msb-public
/
wiki
mirror of https://github.com/requarks/wiki
1
0
Code Issues Projects Releases Wiki Activity

ci: add do image build via packer

Browse Source
pull/5044/head
NGPixel 2 years ago
parent 62a5cfa40e
commit c42e0f9888
No known key found for this signature in database
GPG Key ID: 8FDA2F1757F60D63
12 changed files with 329 additions and 57 deletions
Show Stats Download Patch File Download Diff File

130
.github/workflows/build.yml vendored
Unescape View File

@ -6,7 +6,7 @@ on:
- main
tags:
- 'v*'
env:
BASE_DEV_VERSION: 2.5.0
@ -20,7 +20,7 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: Set Build Variables
run: |
if [[ "$GITHUB_REF" =~ ^refs/tags/v* ]]; then
@ -32,7 +32,7 @@ jobs:
echo "REL_VERSION=v$BASE_DEV_VERSION-dev.$GITHUB_RUN_NUMBER" >> $GITHUB_ENV
echo "REL_VERSION_STRICT=$BASE_DEV_VERSION-dev.$GITHUB_RUN_NUMBER" >> $GITHUB_ENV
fi
- name: Disable DEV Flag + Set Version
run: |
sudo apt-get install jq -y
@ -40,20 +40,20 @@ jobs:
jq --arg vs "$REL_VERSION_STRICT" -r '. + {dev:false, version:$vs}' pkg-temp.json > package.json
rm pkg-temp.json
cat package.json
- name: Login to DockerHub
uses: docker/login-action@v1
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push Docker images
uses: docker/build-push-action@v2.9.0
with:
@ -65,7 +65,7 @@ jobs:
requarks/wiki:canary-${{ env.REL_VERSION_STRICT }}
ghcr.io/requarks/wiki:canary
ghcr.io/requarks/wiki:canary-${{ env.REL_VERSION_STRICT }}
- name: Extract compiled files
run: |
mkdir -p _dist
@ -81,12 +81,12 @@ jobs:
with:
name: drop
path: wiki-js.tar.gz
cypress:
name: Run Cypress Tests
runs-on: ubuntu-latest
needs: [build]
strategy:
matrix:
dbtype: [postgres, mysql, mariadb, mssql, sqlite]
@ -112,14 +112,14 @@ jobs:
chmod u+x dev/cypress/ci-setup.sh
dev/cypress/ci-setup.sh
docker run --name cypress --ipc=host --shm-size 1G -v $GITHUB_WORKSPACE:/e2e -w /e2e cypress/included:4.9.0 --record --key "$CYPRESS_KEY" --headless --group "$MATRIXENV" --ci-build-id "$REL_VERSION_STRICT-run$GITHUB_RUN_NUMBER.$GITHUB_RUN_ATTEMPT" --tag "$REL_VERSION_STRICT" --config baseUrl=http://172.17.0.1:3000
arm:
name: ARM Build
runs-on: ubuntu-latest
needs: [cypress]
permissions:
packages: write
strategy:
matrix:
include:
@ -127,10 +127,10 @@ jobs:
docker: arm64
- platform: linux/arm/v7
docker: armv7
steps:
- uses: actions/checkout@v2
- name: Set Version Variables
run: |
if [[ "$GITHUB_REF" =~ ^refs/tags/v* ]]; then
@ -140,26 +140,26 @@ jobs:
echo "Using BRANCH mode: v$BASE_DEV_VERSION-dev.$GITHUB_RUN_NUMBER"
echo "REL_VERSION_STRICT=$BASE_DEV_VERSION-dev.$GITHUB_RUN_NUMBER" >> $GITHUB_ENV
fi
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Login to DockerHub
uses: docker/login-action@v1
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Download a Build Artifact
uses: actions/download-artifact@v2.1.0
with:
@ -170,7 +170,7 @@ jobs:
run: |
mkdir -p build
tar -xzf $GITHUB_WORKSPACE/drop/wiki-js.tar.gz -C $GITHUB_WORKSPACE/build --exclude=node_modules
- name: Build and push Docker images
uses: docker/build-push-action@v2.9.0
with:
@ -181,12 +181,12 @@ jobs:
tags: |
requarks/wiki:canary-${{ matrix.docker }}-${{ env.REL_VERSION_STRICT }}
ghcr.io/requarks/wiki:canary-${{ matrix.docker }}-${{ env.REL_VERSION_STRICT }}
windows:
name: Windows Build
runs-on: windows-latest
needs: [cypress]
steps:
- name: Setup Node.js environment
uses: actions/setup-node@v2.5.1
@ -207,16 +207,16 @@ jobs:
- name: Install Dependencies
run: yarn --production --frozen-lockfile --non-interactive
working-directory: win
- name: Create Bundle
run: tar -czf wiki-js-windows.tar.gz -C $env:GITHUB_WORKSPACE\win .
- name: Upload a Build Artifact
uses: actions/upload-artifact@v2.3.1
with:
name: drop-win
path: wiki-js-windows.tar.gz
beta:
name: Publish Beta Images
runs-on: ubuntu-latest
@ -224,31 +224,26 @@ jobs:
needs: [build, arm, windows]
permissions:
packages: write
steps:
- name: Set Version Variables
run: |
if [[ "$GITHUB_REF" =~ ^refs/tags/v* ]]; then
echo "Using TAG mode: $GITHUB_REF_NAME"
echo "REL_VERSION_STRICT=${GITHUB_REF_NAME#?}" >> $GITHUB_ENV
else
echo "Using BRANCH mode: v$BASE_DEV_VERSION-dev.$GITHUB_RUN_NUMBER"
echo "REL_VERSION_STRICT=$BASE_DEV_VERSION-dev.$GITHUB_RUN_NUMBER" >> $GITHUB_ENV
fi
echo "Using TAG mode: $GITHUB_REF_NAME"
echo "REL_VERSION_STRICT=${GITHUB_REF_NAME#?}" >> $GITHUB_ENV
- name: Login to DockerHub
uses: docker/login-action@v1
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Create and Push Manifests
run: |
echo "Creating the manifests..."
@ -260,7 +255,7 @@ jobs:
docker manifest push -p requarks/wiki:beta-$REL_VERSION_STRICT
docker manifest push -p ghcr.io/requarks/wiki:beta-$REL_VERSION_STRICT
release:
name: Publish Release Images
runs-on: ubuntu-latest
@ -270,31 +265,26 @@ jobs:
permissions:
packages: write
contents: write
steps:
- name: Set Version Variables
run: |
if [[ "$GITHUB_REF" =~ ^refs/tags/v* ]]; then
echo "Using TAG mode: $GITHUB_REF_NAME"
echo "REL_VERSION_STRICT=${GITHUB_REF_NAME#?}" >> $GITHUB_ENV
else
echo "Using BRANCH mode: v$BASE_DEV_VERSION-dev.$GITHUB_RUN_NUMBER"
echo "REL_VERSION_STRICT=$BASE_DEV_VERSION-dev.$GITHUB_RUN_NUMBER" >> $GITHUB_ENV
fi
echo "Using TAG mode: $GITHUB_REF_NAME"
echo "REL_VERSION_STRICT=${GITHUB_REF_NAME#?}" >> $GITHUB_ENV
- name: Login to DockerHub
uses: docker/login-action@v1
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Create and Push Manifests
run: |
echo "Fetching semver tool..."
@ -327,19 +317,19 @@ jobs:
docker manifest push -p ghcr.io/requarks/wiki:$MAJOR
docker manifest push -p ghcr.io/requarks/wiki:$MAJORMINOR
docker manifest push -p ghcr.io/requarks/wiki:latest
- name: Download Linux Build
uses: actions/download-artifact@v2.1.0
with:
name: drop
path: drop
- name: Download Windows Build
uses: actions/download-artifact@v2.1.0
with:
name: drop-win
path: drop-win
- name: Generate Changelog
id: changelog
uses: Requarks/changelog-action@v1
@ -357,4 +347,30 @@ jobs:
body: ${{ steps.changelog.outputs.changes }}
token: ${{ github.token }}
artifacts: 'drop/wiki-js.tar.gz,drop-win/wiki-js-windows.tar.gz'
build-do-image:
name: Build DigitalOcean Image
runs-on: ubuntu-latest
needs: [release]
steps:
- uses: actions/checkout@v2
- name: Set Version Variables
run: |
echo "Using TAG mode: $GITHUB_REF_NAME"
echo "REL_VERSION_STRICT=${GITHUB_REF_NAME#?}" >> $GITHUB_ENV
- name: Install Packer
run: |
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
sudo apt-get update && sudo apt-get install packer
- name: Build Droplet Image
env:
DIGITALOCEAN_API_TOKEN: ${{ secrets.DO_TOKEN }}
WIKI_APP_VERSION: ${{ env.REL_VERSION_STRICT }}
working-directory: dev/packer
run: |
packer build digitalocean.json

