mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
Add Buildkite CI tooling
This commit is contained in:
parent
09b4e4e57e
commit
9e7dac1107
6
ci/.dockerignore
Normal file
6
ci/.dockerignore
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
.git
|
||||||
|
.gitignore
|
||||||
|
.github
|
||||||
|
.gitattributes
|
||||||
|
READMETEMPLATE.md
|
||||||
|
README.md
|
77
ci/Dockerfile
Normal file
77
ci/Dockerfile
Normal file
|
@ -0,0 +1,77 @@
|
||||||
|
FROM docker:dind
|
||||||
|
|
||||||
|
# set labels
|
||||||
|
LABEL maintainer="Nightah"
|
||||||
|
|
||||||
|
# set application versions
|
||||||
|
ARG ARCH="amd64"
|
||||||
|
ARG BUILDKITE_VERSION="3.17.0"
|
||||||
|
ARG OVERLAY_VERSION="v1.22.1.0"
|
||||||
|
|
||||||
|
# environment variables
|
||||||
|
ENV PS1="$(whoami)@$(hostname):$(pwd)$ " \
|
||||||
|
HOME="/buildkite" \
|
||||||
|
TERM="xterm"
|
||||||
|
|
||||||
|
# set runtime variables
|
||||||
|
ENV BUILDKITE_AGENT_CONFIG=/buildkite/buildkite-agent.cfg \
|
||||||
|
GOPATH="/buildkite/.go"
|
||||||
|
|
||||||
|
# add local files
|
||||||
|
COPY root/ /
|
||||||
|
|
||||||
|
# modifications
|
||||||
|
RUN \
|
||||||
|
echo "**** Install Authelia CI pre-requisites ****" && \
|
||||||
|
echo "@edge http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories && \
|
||||||
|
echo "@edget http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \
|
||||||
|
apk add --no-cache \
|
||||||
|
bash \
|
||||||
|
ca-certificates \
|
||||||
|
coreutils \
|
||||||
|
chromium \
|
||||||
|
chromium-chromedriver \
|
||||||
|
curl \
|
||||||
|
docker-compose \
|
||||||
|
git \
|
||||||
|
hub@edget \
|
||||||
|
go@edge \
|
||||||
|
jq \
|
||||||
|
libc6-compat \
|
||||||
|
libstdc++ \
|
||||||
|
nodejs \
|
||||||
|
npm \
|
||||||
|
openssh-client \
|
||||||
|
perl \
|
||||||
|
rsync \
|
||||||
|
shadow \
|
||||||
|
sudo \
|
||||||
|
tzdata \
|
||||||
|
yarn@edge && \
|
||||||
|
echo "**** Add s6 overlay ****" && \
|
||||||
|
cd /tmp && \
|
||||||
|
curl -Lfs -o s6-overlay.tar.gz "https://github.com/just-containers/s6-overlay/releases/download/${OVERLAY_VERSION}/s6-overlay-${ARCH}.tar.gz" && \
|
||||||
|
tar xfz s6-overlay.tar.gz -C / && \
|
||||||
|
echo "**** Patch CVE-2019-5021 ****" && \
|
||||||
|
sed -i -e 's/^root::/root:!:/' /etc/shadow && \
|
||||||
|
echo "**** Create abc user and make our folders ****" && \
|
||||||
|
useradd -u 911 -U -d /buildkite -s /bin/false abc && \
|
||||||
|
usermod -G wheel abc && \
|
||||||
|
sed -i 's/# %wheel/%wheel/g' /etc/sudoers && \
|
||||||
|
echo "**** Install Buildkite ****" && \
|
||||||
|
mkdir -p /buildkite/builds /buildkite/hooks /buildkite/plugins && \
|
||||||
|
curl -Lfs -o /usr/local/bin/ssh-env-config.sh https://raw.githubusercontent.com/buildkite/docker-ssh-env-config/master/ssh-env-config.sh && \
|
||||||
|
chmod +x /usr/local/bin/ssh-env-config.sh && \
|
||||||
|
curl -Lfs -o buildkite-agent.tar.gz https://github.com/buildkite/agent/releases/download/v${BUILDKITE_VERSION}/buildkite-agent-linux-${ARCH}-${BUILDKITE_VERSION}.tar.gz && \
