ai-workspace-infra/artifacts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update all images registry

Browse Source
This commit is contained in:
Haitao Pan 2023-03-09 11:04:12 +08:00
parent 0bbd4efb6d
commit 0ffa860bd8
28 changed files with 89 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/alpine-awscli-python3.yaml vendored
View File

@ -23,7 +23,7 @@ jobs:
password: ${{ secrets.HELM_REPO_PASSWORD }} password: ${{ secrets.HELM_REPO_PASSWORD }}
path: 'oci/base/alpine-awscli-python3' path: 'oci/base/alpine-awscli-python3'
build_file: 'Dockerfile' build_file: 'Dockerfile'
image: k8s/alpine-awscli-python3 image: public/alpine-awscli-python3
tag: latest tag: latest
cache: true cache: true
cache_registry: cache cache_registry: cache

2
.github/workflows/alpine-awscli.yaml vendored
View File

@ -23,7 +23,7 @@ jobs:
password: ${{ secrets.HELM_REPO_PASSWORD }} password: ${{ secrets.HELM_REPO_PASSWORD }}
path: 'oci/base/alpine-awscli' path: 'oci/base/alpine-awscli'
build_file: 'Dockerfile' build_file: 'Dockerfile'
image: k8s/alpine-awscli image: public/alpine-awscli
tag: 2.6.1 tag: 2.6.1
cache: true cache: true
cache_registry: cache cache_registry: cache

2
.github/workflows/alpine-glibc.yaml vendored
View File

@ -23,7 +23,7 @@ jobs:
password: ${{ secrets.HELM_REPO_PASSWORD }} password: ${{ secrets.HELM_REPO_PASSWORD }}
path: 'oci/base/alpine-glibc' path: 'oci/base/alpine-glibc'
build_file: 'Dockerfile' build_file: 'Dockerfile'
image: k8s/alpine-glibc image: public/alpine-glibc
tag: 2.34 tag: 2.34
cache: true cache: true
cache_registry: cache cache_registry: cache

2
.github/workflows/alpine-with-custom-ca.yaml vendored
View File

@ -23,7 +23,7 @@ jobs:
password: ${{ secrets.HELM_REPO_PASSWORD }} password: ${{ secrets.HELM_REPO_PASSWORD }}
path: './oci/base/alpine' path: './oci/base/alpine'
build_file: 'Dockerfile' build_file: 'Dockerfile'
image: k8s/alpine-ca image: public/alpine-ca
tag: latest tag: latest
cache: true cache: true
cache_registry: cache cache_registry: cache

2
.github/workflows/chart-builder-alpine.yaml vendored
View File

@ -26,7 +26,7 @@ jobs:
password: ${{ secrets.HELM_REPO_PASSWORD }} password: ${{ secrets.HELM_REPO_PASSWORD }}
path: 'oci/app-runner/chart-builder-alpine/' path: 'oci/app-runner/chart-builder-alpine/'
build_file: 'Dockerfile' build_file: 'Dockerfile'
image: devops/chart-builder-alpine image: public/chart-builder-alpine
tag: latest tag: latest
cache: false cache: false
cache_registry: cache cache_registry: cache

2
.github/workflows/fluxcd/flux-cli-image.yaml → .github/workflows/flux-cli-image.yaml vendored
View File

@ -22,7 +22,7 @@ jobs:
username: admin username: admin
password: ${{ secrets.HELM_REPO_PASSWORD }} password: ${{ secrets.HELM_REPO_PASSWORD }}
build_file: fluxcd/flux-cli.Dockerfile build_file: fluxcd/flux-cli.Dockerfile
image: k8s/fluxcd/flux-cli image: public/fluxcd/flux-cli
tag: v0.31.3 tag: v0.31.3
cache: true cache: true
cache_registry: cache cache_registry: cache

2
.github/workflows/fluxcd/flux-helm-controller-image.yaml → .github/workflows/flux-helm-controller-image.yaml vendored
View File

