ci: implement separate build script and fix YAML file extension for GitLab CI

-51

.gitlab-ci.yaml

··· 1 - default: 2 - image: "${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/docker:27.4.1-cli" 3 - services: 4 - - name: "${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/docker:27.4.1-dind" 5 - alias: docker 6 - before_script: 7 - - docker info 8 - - echo "$CI_REGISTRY_PASSWORD" | docker login $CI_REGISTRY -u $CI_REGISTRY_USER --password-stdin 9 - - echo "$CI_DEPENDENCY_PROXY_PASSWORD" | docker login $CI_DEPENDENCY_PROXY_SERVER -u $CI_DEPENDENCY_PROXY_USER --password-stdin 10 - 11 - variables: 12 - # When you use the dind service, you must instruct Docker to talk with 13 - # the daemon started inside of the service. The daemon is available 14 - # with a network connection instead of the default 15 - # /var/run/docker.sock socket. Docker 19.03 does this automatically 16 - # by setting the DOCKER_HOST in 17 - # https://github.com/docker-library/docker/blob/d45051476babc297257df490d22cbd806f1b11e4/19.03/docker-entrypoint.sh#L23-L29 18 - # 19 - # The 'docker' hostname is the alias of the service container as described at 20 - # https://docs.gitlab.com/ee/ci/services/#accessing-the-services. 21 - # 22 - # Specify to Docker where to create the certificates. Docker 23 - # creates them automatically on boot, and creates 24 - # `/certs/client` to share between the service and job 25 - # container, thanks to volume mount from config.toml 26 - DOCKER_TLS_CERTDIR: "/certs" 27 - # Sync with https://tangled.org/tangled.org/core/releases 28 - KNOT_RELEASE_TAG: v1.11.0-alpha 29 - # Match the Nest UID/GID of RecapTime.dev's shell account 30 - UID: "2897" 31 - GID: "2897" 32 - # build args-based base images to use Dependency Proxy on CI 33 - DEPLOY_IMAGE: "$CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX/alpine:edge" 34 - BUILDER_IMAGE: "$CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX/golang:1.24-alpine" 35 - # enable buildkit 36 - DOCKER_BUILDKIT: "1" 37 - 38 - build: 39 - stage: build 40 - script: 41 - - | 42 - docker build \ 43 - -t $CI_REGISTRY/$CI_PROJECT_PATH:$CI_COMMIT_REF_SLUG \ 44 - -t $CI_REGISTRY/$CI_PROJECT_PATH:latest \ 45 - --build-arg TAG=$KNOT_RELEASE_TAG \ 46 - --build-arg UID=$UID \ 47 - --build-arg GID=$GID \ 48 - --build-arg DEPLOY_IMAGE=$DEPLOY_IMAGE \ 49 - --build-arg BUILDER_IMAGE=$BUILDER_IMAGE . 50 - - docker push $CI_REGISTRY/$CI_PROJECT_PATH:$CI_COMMIT_REF_SLUG 51 - - docker push $CI_REGISTRY/$CI_PROJECT_PATH:latest

+74

.gitlab-ci.yml

··· 1 + spec: 2 + inputs: 3 + repo-url: 4 + type: string 5 + description: "The URL of the Tangled monorepo for cloning during builds." 6 + default: "https://tangled.org/tangled.org/core" 7 + source-ref: 8 + description: "The source branch from the Tangled monorepo to build against. Defaults to latest tagged release." 9 + type: string 10 + default: "v1.11.0-alpha" 11 + build-type: 12 + description: "The type of build to perform (e.g., 'production' for tagged releases, 'nightly' for nightly builds from the main branch and 'weekly' for weekly builds)." 13 + options: ["production", "nightly", "weekly", "merge_request"] 14 + --- 15 + default: 16 + image: "${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/docker:27.4.1-cli" 17 + services: 18 + - name: "${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/docker:27.4.1-dind" 19 + alias: docker 20 + before_script: 21 + - docker info 22 + - echo "$CI_REGISTRY_PASSWORD" | docker login $CI_REGISTRY -u $CI_REGISTRY_USER --password-stdin 23 + - echo "$CI_DEPENDENCY_PROXY_PASSWORD" | docker login $CI_DEPENDENCY_PROXY_SERVER -u $CI_DEPENDENCY_PROXY_USER --password-stdin 24 + 25 + variables: 26 + # When you use the dind service, you must instruct Docker to talk with 27 + # the daemon started inside of the service. The daemon is available 28 + # with a network connection instead of the default 29 + # /var/run/docker.sock socket. Docker 19.03 does this automatically 30 + # by setting the DOCKER_HOST in 31 + # https://github.com/docker-library/docker/blob/d45051476babc297257df490d22cbd806f1b11e4/19.03/docker-entrypoint.sh#L23-L29 32 + # 33 + # The 'docker' hostname is the alias of the service container as described at 34 + # https://docs.gitlab.com/ee/ci/services/#accessing-the-services. 35 + # 36 + # Specify to Docker where to create the certificates. Docker 37 + # creates them automatically on boot, and creates 38 + # `/certs/client` to share between the service and job 39 + # container, thanks to volume mount from config.toml 40 + DOCKER_TLS_CERTDIR: "/certs" 41 + # Sync with https://tangled.org/tangled.org/core/releases 42 + KNOT_RELEASE_TAG: $[[ inputs.source-ref ]] 43 + KNOT_REPO_URL: $[[ inputs.repo-url ]] 44 + BUILD_TYPE: $[[ inputs.build-type ]] 45 + # Match the Nest UID/GID of RecapTime.dev's shell account 46 + UID: "2897" 47 + GID: "2897" 48 + # build args-based base images to use Dependency Proxy on CI 49 + DEPLOY_IMAGE: "$CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX/alpine:edge" 50 + BUILDER_IMAGE: "$CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX/golang:1.24-alpine" 51 + # enable buildkit 52 + DOCKER_BUILDKIT: "1" 53 + # env vars for build/ci-publish-builds 54 + IMAGE_NAME: $CI_REGISTRY/$CI_PROJECT_PATH 55 + DOCKER_BUILD_REPO: https://tangled.org/recaptime.dev/knot-docker-nest 56 + 57 + .build-base: 58 + stage: build 59 + script: 60 + - bin/build "$KNOT_REPO_URL" "$KNOT_RELEASE_TAG" "$BUILD_TYPE" 61 + 62 + build: 63 + extends: .build-base 64 + rules: 65 + - if: $CI_PIPELINE_SOURCE == "push" 66 + - if: $CI_PIPELINE_SOURCE == "schedule" 67 + - if: $CI_PIPELINE_SOURCE == "merge_request_event" 68 + when: never 69 + 70 + build-mr: 71 + extends: .build-base 72 + rules: 73 + - if: $CI_PIPELINE_SOURCE == "merge_request_event" 74 + when: manual

