mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
Move Buildkite CI tooling to new repo
https://github.com/authelia/buildkite https://hub.docker.com/r/authelia/buildkite
This commit is contained in:
parent
3fb84fabc2
commit
2d062284d6
|
@ -1,6 +0,0 @@
|
||||||
.git
|
|
||||||
.gitignore
|
|
||||||
.github
|
|
||||||
.gitattributes
|
|
||||||
READMETEMPLATE.md
|
|
||||||
README.md
|
|
|
@ -1,77 +0,0 @@
|
||||||
FROM docker:dind
|
|
||||||
|
|
||||||
# set labels
|
|
||||||
LABEL maintainer="Nightah"
|
|
||||||
|
|
||||||
# set application versions
|
|
||||||
ARG ARCH="amd64"
|
|
||||||
ARG BUILDKITE_VERSION="3.17.0"
|
|
||||||
ARG OVERLAY_VERSION="v1.22.1.0"
|
|
||||||
|
|
||||||
# environment variables
|
|
||||||
ENV PS1="$(whoami)@$(hostname):$(pwd)$ " \
|
|
||||||
HOME="/buildkite" \
|
|
||||||
TERM="xterm"
|
|
||||||
|
|
||||||
# set runtime variables
|
|
||||||
ENV BUILDKITE_AGENT_CONFIG=/buildkite/buildkite-agent.cfg \
|
|
||||||
GOPATH="/buildkite/.go"
|
|
||||||
|
|
||||||
# add local files
|
|
||||||
COPY root/ /
|
|
||||||
|
|
||||||
# modifications
|
|
||||||
RUN \
|
|
||||||
echo "**** Install Authelia CI pre-requisites ****" && \
|
|
||||||
echo "@edge http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories && \
|
|
||||||
echo "@edget http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \
|
|
||||||
apk add --no-cache \
|
|
||||||
bash \
|
|
||||||
ca-certificates \
|
|
||||||
coreutils \
|
|
||||||
chromium \
|
|
||||||
chromium-chromedriver \
|
|
||||||
curl \
|
|
||||||
docker-compose \
|
|
||||||
git \
|
|
||||||
hub@edget \
|
|
||||||
go@edge \
|
|
||||||
jq \
|
|
||||||
libc6-compat \
|
|
||||||
libstdc++ \
|
|
||||||
nodejs \
|
|
||||||
npm \
|
|
||||||
openssh-client \
|
|
||||||
perl \
|
|
||||||
rsync \
|
|
||||||
shadow \
|
|
||||||
sudo \
|
|
||||||
tzdata \
|
|
||||||
yarn@edge && \
|
|
||||||
echo "**** Add s6 overlay ****" && \
|
|
||||||
cd /tmp && \
|
|
||||||
curl -Lfs -o s6-overlay.tar.gz "https://github.com/just-containers/s6-overlay/releases/download/${OVERLAY_VERSION}/s6-overlay-${ARCH}.tar.gz" && \
|
|
||||||
tar xfz s6-overlay.tar.gz -C / && \
|
|
||||||
echo "**** Patch CVE-2019-5021 ****" && \
|
|
||||||
sed -i -e 's/^root::/root:!:/' /etc/shadow && \
|
|
||||||
echo "**** Create buildkite user and make our folders ****" && \
|
|
||||||
useradd -u 911 -U -d /buildkite -s /bin/false buildkite && \
|
|
||||||
usermod -G wheel buildkite && \
|
|
||||||
sed -i 's/# %wheel/%wheel/g' /etc/sudoers && \
|
|
||||||
echo "**** Install Buildkite ****" && \
|
|
||||||
mkdir -p /buildkite/builds /buildkite/hooks /buildkite/plugins && \
|
|
||||||
curl -Lfs -o /usr/local/bin/ssh-env-config.sh https://raw.githubusercontent.com/buildkite/docker-ssh-env-config/master/ssh-env-config.sh && \
|
|
||||||
chmod +x /usr/local/bin/ssh-env-config.sh && \
|
|
||||||
curl -Lfs -o buildkite-agent.tar.gz https://github.com/buildkite/agent/releases/download/v${BUILDKITE_VERSION}/buildkite-agent-linux-${ARCH}-${BUILDKITE_VERSION}.tar.gz && \
|
|
||||||
