update build and clean up
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
e05f088282
commit
938262d78f
5 changed files with 105 additions and 283 deletions
|
@ -23,7 +23,7 @@ steps:
|
|||
# - nix run .#login
|
||||
# - echo -n "$${PLUGIN_PASSWORD}" | podman login --username $${PLUGIN_USERNAME} --password-stdin $${PLUGIN_REGISTRY}
|
||||
- nix build .#nixos-runner
|
||||
- nix run .#regctl-push-container -- result
|
||||
- nix run .#push-container -- result
|
||||
# - podman load --input result | sed -n -e "s/Loaded image:.\\(.*\\)/\\1/p" > loaded-image
|
||||
# - cat loaded-image
|
||||
# - podman images
|
||||
|
|
31
.github/workflows/build.yaml
vendored
31
.github/workflows/build.yaml
vendored
|
@ -5,37 +5,8 @@ jobs:
|
|||
build:
|
||||
runs-on: ubuntu-latest
|
||||
container: docker.io/jcollie/nixos-runner:latest
|
||||
env:
|
||||
REGISTRY: ghcr.io
|
||||
REPOSITORY: jcollie/nixos-runner
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- run: set
|
||||
- run: nix build -L .#nixos-runner
|
||||
- uses: redhat-actions/podman-login@v1
|
||||
with:
|
||||
registry: ghcr.io/${{ github.repository_owner }}
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ github.token }}
|
||||
# - run: echo -n "${PASSWORD}" | podman login --username ${USERNAME} --password-stdin ${REPOSITORY}
|
||||
# env:
|
||||
# REPOSITORY: ghcr.io/${{ github.repository_owner }}
|
||||
# USERNAME: ${{ github.actor }}
|
||||
# PASSWORD: ${{ github.token }}
|
||||
- run: podman load --input result | sed -n -e "s/Loaded image:.\\(.*\\)/loaded-image=\\1/p" >> $GITHUB_OUTPUT
|
||||
id: podman-load-image
|
||||
- run: podman images
|
||||
- run: podman tag "${IMAGE}" "${REGISTRY}/${REPOSITORY}:${GITHUB_RUN_NUMBER}-${GITHUB_SHA:0:8}"
|
||||
env:
|
||||
IMAGE: ${{ steps.podman-load-image.outputs.loaded-image }}
|
||||
- run: podman tag "${IMAGE}" "${REGISTRY}/${REPOSITORY}:latest"
|
||||
env:
|
||||
IMAGE: ${{ steps.podman-load-image.outputs.loaded-image }}
|
||||
- run: podman images
|
||||
- run: podman push "${REGISTRY}/${REPOSITORY}:${GITHUB_RUN_NUMBER}-${GITHUB_SHA:0:8}"
|
||||
- run: podman push "${REGISTRY}/${REPOSITORY}:latest"
|
||||
- run: podman logout "${REGISTRY}"
|
||||
|
||||
# - run: nix run .#push-container -- result --registry ghcr.io --repository jcollie/nixos-runner
|
||||
# env:
|
||||
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- run: nix run .#push-container -- result --repository jcollie/nixos-runner
|
||||
|
|
96
flake.nix
96
flake.nix
|
@ -83,9 +83,9 @@
|
|||
|
||||
docker-client
|
||||
|
||||
self.packages.${system}.podman-push-container
|
||||
self.packages.${system}.docker-push-container
|
||||
self.packages.${system}.regctl-push-container
|
||||
# self.packages.${system}.podman-push-container
|
||||
# self.packages.${system}.docker-push-container
|
||||
self.packages.${system}.push-container
|
||||
];
|
||||
|
||||
flake-registry = null;
|
||||
|
@ -412,66 +412,64 @@
|
|||
];
|
||||
};
|
||||
};
|
||||
podman-push-container = pkgs.writeTextFile {
|
||||
name = "podman-push-container";
|
||||
destination = "/bin/podman-push-container";
|
||||
text = builtins.replaceStrings
|
||||
[
|
||||
"@nushell@"
|
||||
"@client@"
|
||||
]
|
||||
[
|
||||
"${pkgs.nushell}/bin/nu"
|
||||
"${pkgs.podman}/bin/podman"
|
||||
]
|
||||
(builtins.readFile ./push-container.nu);
|
||||
