commit 111d6c2139d9ec8c9c29f3646672752ad84f73aa Author: Docker Images <> Date: Tue Feb 18 12:53:36 2025 +0300 Initial commit diff --git a/.gitea/workflows/build-and-push-image.yaml b/.gitea/workflows/build-and-push-image.yaml new file mode 100644 index 0000000..70668eb --- /dev/null +++ b/.gitea/workflows/build-and-push-image.yaml @@ -0,0 +1,65 @@ +name: Build and publish docker image + +on: [push] + +env: + CI: ON + + # Allow workflow to be manually run from the Gitea UI + workflow_dispatch: + +jobs: + build_and_push: + runs-on: act-runner-label + name: Builds the image and publishes to docker hub + container: + image: harbor.avroid.tech/docker-hub-proxy/catthehacker/ubuntu:act-latest + steps: + - run: printenv + + - name: Retrieve secrets from Hashicorp Vault + id: retrieve-secrets + uses: https://git-mirrors.avroid.tech/Mirrors-actions/vault-action.git@v3 + with: + url: https://vault.avroid.tech + method: approle + roleId: ${{ secrets.HVAULT_GITEA_ACTIONS_ROLE_ID }} + secretId: ${{ secrets.HVAULT_GITEA_ACTIONS_SECRET_ID }} + # Ниже указываем {путь к секрету в HVault} {имя ключа секрета} | {имя переменной окружения куда засетим значение секрета} + # Доступ к секретам осуществляется через заранее созданный AppRole "gitea-actions-role" в HVault и подключенную + # к ней политику "gitea-actions". В политике описывается доступ к необходимым секретам. Политику можно посмотреть + # через UI Hashicorp Vault. + secrets: | + team-devops/data/services/registry/Harbor/harbor.avroid.tech 'service.user.ci.login' | HARBOR_LOGIN ; + team-devops/data/services/registry/Harbor/harbor.avroid.tech 'service.user.ci.token' | HARBOR_TOKEN ; + + - name: Login to Harbor Docker Registry + uses: https://git-mirrors.avroid.tech/Mirrors-actions/login-action@v3 + with: + registry: https://harbor.avroid.tech + username: ${{ env.HARBOR_LOGIN }} + password: ${{ env.HARBOR_TOKEN }} + + - name: Check out repository code + uses: https://git-mirrors.avroid.tech/Mirrors-actions/checkout@v4 + + - name: "Build image" + run: | + make build + + - name: "Push image" + run: | + make push + if: ${{ gitea.ref == 'refs/heads/master' }} + + - name: "Clear image" + run: | + make clean + + - name: Create and push tag + run: | + git config user.name "Jenkins" + git config user.email "svc-jenkins@avroid.tech" + git tag $(make getTag) + git push origin $(make getTag) + if: ${{ gitea.ref == 'refs/heads/master' }} diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..a36deaf --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,9 @@ +# Changelog + +## 1.0 + +### 15.09.2023 + +CREATE: + +* Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..5e5ed62 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,39 @@ +ARG DOCKER_REGISTRY=harbor.avroid.tech/docker-hub-proxy/library + +# https://hub.docker.com/_/ubuntu +FROM ${DOCKER_REGISTRY}/ubuntu:22.04 +LABEL description="Base build image based on ubuntu 22.04" + +# Disable output interactive dialogs in console for service commands +ENV DEBIAN_FRONTEND=noninteractive + +# Nexus +ARG NEXUS_DOMAIN_NAME="nexus.avroid.tech" +ARG NEXUS_URL="https://${NEXUS_DOMAIN_NAME}" + +# swap basic os repos to nexus mirrors https://nexus.avroid.tech +RUN sed -ie "s/deb\ http\:\/\/archive.ubuntu.com\/ubuntu/deb\ [trusted=yes] https\:\/\/${NEXUS_DOMAIN_NAME}\/repository\/mirror-os-apt-ubuntu/g" /etc/apt/sources.list && \ + sed -ie "s/deb\ http\:\/\/security.ubuntu.com\/ubuntu/deb\ [trusted=yes] https\:\/\/${NEXUS_DOMAIN_NAME}\/repository\/mirror-os-apt-ubuntu/g" /etc/apt/sources.list && \ + echo "Acquire::https::${NEXUS_DOMAIN_NAME}::Verify-Peer \"false\";" > /etc/apt/apt.conf.d/99nexus_proxy_cert && \ + apt update && \ + apt install -y ca-certificates && \ + apt update && \ + apt clean && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +ENV TZ="Europe/Moscow" + +# Set timezone on Ubuntu +RUN apt update && \ + apt install -y --no-install-recommends tzdata && \ + ln -snf /usr/share/zoneinfo/${TZ} /etc/localtime && \ + dpkg-reconfigure -f noninteractive tzdata && \ + apt clean && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +# Upgrade OS in container +RUN apt update && \ + apt install -y --no-install-recommends apt-utils && \ + apt dist-upgrade -y && \ + apt clean && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..a67a050 --- /dev/null +++ b/Makefile @@ -0,0 +1,39 @@ +.PHONY: all build push clean + +IMAGE_NAME = template +IMAGE_GROUP = devops +IMAGE_TAG = 1.0 +REVISION = +DOCKER_REGISTRY = harbor.avroid.tech + +CI_FLAGS = + +ifeq ($(CI), true) + CI_FLAGS = --no-cache +endif + +all: + @echo 'DEFAULT:' + @echo ' make build' + @echo ' make push' + @echo ' make getTag' + @echo ' make clean' + +build: + DOCKER_BUILDKIT=1 docker build $(CI_FLAGS) \ + -f Dockerfile \ + --platform linux/amd64 \ + --build-arg IMAGE_TAG=$(IMAGE_TAG) \ + -t $(DOCKER_REGISTRY)/$(IMAGE_GROUP)/$(IMAGE_NAME):$(IMAGE_TAG)$(REVISION) . + +push: +ifeq ($(CI), false) + docker login https://$(DOCKER_REGISTRY) +endif + docker push $(DOCKER_REGISTRY)/$(IMAGE_GROUP)/$(IMAGE_NAME):$(IMAGE_TAG)$(REVISION) + +getTag: + @echo $(IMAGE_TAG) + +clean: + docker rmi $(DOCKER_REGISTRY)/$(IMAGE_GROUP)/$(IMAGE_NAME):$(IMAGE_TAG)$(REVISION) diff --git a/README.md b/README.md new file mode 100644 index 0000000..d1458ba --- /dev/null +++ b/README.md @@ -0,0 +1,28 @@ +# template-docker-image + +## Данный репозиторий используется как основа для остальных репозиториев + +Для сборки образа выполните + +```bash +make build +``` + +Для загрузки образа в harbor выполните + +```bash +make push +``` +Для вывода тега докер образа выполните + +```bash +make getTag +``` + +Для удаления образа из системы выполните + +```bash +make clean +``` + +За версию докер образа отвечает переменная IMAGE_TAG в [Makefile](./Makefile#L5)