update build and clean up
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
e05f088282
commit
938262d78f
5 changed files with 105 additions and 283 deletions
|
@ -23,7 +23,7 @@ steps:
|
||||||
# - nix run .#login
|
# - nix run .#login
|
||||||
# - echo -n "$${PLUGIN_PASSWORD}" | podman login --username $${PLUGIN_USERNAME} --password-stdin $${PLUGIN_REGISTRY}
|
# - echo -n "$${PLUGIN_PASSWORD}" | podman login --username $${PLUGIN_USERNAME} --password-stdin $${PLUGIN_REGISTRY}
|
||||||
- nix build .#nixos-runner
|
- nix build .#nixos-runner
|
||||||
- nix run .#regctl-push-container -- result
|
- nix run .#push-container -- result
|
||||||
# - podman load --input result | sed -n -e "s/Loaded image:.\\(.*\\)/\\1/p" > loaded-image
|
# - podman load --input result | sed -n -e "s/Loaded image:.\\(.*\\)/\\1/p" > loaded-image
|
||||||
# - cat loaded-image
|
# - cat loaded-image
|
||||||
# - podman images
|
# - podman images
|
||||||
|
|
31
.github/workflows/build.yaml
vendored
31
.github/workflows/build.yaml
vendored
|
@ -5,37 +5,8 @@ jobs:
|
||||||
build:
|
build:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
container: docker.io/jcollie/nixos-runner:latest
|
container: docker.io/jcollie/nixos-runner:latest
|
||||||
env:
|
|
||||||
REGISTRY: ghcr.io
|
|
||||||
REPOSITORY: jcollie/nixos-runner
|
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- run: set
|
- run: set
|
||||||
- run: nix build -L .#nixos-runner
|
- run: nix build -L .#nixos-runner
|
||||||
- uses: redhat-actions/podman-login@v1
|
- run: nix run .#push-container -- result --repository jcollie/nixos-runner
|
||||||
with:
|
|
||||||
registry: ghcr.io/${{ github.repository_owner }}
|
|
||||||
username: ${{ github.actor }}
|
|
||||||
password: ${{ github.token }}
|
|
||||||
# - run: echo -n "${PASSWORD}" | podman login --username ${USERNAME} --password-stdin ${REPOSITORY}
|
|
||||||
# env:
|
|
||||||
# REPOSITORY: ghcr.io/${{ github.repository_owner }}
|
|
||||||
# USERNAME: ${{ github.actor }}
|
|
||||||
# PASSWORD: ${{ github.token }}
|
|
||||||
- run: podman load --input result | sed -n -e "s/Loaded image:.\\(.*\\)/loaded-image=\\1/p" >> $GITHUB_OUTPUT
|
|
||||||
id: podman-load-image
|
|
||||||
- run: podman images
|
|
||||||
- run: podman tag "${IMAGE}" "${REGISTRY}/${REPOSITORY}:${GITHUB_RUN_NUMBER}-${GITHUB_SHA:0:8}"
|
|
||||||
env:
|
|
||||||
IMAGE: ${{ steps.podman-load-image.outputs.loaded-image }}
|
|
||||||
- run: podman tag "${IMAGE}" "${REGISTRY}/${REPOSITORY}:latest"
|
|
||||||
env:
|
|
||||||
IMAGE: ${{ steps.podman-load-image.outputs.loaded-image }}
|
|
||||||
- run: podman images
|
|
||||||
- run: podman push "${REGISTRY}/${REPOSITORY}:${GITHUB_RUN_NUMBER}-${GITHUB_SHA:0:8}"
|
|
||||||
- run: podman push "${REGISTRY}/${REPOSITORY}:latest"
|
|
||||||
- run: podman logout "${REGISTRY}"
|
|
||||||
|
|
||||||
# - run: nix run .#push-container -- result --registry ghcr.io --repository jcollie/nixos-runner
|
|
||||||
# env:
|
|
||||||
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
|
|
96
flake.nix
96
flake.nix
|
@ -83,9 +83,9 @@
|
||||||
|
|
||||||
docker-client
|
docker-client
|
||||||
|
|
||||||
self.packages.${system}.podman-push-container
|
# self.packages.${system}.podman-push-container
|
