diff --git a/.binenv.lock b/.binenv.lock new file mode 100644 index 0000000..9af9c9e --- /dev/null +++ b/.binenv.lock @@ -0,0 +1,5 @@ +helm=3.13.3 +kubectl=1.34 +kubeseal=0.24.5 +minikube=1.37.0 +skaffold=2.10.0 diff --git a/.github/workflows/oscms-ci-docker.yml b/.github/workflows/oscms-ci-docker.yml index 2bbe254..4c4aae7 100644 --- a/.github/workflows/oscms-ci-docker.yml +++ b/.github/workflows/oscms-ci-docker.yml @@ -25,6 +25,7 @@ on: env: CI_REGISTRY: ghcr.io CI_REGISTRY_IMAGE: ghcr.io/openscms/oscms-ci-docker + CI_SERVER_REGISTRY_IMAGE: ghcr.io/openscms/oscms-server-ci-docker concurrency: group: "${{ github.ref }}" @@ -82,3 +83,55 @@ jobs: - name: Image digest run: echo ${{ steps.push.outputs.digest }} + + build-server-docker-ci-image: + runs-on: + - ubuntu-latest + + permissions: + contents: read + packages: write + attestations: write + id-token: write + + timeout-minutes: 60 + + steps: + - name: Checkout repository + uses: actions/checkout@v4.1.0 + with: + fetch-depth: 0 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3.0.0 + with: + registry: ${{ env.CI_REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Get image metadata + id: meta + uses: docker/metadata-action@v5.0.0 + with: + images: ${{ env.CI_SERVER_REGISTRY_IMAGE }} + tags: | + type=raw,value=latest,enable={{ is_default_branch }} + type=ref,event=tag + type=ref,event=pr + + - name: Build and push Docker image + id: push + uses: docker/build-push-action@v5.0.0 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=registry,ref=${{ env.CI_SERVER_REGISTRY_IMAGE }}:latest + file: openscms-server-ci.dockerfile + + - name: Image digest + run: echo ${{ steps.push.outputs.digest }} diff --git a/README.md b/README.md index 7d8b17b..faf8c7b 100644 --- a/README.md +++ b/README.md @@ -19,17 +19,20 @@ SPDX-License-Identifier: Apache-2.0 # oscms-ci-docker -This repository provides a docker container/image which is primarily used for CI purposes in the other code repositories of the Open SCMS project. It can also be used for local development (to avoid installing all the build dependencies on your host system), and potentially as a `VS Code` development container. +This repository provides docker images which ire primarily used for CI purposes in the other code repositories of the Open SCMS project. They can also be used for local development (to avoid installing all the build dependencies on your host system), and potentially as a `VS Code` development containers. + +* `oscms-ci-docker` is used for all of the C and C++ based repositories. +* `oscms-server-ci-docker` is used for the Rust OpenSCMS repository. This is missing tools such as `valgrind` and `cppcheck` ## Table of Contents -- [Building the image and using it locally](#building-the-image-and-using-it-locally) -- [Pulling the image from GitHub](#pulling-the-image-from-github) -- [Contributing](#contributing) -- [License](#license) +* [Building an image and using it locally](#building-an-image-and-using-it-locally) +* [Pulling the images from GitHub](#pulling-the-images-from-github) +* [Contributing](#contributing) +* [License](#license) -## Building the image and using it locally +## Building an image and using it locally Clone the repository and build the image @@ -37,23 +40,32 @@ Clone the repository and build the image git clone git@github.com:OpenSCMS/oscms-ci-docker.git cd oscms-ci-docker docker build -t oscms-ci-docker . -f openscms-ci.dockerfile +docker build -t oscms-server-ci-docker . -f openscms-server-ci.dockerfile ``` -Now change to the directory where you cloned the code repositories and run the container thus +Now change to the directory where you cloned the code repositories and run the container. Either ```bash docker run -ti --rm --volume $PWD:/WORK --user $(id -u):$(id -g) \ oscms-ci-docker ``` +or + +```bash +docker run -ti --rm --volume $PWD:/WORK --user $(id -u):$(id -g) \ + oscms-server-ci-docker +``` + This will place you in a `bash` shell within the container, with your cloned source available at `/WORK`. Your user inside the container will have the same group and user id as on your host, so any changes you make will have the correct permissions. -## Pulling the image from GitHub +## Pulling the images from GitHub -The image is published on `ghcr.io` as a public image. Simply pull it as follows +The images are published on `ghcr.io` as a public images. Simply pull them as follows ```bash docker pull ghcr.io/openscms/oscms-ci-docker:latest +docker pull ghcr.io/openscms/oscms-server-ci-docker:latest ``` You can then run it as shown below. @@ -63,6 +75,11 @@ docker run -ti --rm --volume $PWD:/WORK --user $(id -u):$(id -g) \ ghcr.io/openscms/oscms-ci-docker:latest ``` +```bash +docker run -ti --rm --volume $PWD:/WORK --user $(id -u):$(id -g) \ + ghcr.io/openscms/oscms-server-ci-docker:latest +``` + ## Contributing Contributions are welcome. Please see the [CONTRIBUTING file](https://github.com/OpenSCMS/.github/blob/main/CONTRIBUTING.md) for details, including the Code of Conduct and C Style Guide. diff --git a/openscms-server-ci.dockerfile b/openscms-server-ci.dockerfile new file mode 100644 index 0000000..a388ae1 --- /dev/null +++ b/openscms-server-ci.dockerfile @@ -0,0 +1,65 @@ +# Copyright (c) 2025 LG Electronics, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http:#www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 + +# This image is used for all CI jobs. It may load a lot of stuff. but not having +# to rebuild it for every job in a pipeline saves a lot of time. +# +# It can also be pulled from the main repo to use as a base image for a development +# environment in vscode. + +FROM rust:1-trixie + +# Install all basic tools - not build dependencies. We do them last to maximize layer cacheing +RUN DEBIAN_FRONTEND=noninteractive apt-get update -qy && \ + DEBIAN_FRONTEND=noninteractive apt-get -qy install \ + clang \ + cmake + +# Install anything needed to compile successfully +RUN DEBIAN_FRONTEND=noninteractive apt-get -qy install \ + libclang-dev \ + llvm-dev \ + libzip-dev \ + libssl-dev + +# Add Rust components +RUN rustup component add rustfmt && \ + rustup component add clippy + +# Cleanup the apt cache. If you need to install anything else, you will need to re-run apt update +RUN rm -rf /var/lib/apt/lists + +# Install binenv and the tools we use +# +# Note we install, and use, it globally (see https://github.com/devops-works/binenv/blob/develop/SYSTEM.md) +# +ENV BINENV_GLOBAL=true +RUN wget -q https://github.com/devops-works/binenv/releases/download/v0.19.0/binenv_linux_amd64 && \ + wget -q https://github.com/devops-works/binenv/releases/download/v0.19.0/checksums.txt && \ + sha256sum --check --ignore-missing checksums.txt && \ + mv binenv_linux_amd64 binenv && \ + chmod +x binenv && \ + ./binenv -g update && \ + ./binenv -g install binenv && \ + rm ./binenv + +# Do this last, as .binenv.lock can change with each MR. That maximizes layer reuse +COPY .binenv.lock ./.binenv.lock +RUN binenv -g install -l + +# Cleanup the apt cache. If you need to install anything else, you will need to re-run apt update +RUN rm -rf /var/lib/apt/lists +