executable = true;
|
||||
};
|
||||
docker-push-container = pkgs.writeTextFile {
|
||||
name = "docker-push-container";
|
||||
destination = "/bin/docker-push-container";
|
||||
text = builtins.replaceStrings
|
||||
[
|
||||
"@nushell@"
|
||||
"@client@"
|
||||
]
|
||||
[
|
||||
"${pkgs.nushell}/bin/nu"
|
||||
"${docker-client}/bin/docker"
|
||||
]
|
||||
(builtins.readFile ./push-container.nu);
|
||||
executable = true;
|
||||
};
|
||||
regctl-push-container = pkgs.writeTextFile {
|
||||
name = "regctl-push-container";
|
||||
destination = "/bin/regctl-push-container";
|
||||
# podman-push-container = pkgs.writeTextFile {
|
||||
# name = "podman-push-container";
|
||||
# destination = "/bin/podman-push-container";
|
||||
# text = builtins.replaceStrings
|
||||
# [
|
||||
# "@nushell@"
|
||||
# "@client@"
|
||||
# ]
|
||||
# [
|
||||
# "${pkgs.nushell}/bin/nu"
|
||||
# "${pkgs.podman}/bin/podman"
|
||||
# ]
|
||||
# (builtins.readFile ./push-container.nu);
|
||||
# executable = true;
|
||||
# };
|
||||
# docker-push-container = pkgs.writeTextFile {
|
||||
# name = "docker-push-container";
|
||||
# destination = "/bin/docker-push-container";
|
||||
# text = builtins.replaceStrings
|
||||
# [
|
||||
# "@nushell@"
|
||||
# "@client@"
|
||||
# ]
|
||||
# [
|
||||
# "${pkgs.nushell}/bin/nu"
|
||||
# "${docker-client}/bin/docker"
|
||||
# ]
|
||||
# (builtins.readFile ./push-container.nu);
|
||||
# executable = true;
|
||||
# };
|
||||
push-container = pkgs.writeTextFile {
|
||||
name = "push-container";
|
||||
destination = "/bin/push-container";
|
||||
text = builtins.replaceStrings
|
||||
[
|
||||
"@nushell@"
|
||||
"@regctl@"
|
||||
"@gzip@"
|
||||
]
|
||||
[
|
||||
"${pkgs.nushell}/bin/nu"
|
||||
"${pkgs.regctl}/bin/regctl"
|
||||
"${pkgs.gzip}/bin/gzip"
|
||||
]
|
||||
(builtins.readFile ./regctl-push-container.nu);
|
||||
(builtins.readFile ./push-container.nu);
|
||||
executable = true;
|
||||
};
|
||||
};
|
||||
apps = {
|
||||
podman-push-container = {
|
||||
# podman-push-container = {
|
||||
# type = "app";
|
||||
# program = "${self.packages.${system}.podman-push-container}/bin/podman-push-container";
|
||||
# };
|
||||
# docker-push-container = {
|
||||
# type = "app";
|
||||
# program = "${self.packages.${system}.docker-push-container}/bin/docker-push-container";
|
||||
# };
|
||||
push-container = {
|
||||
type = "app";
|
||||
program = "${self.packages.${system}.podman-push-container}/bin/podman-push-container";
|
||||
};
|
||||
docker-push-container = {
|
||||
type = "app";
|
||||
program = "${self.packages.${system}.docker-push-container}/bin/docker-push-container";
|
||||
};
|
||||
regctl-push-container = {
|
||||
type = "app";
|
||||
program = "${self.packages.${system}.regctl-push-container}/bin/regctl-push-container";
|
||||
program = "${self.packages.${system}.push-container}/bin/push-container";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -2,6 +2,8 @@
|
|||
def main [
|
||||
input: string # tar.gz file containing container image to be pushed to repository
|
||||
...tags: string # Tags to be added to pushed container image
|
||||
--username: string = "" # username
|
||||
--password: string = "" # password
|
||||
--registry: string = "" # container registry
|
||||
--repository: string = "" # container repository
|
||||
--no-latest-tag # Don't add "latest" tag to list of tags