||||||
self.packages.${system}.docker-push-container
|
# self.packages.${system}.docker-push-container
|
||||||
self.packages.${system}.regctl-push-container
|
self.packages.${system}.push-container
|
||||||
];
|
];
|
||||||
|
|
||||||
flake-registry = null;
|
flake-registry = null;
|
||||||
|
@ -412,66 +412,64 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
podman-push-container = pkgs.writeTextFile {
|
# podman-push-container = pkgs.writeTextFile {
|
||||||
name = "podman-push-container";
|
# name = "podman-push-container";
|
||||||
destination = "/bin/podman-push-container";
|
# destination = "/bin/podman-push-container";
|
||||||
text = builtins.replaceStrings
|
# text = builtins.replaceStrings
|
||||||
[
|
# [
|
||||||
"@nushell@"
|
# "@nushell@"
|
||||||
"@client@"
|
# "@client@"
|
||||||
]
|
# ]
|
||||||
[
|
# [
|
||||||
"${pkgs.nushell}/bin/nu"
|
# "${pkgs.nushell}/bin/nu"
|
||||||
"${pkgs.podman}/bin/podman"
|
# "${pkgs.podman}/bin/podman"
|
||||||
]
|
# ]
|
||||||
(builtins.readFile ./push-container.nu);
|
# (builtins.readFile ./push-container.nu);
|
||||||
executable = true;
|
# executable = true;
|
||||||
};
|
# };
|
||||||
docker-push-container = pkgs.writeTextFile {
|
# docker-push-container = pkgs.writeTextFile {
|
||||||
name = "docker-push-container";
|
# name = "docker-push-container";
|
||||||
destination = "/bin/docker-push-container";
|
# destination = "/bin/docker-push-container";
|
||||||
text = builtins.replaceStrings
|
# text = builtins.replaceStrings
|
||||||
[
|
# [
|
||||||
"@nushell@"
|
# "@nushell@"
|
||||||
"@client@"
|
# "@client@"
|
||||||
]
|
# ]
|
||||||
[
|
# [
|
||||||
"${pkgs.nushell}/bin/nu"
|
# "${pkgs.nushell}/bin/nu"
|
||||||
"${docker-client}/bin/docker"
|
# "${docker-client}/bin/docker"
|
||||||
]
|
# ]
|
||||||
(builtins.readFile ./push-container.nu);
|
# (builtins.readFile ./push-container.nu);
|
||||||
executable = true;
|
# executable = true;
|
||||||
};
|
# };
|
||||||
regctl-push-container = pkgs.writeTextFile {
|
push-container = pkgs.writeTextFile {
|
||||||
name = "regctl-push-container";
|
name = "push-container";
|
||||||
destination = "/bin/regctl-push-container";
|
destination = "/bin/push-container";
|
||||||
text = builtins.replaceStrings
|
text = builtins.replaceStrings
|
||||||
[
|
[
|
||||||
"@nushell@"
|
"@nushell@"
|
||||||
"@regctl@"
|
"@regctl@"
|
||||||
"@gzip@"
|
|
||||||
]
|
]
|
||||||
[
|
[
|
||||||
"${pkgs.nushell}/bin/nu"
|
"${pkgs.nushell}/bin/nu"
|
||||||
"${pkgs.regctl}/bin/regctl"
|
"${pkgs.regctl}/bin/regctl"
|
||||||
"${pkgs.gzip}/bin/gzip"
|
|
||||||
]
|
]
|
||||||
(builtins.readFile ./regctl-push-container.nu);
|
(builtins.readFile ./push-container.nu);
|
||||||
executable = true;
|
executable = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
apps = {
|
apps = {
|
||||||
podman-push-container = {
|
# podman-push-container = {
|
||||||
|
# type = "app";
|
||||||
|
# program = "${self.packages.${system}.podman-push-container}/bin/podman-push-container";
|
||||||
|
# };
|
||||||
|
# docker-push-container = {
|
||||||
|
# type = "app";
|
||||||
|
# program = "${self.packages.${system}.docker-push-container}/bin/docker-push-container";
|
||||||
|
# };
|
||||||
|
push-container = {
|
||||||
