migrate from drone to gitea-runner

2023-04-30 21:13:32 -04:00 · 2023-04-30 21:13:32 -04:00 · b5bf49cc14
parent fb646dbb8f
commit b5bf49cc14
7 changed files with 203 additions and 95 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -1,5 +1,6 @@
 .drone.yml
 .git
+.gitea
 .gitignore
 LICENSE.md
 README.md
--- a/.drone.yml
+++ b/.drone.yml
@ -1,87 +0,0 @@
---
-kind: pipeline
-type: exec
-name: default
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
- name: build
-  environment:
-    PDR_USER:
-      from_secret: docker-user-pdr
-    PDR_PASS:
-      from_secret: docker-pass-pdr
-  commands:
-  - docker build -t pdr.nephatrine.net/nephatrine/nginx-ssl:cached --target builder .
-  - docker build -t pdr.nephatrine.net/nephatrine/nginx-ssl:latest .
-  - docker login -p "$PDR_PASS" -u "$PDR_USER" pdr.nephatrine.net
-  - docker push pdr.nephatrine.net/nephatrine/nginx-ssl:latest
-  - docker logout pdr.nephatrine.net
- name: publish
-  environment:
-    DOCKER_USER:
-      from_secret: docker-user
-    DOCKER_PASS:
-      from_secret: docker-pass
-  commands:
-  - docker tag pdr.nephatrine.net/nephatrine/nginx-ssl:latest nephatrine/nginx-ssl:latest
-  - docker tag pdr.nephatrine.net/nephatrine/nginx-ssl:latest nephatrine/nginx-ssl:mainline
-  - docker login -p "$DOCKER_PASS" -u "$DOCKER_USER"
-  - docker push -a nephatrine/nginx-ssl
-  - docker logout
-  depends_on:
-  - build
-
---
-kind: pipeline
-name: notify
-
-steps:
- name: notify-status
-  image: appleboy/drone-discord
-  failure: ignore
-  settings:
-    avatar_url: https://nephatrine.net/images/buttons/drone-ci.png
-    message: "Build of **[{{repo.name}}:{{commit.branch}}](<https://code.nephatrine.net/nephatrine/{{repo.name}}/src/branch/{{commit.branch}}>)** returned [{{build.status}}](<{{build.link}}>)."
-    username: DroneCI
-    webhook_id:
-      from_secret: wh-infra-id
-    webhook_token:
-      from_secret: wh-infra-tok
-
-depends_on:
- default
-
-trigger:
-  status:
-  - success
-  - failure
-
---
-kind: pipeline
-name: propogate
-
-steps:
- name: propogate-downstream
-  image: plugins/downstream
-  failure: ignore
-  settings:
-    server: https://ci.nephatrine.net
-    token:
-      from_secret: drone-auth
-    fork: false
-    repositories:
-    - nephatrine/docker-nginx-php@master
-    - nephatrine/docker-quake2@master
-
-depends_on:
- default
-
---
-kind: signature
-hmac: 11610c28aabe2dd1d8652be7e5cc0a8a2027659645df555774066e6e5603636a
-
-...
--- a/.gitea/workflows/build.yaml
+++ b/.gitea/workflows/build.yaml
@ -0,0 +1,183 @@
+name: Build Container Image
+run-name: ${{ gitea.actor }} pushed to ${{ gitea.repository }}:${{ gitea.ref_name }}
+on: [push, workflow_call]
+jobs:
+  buildamd64:
+    if: gitea.repository_owner == 'NephNET' && !contains(github.event.head_commit.message, '#noci')
+    runs-on: nephnet
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3
+      - name: Docker Build
+        run: |
+          docker build --pull -t code.nephatrine.net/nephnet/nginx-ssl:${{ gitea.ref_name }}-cached --target builder ${{ gitea.workspace }}
+          docker build --pull -t code.nephatrine.net/nephnet/nginx-ssl:${{ gitea.ref_name }}-amd64 ${{ gitea.workspace }}
+      - name: Notify Discord
+        uses: actions/discord-status@v1
+        if: always()
+        with:
+          title: "Container Build (X86_64)"
+          webhook: ${{ secrets.DISCORD_WEBHOOK_BUILD }}
+  buildarm64:
+    if: gitea.repository_owner == 'NephNET' && !contains(github.event.head_commit.message, '#noci')
+    runs-on: nephnet-arm64
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3
+      - name: Docker Build
+        run: |
+          docker build --pull -t code.nephatrine.net/nephnet/nginx-ssl:${{ gitea.ref_name }}-cached --target builder ${{ gitea.workspace }}
+          docker build --pull -t code.nephatrine.net/nephnet/nginx-ssl:${{ gitea.ref_name }}-arm64v8 ${{ gitea.workspace }}
