🚀 Improves the build system (#23)

* 🚀 Improves the build system * ⬆️ Upgrades Hadolint to latest * 👕 Fixes Hadolint warnings * 🚑 Fixes the incorrect shell * 👕 Fixes hadolint warnings * 👕 Fixes hadolint warnings * 🚑 Temporary work around for hadolint/hadolint#234 * 👕 Fixes yamllint warnings
hassio-addons · Jul 6, 2018 · da4a397 · da4a397
1 parent a04b58a
commit da4a397
Show file tree

Hide file tree

Showing 3 changed files with 184 additions and 82 deletions.
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -1,5 +1,5 @@
 ---
-image: docker:stable
+image: docker:latest
 
 variables:
   ADDON_GITHUB_REPO: hassio-addons/addon-base
@@ -13,12 +13,12 @@ stages:
   - build
   - scan
   - deploy
+  - manifest
 
 # Generic DIND template
 .dind: &dind
   before_script:
     - docker info
-    - docker login -u gitlab-ci-token -p "${CI_JOB_TOKEN}" registry.gitlab.com
   services:
     - name: docker:dind
       command: ["--experimental"]
@@ -33,33 +33,43 @@ stages:
 .build: &build
   <<: *dind
   stage: build
-  script:
-    - apk --no-cache add curl
+  before_script:
+    - docker info
     - |
-      curl -L -s \
-      "https://github.com/hassio-addons/qemu-user-static/releases/download/v2.12.0/qemu-aarch64-static.tar.gz" | \
-      tar zxvf - -C ./base/rootfs/usr/bin/
+      echo "${CI_JOB_TOKEN}" | docker login \
+        --username gitlab-ci-token \
+        --password-stdin \
+        registry.gitlab.com
+    - docker pull "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:cache" || true
     - |
-      curl -L -s \
-      "https://github.com/hassio-addons/qemu-user-static/releases/download/v2.12.0/qemu-arm-static.tar.gz" | \
-      tar zxvf - -C ./base/rootfs/usr/bin/
+      if [ "$(apk --print-arch)" = "amd64" ]; then
+        docker run --rm --privileged hassioaddons/qemu-user-static:latest
+      fi
+    - apk --no-cache add curl
+  script:
     - |
-      docker run \
-        --privileged \
-        --volume /var/run/docker.sock:/var/run/docker.sock \
-        --volume "$PWD":/docker \
-        hassioaddons/build-env:latest \
-          --image "addon" \
-          --no-cache \
-          --git-url "https://github.com/${ADDON_GITHUB_REPO}" \
-          --target "${ADDON_TARGET}" \
-          --tag-latest \
-          --git \
-          --${ADDON_ARCH}
+      if [ "$(apk --print-arch)" = "aarch64" ]; then
+        curl -L -s \
+        "https://github.com/hassio-addons/qemu-user-static/releases/download/v2.12.0/qemu-aarch64-static.tar.gz" | \
+        tar zxvf - -C ./base/rootfs/usr/bin/
+      fi
     - |
-      docker tag \
-        "addon:latest" \
-        "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}"
+      if [ "$(apk --print-arch)" = "armhf" ]; then
+        curl -L -s \
+        "https://github.com/hassio-addons/qemu-user-static/releases/download/v2.12.0/qemu-arm-static.tar.gz" | \
+        tar zxvf - -C ./base/rootfs/usr/bin/
+      fi
+    - |
+      docker build \
+        --build-arg "BUILD_FROM=${FROM}" \
+        --build-arg "BUILD_DATE=$(date +"%Y-%m-%dT%H:%M:%SZ")" \
+        --build-arg "BUILD_ARCH=${ADDON_ARCH}" \
+        --build-arg "BUILD_REF=${CI_COMMIT_SHA}" \
+        --build-arg "BUILD_VERSION=${CI_COMMIT_TAG:-${CI_COMMIT_SHA:0:7}}" \
+        --cache-from "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:cache" \
+        --tag \
+          "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" \
+        "${ADDON_TARGET}"
     - |
       docker push \
         "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}"
@@ -113,44 +123,109 @@ stages:
   <<: *dind
   stage: deploy
   before_script:
-    - apk --no-cache add curl
     - docker info
-    - docker login -u gitlab-ci-token -p "${CI_JOB_TOKEN}" registry.gitlab.com
     - docker pull "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}"
-    - docker pull hassioaddons/build-env:latest
     - |
-      curl -L -s \
-      "https://github.com/hassio-addons/qemu-user-static/releases/download/v2.12.0/qemu-aarch64-static.tar.gz" | \
