common/container: move masterdir image building to void-packages

see void-linux/void-docker#11
2023-07-30 01:00:16 -04:00 · 2023-07-30 01:00:16 -04:00 · 76c6e77f35
parent 3b3f383a7c
commit 76c6e77f35
6 changed files with 207 additions and 0 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1,3 @@
+*
+!common/container/
+!common/repo-keys/
--- a/.github/workflows/container.yaml
+++ b/.github/workflows/container.yaml
@ -0,0 +1,98 @@
+---
+name: 'Build buildroot containers'
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - master
+    paths:
+      - common/container/**
+  push:
+    branches:
+      - master
+    paths:
+      - common/container/**
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: write
+
+    strategy:
+      matrix:
+        libc:
+          - glibc
+          - musl
+
+    steps:
+      - name: Checkout
+        uses: classabbyamp/treeless-checkout-action@v1
+
+      - name: Get image release
+        id: release
+        run: |
+          # gets the list of all date-shaped tags for the image, finds the most recent one
+          tag="$(skopeo list-tags "docker://ghcr.io/${{ github.repository_owner }}/void-buildroot-${{ matrix.libc }}" | \
+            jq -r '.Tags | sort | reverse | map(select(test("^[0-9]{8}(R[0-9]+)?$")))[0]')"
+          # tags from a different day or pre-YYYYMMDDRN
+          if [ "${tag%R*}" != "$(date -u +%Y%m%d)" ] || [ "${tag%R*}" = "${tag}" ]; then
+            rel=1
+          else
+            rel=$(( ${tag##*R} + 1 ))
+          fi
+          echo "rel=${rel}" >> "${GITHUB_OUTPUT}"
+
+      - name: Docker metadata
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            ghcr.io/${{ github.repository_owner }}/void-buildroot-${{ matrix.libc }}
+          tags: |
+            type=sha,prefix=
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=raw,value={{date 'YYYYMMDD'}}R${{ steps.release.outputs.rel }},enable={{is_default_branch}},priority=1000
+          flavor: latest=false
+          labels: |
+            org.opencontainers.image.authors=Void Linux team and contributors
+            org.opencontainers.image.url=https://voidlinux.org
+            org.opencontainers.image.documentation=https://github.com/${{ github.repository }}
+            org.opencontainers.image.source=https://github.com/${{ github.repository }}
+            org.opencontainers.image.vendor=Void Linux
+            org.opencontainers.image.title=Void Linux build root
+            org.opencontainers.image.description=Image for building packages with xbps-src on Void Linux
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to GCHR
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push images
+        id: build_and_push
+        uses: docker/bake-action@v3
+        with:
+          push: ${{ github.event_name != 'pull_request' }}
+          targets: void-buildroot-${{ matrix.libc }}
+          files: |
+            common/container/docker-bake.hcl
+            ${{ steps.meta.outputs.bake-file }}
+          set: |
+            _common.cache-to=type=gha
+            _common.cache-from=type=gha
--- a/common/container/Containerfile
+++ b/common/container/Containerfile
@ -0,0 +1,35 @@
+# syntax=docker/dockerfile:1
+FROM --platform=${BUILDPLATFORM} alpine:3.18 AS bootstrap