+49

bin/build

··· 1 + #!/usr/bin/env bash 2 + # SPDX-License-Identifier: MIT 3 + 4 + # First, collect metadata from git about the current commit 5 + _COMMIT_SHA_LOCAL=$(git rev-parse HEAD) 6 + _BRANCH_NAME_SLUG_LOCAL=$(git rev-parse --abbrev-ref HEAD | tr / -) 7 + _TIMESTAMP_LOCAL=$(date -u +"%Y%m%d%H%M%S") 8 + 9 + # Then try to get the same info from GitLab CI environment variables, if available 10 + COMMIT_SHA=${CI_COMMIT_SHA:-$_COMMIT_SHA_LOCAL} 11 + BRANCH_NAME_SLUG=${CI_COMMIT_REF_SLUG:-$_BRANCH_NAME_SLUG_LOCAL} 12 + IMAGE_NAME=${IMAGE_NAME:-"$CI_REGISTRY/$CI_PROJECT_PATH"} 13 + KNOT_REPO_URL=${1:-"https://tangled.org/tangled.org/core"} 14 + KNOT_RELEASE_TAG=${2:-"v1.11.0-alpha"} 15 + BUILD_TYPE=${BUILD_TYPE:-"production"} 16 + DOCKER_BUILD_REPO=${DOCKER_BUILD_REPO:-"https://tangled.org/recaptime.dev/knot-docker-nest"} 17 + 18 + echo "Attempting to build $IMAGE_NAME:build-$TIMESTAMP for $BUILD_TYPE" 19 + DOCKER_BUILDKIT=${DOCKER_BUILDKIT:-1} docker build \ 20 + -t "$IMAGE_NAME:build-$TIMESTAMP" \ 21 + --build-arg TAG=$KNOT_RELEASE_TAG \ 22 + --build-arg REPO_URL=$KNOT_REPO_URL \ 23 + --build-arg DOCKER_BUILD_REPO=$DOCKER_BUILD_REPO \ 24 + --build-arg DOCKER_BUILD_COMMIT=$COMMIT_SHA \ 25 + --build-arg UID=$UID \ 26 + --build-arg GID=$GID \ 27 + --build-arg DEPLOY_IMAGE=$DEPLOY_IMAGE \ 28 + --build-arg BUILDER_IMAGE=$BUILDER_IMAGE \ 29 + . 30 + 31 + if [[ $CI == "true" || "$FF_PUSH_LOCAL_BUILDS" == "true" ]]; then 32 + echo "Tagging $IMAGE_NAME:build-$TIMESTAMP for publishing" 33 + docker push "$IMAGE_NAME:build-$TIMESTAMP" 34 + 35 + # Do the branch and commit tagging first 36 + docker tag "$IMAGE_NAME:build-$TIMESTAMP" "$IMAGE_NAME:branch-$BRANCH_NAME_SLUG" && docker push "$IMAGE_NAME:branch-$BRANCH_NAME_SLUG" 37 + docker tag "$IMAGE_NAME:build-$TIMESTAMP" "$IMAGE_NAME:commit-$COMMIT_SHA" && docker push "$IMAGE_NAME:commit-$COMMIT_SHA" 38 + 39 + # Then the build type tags 40 + if [[ "$BUILD_TYPE" == "production" ]]; then 41 + docker tag "$IMAGE_NAME:build-$TIMESTAMP" "$IMAGE_NAME:latest" 42 + docker push "$IMAGE_NAME:latest" 43 + else 44 + docker tag "$IMAGE_NAME:build-$TIMESTAMP" "$IMAGE_NAME:$BUILD_TYPE" 45 + docker push "$IMAGE_NAME:$BUILD_TYPE" 46 + fi 47 + else 48 + echo "Skipping push of $IMAGE_NAME:build-$TIMESTAMP to registry" 49 + fi

Configure Feed

Configure Feed