diff --git a/.gitlab-ci.pre-commit-run.bash b/.gitlab-ci.pre-commit-run.bash new file mode 100644 index 0000000000000000000000000000000000000000..704e716956ec58c44775b2b11d696e71560a6650 --- /dev/null +++ b/.gitlab-ci.pre-commit-run.bash @@ -0,0 +1,58 @@ +# Find a suitable commit for determining changed files +# +# +# Copyright 2022 Dom Sekotill +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +pre_commit_run() ( + set -eu + declare -a PRE_COMMIT_ARGS + + find_lca() { + local repo=$CI_REPOSITORY_URL + local current_branch=$1 other_branch=$2 + + # See https://stackoverflow.com/questions/63878612/git-fatal-error-in-object-unshallow-sha-1 + # and https://stackoverflow.com/questions/4698759/converting-git-repository-to-shallow/53245223#53245223 + # for background on what `git repack -d` is doing here. + git repack -qd + + git fetch -q $repo --shallow-exclude=$other_branch $current_branch + git fetch -q $repo --deepen=1 $current_branch + + FROM_REF=$(git rev-parse -q --revs-only --verify shallow) || unset FROM_REF + } + + fetch_ref() { + git fetch -q $CI_REPOSITORY_URL --depth=1 $1 + FROM_REF=$1 + } + + if [[ -v CI_COMMIT_BEFORE_SHA ]] && [[ ! $CI_COMMIT_BEFORE_SHA =~ ^0{40}$ ]]; then + fetch_ref $CI_COMMIT_BEFORE_SHA + elif [[ -v CI_MERGE_REQUEST_TARGET_BRANCH_NAME ]]; then + find_lca $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME $CI_MERGE_REQUEST_TARGET_BRANCH_NAME + elif [[ $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH ]]; then + find_lca $CI_COMMIT_BRANCH $CI_DEFAULT_BRANCH + fi + + if [[ -v FROM_REF ]]; then + PRE_COMMIT_ARGS=( --from-ref=$FROM_REF --to-ref=$CI_COMMIT_SHA ) + else + PRE_COMMIT_ARGS=( --all-files ) + fi + + pre-commit run "$@" "${PRE_COMMIT_ARGS[@]}" +) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 684707d4d94dad7583d55ba08654f40f0c280e5b..70587b98416624cac3a72f270c847e6e36d916bf 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -15,28 +15,16 @@ workflow: Checks: stage: check image: docker.kodo.org.uk/ci-images/pre-commit:2.15.0-1 - rules: - - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH - variables: - FROM_REF: $CI_COMMIT_BEFORE_SHA - - if: $CI_PIPELINE_SOURCE == "push" - variables: - FETCH: $CI_DEFAULT_BRANCH - FROM_REF: $CI_DEFAULT_BRANCH - - if: $CI_PIPELINE_SOURCE == "merge_request_event" - variables: - FROM_REF: $CI_MERGE_REQUEST_TARGET_BRANCH_SHA + needs: [] variables: - PRE_COMMIT_HOME: $CI_PROJECT_DIR/pre-commit + PRE_COMMIT_HOME: $CI_PROJECT_DIR/cache/pre-commit cache: - key: $CI_JOB_NAME - paths: [pre-commit] + key: $CI_JOB_IMAGE + paths: [cache] script: - - test -n "${FETCH-}" && git fetch origin $FETCH:$FETCH -f - - pre-commit run - --hook-stage=commit - --from-ref=$FROM_REF - --to-ref=$CI_COMMIT_SHA + - source .gitlab-ci.pre-commit-run.bash + - pre_commit_run --hook-stage=commit + - pre_commit_run --hook-stage=push .build: diff --git a/Dockerfile b/Dockerfile index d458a1d1a2db837fe134519df4f304e5a5638552..b67d4b1f659c3753534e1a4d7345998e02df7aaf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,9 +22,10 @@ RUN GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o