chore(container): add container image

Author: root

.woodpecker/build-binary.yml

@@ -0,0 +1,51 @@
+labels:
+  type: exec
+  platform: linux/amd64
+
+steps:
+- name: build-binary
+  image: bash
+  commands:
+  - sed -i "s#canary#$CI_COMMIT_TAG#g" version/version.go
+  - VERSION=$CI_COMMIT_TAG make build-binary
+  environment:
+    CODENAME:
+      from_secret: codename
+    DEV_REGISTRY:
+      from_secret: dev_registry
+    DRYCC_REGISTRY:
+      from_secret: drycc_registry
+    CONTAINER_USERNAME:
+      from_secret: container_username
+    CONTAINER_PASSWORD:
+      from_secret: container_password
+  when:
+    event:
+    - push
+    - tag
+
+- name: publish-binary
+  image: bash
+  commands:
+  - podman run --rm
+      -e DRONE_BUILD_EVENT=tag
+      -e DRONE_REPO_OWNER="$CI_REPO_OWNER"
+      -e DRONE_REPO_NAME="$CI_REPO_NAME"
+      -e PLUGIN_API_KEY="$GITHUB_TOKEN"
+      -e PLUGIN_BASE_URL="https://api.github.com/"
+      -e PLUGIN_UPLOAD_URL="https://uploads.github.com/"
+      -e DRONE_COMMIT_REF="refs/tags/$CI_COMMIT_TAG"
+      -e PLUGIN_OVERWRITE="true"
+      -e PLUGIN_FILES="_dist/*"
+      -v $(pwd):$(pwd)
+      -w $(pwd)
+      docker.io/plugins/github-release
+  environment:
+    GITHUB_TOKEN:
+      from_secret: github_token
+  when:
+    event:
+    - tag
+
+depends_on:
+- test-linux

.woodpecker/build-linux.yml

@@ -1,13 +1,19 @@
+matrix:
+  platform:
+    - linux/amd64
+    - linux/arm64
+
 labels:
   type: exec
-  platform: linux/amd64
+  platform: ${platform}
 
 steps:
-- name: build-linux
+- name: publish-linux
   image: bash
   commands:
-  - sed -i "s#canary#$CI_COMMIT_TAG#g" version/version.go
-  - VERSION=$CI_COMMIT_TAG make build
+  - export VERSION=$([ -z $CI_COMMIT_TAG ] && echo latest || echo $CI_COMMIT_TAG)-$(sed 's#/#-#g' <<< $CI_SYSTEM_PLATFORM)
+  - echo $CONTAINER_PASSWORD | podman login $DRYCC_REGISTRY --username $CONTAINER_USERNAME --password-stdin > /dev/null 2>&1
+  - make podman-build podman-immutable-push
   environment:
     CODENAME:
       from_secret: codename
@@ -23,29 +29,7 @@ steps:
     event:
     - push
     - tag
-
-- name: publish-linux
-  image: bash
-  commands:
-  - podman run --rm
-      -e DRONE_BUILD_EVENT=tag
-      -e DRONE_REPO_OWNER="$CI_REPO_OWNER"
-      -e DRONE_REPO_NAME="$CI_REPO_NAME"
-      -e PLUGIN_API_KEY="$GITHUB_TOKEN"
-      -e PLUGIN_BASE_URL="https://api.github.com/"
-      -e PLUGIN_UPLOAD_URL="https://uploads.github.com/"
-      -e DRONE_COMMIT_REF="refs/tags/$CI_COMMIT_TAG"
-      -e PLUGIN_OVERWRITE="true"
-      -e PLUGIN_FILES="_dist/*"
-      -v $(pwd):$(pwd)
-      -w $(pwd)
-      docker.io/plugins/github-release
-  environment:
-    GITHUB_TOKEN:
-      from_secret: github_token
-  when:
-    event:
-    - tag
+    - cron
 
 depends_on:
-- test-linux
+- test-linux

.woodpecker/manifest.tmpl

@@ -0,0 +1,18 @@
+image: registry.drycc.cc/drycc/{{project}}:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}canary{{/if}}
+{{#if build.tags}}
+tags:
+{{#each build.tags}}
+  - {{this}}
+{{/each}}
+{{/if}}
+manifests:
+  -
+    image: registry.drycc.cc/drycc/{{project}}:{{#if build.tag}}{{build.tag}}-{{else}}latest-{{/if}}linux-amd64
+    platform:
+      architecture: amd64
+      os: linux
+  -
+    image: registry.drycc.cc/drycc/{{project}}:{{#if build.tag}}{{build.tag}}-{{else}}latest-{{/if}}linux-arm64
+    platform:
+      architecture: arm64
+      os: linux

.woodpecker/manifest.yml

@@ -0,0 +1,43 @@
+labels:
+  type: exec
+  platform: linux/amd64
+
+steps:
+- name: generate-manifest
+  image: bash
+  commands:
+  - sed -i "s/{{project}}/$${CI_REPO_NAME}/g" .woodpecker/manifest.tmpl
+  - sed -i "s/registry.drycc.cc/$${DRYCC_REGISTRY}/g" .woodpecker/manifest.tmpl
+  environment:
+    DRYCC_REGISTRY:
+      from_secret: drycc_registry
+  when:
+    event:
+    - tag
+    - push
+    - cron
+
+- name: publish-manifest
+  image: bash
+  commands:
+  - podman run --rm
+    -e PLUGIN_SPEC=.woodpecker/manifest.tmpl
+    -e PLUGIN_USERNAME=$CONTAINER_USERNAME
+    -e PLUGIN_PASSWORD=$CONTAINER_PASSWORD
+    -e DRONE_TAG=$CI_COMMIT_TAG
+    -v $(pwd):$(pwd)
+    -w $(pwd)
+    docker.io/plugins/manifest
+  environment:
+    CONTAINER_USERNAME:
+      from_secret: container_username
+    CONTAINER_PASSWORD:
+      from_secret: container_password
+  when:
+    event:
+    - tag
+    - push
+    - cron
+
+depends_on:
+- build-linux

Makefile

@@ -1,4 +1,8 @@
-# the filepath to this repository, relative to $GOPATH/src
+SHORT_NAME ?= workflow-cli
+DRYCC_REGISTRY ?= ${DEV_REGISTRY}
+
+include versioning.mk
+
 VERSION ?= canary
 REPO_PATH := github.com/drycc/workflow-cli
 DEV_ENV_IMAGE := ${DEV_REGISTRY}/drycc/go-dev
@@ -12,15 +16,19 @@ bootstrap:
 	${DEV_ENV_CMD} go mod vendor
 
 # This is supposed to be run within a container
-build:
+build-binary:
 	${DEV_ENV_CMD} scripts/update-translations.sh -g
 	${DEV_ENV_CMD} scripts/build ${VERSION}
 
+podman-build:
+	podman build . --build-arg VERSION=${VERSION} --build-arg CODENAME=${CODENAME} -f docker/Dockerfile -t ${IMAGE}
+	podman tag ${IMAGE} ${MUTABLE_IMAGE}
+
 test-style:
 	${DEV_ENV_CMD} lint
 
 test-cover:
 	${DEV_ENV_CMD} test-cover.sh
 
-test: build test-style test-cover
+test: build-binary test-style test-cover
 	${DEV_ENV_CMD} go test -race -cover -coverprofile=coverage.txt -covermode=atomic ./...