tar xf buildkite-agent.tar.gz && \
|
|
||||||
sed -i 's/token=/#token=/g' buildkite-agent.cfg && \
|
|
||||||
sed -i 's/\$HOME\/.buildkite-agent/\/buildkite/g' buildkite-agent.cfg && \
|
|
||||||
mv buildkite-agent.cfg /buildkite/buildkite-agent.cfg && \
|
|
||||||
mv buildkite-agent /usr/local/bin/buildkite-agent && \
|
|
||||||
echo "**** Cleanup ****" && \
|
|
||||||
rm -rf /tmp/*
|
|
||||||
|
|
||||||
# ports and volumes
|
|
||||||
VOLUME /buildkite
|
|
||||||
|
|
||||||
ENTRYPOINT ["/init"]
|
|
99
ci/README.md
99
ci/README.md
|
@ -1,99 +0,0 @@
|
||||||
[logo]: https://github.com/clems4ever/authelia/raw/master/docs/images/authelia-title.png "Authelia"
|
|
||||||
[![alt text][logo]](https://www.authelia.com/)
|
|
||||||
|
|
||||||
# authelia/buildkite
|
|
||||||
[![Docker Pulls](https://img.shields.io/docker/pulls/authelia/buildkite.svg)](https://hub.docker.com/r/authelia/buildkite/) [![Docker Stars](https://img.shields.io/docker/stars/authelia/buildkite.svg)](https://hub.docker.com/r/authelia/buildkite/)
|
|
||||||
|
|
||||||
The [buildkite agent](https://buildkite.com/docs/agent/v3) is a small, reliable and cross-platform build runner that makes it easy to run automated builds on your own infrastructure. Its main responsibilities are polling buildkite.com for work, running build jobs, reporting back the status code and output log of the job, and uploading the job's artifacts.
|
|
||||||
|
|
||||||
This custom image is based on the `docker:dind` to provide docker-in-docker alongside Buildkite to support the automated integration cases run for Authelia's CI process.
|
|
||||||
The image will be re-built if any updates are made to the base `docker:dind` image.
|
|
||||||
|
|
||||||
This image shamelessly utilises some of the fine work by the team over at [LinuxServer.io](https://www.linuxserver.io/), credits to their [alpine baseimage](https://github.com/linuxserver/docker-baseimage-alpine/).
|
|
||||||
|
|
||||||
## Usage
|
|
||||||
|
|
||||||
Here are some example snippets to help you get started creating a container.
|
|
||||||
|
|
||||||
An example `docker-compose.yml` has also been provided in the repo which includes three nodes and a local registry cache.
|
|
||||||
|
|
||||||
### docker
|
|
||||||
|
|
||||||
```
|
|
||||||
docker create \
|
|
||||||
--name=buildkite1 \
|
|
||||||
-e BUILDKITE_AGENT_NAME=named-node-1 \
|
|
||||||
-e BUILDKITE_AGENT_TOKEN=tokenhere \
|
|
||||||
-e BUILDKITE_AGENT_TAGS=tags=here,moretags=here \
|
|
||||||
-e BUILDKITE_AGENT_PRIORITY=priorityhere \
|
|
||||||
-e PUID=1000 \
|
|
||||||
-e PGID=1000 \
|
|
||||||
-e TZ=Australia/Melbourne \
|
|
||||||
-v <path to data>/docker:/buildkite/.docker \
|
|
||||||
-v <path to data>/ssh:/buildkite/.ssh \
|
|
||||||
-v <path to data>/go:/buildkite/.go \
|
|
||||||
-v <path to data>/hooks:/buildkite/hooks \
|
|
||||||
--restart unless-stopped \
|
|
||||||
--privileged \
|
|
||||||
authelia/buildkite
|
|
||||||
```
|
|
||||||
### docker-compose
|
|
||||||
|
|
||||||
Compatible with docker-compose v2 schemas.