buildctl ./cmd/buildctl FROM alpine as buildctl ENV DOCKER_CONFIG=/etc/docker -RUN mkdir -p $DOCKER_CONFIG +RUN mkdir -p $DOCKER_CONFIG && apk add --no-cache jq COPY --from=go /src/buildctl /bin/ -COPY entrypoint.buildctl.bash /bin/entrypoint +COPY entrypoint.buildctl.sh /bin/entrypoint +COPY add-auth.sh /bin/add-auth ENTRYPOINT ["/bin/entrypoint"] @@ -36,4 +37,5 @@ COPY entrypoint.buildkitd.sh /bin/entrypoint USER 1000 VOLUME /run/buildkit +EXPOSE 8372/tcp ENTRYPOINT ["/bin/entrypoint"] diff --git a/add-auth.sh b/add-auth.sh new file mode 100755 index 0000000000000000000000000000000000000000..4d5989cb73455d33f21e5849c503fae847557665 --- /dev/null +++ b/add-auth.sh @@ -0,0 +1,28 @@ +#!/bin/sh +set -eu + +die() { echo "$USAGE"; echo "Fatal: $*"; exit 1; } + +USAGE="$0 REPOSITORY USERNAME + +REPOSITORY The image repository to authenticate against +USERNAME The username to authenticate with + +The password to authenticate with will be read from STDIN +" + +CONFIG=$DOCKER_CONFIG/config.json || die "DOCKER_CONFIG must be set in the environment" +REPOSITORY=$1 || die "REPOSITORY is missing" +USERNAME=$2 || die "USERNAME is missing" + +read -p "Enter password: " PASSWORD + +test -e "$CONFIG" || touch "$CONFIG" +jq <"$CONFIG" >"$CONFIG.tmp" \ + --slurp \ + --arg repo "$REPOSITORY" \ + --arg user "$USERNAME" \ + --arg pass "$PASSWORD" \ + '(if . == [] then {} else .[0] end) + * {"auths": {($repo): {"username": ($user), "password": ($pass)}}}' +mv "$CONFIG.tmp" "$CONFIG" diff --git a/entrypoint.buildctl.bash b/entrypoint.buildctl.bash deleted file mode 100755 index d2d12d7d55a7ba4c4d5d27d3be1cc29d13fb3517..0000000000000000000000000000000000000000 --- a/entrypoint.buildctl.bash +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh -set -eu - -case ${1-help} in - -*|du|prune|build|b|debug|help|h) set /bin/buildctl "$@" ;; -esac - -if [ -n "${CI_REGISTRY-}" ]; then - tee >$DOCKER_CONFIG/config.json <<-END_JSON - { - "auths": { - "$CI_REGISTRY": { - "username": "$CI_REGISTRY_USER", - "password": "$CI_REGISTRY_PASSWORD" - } - } - } - END_JSON -fi - -exec "$@" diff --git a/entrypoint.buildctl.sh b/entrypoint.buildctl.sh new file mode 100755 index 0000000000000000000000000000000000000000..ad2ab19ea6bc96e2b22228f73e05fdfe1f4fb862 --- /dev/null +++ b/entrypoint.buildctl.sh @@ -0,0 +1,13 @@ +#!/bin/sh +set -eu + +case ${1-help} in + -*|du|prune|build|b|debug|help|h) set /bin/buildctl "$@" ;; +esac + +if [ -n "${CI_REGISTRY-}" ]; then + echo "$CI_REGISTRY_PASSWORD" | + /bin/add-auth "$CI_REGISTRY" "$CI_REGISTRY_USER" +fi + +exec "$@" diff --git a/entrypoint.buildkitd.sh b/entrypoint.buildkitd.sh index ef0dc24a94dd79e37584cd9b411ceb055b93563a..eee913beb107577ba14ba5387942b13f34522dba 100755 --- a/entrypoint.buildkitd.sh +++ b/entrypoint.buildkitd.sh @@ -33,6 +33,12 @@ check_snapshotter() { esac } +check_enable_tcp() { + case ${ENABLE_TCP-false} in + true|y|yes|1) set -- "$@" --addr="tcp://0.0.0.0:8372" ;; + esac +} + case ${1--} in buildkitd) shift ;; -*) : ;; @@ -42,6 +48,7 @@ case ${1--} in esac check_snapshotter +check_enable_tcp redirect_rundir set -- "$@" \