From 7add07006bc33cde4ae245d4e32b18cb1a56e13e Mon Sep 17 00:00:00 2001
From: Elara Musayelyan <elara@elara.ws>
Date: Sun, 13 Aug 2023 18:42:38 -0700
Subject: [PATCH] Automate image building and add some images

---
 .gitmodules                               |  3 --
 .woodpecker.yml                           | 11 +++++
 build.sh                                  | 53 +++++++++++++++++++++++
 builder/Dockerfile                        |  7 +++
 builder/README.md                         |  3 ++
 builder/login.sh                          | 11 +++++
 builder/lure.toml                         | 10 +++++
 builder/update-builder.sh                 |  7 +++
 go-import-redirector/build.sh             | 12 ++++-
 go-import-redirector/go-import-redirector |  1 -
 golang/Dockerfile                         |  3 --
 golang/apko.yaml                          | 27 ++++++++++++
 golang/build.sh                           | 27 +++++++++---
 golang/manifest.sh                        | 11 -----
 static/README.md                          |  5 +++
 static/apko.yaml                          | 23 ++++++++++
 static/build.sh                           |  3 ++
 webserver/build.sh                        |  6 ++-
 18 files changed, 196 insertions(+), 27 deletions(-)
 create mode 100644 .woodpecker.yml
 create mode 100755 build.sh
 create mode 100644 builder/Dockerfile
 create mode 100644 builder/README.md
 create mode 100755 builder/login.sh
 create mode 100644 builder/lure.toml
 create mode 100755 builder/update-builder.sh
 delete mode 160000 go-import-redirector/go-import-redirector
 delete mode 100644 golang/Dockerfile
 create mode 100644 golang/apko.yaml
 delete mode 100755 golang/manifest.sh
 create mode 100644 static/README.md
 create mode 100644 static/apko.yaml
 create mode 100755 static/build.sh