+ARG TARGETPLATFORM
+ARG MIRROR=https://repo-ci.voidlinux.org
+ARG LIBC
+RUN apk add ca-certificates curl && \
+  curl "${MIRROR}/static/xbps-static-static-0.59_5.$(uname -m)-musl.tar.xz" | tar vJx
+COPY common/repo-keys/* /target/var/db/xbps/keys/
+COPY common/container/setup.sh /bootstrap/setup.sh
+RUN --mount=type=cache,sharing=locked,target=/target/var/cache/xbps,id=repocache-${LIBC} \
+  . /bootstrap/setup.sh; \
+  XBPS_TARGET_ARCH=${ARCH} xbps-install -S \
+    -R "${REPO}" -R "${REPO}/bootstrap" \
+    -r /target
+
+FROM --platform=${BUILDPLATFORM} bootstrap AS install
+ARG TARGETPLATFORM
+ARG MIRROR
+ARG LIBC
+COPY --from=bootstrap /target /target
+COPY common/container/noextract.conf /target/etc/xbps.d/noextract.conf
+RUN --mount=type=cache,sharing=locked,target=/target/var/cache/xbps,id=repocache-${LIBC} \
+  . /bootstrap/setup.sh; \
+  XBPS_TARGET_ARCH=${ARCH} xbps-install -y \
+    -R "${REPO}" -R "${REPO}/bootstrap" \
+    -r /target \
+    base-chroot void-repo-bootstrap
+
+FROM scratch AS image
+COPY --link --from=install /target /
+RUN \
+  install -dm1777 tmp; \
+  xbps-reconfigure -fa; \
+  rm -rf /var/cache/xbps/*
+CMD ["/bin/sh"]
--- a/common/container/docker-bake.hcl
+++ b/common/container/docker-bake.hcl
@ -0,0 +1,29 @@
+variable "MIRROR" {
+  default = "https://repo-ci.voidlinux.org/"
+}
+
+target "docker-metadata-action" {}
+
+target "_common" {
+  inherits = ["docker-metadata-action"]
+  dockerfile = "common/container/Containerfile"
+  no-cache-filter = ["bootstrap"]
+  cache-to = ["type=local,dest=/tmp/buildx-cache"]
+  cache-from = ["type=local,src=/tmp/buildx-cache"]
+  target = "image"
+  args = {
+    "MIRROR" = "${MIRROR}"
+  }
+}
+
+target "void-buildroot-glibc" {
+  inherits = ["_common"]
+  platforms = ["linux/amd64", "linux/386", "linux/arm64", "linux/arm/v7", "linux/arm/v6"]
+  args = { "LIBC" = "glibc" }
+}
+
+target "void-buildroot-musl" {
+  inherits = ["_common"]
+  platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"]
+  args = { "LIBC" = "musl" }
+}
--- a/common/container/noextract.conf
+++ b/common/container/noextract.conf
@ -0,0 +1,13 @@
+noextract=/etc/sv*
+noextract=/usr/share/man*
+noextract=/usr/lib/dracut*
+noextract=/etc/skel*
+noextract=/usr/lib/modprobe.d*
+noextract=/usr/lib/sysctl.d*
+noextract=/usr/lib/udev*
+noextract=/usr/share/bash-completion*
+noextract=/usr/share/fish/vendor-completions.d*
+noextract=/usr/share/zsh/site-functions*
+noextract=/usr/share/info*
+noextract=/usr/share/locale*
+noextract=/usr/lib/gconv*
--- a/common/container/setup.sh
+++ b/common/container/setup.sh
@ -0,0 +1,29 @@
+#!/bin/sh
+
+: "${MIRROR:=https://repo-default.voidlinux.org/}"
+
+suffix() {
+	case "${LIBC:?}" in
+	musl) echo "-musl" ;;
+	esac
+}
+
+repo() {
+	case "${ARCH:?}" in
+	aarch64*) echo "${MIRROR}/current/aarch64" ;;
+	*-musl)   echo "${MIRROR}/current/musl"    ;;
+	*)        echo "${MIRROR}/current"         ;;
+	esac
+}
+
+case "${TARGETPLATFORM:?}" in
+linux/arm/v6) ARCH="armv6l$(suffix)"  ;;
+linux/arm/v7) ARCH="armv7l$(suffix)"  ;;
+linux/arm64)  ARCH="aarch64$(suffix)" ;;
+linux/amd64)  ARCH="x86_64$(suffix)"  ;;
+linux/386)    ARCH="i686$(suffix)"    ;;
+esac
+
+REPO="$(repo)"
+
+export ARCH REPO