diff --git a/.forgejo/workflows/build_keycloak.yml b/.forgejo/workflows/build_keycloak.yml deleted file mode 100644 index 7403007..0000000 --- a/.forgejo/workflows/build_keycloak.yml +++ /dev/null @@ -1,47 +0,0 @@ -name: Build Keycloak - -on: - workflow_dispatch: {} - push: {} - schedule: - - cron: "@daily" - -jobs: - build-container: - name: Build Keycloak Image - runs-on: docker - container: - image: ghcr.io/osscontainertools/kaniko:alpine - strategy: - matrix: - # renovate: datasource=docker depName=quay.io/keycloak/keycloak - keycloak-version: [ 26.6.0 ] - steps: - - name: Install required system packages - run: apk add --no-cache nodejs maven git - - - name: Checkout Source Code - uses: actions/checkout@v6 - - - name: Build attribute-endpoints-provider - run: | - git clone https://git.hamburg.ccc.de/CCCHH/keycloak-attribute-endpoints-provider.git - cd keycloak-attribute-endpoints-provider - mvn -f attribute-endpoints-provider verify - cp attribute-endpoints-provider/target/attribute-endpoints-provider-1.0-SNAPSHOT.jar ${{ forgejo.workspace }}/keycloak/attribute-endpoints-provider.jar - - - name: Build Container - env: - KANIKO_NO_PUSH: ${{ forgejo.ref_name != 'main' }} - KANIKO_GIT_HAMBURG_CCC_DE_USER: forgejo-actions - KANIKO_GIT_HAMBURG_CCC_DE_PASSWORD: ${{ secrets.PACKAGES_TOKEN }} - run: /kaniko/executor - --dockerfile="${{forgejo.workspace }}/keycloak/Containerfile" - --context="dir://${{ forgejo.workspace }}/keycloak" - --build-arg=TAG=${{ matrix.keycloak-version }} - --destination=git.hamburg.ccc.de/ccchh/oci-images/keycloak:${{ matrix.keycloak-version }} - --no-push-cache - --credential-helpers=env - --annotation=org.opencontainers.image.ref.name=keycloak - --annotation=org.opencontainers.image.url=${{ forgejo.server_url }}/${{ forgejo.repository }} - --annotation=org.opencontainers.image.source=${{ forgejo.server_url }}/${{ forgejo.repository }} diff --git a/.forgejo/workflows/build_nextcloud.yml b/.forgejo/workflows/build_nextcloud.yml deleted file mode 100644 index e2538a9..0000000 --- a/.forgejo/workflows/build_nextcloud.yml +++ /dev/null @@ -1,39 +0,0 @@ -name: Build Nextcloud - -on: - workflow_dispatch: {} - push: {} - schedule: - - cron: "@daily" - -jobs: - build-container: - name: Build Nextcloud ${{ matrix.nextcloud-version }} Image - runs-on: docker - container: - image: ghcr.io/osscontainertools/kaniko:alpine - strategy: - matrix: - nextcloud-version: [ 32, 33 ] - steps: - - name: Install required system packages - run: apk add --no-cache nodejs - - - name: Checkout Source Code - uses: actions/checkout@v6 - - - name: Build Container - env: - KANIKO_NO_PUSH: ${{ forgejo.ref_name != 'main' }} - KANIKO_GIT_HAMBURG_CCC_DE_USER: forgejo-actions - KANIKO_GIT_HAMBURG_CCC_DE_PASSWORD: ${{ secrets.PACKAGES_TOKEN }} - run: /kaniko/executor - --dockerfile="${{forgejo.workspace }}/nextcloud/Containerfile" - --context="dir://${{ forgejo.workspace }}/nextcloud" - --build-arg=TAG=${{ matrix.nextcloud-version }} - --destination=git.hamburg.ccc.de/ccchh/oci-images/nextcloud:${{ matrix.nextcloud-version }} - --no-push-cache - --credential-helpers=env - --annotation=org.opencontainers.image.ref.name=nextcloud - --annotation=org.opencontainers.image.url=${{ forgejo.server_url }}/${{ forgejo.repository }} - --annotation=org.opencontainers.image.source=${{ forgejo.server_url }}/${{ forgejo.repository }} diff --git a/.forgejo/workflows/build_penpot.yml b/.forgejo/workflows/build_penpot.yml deleted file mode 100644 index c067263..0000000 --- a/.forgejo/workflows/build_penpot.yml +++ /dev/null @@ -1,61 +0,0 @@ -name: Build Penpot - -on: - workflow_dispatch: {} - push: {} - schedule: - - cron: "@daily" - -jobs: - build-container: - name: Build Image