diff --git a/.gitmodules b/.gitmodules
index 7689110..e69de29 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +0,0 @@
-[submodule "go-import-redirector/go-import-redirector"]
-	path = go-import-redirector/go-import-redirector
-	url = https://github.com/rsc/go-import-redirector
diff --git a/.woodpecker.yml b/.woodpecker.yml
new file mode 100644
index 0000000..4dc37d3
--- /dev/null
+++ b/.woodpecker.yml
@@ -0,0 +1,11 @@
+platform: linux/amd64
+steps:
+  build:
+    image: gitea.elara.ws/elara6331/builder
+    environment:
+      - REGISTRY=gitea.elara.ws
+      - REGISTRY_USERNAME=Elara6331
+    secrets: [ registry_password ]
+    commands:
+      - registry-login
+      - ./build.sh
diff --git a/build.sh b/build.sh
new file mode 100755
index 0000000..ccc8eb2
--- /dev/null
+++ b/build.sh
@@ -0,0 +1,53 @@
+#!/bin/bash
+
+# info prints an informational message
+info() {
+  echo $'\x1b[32m[INFO]\x1b[0m' "$@"
+}
+
+# error prints an error message and exits with exit code 1
+error() {
+  echo $'\x1b[31;1m[ERR]\x1b[0m' "$@"
+  exit 1
+}
+
+# Check if the required environment variables are set
+if [ -z "${CI_PREV_COMMIT_SHA}" ] || [ -z "${CI_COMMIT_SHA}" ]; then
+    error "CI_PREV_COMMIT_SHA and CI_COMMIT_SHA environment variables must be set."
+fi
+
+# Get the list of changed files between the previous commit and the current commit
+changed_files=$(git diff --name-only "${CI_PREV_COMMIT_SHA}" "${CI_COMMIT_SHA}")
+
+# Declare an associative array to store unique changed directories
+declare -A changed_directories
+
+# Iterate over changed files and extract the directories
+for file in $changed_files; do
+    directory=$(dirname "$file")
+    # We don't want to execute this script recursively, so skip the current directory if it shows up
+    if [[ "$directory" != "." ]]; then
+    	changed_directories["$directory"]=1
+    fi
+done
+
+if [[ "${#changed_directories[@]}" == 0 ]]; then
+	info "Nothing to do. Exiting..."
+	exit 0
+fi
+
+# Iterate over changed directories and execute build.sh if it exists
+for dir in "${!changed_directories[@]}"; do
+    build_script="${dir}/build.sh"
+    if [ -f "${build_script}" ]; then
+    	info "Entering ${dir}..."
+    	pushd "${dir}" >/dev/null || error "pushd failed"
+    	info "Executing ${build_script}..."
+        # ./build.sh || error "${build_script} failed"
+        info "Finished executing ${build_script}"
+        popd >/dev/null || error "popd failed"
+        info "Exited ${dir}"
+    fi
+done
+
+info "Done!"
diff --git a/builder/Dockerfile b/builder/Dockerfile
new file mode 100644
index 0000000..5dac24f
--- /dev/null
+++ b/builder/Dockerfile
@@ -0,0 +1,7 @@
+FROM alpine:edge
+RUN apk add --no-cache go git gcc bash abuild
+RUN apk add --no-cache ko --repository=https://dl-cdn.alpinelinux.org/alpine/edge/testing
+RUN apk add --no-cache --allow-untrusted apko --repository=https://packages.wolfi.dev/os
+RUN wget -O /usr/bin/lure https://api.minio.elara.ws/adl/lure/lure-amd64 && chmod +x /usr/bin/lure
+COPY lure.toml /root/.config/lure/lure.toml
+COPY login.sh /bin/registry-login
diff --git a/builder/README.md b/builder/README.md
new file mode 100644
index 0000000..b455de3
--- /dev/null
+++ b/builder/README.md
@@ -0,0 +1,3 @@
+# builder
+
+This is the image used to build the other images. It includes [ko](https://ko.build/), [apko](https://github.com/chainguard-dev/apko), [lure](https://lure.elara.ws), and [abuild](https://wiki.alpinelinux.org/wiki/Abuild_and_Helpers).
diff --git a/builder/login.sh b/builder/login.sh
new file mode 100755
index 0000000..5c89013
--- /dev/null
+++ b/builder/login.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+# Check if the required environment variables are set
+if [ -z "${REGISTRY}" ] || [ -z "${REGISTRY_USERNAME}" ] || [ -z "${REGISTRY_PASSWORD}" ]; then
+    echo "The REGISTRY, REGISTRY_USERNAME, and REGISTRY_PASSWORD environment variables must be set."
+    exit 1
+fi
+
+# Log in to the registry using ko. This should generate a config.json with the authentication info.
+echo "Logging in to ${REGISTRY}..."
+ko login "${REGISTRY}" -u "${REGISTRY_USERNAME}" --password-stdin <<<"${REGISTRY_PASSWORD}" || exit 2
diff --git a/builder/lure.toml b/builder/lure.toml
new file mode 100644
index 0000000..c0a79ec
--- /dev/null
+++ b/builder/lure.toml
@@ -0,0 +1,10 @@
+rootCmd = 'sudo'
+pagerStyle = 'native'
+ignorePkgUpdates = []
+
+[[repo]]
+name = 'default'
+url = 'https://github.com/Elara6331/lure-repo.git'
+
+[unsafe]
+allowRunAsRoot = true
diff --git a/builder/update-builder.sh b/builder/update-builder.sh
new file mode 100755
index 0000000..936ee8f
--- /dev/null
+++ b/builder/update-builder.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -e
+
+docker build . -t gitea.elara.ws/elara6331/builder:latest --no-cache
+docker login gitea.elara.ws
+docker push gitea.elara.ws/elara6331/builder:latest
diff --git a/go-import-redirector/build.sh b/go-import-redirector/build.sh
index 771a268..2ee4642 100755
--- a/go-import-redirector/build.sh
+++ b/go-import-redirector/build.sh
@@ -1,7 +1,17 @@
 #!/bin/bash
 
+set -e
+
+# Clone go-import-redirector and enter its directory
+git clone https://github.com/rsc/go-import-redirector
 pushd go-import-redirector
-KO_DOCKER_REPO=gitea.elara.ws/elara6331 ko build -B \
+
+# Build and publish the image
+KO_DOCKER_REPO=gitea.elara.ws/elara6331 \
+KO_DEFAULTBASEIMAGE=gitea.elara.ws/elara6331/static \
+ko build -B \
 	--platform=linux/amd64,linux/arm64,linux/riscv64 \
 	--sbom=none
+
+# Leave the go-import-redirector directory
 popd
diff --git a/go-import-redirector/go-import-redirector b/go-import-redirector/go-import-redirector
deleted file mode 160000
index 4b5c2b9..0000000
--- a/go-import-redirector/go-import-redirector
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 4b5c2b9050dfbdc8830f5220e610adb0d75c539f
diff --git a/golang/Dockerfile b/golang/Dockerfile
deleted file mode 100644
index c223338..0000000
--- a/golang/Dockerfile
+++ /dev/null
@@ -1,3 +0,0 @@
-FROM alpine:edge
-RUN apk add --no-cache go
-CMD go
diff --git a/golang/apko.yaml b/golang/apko.yaml
new file mode 100644
index 0000000..e326281
--- /dev/null
+++ b/golang/apko.yaml
@@ -0,0 +1,27 @@
+contents:
+  keyring:
+    - ./pkgs/keyring.rsa.pub
+  repositories:
+    - https://dl-cdn.alpinelinux.org/alpine/edge/main
+    - ./pkgs
+  packages:
+    - alpine-base
+    - go-bin
+
+accounts:
+  groups:
+    - groupname: nonroot
+      gid: 65532
+  users:
+    - username: nonroot
+      uid: 65532
+      gid: 65532
+  run-as: 65532
+
+entrypoint:
+  command: go
+
+archs:
+  - amd64
+  - arm64
+  - riscv64
diff --git a/golang/build.sh b/golang/build.sh
index 18184d9..41dc4c9 100755
--- a/golang/build.sh
+++ b/golang/build.sh
@@ -1,10 +1,23 @@
 #!/bin/bash
 
-if [[ $# == 0 ]]; then
-	echo "Usage: $0 <arch>"
-	exit 1
-fi
+set -e
 
-docker login gitea.elara.ws
-docker build . -t "gitea.elara.ws/elara6331/golang:$1" --no-cache
-docker push "gitea.elara.ws/elara6331/golang:$1"
+lure_cmd="lure --interactive=false build -p default/go-bin"
+LURE_ARCH="amd64" $lure_cmd
+LURE_ARCH="arm64" $lure_cmd
+LURE_ARCH="riscv64" $lure_cmd
+
+mkdir -p pkgs/{x86_64,aarch64,riscv64}
+file=(*_x86_64.apk) && mv "$file" "pkgs/x86_64/$(sed -e 's/_x86_64//g' -e 's/_/-/g' <<<$file)"
+file=(*_aarch64.apk) && mv "$file" "pkgs/aarch64/$(sed -e 's/_aarch64//g' -e 's/_/-/g' <<<$file)"
+file=(*_riscv64.apk) && mv "$file" "pkgs/riscv64/$(sed -e 's/_riscv64//g' -e 's/_/-/g' <<<$file)"
+
+abuild-keygen -na
+cp ~/.abuild/*.rsa.pub pkgs/keyring.rsa.pub
+
+for arch in pkgs/*/; do	
+	apk index "$arch"/*.apk > "$arch/APKINDEX.tar.gz"
+	abuild-sign "$arch/APKINDEX.tar.gz"
+done
+
+apko publish --sbom=false apko.yaml gitea.elara.ws/elara6331/golang:latest
diff --git a/golang/manifest.sh b/golang/manifest.sh
deleted file mode 100755
index 1bfcc83..0000000
--- a/golang/manifest.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-
-tag="$1"
-tag="${tag:=latest}"
-
-docker login gitea.elara.ws
-docker manifest create "gitea.elara.ws/elara6331/golang:$tag" \
-	--amend gitea.elara.ws/elara6331/golang:amd64 \
-	--amend gitea.elara.ws/elara6331/golang:arm64 \
-	--amend gitea.elara.ws/elara6331/golang:riscv64
-docker manifest push "gitea.elara.ws/elara6331/golang:$tag"
diff --git a/static/README.md b/static/README.md
new file mode 100644
index 0000000..5f1a174
--- /dev/null
+++ b/static/README.md
@@ -0,0 +1,5 @@
+# static
+
+The [static image](https://gitea.elara.ws/Elara6331/-/packages/container/static/latest) is a basic image with just enough iles to run static binaries. It's meant to be used as a base image and is useless outside of that.
+
+This image will only run static binaries (i.e. Go binaries with `CGO_ENABLED=0`) as it doesn't include musl or glibc
diff --git a/static/apko.yaml b/static/apko.yaml
new file mode 100644
index 0000000..63830e3
--- /dev/null
+++ b/static/apko.yaml
@@ -0,0 +1,23 @@
+contents:
+  repositories:
+    - https://dl-cdn.alpinelinux.org/alpine/edge/main
+  packages:
+    - alpine-baselayout-data
+    - alpine-release
+    - ca-certificates-bundle
+    - tzdata
+
+accounts:
+  groups:
+    - groupname: nonroot
+      gid: 65532
+  users:
+    - username: nonroot
+      uid: 65532
+      gid: 65532
+  run-as: 65532
+
+archs:
+  - amd64
+  - arm64
+  - riscv64
diff --git a/static/build.sh b/static/build.sh
new file mode 100755
index 0000000..64a71b7
--- /dev/null
+++ b/static/build.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+set -e
+apko publish --sbom=false apko.yaml gitea.elra.ws/elara6331/static:latest 
diff --git a/webserver/build.sh b/webserver/build.sh
index 95a6c9f..9019782 100755
--- a/webserver/build.sh
+++ b/webserver/build.sh
@@ -1,7 +1,11 @@
 #!/bin/bash
 
+set -e
+
 pushd cmd
-KO_DOCKER_REPO=gitea.elara.ws/elara6331 ko build -B \
+KO_DOCKER_REPO=gitea.elara.ws/elara6331 \
+KO_DEFAULTBASEIMAGE=gitea.elara.ws/elara6331/static \
+ko build -B \
 	--platform=linux/amd64,linux/arm64,linux/riscv64 \
 	--sbom=none
 popd