From 2d062284d6b44e48f923038b3eb8189a1e7caaee Mon Sep 17 00:00:00 2001 From: Amir Zarrinkafsh Date: Sun, 22 Dec 2019 05:58:21 +1100 Subject: [PATCH] Move Buildkite CI tooling to new repo https://github.com/authelia/buildkite https://hub.docker.com/r/authelia/buildkite --- ci/.dockerignore | 6 -- ci/Dockerfile | 77 -------------------- ci/README.md | 99 -------------------------- ci/docker-compose.yml | 80 --------------------- ci/registryproxy.yml | 22 ------ ci/root/etc/cont-init.d/10-adduser | 29 -------- ci/root/etc/cont-init.d/30-config | 5 -- ci/root/etc/docker/daemon.json | 3 - ci/root/etc/services.d/buildkite/run | 4 -- ci/root/etc/services.d/dockerd/run | 4 -- ci/root/etc/services.d/dockerperms/run | 8 --- 11 files changed, 337 deletions(-) delete mode 100644 ci/.dockerignore delete mode 100644 ci/Dockerfile delete mode 100644 ci/README.md delete mode 100644 ci/docker-compose.yml delete mode 100644 ci/registryproxy.yml delete mode 100644 ci/root/etc/cont-init.d/10-adduser delete mode 100644 ci/root/etc/cont-init.d/30-config delete mode 100644 ci/root/etc/docker/daemon.json delete mode 100644 ci/root/etc/services.d/buildkite/run delete mode 100644 ci/root/etc/services.d/dockerd/run delete mode 100644 ci/root/etc/services.d/dockerperms/run diff --git a/ci/.dockerignore b/ci/.dockerignore deleted file mode 100644 index df5e3103..00000000 --- a/ci/.dockerignore +++ /dev/null @@ -1,6 +0,0 @@ -.git -.gitignore -.github -.gitattributes -READMETEMPLATE.md -README.md \ No newline at end of file diff --git a/ci/Dockerfile b/ci/Dockerfile deleted file mode 100644 index e965ffac..00000000 --- a/ci/Dockerfile +++ /dev/null @@ -1,77 +0,0 @@ -FROM docker:dind - -# set labels -LABEL maintainer="Nightah" - -# set application versions -ARG ARCH="amd64" -ARG BUILDKITE_VERSION="3.17.0" -ARG OVERLAY_VERSION="v1.22.1.0" - -# environment variables -ENV PS1="$(whoami)@$(hostname):$(pwd)$ " \ -HOME="/buildkite" \ -TERM="xterm" - -# set runtime variables -ENV BUILDKITE_AGENT_CONFIG=/buildkite/buildkite-agent.cfg \ -GOPATH="/buildkite/.go" - -# add local files -COPY root/ / - -# modifications -RUN \ - echo "**** Install Authelia CI pre-requisites ****" && \ - echo "@edge http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories && \ - echo "@edget http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \ - apk add --no-cache \ - bash \ - ca-certificates \ - coreutils \ - chromium \ - chromium-chromedriver \ - curl \ - docker-compose \ - git \ - hub@edget \ - go@edge \ - jq \ - libc6-compat \ - libstdc++ \ - nodejs \ - npm \ - openssh-client \ - perl \ - rsync \ - shadow \ - sudo \ - tzdata \ - yarn@edge && \ - echo "**** Add s6 overlay ****" && \ - cd /tmp && \ - curl -Lfs -o s6-overlay.tar.gz "https://github.com/just-containers/s6-overlay/releases/download/${OVERLAY_VERSION}/s6-overlay-${ARCH}.tar.gz" && \ - tar xfz s6-overlay.tar.gz -C / && \ - echo "**** Patch CVE-2019-5021 ****" && \ - sed -i -e 's/^root::/root:!:/' /etc/shadow && \ - echo "**** Create buildkite user and make our folders ****" && \ - useradd -u 911 -U -d /buildkite -s /bin/false buildkite && \ - usermod -G wheel buildkite && \ - sed -i 's/# %wheel/%wheel/g' /etc/sudoers && \ - echo "**** Install Buildkite ****" && \ - mkdir -p /buildkite/builds /buildkite/hooks /buildkite/plugins && \ - curl -Lfs -o /usr/local/bin/ssh-env-config.sh https://raw.githubusercontent.com/buildkite/docker-ssh-env-config/master/ssh-env-config.sh && \ - chmod +x /usr/local/bin/ssh-env-config.sh && \ - curl -Lfs -o buildkite-agent.tar.gz https://github.com/buildkite/agent/releases/download/v${BUILDKITE_VERSION}/buildkite-agent-linux-${ARCH}-${BUILDKITE_VERSION}.tar.gz && \ - tar xf buildkite-agent.tar.gz && \ - sed -i 's/token=/#token=/g' buildkite-agent.cfg && \ - sed -i 's/\$HOME\/.buildkite-agent/\/buildkite/g' buildkite-agent.cfg && \ - mv buildkite-agent.cfg /buildkite/buildkite-agent.cfg && \ - mv buildkite-agent /usr/local/bin/buildkite-agent && \ - echo "**** Cleanup ****" && \ - rm -rf /tmp/* - -# ports and volumes -VOLUME /buildkite - -ENTRYPOINT ["/init"] \ No newline at end of file diff --git a/ci/README.md b/ci/README.md deleted file mode 100644 index bb24922f..00000000 --- a/ci/README.md +++ /dev/null @@ -1,99 +0,0 @@ -[logo]: https://github.com/clems4ever/authelia/raw/master/docs/images/authelia-title.png "Authelia" -[![alt text][logo]](https://www.authelia.com/) - -# authelia/buildkite -[![Docker Pulls](https://img.shields.io/docker/pulls/authelia/buildkite.svg)](https://hub.docker.com/r/authelia/buildkite/) [![Docker Stars](https://img.shields.io/docker/stars/authelia/buildkite.svg)](https://hub.docker.com/r/authelia/buildkite/) - -The [buildkite agent](https://buildkite.com/docs/agent/v3) is a small, reliable and cross-platform build runner that makes it easy to run automated builds on your own infrastructure. Its main responsibilities are polling buildkite.com for work, running build jobs, reporting back the status code and output log of the job, and uploading the job's artifacts. - -This custom image is based on the `docker:dind` to provide docker-in-docker alongside Buildkite to support the automated integration cases run for Authelia's CI process. -The image will be re-built if any updates are made to the base `docker:dind` image. - -This image shamelessly utilises some of the fine work by the team over at [LinuxServer.io](https://www.linuxserver.io/), credits to their [alpine baseimage](https://github.com/linuxserver/docker-baseimage-alpine/). - -## Usage - -Here are some example snippets to help you get started creating a container. - -An example `docker-compose.yml` has also been provided in the repo which includes three nodes and a local registry cache. - -### docker - -``` -docker create \ - --name=buildkite1 \ - -e BUILDKITE_AGENT_NAME=named-node-1 \ - -e BUILDKITE_AGENT_TOKEN=tokenhere \ - -e BUILDKITE_AGENT_TAGS=tags=here,moretags=here \ - -e BUILDKITE_AGENT_PRIORITY=priorityhere \ - -e PUID=1000 \ - -e PGID=1000 \ - -e TZ=Australia/Melbourne \ - -v /docker:/buildkite/.docker \ - -v /ssh:/buildkite/.ssh \ - -v /go:/buildkite/.go \ - -v /hooks:/buildkite/hooks \ - --restart unless-stopped \ - --privileged \ - authelia/buildkite -``` -### docker-compose - -Compatible with docker-compose v2 schemas. - -``` ---- -version: "2.1" -services: - buildkite1: - image: authelia/buildkite - container_name: buildkite1 - privileged: true - volumes: - - /docker:/buildkite/.docker - - /ssh:/buildkite/.ssh - - /go:/buildkite/.go - - /hooks:/buildkite/hooks - restart: unless-stopped - environment: - - BUILDKITE_AGENT_NAME=named-node-1 - - BUILDKITE_AGENT_TOKEN=tokenhere - - BUILDKITE_AGENT_TAGS=tags=here,moretags=here - - BUILDKITE_AGENT_PRIORITY=priorityhere - - PUID=1000 - - PGID=1000 - - TZ=Australia/Melbourne -``` -## Parameters - -Container images are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `:` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container. - -| Parameter | Function | -| :----: | --- | -| `-e BUILDKITE_AGENT_NAME=named-node-1` | [agent name](https://buildkite.com/docs/agent/v3/configuration) for buildkite agent on specified node | -| `-e BUILDKITE_AGENT_TOKEN=tokenhere` | [agent token](https://buildkite.com/docs/agent/v3/tokens) for specified pipeline | -| `-e BUILDKITE_AGENT_TAGS=tags=here,moretags=here` | [agent tags](https://buildkite.com/docs/agent/v3/cli-start#setting-tags) on specified node, tag=value comma separated | -| `-e BUILDKITE_AGENT_PRIORITY=1` | [agent priority](https://buildkite.com/docs/agent/v3/prioritization) | -| `-e PUID=1000` | for UserID - see below for explanation | -| `-e PGID=1000` | for GroupID - see below for explanation | -| `-e TZ=Australia/Melbourne` | for setting timezone information, eg Australia/Melbourne | -| `-v /buildkite/.docker` | Docker `config.json` stored here for permissions | -| `-v /buildkite/.ssh` | SSH `id_rsa` and `ida_rsa.pub` stored here for [GitHub cloning](https://buildkite.com/docs/agent/v3/ssh-keys) | -| `-v /buildkite/.go` | $GOPATH, set this location to share cache between multiple node containers | -| `-v /buildkite/hooks` | Used to provide secrets in to Buildkite such as `DOCKER_USERNAME` `DOCKER_PASSWORD` and `GITHUB_TOKEN` for publish and clean up steps | - -## User / Group Identifiers - -When using volumes (`-v` flags) permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`. - -Ensure any volume directories on the host are owned by the same user you specify and any permissions issues will vanish like magic. - -In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as below: - -``` - $ id username - uid=1000(dockeruser) gid=1000(dockergroup) groups=1000(dockergroup) -``` - -## Version -- **19/12/2019:** Initial release diff --git a/ci/docker-compose.yml b/ci/docker-compose.yml deleted file mode 100644 index 0941726c..00000000 --- a/ci/docker-compose.yml +++ /dev/null @@ -1,80 +0,0 @@ -version: '2.1' - -networks: - net: - driver: bridge - -services: - - registrycache: - image: registry:2 - container_name: registrycache - volumes: - - /path/on/host/registryproxy.yml:/etc/docker/registry/config.yml - - /path/on/host/registry:/var/lib/registry - networks: - - net - restart: unless-stopped - - buildkite1: - image: authelia/buildkite - container_name: buildkite1 - privileged: true - volumes: - - /path/on/host/docker:/buildkite/.docker - - /path/on/host/ssh:/buildkite/.ssh - - /path/on/host/go:/buildkite/.go - - /path/on/host/hooks:/buildkite/hooks - networks: - - net - restart: unless-stopped - environment: - - BUILDKITE_AGENT_NAME=named-node-1 - - BUILDKITE_AGENT_TOKEN= - - BUILDKITE_AGENT_TAGS= - - BUILDKITE_AGENT_PRIORITY= - - PUID=1000 - - PGID=1000 - - TZ=Australia/Melbourne - - buildkite2: - image: authelia/buildkite - container_name: buildkite2 - privileged: true - volumes: - - /path/on/host/docker:/buildkite/.docker - - /path/on/host/ssh:/buildkite/.ssh - - /path/on/host/go:/buildkite/.go - - /path/on/host/hooks:/buildkite/hooks - networks: - - net - restart: unless-stopped - environment: - - BUILDKITE_AGENT_NAME=named-node-2 - - BUILDKITE_AGENT_TOKEN=tokenhere - - BUILDKITE_AGENT_TAGS= - - BUILDKITE_AGENT_PRIORITY= - - PUID=1000 - - PGID=1000 - - TZ=Australia/Melbourne - - buildkite3: - image: authelia/buildkite - container_name: buildkite3 - privileged: true - volumes: - - /path/on/host/docker:/buildkite/.docker - - /path/on/host/ssh:/buildkite/.ssh - - /path/on/host/go:/buildkite/.go - - /path/on/host/hooks:/buildkite/hooks - networks: - - net - restart: unless-stopped - environment: - - BUILDKITE_AGENT_NAME=named-node-3 - - BUILDKITE_AGENT_TOKEN=tokenhere - - BUILDKITE_AGENT_TAGS= - - BUILDKITE_AGENT_PRIORITY= - - PUID=1000 - - PGID=1000 - - TZ=Australia/Melbourne \ No newline at end of file diff --git a/ci/registryproxy.yml b/ci/registryproxy.yml deleted file mode 100644 index b46e6f29..00000000 --- a/ci/registryproxy.yml +++ /dev/null @@ -1,22 +0,0 @@ -version: 0.1 -log: - fields: - service: registry -storage: - cache: - blobdescriptor: inmemory - filesystem: - rootdirectory: /var/lib/registry -http: - addr: :5000 - headers: - X-Content-Type-Options: [nosniff] -health: - storagedriver: - enabled: true - interval: 10s - threshold: 3 -proxy: - remoteurl: https://registry-1.docker.io - username: - password: \ No newline at end of file diff --git a/ci/root/etc/cont-init.d/10-adduser b/ci/root/etc/cont-init.d/10-adduser deleted file mode 100644 index 1dc56c50..00000000 --- a/ci/root/etc/cont-init.d/10-adduser +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/with-contenv bash - -PUID=${PUID:-911} -PGID=${PGID:-911} - -groupmod -o -g "$PGID" buildkite -usermod -o -u "$PUID" buildkite - -cat <<'EOF' --------------------------------------------- - / \ _ _| |_| |__ ___| (_) __ _ - / _ \| | | | __| '_ \ / _ \ | |/ _` | - / ___ \ |_| | |_| | | | __/ | | (_| | -/_/ \_\__,_|\__|_| |_|\___|_|_|\__,_| - ____ ___ - / ___|_ _| - | | | | - | |___ | | - \____|___| --------------------------------------------- -GID/UID --------------------------------------------- -EOF -echo " -User uid: $(id -u buildkite) -User gid: $(id -g buildkite) --------------------------------------------- -" -chown buildkite:buildkite /buildkite \ No newline at end of file diff --git a/ci/root/etc/cont-init.d/30-config b/ci/root/etc/cont-init.d/30-config deleted file mode 100644 index 6eff462c..00000000 --- a/ci/root/etc/cont-init.d/30-config +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/with-contenv bash - -# permissions -chown -R buildkite:buildkite \ - /buildkite \ No newline at end of file diff --git a/ci/root/etc/docker/daemon.json b/ci/root/etc/docker/daemon.json deleted file mode 100644 index e14a48e8..00000000 --- a/ci/root/etc/docker/daemon.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "registry-mirrors": ["http://registrycache:5000"] -} \ No newline at end of file diff --git a/ci/root/etc/services.d/buildkite/run b/ci/root/etc/services.d/buildkite/run deleted file mode 100644 index 6ef62682..00000000 --- a/ci/root/etc/services.d/buildkite/run +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/with-contenv bash - -exec \ - s6-setuidgid buildkite ssh-env-config.sh /usr/local/bin/buildkite-agent start \ No newline at end of file diff --git a/ci/root/etc/services.d/dockerd/run b/ci/root/etc/services.d/dockerd/run deleted file mode 100644 index 567d53f9..00000000 --- a/ci/root/etc/services.d/dockerd/run +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/with-contenv bash - -exec \ - s6-setuidgid root dockerd-entrypoint.sh > /dev/null 2>&1 \ No newline at end of file diff --git a/ci/root/etc/services.d/dockerperms/run b/ci/root/etc/services.d/dockerperms/run deleted file mode 100644 index 4a2453e3..00000000 --- a/ci/root/etc/services.d/dockerperms/run +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/with-contenv bash - -while [ ! -S "/run/docker.sock" ]; -do - sleep 1; -done -chown root:buildkite /run/docker.sock -tail -f /dev/null \ No newline at end of file