+      - name: Notify Discord
+        uses: actions/discord-status@v1
+        if: always()
+        with:
+          title: "Container Build (AARCH64)"
+          webhook: ${{ secrets.DISCORD_WEBHOOK_BUILD }}
+  buildriscv64:
+    if: gitea.repository_owner == 'NephNET' && !contains(github.event.head_commit.message, '#noci')
+    runs-on: nephnet-riscv64
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3
+      - name: Docker Build
+        run: |
+          docker build --pull -t code.nephatrine.net/nephnet/nginx-ssl:${{ gitea.ref_name }}-cached --target builder ${{ gitea.workspace }}
+          docker build --pull -t code.nephatrine.net/nephnet/nginx-ssl:${{ gitea.ref_name }}-riscv64 ${{ gitea.workspace }}
+      - name: Notify Discord
+        uses: actions/discord-status@v1
+        if: always()
+        with:
+          title: "Container Build (RISCV64)"
+          webhook: ${{ secrets.DISCORD_WEBHOOK_BUILD }}
+  packageamd64:
+    if: gitea.repository_owner == 'NephNET' && gitea.ref_name == 'master'
+    needs: [buildamd64]
+    runs-on: nephnet
+    steps:
+      - name: Docker Login
+        uses: actions/docker-login@v2
+        with:
+          registry: code.nephatrine.net
+          username: ${{ gitea.actor }}
+          password: ${{ secrets.PACKAGER_TOKEN }}
+      - name: Docker Push
+        run: docker push code.nephatrine.net/nephnet/nginx-ssl:${{ gitea.ref_name }}-amd64
+  packagearm64:
+    if: gitea.repository_owner == 'NephNET' && gitea.ref_name == 'master'
+    needs: [buildarm64]
+    runs-on: nephnet-arm64
+    steps:
+      - name: Docker Login
+        uses: actions/docker-login@v2
+        with:
+          registry: code.nephatrine.net
+          username: ${{ gitea.actor }}
+          password: ${{ secrets.PACKAGER_TOKEN }}
+      - name: Docker Push
+        run: docker push code.nephatrine.net/nephnet/nginx-ssl:${{ gitea.ref_name }}-arm64v8
+  packageriscv64:
+    if: gitea.repository_owner == 'NephNET' && gitea.ref_name == 'master'
+    needs: [buildriscv64]
+    runs-on: nephnet-riscv64
+    steps:
+      - name: Docker Login
+        uses: actions/docker-login@v2
+        with:
+          registry: code.nephatrine.net
+          username: ${{ gitea.actor }}
+          password: ${{ secrets.PACKAGER_TOKEN }}
+      - name: Docker Push
+        run: docker push code.nephatrine.net/nephnet/nginx-ssl:${{ gitea.ref_name }}-riscv64
+  manifestpkg:
+    if: gitea.repository_owner == 'NephNET' && gitea.ref_name == 'master'
+    needs: [packageamd64, packagearm64, packageriscv64]
+    runs-on: nephnet
+    steps:
+      - name: Docker Login
+        uses: actions/docker-login@v2
+        with:
+          registry: code.nephatrine.net
+          username: ${{ gitea.actor }}
+          password: ${{ secrets.PACKAGER_TOKEN }}
+      - name: Docker Manifest
+        run: |
+          docker manifest create code.nephatrine.net/nephnet/nginx-ssl:${{ gitea.ref_name }} --amend code.nephatrine.net/nephnet/nginx-ssl:${{ gitea.ref_name }}-amd64 --amend code.nephatrine.net/nephnet/nginx-ssl:${{ gitea.ref_name }}-arm64v8 --amend code.nephatrine.net/nephnet/nginx-ssl:${{ gitea.ref_name }}-riscv64
+          docker manifest push --purge code.nephatrine.net/nephnet/nginx-ssl:${{ gitea.ref_name }}
+  publishamd64:
+    if: gitea.repository_owner == 'NephNET' && gitea.ref_name == 'master'
+    needs: [buildamd64]
+    runs-on: nephnet
+    steps:
+      - name: Check Base Image
+        if: github.event_name != 'push'
+        uses: actions/docker-base-image-check@v1.2.1
+        id: checkbase
+        with:
+          base-image: nephatrine/alpine-s6:latest-amd64
+          image: nephatrine/nginx-ssl:latest-amd64
+      - name: Docker Login
+        uses: actions/docker-login@v2
+        with:
+          username: ${{ secrets.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_PASS }}
+      - name: Docker Push
+        run: |
