guisea/ansible-molecule
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Aaron Guise
2023-08-19 21:25:33 +12:00
commit 951e01caf1
4 changed files with 322 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
.woodpecker/build.yaml Normal file
View File

@@ -0,0 +1,25 @@
variables:
- &platforms 'linux/arm64/v8,linux/amd64'
- &docker_creds
username: ${CI_REPO_OWNER}
password:
from_secret: docker_password
steps:
publish-depot-plugin:
image: woodpeckerci/plugin-docker-buildx
pull: true
group: docker
settings:
<<: *docker_creds
token:
from_secret: depot_token
repo: ${CI_REPO_OWNER}/ansible-molecule
dockerfile: Dockerfile
platforms: *platforms
tag: latest
when:
branch: ${CI_REPO_DEFAULT_BRANCH}
event:
- push
- manual

7
Dockerfile Normal file
View File

@@ -0,0 +1,7 @@
FROM python:3.9-slim
ARG DEPOT_VERSION=2.30.0
RUN pip install -y 'ansible-core<2.17' molecule[docker]
CMD ["/bin/bash"]

116
README.md Normal file
View File

@@ -0,0 +1,116 @@
---
name: Docker Buildx
icon: https://woodpecker-ci.org/img/logo.svg
description: plugin to build Docker images using depot
authors: Woodpecker Authors
tags: [docker, image, container, build]
containerImage: woodpeckerci/plugin-docker-buildx
containerImageUrl: https://hub.docker.com/r/woodpeckerci/plugin-docker-buildx
url: https://codeberg.org/woodpecker-plugins/docker-buildx
---
Woodpecker CI plugin to build multiarch Docker images with depot.
## Features
- Build without push
- Use custom registries (Only supporting Docker Hub for now)
- Build based on existing tags when needed
- Push to multiple registries/repos
> NB! To mount custom CA you can use Woodpecker CI runner configuration environment `WOODPECKER_BACKEND_DOCKER_VOLUMES` with value `/etc/ssl/certs:/etc/ssl/certs:ro,/etc/docker/certs.d:/etc/docker/certs.d:ro`. And have created file `/etc/docker/certs.d/<registry-value>/ca.crt` with CA certificate on runner server host.
## Settings
| Settings Name | Default | Description
| --------------------------| ----------------- | --------------------------------------------
| `dry-run` | `false` | disables docker push
| `repo` | *none* | sets repository name for the image (can be a list)
| `username` | *none* | sets username to authenticates with
| `password` | *none* | sets password / token to authenticates with
| `registry` | `https://index.docker.io/v1/` | sets docker registry to authenticate with
| `dockerfile` | `Dockerfile` | sets dockerfile to use for the image build
| `tag`/`tags` | *none* | sets repository tags to use for the image
| `platforms` | *none* | sets target platform for build
## auto_tag
If set to true, it will use the `default_tag` ("latest") on tag event or default branch.
If it's a tag event it will also assume sem versioning and add tags accordingly (`x`, `x.x` and `x.x.x`).
If it's not a tag event, and no default branch, automated tags are skipped.
## Examples
```yaml
publish-next-agent:
image: cybercinch/woodpecker-plugin-depot
secrets: [docker_username, docker_password]
settings:
repo: cybercinch/an-awesome-container
dockerfile: docker/Dockerfile
username: ${CI_REPO_OWNER}
password:
from_secret: docker_password
platforms: linux/amd64,linux/arm64/v8,linux/arm32/v7