penpot-${{ matrix.image-type }}:${{ matrix.penpot-version }} - runs-on: docker - container: - image: ghcr.io/osscontainertools/kaniko:alpine - strategy: - matrix: - penpot-version: [ "2.1.2" ] - image-type: [ frontend, backend, exporter ] - steps: - - name: Install required system packages - run: apk add --no-cache nodejs git curl - - - name: Clone penpot repo - run: | - git clone --branch="${{ matrix.penpot-version }}" https://github.com/penpot/penpot.git "${{ forgejo.workspace }}/penpot" - cd "${{ forgejo.workspace }}/penpot" - git submodule update --init --recursive - - - name: Patch penpot to work with kaniko - run: | - cd "${{ forgejo.workspace }}/penpot" - - # Get build system patch allowing for building images with kaniko. - # https://github.com/penpot/penpot/pull/4945 - # https://github.com/penpot/penpot/pull/4945/commits/752574bac789cc90cc218004bb9545cc6239895d - curl -sSL https://github.com/penpot/penpot/commit/752574bac789cc90cc218004bb9545cc6239895d.patch > 0001-move-entire-image-build-process-into-Dockerfiles.patch - - # Get patch disallowing registration with invitation token, when disable-login-with-password flag is set. - # https://github.com/penpot/penpot/issues/4975 - # https://github.com/june128/penpot/commit/f799da132bf5a51015859031f45154172fbf7cd0 - curl -sSL https://github.com/june128/penpot/commit/f799da132bf5a51015859031f45154172fbf7cd0.patch > 0002-hotfix-dont-allow-registration-with-invite-if-password-login- - - # apply patches - git config user.name "Woodpecker" - git config user.email "woodpecker@woodpecker.invalid" - git am *.patch - - - name: Build Container - env: - KANIKO_NO_PUSH: ${{ forgejo.ref_name != 'main' }} - KANIKO_GIT_HAMBURG_CCC_DE_USER: forgejo-actions - KANIKO_GIT_HAMBURG_CCC_DE_PASSWORD: ${{ secrets.PACKAGES_TOKEN }} - run: /kaniko/executor - --dockerfile="${{forgejo.workspace }}/penpot/docker/images/Dockerfile.${{ matrix.image-type }}" - --context="dir://${{ forgejo.workspace }}/penpot/" - --destination=git.hamburg.ccc.de/ccchh/oci-images/penpot-${{ matrix.image-type }}:${{ matrix.penpot-version }} - --no-push-cache - --credential-helpers=env - --annotation=org.opencontainers.image.ref.name=penpot-${{ matrix.image-type }} - --annotation=org.opencontainers.image.url=${{ forgejo.server_url }}/${{ forgejo.repository }} - --annotation=org.opencontainers.image.source=${{ forgejo.server_url }}/${{ forgejo.repository }} diff --git a/.woodpecker/keycloak.yaml b/.woodpecker/keycloak.yaml new file mode 100644 index 0000000..1414999 --- /dev/null +++ b/.woodpecker/keycloak.yaml @@ -0,0 +1,85 @@ +when: + - event: push + path: + - 'keycloak/**' + - '.woodpecker/keycloak.yaml' + - event: cron + cron: daily + +# Manually set a workspace path, so we can use it literally, without using +# ${CI_WORKSPACE}, when running kaniko, since using ${CI_WORKSPACE} doesn't work. +# https://github.com/woodpecker-ci/woodpecker/issues/3982 +workspace: + path: src + +# Use matrix to set KEYCLOAK_VERSION instead of setting the KEYCLOAK_VERSION as +# an environment variable in the build-images step, since string substitution +# doesn't work for custom environment variables. +# https://github.com/woodpecker-ci/woodpecker/issues/3983 +# Also because global environment variables aren't a thing. +matrix: + KEYCLOAK_VERSION: + # renovate: datasource=docker depName=quay.io/keycloak/keycloak + - 26.5.7 + IMAGE_NAME: + - git.hamburg.ccc.de/ccchh/oci-images/keycloak + +steps: + - name: setup-image-path + image: alpine + commands: + - mkdir /woodpecker/images + + - name: build-attribute-endpoints-provider + image: alpine + commands: + - apk -u add maven git + - git clone https://git.hamburg.ccc.de/CCCHH/keycloak-attribute-endpoints-provider.git + - cd