|
||||
|
@ -19,12 +21,6 @@ def main [
|
|||
$tags
|
||||
}
|
||||
|
||||
let tags = if (not $no_latest_tag) {
|
||||
$tags | append "latest"
|
||||
} else {
|
||||
$tags
|
||||
}
|
||||
|
||||
let tags = if (
|
||||
(not $no_github_tag)
|
||||
and
|
||||
|
@ -49,10 +45,19 @@ def main [
|
|||
$tags
|
||||
}
|
||||
|
||||
let tags = if (not $no_latest_tag) {
|
||||
$tags | append "latest"
|
||||
} else {
|
||||
$tags
|
||||
}
|
||||
|
||||
let auth = {username: null, password: null}
|
||||
|
||||
let auth = (
|
||||
if (
|
||||
if not ($username | is-empty) and ($password | is-empty) {
|
||||
print "Got username and password from command line"
|
||||
{username: $username, password: $password}
|
||||
} else if (
|
||||
(not ($env | get -i USERNAME | is-empty))
|
||||
and
|
||||
(not ($env | get -i PASSWORD | is-empty))
|
||||
|
@ -98,7 +103,7 @@ def main [
|
|||
} else {
|
||||
$registry
|
||||
}
|
||||
)
|
||||
) | parse --regex "(?:https?://)?(?P<rest>.*)" | get 0.rest
|
||||
|
||||
let repository = (
|
||||
if ($repository | is-empty) {
|
||||
|
@ -115,33 +120,51 @@ def main [
|
|||
}
|
||||
)
|
||||
|
||||
alias client = ^@client@ --log-level debug
|
||||
alias regctl = ^@regctl@ --verbosity warning
|
||||
alias gzip = ^@gzip@
|
||||
|
||||
$auth.password | client login --username $auth.username --password-stdin $registry
|
||||
regctl version
|
||||
regctl registry login $registry --user $auth.username --pass $auth.password
|
||||
|
||||
let load_result = (do { client load --input $input } | complete)
|
||||
if $load_result.exit_code != 0 {
|
||||
print $load_result.stderr
|
||||
exit 1
|
||||
# print "decompressing image: start"
|
||||
|
||||
# open $input | gzip --decompress | save --force --progress $"($input).tar"
|
||||
|
||||
# print "decompressing image: stop"
|
||||
|
||||
# let load_result = (do { regctl load --input $input } | complete)
|
||||
# if $load_result.exit_code != 0 {
|
||||
# print $load_result.stderr
|
||||
# exit 1
|
||||
# }
|
||||
|
||||
# let old_image = ($load_result.stdout | str trim | parse "Loaded image: {image}" | get 0.image)
|
||||
|
||||
$tags | enumerate | each {
|
||||
|item|
|
||||
if $item.index == 0 {
|
||||
let new_image = $"($registry)/($repository):($item.item)"
|
||||
print $"Pushing ($new_image)"
|
||||
regctl image import $new_image $input
|
||||
# let tag_result = (do { regctl image import $new_image $"($input).tar" } | complete)
|
||||
# if $tag_result.exit_code != 0 {
|
||||
# print $tag_result.stderr
|
||||
# exit 1
|
||||
# }
|
||||
print $"Pushed ($new_image)"
|
||||
} else {
|
||||
let old_image = $"($registry)/($repository):($tags | get 0)"
|
||||
let new_image = $"($registry)/($repository):($item.item)"
|
||||
print $"Copying ($old_image) ($new_image)"
|
||||
regctl image copy $old_image $new_image
|
||||
# let tag_result = (do { regctl image copy $old_image $new_image } | complete)
|
||||
# if $tag_result.exit_code != 0 {
|
||||
# print $tag_result.stderr
|
||||
# exit 1
|
||||
# }
|
||||
print $"Copied ($old_image) ($new_image)"
|
||||
}
|
||||
}
|
||||
|
||||
let old_image = ($load_result.stdout | str trim | parse "Loaded image: {image}" | get 0.image)
|
||||
|
||||
$tags | each {
|
||||
|tag|
|
||||
let new_image = $"($registry)/($repository):($tag)"
|
||||
let tag_result = (do { client tag $old_image $new_image } | complete)