tag: latest
when:
branch: ${CI_REPO_DEFAULT_BRANCH}
event: push
```
## Advanced Settings
| Settings Name | Default | Description
| --------------------------| ----------------- | --------------------------------------------
| `mirror` | *none* | sets a registry mirror to pull images
| `storage_driver` | *none* | sets the docker daemon storage driver
| `storage_path` | `/var/lib/docker` | sets the docker daemon storage path
| `bip` | *none* | allows the docker daemon to bride ip address
| `mtu` | *none* | sets docker daemon custom mtu setting
| `custom_dns` | *none* | sets custom docker daemon dns server
| `custom_dns_search` | *none* | sets custom docker daemon dns search domain
| `insecure` | `false` | allows the docker daemon to use insecure registries
| `ipv6` | `false` | enables docker daemon IPv6 support
| `experimental` | `false` | enables docker daemon experimental mode
| `debug` | `false` | enables verbose debug mode for the docker daemon
| `daemon_off` | `false` | disables the startup of the docker daemon
| `buildkit_config` | *none* | sets content of the docker [buildkit TOML config](https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md)
| `tags_file` | *none* | overwrites `tags` option with values find in specified file
| `context` | `.` | sets the path of the build context to use
| `auto_tag` | `false` | generates tag names automatically based on git branch and git tag, tags supplied via `tags` are additionally added to the auto_tags without suffix
| `default_suffix"`/`auto_tag_suffix`| *none* | generates tag names with the given suffix
| `default_tag` | `latest` | overrides the default tag name used when generating with `auto_tag` enabled
| `label`/`labels` | *none* | sets labels to use for the image in format `<name>=<value>`
| `default_labels`/`auto_labels` | `true` | sets docker image labels based on git information
| `build_args` | *none* | sets custom build arguments for the build
| `build_args_from_env` | *none* | forwards environment variables as custom arguments to the build
| `quiet` | `false` | enables suppression of the build output
| `target` | *none* | sets the build target to use
| `cache_from` | *none* | sets images to consider as cache sources
| `pull_image` | `true` | enforces to pull base image at build time
| `compress` | `false` | enables compression of the build context using gzip
| `config` | *none* | sets content of the docker daemon json config
| `purge` | `true` | enables cleanup of the docker environment at the end of a build
| `no_cache` | `false` | disables the usage of cached intermediate containers
| `add_host` | *none* | sets additional host:ip mapping
| `output` | *none* | sets build output in format `type=<type>[,<key>=<value>]`
| `logins` | *none* | option to log into multiple registries
## Multi registry push example
Only supported with `woodpecker >= 1.0.0` (next-da997fa3).
```yaml
settings:
repo: a6543/tmp,codeberg.org/6543/tmp
tag: demo
logins:
- registry: https://index.docker.io/v1/
username: a6543
password:
from_secret: docker_token
- registry: https://codeberg.org
username: "6543"
password:
from_secret: cb_token
```

