diff --git a/.forgejo/workflows/alpine.yml b/.forgejo/workflows/alpine.yml new file mode 100644 index 0000000..c1a1168 --- /dev/null +++ b/.forgejo/workflows/alpine.yml @@ -0,0 +1,66 @@ +# Workflow name +name: Build and Push Alpine Container + +# Run-name for each workflow run +run-name: Build and Push Alpine Container +on: + push: + branches: + - main + paths: + - 'containers/alpine/**' + - '.forgejo/workflows/alpine.yml' + workflow_dispatch: {} + schedule: + - cron: '0 20 * * 5' # Runs every Friday at 8 PM UTC + +env: + CONTAINER_NAME: alpine + # USER: ${{ github.actor }} + USER: hbms + +jobs: + build-and-push-arch: + runs-on: ${{ matrix.arch }} + strategy: + matrix: + arch: [ amd64, arm64 ] + container: + image: ghcr.io/catthehacker/ubuntu:act-22.04 + steps: + - name: Prepare environment variables + run: | + echo "$HOME/.local/bin" >> "$GITHUB_PATH" + echo REGISTRY=${{ vars.REGISTRY }} >> $GITHUB_ENV + + - name: Checkout the repo + uses: actions/checkout@v4 + + - name: Login to the registry + uses: docker/login-action@v3 + with: + registry: ${{ vars.REGISTRY }} + username: ${{ env.USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + + - name: Build and push + uses: docker/build-push-action@v6 + with: + context: ./containers/alpine/ + file: ./containers/alpine/Dockerfile + push: true + provenance: false + tags: ${{ vars.REGISTRY }}/${{ env.USER }}/${{ env.CONTAINER_NAME }}-${{ matrix.arch }}:latest + + merge-images-via-manifest: + runs-on: amd64 + needs: build-and-push-arch + container: + image: ghcr.io/catthehacker/ubuntu:act-22.04 + steps: + - name: Generate and push multi-arch manifest + run: | + echo REGISTRY=${{ vars.REGISTRY }} >> $GITHUB_ENV + echo ${{ secrets.PACKAGE_TOKEN }} | docker login ${{ vars.REGISTRY }} -u ${USER} --password-stdin + docker manifest create ${{ vars.REGISTRY }}/${USER}/${{ env.CONTAINER_NAME }}:latest ${{ vars.REGISTRY }}/${USER}/${{ env.CONTAINER_NAME }}-amd64:latest ${{ vars.REGISTRY }}/${USER}/${{ env.CONTAINER_NAME }}-arm64:latest + docker manifest push ${{ vars.REGISTRY }}/${USER}/${{ env.CONTAINER_NAME }}:latest diff --git a/.forgejo/workflows/ansible.yml-qemu b/.forgejo/workflows/ansible.yml-qemu deleted file mode 100644 index 347e726..0000000 --- a/.forgejo/workflows/ansible.yml-qemu +++ /dev/null @@ -1,50 +0,0 @@ -# Workflow name -name: Build and Push Ansible Container - -# Run-name for each workflow run -run-name: Build and Push Ansible Container -on: - push: - branches: - - main - paths: - - 'containers/ansible/**' - - '.forgejo/workflows/ansible.yml' - workflow_dispatch: {} - schedule: - - cron: '0 20 * * 5' # Runs every Friday at 8 PM UTC - -env: - CONTAINER_NAME: ansible - # USER: ${{ github.actor }} - USER: hbms - -jobs: - build-and-push: - # runs-on: docker - runs-on: arm64 - container: - image: ghcr.io/catthehacker/ubuntu:act-22.04 - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to Forgejo Container Registry - uses: docker/login-action@v3 - with: - registry: ${{ vars.REGISTRY }} - username: ${{ env.USER }} - password: ${{ secrets.PACKAGE_TOKEN }} - - - name: Build and push - uses: docker/build-push-action@v6 - with: - context: ./containers/ansible/ - file: ./containers/ansible/Dockerfile - push: true - provenance: false - platforms: linux/amd64, linux/arm64 - tags: ${{ vars.REGISTRY }}/${{ env.USER }}/${{ env.CONTAINER_NAME }}:latest diff --git a/.forgejo/workflows/dockerindocker.yml b/.forgejo/workflows/dockerindocker.yml deleted file mode 100644 index b42ed1d..0000000 --- a/.forgejo/workflows/dockerindocker.yml +++ /dev/null @@ -1,80 +0,0 @@ -name: Docker-in-Docker CI/CD Pipeline - -run-name: Build, Push, and Publish Multi-Arch Docker-in-Docker for ${{ github.ref_name }} -on: - push: - branches: - - main - paths: - - 'containers/dockerindocker/**' - - '.forgejo/workflows/dockerindocker.yml' - workflow_dispatch: {} - schedule: - - cron: '0 20 * * 5' - -jobs: - build-and-push: - name: Build and Push Docker-in-Docker Images - strategy: - matrix: - arch: [ amd64, arm64 ] - runs-on: ${{ matrix.arch }} - container: - image: ghcr.io/catthehacker/ubuntu:act-22.04 - steps: - - name: Checkout Source Code - uses: actions/checkout@v4 - - - name: Setup Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Login to Forgejo Container Registry - uses: docker/login-action@v3 - with: - registry: ${{ vars.