|
||||
if $tag_result.exit_code != 0 {
|
||||
print $tag_result.stderr
|
||||
exit 1
|
||||
}
|
||||
let push_result = (do { client push $new_image } | complete)
|
||||
if $push_result.exit_code != 0 {
|
||||
print $push_result.stderr
|
||||
exit 1
|
||||
}
|
||||
print $"Pushed ($new_image)"
|
||||
}
|
||||
|
||||
client logout $registry
|
||||
regctl registry logout $registry
|
||||
}
|
||||
|
|
|
@ -1,170 +0,0 @@
|
|||
#!@nushell@
|
||||
def main [
|
||||
input: string # tar.gz file containing container image to be pushed to repository
|
||||
...tags: string # Tags to be added to pushed container image
|
||||
--username: string = "" # username
|
||||
--password: string = "" # password
|
||||
--registry: string = "" # container registry
|
||||
--repository: string = "" # container repository
|
||||
--no-latest-tag # Don't add "latest" tag to list of tags
|
||||
--no-drone-tag # Don't add tag calculated from DRONE_BUILD_NUMBER and DRONE_COMMIT_SHA
|
||||
--no-github-tag # Don't add tag calculated from GITHUB_RUN_NUMBER and GITHUB_SHA
|
||||
] {
|
||||
if not ($input | path exists) {
|
||||
print $"($input) does not exist!"
|
||||
exit 1
|
||||
}
|
||||
|
||||
let tags = if not ($env | get -i PLUGIN_TAGS | is-empty) {
|
||||
$tags | append ($env.PLUGIN_TAGS | split row ',' | str trim)
|
||||
} else {
|
||||
$tags
|
||||
}
|
||||
|
||||
let tags = if (
|
||||
(not $no_github_tag)
|
||||
and
|
||||
(not ($env | get -i GITHUB_RUN_NUMBER | is-empty))
|
||||
and
|
||||
(not ($env | get -i GITHUB_SHA | is-empty))
|
||||
) {
|
||||
$tags | append $"($env.GITHUB_RUN_NUMBER)-($env.GITHUB_SHA | str substring 0..8)"
|
||||
} else {
|
||||
$tags
|
||||
}
|
||||
|
||||
let tags = if (
|
||||
(not $no_drone_tag)
|
||||
and
|
||||
(not ($env | get -i DRONE_BUILD_NUMBER | is-empty))
|
||||
and
|
||||
(not ($env | get -i DRONE_COMMIT_SHA | is-empty))
|
||||
) {
|
||||
$tags | append $"($env.DRONE_BUILD_NUMBER)-($env.DRONE_COMMIT_SHA | str substring 0..8)"
|
||||
} else {
|
||||
$tags
|
||||
}
|
||||
|
||||
let tags = if (not $no_latest_tag) {
|
||||
$tags | append "latest"
|
||||
} else {
|
||||
$tags
|
||||
}
|
||||
|
||||
let auth = {username: null, password: null}
|
||||
|
||||
let auth = (
|
||||
if not ($username | is-empty) and ($password | is-empty) {
|
||||
print "Got username and password from command line"
|
||||
{username: $username, password: $password}
|
||||
} else if (
|
||||
(not ($env | get -i USERNAME | is-empty))
|
||||
and
|
||||
(not ($env | get -i PASSWORD | is-empty))
|
||||
) {
|
||||
print "Got username and password from USERNAME and PASSWORD"
|
||||
{username: $env.USERNAME, password: $env.PASSWORD}
|
||||
} else if (
|
||||
(not ($env | get -i PLUGIN_USERNAME | is-empty))
|
||||
and
|
||||
(not ($env | get -i PLUGIN_PASSWORD | is-empty))
|
||||
) {
|
||||
print "Got username and password from PLUGIN_USERNAME and PLUGIN_PASSWORD"
|
||||
{username: $env.PLUGIN_USERNAME, password: $env.PLUGIN_PASSWORD}
|
||||
} else if (
|
||||
(not ($env | get -i GITHUB_ACTOR | is-empty))
|
||||
and
|
||||
(not ($env | get -i GITHUB_TOKEN | is-empty))
|
||||
) {
|
||||
print "Got username and password from GITHUB_ACTOR and GITHUB_TOKEN"
|
||||
{username: $env.GITHUB_ACTOR, password: $env.GITHUB_TOKEN}
|
||||
} else {
|
||||
print "Unable to determine authentication parameters!"
