From 9ca16b1fb1d27490d03e3465b73fde19868f6d5d Mon Sep 17 00:00:00 2001 From: Dom Sekotill Date: Wed, 6 Apr 2022 10:41:47 +0100 Subject: [PATCH 1/4] Add ENABLE_TCP option --- Dockerfile | 1 + entrypoint.buildkitd.sh | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/Dockerfile b/Dockerfile index d458a1d..367a8bb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,4 +36,5 @@ COPY entrypoint.buildkitd.sh /bin/entrypoint USER 1000 VOLUME /run/buildkit +EXPOSE 8372/tcp ENTRYPOINT ["/bin/entrypoint"] diff --git a/entrypoint.buildkitd.sh b/entrypoint.buildkitd.sh index ef0dc24..eee913b 100755 --- a/entrypoint.buildkitd.sh +++ b/entrypoint.buildkitd.sh @@ -33,6 +33,12 @@ check_snapshotter() { esac } +check_enable_tcp() { + case ${ENABLE_TCP-false} in + true|y|yes|1) set -- "$@" --addr="tcp://0.0.0.0:8372" ;; + esac +} + case ${1--} in buildkitd) shift ;; -*) : ;; @@ -42,6 +48,7 @@ case ${1--} in esac check_snapshotter +check_enable_tcp redirect_rundir set -- "$@" \ -- GitLab From b159b28141d4c59091fae61b2a45abc51bff06d4 Mon Sep 17 00:00:00 2001 From: Dom Sekotill Date: Wed, 6 Apr 2022 11:16:19 +0100 Subject: [PATCH 2/4] Add pre-commit-run script from project templates for QA checks --- .gitlab-ci.pre-commit-run.bash | 58 ++++++++++++++++++++++++++++++++++ .gitlab-ci.yml | 26 ++++----------- 2 files changed, 65 insertions(+), 19 deletions(-) create mode 100644 .gitlab-ci.pre-commit-run.bash diff --git a/.gitlab-ci.pre-commit-run.bash b/.gitlab-ci.pre-commit-run.bash new file mode 100644 index 0000000..704e716 --- /dev/null +++ b/.gitlab-ci.pre-commit-run.bash @@ -0,0 +1,58 @@ +# Find a suitable commit for determining changed files +# +# +# Copyright 2022 Dom Sekotill +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +pre_commit_run() ( + set -eu + declare -a PRE_COMMIT_ARGS + + find_lca() { + local repo=$CI_REPOSITORY_URL + local current_branch=$1 other_branch=$2 + + # See https://stackoverflow.com/questions/63878612/git-fatal-error-in-object-unshallow-sha-1 + # and https://stackoverflow.com/questions/4698759/converting-git-repository-to-shallow/53245223#53245223 + # for background on what `git repack -d` is doing here. + git repack -qd + + git fetch -q $repo --shallow-exclude=$other_branch $current_branch + git fetch -q $repo --deepen=1 $current_branch + + FROM_REF=$(git rev-parse -q --revs-only --verify shallow) || unset FROM_REF + } + + fetch_ref() { + git fetch -q $CI_REPOSITORY_URL --depth=1 $1 + FROM_REF=$1 + } + + if [[ -v CI_COMMIT_BEFORE_SHA ]] && [[ ! $CI_COMMIT_BEFORE_SHA =~ ^0{40}$ ]]; then + fetch_ref $CI_COMMIT_BEFORE_SHA + elif [[ -v CI_MERGE_REQUEST_TARGET_BRANCH_NAME ]]; then + find_lca $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME $CI_MERGE_REQUEST_TARGET_BRANCH_NAME + elif [[ $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH ]]; then + find_lca $CI_COMMIT_BRANCH $CI_DEFAULT_BRANCH + fi + + if [[ -v FROM_REF ]]; then + PRE_COMMIT_ARGS=( --from-ref=$FROM_REF --to-ref=$CI_COMMIT_SHA ) + else + PRE_COMMIT_ARGS=( --all-files ) + fi + + pre-commit run "$@" "${PRE_COMMIT_ARGS[@]}" +) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 684707d..70587b9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -15,28 +15,16 @@ workflow: Checks: stage: check image: docker.kodo.org.uk/ci-images/pre-commit:2.15.0-1 - rules: - - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH - variables: - FROM_REF: $CI_COMMIT_BEFORE_SHA - - if: $CI_PIPELINE_SOURCE == "push" - variables: - FETCH: $CI_DEFAULT_BRANCH - FROM_REF: $CI_DEFAULT_BRANCH - - if: $CI_PIPELINE_SOURCE == "merge_request_event" - variables: - FROM_REF: $CI_MERGE_REQUEST_TARGET_BRANCH_SHA + needs: [] variables: - PRE_COMMIT_HOME: $CI_PROJECT_DIR/pre-commit + PRE_COMMIT_HOME: $CI_PROJECT_DIR/cache/pre-commit cache: - key: $CI_JOB_NAME - paths: [pre-commit] + key: $CI_JOB_IMAGE + paths: [cache] script: - - test -n "${FETCH-}" && git fetch origin $FETCH:$FETCH -f - - pre-commit run - --hook-stage=commit - --from-ref=$FROM_REF - --to-ref=$CI_COMMIT_SHA + - source .gitlab-ci.pre-commit-run.bash + - pre_commit_run --hook-stage=commit + - pre_commit_run --hook-stage=push .build: -- GitLab From 7adb0d6c05f26005c11bed18229d3009ad039745 Mon Sep 17 00:00:00 2001 From: Dom Sekotill Date: Wed, 6 Apr 2022 15:27:59 +0100 Subject: [PATCH 3/4] Correct buildctl entrypoint's suffix --- Dockerfile | 2 +- entrypoint.buildctl.bash => entrypoint.buildctl.sh | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename entrypoint.buildctl.bash => entrypoint.buildctl.sh (100%) diff --git a/Dockerfile b/Dockerfile index 367a8bb..6e3b2b4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,7 +24,7 @@ FROM alpine as buildctl ENV DOCKER_CONFIG=/etc/docker RUN mkdir -p $DOCKER_CONFIG COPY --from=go /src/buildctl /bin/ -COPY entrypoint.buildctl.bash /bin/entrypoint +COPY entrypoint.buildctl.sh /bin/entrypoint ENTRYPOINT ["/bin/entrypoint"] diff --git a/entrypoint.buildctl.bash b/entrypoint.buildctl.sh similarity index 100% rename from entrypoint.buildctl.bash rename to entrypoint.buildctl.sh -- GitLab From af640e4346e8a6b6a4a886efcf7c267a6d9dad4f Mon Sep 17 00:00:00 2001 From: Dom Sekotill Date: Wed, 6 Apr 2022 16:21:36 +0100 Subject: [PATCH 4/4] Add a tool to buildctl image for adding repo authorisations --- Dockerfile | 3 ++- add-auth.sh | 28 ++++++++++++++++++++++++++++ entrypoint.buildctl.sh | 12 ++---------- 3 files changed, 32 insertions(+), 11 deletions(-) create mode 100755 add-auth.sh diff --git a/Dockerfile b/Dockerfile index 6e3b2b4..b67d4b1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,9 +22,10 @@ RUN GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o buildctl ./cmd/buildctl FROM alpine as buildctl ENV DOCKER_CONFIG=/etc/docker -RUN mkdir -p $DOCKER_CONFIG +RUN mkdir -p $DOCKER_CONFIG && apk add --no-cache jq COPY --from=go /src/buildctl /bin/ COPY entrypoint.buildctl.sh /bin/entrypoint +COPY add-auth.sh /bin/add-auth ENTRYPOINT ["/bin/entrypoint"] diff --git a/add-auth.sh b/add-auth.sh new file mode 100755 index 0000000..4d5989c --- /dev/null +++ b/add-auth.sh @@ -0,0 +1,28 @@ +#!/bin/sh +set -eu + +die() { echo "$USAGE"; echo "Fatal: $*"; exit 1; } + +USAGE="$0 REPOSITORY USERNAME + +REPOSITORY The image repository to authenticate against +USERNAME The username to authenticate with + +The password to authenticate with will be read from STDIN +" + +CONFIG=$DOCKER_CONFIG/config.json || die "DOCKER_CONFIG must be set in the environment" +REPOSITORY=$1 || die "REPOSITORY is missing" +USERNAME=$2 || die "USERNAME is missing" + +read -p "Enter password: " PASSWORD + +test -e "$CONFIG" || touch "$CONFIG" +jq <"$CONFIG" >"$CONFIG.tmp" \ + --slurp \ + --arg repo "$REPOSITORY" \ + --arg user "$USERNAME" \ + --arg pass "$PASSWORD" \ + '(if . == [] then {} else .[0] end) + * {"auths": {($repo): {"username": ($user), "password": ($pass)}}}' +mv "$CONFIG.tmp" "$CONFIG" diff --git a/entrypoint.buildctl.sh b/entrypoint.buildctl.sh index d2d12d7..ad2ab19 100755 --- a/entrypoint.buildctl.sh +++ b/entrypoint.buildctl.sh @@ -6,16 +6,8 @@ case ${1-help} in esac if [ -n "${CI_REGISTRY-}" ]; then - tee >$DOCKER_CONFIG/config.json <<-END_JSON - { - "auths": { - "$CI_REGISTRY": { - "username": "$CI_REGISTRY_USER", - "password": "$CI_REGISTRY_PASSWORD" - } - } - } - END_JSON + echo "$CI_REGISTRY_PASSWORD" | + /bin/add-auth "$CI_REGISTRY" "$CI_REGISTRY_USER" fi exec "$@" -- GitLab