Skip to content
This repository has been archived by the owner on Mar 7, 2025. It is now read-only.

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
use snapshot
Browse files Browse the repository at this point in the history
@nkraetzschmar
nkraetzschmar committed Dec 5, 2023

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
1 parent de4a5c9 commit 7cc10f2
Showing 3 changed files with 44 additions and 32 deletions.
43 changes: 26 additions & 17 deletions .github/workflows/build_container.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,13 @@
on: push
on:
push:
workflow_dispatch:
inputs:
version:
type: string
default: latest
publish:
type: boolean
default: false
jobs:
build:
name: build (host=${{ matrix.host }}, target=${{ matrix.target }})
@@ -16,35 +25,35 @@ jobs:
run: |
set -x
if [ ${{ matrix.host }} = ${{ matrix.target }} ]; then
podman build --build-arg arch=${{ matrix.host }} -f build.containerfile -t ghcr.io/${{ github.repository }}/${{ matrix.host }}:${{ matrix.target }} .
podman build --build-arg arch=${{ matrix.host }} -f build.containerfile -t ghcr.io/${{ github.repository }}/host-${{ matrix.host }}/target-${{ matrix.target }}:${{ inputs.version }} .
else
case ${{ matrix.target }} in
amd64) gnu_arch=x86-64 ;;
arm64v8) gnu_arch=aarch64 ;;
esac
podman build --build-arg native_arch=${{ matrix.host }} --build-arg target_arch=${{ matrix.target }} --build-arg gnu_arch=$gnu_arch -f crossbuild.containerfile -t ghcr.io/${{ github.repository }}/${{ matrix.host }}:${{ matrix.target }} .
podman build --build-arg native_arch=${{ matrix.host }} --build-arg target_arch=${{ matrix.target }} --build-arg gnu_arch=$gnu_arch -f crossbuild.containerfile -t ghcr.io/${{ github.repository }}/host-${{ matrix.host }}/target-${{ matrix.target }}:${{ inputs.version }} .
fi
- name: publish
if: ${{ github.ref == 'refs/heads/main' }}
if: ${{ inputs.publish }}
run: |
podman login -u token -p ${{ github.token }} ghcr.io
podman push ghcr.io/${{ github.repository }}/${{ matrix.host }}:${{ matrix.target }}
podman inspect ghcr.io/${{ github.repository }}/${{ matrix.host }}:${{ matrix.target }}
podman push ghcr.io/${{ github.repository }}/host-${{ matrix.host }}/target-${{ matrix.target }}:${{ inputs.version }}
podman inspect ghcr.io/${{ github.repository }}/host-${{ matrix.host }}/target-${{ matrix.target }}:${{ inputs.version }}
publish:
runs-on: ubuntu-latest
needs: build
if: ${{ github.ref == 'refs/heads/main' }}
if: ${{ inputs.publish }}
steps:
- name: publish
run: |
podman login -u token -p ${{ github.token }} ghcr.io
podman manifest create ghcr.io/${{ github.repository }}:amd64
podman manifest add --arch amd64 ghcr.io/${{ github.repository }}:amd64 ghcr.io/${{ github.repository }}/amd64:amd64
podman manifest add --arch arm64 ghcr.io/${{ github.repository }}:amd64 ghcr.io/${{ github.repository }}/arm64v8:amd64
podman push ghcr.io/${{ github.repository }}:amd64
podman manifest inspect ghcr.io/${{ github.repository }}:amd64
podman manifest create ghcr.io/${{ github.repository }}:arm64v8
podman manifest add --arch amd64 ghcr.io/${{ github.repository }}:arm64v8 ghcr.io/${{ github.repository }}/amd64:arm64v8
podman manifest add --arch arm64 ghcr.io/${{ github.repository }}:arm64v8 ghcr.io/${{ github.repository }}/arm64v8:arm64v8
podman push ghcr.io/${{ github.repository }}:arm64v8
podman manifest inspect ghcr.io/${{ github.repository }}:arm64v8
podman manifest create ghcr.io/${{ github.repository }}/target-amd64:${{ inputs.version }}
podman manifest add --arch amd64 ghcr.io/${{ github.repository }}/target-amd64:${{ inputs.version }} ghcr.io/${{ github.repository }}/host-amd64/target-amd64:${{ inputs.version }}
podman manifest add --arch arm64 ghcr.io/${{ github.repository }}/target-amd64:${{ inputs.version }} ghcr.io/${{ github.repository }}/host-arm64/target-amd64:${{ inputs.version }}
podman push ghcr.io/${{ github.repository }}/target-amd64:${{ inputs.version }}
podman manifest inspect ghcr.io/${{ github.repository }}/target-amd64:${{ inputs.version }}
podman manifest create ghcr.io/${{ github.repository }}/target-arm64v8:${{ inputs.version }}
podman manifest add --arch amd64 ghcr.io/${{ github.repository }}/target-arm64v8:${{ inputs.version }} ghcr.io/${{ github.repository }}/host-amd64/target-arm64v8:${{ inputs.version }}
podman manifest add --arch arm64 ghcr.io/${{ github.repository }}/target-arm64v8:${{ inputs.version }} ghcr.io/${{ github.repository }}/host-arm64/target-arm64v8:${{ inputs.version }}
podman push ghcr.io/${{ github.repository }}/target-arm64v8:${{ inputs.version }}
podman manifest inspect ghcr.io/${{ github.repository }}/target-arm64v8:${{ inputs.version }}
15 changes: 8 additions & 7 deletions container/build.containerfile
View file
Original file line number Diff line number Diff line change
@@ -1,21 +1,18 @@
ARG image=debian:testing
ARG arch=amd64
ARG version=latest
ARG image=ghcr.io/gardenlinux/package-snapshot/$arch:$version

