Add Buildkite CI tooling

ci/.dockerignore

@@ -0,0 +1,6 @@
+.git
+.gitignore
+.github
+.gitattributes
+READMETEMPLATE.md
+README.md

ci/Dockerfile

@@ -0,0 +1,77 @@
+FROM docker:dind
+
+# set labels
+LABEL maintainer="Nightah"
+
+# set application versions
+ARG ARCH="amd64"
+ARG BUILDKITE_VERSION="3.17.0"
+ARG OVERLAY_VERSION="v1.22.1.0"
+
+# environment variables
+ENV PS1="$(whoami)@$(hostname):$(pwd)$ " \
+HOME="/buildkite" \
+TERM="xterm"
+
+# set runtime variables
+ENV BUILDKITE_AGENT_CONFIG=/buildkite/buildkite-agent.cfg \
+GOPATH="/buildkite/.go"
+
+# add local files
+COPY root/ /
+
+# modifications
+RUN \
+ echo "**** Install Authelia CI pre-requisites ****" && \
+   echo "@edge http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories && \
+   echo "@edget http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \
+   apk add --no-cache \
+     bash \
+     ca-certificates \
+     coreutils \
+     chromium \
+     chromium-chromedriver \
+     curl \
+     docker-compose \
+     git \
+     hub@edget \
+     go@edge \
+     jq \
+     libc6-compat \
+     libstdc++ \
+     nodejs \
+     npm \
+     openssh-client \
+     perl \
+     rsync \
+     shadow \
+     sudo \
+     tzdata \
+     yarn@edge && \
+ echo "**** Add s6 overlay ****" && \
+   cd /tmp && \
+   curl -Lfs -o s6-overlay.tar.gz "https://github.com/just-containers/s6-overlay/releases/download/${OVERLAY_VERSION}/s6-overlay-${ARCH}.tar.gz" && \
+   tar xfz s6-overlay.tar.gz -C / && \
+ echo "**** Patch CVE-2019-5021 ****" && \
+   sed -i -e 's/^root::/root:!:/' /etc/shadow && \
+ echo "**** Create abc user and make our folders ****" && \
+   useradd -u 911 -U -d /buildkite -s /bin/false abc && \
+   usermod -G wheel abc && \
+   sed -i 's/# %wheel/%wheel/g' /etc/sudoers && \
+ echo "**** Install Buildkite ****" && \
+   mkdir -p /buildkite/builds /buildkite/hooks /buildkite/plugins && \
+   curl -Lfs -o /usr/local/bin/ssh-env-config.sh https://raw.githubusercontent.com/buildkite/docker-ssh-env-config/master/ssh-env-config.sh && \
+   chmod +x /usr/local/bin/ssh-env-config.sh && \
+   curl -Lfs -o buildkite-agent.tar.gz https://github.com/buildkite/agent/releases/download/v${BUILDKITE_VERSION}/buildkite-agent-linux-${ARCH}-${BUILDKITE_VERSION}.tar.gz && \
+   tar xf buildkite-agent.tar.gz && \
+   sed -i 's/token=/#token=/g' buildkite-agent.cfg && \
+   sed -i 's/\$HOME\/.buildkite-agent/\/buildkite/g' buildkite-agent.cfg && \
+   mv buildkite-agent.cfg /buildkite/buildkite-agent.cfg && \
+   mv buildkite-agent /usr/local/bin/buildkite-agent && \
+ echo "**** Cleanup ****" && \
+   rm -rf /tmp/*
+
+# ports and volumes
+VOLUME /buildkite
+
+ENTRYPOINT ["/init"]

ci/root/etc/cont-init.d/10-adduser

@@ -0,0 +1,29 @@
+#!/usr/bin/with-contenv bash
+
+PUID=${PUID:-911}
+PGID=${PGID:-911}
+
+groupmod -o -g "$PGID" abc
+usermod -o -u "$PUID" abc
+
+cat <<'EOF'
+--------------------------------------------
+   / \  _   _| |_| |__   ___| (_) __ _
+  / _ \| | | | __| '_ \ / _ \ | |/ _` |
+ / ___ \ |_| | |_| | | |  __/ | | (_| |
+/_/   \_\__,_|\__|_| |_|\___|_|_|\__,_|
+                ____ ___
+               / ___|_ _|
+              | |    | |
+              | |___ | |
+               \____|___|
+--------------------------------------------
+GID/UID
+--------------------------------------------
+EOF
+echo "
+User uid:    $(id -u abc)
+User gid:    $(id -g abc)
+--------------------------------------------
+"
+chown abc:abc /buildkite

ci/root/etc/cont-init.d/30-config

@@ -0,0 +1,5 @@
+#!/usr/bin/with-contenv bash
+
+# permissions
+chown -R abc:abc \
+	/buildkite

ci/root/etc/docker/daemon.json

@@ -0,0 +1,3 @@
+{
+  "registry-mirrors": ["http://registrycache:5000"]
+}

ci/root/etc/services.d/buildkite/run

@@ -0,0 +1,4 @@
+#!/usr/bin/with-contenv bash
+
+exec \
+	s6-setuidgid abc ssh-env-config.sh /usr/local/bin/buildkite-agent start

ci/root/etc/services.d/dockerd/run

@@ -0,0 +1,4 @@
+#!/usr/bin/with-contenv bash
+
+exec \
+	s6-setuidgid root dockerd-entrypoint.sh > /dev/null 2>&1

ci/root/etc/services.d/dockerperms/run

@@ -0,0 +1,8 @@
+#!/usr/bin/with-contenv bash
+
+while [ ! -S "/run/docker.sock" ];
+do
+  sleep 1;
+done
+chown root:abc /run/docker.sock
+tail -f /dev/null