@ -22,7 +22,7 @@ jobs:
username: admin username: admin
password: ${{ secrets.HELM_REPO_PASSWORD }} password: ${{ secrets.HELM_REPO_PASSWORD }}
build_file: fluxcd/flux-helm-controller.Dockerfile build_file: fluxcd/flux-helm-controller.Dockerfile
image: k8s/fluxcd/helm-controller image: public/fluxcd/helm-controller
tag: v0.22.1 tag: v0.22.1
cache: true cache: true
cache_registry: cache cache_registry: cache

2
.github/workflows/fluxcd/flux-image-automation-controller.yaml → .github/workflows/flux-image-automation-controller.yaml vendored
View File

@ -22,7 +22,7 @@ jobs:
username: admin username: admin
password: ${{ secrets.HELM_REPO_PASSWORD }} password: ${{ secrets.HELM_REPO_PASSWORD }}
build_file: fluxcd/flux-image-automation-controller.Dockerfile build_file: fluxcd/flux-image-automation-controller.Dockerfile
image: k8s/fluxcd/image-automation-controller image: public/fluxcd/image-automation-controller
tag: v0.23.4 tag: v0.23.4
cache: true cache: true
cache_registry: cache cache_registry: cache

2
.github/workflows/fluxcd/flux-image-reflector-controller.yaml → .github/workflows/flux-image-reflector-controller.yaml vendored
View File

@ -22,7 +22,7 @@ jobs:
username: admin username: admin
password: ${{ secrets.HELM_REPO_PASSWORD }} password: ${{ secrets.HELM_REPO_PASSWORD }}
build_file: fluxcd/flux-image-reflector-controller.Dockerfile build_file: fluxcd/flux-image-reflector-controller.Dockerfile
image: k8s/fluxcd/image-reflector-controller image: public/fluxcd/image-reflector-controller
tag: v0.19.2 tag: v0.19.2
cache: true cache: true
cache_registry: cache cache_registry: cache

2
.github/workflows/fluxcd/flux-kustomize-controller-image.yaml → .github/workflows/flux-kustomize-controller-image.yaml vendored
View File

@ -22,7 +22,7 @@ jobs:
username: admin username: admin
password: ${{ secrets.HELM_REPO_PASSWORD }} password: ${{ secrets.HELM_REPO_PASSWORD }}
build_file: fluxcd/flux-kustomize-controller.Dockerfile build_file: fluxcd/flux-kustomize-controller.Dockerfile
image: k8s/fluxcd/kustomize-controller image: public/fluxcd/kustomize-controller
tag: v0.26.2 tag: v0.26.2
cache: true cache: true
cache_registry: cache cache_registry: cache

0
.github/workflows/fluxcd/flux-notification-controller-image.yaml → .github/workflows/flux-notification-controller-image.yaml vendored
View File

0
.github/workflows/fluxcd/flux-source-controller-image.yaml → .github/workflows/flux-source-controller-image.yaml vendored
View File

14
.github/workflows/terraform-aws-custom.yaml → .github/workflows/terraform-aws-finops.yaml vendored
View File

