jeff/nixos-runner
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

update build and clean up
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse source
This commit is contained in:
Jeffrey C. Ollie 2023-08-29 08:54:46 -05:00
parent e05f088282
commit 938262d78f
Signed by: jeff
GPG key ID: 6F86035A6D97044E
5 changed files with 105 additions and 283 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.drone.yml
View file

@ -23,7 +23,7 @@ steps:
# - nix run .#login # - nix run .#login
# - echo -n "$${PLUGIN_PASSWORD}" | podman login --username $${PLUGIN_USERNAME} --password-stdin $${PLUGIN_REGISTRY} # - echo -n "$${PLUGIN_PASSWORD}" | podman login --username $${PLUGIN_USERNAME} --password-stdin $${PLUGIN_REGISTRY}
- nix build .#nixos-runner - nix build .#nixos-runner
- nix run .#regctl-push-container -- result - nix run .#push-container -- result
# - podman load --input result | sed -n -e "s/Loaded image:.\\(.*\\)/\\1/p" > loaded-image # - podman load --input result | sed -n -e "s/Loaded image:.\\(.*\\)/\\1/p" > loaded-image
# - cat loaded-image # - cat loaded-image
# - podman images # - podman images

31
.github/workflows/build.yaml vendored
View file

@ -5,37 +5,8 @@ jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: docker.io/jcollie/nixos-runner:latest container: docker.io/jcollie/nixos-runner:latest
env:
REGISTRY: ghcr.io
REPOSITORY: jcollie/nixos-runner
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- run: set - run: set
- run: nix build -L .#nixos-runner - run: nix build -L .#nixos-runner
- uses: redhat-actions/podman-login@v1 - run: nix run .#push-container -- result --repository jcollie/nixos-runner
with:
registry: ghcr.io/${{ github.repository_owner }}
username: ${{ github.actor }}
password: ${{ github.token }}
# - run: echo -n "${PASSWORD}" | podman login --username ${USERNAME} --password-stdin ${REPOSITORY}
# env:
# REPOSITORY: ghcr.io/${{ github.repository_owner }}
# USERNAME: ${{ github.actor }}
# PASSWORD: ${{ github.token }}
- run: podman load --input result | sed -n -e "s/Loaded image:.\\(.*\\)/loaded-image=\\1/p" >> $GITHUB_OUTPUT
id: podman-load-image
- run: podman images
- run: podman tag "${IMAGE}" "${REGISTRY}/${REPOSITORY}:${GITHUB_RUN_NUMBER}-${GITHUB_SHA:0:8}"
env:
IMAGE: ${{ steps.podman-load-image.outputs.loaded-image }}
- run: podman tag "${IMAGE}" "${REGISTRY}/${REPOSITORY}:latest"
env:
IMAGE: ${{ steps.podman-load-image.outputs.loaded-image }}
- run: podman images
- run: podman push "${REGISTRY}/${REPOSITORY}:${GITHUB_RUN_NUMBER}-${GITHUB_SHA:0:8}"
- run: podman push "${REGISTRY}/${REPOSITORY}:latest"
- run: podman logout "${REGISTRY}"
# - run: nix run .#push-container -- result --registry ghcr.io --repository jcollie/nixos-runner
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