FROM $arch/$image AS mini_sudo
FROM $image AS mini_sudo
WORKDIR /tmp
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y gcc libc-dev
COPY mini_sudo.c ./
RUN gcc -Wall -Werror -static -o sudo mini_sudo.c \
&& install -m 6755 sudo /usr/local/bin/sudo

FROM $arch/$image
FROM $image
WORKDIR /tmp
COPY bin /usr/local/bin
RUN mkdir /pkgs \
&& touch /pkgs/Packages \
&& echo 'deb [trusted=yes] file:/pkgs /' >> /etc/apt/sources.list \
&& echo -e 'Package: *\nPin: origin ""\nPin-Priority: 900' > /etc/apt/preferences.d/local-pkgs
COPY pkgs ./
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y build-essential ca-certificates debhelper devscripts git sudo yq $(awk '{ print $1 }' pkgs) \
@@ -25,6 +22,10 @@ RUN gcc --print-search-dir \
&& gcc -o main main.c \
&& ./main
RUN find /tmp -mindepth 1 -delete
RUN mkdir /pkgs \
&& touch /pkgs/Packages \
&& echo 'deb [trusted=yes] file:/pkgs /' >> /etc/apt/sources.list \
&& printf 'Package: *\nPin: origin ""\nPin-Priority: 900\n' > /etc/apt/preferences.d/local-pkgs
COPY --from=mini_sudo /usr/local/bin/sudo /usr/local/bin/sudo
RUN groupadd dev && useradd -m -g dev dev
USER dev
18 changes: 10 additions & 8 deletions container/crossbuild.containerfile
View file
Original file line number Diff line number Diff line change
@@ -1,30 +1,28 @@
ARG image=debian:testing
ARG native_arch=amd64
ARG target_arch=arm64v8
ARG version=latest
ARG native_image=ghcr.io/gardenlinux/package-snapshot/$native_arch:$version
ARG target_image=ghcr.io/gardenlinux/package-snapshot/$target_arch:$version

FROM $native_arch/$image AS mini_sudo
FROM $native_image AS mini_sudo
WORKDIR /tmp
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y gcc libc-dev
COPY mini_sudo.c ./
RUN gcc -Wall -Werror -static -o sudo mini_sudo.c \
&& install -m 6755 sudo /usr/local/bin/sudo

FROM $native_arch/$image AS native
FROM $native_image AS native
ARG gnu_arch=aarch64
WORKDIR /tmp
COPY pkg setup_native ./
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y bbe patchelf $(sed 's/\$arch/'"$gnu_arch"'/' pkgs | awk '{ print $NF }') \
&& ./setup_native export $(sed 's/\$arch/'"$gnu_arch"'/' pkgs | awk '{ print $NF }')

FROM $target_arch/$image
FROM $target_image
WORKDIR /tmp
COPY bin /usr/local/bin
RUN mkdir /pkgs \
&& touch /pkgs/Packages \
&& echo 'deb [trusted=yes] file:/pkgs /' >> /etc/apt/sources.list \
&& echo -e 'Package: *\nPin: origin ""\nPin-Priority: 900' > /etc/apt/preferences.d/local-pkgs
COPY pkgs setup_native ./
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y build-essential ca-certificates debhelper devscripts git yq $(awk '{ print $1 }' pkgs) \
@@ -36,6 +34,10 @@ RUN gcc --print-search-dir \
&& gcc -o main main.c \
&& ./main
RUN find /tmp -mindepth 1 -delete
RUN mkdir /pkgs \
&& touch /pkgs/Packages \
&& echo 'deb [trusted=yes] file:/pkgs /' >> /etc/apt/sources.list \
&& printf 'Package: *\nPin: origin ""\nPin-Priority: 900\n' > /etc/apt/preferences.d/local-pkgs
COPY --from=mini_sudo /usr/local/bin/sudo /usr/local/bin/sudo
RUN groupadd dev && useradd -m -g dev dev
USER dev

0 comments on commit 7cc10f2

Please sign in to comment.