@ -1,10 +1,12 @@
name: Build & push ci runner terraform for aws custom image name: Build & push ci runner terraform for aws image
on: on:
pull_request: pull_request:
push: push:
paths: paths:
- '.github/workflows/terraform-aws-custom.yaml' - 'oci/iac-runner/terraform-aws-finops/main.tf'
- 'oci/iac-runner/terraform-aws-custom/Dockerfile' - 'oci/iac-runner/terraform-aws-finops/Dockerfile'
- 'oci/iac-runner/terraform-aws-finops/.terraformrc'
- '.github/workflows/terraform-aws-finops.yaml'
branches: branches:
- main - main
@ -15,15 +17,15 @@ jobs:
steps: steps:
- uses: actions/checkout@master - uses: actions/checkout@master
- name: 'Artifact: build && push terraform for aws custom image' - name: 'Artifact: build && push terraform for aws image'
uses: aevea/action-kaniko@master uses: aevea/action-kaniko@master
with: with:
registry: artifact.onwalk.net registry: artifact.onwalk.net
username: admin username: admin
password: ${{ secrets.HELM_REPO_PASSWORD }} password: ${{ secrets.HELM_REPO_PASSWORD }}
path: 'oci/iac-runner/terraform-aws-custom/' path: 'oci/iac-runner/terraform-aws-finops/'
build_file: 'Dockerfile' build_file: 'Dockerfile'
image: devops/terraform-aws image: public/terraform-aws
tag: latest tag: latest
cache: true cache: true
cache_registry: cache cache_registry: cache

10
.github/workflows/terraform-aws.yaml vendored
View File

@ -1,12 +1,10 @@
name: Build & push ci runner terraform for aws image name: Build & push ci runner terraform for aws custom image
on: on:
pull_request: pull_request:
push: push:
paths: paths:
- 'oci/iac-runner/terraform-aws/main.tf'
- 'oci/iac-runner/terraform-aws/Dockerfile'
- 'oci/iac-runner/terraform-aws/.terraformrc'
- '.github/workflows/terraform-aws.yaml' - '.github/workflows/terraform-aws.yaml'
- 'oci/iac-runner/terraform-aws/Dockerfile'
branches: branches:
- main - main
@ -17,7 +15,7 @@ jobs:
steps: steps:
- uses: actions/checkout@master - uses: actions/checkout@master
- name: 'Artifact: build && push terraform for aws image' - name: 'Artifact: build && push terraform for aws custom image'
uses: aevea/action-kaniko@master uses: aevea/action-kaniko@master
with: with:
registry: artifact.onwalk.net registry: artifact.onwalk.net
@ -25,7 +23,7 @@ jobs:
password: ${{ secrets.HELM_REPO_PASSWORD }} password: ${{ secrets.HELM_REPO_PASSWORD }}
path: 'oci/iac-runner/terraform-aws/' path: 'oci/iac-runner/terraform-aws/'
build_file: 'Dockerfile' build_file: 'Dockerfile'
image: devops/terraform-aws image: public/terraform-aws
tag: latest tag: latest
cache: true cache: true
cache_registry: cache cache_registry: cache

5
oci/app-runner/image-builder-alpine/Dockerfile
View File

@ -1,6 +1,5 @@
FROM gcr.io/kaniko-project/executor:debug AS kaniko FROM gcr.io/kaniko-project/executor:debug AS kaniko
FROM artifact.onwalk.net/k8s/alpine-glibc:2.34 AS prod FROM artifact.onwalk.net/k8s/alpine-glibc:2.34 AS prod
MAINTAINER shenlan xz@onwalk.net
ENV PATH $PATH:/usr/local/bin:/kaniko ENV PATH $PATH:/usr/local/bin:/kaniko
ENV DOCKER_CONFIG /kaniko/.docker/ ENV DOCKER_CONFIG /kaniko/.docker/
@ -16,8 +15,8 @@ RUN apk --update add \
COPY --from=kaniko /etc/nsswitch.conf /etc/nsswitch.conf COPY --from=kaniko /etc/nsswitch.conf /etc/nsswitch.conf
COPY --from=kaniko /kaniko/executor /kaniko/executor COPY --from=kaniko /kaniko/executor /kaniko/executor
# add jfrog cli # add jfrog cli
RUN curl -Lo /usr/bin/jf https://mirrors.onwalk.net/tools/linux-amd64/jf && chmod +x /usr/bin/jf RUN curl -Lo /usr/bin/jf https://mirrors.onwalk.net/tools/linux-amd64/jf
RUN chmod +x /usr/bin/jf
CMD ["/bin/sh"] CMD ["/bin/sh"]