96
flake.nix
View file

@ -83,9 +83,9 @@
docker-client docker-client
self.packages.${system}.podman-push-container # self.packages.${system}.podman-push-container
self.packages.${system}.docker-push-container # self.packages.${system}.docker-push-container
self.packages.${system}.regctl-push-container self.packages.${system}.push-container
]; ];
flake-registry = null; flake-registry = null;
@ -412,66 +412,64 @@
]; ];
}; };
}; };
podman-push-container = pkgs.writeTextFile { # podman-push-container = pkgs.writeTextFile {
name = "podman-push-container"; # name = "podman-push-container";
destination = "/bin/podman-push-container"; # destination = "/bin/podman-push-container";
text = builtins.replaceStrings # text = builtins.replaceStrings
[ # [
"@nushell@" # "@nushell@"
"@client@" # "@client@"
] # ]
[ # [
"${pkgs.nushell}/bin/nu" # "${pkgs.nushell}/bin/nu"
"${pkgs.podman}/bin/podman" # "${pkgs.podman}/bin/podman"
] # ]
(builtins.readFile ./push-container.nu); # (builtins.readFile ./push-container.nu);
executable = true; # executable = true;
}; # };
docker-push-container = pkgs.writeTextFile { # docker-push-container = pkgs.writeTextFile {
name = "docker-push-container"; # name = "docker-push-container";
destination = "/bin/docker-push-container"; # destination = "/bin/docker-push-container";
text = builtins.replaceStrings # text = builtins.replaceStrings
[ # [
"@nushell@" # "@nushell@"
"@client@" # "@client@"
] # ]
[ # [
"${pkgs.nushell}/bin/nu" # "${pkgs.nushell}/bin/nu"
"${docker-client}/bin/docker" # "${docker-client}/bin/docker"
] # ]
(builtins.readFile ./push-container.nu); # (builtins.readFile ./push-container.nu);
executable = true; # executable = true;
}; # };
regctl-push-container = pkgs.writeTextFile { push-container = pkgs.writeTextFile {
name = "regctl-push-container"; name = "push-container";
destination = "/bin/regctl-push-container"; destination = "/bin/push-container";
text = builtins.replaceStrings text = builtins.replaceStrings
[ [
"@nushell@" "@nushell@"
"@regctl@" "@regctl@"
"@gzip@"
] ]
[ [
"${pkgs.nushell}/bin/nu" "${pkgs.nushell}/bin/nu"
"${pkgs.regctl}/bin/regctl" "${pkgs.regctl}/bin/regctl"
"${pkgs.gzip}/bin/gzip"
] ]
(builtins.readFile ./regctl-push-container.nu); (builtins.readFile ./push-container.nu);
executable = true; executable = true;
}; };
}; };
apps = { apps = {
podman-push-container = { # podman-push-container = {
# type = "app";
# program = "${self.packages.${system}.podman-push-container}/bin/podman-push-container";
# };
# docker-push-container = {
# type = "app";
# program = "${self.packages.${system}.docker-push-container}/bin/docker-push-container";
# };
push-container = {
type = "app"; type = "app";
program = "${self.packages.${system}.podman-push-container}/bin/podman-push-container"; program = "${self.packages.${system}.push-container}/bin/push-container";
};
docker-push-container = {
type = "app";
program = "${self.packages.${system}.docker-push-container}/bin/docker-push-container";
};
regctl-push-container = {
type = "app";
program = "${self.packages.${system}.regctl-push-container}/bin/regctl-push-container";
}; };
}; };
} }