+          docker tag code.nephatrine.net/nephnet/nginx-ssl:master-amd64 nephatrine/nginx-ssl:latest-amd64
+          docker push nephatrine/nginx-ssl:latest-amd64
+      - name: Notify Discord
+        if: github.event_name == 'push' || steps.checkbase.outputs.needs-updating == 'true'
+        uses: actions/discord-status@v1
+        with:
+          title: "DockerHub: nginx-ssl"
+          description: "The container image was pushed to [DockerHub](https://hub.docker.com/repository/docker/nephatrine/nginx-ssl/general).\nPull `nephatrine/nginx-ssl:latest-amd64` for the newest image."
+          nodetail: true
+          webhook: ${{ secrets.DISCORD_WEBHOOK_PACKAGE }}
+  publisharm64:
+    if: gitea.repository_owner == 'NephNET' && gitea.ref_name == 'master'
+    needs: [buildarm64]
+    runs-on: nephnet-arm64
+    steps:
+      - name: Docker Login
+        uses: actions/docker-login@v2
+        with:
+          username: ${{ secrets.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_PASS }}
+      - name: Docker Push
+        run: |
+          docker tag code.nephatrine.net/nephnet/nginx-ssl:master-arm64v8 nephatrine/nginx-ssl:latest-arm64v8
+          docker push nephatrine/nginx-ssl:latest-arm64v8
+  publishriscv64:
+    if: gitea.repository_owner == 'NephNET' && gitea.ref_name == 'master'
+    needs: [buildriscv64]
+    runs-on: nephnet-riscv64
+    steps:
+      - name: Docker Login
+        uses: actions/docker-login@v2
+        with:
+          username: ${{ secrets.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_PASS }}
+      - name: Docker Push
+        run: |
+          docker tag code.nephatrine.net/nephnet/nginx-ssl:master-riscv64 nephatrine/nginx-ssl:latest-riscv64
+          docker push nephatrine/nginx-ssl:latest-riscv64
+  manifesthub:
+    if: gitea.repository_owner == 'NephNET' && gitea.ref_name == 'master'
+    needs: [publishamd64, publisharm64, publishriscv64]
+    runs-on: nephnet
+    steps:
+      - name: Docker Login
+        uses: actions/docker-login@v2
+        with:
+          username: ${{ secrets.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_PASS }}
+      - name: Docker Manifest
+        run: |
+          docker manifest create nephatrine/nginx-ssl:1.24.0 --amend nephatrine/nginx-ssl:latest-amd64 --amend nephatrine/nginx-ssl:latest-arm64v8 --amend nephatrine/nginx-ssl:latest-riscv64
+          docker manifest create nephatrine/nginx-ssl:1.24 --amend nephatrine/nginx-ssl:latest-amd64 --amend nephatrine/nginx-ssl:latest-arm64v8 --amend nephatrine/nginx-ssl:latest-riscv64
+          docker manifest create nephatrine/nginx-ssl:1 --amend nephatrine/nginx-ssl:latest-amd64 --amend nephatrine/nginx-ssl:latest-arm64v8 --amend nephatrine/nginx-ssl:latest-riscv64
+          docker manifest create nephatrine/nginx-ssl:latest --amend nephatrine/nginx-ssl:latest-amd64 --amend nephatrine/nginx-ssl:latest-arm64v8 --amend nephatrine/nginx-ssl:latest-riscv64
+          docker manifest push --purge nephatrine/nginx-ssl:1.24.0
+          docker manifest push --purge nephatrine/nginx-ssl:1.24
+          docker manifest push --purge nephatrine/nginx-ssl:1
+          docker manifest push --purge nephatrine/nginx-ssl:latest
--- a/.gitea/workflows/pullreq.yaml
+++ b/.gitea/workflows/pullreq.yaml
@ -0,0 +1,14 @@
+name: Build Container Image
+run-name: ${{ gitea.actor }} pushed to ${{ gitea.repository }}:${{ gitea.ref_name }}
+on:
+  pull_request:
+    types: [ opened, synchronize, ready_for_review ]
+jobs:
+  build:
+    if: gitea.actor == 'nephatrine' && gitea.event.pull_request.draft == false
+    runs-on: nephnet
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3
+      - name: Docker Build
+        run: docker build --pull ${{ gitea.workspace }}
--- a/4
+++ b/4
@ -3,7 +3,7 @@ FROM nephatrine/nxbuilder:alpine AS builder
 RUN echo "====== INSTALL LIBRARIES ======" \
 && apk add --no-cache gd-dev geoip-dev libatomic_ops-dev libxslt-dev pcre-dev

