goose.art / honkbot-2
Return of honkbot, in Rust. Hopefully it won't die all the time.
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

ci: use crane for simple image build, no container runtime needed

goose.art 43143992 b6a2380c

+18 -97
+18 -97
.tangled/workflows/build.yaml
··· 11 11 - gcc 12 12 - cacert 13 13 - skopeo 14 + - crane 14 15 15 16 environment: 16 17 APP_PASSWORD: "${{ secrets.APP_PASSWORD }}" ··· 23 24 command: | 24 25 cargo build --release 25 26 26 - - name: "build and push container image" 27 + - name: "push container image" 27 28 command: | 28 29 set -e 29 30 30 - # We'll construct a single-layer OCI image manually and push with skopeo 31 - 32 - WORKDIR=$(mktemp -d) 33 - mkdir -p $WORKDIR/rootfs/usr/local/bin 34 - mkdir -p $WORKDIR/rootfs/app/fallback_images 35 - mkdir -p $WORKDIR/rootfs/etc/ssl/certs 36 - 37 - # Copy binary and fallback images into rootfs 38 - cp target/release/honkbot $WORKDIR/rootfs/usr/local/bin/ 39 - cp -r fallback_images/* $WORKDIR/rootfs/app/fallback_images/ 40 - 41 - # Copy CA certs so TLS works 42 - cp /etc/ssl/certs/ca-certificates.crt $WORKDIR/rootfs/etc/ssl/certs/ 2>/dev/null \ 43 - || cp /etc/ssl/certs/ca-bundle.crt $WORKDIR/rootfs/etc/ssl/certs/ca-certificates.crt 2>/dev/null \ 44 - || true 45 - 46 - # Create the layer tarball 47 - cd $WORKDIR/rootfs 48 - tar czf $WORKDIR/layer.tar.gz . 49 - cd - 50 - 51 - LAYER_DIGEST=$(sha256sum $WORKDIR/layer.tar.gz | cut -d' ' -f1) 52 - LAYER_SIZE=$(stat -c%s $WORKDIR/layer.tar.gz) 53 - 54 - # Build OCI image layout 55 - OCI=$WORKDIR/oci 56 - mkdir -p $OCI/blobs/sha256 57 - 58 - cp $WORKDIR/layer.tar.gz $OCI/blobs/sha256/$LAYER_DIGEST 59 - 60 - # Config 61 - cat > $WORKDIR/config.json <<EOF 62 - { 63 - "architecture": "amd64", 64 - "os": "linux", 65 - "config": { 66 - "Env": ["FALLBACK_IMAGE_DIR=/app/fallback_images", "RUST_LOG=info", "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt"], 67 - "WorkingDir": "/app", 68 - "Entrypoint": ["/usr/local/bin/honkbot"] 69 - }, 70 - "rootfs": { 71 - "type": "layers", 72 - "diff_ids": ["sha256:$LAYER_DIGEST"] 73 - } 74 - } 75 - EOF 76 - 77 - CONFIG_DIGEST=$(sha256sum $WORKDIR/config.json | cut -d' ' -f1) 78 - CONFIG_SIZE=$(stat -c%s $WORKDIR/config.json) 79 - cp $WORKDIR/config.json $OCI/blobs/sha256/$CONFIG_DIGEST 80 - 81 - # Manifest 82 - cat > $WORKDIR/manifest.json <<EOF 83 - { 84 - "schemaVersion": 2, 85 - "mediaType": "application/vnd.oci.image.manifest.v1+json", 86 - "config": { 87 - "mediaType": "application/vnd.oci.image.config.v1+json", 88 - "digest": "sha256:$CONFIG_DIGEST", 89 - "size": $CONFIG_SIZE 90 - }, 91 - "layers": [ 92 - { 93 - "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", 94 - "digest": "sha256:$LAYER_DIGEST", 95 - "size": $LAYER_SIZE 96 - } 97 - ] 98 - } 99 - EOF 100 - 101 - MANIFEST_DIGEST=$(sha256sum $WORKDIR/manifest.json | cut -d' ' -f1) 102 - MANIFEST_SIZE=$(stat -c%s $WORKDIR/manifest.json) 103 - cp $WORKDIR/manifest.json $OCI/blobs/sha256/$MANIFEST_DIGEST 104 - 105 - # Index 106 - cat > $OCI/index.json <<EOF 107 - { 108 - "schemaVersion": 2, 109 - "manifests": [ 110 - { 111 - "mediaType": "application/vnd.oci.image.manifest.v1+json", 112 - "digest": "sha256:$MANIFEST_DIGEST", 113 - "size": $MANIFEST_SIZE 114 - } 115 - ] 116 - } 117 - EOF 118 - 119 - echo '{"imageLayoutVersion": "1.0.0"}' > $OCI/oci-layout 120 - 121 - # Push with skopeo 122 - echo "${APP_PASSWORD}" | skopeo login \ 31 + echo "${APP_PASSWORD}" | crane auth login \ 123 32 -u "${IMAGE_USER}" \ 124 33 --password-stdin \ 125 34 ${IMAGE_REGISTRY} 126 35 127 - skopeo copy \ 128 - oci:$OCI \ 129 - docker://${IMAGE_REGISTRY}/${IMAGE_USER}/${IMAGE_NAME}:latest 36 + # Push the binary + fallback images as layers on top of debian:bookworm-slim 37 + # First, create a tarball of our files in the right paths 38 + STAGING=$(mktemp -d) 39 + mkdir -p $STAGING/usr/local/bin 40 + mkdir -p $STAGING/app/fallback_images 41 + cp target/release/honkbot $STAGING/usr/local/bin/ 42 + cp -r fallback_images/* $STAGING/app/fallback_images/ 43 + 44 + tar -C $STAGING -cf layer.tar . 45 + 46 + # Append our layer onto the debian base and push 47 + crane append \ 48 + --base docker.io/debian:bookworm-slim \ 49 + --new_layer layer.tar \ 50 + --new_tag ${IMAGE_REGISTRY}/${IMAGE_USER}/${IMAGE_NAME}:latest