-      tar zxvf - -C ./base/rootfs/usr/bin/
+      echo "${CI_JOB_TOKEN}" | docker login \
+        --username gitlab-ci-token \
+        --password-stdin \
+        registry.gitlab.com
     - |
-      curl -L -s \
-      "https://github.com/hassio-addons/qemu-user-static/releases/download/v2.12.0/qemu-arm-static.tar.gz" | \
-      tar zxvf - -C ./base/rootfs/usr/bin/
+      echo "${DOCKER_PASSWORD}" | docker login \
+        --username "${DOCKER_LOGIN}" \
+        --password-stdin
   script:
     - |
-      docker run \
-        --privileged \
-        --volume /var/run/docker.sock:/var/run/docker.sock \
-        --volume "$PWD":/docker \
-        hassioaddons/build-env:latest \
-          --image "${DOCKER_HUB_ORG}/${ADDON_SLUG}-${ADDON_ARCH}" \
-          --cache-from "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}" \
-          --cache-tag "${CI_COMMIT_SHA}" \
-          --git-url "https://github.com/${ADDON_GITHUB_REPO}" \
-          --target "${ADDON_TARGET}" \
-          --login "${DOCKER_LOGIN}" \
-          --password "${DOCKER_PASSWORD}" \
-          --git \
-          --push \
-          --squash \
-          --${ADDON_ARCH}
+      docker tag \
+        "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" \
+        "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:cache"
+    - docker push "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:cache"
+    - TAG="${CI_COMMIT_TAG#v}"
+    - TAG="${TAG:-${CI_COMMIT_SHA:0:7}}"
+    - |
+      docker tag \
+        "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" \
+        "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${ADDON_ARCH}-${TAG}"
+    - |
+      docker push \
+        "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${ADDON_ARCH}-${TAG}"
+    - |
+      docker tag \
+        "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" \
+        "${DOCKER_HUB_ORG}/${ADDON_SLUG}-${ADDON_ARCH}:${TAG}"
+    - |
+      docker push \
+        "${DOCKER_HUB_ORG}/${ADDON_SLUG}-${ADDON_ARCH}:${TAG}"
   tags:
     - deploy
+  only:
+    - master
+    - /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/
+  except:
+    - /^(?!master).+@/
+
+# Generic manifest template
+.manifest: &manifest
+  <<: *dind
+  stage: manifest
+  before_script:
+    - mkdir -p ~/.docker
+    - echo '{"experimental":"enabled"}' > ~/.docker/config.json
+    - docker info
+    - |
+      echo "${DOCKER_PASSWORD}" | docker login \
+        --username "${DOCKER_LOGIN}" \
+        --password-stdin
+  script:
+    - TAG="${TAG#v}"
+    - TAG="${TAG:-${CI_COMMIT_SHA:0:7}}"
+    - REF="${CI_COMMIT_TAG#v}"
+    - REF="${REF:-${CI_COMMIT_SHA:0:7}}"
+    - |
+      docker manifest create \
+        "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \
+        "${DOCKER_HUB_ORG}/${ADDON_SLUG}:aarch64-${REF}" \
+        "${DOCKER_HUB_ORG}/${ADDON_SLUG}:amd64-${REF}" \
+        "${DOCKER_HUB_ORG}/${ADDON_SLUG}:armhf-${REF}" \
+        "${DOCKER_HUB_ORG}/${ADDON_SLUG}:i386-${REF}"
+    - |
+      docker manifest annotate \
+        "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \
+        "${DOCKER_HUB_ORG}/${ADDON_SLUG}:aarch64-${REF}" \
+        --os=linux \
+        --arch=arm64 \
+        --variant=v8
+    - |
+      docker manifest annotate \
+        "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \
+        "${DOCKER_HUB_ORG}/${ADDON_SLUG}:amd64-${REF}" \
+        --os=linux \
+        --arch=amd64
+    - |
+      docker manifest annotate \
+        "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \
+        "${DOCKER_HUB_ORG}/${ADDON_SLUG}:armhf-${REF}" \
+        --os=linux \
+        --arch=arm \
+        --variant=v6
+    - |
+      docker manifest annotate \
+        "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \
+        "${DOCKER_HUB_ORG}/${ADDON_SLUG}:i386-${REF}" \
+        --os=linux \
+        --arch=386
+    - |
+      docker manifest push \
+        "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}"
+  tags:
+    - manifest
+  except:
+    - /^(?!master).+@/
 