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.PACKAGE_TOKEN }} - - - name: Build and Push Image for ${{ matrix.arch }} - uses: docker/build-push-action@v6 - with: - context: ./containers/dockerindocker/ - file: ./containers/dockerindocker/Dockerfile - platforms: linux/${{ matrix.arch }} - push: true - tags: ${{ vars.REGISTRY }}/${{ vars.ORGANISATION }}/dockerindocker:${{ matrix.arch }}-latest - cache-from: type=registry,ref=${{ vars.REGISTRY }}/${{ vars.ORGANISATION }}/dockerindocker:buildcache-${{ matrix.arch }} - cache-to: type=registry,ref=${{ vars.REGISTRY }}/${{ vars.ORGANISATION }}/dockerindocker:buildcache-${{ matrix.arch }},mode=max - - create-manifest: - name: Create and Publish Multi-Arch Manifest - needs: build-and-push - runs-on: amd64 - steps: - - name: Wait for Docker Daemon - run: | - i=0 - while ! docker info >/dev/null 2>&1; - do - i=$((i+1)) - if [ $i -ge 15 ]; then - echo "Docker did not start within 15 seconds" - exit 1 - fi - echo "Waiting for Docker to start..." - sleep 1 - done - - - name: Login to Forgejo Container Registry - uses: docker/login-action@v3 - with: - registry: ${{ vars.REGISTRY }} - username: ${{ secrets.CI_REGISTRY_USER }} - password: ${{ secrets.CI_TOKEN }} - - - name: Create and Push Multi-Arch Manifest - run: | - docker manifest create ${{ vars.REGISTRY }}/${{ vars.ORGANISATION }}/dockerindocker:latest \ - --amend ${{ vars.REGISTRY }}/${{ vars.ORGANISATION }}/dockerindocker:amd64-latest \ - --amend ${{ vars.REGISTRY }}/${{ vars.ORGANISATION }}/dockerindocker:arm64-latest - docker manifest push ${{ vars.REGISTRY }}/${{ vars.ORGANISATION }}/dockerindocker:latest diff --git a/.forgejo/workflows/dockerindocker.yml-old b/.forgejo/workflows/dockerindocker.yml-old deleted file mode 100644 index 8de2fef..0000000 --- a/.forgejo/workflows/dockerindocker.yml-old +++ /dev/null @@ -1,132 +0,0 @@ -# Workflow name -name: Build and Push Docker-in-Docker Container - -# Run-name for each workflow run -run-name: Build and Push Docker-in-Docker Container for ${{ github.ref_name }} - -# Triggers for the workflow -on: - # On pushes to the main branch if relevant files change - push: - branches: - - main - paths: - - 'containers/dockerindocker/**' - - '.forgejo/workflows/dockerindocker.yml' - # Allows manual triggering from the Forgejo UI - workflow_dispatch: {} - # Scheduled run every Friday at 8 PM UTC - schedule: - - cron: '0 20 * * 5' - -jobs: - build-and-push: - # Strategy to build for multiple architectures - strategy: - matrix: - arch: [ amd64, arm64 ] - # Use a runner that matches the architecture. - # This assumes you have runners tagged with 'amd64' and 'arm64'. - runs-on: ${{ matrix.arch }} - # Add a Docker-in-Docker service to the job. - # This is necessary to build Docker images. - # The 'privileged' flag is required for the Docker daemon to run. - services: - dind: - image: docker:dind - privileged: true - # Set the DOCKER_HOST environment variable to connect to the dind service. - env: - DOCKER_HOST: tcp://dind:2375 - steps: - # 1. Check out the repository code - - name: Checkout repository - uses: actions/checkout@v4 - - # 2. Wait for the Docker daemon to be ready - - name: Wait for Docker to start - run: | - i=0 - while ! docker info >/dev/null 2>&1; do - i=$((i+1)) - if [ $i -ge 15 ]; then - echo "Docker did not start within 15 seconds" - exit 1 - fi - echo "Waiting for Docker to start..." - sleep 1 - done - - # 3. Set up Docker Buildx for multi-platform builds - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - # 4. Login to the Forgejo container registry - # Requires CI_REGISTRY, CI_REGISTRY_USER, and CI_TOKEN secrets to be set in Forgejo. - - name: Login to Forgejo Registry - uses: docker/login-action@v3 - with: - registry: ${{ secrets.CI_REGISTRY }} - username: ${{ secrets.CI_REGISTRY_USER }} - password: ${{ secrets.CI_TOKEN }} - - # 5. Build and push the