feat: Bump to Samba 4.16.4 (#6)

* refactor(ci): Use Todie spec * feat: bump to 4.16.4 * fix: disable alpine package upgrade Due to this bug GoogleContainerTools/kaniko#1297
coreweave · Oct 11, 2022 · 5ce979b · 5ce979b
1 parent 6e472c6
commit 5ce979b
Show file tree

Hide file tree

Showing 5 changed files with 207 additions and 30 deletions.
diff --git a/.github/workflows/mirror.yaml b/.github/workflows/mirror.yaml
@@ -0,0 +1,16 @@
+name: Mirror to Gitlab
+
+on: [push]
+
+jobs:
+  mirror:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - uses: yesolutions/[email protected]
+        with:
+          REMOTE: 'https://gitlab.com/${{ github.repository }}'
+          GIT_USERNAME: ${{ secrets.ORG_GITLAB_SYNC_UN }}
+          GIT_PASSWORD: ${{ secrets.ORG_GITLAB_SYNC_PW }}
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -1,33 +1,138 @@
-image: docker:stable
+# following instructions in https://docs.gitlab.com/ee/ci/docker/using_kaniko.html
+# kaniko docs: https://github.com/GoogleContainerTools/kaniko
+default:
+  image:
+    name: gcr.io/kaniko-project/executor:v1.8.1-debug
+    entrypoint: [""]
+  tags:
+    - ord1-tenant
 
-stages:
-  - build
+workflow:
+  rules:
+    - if: $CI_COMMIT_TAG
+      when: never
+    - if: '$CI_PIPELINE_SOURCE == "push" || $CI_PIPELINE_SOURCE == "web" || $CI_PIPELINE_SOURCE == "pipeline" || $CI_COMMIT_REF_NAME == "master"'
+      when: always
 
 variables:
-  DOCKER_DRIVER: overlay2
-  CONTAINER_TEST_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
-  CONTAINER_RELEASE_IMAGE: $CI_REGISTRY_IMAGE:latest
-  TRIVY_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+  # kaniko caching docs: https://cloud.google.com/build/docs/kaniko-cache
+  # KANIKO_CACHE_HOST: "kaniko-cache-docker-registry.kaniko.svc"
+  # KANIKO_CACHE_PORT: "5000"
+  # KANIKO_CACHE_PROXY: "http://193.25.126.17:3128"
+
+  KANIKO_CACHE_REGISTRY: "${KANIKO_CACHE_HOST}:${KANIKO_CACHE_PORT}"
+  KANIKO_CACHE_REPO: "${KANIKO_CACHE_REGISTRY}/${CI_PROJECT_PATH}/cache"
+  KANIKO_PUSH_RETRY: "5"
+
+.build_with_kaniko: &kaniko #Hidden job to use as an "extends" template
+  before_script:
+    - |
+      echo "Build triggered by $CI_PIPELINE_SOURCE"
+      mkdir -p /kaniko/.docker
+      echo "{\"auths\":{\"${CI_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
 
