continuing to test
Signed-off-by: James Strong <strong.james.e@gmail.com>
This commit is contained in:
James Strong
James Strong
parent
1d5bc6463b
commit
f898307b98
5 changed files with 56 additions and 49 deletions
|
|
@ -35,6 +35,8 @@ KEY ?= melange.rsa
|
|||
REPO ?= packages
|
||||
TEMPLATE ?= melange/nginx-templates.json
|
||||
MELANGE_OPTS ?= -k ${KEY}.pub --signing-key ${KEY} --arch ${ARCHS}
|
||||
MELANGE_INGRESS_OPT ?= -k ${KEY}.pub --signing-key ${KEY} --arch ${ARCHS} --empty-workspace
|
||||
APKO_OPTS ?= -k ${KEY}.pub --debug --build-arch ${ARCHS} ${APKO_DIR}/${FILE}.yaml
|
||||
KEY ?= melange.rsa
|
||||
REPO ?= $(shell pwd)/packages
|
||||
ARCHS?="amd64,arm64,arm/v6,arm/v7,s390x"
|
||||
|
|
@ -50,14 +52,17 @@ keygen: ## Generate Key pair for use with signing apks
|
|||
melange: ## Build melange $FILE
|
||||
${MELANGE} build ${MELANGE_DIR}/${FILE}.yaml ${MELANGE_OPTS} --template '$(shell cat ${TEMPLATE})'
|
||||
|
||||
ingress-melange:
|
||||
${MELANGE} build ${MELANGE_DIR}/${FILE}.yaml ${MELANGE_INGRESS_OPT} --template '$(shell cat ${TEMPLATE})'
|
||||
|
||||
nginx-melange:
|
||||
${MELANGE} build ${MELANGE_DIR}/${FILE}.yaml --source-dir ${MELANGE_DIR}/${FILE} ${MELANGE_OPTS} --template '$(shell cat ${TEMPLATE})'
|
||||
|
||||
apko-build: ## Build an apko pipeline with $KEY and $FILE
|
||||
${APKO} build -k ${KEY}.pub --debug ${APKO_DIR}/${FILE}.yaml $(IMAGE):$(TAG) $(IMAGE)-$(TAG).tar
|
||||
${APKO} build ${APKO_OPTS} $(IMAGE):$(TAG) $(IMAGE)-$(TAG).tar
|
||||
|
||||
apko-push: ## Push apko built container $IMAGE:$TAG to $REGISTRY
|
||||
${APKO} publish -k ${KEY}.pub --debug ${APKO_DIR}/${FILE}.yaml $(IMAGE):$(TAG)
|
||||
${APKO} publish ${APKO_OPTS} $(IMAGE):$(TAG)
|
||||
|
||||
load: ## Load apko built image into docker
|
||||
docker load < $(IMAGE)-$(TAG).tar
|
||||
|
|
@ -68,10 +73,10 @@ load: ## Load apko built image into docker
|
|||
build-all: clean-packages all-packages nginx-package ingress-packages ## Fresh build of all melange pipelines and apko files, default is all $ARCHS
|
||||
|
||||
nginx-test: ## Start $IMAGE:$TAG container and drop into bash shell
|
||||
docker run --rm -it --entrypoint bash --env-file .env $(IMAGE):$(TAG)
|
||||
docker run --rm -it --entrypoint bash --env-file .env $(REGISTRY)/$(IMAGE):$(TAG)
|
||||
|
||||
shell: ## Start Alpine base container, mount PWD and drop into sh
|
||||
docker run -it --rm -v "${PWD}":/work --entrypoint sh distroless.dev/alpine-base:latest
|
||||
docker run -it --rm -v "${PWD}":/work --env-file .env --group-add www-data --entrypoint sh distroless.dev/alpine-base:latest
|
||||
|
||||
check_clean:
|
||||
@echo -n "Are you sure? [y/N] " && read ans && [ $${ans:-N} = y ]
|
||||
|
|
|
|||
|
|
@ -44,46 +44,17 @@ accounts:
|
|||
run-as: 101
|
||||
|
||||
environments:
|
||||
PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/luajit/bin"
|
||||
PATH: "$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/luajit/bin"
|
||||
LUA_PATH: "/usr/local/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/lib/lua/?.lua;;"
|
||||
LUA_CPATH: "/usr/local/lib/lua/?/?.so;/usr/local/lib/lua/?.so;;"
|
||||
LUA_INCLUDE_DIR: "/usr/local/include/luajit-2.1"
|
||||
:u: "/usr/local/include/luajit-2.1"
|
||||
LUAJIT_INC: "/usr/local/include/luajit-2.1"
|
||||
LUAJIT_LIB: "/usr/local/lib"
|
||||
LUA_LIB_DIR: "/usr/local/lib/lua"
|
||||
|
||||
work-dir: /etc/nginx
|
||||
|
||||
entrypoint:
|
||||
command: "/usr/bin/dumb-init --"
|
||||
|
||||
cmd: /nginx-ingress-controller
|
||||
|
||||
paths:
|
||||
- path: /var/log/nginx/error.log
|
||||
type: symlink
|
||||
source: /dev/stderr
|
||||
permissions: 0o755
|
||||
- path: /var/log/nginx/access.log
|
||||
type: symlink
|
||||
source: /dev/stdout
|
||||
permissions: 0o755
|
||||
recursive: true
|
||||
- path: /usr/bin/nginx
|
||||
type: hardlink
|
||||
source: /usr/local/nginx/sbin/nginx
|
||||
permissions: 0o755
|
||||
recursive: true
|
||||
- path: /var/lib/nginx/proxy
|
||||
type: directory
|
||||
permissions: 0o755
|
||||
uid: 101
|
||||
gid: 101
|
||||
recursive: true
|
||||
- path: /etc/ingress-controller/auth
|
||||
type: directory
|
||||
permissions: 0o755
|
||||
uid: 101
|
||||
gid: 101
|
||||
recursive: true
|
||||
- path: /usr/local/
|
||||
type: directory
|
||||
permissions: 0o755
|
||||
|
|
@ -97,12 +68,34 @@ paths:
|
|||
gid: 101
|
||||
recursive: true
|
||||
- path: /usr/local/bin/lua
|
||||
type: hardlink
|
||||
type: symlink
|
||||
source: /usr/local/bin/luajit
|
||||
permissions: 0o755
|
||||
- path: /sbin/nginx
|
||||
type: hardlink
|
||||
uid: 101
|
||||
gid: 101
|
||||
- path: /usr/local/include/lua
|
||||
type: symlink
|
||||
source: /usr/local/include/luajit-2.1
|
||||
uid: 101
|
||||
gid: 101
|
||||
permissions: 0o755
|
||||
- path: /usr/include/lua5.1
|
||||
type: symlink
|
||||
source: /usr/local/include/luajit-2.1
|
||||
uid: 101
|
||||
gid: 101
|
||||
permissions: 0o755
|
||||
- path: /usr/local/nginx/sbin/nginx
|
||||
type: symlink
|
||||
source: /sbin/nginx
|
||||
uid: 101
|
||||
gid: 101
|
||||
permissions: 0o755
|
||||
- path: /usr/bin/nginx
|
||||
type: symlink
|
||||
source: /usr/local/nginx/sbin/nginx
|
||||
uid: 101
|
||||
gid: 101
|
||||
permissions: 0o755
|
||||
- path: /var/lib/
|
||||
type: directory
|
||||
|
|
@ -212,7 +205,3 @@ paths:
|
|||
type: directory
|
||||
permissions: 0o755
|
||||
recursive: true
|
||||
archs:
|
||||
- amd64
|
||||
- aarch64
|
||||
- armv7
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ contents:
|
|||
packages:
|
||||
- alpine-baselayout-data
|
||||
- geoip-dev
|
||||
- bash
|
||||
- nginx@local
|
||||
- opentracing@local
|
||||
- msgpack-cpp@local
|
||||
|
|
@ -54,12 +55,14 @@ paths:
|
|||
gid: 101
|
||||
recursive: true
|
||||
- path: /usr/local/bin/lua
|
||||
type: hardlink
|
||||
type: symlink
|
||||
source: /usr/local/bin/luajit
|
||||
permissions: 0o755
|
||||
- path: /sbin/nginx
|
||||
type: hardlink
|
||||
source: /usr/local/nginx/sbin/nginx
|
||||
- path: /usr/local/nginx/sbin/nginx
|
||||
type: symlink
|
||||
source: /sbin/nginx
|
||||
uid: 101
|
||||
gid: 101
|
||||
permissions: 0o755
|
||||
- path: /var/lib/
|
||||
type: directory
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@ environment:
|
|||
- git
|
||||
- openssh-client
|
||||
- make
|
||||
- libcap
|
||||
pipeline:
|
||||
- uses: git-checkout
|
||||
with:
|
||||
|
|
@ -56,3 +57,9 @@ pipeline:
|
|||
-X {{ .PKG }}/version.COMMIT={{ .COMMIT_SHA }} \
|
||||
-X {{ .PKG }}/version.REPO={{ .REPO_INFO }}" \
|
||||
-o "${{targets.destdir}}/nginx-ingress-controller" {{ .PKG }}/cmd/nginx
|
||||
|
||||
|
||||
setcap cap_net_bind_service=+ep ${{targets.destdir}}/nginx-ingress-controller \
|
||||
&& setcap -v cap_net_bind_service=+ep ${{targets.destdir}}/nginx-ingress-controller \
|
||||
&& setcap cap_net_bind_service=+ep ${{targets.destdir}}/usr/bin/dumb-init \
|
||||
&& setcap -v cap_net_bind_service=+ep ${{targets.destdir}}/usr/bin/dumb-init
|
||||
|
|
|
|||
|
|
@ -50,6 +50,7 @@ environment:
|
|||
- libxslt-dev
|
||||
- gd-dev
|
||||
- geoip-dev
|
||||
- libcap
|
||||
- perl-dev
|
||||
- libedit-dev
|
||||
- mercurial
|
||||
|
|
@ -466,7 +467,9 @@ pipeline:
|
|||
echo "Clean up owasp-modsecurity-crs"
|
||||
rm -rf ${{targets.destdir}}/etc/nginx/owasp-modsecurity-crs/.git
|
||||
rm -rf ${{targets.destdir}}/etc/nginx/owasp-modsecurity-crs/util/regression-tests
|
||||
|
||||
|
||||
setcap cap_net_bind_service=+ep ${{targets.destdir}}/usr/local/nginx/sbin/nginx \
|
||||
&& setcap -v cap_net_bind_service=+ep ${{targets.destdir}}/usr/local/nginx/sbin/nginx \
|
||||
echo "Clean up everything else"
|
||||
cd ${BUILD_PATH}
|
||||
rm -rf *.tar.gz ${BUILD_PATH}/ngx_devel_kit-{{ .NDK_VERSION }} \
|
||||
|
|
|
|||
Loading…
Reference in a new issue