-ARG NGINX_VERSION=branches/default
+ARG NGINX_VERSION=release-1.24.0
 RUN git -C /root clone -b "$NGINX_VERSION" --single-branch --depth=1 https://github.com/nginx/nginx.git

 RUN echo "====== COMPILE NGINX ======" \
@ -61,7 +61,7 @@ LABEL maintainer="Daniel Wolf <nephatrine@gmail.com>"

 RUN echo "====== INSTALL PACKAGES ======" \
 && apk add --no-cache certbot geoip libgd libxslt pcre py3-pip \
- && pip install zope.component \
+ && pip3 install zope.component \
 && mkdir -p /etc/nginx /usr/lib/nginx /var/cache/nginx /var/log/nginx /var/www

 COPY --from=builder /etc/nginx/ /etc/nginx/
--- a/LICENSE.md
+++ b/LICENSE.md
@ -1,4 +1,4 @@
-Copyright © 2021 Daniel Wolf <<nephatrine@gmail.com>>
+Copyright © 2023 Daniel Wolf <<nephatrine@gmail.com>>

 **Permission to use, copy, modify, and distribute this software for any
 purpose with or without fee is hereby granted, provided that the above
--- a/README.md
+++ b/README.md
@ -9,11 +9,8 @@
 This docker container manages the NGINX application, a lightweight web server
 and reverse proxy.

- [Alpine Linux](https://alpinelinux.org/)
- [Skarnet Software](https://skarnet.org/software/)
- [S6 Overlay](https://github.com/just-containers/s6-overlay)
- [CertBot](https://certbot.eff.org/)
- [NGINX](https://www.nginx.com/)
+- [Alpine Linux](https://alpinelinux.org/) w/ [S6 Overlay](https://github.com/just-containers/s6-overlay)
+- [NGINX](https://www.nginx.com/) w/ [CertBot](https://certbot.eff.org/)

 You can spin up a quick temporary test container like this: