From 0de5ef1c769afbb189defffd0e439342ddc2869e Mon Sep 17 00:00:00 2001 From: Sameer Naik Date: Thu, 7 May 2020 14:42:29 +0530 Subject: [PATCH 1/2] updated to ubuntu:bionic-20200403 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index b32fb4e..94679b3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,11 +1,11 @@ -FROM ubuntu:bionic-20190612 AS add-apt-repositories +FROM ubuntu:bionic-20200403 AS add-apt-repositories RUN apt-get update \ && DEBIAN_FRONTEND=noninteractive apt-get install -y gnupg \ && apt-key adv --fetch-keys http://www.webmin.com/jcameron-key.asc \ && echo "deb http://download.webmin.com/download/repository sarge contrib" >> /etc/apt/sources.list -FROM ubuntu:bionic-20190612 +FROM ubuntu:bionic-20200403 LABEL maintainer="sameer@damagehead.com" From 5f0b941589c743ecce99f828de0ce4817cfc28cb Mon Sep 17 00:00:00 2001 From: Sameer Naik Date: Thu, 7 May 2020 14:52:18 +0530 Subject: [PATCH 2/2] updated ci pipeline --- .circleci/config.yml | 351 +++++++++++++++++++++++++++++++++------ entrypoint.sh | 44 ++--- scripts/release-notes.sh | 48 ++++++ 3 files changed, 374 insertions(+), 69 deletions(-) create mode 100755 scripts/release-notes.sh diff --git a/.circleci/config.yml b/.circleci/config.yml index 3f902c8..3e2beac 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,72 +1,327 @@ -version: 2 -jobs: - build: - working_directory: /workdir - docker: - - image: docker:18.03.0-ce-git - environment: - IMAGE_NAME: "sameersbn/bind" +version: 2.1 +orbs: + shellcheck: circleci/shellcheck@1.3.16 + docker: circleci/docker@1.0.1 + go: circleci/go@1.1.1 + +commands: + docker-build: + description: | + Build and optionally deploy a Docker images + parameters: + dockerfile: + default: Dockerfile + description: 'Name of dockerfile to use, defaults to Dockerfile' + type: string + extra_build_args: + default: '' + description: > + Extra flags to pass to docker build. For examples, see + https://docs.docker.com/engine/reference/commandline/build + type: string + registry: + default: docker.io + description: | + Comma separated list of registry to use, defaults to docker.io + type: string + image: + description: Name of image to build + type: string + tag: + default: $CIRCLE_SHA1 + description: 'Image tag, defaults to the value of $CIRCLE_SHA1' + type: string + path: + default: . + description: > + Path to the directory containing your Dockerfile and build context, + defaults to . (working directory) + type: string + cache_from: + default: '' + description: > + Comma-separated list of images, images will first be pulled, then passed + as the --cache-from build argument + https://docs.docker.com/engine/reference/commandline/build/ + type: string + no_output_timeout: + default: 10m + description: | + No output timeout for build step + type: string steps: - - checkout + - when: + condition: <> + steps: + - run: + name: Build image for <> + no_output_timeout: <> + command: > + echo "<>" | sed -n 1'p' | tr ',' '\n' | + while read image; do + echo "Pulling ${image}"; + docker pull ${image} || true + done + + docker_tag_args="" + + IFS="," read -ra DOCKER_REGISTRIES \<<< "<< parameters.registry >>" + + for registry in "${DOCKER_REGISTRIES[@]}"; do + IFS="," read -ra DOCKER_TAGS \<<< "<< parameters.tag >>" + + for tag in "${DOCKER_TAGS[@]}"; do + docker_tag_args="$docker_tag_args -t $registry/<>:${tag}" + done + done - - setup_remote_docker: - version: 18.03.1-ce + docker build + <<#parameters.extra_build_args>><><> + \ + --cache-from <> \ + -f <>/<> \ + $docker_tag_args \ + <> + - unless: + condition: <> + steps: + - run: + name: Building image for <> + no_output_timeout: <> + command: > + docker_tag_args="" + IFS="," read -ra DOCKER_REGISTRIES \<<< "<< parameters.registry >>" + + for registry in "${DOCKER_REGISTRIES[@]}"; do + IFS="," read -ra DOCKER_TAGS \<<< "<< parameters.tag >>" + + for tag in "${DOCKER_TAGS[@]}"; do + docker_tag_args="$docker_tag_args -t $registry/<>:${tag}" + done + done + + docker build + <<#parameters.extra_build_args>><><> + \ + -f <>/<> \ + $docker_tag_args \ + <> + + docker-save: + description: | + Save one or more images to a tar archive + parameters: + registry: + default: docker.io + description: | + Comma separated list of registry to use, defaults to docker.io + type: string + image: + description: Name of image to build + type: string + tag: + default: $CIRCLE_SHA1 + description: 'Image tag, defaults to the value of $CIRCLE_SHA1' + type: string + steps: - run: - name: Docker info - command: | - docker version - docker info + name: Save image to tar archive + command: > + docker_images="" + + IFS="," read -ra DOCKER_REGISTRIES \<<< "<< parameters.registry >>" - - restore_cache: - keys: - - cache-{{ .Branch }} + for registry in "${DOCKER_REGISTRIES[@]}"; do + IFS="," read -ra DOCKER_TAGS \<<< "<< parameters.tag >>" + + for tag in "${DOCKER_TAGS[@]}"; do + docker_images="$docker_images $registry/<>:${tag}" + done + done + + mkdir -p ~/docker/ + + docker save -o ~/docker/docker-images.tar $docker_images + - persist_to_workspace: + root: ~/ paths: - - /cache/layers.tar + - docker + docker-load: + description: | + Load tar archive + steps: + - attach_workspace: + at: ~/ - run: - name: Loading docker cache - command: | - if [[ -f /cache/layers.tar ]]; then - docker load -i /cache/layers.tar - fi + name: Load images from tar archive + command: > + docker load -i ~/docker/docker-images.tar - - run: - name: Build docker image - command: | - docker build --cache-from=${IMAGE_NAME} -t ${IMAGE_NAME} . + docker-publish: + description: | + Build and optionally deploy a Docker images + parameters: + pr: + default: '' + type: string + registry: + default: docker.io + description: | + Comma separated list of registry to use, defaults to docker.io + type: string + image: + description: Name of image to build + type: string + tag: + default: $CIRCLE_SHA1 + description: 'Image tag, defaults to the value of $CIRCLE_SHA1' + type: string + steps: + - unless: + condition: <> + steps: + - run: + name: Publish image for <> + command: > + IFS="," read -ra DOCKER_REGISTRIES \<<< "<< parameters.registry >>" - - run: - name: Launching container for testing - command: | - docker network create testnet - docker run --name bind-server -d --net testnet $IMAGE_NAME - sleep 5 + for registry in "${DOCKER_REGISTRIES[@]}"; do + IFS="," read -ra DOCKER_TAGS \<<< "<< parameters.tag >>" + + for tag in "${DOCKER_TAGS[@]}"; do + docker push $registry/<< parameters.image>>:${tag} + done + done + +jobs: + build: + executor: docker/machine + steps: + - checkout + - docker-build: + registry: docker.io,quay.io + image: sameersbn/bind + tag: ${CIRCLE_TAG:-latest} + cache_from: docker.io/sameersbn/bind:latest + - docker-save: + registry: docker.io,quay.io + image: sameersbn/bind + tag: ${CIRCLE_TAG:-latest} + test: + executor: docker/machine + steps: + - checkout + - docker-load + - run: + name: Create test network + command: docker network create testnet + - run: + name: Launch bind container + command: docker run --name bind -d --net testnet sameersbn/bind:${CIRCLE_TAG:-latest} + - run: + name: Wait for container bootup + command: sleep 15 + - run: + name: Container info + command: docker ps -a - run: - name: Testing image + name: Test image command: | - docker run --rm --net testnet $IMAGE_NAME host www.google.com bind-server + docker run --rm --net testnet sameersbn/bind:${CIRCLE_TAG:-latest} host www.google.com bind + publish-dockerhub: + executor: docker/machine + steps: + - docker-load + - docker/check: + registry: docker.io + docker-username: DOCKER_LOGIN + docker-password: DOCKER_PASSWORD + - docker-publish: + registry: docker.io + image: sameersbn/bind + tag: ${CIRCLE_TAG:-latest} + + publish-quay: + executor: docker/machine + steps: + - docker-load + - docker/check: + registry: quay.io + docker-username: DOCKER_LOGIN + docker-password: DOCKER_PASSWORD + - docker-publish: + registry: quay.io + image: sameersbn/bind + tag: ${CIRCLE_TAG:-latest} + + release: + executor: + name: go/default + tag: '1.14' + steps: + - checkout + - run: + name: Installing github-release tool + command: go get github.com/meterup/github-release - run: - name: Generate docker build image cache + name: Creating github release command: | - mkdir -p /cache - docker save -o /cache/layers.tar ${IMAGE_NAME} - - - save_cache: - key: cache-{{ .Branch }}-{{ epoch }} - paths: - - /cache/layers.tar + PRE_RELEASE=${CIRCLE_TAG/${CIRCLE_TAG%-rc[0-9]*}/} + github-release delete -u ${CIRCLE_PROJECT_USERNAME} -r ${CIRCLE_PROJECT_REPONAME} -t ${CIRCLE_TAG} 2>/dev/null ||: + ./scripts/release-notes.sh ${CIRCLE_TAG} | github-release release ${PRE_RELEASE:+-p} -u ${CIRCLE_PROJECT_USERNAME} -r ${CIRCLE_PROJECT_REPONAME} -t ${CIRCLE_TAG} -d - + for f in $(find /tmp/dist -type f); do github-release upload -u ${CIRCLE_PROJECT_USERNAME} -r ${CIRCLE_PROJECT_REPONAME} -t ${CIRCLE_TAG} -n $(basename ${f}) -f ${f} ; done workflows: - version: 2 - build-and-test: + build-test-and-release: jobs: + - shellcheck/check: + name: shellcheck + ignore: SC2086,SC2181 + filters: + tags: + only: /^([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$/ - build: + requires: + - shellcheck + filters: + tags: + only: /^([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$/ + - test: + requires: + - build + filters: + tags: + only: /^([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$/ + - publish-dockerhub: + context: dockerhub + requires: + - test filters: branches: - only: /.*/ + only: master + tags: + only: /^([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$/ + - publish-quay: + context: quay + requires: + - test + filters: tags: - only: /.*/ + only: /^([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$/ + branches: + only: master + - release: + context: github + requires: + - publish-dockerhub + - publish-quay + filters: + tags: + only: /^([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$/ + branches: + ignore: /.*/ diff --git a/entrypoint.sh b/entrypoint.sh index e6d1418..3381555 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -6,21 +6,21 @@ set -e # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of # "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" } file_env 'ROOT_PASSWORD' @@ -84,12 +84,14 @@ set_root_passwd() { } create_pid_dir() { - mkdir -m 0775 -p /var/run/named + mkdir -p /var/run/named + chmod 0775 /var/run/named chown root:${BIND_USER} /var/run/named } create_bind_cache_dir() { - mkdir -m 0775 -p /var/cache/bind + mkdir -p /var/cache/bind + chmod 0775 /var/cache/bind chown root:${BIND_USER} /var/cache/bind } @@ -112,10 +114,10 @@ create_bind_cache_dir # allow arguments to be passed to named if [[ ${1:0:1} = '-' ]]; then - EXTRA_ARGS="$@" + EXTRA_ARGS="$*" set -- -elif [[ ${1} == named || ${1} == $(which named) ]]; then - EXTRA_ARGS="${@:2}" +elif [[ ${1} == named || ${1} == "$(command -v named)" ]]; then + EXTRA_ARGS="${*:2}" set -- fi @@ -130,7 +132,7 @@ if [[ -z ${1} ]]; then fi echo "Starting named..." - exec $(which named) -u ${BIND_USER} -g ${EXTRA_ARGS} + exec "$(command -v named)" -u ${BIND_USER} -g ${EXTRA_ARGS} else exec "$@" fi diff --git a/scripts/release-notes.sh b/scripts/release-notes.sh new file mode 100755 index 0000000..7924cf0 --- /dev/null +++ b/scripts/release-notes.sh @@ -0,0 +1,48 @@ +#!/usr/bin/env sh + +RELEASE=${GIT_TAG:-$1} + +if [ -z "${RELEASE}" ]; then + echo "Usage:" + echo "./scripts/release-notes.sh v0.1.0" + exit 1 +fi + +if ! git rev-list ${RELEASE} >/dev/null 2>&1; then + echo "${RELEASE} does not exist" + exit +fi + +PREV_RELEASE=${PREV_RELEASE:-$(git describe --tags --abbrev=0 ${RELEASE}^)} +PREV_RELEASE=${PREV_RELEASE:-$(git rev-list --max-parents=0 ${RELEASE}^)} +NOTABLE_CHANGES=$(git cat-file -p ${RELEASE} | sed '/-----BEGIN PGP SIGNATURE-----/,//d' | tail -n +6) +CHANGELOG=$(git log --no-merges --pretty=format:'- [%h] %s (%aN)' ${PREV_RELEASE}..${RELEASE}) +if [ $? -ne 0 ]; then + echo "Error creating changelog" + exit 1 +fi + +cat <