83
push-container.nu
View file

@ -2,6 +2,8 @@
def main [ def main [
input: string # tar.gz file containing container image to be pushed to repository input: string # tar.gz file containing container image to be pushed to repository
...tags: string # Tags to be added to pushed container image ...tags: string # Tags to be added to pushed container image
--username: string = "" # username
--password: string = "" # password
--registry: string = "" # container registry --registry: string = "" # container registry
--repository: string = "" # container repository --repository: string = "" # container repository
--no-latest-tag # Don't add "latest" tag to list of tags --no-latest-tag # Don't add "latest" tag to list of tags
@ -19,12 +21,6 @@ def main [
$tags $tags
} }
let tags = if (not $no_latest_tag) {
$tags | append "latest"
} else {
$tags
}
let tags = if ( let tags = if (
(not $no_github_tag) (not $no_github_tag)
and and
@ -49,10 +45,19 @@ def main [
$tags $tags
} }
let tags = if (not $no_latest_tag) {
$tags | append "latest"
} else {
$tags
}
let auth = {username: null, password: null} let auth = {username: null, password: null}
let auth = ( let auth = (
if ( if not ($username | is-empty) and ($password | is-empty) {
print "Got username and password from command line"
{username: $username, password: $password}
} else if (
(not ($env | get -i USERNAME | is-empty)) (not ($env | get -i USERNAME | is-empty))
and and
(not ($env | get -i PASSWORD | is-empty)) (not ($env | get -i PASSWORD | is-empty))
@ -98,7 +103,7 @@ def main [
} else { } else {
$registry $registry
} }
) ) | parse --regex "(?:https?://)?(?P<rest>.*)" | get 0.rest
let repository = ( let repository = (
if ($repository | is-empty) { if ($repository | is-empty) {
@ -115,33 +120,51 @@ def main [
} }
) )
alias client = ^@client@ --log-level debug alias regctl = ^@regctl@ --verbosity warning
alias gzip = ^@gzip@
$auth.password | client login --username $auth.username --password-stdin $registry regctl version
regctl registry login $registry --user $auth.username --pass $auth.password
let load_result = (do { client load --input $input } | complete) # print "decompressing image: start"
if $load_result.exit_code != 0 {
print $load_result.stderr
exit 1
}
let old_image = ($load_result.stdout | str trim | parse "Loaded image: {image}" | get 0.image) # open $input | gzip --decompress | save --force --progress $"($input).tar"
$tags | each { # print "decompressing image: stop"
|tag|
let new_image = $"($registry)/($repository):($tag)" # let load_result = (do { regctl load --input $input } | complete)
let tag_result = (do { client tag $old_image $new_image } | complete) # if $load_result.exit_code != 0 {
if $tag_result.exit_code != 0 { # print $load_result.stderr
print $tag_result.stderr # exit 1
exit 1 # }
}
let push_result = (do { client push $new_image } | complete) # let old_image = ($load_result.stdout | str trim | parse "Loaded image: {image}" | get 0.image)
if $push_result.exit_code != 0 {
print $push_result.stderr $tags | enumerate | each {
exit 1 |item|
} if $item.index == 0 {
let new_image = $"($registry)/($repository):($item.item)"
print $"Pushing ($new_image)"
regctl image import $new_image $input
# let tag_result = (do { regctl image import $new_image $"($input).tar" } | complete)
# if $tag_result.exit_code != 0 {
# print $tag_result.stderr
# exit 1
# }
print $"Pushed ($new_image)" print $"Pushed ($new_image)"
} else {
let old_image = $"($registry)/($repository):($tags | get 0)"
let new_image = $"($registry)/($repository):($item.item)"
print $"Copying ($old_image) ($new_image)"
regctl image copy $old_image $new_image
# let tag_result = (do { regctl image copy $old_image $new_image } | complete)
# if $tag_result.exit_code != 0 {
# print $tag_result.stderr
# exit 1
# }
print $"Copied ($old_image) ($new_image)"
}
} }
client logout $registry regctl registry logout $registry
} }