type = "app";
|
type = "app";
|
||||||
program = "${self.packages.${system}.podman-push-container}/bin/podman-push-container";
|
program = "${self.packages.${system}.push-container}/bin/push-container";
|
||||||
};
|
|
||||||
docker-push-container = {
|
|
||||||
type = "app";
|
|
||||||
program = "${self.packages.${system}.docker-push-container}/bin/docker-push-container";
|
|
||||||
};
|
|
||||||
regctl-push-container = {
|
|
||||||
type = "app";
|
|
||||||
program = "${self.packages.${system}.regctl-push-container}/bin/regctl-push-container";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,6 +2,8 @@
|
||||||
def main [
|
def main [
|
||||||
input: string # tar.gz file containing container image to be pushed to repository
|
input: string # tar.gz file containing container image to be pushed to repository
|
||||||
...tags: string # Tags to be added to pushed container image
|
...tags: string # Tags to be added to pushed container image
|
||||||
|
--username: string = "" # username
|
||||||
|
--password: string = "" # password
|
||||||
--registry: string = "" # container registry
|
--registry: string = "" # container registry
|
||||||
--repository: string = "" # container repository
|
--repository: string = "" # container repository
|
||||||
--no-latest-tag # Don't add "latest" tag to list of tags
|
--no-latest-tag # Don't add "latest" tag to list of tags
|
||||||
|
@ -19,12 +21,6 @@ def main [
|
||||||
$tags
|
$tags
|
||||||
}
|
}
|
||||||
|
|
||||||
let tags = if (not $no_latest_tag) {
|
|
||||||
$tags | append "latest"
|
|
||||||
} else {
|
|
||||||
$tags
|
|
||||||
}
|
|
||||||
|
|
||||||
let tags = if (
|
let tags = if (
|
||||||
(not $no_github_tag)
|
(not $no_github_tag)
|
||||||
and
|
and
|
||||||
|
@ -49,10 +45,19 @@ def main [
|
||||||
$tags
|
$tags
|
||||||
}
|
}
|
||||||
|
|
||||||
|
let tags = if (not $no_latest_tag) {
|
||||||
|
$tags | append "latest"
|
||||||
|
} else {
|
||||||
|
$tags
|
||||||
|
}
|
||||||
|
|
||||||
let auth = {username: null, password: null}
|
let auth = {username: null, password: null}
|
||||||
|
|
||||||
let auth = (
|
let auth = (
|
||||||
if (
|
if not ($username | is-empty) and ($password | is-empty) {
|
||||||
|
print "Got username and password from command line"
|
||||||
|
{username: $username, password: $password}
|
||||||
|
} else if (
|
||||||
(not ($env | get -i USERNAME | is-empty))
|
(not ($env | get -i USERNAME | is-empty))
|
||||||
and
|
and
|
||||||
(not ($env | get -i PASSWORD | is-empty))
|
(not ($env | get -i PASSWORD | is-empty))
|
||||||
|
@ -98,7 +103,7 @@ def main [
|
||||||
} else {
|
} else {
|
||||||
$registry
|
$registry
|
||||||
}
|
}
|
||||||
)
|
) | parse --regex "(?:https?://)?(?P<rest>.*)" | get 0.rest
|
||||||
|
|
||||||
let repository = (
|
let repository = (
|
||||||
if ($repository | is-empty) {
|
if ($repository | is-empty) {
|
||||||
|
@ -115,33 +120,51 @@ def main [
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
alias client = ^@client@ --log-level debug
|
alias regctl = ^@regctl@ --verbosity warning
|
||||||
|
alias gzip = ^@gzip@
|
||||||
|
|
||||||
$auth.password | client login --username $auth.username --password-stdin $registry
|
regctl version
|
||||||
|
