diff --git a/ci/.dockerignore b/ci/.dockerignore new file mode 100644 index 000000000..df5e3103a --- /dev/null +++ b/ci/.dockerignore @@ -0,0 +1,6 @@ +.git +.gitignore +.github +.gitattributes +READMETEMPLATE.md +README.md \ No newline at end of file diff --git a/ci/Dockerfile b/ci/Dockerfile new file mode 100644 index 000000000..498f20af5 --- /dev/null +++ b/ci/Dockerfile @@ -0,0 +1,77 @@ +FROM docker:dind + +# set labels +LABEL maintainer="Nightah" + +# set application versions +ARG ARCH="amd64" +ARG BUILDKITE_VERSION="3.17.0" +ARG OVERLAY_VERSION="v1.22.1.0" + +# environment variables +ENV PS1="$(whoami)@$(hostname):$(pwd)$ " \ +HOME="/buildkite" \ +TERM="xterm" + +# set runtime variables +ENV BUILDKITE_AGENT_CONFIG=/buildkite/buildkite-agent.cfg \ +GOPATH="/buildkite/.go" + +# add local files +COPY root/ / + +# modifications +RUN \ + echo "**** Install Authelia CI pre-requisites ****" && \ + echo "@edge http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories && \ + echo "@edget http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \ + apk add --no-cache \ + bash \ + ca-certificates \ + coreutils \ + chromium \ + chromium-chromedriver \ + curl \ + docker-compose \ + git \ + hub@edget \ + go@edge \ + jq \ + libc6-compat \ + libstdc++ \ + nodejs \ + npm \ + openssh-client \ + perl \ + rsync \ + shadow \ + sudo \ + tzdata \ + yarn@edge && \ + echo "**** Add s6 overlay ****" && \ + cd /tmp && \ + curl -Lfs -o s6-overlay.tar.gz "https://github.com/just-containers/s6-overlay/releases/download/${OVERLAY_VERSION}/s6-overlay-${ARCH}.tar.gz" && \ + tar xfz s6-overlay.tar.gz -C / && \ + echo "**** Patch CVE-2019-5021 ****" && \ + sed -i -e 's/^root::/root:!:/' /etc/shadow && \ + echo "**** Create abc user and make our folders ****" && \ + useradd -u 911 -U -d /buildkite -s /bin/false abc && \ + usermod -G wheel abc && \ + sed -i 's/# %wheel/%wheel/g' /etc/sudoers && \ + echo "**** Install Buildkite ****" && \ + mkdir -p /buildkite/builds /buildkite/hooks /buildkite/plugins && \ + curl -Lfs -o /usr/local/bin/ssh-env-config.sh https://raw.githubusercontent.com/buildkite/docker-ssh-env-config/master/ssh-env-config.sh && \ + chmod +x /usr/local/bin/ssh-env-config.sh && \ + curl -Lfs -o buildkite-agent.tar.gz https://github.com/buildkite/agent/releases/download/v${BUILDKITE_VERSION}/buildkite-agent-linux-${ARCH}-${BUILDKITE_VERSION}.tar.gz && \ + tar xf buildkite-agent.tar.gz && \ + sed -i 's/token=/#token=/g' buildkite-agent.cfg && \ + sed -i 's/\$HOME\/.buildkite-agent/\/buildkite/g' buildkite-agent.cfg && \ + mv buildkite-agent.cfg /buildkite/buildkite-agent.cfg && \ + mv buildkite-agent /usr/local/bin/buildkite-agent && \ + echo "**** Cleanup ****" && \ + rm -rf /tmp/* + +# ports and volumes +VOLUME /buildkite + +ENTRYPOINT ["/init"] \ No newline at end of file diff --git a/ci/root/etc/cont-init.d/10-adduser b/ci/root/etc/cont-init.d/10-adduser new file mode 100644 index 000000000..149a2318a --- /dev/null +++ b/ci/root/etc/cont-init.d/10-adduser @@ -0,0 +1,29 @@ +#!/usr/bin/with-contenv bash + +PUID=${PUID:-911} +PGID=${PGID:-911} + +groupmod -o -g "$PGID" abc +usermod -o -u "$PUID" abc + +cat <<'EOF' +-------------------------------------------- + / \ _ _| |_| |__ ___| (_) __ _ + / _ \| | | | __| '_ \ / _ \ | |/ _` | + / ___ \ |_| | |_| | | | __/ | | (_| | +/_/ \_\__,_|\__|_| |_|\___|_|_|\__,_| + ____ ___ + / ___|_ _| + | | | | + | |___ | | + \____|___| +-------------------------------------------- +GID/UID +-------------------------------------------- +EOF +echo " +User uid: $(id -u abc) +User gid: $(id -g abc) +-------------------------------------------- +" +chown abc:abc /buildkite \ No newline at end of file diff --git a/ci/root/etc/cont-init.d/30-config b/ci/root/etc/cont-init.d/30-config new file mode 100644 index 000000000..cc887d50b --- /dev/null +++ b/ci/root/etc/cont-init.d/30-config @@ -0,0 +1,5 @@ +#!/usr/bin/with-contenv bash + +# permissions +chown -R abc:abc \ + /buildkite \ No newline at end of file diff --git a/ci/root/etc/docker/daemon.json b/ci/root/etc/docker/daemon.json new file mode 100644 index 000000000..e14a48e8b --- /dev/null +++ b/ci/root/etc/docker/daemon.json @@ -0,0 +1,3 @@ +{ + "registry-mirrors": ["http://registrycache:5000"] +} \ No newline at end of file diff --git a/ci/root/etc/services.d/buildkite/run b/ci/root/etc/services.d/buildkite/run new file mode 100644 index 000000000..cf147223c --- /dev/null +++ b/ci/root/etc/services.d/buildkite/run @@ -0,0 +1,4 @@ +#!/usr/bin/with-contenv bash + +exec \ + s6-setuidgid abc ssh-env-config.sh /usr/local/bin/buildkite-agent start \ No newline at end of file diff --git a/ci/root/etc/services.d/dockerd/run b/ci/root/etc/services.d/dockerd/run new file mode 100644 index 000000000..567d53f94 --- /dev/null +++ b/ci/root/etc/services.d/dockerd/run @@ -0,0 +1,4 @@ +#!/usr/bin/with-contenv bash + +exec \ + s6-setuidgid root dockerd-entrypoint.sh > /dev/null 2>&1 \ No newline at end of file diff --git a/ci/root/etc/services.d/dockerperms/run b/ci/root/etc/services.d/dockerperms/run new file mode 100644 index 000000000..51364ac1b --- /dev/null +++ b/ci/root/etc/services.d/dockerperms/run @@ -0,0 +1,8 @@ +#!/usr/bin/with-contenv bash + +while [ ! -S "/run/docker.sock" ]; +do + sleep 1; +done +chown root:abc /run/docker.sock +tail -f /dev/null \ No newline at end of file