|
|
||||||
|
|
||||||
```
|
|
||||||
---
|
|
||||||
version: "2.1"
|
|
||||||
services:
|
|
||||||
buildkite1:
|
|
||||||
image: authelia/buildkite
|
|
||||||
container_name: buildkite1
|
|
||||||
privileged: true
|
|
||||||
volumes:
|
|
||||||
- <path to data>/docker:/buildkite/.docker
|
|
||||||
- <path to data>/ssh:/buildkite/.ssh
|
|
||||||
- <path to data>/go:/buildkite/.go
|
|
||||||
- <path to data>/hooks:/buildkite/hooks
|
|
||||||
restart: unless-stopped
|
|
||||||
environment:
|
|
||||||
- BUILDKITE_AGENT_NAME=named-node-1
|
|
||||||
- BUILDKITE_AGENT_TOKEN=tokenhere
|
|
||||||
- BUILDKITE_AGENT_TAGS=tags=here,moretags=here
|
|
||||||
- BUILDKITE_AGENT_PRIORITY=priorityhere
|
|
||||||
- PUID=1000
|
|
||||||
- PGID=1000
|
|
||||||
- TZ=Australia/Melbourne
|
|
||||||
```
|
|
||||||
## Parameters
|
|
||||||
|
|
||||||
Container images are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `<external>:<internal>` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container.
|
|
||||||
|
|
||||||
| Parameter | Function |
|
|
||||||
| :----: | --- |
|
|
||||||
| `-e BUILDKITE_AGENT_NAME=named-node-1` | [agent name](https://buildkite.com/docs/agent/v3/configuration) for buildkite agent on specified node |
|
|
||||||
| `-e BUILDKITE_AGENT_TOKEN=tokenhere` | [agent token](https://buildkite.com/docs/agent/v3/tokens) for specified pipeline |
|
|
||||||
| `-e BUILDKITE_AGENT_TAGS=tags=here,moretags=here` | [agent tags](https://buildkite.com/docs/agent/v3/cli-start#setting-tags) on specified node, tag=value comma separated |
|
|
||||||
| `-e BUILDKITE_AGENT_PRIORITY=1` | [agent priority](https://buildkite.com/docs/agent/v3/prioritization) |
|
|
||||||
| `-e PUID=1000` | for UserID - see below for explanation |
|
|
||||||
| `-e PGID=1000` | for GroupID - see below for explanation |
|
|
||||||
| `-e TZ=Australia/Melbourne` | for setting timezone information, eg Australia/Melbourne |
|
|
||||||
| `-v /buildkite/.docker` | Docker `config.json` stored here for permissions |
|
|
||||||
| `-v /buildkite/.ssh` | SSH `id_rsa` and `ida_rsa.pub` stored here for [GitHub cloning](https://buildkite.com/docs/agent/v3/ssh-keys) |
|
|
||||||
| `-v /buildkite/.go` | $GOPATH, set this location to share cache between multiple node containers |
|
|
||||||
| `-v /buildkite/hooks` | Used to provide secrets in to Buildkite such as `DOCKER_USERNAME` `DOCKER_PASSWORD` and `GITHUB_TOKEN` for publish and clean up steps |
|
|
||||||
|
|
||||||
## User / Group Identifiers
|
|
||||||
|
|
||||||
When using volumes (`-v` flags) permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`.
|
|
||||||
|
|
||||||
Ensure any volume directories on the host are owned by the same user you specify and any permissions issues will vanish like magic.