 # Preflight jobs
 hadolint:
   <<: *preflight
-  image: hadolint/hadolint:v1.6.6
+  image: hadolint/hadolint:latest-debian
   before_script:
     - hadolint --version
   script:
@@ -222,21 +297,37 @@ build:armhf:
   <<: *build
   variables:
     ADDON_ARCH: armhf
+    FROM: arm32v6/alpine:3.8
+  tags:
+    - build
+    - armhf
 
 build:aarch64:
   <<: *build
   variables:
     ADDON_ARCH: aarch64
+    FROM: arm64v8/alpine:3.8
+  tags:
+    - build
+    - aarch64
 
 build:i386:
   <<: *build
   variables:
     ADDON_ARCH: i386
+    FROM: i386/alpine:3.8
+  tags:
+    - build
+    - i386
 
 build:amd64:
   <<: *build
   variables:
     ADDON_ARCH: amd64
+    FROM: amd64/alpine:3.8
+  tags:
+    - build
+    - amd64
 
 # Scan jobs
 clair:armhf:
@@ -264,38 +355,52 @@ deploy:armhf:
   <<: *deploy
   variables:
     ADDON_ARCH: armhf
-  only:
-    - master
-    - /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/
-  except:
-    - /^(?!master).+@/
 
 deploy:aarch64:
   <<: *deploy
   variables:
     ADDON_ARCH: aarch64
-  only:
-    - master
-    - /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/
-  except:
-    - /^(?!master).+@/
 
 deploy:i386:
   <<: *deploy
   variables:
     ADDON_ARCH: i386
-  only:
-    - master
-    - /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/
-  except:
-    - /^(?!master).+@/
 
 deploy:amd64:
   <<: *deploy
   variables:
     ADDON_ARCH: amd64
+
+# Manifest jobs
+manifest:sha:
+  <<: *manifest
   only:
     - master
+
+manifest:version:
+  <<: *manifest
+  variables:
+    TAG: "${CI_COMMIT_TAG}"
+  only:
     - /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/
-  except:
-    - /^(?!master).+@/
+
+manifest:stable:
+  <<: *manifest
+  variables:
+    TAG: latest
+  only:
+    - /^v\d+\.\d+\.\d+(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?$/
+
+manifest:beta:
+  <<: *manifest
+  variables:
+    TAG: beta
+  only:
+    - /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/
+
+manifest:edge:
+  <<: *manifest
+  variables:
+    TAG: edge
+  only:
+    - master
diff --git a/.hadolint.yaml b/.hadolint.yaml
@@ -0,0 +1,3 @@
+---
+ignored:
+  - SC2187
diff --git a/base/Dockerfile b/base/Dockerfile
@@ -14,10 +14,15 @@ ENV \
 # Copy root filesystem
 COPY rootfs /
 
+# Set shell
+SHELL ["/bin/ash", "-o", "pipefail", "-c"]
+
 # Install base system
 ARG BUILD_ARCH=amd64
 RUN \
-    echo '@edge http://dl-cdn.alpinelinux.org/alpine/edge/main' >> /etc/apk/repositories \
+    set -o pipefail \
+    \
+    && echo '@edge http://dl-cdn.alpinelinux.org/alpine/edge/main' >> /etc/apk/repositories \
     && echo '@edge http://dl-cdn.alpinelinux.org/alpine/edge/community' >> /etc/apk/repositories \
     && echo '@edge http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories \
     \
@@ -35,7 +40,7 @@ RUN \
         musl=1.1.19-r10 \
         tzdata=2018d-r1 \
     \
-    && if [[ "${BUILD_ARCH}" = "i386" ]]; then S6_ARCH="x86"; else S6_ARCH="${BUILD_ARCH}"; fi \
+    && if [ "${BUILD_ARCH}" = "i386" ]; then S6_ARCH="x86"; else S6_ARCH="${BUILD_ARCH}"; fi \
     \
     && curl -L -s "https://github.com/just-containers/s6-overlay/releases/download/v1.21.4.0/s6-overlay-${S6_ARCH}.tar.gz" \
         | tar zxvf - -C / \
@@ -44,22 +49,11 @@ RUN \
     && mkdir -p /etc/services.d \
     \
     && apk del --purge .build-dependencies \
-    \
-    && \
-        if [[ "${BUILD_ARCH}" != "armhf" ]]; then \
-            rm -f /usr/bin/qemu-arm-static; \
-        fi \
-    \
-    && \
-        if [[ "${BUILD_ARCH}" != "aarch64" ]]; then \
-            rm -f /usr/bin/qemu-aarch64-static; \
-        fi \
-    \
     && rm -f -r \
         /tmp/*
 
 # Entrypoint & CMD
-ENTRYPOINT [ "/init" ]
+ENTRYPOINT ["/init"]
 
 # Build arugments
 ARG BUILD_DATE