keycloak-attribute-endpoints-provider + - mvn -f attribute-endpoints-provider verify + - cp attribute-endpoints-provider/target/attribute-endpoints-provider-1.0-SNAPSHOT.jar /woodpecker/src/keycloak/attribute-endpoints-provider.jar + + - name: build-image + image: gcr.io/kaniko-project/executor + entrypoint: + - /kaniko/executor + - --context=dir:///woodpecker/src/keycloak + - --dockerfile=./Containerfile + - --build-arg=TAG=${KEYCLOAK_VERSION} + - --destination=${IMAGE_NAME}:${KEYCLOAK_VERSION} + - --no-push + - --tar-path=/woodpecker/images/keycloak.tar + + - name: publish-image + image: alpine + environment: + GIT_API_TOKEN: + from_secret: GIT_API_TOKEN + commands: + - apk -u add crane + - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN + - crane push /woodpecker/images/keycloak.tar $IMAGE_NAME:$KEYCLOAK_VERSION-$CI_COMMIT_BRANCH + + - name: tag-version + image: alpine + when: + - branch: main + environment: + GIT_API_TOKEN: + from_secret: GIT_API_TOKEN + commands: + - apk -u add crane + - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN + - crane tag $IMAGE_NAME:$KEYCLOAK_VERSION-$CI_COMMIT_BRANCH $KEYCLOAK_VERSION + + - name: tag-latest + image: alpine + when: + - branch: main + environment: + GIT_API_TOKEN: + from_secret: GIT_API_TOKEN + commands: + - apk -u add crane + - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN + - crane tag $IMAGE_NAME:$KEYCLOAK_VERSION-$CI_COMMIT_BRANCH latest diff --git a/.woodpecker/nextcloud.yaml b/.woodpecker/nextcloud.yaml new file mode 100644 index 0000000..4639448 --- /dev/null +++ b/.woodpecker/nextcloud.yaml @@ -0,0 +1,78 @@ +when: + - event: push + path: + - 'nextcloud/**' + - '.woodpecker/nextcloud.yaml' + - event: cron + cron: daily + +# Manually set a workspace path, so we can use it literally, without using +# ${CI_WORKSPACE}, when running kaniko, since using ${CI_WORKSPACE} doesn't work. +# https://github.com/woodpecker-ci/woodpecker/issues/3982 +workspace: + path: src + +# Use matrix to set NEXTCLOUD_VERSION instead of setting the NEXTCLOUD_VERSION as +# an environment variable in the build-images step, since string substitution +# doesn't work for custom environment variables. +# https://github.com/woodpecker-ci/woodpecker/issues/3983 +# Also because global environment variables aren't a thing. +matrix: + NEXTCLOUD_VERSION: + - 30 + - 31 + - 32 + IMAGE_NAME: + - git.hamburg.ccc.de/ccchh/oci-images/nextcloud + +steps: + - name: setup-image-path + image: docker.io/library/alpine + commands: + - mkdir /woodpecker/images + + - name: build-image + image: gcr.io/kaniko-project/executor + entrypoint: + - /kaniko/executor + - --context=dir:///woodpecker/src/nextcloud + - --dockerfile=./Containerfile + - --build-arg=TAG=${NEXTCLOUD_VERSION} + - --destination=${IMAGE_NAME}:${NEXTCLOUD_VERSION} + - --no-push + - --tar-path=/woodpecker/images/nextcloud.tar + + - name: publish-image + image: docker.io/library/alpine + environment: + GIT_API_TOKEN: + from_secret: GIT_API_TOKEN + commands: + - apk -u add crane + - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN + - crane push /woodpecker/images/nextcloud.tar $IMAGE_NAME:$NEXTCLOUD_VERSION-$CI_COMMIT_BRANCH + + - name: tag-version + image: docker.io/library/alpine + when: + - branch: main + environment: + GIT_API_TOKEN: + from_secret: GIT_API_TOKEN + commands: + - apk -u add crane + - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN + - crane tag $IMAGE_NAME:$NEXTCLOUD_VERSION-$CI_COMMIT_BRANCH $NEXTCLOUD_VERSION + + - name: tag-latest + image: docker.io/library/alpine + when: + - branch: main + evaluate: 'NEXTCLOUD_VERSION == "29"' + environment: + GIT_API_TOKEN: + from_secret: GIT_API_TOKEN + commands: + - apk -u add crane + - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN + - crane tag $IMAGE_NAME:$NEXTCLOUD_VERSION-$CI_COMMIT_BRANCH latest diff --git a/.woodpecker/penpot.yaml b/.woodpecker/penpot.yaml new file mode 100644 index 0000000..8cedcbe --- /dev/null +++ b/.woodpecker/penpot.yaml @@ -0,0 +1,98 @@ +when: + - event: push + path: + - 'penpot/**' + - '.woodpecker/penpot.yaml' + - event: cron + cron: daily + +# Manually set a workspace path, so we can use it literally, without using +# ${CI_WORKSPACE}, when running kaniko, since using ${CI_WORKSPACE} doesn't work. +# https://github.com/woodpecker-ci/woodpecker/issues/3982 +workspace: + path: src + +# Use matrix to set PENPOT_VERSION instead of setting the PENPOT_VERSION as an +# environment variable in the build-images step, since string substitution +# doesn't work for custom environment variables. +# https://github.com/woodpecker-ci/woodpecker/issues/3983 +# Also because global environment variables aren't a thing. +matrix: + PENPOT_VERSION: + - 2.1.2 + IMAGE_BASE_NAME: + - git.hamburg.ccc.de/ccchh/oci-images/penpot + IMAGE_TYPE: + - frontend + - backend + - exporter + +steps: + - name: setup-image-path + image: alpine + commands: + - mkdir /woodpecker/images + + - name: setup-penpot-repo + image: alpine + commands: + - apk -u add git curl + - git clone --branch $PENPOT_VERSION https://github.com/penpot/penpot.git /woodpecker/penpot + - cd /woodpecker/penpot + - git submodule update --init --recursive + # Get build system patch allowing for building images with kaniko. + # https://github.com/penpot/penpot/pull/4945 + # https://github.com/penpot/penpot/pull/4945/commits/752574bac789cc90cc218004bb9545cc6239895d + - curl https://github.com/penpot/penpot/commit/752574bac789cc90cc218004bb9545cc6239895d.patch > 0001-move-entire-image-build-process-into-Dockerfiles.patch + # Get patch disallowing registration with invitation token, when disable-login-with-password flag is set. + # https://github.com/penpot/penpot/issues/4975 + # https://github.com/june128/penpot/commit/f799da132bf5a51015859031f45154172fbf7cd0 + - curl https://github.com/june128/penpot/commit/f799da132bf5a51015859031f45154172fbf7cd0.patch > 0002-hotfix-dont-allow-registration-with-invite-if-password-login-is-disabled.patch + - git config user.name "Woodpecker" + - git config user.email "woodpecker@woodpecker.invalid" + - git am *.patch + + - name: build-image + image: gcr.io/kaniko-project/executor + entrypoint: + - /kaniko/executor + - --context=dir:///woodpecker/penpot + - --dockerfile=./docker/images/Dockerfile.${IMAGE_TYPE} + - --destination=${IMAGE_BASE_NAME}/${IMAGE_TYPE}:${PENPOT_VERSION} + - --no-push + - --tar-path=/woodpecker/images/penpot-${IMAGE_TYPE}.tar + + - name: publish-image + image: docker.io/library/alpine + environment: + GIT_API_TOKEN: + from_secret: GIT_API_TOKEN + commands: + - apk -u add crane + - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN + - crane push /woodpecker/images/penpot-$IMAGE_TYPE.tar $IMAGE_BASE_NAME/$IMAGE_TYPE:$PENPOT_VERSION-$CI_COMMIT_BRANCH + + - name: tag-version + image: docker.io/library/alpine + when: + - branch: main + environment: + GIT_API_TOKEN: + from_secret: GIT_API_TOKEN + commands: + - apk -u add crane + - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN + - crane tag $IMAGE_BASE_NAME/$IMAGE_TYPE:$PENPOT_VERSION-$CI_COMMIT_BRANCH $PENPOT_VERSION + + - name: tag-latest + image: docker.io/library/alpine + when: + - branch: main + evaluate: 'PENPOT_VERSION == "2.1.2"' + environment: + GIT_API_TOKEN: + from_secret: GIT_API_TOKEN + commands: + - apk -u add crane + - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN + - crane tag $IMAGE_BASE_NAME/$IMAGE_TYPE:$PENPOT_VERSION-$CI_COMMIT_BRANCH latest