Docker image for the specific architecture - - name: Build and push (${{ matrix.arch }}) - uses: docker/build-push-action@v5 - with: - context: ./containers/dockerindocker/ - file: ./containers/dockerindocker/Dockerfile - platforms: linux/${{ matrix.arch }} - push: true - tags: | - ${{ secrets.CI_REGISTRY }}/${{ secrets.CI_REPOSITORY }}/dockerindocker:${{ matrix.arch }}-latest - # Enable caching to speed up subsequent builds - cache-from: type=registry,ref=${{ secrets.CI_REGISTRY }}/${{ secrets.CI_REPOSITORY }}/dockerindocker:buildcache-${{ matrix.arch }} - cache-to: type=registry,ref=${{ secrets.CI_REGISTRY }}/${{ secrets.CI_REPOSITORY }}/dockerindocker:buildcache-${{ matrix.arch }},mode=max - - # This job runs after all 'build-and-push' jobs have succeeded - create-manifest: - needs: build-and-push - # A standard runner is sufficient for creating a manifest - runs-on: amd64 - # Add a Docker-in-Docker service to the job. - # This is necessary to create the manifest. - # The 'privileged' flag is required for the Docker daemon to run. - services: - dind: - image: docker:dind - privileged: true - # Set the DOCKER_HOST environment variable to connect to the dind service. - env: - DOCKER_HOST: tcp://dind:2375 - steps: - # 1. Wait for the Docker daemon to be ready - - name: Wait for Docker to start - run: | - i=0 - while ! docker info >/dev/null 2>&1; do - i=$((i+1)) - if [ $i -ge 15 ]; then - echo "Docker did not start within 15 seconds" - exit 1 - fi - echo "Waiting for Docker to start..." - sleep 1 - done - - # 2. Login to the Forgejo container registry again - - name: Login to Forgejo Registry - uses: docker/login-action@v3 - with: - registry: ${{ secrets.CI_REGISTRY }} - username: ${{ secrets.CI_REGISTRY_USER }} - password: ${{ secrets.CI_TOKEN }} - - # 3. Create and push the multi-arch manifest - # This combines the amd64 and arm64 images under a single 'latest' tag. - - name: Create and push multi-arch manifest - run: | - docker manifest create ${{ secrets.CI_REGISTRY }}/${{ secrets.CI_REPOSITORY }}/dockerindocker:latest \ - --amend ${{ secrets.CI_REGISTRY }}/${{ secrets.CI_REPOSITORY }}/dockerindocker:amd64-latest \ - --amend ${{ secrets.CI_REGISTRY }}/${{ secrets.CI_REPOSITORY }}/dockerindocker:arm64-latest - docker manifest push ${{ secrets.CI_REGISTRY }}/${{ secrets.CI_REPOSITORY }}/dockerindocker:latest diff --git a/containers/alpine/Dockerfile b/containers/alpine/Dockerfile new file mode 100644 index 0000000..30911ee --- /dev/null +++ b/containers/alpine/Dockerfile @@ -0,0 +1,40 @@ +FROM alpine:edge + +RUN apk upgrade --no-cache +RUN apk add --no-cache \ + bash \ + ca-certificates \ + curl \ + git \ + ip6tables \ + iptables \ + iproute2 \ + openrc \ + openssh-client \ + openssh-server \ + sudo \ + tailscale + +RUN sed -i 's/^#rc_sys=""/rc_sys="lxc"/' /etc/rc.conf +RUN mkdir -p /run/openrc +RUN touch /run/openrc/softlevel +RUN rc-update add sshd default +RUN rc-update add tailscaled default +RUN ssh-keygen -A + +RUN mkdir -p /root/.ssh && \ + printf 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFdTFM5ZbGytRp8orRu4cK+kLcQdPFVKqaN0iNVlp2p slothington\n' >> /root/.ssh/authorized_keys && \ + printf 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPfTPAUFhNV2O032ZsmKTFuNZgQtWhMPYlHqcKycAG8 forgejo-hbms\n' >> /root/.ssh/authorized_keys && + chmod 600 /root/.ssh/authorized_keys && \ + chmod 700 /root/.ssh + +RUN printf 'root ALL=(ALL) NOPASSWD:ALL\n' > /etc/sudoers.d/00-root-nopasswd && \ + chmod 0440 /etc/sudoers.d/00-root-nopasswd + +EXPOSE 22 + +CMD ["/sbin/init"] + + + + diff --git a/containers/docker/Dockerfile b/containers/docker/Dockerfile new file mode 100644 index 0000000..63d0b39 --- /dev/null +++ b/containers/docker/Dockerfile @@ -0,0 +1 @@ +FROM node:current-slim diff --git a/containers/dockerindocker/Dockerfile b/containers/dockerindocker/Dockerfile deleted file mode 100644 index 97e3353..0000000 --- a/containers/dockerindocker/Dockerfile +++ /dev/null @@ -1,7 +0,0 @@ -FROM alpine:edge - -RUN apk --no-cache add docker docker-compose openssh-client ansible nodejs npm - -WORKDIR /app - -CMD [ "dockerd" ]