2
oci/fluxcd/flux-kustomize-controller.Dockerfile
View File

@ -1,6 +1,6 @@
FROM ghcr.io/fluxcd/kustomize-controller:v0.26.2 as build FROM ghcr.io/fluxcd/kustomize-controller:v0.26.2 as build
FROM artifact.onwalk.net/k8s/alpine-ca:3.13 as prod FROM artifact.onwalk.net/public/alpine-ca:3.13 as prod
RUN apk add --no-cache ca-certificates tini git openssh-client && apk add --no-cache gnupg --repository=https://dl-cdn.alpinelinux.org/alpine/edge/main RUN apk add --no-cache ca-certificates tini git openssh-client && apk add --no-cache gnupg --repository=https://dl-cdn.alpinelinux.org/alpine/edge/main

2
oci/fluxcd/flux-notification-controller.Dockerfile
View File

@ -1,6 +1,6 @@
FROM ghcr.io/fluxcd/notification-controller:v0.24.0 as build FROM ghcr.io/fluxcd/notification-controller:v0.24.0 as build
FROM artifact.onwalk.net/k8s/alpine-ca:3.13 as prod FROM artifact.onwalk.net/public/alpine-ca:3.13 as prod
LABEL org.opencontainers.image.source="https://github.com/fluxcd/notification-controller" LABEL org.opencontainers.image.source="https://github.com/fluxcd/notification-controller"
RUN apk add --no-cache ca-certificates tini RUN apk add --no-cache ca-certificates tini

2
oci/hugo/Dockerfile
View File

@ -1,4 +1,4 @@
FROM artifact.onwalk.net/k8s/alpine-glibc:2.34 as prod FROM artifact.onwalk.net/public/alpine-glibc:2.34 as prod
ENV HUGO_VERSION 0.59.1 ENV HUGO_VERSION 0.59.1
ENV HUGO_BINARY hugo_extended_${HUGO_VERSION}_Linux-64bit.tar.gz ENV HUGO_BINARY hugo_extended_${HUGO_VERSION}_Linux-64bit.tar.gz

2
oci/iac-runner/pulumi-alicloud/Dockerfile
View File

@ -3,7 +3,7 @@ FROM infracost/infracost:latest as finops
FROM hashicorp/terraform:latest as builder FROM hashicorp/terraform:latest as builder
# Build IAC Runner # Build IAC Runner
FROM artifact.onwalk.net/k8s/alpine-glibc:2.34 as prod FROM artifact.onwalk.net/public/alpine-glibc:2.34 as prod
LABEL maintainer="Haitao Pan <xz@onwalk.net>" LABEL maintainer="Haitao Pan <xz@onwalk.net>"
ARG AWSCLI_VERSION=2.6.1 ARG AWSCLI_VERSION=2.6.1

2
oci/iac-runner/pulumi-aws/Dockerfile
View File

@ -11,7 +11,7 @@ RUN apt-get update -y && \
RUN curl -fsSL https://get.pulumi.com/ | bash -s -- --version $PULUMI_VERSION RUN curl -fsSL https://get.pulumi.com/ | bash -s -- --version $PULUMI_VERSION
FROM artifact.onwalk.net/k8s/alpine-glibc:2.34 as prod FROM artifact.onwalk.net/public/alpine-glibc:2.34 as prod
LABEL maintainer="Haitao Pan <xz@onwalk.net>" LABEL maintainer="Haitao Pan <xz@onwalk.net>"
ENV PATH "/pulumi/bin:${PATH}" ENV PATH "/pulumi/bin:${PATH}"

