This repository has been archived by the owner on Feb 26, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 12
/
build_container.sh
executable file
·110 lines (92 loc) · 3.65 KB
/
build_container.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
#!/bin/sh
set -x
###
# buildah: creating a container for Nextcloud-Talk proxy daemon (OCI format)
###
push_image=1
mount_image=1
# variables
author='Felicitas Pojtinger @pojntfx'
maintainer='Ralf Zerres @rzerres'
botname=nctalkproxyd
buildroot=/run/buildah
prefix=/usr/local
# signing with GPG Package-Key
signkey=1EC4BE4FF2A6C9F4DDDF30F33C5F485DBD250D66
# authenticate at quay.io with robot account (env: REGISTRY_AUTH_FILE)
repo=quay.io
username=rzerres
authfile=$HOME/.docker/config.json
# create a container -> docker image golang (flavor: alpine)
mycontainer=$(buildah from --name $botname golang:alpine)
# adapt containers metadata
buildah config --author="$author" $mycontainer
buildah config --label name=$botname $mycontainer
buildah config --label maintainer="$maintainer" $mycontainer
buildah config --env NCTALKPROXYD_USERNAME="jitsibot" $mycontainer
buildah config --env NCTALKPROXYD_PASSWORD="password" $mycontainer
buildah config --env NCTALKPROXYD_DBLOCATION="/run/$botname" $mycontainer
buildah config --env NCTALKPROXYD_ADDRLOCAL="https://localhost:1696" $mycontainer
buildah config --env NCTALKPROXYD_ADDRREMOTE="https://my.nextcloud.local" $mycontainer
# create the build environment inside the container
#buildah config --env GOPATH="$buildroot" $mycontainer
buildah config --entrypoint "[ \"/usr/local/bin/$botname\" ]" $mycontainer
buildah config --workingdir="$buildroot" $mycontainer
# get dependencies
buildah run $mycontainer apk add --no-cache --virtual .build-deps protobuf git
buildah run $mycontainer go get github.com/golang/protobuf/protoc-gen-go
buildah copy $mycontainer .
# create the binary
buildah run $mycontainer go build -o $buildroot/$botname ./cmd/$botname/main.go
# prepare the destination container
buildah run $mycontainer mkdir -p $prefix/etc
buildah run $mycontainer cp $buildroot/$botname $prefix/bin/$botname
buildah run $mycontainer cp $buildroot/examples/$botname.yaml $prefix/etc/$botname.yaml
buildah run $mycontainer ln -s $prefix/etc/$botname.yaml /etc/$botname.yaml
buildah run $mycontainer mkdir /run/$botname
# allow manual adaptions
if [ "$mount_image" -eq 1 ]; then
read -p "Mount the created container for interactive adaptions (y/n)? " -t 15 doMount
# for rootless mode: run in user namespace
if [ "$doMount" = "y" ]; then
echo "You are inside the container tree. Build environment hasn't been flushed yet!"
if [ $(id -u) -eq 0 ]; then
# execution in root mode
mountpoint=$(buildah mount $mycontainer)
cd $mountpoint
du -sh *
sh
buildah umount $mycontainer
else
# execution in rootless mode
# not starting with usernamespace, default to isolate the filesystem with chroot
#ENV _BUILDAH_STARTED_IN_USERNS="" BUILDAH_ISOLATION=chroot
buildah unshare --mount containerID du -sh ${containerID}/*
#buildah unshare du -sh $mountpoint/*
buildah unshare sh
#buildah unshare umount $mountpoint
fi
fi
fi
# cleanup dependencies
buildah run $mycontainer apk del .build-deps
# cleanup build environment
buildah config --workingdir="/" $mycontainer
buildah run $mycontainer rm -rf $buildroot
buildah run $mycontainer rm -rf go
buildah run $mycontainer rm -rf usr/local/go usr/local/lib usr/local/share root/.cache
# tag the container to an image name, sign it. on success remove container
imageid=$(buildah commit \
--rm \
--squash \
$mycontainer $repo/$username/$botname)
#--sign-by $signkey \
# tag our new image with an alternate name
#buildah tag $botname nctjb
if [ "$push_image" -eq 1 ]; then
# push image to Quay Container Registry
#imageid=$(buildah images | grep $repo/$username/$botname | awk -F ' ' '{print $3}')
buildah push \
--authfile $authfile \
$imageid docker://$repo/$username/$botname
fi