regctl registry login $registry --user $auth.username --pass $auth.password
|
||||||
|
|
||||||
let load_result = (do { client load --input $input } | complete)
|
# print "decompressing image: start"
|
||||||
if $load_result.exit_code != 0 {
|
|
||||||
print $load_result.stderr
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
|
|
||||||
let old_image = ($load_result.stdout | str trim | parse "Loaded image: {image}" | get 0.image)
|
# open $input | gzip --decompress | save --force --progress $"($input).tar"
|
||||||
|
|
||||||
$tags | each {
|
# print "decompressing image: stop"
|
||||||
|tag|
|
|
||||||
let new_image = $"($registry)/($repository):($tag)"
|
# let load_result = (do { regctl load --input $input } | complete)
|
||||||
let tag_result = (do { client tag $old_image $new_image } | complete)
|
# if $load_result.exit_code != 0 {
|
||||||
if $tag_result.exit_code != 0 {
|
# print $load_result.stderr
|
||||||
print $tag_result.stderr
|
# exit 1
|
||||||
exit 1
|
# }
|
||||||
}
|
|
||||||
let push_result = (do { client push $new_image } | complete)
|
# let old_image = ($load_result.stdout | str trim | parse "Loaded image: {image}" | get 0.image)
|
||||||
if $push_result.exit_code != 0 {
|
|
||||||
print $push_result.stderr
|
$tags | enumerate | each {
|
||||||
exit 1
|
|item|
|
||||||
}
|
if $item.index == 0 {
|
||||||
|
let new_image = $"($registry)/($repository):($item.item)"
|
||||||
|
print $"Pushing ($new_image)"
|
||||||
|
regctl image import $new_image $input
|
||||||
|
# let tag_result = (do { regctl image import $new_image $"($input).tar" } | complete)
|
||||||
|
# if $tag_result.exit_code != 0 {
|
||||||
|
# print $tag_result.stderr
|
||||||
|
# exit 1
|
||||||
|
# }
|
||||||
print $"Pushed ($new_image)"
|
print $"Pushed ($new_image)"
|
||||||
|
} else {
|
||||||
|
let old_image = $"($registry)/($repository):($tags | get 0)"
|
||||||
|
let new_image = $"($registry)/($repository):($item.item)"
|
||||||
|
print $"Copying ($old_image) ($new_image)"
|
||||||
|
regctl image copy $old_image $new_image
|
||||||
|
# let tag_result = (do { regctl image copy $old_image $new_image } | complete)
|
||||||
|
# if $tag_result.exit_code != 0 {
|
||||||
|
# print $tag_result.stderr
|
||||||
|
# exit 1
|
||||||
|
# }
|
||||||
|
print $"Copied ($old_image) ($new_image)"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
client logout $registry
|
regctl registry logout $registry
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,170 +0,0 @@
|
||||||
#!@nushell@
|
|
||||||
def main [
|
|
||||||
input: string # tar.gz file containing container image to be pushed to repository
|
|
||||||
...tags: string # Tags to be added to pushed container image
|
|
||||||
--username: string = "" # username
|
|
||||||
--password: string = "" # password
|
|
||||||
--registry: string = "" # container registry
|
|
||||||
--repository: string = "" # container repository
|
|
||||||
--no-latest-tag # Don't add "latest" tag to list of tags
|
|
||||||
--no-drone-tag # Don't add tag calculated from DRONE_BUILD_NUMBER and DRONE_COMMIT_SHA
|
|
||||||
--no-github-tag # Don't add tag calculated from GITHUB_RUN_NUMBER and GITHUB_SHA
|
|
||||||
] {
|
|
||||||
if not ($input | path exists) {
|
|
||||||
print $"($input) does not exist!"