31
.github/workflows/packer.yml vendored
Unescape View File

@ -0,0 +1,31 @@
name: Build DigitalOcean Image
on:
workflow_dispatch:
inputs:
version:
description: 'App Version'
required: true
type: string
jobs:
build-do-image:
name: Build DigitalOcean Image
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Install Packer
run: |
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
sudo apt-get update && sudo apt-get install packer
- name: Build Droplet Image
env:
DIGITALOCEAN_API_TOKEN: ${{ secrets.DO_TOKEN }}
WIKI_APP_VERSION: ${{ github.event.inputs.version }}
working-directory: dev/packer
run: |
packer build digitalocean.json

78
dev/packer/digitalocean.json
Unescape View File

@ -0,0 +1,78 @@
{
"variables": {
"do_api_token": "{{env `DIGITALOCEAN_API_TOKEN`}}",
"image_name": "wikijs-snapshot-{{timestamp}}",
"apt_packages": "apt-transport-https ca-certificates curl jq linux-image-extra-virtual software-properties-common gnupg-agent openssl ",
"application_name": "Wiki.js",
"application_version": "{{env `WIKI_APP_VERSION`}}",
"docker_compose_version": "1.29.2"
},
"sensitive-variables": [
"do_api_token"
],
"builders": [
{
"type": "digitalocean",
"api_token": "{{user `do_api_token`}}",
"image": "ubuntu-20-04-x64",
"region": "tor1",
"size": "s-1vcpu-1gb",
"ssh_username": "root",
"snapshot_name": "{{user `image_name`}}"
}
],
"provisioners": [
{
"type": "shell",
"inline": [
"cloud-init status --wait"
]
},
{
"type": "file",
"source": "scripts/001-onboot.sh",
"destination": "/var/lib/cloud/scripts/per-instance/001-onboot.sh"
},
{
"type": "file",
"source": "scripts/099-one-click",
"destination": "/etc/update-motd.d/099-one-click"
},
{
"type": "shell",
"environment_vars": [
"DEBIAN_FRONTEND=noninteractive",
"LC_ALL=C",
"LANG=en_US.UTF-8",
"LC_CTYPE=en_US.UTF-8"
],
"inline": [
"apt -qqy update",
"apt -qqy -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' full-upgrade",
"apt -qqy -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' install {{user `apt_packages`}}",
"apt-get -qqy clean"
]
},
{
"type": "shell",
"environment_vars": [
"application_name={{user `application_name`}}",
"application_version={{user `application_version`}}",
"docker_compose_version={{user `docker_compose_version`}}",
"DEBIAN_FRONTEND=noninteractive",
"LC_ALL=C",
"LANG=en_US.UTF-8",
"LC_CTYPE=en_US.UTF-8"
],
"scripts": [
"common/scripts/010-docker.sh",
"common/scripts/011-docker-compose.sh",
"common/scripts/012-grub-opts.sh",
"common/scripts/013-docker-dns.sh",
"common/scripts/014-ufw-docker.sh",
"common/scripts/020-application-tag.sh",
"common/scripts/900-cleanup.sh"
]
}
]
}

15
dev/packer/scripts/001-onboot.sh
Unescape View File

@ -0,0 +1,15 @@
#!/bin/bash
# Scripts in this directory will be executed by cloud-init on the first boot of droplets
# created from your image. Things ike generating passwords, configuration requiring IP address
# or other items that will be unique to each instance should be done in scripts here.
openssl rand -base64 32 > /etc/wiki/.db-secret
if [[ -z $DATABASE_URL ]]; then
docker start db
fi
docker start wiki
docker start wiki-update-companion
# docker start nginx-proxy
# docker start watchtower

19
dev/packer/scripts/010-docker.sh
Unescape View File

@ -0,0 +1,19 @@
#!/bin/bash
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
apt -qqy update
apt -qqy -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' install docker-ce docker-ce-cli containerd.io
systemctl enable docker
systemctl start docker
mkdir -p /etc/wiki
docker network create wikinet
docker volume create pgdata
docker create --name=db -e POSTGRES_DB=wiki -e POSTGRES_USER=wiki -e POSTGRES_PASSWORD_FILE=/etc/wiki/.db-secret -v /etc/wiki/.db-secret:/etc/wiki/.db-secret:ro -v pgdata:/var/lib/postgresql/data --restart=unless-stopped -h db --network=wikinet postgres:11
docker create --name=wiki -e DB_TYPE=postgres -e DB_HOST=db -e DB_PORT=5432 -e DB_PASS_FILE=/etc/wiki/.db-secret -v /etc/wiki/.db-secret:/etc/wiki/.db-secret:ro -e DB_USER=wiki -e DB_NAME=wiki -e UPGRADE_COMPANION=1 --restart=unless-stopped -h wiki --network=wikinet -p 80:3000 -p 443:3443 ghcr.io/requarks/wiki:2
docker create --name=wiki-update-companion -v /var/run/docker.sock:/var/run/docker.sock:ro --restart=unless-stopped -h wiki-update-companion --network=wikinet requarks/wiki-update-companion:latest
# docker create --name=nginx-proxy -p 80:80 -p 443:443 -e DEFAULT_HOST=wiki.local --network=wikinet -v /var/run/docker.sock:/tmp/docker.sock:ro --restart=unless-stopped jwilder/nginx-proxy
# docker create --name=watchtower --network=wikinet -v /var/run/docker.sock:/var/run/docker.sock --restart=unless-stopped containrrr/watchtower --cleanup --schedule="0 2 * * 6" wiki