|
|
||||||
|
|
||||||
In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as below:
|
|
||||||
|
|
||||||
```
|
|
||||||
$ id username
|
|
||||||
uid=1000(dockeruser) gid=1000(dockergroup) groups=1000(dockergroup)
|
|
||||||
```
|
|
||||||
|
|
||||||
## Version
|
|
||||||
- **19/12/2019:** Initial release
|
|
|
@ -1,80 +0,0 @@
|
||||||
version: '2.1'
|
|
||||||
|
|
||||||
networks:
|
|
||||||
net:
|
|
||||||
driver: bridge
|
|
||||||
|
|
||||||
services:
|
|
||||||
|
|
||||||
registrycache:
|
|
||||||
image: registry:2
|
|
||||||
container_name: registrycache
|
|
||||||
volumes:
|
|
||||||
- /path/on/host/registryproxy.yml:/etc/docker/registry/config.yml
|
|
||||||
- /path/on/host/registry:/var/lib/registry
|
|
||||||
networks:
|
|
||||||
- net
|
|
||||||
restart: unless-stopped
|
|
||||||
|
|
||||||
buildkite1:
|
|
||||||
image: authelia/buildkite
|
|
||||||
container_name: buildkite1
|
|
||||||
privileged: true
|
|
||||||
volumes:
|
|
||||||
- /path/on/host/docker:/buildkite/.docker
|
|
||||||
- /path/on/host/ssh:/buildkite/.ssh
|
|
||||||
- /path/on/host/go:/buildkite/.go
|
|
||||||
- /path/on/host/hooks:/buildkite/hooks
|
|
||||||
networks:
|
|
||||||
- net
|
|
||||||
restart: unless-stopped
|
|
||||||
environment:
|
|
||||||
- BUILDKITE_AGENT_NAME=named-node-1
|
|
||||||
- BUILDKITE_AGENT_TOKEN=
|
|
||||||
- BUILDKITE_AGENT_TAGS=
|
|
||||||
- BUILDKITE_AGENT_PRIORITY=
|
|
||||||
- PUID=1000
|
|
||||||
- PGID=1000
|
|
||||||
- TZ=Australia/Melbourne
|
|
||||||
|
|
||||||
buildkite2:
|
|
||||||
image: authelia/buildkite
|
|
||||||
container_name: buildkite2
|
|
||||||
privileged: true
|
|
||||||
volumes:
|
|
||||||
- /path/on/host/docker:/buildkite/.docker
|
|
||||||
- /path/on/host/ssh:/buildkite/.ssh
|
|
||||||
- /path/on/host/go:/buildkite/.go
|
|
||||||
- /path/on/host/hooks:/buildkite/hooks
|
|
||||||
networks:
|
|
||||||
- net
|
|
||||||
restart: unless-stopped
|
|
||||||
environment:
|
|
||||||
- BUILDKITE_AGENT_NAME=named-node-2
|
|
||||||
- BUILDKITE_AGENT_TOKEN=tokenhere
|
|
||||||
- BUILDKITE_AGENT_TAGS=
|
|
||||||
- BUILDKITE_AGENT_PRIORITY=
|
|
||||||
- PUID=1000
|
|
||||||
- PGID=1000
|
|
||||||
- TZ=Australia/Melbourne
|
|
||||||
|
|
||||||
buildkite3:
|
|
||||||
image: authelia/buildkite
|
|
||||||
container_name: buildkite3
|
|
||||||
privileged: true
|
|
||||||
volumes:
|
|
||||||
- /path/on/host/docker:/buildkite/.docker
|
|
||||||
- /path/on/host/ssh:/buildkite/.ssh
|
|
||||||
- /path/on/host/go:/buildkite/.go
|
|
||||||
- /path/on/host/hooks:/buildkite/hooks
|
|
||||||
networks:
|
|
||||||
- net
|
|
||||||
restart: unless-stopped
|
|
||||||
environment:
|
|
||||||
- BUILDKITE_AGENT_NAME=named-node-3