|
||||||
|
tar xf buildkite-agent.tar.gz && \
|
||||||
|
sed -i 's/token=/#token=/g' buildkite-agent.cfg && \
|
||||||
|
sed -i 's/\$HOME\/.buildkite-agent/\/buildkite/g' buildkite-agent.cfg && \
|
||||||
|
mv buildkite-agent.cfg /buildkite/buildkite-agent.cfg && \
|
||||||
|
mv buildkite-agent /usr/local/bin/buildkite-agent && \
|
||||||
|
echo "**** Cleanup ****" && \
|
||||||
|
rm -rf /tmp/*
|
||||||
|
|
||||||
|
# ports and volumes
|
||||||
|
VOLUME /buildkite
|
||||||
|
|
||||||
|
ENTRYPOINT ["/init"]
|
29
ci/root/etc/cont-init.d/10-adduser
Normal file
29
ci/root/etc/cont-init.d/10-adduser
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
#!/usr/bin/with-contenv bash
|
||||||
|
|
||||||
|
PUID=${PUID:-911}
|
||||||
|
PGID=${PGID:-911}
|
||||||
|
|
||||||
|
groupmod -o -g "$PGID" abc
|
||||||
|
usermod -o -u "$PUID" abc
|
||||||
|
|
||||||
|
cat <<'EOF'
|
||||||
|
--------------------------------------------
|
||||||
|
/ \ _ _| |_| |__ ___| (_) __ _
|
||||||
|
/ _ \| | | | __| '_ \ / _ \ | |/ _` |
|
||||||
|
/ ___ \ |_| | |_| | | | __/ | | (_| |
|
||||||
|
/_/ \_\__,_|\__|_| |_|\___|_|_|\__,_|
|
||||||
|
____ ___
|
||||||
|
/ ___|_ _|
|
||||||
|
| | | |
|
||||||
|
| |___ | |
|
||||||
|
\____|___|
|
||||||
|
--------------------------------------------
|
||||||
|
GID/UID
|
||||||
|
--------------------------------------------
|
||||||
|
EOF
|
||||||
|
echo "
|
||||||
|
User uid: $(id -u abc)
|
||||||
|
User gid: $(id -g abc)
|
||||||
|
--------------------------------------------
|
||||||
|
"
|
||||||
|
chown abc:abc /buildkite
|
5
ci/root/etc/cont-init.d/30-config
Normal file
5
ci/root/etc/cont-init.d/30-config
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
#!/usr/bin/with-contenv bash
|
||||||
|
|
||||||
|
# permissions
|
||||||
|
chown -R abc:abc \
|
||||||
|
/buildkite
|
3
ci/root/etc/docker/daemon.json
Normal file
3
ci/root/etc/docker/daemon.json
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
{
|
||||||
|
"registry-mirrors": ["http://registrycache:5000"]
|
||||||
|
}
|
4
ci/root/etc/services.d/buildkite/run
Normal file
4
ci/root/etc/services.d/buildkite/run
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
#!/usr/bin/with-contenv bash
|
||||||
|
|
||||||
|
exec \
|
||||||
|
s6-setuidgid abc ssh-env-config.sh /usr/local/bin/buildkite-agent start
|
4
ci/root/etc/services.d/dockerd/run
Normal file
4
ci/root/etc/services.d/dockerd/run
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
#!/usr/bin/with-contenv bash
|
||||||
|
|
||||||
|
exec \
|
||||||
|
s6-setuidgid root dockerd-entrypoint.sh > /dev/null 2>&1
|
8
ci/root/etc/services.d/dockerperms/run
Normal file
8
ci/root/etc/services.d/dockerperms/run
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
#!/usr/bin/with-contenv bash
|
||||||
|
|
||||||
|
while [ ! -S "/run/docker.sock" ];
|
||||||
|
do
|
||||||
|
sleep 1;
|
||||||
|
done
|
||||||
|
chown root:abc /run/docker.sock
|
||||||
|
tail -f /dev/null
|
Loading…
Reference in New Issue
Block a user