4
dev/packer/scripts/011-docker-compose.sh
Unescape View File

@ -0,0 +1,4 @@
#!/bin/sh
sudo curl -L "https://github.com/docker/compose/releases/download/${docker_compose_version}/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose;
chmod +x /usr/local/bin/docker-compose;

6
dev/packer/scripts/012-grub-opts.sh
Unescape View File

@ -0,0 +1,6 @@
#!/bin/sh
sed -e 's|GRUB_CMDLINE_LINUX="|GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1|g' \
-i /etc/default/grub
update-grub

4
dev/packer/scripts/013-docker-dns.sh
Unescape View File

@ -0,0 +1,4 @@
#!/bin/sh
sed -e 's|#DOCKER_OPTS|DOCKER_OPTS|g' \
-i /etc/default/docker

9
dev/packer/scripts/014-ufw-docker.sh
Unescape View File

@ -0,0 +1,9 @@
#!/bin/bash
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw --force enable
cat /dev/null > /var/log/ufw.log

25
dev/packer/scripts/020-application-tag.sh
Unescape View File

@ -0,0 +1,25 @@
#!/bin/sh
################################
## PART: Write the application tag
##
## vi: syntax=sh expandtab ts=4
build_date=$(date +%Y-%m-%d)
distro="$(lsb_release -s -i)"
distro_release="$(lsb_release -s -r)"
distro_codename="$(lsb_release -s -c)"
distro_arch="$(uname -m)"
mkdip -p /var/lib/digitalocean
touch /var/lib/digitalocean/application.info
cat >> /var/lib/digitalocean/application.info <<EOM
application_name="${application_name}"
build_date="${build_date}"
distro="${distro}"
distro_release="${distro_release}"
distro_codename="${distro_codename}"
distro_arch="${distro_arch}"
application_version="${application_version}"
EOM

21
dev/packer/scripts/099-one-click
Unescape View File

@ -0,0 +1,21 @@
#!/bin/sh
#
# Configured as part of the DigitalOcean 1-Click Image build process
myip=$(hostname -I | awk '{print$1}')
cat <<EOF
********************************************************************************
Welcome to DigitalOcean's 1-Click Docker Droplet.
To keep this Droplet secure, the UFW firewall is enabled.
All ports are BLOCKED except 22 (SSH), 80 (Docker) and 443 (Docker).
* The Docker 1-Click Quickstart guide is available at:
https://docs.requarks.io/install/digitalocean
* You can SSH to this Droplet in a terminal as root: ssh root@$myip
* Docker is installed and configured per Docker's recommendations:
https://docs.docker.com/install/linux/docker-ce/ubuntu/
* Docker Compose is installed and configured per Docker's recommendations:
https://docs.docker.com/compose/install/#install-compose
For more information, visit https://docs.requarks.io/install/digitalocean
********************************************************************************
To delete this message of the day: rm -rf $(readlink -f ${0})
EOF

44
dev/packer/scripts/900-cleanup.sh
Unescape View File

@ -0,0 +1,44 @@
#!/bin/bash
# Ensure /tmp exists and has the proper permissions before
# checking for security updates
# https://github.com/digitalocean/marketplace-partners/issues/94
if [[ ! -d /tmp ]]; then
mkdir /tmp
fi
chmod 1777 /tmp
apt-get -y update
apt-get -y upgrade
rm -rf /tmp/* /var/tmp/*
history -c
cat /dev/null > /root/.bash_history
unset HISTFILE
apt-get -y autoremove
apt-get -y autoclean
find /var/log -mtime -1 -type f -exec truncate -s 0 {} \;
rm -rf /var/log/*.gz /var/log/*.[0-9] /var/log/*-????????
rm -rf /var/lib/cloud/instances/*
rm -f /root/.ssh/authorized_keys /etc/ssh/*key*
touch /etc/ssh/revoked_keys
chmod 600 /etc/ssh/revoked_keys
# Securely erase the unused portion of the filesystem
GREEN='\033[0;32m'
NC='\033[0m'
printf "\n${GREEN}Writing zeros to the remaining disk space to securely
erase the unused portion of the file system.
Depending on your disk size this may take several minutes.
The secure erase will complete successfully when you see:${NC}
dd: writing to '/zerofile': No space left on device\n
Beginning secure erase now\n"
dd if=/dev/zero of=/zerofile &
PID=$!
while [ -d /proc/$PID ]
do
printf "."
sleep 5
done
sync; rm /zerofile; sync
cat /dev/null > /var/log/lastlog; cat /dev/null > /var/log/wtmp
Write Preview
Loading…
Cancel
Save