_TOKEN: ${{ secrets.REPO_GITHUB_TOKEN }} From 19a496b5c66e59040fb2c5e777973f153e5036a3 Mon Sep 17 00:00:00 2001 From: James Jones Date: Wed, 7 Dec 2022 06:02:02 -0500 Subject: [PATCH 5/7] Updating the README before release --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index e4441a3..5b7b4c8 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,12 @@ Note: The `build-push` action doesn't work with 'podman' (commented out in the p docker pull ghcr.io/jamesjonesconsulting/podman-dind-like:latest ``` +### Why is there a second container in the matrix? + +The matrix defined in the pipeline pushes the public container (as described above), but also publishes a private container to my instance of Nexus +Repository for my home lab usage. Having this container 'local' to my home lab saves bandwidth and accellerates my use cases. In addition, it's an +example of the usage of the 'matrix' feature in a repository I have public so others may benefit from seeing the pattern in use. + ## Notes on GitLab This job also runs on a self-hosted gitlab agent with the following in the `/etc/gitlab-runner/config.toml` file so this is also compatible with From 67b127bb4c32386467a0799bc44abc3189838ef9 Mon Sep 17 00:00:00 2001 From: James Jones Date: Wed, 7 Dec 2022 06:39:16 -0500 Subject: [PATCH 6/7] Adding on some additional build container dependencies --- Dockerfile | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ff48fd1..cffbb2d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,13 +3,24 @@ FROM quay.io/podman/stable:latest # Adding on the docker alias, docker-compose and other useful stuff RUN dnf install -y podman-docker buildah skopeo docker-compose \ util-linux ansible-core openssh-clients krb5-devel krb5-libs krb5-workstation git jq unzip coreutils \ - helm doctl kubernetes-client pinentry + helm doctl kubernetes-client origin-clients gnupg2 pinentry + +# Adding the Azure CLI +RUN rpm --import https://packages.microsoft.com/keys/microsoft.asc \ + && dnf install -y https://packages.microsoft.com/config/rhel/9.0/packages-microsoft-prod.rpm \ + && dnf install -y azure-cli # Adding some Ansible Key and Timeout setting ENV ANSIBLE_HOST_KEY_CHECKING=False ENV ANSIBLE_TIMEOUT=60 RUN printf "\nStrictHostKeyChecking no\n" >> /etc/ssh/ssh_config +ENV GPG_TTY /dev/console +# Adding RPM build tools along with FPM +RUN dnf install -y rpm-build rpm-sign rubygems ruby-devel gcc gcc-c++ make libffi-devel + +RUN gem install ffi \ + && gem install fpm # Remove the Emulate Docker CLI using podman messages RUN touch /etc/containers/nodocker \ No newline at end of file From 8c9891eebbe0c5c7c5b45ece4e149571a7058c19 Mon Sep 17 00:00:00 2001 From: James Jones Date: Wed, 7 Dec 2022 06:47:24 -0500 Subject: [PATCH 7/7] Adding on some additional build container dependencies --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index cffbb2d..2776dbf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ FROM quay.io/podman/stable:latest # Adding on the docker alias, docker-compose and other useful stuff RUN dnf install -y podman-docker buildah skopeo docker-compose \ util-linux ansible-core openssh-clients krb5-devel krb5-libs krb5-workstation git jq unzip coreutils \ - helm doctl kubernetes-client origin-clients gnupg2 pinentry + helm doctl kubernetes-client gnupg2 pinentry # Adding the Azure CLI RUN rpm --import https://packages.microsoft.com/keys/microsoft.asc \