|
|
||||||
- BUILDKITE_AGENT_TOKEN=tokenhere
|
|
||||||
- BUILDKITE_AGENT_TAGS=
|
|
||||||
- BUILDKITE_AGENT_PRIORITY=
|
|
||||||
- PUID=1000
|
|
||||||
- PGID=1000
|
|
||||||
- TZ=Australia/Melbourne
|
|
|
@ -1,22 +0,0 @@
|
||||||
version: 0.1
|
|
||||||
log:
|
|
||||||
fields:
|
|
||||||
service: registry
|
|
||||||
storage:
|
|
||||||
cache:
|
|
||||||
blobdescriptor: inmemory
|
|
||||||
filesystem:
|
|
||||||
rootdirectory: /var/lib/registry
|
|
||||||
http:
|
|
||||||
addr: :5000
|
|
||||||
headers:
|
|
||||||
X-Content-Type-Options: [nosniff]
|
|
||||||
health:
|
|
||||||
storagedriver:
|
|
||||||
enabled: true
|
|
||||||
interval: 10s
|
|
||||||
threshold: 3
|
|
||||||
proxy:
|
|
||||||
remoteurl: https://registry-1.docker.io
|
|
||||||
username:
|
|
||||||
password:
|
|
|
@ -1,29 +0,0 @@
|
||||||
#!/usr/bin/with-contenv bash
|
|
||||||
|
|
||||||
PUID=${PUID:-911}
|
|
||||||
PGID=${PGID:-911}
|
|
||||||
|
|
||||||
groupmod -o -g "$PGID" buildkite
|
|
||||||
usermod -o -u "$PUID" buildkite
|
|
||||||
|
|
||||||
cat <<'EOF'
|
|
||||||
--------------------------------------------
|
|
||||||
/ \ _ _| |_| |__ ___| (_) __ _
|
|
||||||
/ _ \| | | | __| '_ \ / _ \ | |/ _` |
|
|
||||||
/ ___ \ |_| | |_| | | | __/ | | (_| |
|
|
||||||
/_/ \_\__,_|\__|_| |_|\___|_|_|\__,_|
|
|
||||||
____ ___
|
|
||||||
/ ___|_ _|
|
|
||||||
| | | |
|
|
||||||
| |___ | |
|
|
||||||
\____|___|
|
|
||||||
--------------------------------------------
|
|
||||||
GID/UID
|
|
||||||
--------------------------------------------
|
|
||||||
EOF
|
|
||||||
echo "
|
|
||||||
User uid: $(id -u buildkite)
|
|
||||||
User gid: $(id -g buildkite)
|
|
||||||
--------------------------------------------
|
|
||||||
"
|
|
||||||
chown buildkite:buildkite /buildkite
|
|
|
@ -1,5 +0,0 @@
|
||||||
#!/usr/bin/with-contenv bash
|
|
||||||
|
|
||||||
# permissions
|
|
||||||
chown -R buildkite:buildkite \
|
|
||||||
/buildkite
|
|
|
@ -1,3 +0,0 @@
|
||||||
{
|
|
||||||
"registry-mirrors": ["http://registrycache:5000"]
|
|
||||||
}
|
|
|
@ -1,4 +0,0 @@
|
||||||
#!/usr/bin/with-contenv bash
|
|
||||||
|
|
||||||
exec \
|
|
||||||
s6-setuidgid buildkite ssh-env-config.sh /usr/local/bin/buildkite-agent start
|
|
|
@ -1,4 +0,0 @@
|
||||||
#!/usr/bin/with-contenv bash
|
|
||||||
|
|
||||||
exec \
|
|
||||||
s6-setuidgid root dockerd-entrypoint.sh > /dev/null 2>&1
|
|
|
@ -1,8 +0,0 @@
|
||||||
#!/usr/bin/with-contenv bash
|
|
||||||
|
|
||||||
while [ ! -S "/run/docker.sock" ];
|
|
||||||
do
|
|
||||||
sleep 1;
|
|
||||||
done
|
|
||||||
chown root:buildkite /run/docker.sock
|
|
||||||
tail -f /dev/null
|
|
Loading…
Reference in New Issue
Block a user