170
regctl-push-container.nu
View file

@ -1,170 +0,0 @@
#!@nushell@
def main [
input: string # tar.gz file containing container image to be pushed to repository
...tags: string # Tags to be added to pushed container image
--username: string = "" # username
--password: string = "" # password
--registry: string = "" # container registry
--repository: string = "" # container repository
--no-latest-tag # Don't add "latest" tag to list of tags
--no-drone-tag # Don't add tag calculated from DRONE_BUILD_NUMBER and DRONE_COMMIT_SHA
--no-github-tag # Don't add tag calculated from GITHUB_RUN_NUMBER and GITHUB_SHA
] {
if not ($input | path exists) {
print $"($input) does not exist!"
exit 1
}
let tags = if not ($env | get -i PLUGIN_TAGS | is-empty) {
$tags | append ($env.PLUGIN_TAGS | split row ',' | str trim)
} else {
$tags
}
let tags = if (
(not $no_github_tag)
and
(not ($env | get -i GITHUB_RUN_NUMBER | is-empty))
and
(not ($env | get -i GITHUB_SHA | is-empty))
) {
$tags | append $"($env.GITHUB_RUN_NUMBER)-($env.GITHUB_SHA | str substring 0..8)"
} else {
$tags
}
let tags = if (
(not $no_drone_tag)
and
(not ($env | get -i DRONE_BUILD_NUMBER | is-empty))
and
(not ($env | get -i DRONE_COMMIT_SHA | is-empty))
) {
$tags | append $"($env.DRONE_BUILD_NUMBER)-($env.DRONE_COMMIT_SHA | str substring 0..8)"
} else {
$tags
}
let tags = if (not $no_latest_tag) {
$tags | append "latest"
} else {
$tags
}
let auth = {username: null, password: null}
let auth = (
if not ($username | is-empty) and ($password | is-empty) {
print "Got username and password from command line"
{username: $username, password: $password}
} else if (
(not ($env | get -i USERNAME | is-empty))
and
(not ($env | get -i PASSWORD | is-empty))
) {
print "Got username and password from USERNAME and PASSWORD"
{username: $env.USERNAME, password: $env.PASSWORD}
} else if (
(not ($env | get -i PLUGIN_USERNAME | is-empty))
and
(not ($env | get -i PLUGIN_PASSWORD | is-empty))
) {
print "Got username and password from PLUGIN_USERNAME and PLUGIN_PASSWORD"
{username: $env.PLUGIN_USERNAME, password: $env.PLUGIN_PASSWORD}
} else if (
(not ($env | get -i GITHUB_ACTOR | is-empty))
and
(not ($env | get -i GITHUB_TOKEN | is-empty))
) {
print "Got username and password from GITHUB_ACTOR and GITHUB_TOKEN"
{username: $env.GITHUB_ACTOR, password: $env.GITHUB_TOKEN}
} else {
print "Unable to determine authentication parameters!"
exit 1
}
)
let registry = (
if ($registry | is-empty) {
if not ($env | get -i PLUGIN_REGISTRY | is-empty) {
$env.PLUGIN_REGISTRY
} else if not ($env | get -i REGISTRY | is-empty) {
$env.REGISTRY
} else if (
(not ($env | get -i GITHUB_SERVER_URL | is-empty))
and
(not ($env | get -i GITHUB_ACTOR | is-empty))
) {
$"($env.GITHUB_SERVER_URL)/($env.GITHUB_ACTOR)"
} else {
print "No registry specified!"
exit 1
}
} else {
$registry
}
) | parse --regex "(?:https?://)?(?P<rest>.*)" | get 0.rest
let repository = (
if ($repository | is-empty) {
if not ($env | get -i PLUGIN_REPOSITORY | is-empty) {
$env.PLUGIN_REPOSITORY
} else if not ($env | get -i REPOSITORY | is-empty) {
$env.REPOSITORY
} else {
print "No repository specified!"
exit 1
}
} else {
$repository
}
)
alias regctl = ^@regctl@ --verbosity warning
alias gzip = ^@gzip@
regctl version
regctl registry login $registry --user $auth.username --pass $auth.password
# print "decompressing image: start"
# open $input | gzip --decompress | save --force --progress $"($input).tar"
# print "decompressing image: stop"
# let load_result = (do { regctl load --input $input } | complete)
# if $load_result.exit_code != 0 {
# print $load_result.stderr
# exit 1
# }
# let old_image = ($load_result.stdout | str trim | parse "Loaded image: {image}" | get 0.image)
$tags | enumerate | each {
|item|
if $item.index == 0 {
let new_image = $"($registry)/($repository):($item.item)"
print $"Pushing ($new_image)"
regctl image import $new_image $input
# let tag_result = (do { regctl image import $new_image $"($input).tar" } | complete)
# if $tag_result.exit_code != 0 {
# print $tag_result.stderr
# exit 1
# }
print $"Pushed ($new_image)"
} else {
let old_image = $"($registry)/($repository):($tags | get 0)"
let new_image = $"($registry)/($repository):($item.item)"
print $"Copying ($old_image) ($new_image)"
regctl image copy $old_image $new_image
# let tag_result = (do { regctl image copy $old_image $new_image } | complete)
# if $tag_result.exit_code != 0 {
# print $tag_result.stderr
# exit 1
# }
print $"Copied ($old_image) ($new_image)"
}
}
regctl registry logout $registry
}