-Kanikoize:
-  stage: build
-  image:
-    name: gcr.io/kaniko-project/executor:debug
-    entrypoint: [""]
   script:
     - |
-        mkdir -p /kaniko/.docker
-        echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
-        if [[ -z "$CI_COMMIT_TAG" ]]; then
-          /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile \
-            --destination $CONTAINER_TEST_IMAGE --destination $CONTAINER_RELEASE_IMAGE \
-            --destination $TRIVY_IMAGE
-        else
-          /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile \
-            --destination $CONTAINER_TEST_IMAGE --destination $CONTAINER_RELEASE_IMAGE \
-            --destination $TRIVY_IMAGE --destination "$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG"
-        fi
-  only:
-    variables:
-      - ($CI_COMMIT_BRANCH == "master") || ($CI_COMMIT_TAG != "")
-  needs: []
+      echo "Building and shipping image to $KANIKO_IMAGE"
+      #Build date for opencontainers
+      BUILDDATE="'$(date '+%FT%T%z' | sed -E -n 's/(\+[0-9]{2})([0-9]{2})$/\1:\2/p')'" #rfc 3339 date
+      IMAGE_LABELS="$KANIKO_IMAGE_LABELS --label org.opencontainers.image.created=$BUILDDATE --label build-date=$BUILDDATE"
+
+      ADDITIONALTAGLIST="$ADDITIONALTAGLIST $KANIKO_TAGS"
+      if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]] && [[ "$KANIKO_IMAGE" == "$CI_REGISTRY_IMAGE" ]]; then ADDITIONALTAGLIST="$ADDITIONALTAGLIST latest"; fi
+      if [[ -n "$ADDITIONALTAGLIST" ]]; then
+        for TAG in $ADDITIONALTAGLIST; do
+          FORMATTEDTAGLIST="${FORMATTEDTAGLIST} --tag $KANIKO_IMAGE:$TAG ";
+        done;
+      fi
+
+      #Reformat Docker tags to kaniko's --destination argument:
+      FORMATTEDTAGLIST=$(echo "${FORMATTEDTAGLIST}" | sed s/\-\-tag/\-\-destination/g)
+    - |
+      echo "Building image with kaniko:"
+      echo "  --context=${KANIKO_CONTEXT}"
+      echo "  --dockerfile=${KANIKO_DOCKERFILE}"
+      echo "  ${KANIKO_ARGS}"
+      echo "  ${FORMATTEDTAGLIST}"
+      echo "  ${IMAGE_LABELS}"
+    - >-
+      HTTP_PROXY=${KANIKO_CACHE_PROXY}
+      NO_PROXY=${KANIKO_CACHE_HOST}
+      /kaniko/executor
+      --context ${KANIKO_CONTEXT}
+      --dockerfile ${KANIKO_DOCKERFILE}
+      ${KANIKO_ARGS}
+      ${FORMATTEDTAGLIST}
+      ${IMAGE_LABELS}
+
+.variables: &variables
+  KANIKO_CONTEXT: "${CI_PROJECT_DIR}"
+  KANIKO_DOCKERFILE: "${CI_PROJECT_DIR}/Dockerfile"
+  KANIKO_IMAGE: $CI_REGISTRY_IMAGE
+  KANIKO_TAGS: $CI_BUILD_REF_SLUG-$PROJECT_VERSION-$DISTRO_IMAGE-$DISTRO_TAG $CI_COMMIT_SHORT_SHA-$PROJECT_VERSION-$DISTRO_IMAGE-$DISTRO_TAG
+  KANIKO_ARGS: >-
+    --cache=true
+    --cache-copy-layers=true
+    --cache-repo=${KANIKO_CACHE_REPO}
+    --cache-ttl=24h
+    --insecure
+    --log-timestamp
+    --push-retry=${KANIKO_PUSH_RETRY}
+    --skip-tls-verify
+    --snapshotMode=redo
+    --reproducible=true
+    --verbosity=${KANIKO_VERBOSITY}
+    --build-arg PROJECT_VERSION=$PROJECT_VERSION
+    --build-arg DISTRO_IMAGE=$DISTRO_IMAGE
+    --build-arg DISTRO_TAG=$DISTRO_TAG
+  KANIKO_IMAGE_LABELS: >-
+    --label org.opencontainers.image.vendor=$CI_SERVER_URL/$CI_PROJECT_NAMESPACE
+    --label org.opencontainers.image.authors=$CI_SERVER_URL/$CI_PROJECT_NAMESPACE
+    --label org.opencontainers.image.revision=$CI_COMMIT_SHA
+    --label org.opencontainers.image.source=$CI_PROJECT_URL
+    --label org.opencontainers.image.documentation=$CI_PROJECT_URL
+    --label org.opencontainers.image.licenses=$CI_PROJECT_URL
+    --label org.opencontainers.image.url=$CI_PROJECT_URL
+    --label vcs-url=$CI_PROJECT_URL
+    --label com.gitlab.ci.user=$CI_SERVER_URL/$GITLAB_USER_LOGIN
+    --label com.gitlab.ci.email=$GITLAB_USER_EMAIL
+    --label com.gitlab.ci.tagorbranch=$CI_BUILD_REF_SLUG
+    --label com.gitlab.ci.pipelineurl=$CI_PIPELINE_URL
+    --label com.gitlab.ci.commiturl=$CI_PROJECT_URL/commit/$CI_COMMIT_SHA
+    --label com.gitlab.ci.cijoburl=$CI_JOB_URL
+    --label com.gitlab.ci.mrurl=$CI_PROJECT_URL/-/merge_requests/$CI_MERGE_REQUEST_ID
+
+stages:
+  - build
+  - tag
+
+build-samba-alpine:
+  <<: *kaniko
+  stage: build
+  rules:
+    - if: '$CI_COMMIT_REF_NAME != "master"'
+      when: manual
+    - if: '$CI_COMMIT_BRANCH == "master"'
+      when: always
+  variables:
+    <<: *variables
+    PROJECT_VERSION: 4.16.4-r0
+    DISTRO_IMAGE: alpine
+    DISTRO_TAG: edge
+
+generate-release-version-tag:
+  needs: [build-samba-alpine]
+  image: node:16
+  stage: tag
+  tags:
+    - ord1-tenant
+  rules:
+    - if: '$CI_COMMIT_BRANCH == "master"'
+  before_script:
+    - npm install
+  script:
+    - CI_BUILD_TOKEN=$CI_JOB_TOKEN npx semantic-release
+  artifacts:
+    expire_in: 1 day
+    paths:
+      - artifacts.env
diff --git a/Dockerfile b/Dockerfile
@@ -1,9 +1,10 @@
-FROM alpine
+FROM ${DISTRO_IMAGE}:${DISTRO_TAG}
 MAINTAINER David Personette <[email protected]>
 