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
|
|
||||||
let tags = if not ($env | get -i PLUGIN_TAGS | is-empty) {
|
|
||||||
$tags | append ($env.PLUGIN_TAGS | split row ',' | str trim)
|
|
||||||
} else {
|
|
||||||
$tags
|
|
||||||
}
|
|
||||||
|
|
||||||
let tags = if (
|
|
||||||
(not $no_github_tag)
|
|
||||||
and
|
|
||||||
(not ($env | get -i GITHUB_RUN_NUMBER | is-empty))
|
|
||||||
and
|
|
||||||
(not ($env | get -i GITHUB_SHA | is-empty))
|
|
||||||
) {
|
|
||||||
$tags | append $"($env.GITHUB_RUN_NUMBER)-($env.GITHUB_SHA | str substring 0..8)"
|
|
||||||
} else {
|
|
||||||
$tags
|
|
||||||
}
|
|
||||||
|
|
||||||
let tags = if (
|
|
||||||
(not $no_drone_tag)
|
|
||||||
and
|
|
||||||
(not ($env | get -i DRONE_BUILD_NUMBER | is-empty))
|
|
||||||
and
|
|
||||||
(not ($env | get -i DRONE_COMMIT_SHA | is-empty))
|
|
||||||
) {
|
|
||||||
$tags | append $"($env.DRONE_BUILD_NUMBER)-($env.DRONE_COMMIT_SHA | str substring 0..8)"
|
|
||||||
} else {
|
|
||||||
$tags
|
|
||||||
}
|
|
||||||
|
|
||||||
let tags = if (not $no_latest_tag) {
|
|
||||||
$tags | append "latest"
|
|
||||||
} else {
|
|
||||||
$tags
|
|
||||||
}
|
|
||||||
|
|
||||||
let auth = {username: null, password: null}
|
|
||||||
|
|
||||||
let auth = (
|
|
||||||
if not ($username | is-empty) and ($password | is-empty) {
|
|
||||||
print "Got username and password from command line"
|
|
||||||
{username: $username, password: $password}
|
|
||||||
} else if (
|
|
||||||
(not ($env | get -i USERNAME | is-empty))
|
|
||||||
and
|
|
||||||
(not ($env | get -i PASSWORD | is-empty))
|
|
||||||
) {
|
|
||||||
print "Got username and password from USERNAME and PASSWORD"
|
|
||||||
{username: $env.USERNAME, password: $env.PASSWORD}
|
|
||||||
} else if (
|
|
||||||
(not ($env | get -i PLUGIN_USERNAME | is-empty))
|
|
||||||
and
|
|
||||||
(not ($env | get -i PLUGIN_PASSWORD | is-empty))
|
|
||||||
) {
|
|
||||||
print "Got username and password from PLUGIN_USERNAME and PLUGIN_PASSWORD"
|
|
||||||
{username: $env.PLUGIN_USERNAME, password: $env.PLUGIN_PASSWORD}
|
|
||||||
} else if (
|
|
||||||
(not ($env | get -i GITHUB_ACTOR | is-empty))
|
|
||||||
and
|
|
||||||
(not ($env | get -i GITHUB_TOKEN | is-empty))
|
|
||||||
) {
|
|
||||||
print "Got username and password from GITHUB_ACTOR and GITHUB_TOKEN"
|
|
||||||
{username: $env.GITHUB_ACTOR, password: $env.GITHUB_TOKEN}
|
|
||||||
} else {
|
|
||||||
print "Unable to determine authentication parameters!"