2
oci/iac-runner/terraform-alicloud/Dockerfile
View File

@ -2,7 +2,7 @@ FROM hashicorp/terraform:latest as builder
FROM infracost/infracost:latest as finops FROM infracost/infracost:latest as finops
# Build IAC Runner # Build IAC Runner
FROM artifact.onwalk.net/k8s/alpine-glibc-awscli:2.6.1 as prod FROM artifact.onwalk.net/public/alpine-glibc-awscli:2.6.1 as prod
LABEL maintainer="Haitao Pan <xz@onwalk.net>" LABEL maintainer="Haitao Pan <xz@onwalk.net>"
ARG AWSCLI_VERSION=2.6.1 ARG AWSCLI_VERSION=2.6.1

32
oci/iac-runner/terraform-aws-custom/Dockerfile
View File

@ -1,32 +0,0 @@
#FROM infracost/infracost:latest as finops
FROM artifact.onwalk.net/devops/terraform:latest as builder
# Build IAC Runner
FROM artifact.onwalk.net/k8s/alpine-awscli-python3:latest as prod
ENV KUBECTL_VERSION=1.19.3
COPY --from=builder /bin/terraform /bin/
# install kubectl in apline
RUN wget -O /usr/local/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl && chmod +x /usr/local/bin/kubectl
# make terraform plugin cache
RUN mkdir -p $HOME/.terraform.d/plugins
RUN echo $'\
provider "aws" {} \n\
provider "tls" {}\n\
provider "null" {}\n\
provider "template" {}' >> /tmp/provider-cache.tf
RUN cd /tmp && terraform init && mv .terraform/providers/* $HOME/.terraform.d/plugins && rm -rf .terraform && rm -rf provider-cache.tf
# config terraform cli
# ENV TF_CLI_ARGS_init="-plugin-dir=$HOME/.terraform.d/plugins"
# install python3
# RUN apk --no-cache add python3 py3-pip
# packages for eks-environment/kubernetes/addon.sh
RUN pip install --upgrade pip --user && \
pip install pyyaml
ENTRYPOINT ["/bin/sh", "-c"]

0
oci/iac-runner/terraform-aws/.terraformrc → oci/iac-runner/terraform-aws-finops/.terraformrc
View File

38
oci/iac-runner/terraform-aws-finops/Dockerfile Normal file
View File

@ -0,0 +1,38 @@
FROM hashicorp/terraform:latest as builder
FROM infracost/infracost:latest as finops
# Build IAC Runner
FROM artifact.onwalk.net/public/alpine-awscli:2.6.1 as prod
LABEL maintainer="Haitao Pan <xz@onwalk.net>"
ENV KUBECTL_VERSION=1.19.3
RUN apk add --update --no-cache ca-certificates openssl openssh-client git bash wget make curl jq unzip zip python3 py3-pip && \
pip3 install --upgrade pip --user && \
pip3 install jinja2 hvac python-hcl2 pyyaml && \
wget https://mirrors.onwalk.net/tools/linux-amd64/gauth.tar.gz && tar -xvpf gauth.tar.gz -C /usr/bin/ && chmod 755 /usr/bin/gauth && \
wget -O /usr/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl & chmod +x /usr/bin/kubectl && \
wget https://mirrors.onwalk.net/tools/linux-amd64/gitleaks_8.8.5_linux_x64.tar.gz && tar -xvpf gitleaks_8.8.5_linux_x64.tar.gz && cp gitleaks /usr/bin/ && chmod 755 /usr/bin/gitleaks && \
apk --no-cache del binutils make && \
rm -rf /var/cache/apk/*
mkdir -pv /root/.terraform.d/plugin-cache && \
# add iac tools
COPY --from=builder /bin/terraform /bin/
# add pre-cost tools
COPY --from=finops /usr/bin/terragrunt /usr/bin/
COPY --from=finops /usr/bin/infracost /usr/bin/
# config pre-cost tools
RUN mkdir -pv /root/.config/infracost/
COPY credentials.yml /root/.config/infracost/
RUN infracost configure get api_key
# init terraform provider cache
COPY main.tf .
RUN mkdir -pv /data/terraform/
RUN terraform providers mirror /data/terraform/ && rm -f main.tf .terraform.lock.hcl
COPY .terraformrc /root/
ENTRYPOINT ["/bin/sh", "-c"]