174
files/docker-entrypoint.sh Executable file
View File

@@ -0,0 +1,174 @@
#!/bin/bash
# This is to serve as a Plugin for Woodpecker to enable running of builds on depot.dev
set -eo pipefail
shopt -s nullglob
# check to see if this file is being run or sourced from another script
_is_sourced() {
# https://unix.stackexchange.com/a/215279
[ "${#FUNCNAME[@]}" -ge 2 ] \
&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
&& [ "${FUNCNAME[1]}" = 'source' ]
}
# logging functions
drone_log() {
local type="$1"; shift
# accept argument string or stdin
local text="$*"; if [ "$#" -eq 0 ]; then text="$(cat)"; fi
local dt; dt="$(date -D 'YYYY-MM-DD hh:mm[:ss]')"
printf '%s [%s] [woodpecker-depot]: %s\n' "$dt" "$type" "$text"
}
woodpecker_note() {
drone_log Note "$@"
}
woodpecker_warn() {
drone_log Warn "$@" >&2
}
woodpecker_error() {
drone_log ERROR "$@" >&2
exit 1
}
# Verify that the minimally required password settings are set for operation.
function verify_minimum_env {
if [ -z "$PLUGIN_PROJECT" ]; then
woodpecker_warn "token setting is required for plugin operation"
fi
if [ -z "$PLUGIN_TOKEN" ]; then
woodpecker_warn "token setting is required for plugin operation"
fi
if [ -z "$PLUGIN_REPO" ]; then
woodpecker_warn "repo setting is required for plugin operation"
fi
if [ -z "$PLUGIN_TAG" ]; then
woodpecker_warn "tag setting is required for plugin operation"
fi
if [ -z "$PLUGIN_REPOHOST" ]; then
woodpecker_warn "repohost setting is required for plugin operation"
fi
if [ -z "$PLUGIN_PLATFORMS" ]; then
woodpecker_warn "platforms setting is required for plugin operation"
fi
if [ "${PLUGIN_REPOHOST}" == "docker.io" ]
then
if [ -z "$PLUGIN_USERNAME" ] || [ -z "$PLUGIN_PASSWORD" ]
then
woodpecker_warn "username and password are required for plugin operation"
fi
fi
if [ -z "$PLUGIN_PROJECT" ] ||
[ -z "$PLUGIN_TOKEN" ] ||
[ -z "$PLUGIN_REPO" ] ||
[ -z "$PLUGIN_TAGS" ] ||
[ -z "$PLUGIN_REPOHOST" ] ||
[ -z "$PLUGIN_PLATFORMS" ] ; then
woodpecker_error <<-'EOF'
You need to specify one/all of the following settings:
- token
- project
- repo
- tag
- repohost
- platforms
- username
- password
EOF
fi
woodpecker_note "Sufficient configuration"
}
function parse_tags {
# set (,) as delimiter
IFS=','
read -ra TAGS_ARRAY <<< "$PLUGIN_TAGS"
TAGS_LENGTH=${#TAGS_ARRAY[@]}
for (( i=0; i<TAGS_LENGTH; i++ ));
do
tags+=( -t "${PLUGIN_REPO}:${TAGS_ARRAY[$i]}" )
done
# Reset IFS to default value
IFS=' '
}
function build_cli {
options+=( --project "${PLUGIN_PROJECT}" )
options+=( --platform "${PLUGIN_PLATFORMS}" )
if [[ -n ${PLUGIN_TAG} ]]; then
# Singular tag support
options+=( -t "${PLUGIN_REPO}:${PLUGIN_TAG}" )
elif [[ -n ${PLUGIN_TAGS} ]]; then
# Multiple tags must be supplied
# set (,) as delimiter
IFS=','
# Read tags into an array
read -ra TAGS_ARRAY <<< "$PLUGIN_TAGS"
# For each tag append to the cli parameters
for (( i=0; i<${#TAGS_ARRAY[@]}; i++ ));
do
options+=( -t "${PLUGIN_REPO}:${TAGS_ARRAY[$i]}" )
done
fi
# Reset IFS to default value
IFS=' '
# Specify the path to file
options+=( -f "${PLUGIN_DOCKERFILE}" )
if [[ -n "${PLUGIN_QUIET}" && "${PLUGIN_QUIET}" == 'true' ]]; then
options+=( --quiet )
fi
if [[ -n "${PLUGIN_PUSH}" && "${PLUGIN_PUSH}" == 'true' ]]; then
options+=( --push )
fi
if [[ -n "${PLUGIN_LOAD}" && "${PLUGIN_LOAD}" == 'true' ]]; then
options+=( --load )
fi
# Specify the Docker context
options+=( "${PLUGIN_CONTEXT:=.}" )
}
function build_on_depot {
if [ "${PLUGIN_REPOHOST}" == "docker.io" ]; then
woodpecker_note "Building image ${PLUGIN_REPO}:${PLUGIN_TAG} for Docker Hub"
# Login to Docker Hub
woodpecker_note "Logging in to Docker Hub..."
LOGON=$(echo "${PLUGIN_PASSWORD}" | docker login \
--username "${PLUGIN_USERNAME}" \
--password-stdin 2>/dev/null )
woodpecker_note "${LOGON}"
woodpecker_note "Building and pushing with Depot..."
# Build and push with depot
#parse_tags
# Build the Commandline parameters
build_cli
DEPOT_TOKEN=${PLUGIN_TOKEN} depot build "${options[@]}"
woodpecker_note "Build completed"
fi
}
_main() {
woodpecker_note "Starting"
verify_minimum_env "$@"
woodpecker_note "$@"
woodpecker_note "Depot version is: $(depot --version)"
build_on_depot "$@"
}
# If we are sourced from elsewhere, don't perform any further actions
if ! _is_sourced; then
_main "$@"
fi