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
)
|
|
||||||
|
|
||||||
let registry = (
|
|
||||||
if ($registry | is-empty) {
|
|
||||||
if not ($env | get -i PLUGIN_REGISTRY | is-empty) {
|
|
||||||
$env.PLUGIN_REGISTRY
|
|
||||||
} else if not ($env | get -i REGISTRY | is-empty) {
|
|
||||||
$env.REGISTRY
|
|
||||||
} else if (
|
|
||||||
(not ($env | get -i GITHUB_SERVER_URL | is-empty))
|
|
||||||
and
|
|
||||||
(not ($env | get -i GITHUB_ACTOR | is-empty))
|
|
||||||
) {
|
|
||||||
$"($env.GITHUB_SERVER_URL)/($env.GITHUB_ACTOR)"
|
|
||||||
} else {
|
|
||||||
print "No registry specified!"
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
$registry
|
|
||||||
}
|
|
||||||
) | parse --regex "(?:https?://)?(?P<rest>.*)" | get 0.rest
|
|
||||||
|
|
||||||
let repository = (
|
|
||||||
if ($repository | is-empty) {
|
|
||||||
if not ($env | get -i PLUGIN_REPOSITORY | is-empty) {
|
|
||||||
$env.PLUGIN_REPOSITORY
|
|
||||||
} else if not ($env | get -i REPOSITORY | is-empty) {
|
|
||||||
$env.REPOSITORY
|
|
||||||
} else {
|
|
||||||
print "No repository specified!"
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
$repository
|
|
||||||
}
|
|
||||||
)
|
|
||||||
|
|
||||||
alias regctl = ^@regctl@ --verbosity warning
|
|
||||||
alias gzip = ^@gzip@
|
|
||||||
|
|
||||||
regctl version
|
|
||||||
regctl registry login $registry --user $auth.username --pass $auth.password
|
|
||||||
|
|
||||||
# print "decompressing image: start"
|
|
||||||
|
|
||||||
# open $input | gzip --decompress | save --force --progress $"($input).tar"
|
|
||||||
|
|
||||||
# print "decompressing image: stop"
|
|
||||||
|
|
||||||
# let load_result = (do { regctl load --input $input } | complete)
|
|
||||||
# if $load_result.exit_code != 0 {
|
|
||||||
# print $load_result.stderr
|
|
||||||
# exit 1
|
|
||||||
# }
|
|
||||||
|
|
||||||
# let old_image = ($load_result.stdout | str trim | parse "Loaded image: {image}" | get 0.image)
|
|
||||||
|
|
||||||
$tags | enumerate | each {
|
|
||||||
|item|
|
|
||||||
if $item.index == 0 {
|
|
||||||
let new_image = $"($registry)/($repository):($item.item)"
|
|
||||||
print $"Pushing ($new_image)"
|
|
||||||
regctl image import $new_image $input
|
|
||||||
# let tag_result = (do { regctl image import $new_image $"($input).tar" } | complete)
|
|
||||||
# if $tag_result.exit_code != 0 {
|
|
||||||
# print $tag_result.stderr
|
|
||||||
# exit 1
|
|
||||||
# }
|
|
||||||
print $"Pushed ($new_image)"
|
|
||||||
} else {
|
|
||||||
let old_image = $"($registry)/($repository):($tags | get 0)"
|
|
||||||
let new_image = $"($registry)/($repository):($item.item)"
|
|
||||||
print $"Copying ($old_image) ($new_image)"
|
|
||||||
regctl image copy $old_image $new_image
|
|
||||||
# let tag_result = (do { regctl image copy $old_image $new_image } | complete)
|
|
||||||
# if $tag_result.exit_code != 0 {
|
|
||||||
# print $tag_result.stderr
|
|
||||||
# exit 1
|
|
||||||
# }
|
|
||||||
print $"Copied ($old_image) ($new_image)"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
regctl registry logout $registry
|
|
||||||
}
|
|
Loading…
Reference in a new issue