|
||||
exit 1
|
||||
}
|
||||
)
|
||||
|
||||
let registry = (
|
||||
if ($registry | is-empty) {
|
||||
if not ($env | get -i PLUGIN_REGISTRY | is-empty) {
|
||||
$env.PLUGIN_REGISTRY
|
||||
} else if not ($env | get -i REGISTRY | is-empty) {
|
||||
$env.REGISTRY
|
||||
} else if (
|
||||
(not ($env | get -i GITHUB_SERVER_URL | is-empty))
|
||||
and
|
||||
(not ($env | get -i GITHUB_ACTOR | is-empty))
|
||||
) {
|
||||
$"($env.GITHUB_SERVER_URL)/($env.GITHUB_ACTOR)"
|
||||
} else {
|
||||
print "No registry specified!"
|
||||
exit 1
|
||||
}
|
||||
} else {
|
||||
$registry
|
||||
}
|
||||
) | parse --regex "(?:https?://)?(?P<rest>.*)" | get 0.rest
|
||||
|
||||
let repository = (
|
||||
if ($repository | is-empty) {
|
||||
if not ($env | get -i PLUGIN_REPOSITORY | is-empty) {
|
||||
$env.PLUGIN_REPOSITORY
|
||||
} else if not ($env | get -i REPOSITORY | is-empty) {
|
||||
$env.REPOSITORY
|
||||
} else {
|
||||
print "No repository specified!"
|
||||
exit 1
|
||||
}
|
||||
} else {
|
||||
$repository
|
||||
}
|
||||
)
|
||||
|
||||
alias regctl = ^@regctl@ --verbosity warning
|
||||
alias gzip = ^@gzip@
|
||||
|
||||
regctl version
|
||||
regctl registry login $registry --user $auth.username --pass $auth.password
|
||||
|
||||
# print "decompressing image: start"
|
||||
|
||||
# open $input | gzip --decompress | save --force --progress $"($input).tar"
|
||||
|
||||
# print "decompressing image: stop"
|
||||
|
||||
# let load_result = (do { regctl load --input $input } | complete)
|
||||
# if $load_result.exit_code != 0 {
|
||||
# print $load_result.stderr
|
||||
# exit 1
|
||||
# }
|
||||
|
||||
# let old_image = ($load_result.stdout | str trim | parse "Loaded image: {image}" | get 0.image)
|
||||
|
||||
$tags | enumerate | each {
|
||||
|item|
|
||||
if $item.index == 0 {
|
||||
let new_image = $"($registry)/($repository):($item.item)"
|
||||
print $"Pushing ($new_image)"
|
||||
regctl image import $new_image $input
|
||||
# let tag_result = (do { regctl image import $new_image $"($input).tar" } | complete)
|
||||
# if $tag_result.exit_code != 0 {
|
||||
# print $tag_result.stderr
|
||||
# exit 1
|
||||
# }
|
||||
print $"Pushed ($new_image)"
|
||||
} else {
|
||||
let old_image = $"($registry)/($repository):($tags | get 0)"
|
||||
let new_image = $"($registry)/($repository):($item.item)"
|
||||
print $"Copying ($old_image) ($new_image)"
|
||||
regctl image copy $old_image $new_image
|
||||
# let tag_result = (do { regctl image copy $old_image $new_image } | complete)
|
||||
# if $tag_result.exit_code != 0 {
|
||||
# print $tag_result.stderr
|
||||
# exit 1
|
||||
# }
|
||||
print $"Copied ($old_image) ($new_image)"
|
||||
}
|
||||
}
|
||||
|
||||
regctl registry logout $registry
|
||||
}
|
Loading…
Reference in a new issue