+ARG PROJECT_VERSION=${PROJECT_VERSION}
+
 # Install samba
-RUN apk --no-cache --no-progress upgrade && \
-    apk --no-cache --no-progress add bash samba shadow tini tzdata && \
+RUN apk --no-cache --no-progress add bash samba==${PROJECT_VERSION} shadow tini tzdata && \
     addgroup -S smb && \
     adduser -S -D -H -h /tmp -s /sbin/nologin -G smb -g 'Samba User' smbuser &&\
     file="/etc/samba/smb.conf" && \

diff --git a/package.json b/package.json
@@ -0,0 +1,13 @@
+{
+  "name": "samba",
+  "description": "",
+  "author": "",
+  "license": "ISC",
+  "dependencies": {},
+  "devDependencies": {
+    "@intuit/semantic-release-slack": "^1.0.6",
+    "@semantic-release/exec": "^6.0.3",
+    "@semantic-release/changelog": "^6.0.1",
+    "semantic-release": "^19.0.2"
+  }
+}
diff --git a/release.config.js b/release.config.js
@@ -0,0 +1,42 @@
+module.exports = {
+  branch: "master",
+  repositoryUrl: "[email protected]:coreweave/samba.git",
+  plugins: [
+    [
+      "@semantic-release/commit-analyzer",
+      {
+        preset: "angular",
+        releaseRules: [
+          { type: "feature", release: "minor" },
+          { type: "update", release: "minor" },
+          { type: "refactor", release: "patch" },
+          { type: "bugfix", release: "patch" },
+          { type: "refactor", release: "patch" },
+        ],
+        parserOpts: {
+          noteKeywords: ["BREAKING CHANGE", "BREAKING CHANGES"],
+        },
+      },
+    ],
+    "@semantic-release/release-notes-generator",
+    [
+      "@semantic-release/changelog",
+      {
+        "changelogFile": "docs/CHANGELOG.md"
+      }
+    ],
+    ["@semantic-release/github", {
+      "assets": [
+        {"path": "docs/CHANGELOG.md", "label": "Changelog"}
+      ]
+    }],
+    [
+      "@semantic-release/exec",
+      {
+        prepareCmd:
+          'echo "BUILD_VERSION=\\"${nextRelease.version}\\"" > artifacts.env',
+        publishCmd: "true",
+      },
+    ],
+  ],
+};