0
oci/iac-runner/terraform-aws/Makefile → oci/iac-runner/terraform-aws-finops/Makefile
View File

0
oci/iac-runner/terraform-aws/main.tf → oci/iac-runner/terraform-aws-finops/main.tf
View File

0
oci/iac-runner/terraform-aws/repositories → oci/iac-runner/terraform-aws-finops/repositories
View File

48
oci/iac-runner/terraform-aws/Dockerfile
View File

@ -1,38 +1,32 @@
FROM hashicorp/terraform:latest as builder #FROM infracost/infracost:latest as finops
FROM infracost/infracost:latest as finops FROM artifact.onwalk.net/public/terraform:latest as builder
# Build IAC Runner # Build IAC Runner
FROM artifact.onwalk.net/k8s/alpine-awscli:2.6.1 as prod ROM artifact.onwalk.net/public/alpine-awscli-python3:latest as prod
LABEL maintainer="Haitao Pan <xz@onwalk.net>"
ENV KUBECTL_VERSION=1.19.3 ENV KUBECTL_VERSION=1.19.3
RUN apk add --update --no-cache ca-certificates openssl openssh-client git bash wget make curl jq unzip zip python3 py3-pip && \
pip3 install --upgrade pip --user && \
pip3 install jinja2 hvac python-hcl2 pyyaml && \
wget https://mirrors.onwalk.net/tools/linux-amd64/gauth.tar.gz && tar -xvpf gauth.tar.gz -C /usr/bin/ && chmod 755 /usr/bin/gauth && \
wget -O /usr/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl & chmod +x /usr/bin/kubectl && \
wget https://mirrors.onwalk.net/tools/linux-amd64/gitleaks_8.8.5_linux_x64.tar.gz && tar -xvpf gitleaks_8.8.5_linux_x64.tar.gz && cp gitleaks /usr/bin/ && chmod 755 /usr/bin/gitleaks && \
apk --no-cache del binutils make && \
rm -rf /var/cache/apk/*
mkdir -pv /root/.terraform.d/plugin-cache && \
# add iac tools
COPY --from=builder /bin/terraform /bin/ COPY --from=builder /bin/terraform /bin/
# add pre-cost tools # install kubectl in apline
COPY --from=finops /usr/bin/terragrunt /usr/bin/ RUN wget -O /usr/local/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl && chmod +x /usr/local/bin/kubectl
COPY --from=finops /usr/bin/infracost /usr/bin/
# config pre-cost tools # make terraform plugin cache
RUN mkdir -pv /root/.config/infracost/ RUN mkdir -p $HOME/.terraform.d/plugins
COPY credentials.yml /root/.config/infracost/ RUN echo $'\
RUN infracost configure get api_key provider "aws" {} \n\
provider "tls" {}\n\
provider "null" {}\n\
provider "template" {}' >> /tmp/provider-cache.tf
RUN cd /tmp && terraform init && mv .terraform/providers/* $HOME/.terraform.d/plugins && rm -rf .terraform && rm -rf provider-cache.tf
# config terraform cli
# ENV TF_CLI_ARGS_init="-plugin-dir=$HOME/.terraform.d/plugins"
# init terraform provider cache # install python3
COPY main.tf . # RUN apk --no-cache add python3 py3-pip
RUN mkdir -pv /data/terraform/
RUN terraform providers mirror /data/terraform/ && rm -f main.tf .terraform.lock.hcl # packages for eks-environment/kubernetes/addon.sh
COPY .terraformrc /root/ RUN pip install --upgrade pip --user && \
pip install pyyaml
ENTRYPOINT ["/bin/sh", "-c"] ENTRYPOINT ["/bin/sh", "-c"]