docker/Dockerfile

@@ -0,0 +1,45 @@
+ARG VERSION
+ARG CODENAME
+
+FROM registry.drycc.cc/drycc/go-dev:latest AS build
+ADD . /workspace
+RUN export GO111MODULE=on \
+  && cd /workspace \
+  && sed -i "s#canary#$VERSION#g" version/version.go \
+  && CGO_ENABLED=0 init-stack go build -o /usr/local/bin/drycc drycc.go
+
+FROM registry.drycc.cc/drycc/base:$CODENAME
+
+ENV DRYCC_UID=1001 \
+  DRYCC_GID=1001 \
+  DRYCC_HOME_DIR=/workspace
+
+COPY --from=build /usr/local/bin/drycc /usr/local/bin/drycc
+
+ADD docker/entrypoint.sh /entrypoint.sh
+
+RUN install-packages bash-completion \
+  && groupadd drycc --gid ${DRYCC_GID} \
+  && useradd drycc -u ${DRYCC_UID} -g ${DRYCC_GID} -s /bin/bash -m -d ${DRYCC_HOME_DIR} \
+  && mkdir -p /etc/bash_completion.d \
+  && drycc completion bash > /etc/bash_completion.d/drycc \
+  && chown ${DRYCC_GID}:${DRYCC_UID} /usr/local/bin \
+  && echo 'alias cd="echo \"cd: restricted\"; false"' > ${DRYCC_HOME_DIR}/.bash_aliases \
+  && echo 'alias unalias="echo \"unalias: restricted\"; false"' >> ${DRYCC_HOME_DIR}/.bash_aliases \
+  && ln -s /usr/bin/ls /usr/local/bin/ls \
+  && ln -s /usr/bin/cat /usr/local/bin/cat \
+  && ln -s /usr/bin/sed /usr/local/bin/sed \
+  && ln -s /usr/bin/find /usr/local/bin/find \
+  && ln -s /usr/bin/bash /usr/local/bin/bash \
+  && ln -s /usr/bin/mkdir /usr/local/bin/mkdir \
+  && ln -s /usr/bin/sleep /usr/local/bin/sleep \
+  && ln -s /usr/bin/dircolors /usr/local/bin/dircolors \
+  && ln -s /usr/bin/tini /usr/local/bin/tini \
+  && ln -s /usr/bin/init-stack /usr/local/bin/init-stack
+
+ENTRYPOINT [ "/entrypoint.sh" ] 
+
+ENV PATH=/usr/local/bin
+
+USER ${DRYCC_UID}
+WORKDIR ${DRYCC_HOME_DIR}

docker/entrypoint.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+if [ -n "$DRYCC_USER" ] && [ -n "$DRYCC_TOKEN" ] && [ -n "$DRYCC_ENDPOINT" ]; then
+    mkdir -p ~/.drycc
+    if [ ! -f ~/.drycc/client.json ]; then
+        cat > ~/.drycc/client.json <<EOF
+{
+    "username": "${DRYCC_USER}",
+    "ssl_verify": ${DRYCC_SSL_VERIFY:-true},
+    "controller": "${DRYCC_ENDPOINT}",
+    "token": "${DRYCC_TOKEN}",
+    "response_limit": ${DRYCC_RESPONSE_LIMIT:-0}
+}
+EOF
+    fi
+fi
+
+_main() {
+    if [ "$1" == 'bash' ]; then
+        shift
+        exec bash "$@"
+    else
+        exec drycc "$@"
+    fi
+}
+
+_main "$@"

versioning.mk

@@ -0,0 +1,23 @@
+MUTABLE_VERSION ?= canary
+VERSION ?= git-$(shell git rev-parse --short HEAD)
+IMAGE_PREFIX ?= drycc
+
+IMAGE := ${DRYCC_REGISTRY}/${IMAGE_PREFIX}/${SHORT_NAME}:${VERSION}
+MUTABLE_IMAGE := ${DRYCC_REGISTRY}/${IMAGE_PREFIX}/${SHORT_NAME}:${MUTABLE_VERSION}
+
+info:
+	@echo "Build tag:       ${VERSION}"
+	@echo "Registry:        ${DRYCC_REGISTRY}"
+	@echo "Immutable tag:   ${IMAGE}"
+	@echo "Mutable tag:     ${MUTABLE_IMAGE}"
+
+.PHONY: podman-push
+podman-push: podman-immutable-push podman-mutable-push
+
+.PHONY: podman-immutable-push
+podman-immutable-push:
+	podman push ${IMAGE}
+
+.PHONY: podman-mutable-push
+podman-mutable-push:
+	podman push ${MUTABLE_IMAGE}