From aa70d85bee137a1b65cca88e1841f5fb0d27a49d Mon Sep 17 00:00:00 2001 From: Stephan Schnabel Date: Wed, 18 Jun 2025 22:22:07 +0200 Subject: [PATCH] Initial draft of plugin. --- .github/README.md | 13 ++ .github/workflows/build.yaml | 26 ++++ .github/workflows/lint.yaml | 35 +++++ .justfile | 31 ++++ .markdownlint.yaml | 9 ++ .woodpecker/build.yaml | 196 ++++++++++++++++++++++++ .woodpecker/dockerhub.yaml | 28 ++++ .woodpecker/lint.yaml | 31 ++++ .woodpecker/test.yaml | 31 ++++ .yamllint.yaml | 19 +++ Dockerfile | 119 +++++++++++++++ Dockerfile.dockerignore | 4 + LICENSE | 288 +++++++++++++++++++++++++++++++++++ README.md | 47 ++++++ entrypoint-rootless.sh | 36 +++++ entrypoint.sh | 33 ++++ renovate.json | 4 + 17 files changed, 950 insertions(+) create mode 100644 .github/README.md create mode 100644 .github/workflows/build.yaml create mode 100644 .github/workflows/lint.yaml create mode 100644 .justfile create mode 100644 .markdownlint.yaml create mode 100644 .woodpecker/build.yaml create mode 100644 .woodpecker/dockerhub.yaml create mode 100644 .woodpecker/lint.yaml create mode 100644 .woodpecker/test.yaml create mode 100644 .yamllint.yaml create mode 100644 Dockerfile create mode 100644 Dockerfile.dockerignore create mode 100644 LICENSE create mode 100644 README.md create mode 100755 entrypoint-rootless.sh create mode 100755 entrypoint.sh create mode 100644 renovate.json diff --git a/.github/README.md b/.github/README.md new file mode 100644 index 0000000..ab5244a --- /dev/null +++ b/.github/README.md @@ -0,0 +1,13 @@ +# Docker Daemon WoodpeckerCI Plugin + +[![pulls](https://img.shields.io/docker/pulls/kokuwaio/dockerd)](https://hub.docker.com/r/kokuwaio/dockerd) +[![size](https://img.shields.io/docker/image-size/kokuwaio/dockerd)](https://hub.docker.com/r/kokuwaio/dockerd) +[![dockerfile](https://img.shields.io/badge/source-Dockerfile%20-blue)](https://git.kokuwa.io/woodpecker/dockerd/src/branch/main/Dockerfile) +[![license](https://img.shields.io/badge/License-EUPL%201.2-blue)](https://git.kokuwa.io/woodpecker/dockerd/src/branch/main/LICENSE) +[![prs](https://img.shields.io/gitea/pull-requests/open/woodpecker/dockerd?gitea_url=https%3A%2F%2Fgit.kokuwa.io)](https://git.kokuwa.io/woodpecker/dockerd/pulls) +[![issues](https://img.shields.io/gitea/issues/open/woodpecker/dockerd?gitea_url=https%3A%2F%2Fgit.kokuwa.io)](https://git.kokuwa.io/woodpecker/dockerd/issues) + +A [Woodpecker I](https://woodpecker-ci.org) prepared docker daemon. +Also usable with Gitlab, Github or locally, see examples for usage. + +For more documention see: [git.kokuwa.io/woodpecker/dockerd](https://git.kokuwa.io/woodpecker/dockerd) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 0000000..eadbe80 --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,26 @@ +name: Build + +on: push + +jobs: + + dockerd: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@main + - uses: docker/setup-qemu-action@master + - uses: docker/setup-buildx-action@master + - uses: docker/build-push-action@master + with: + platforms: linux/amd64,linux/arm64 + + cli: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@main + - uses: docker/setup-qemu-action@master + - uses: docker/setup-buildx-action@master + - uses: docker/build-push-action@master + with: + target: cli-az-git + platforms: linux/amd64,linux/arm64 diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml new file mode 100644 index 0000000..1af5647 --- /dev/null +++ b/.github/workflows/lint.yaml @@ -0,0 +1,35 @@ +name: Lint + +on: push + +jobs: + + renovate: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@main + - uses: docker://kokuwaio/renovate-config-validator + + markdownlint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@main + - uses: docker://kokuwaio/markdownlint + + yamllint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@main + - uses: docker://kokuwaio/yamllint + + hadolint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@main + - uses: docker://kokuwaio/hadolint + + shellcheck: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@main + - uses: docker://kokuwaio/shellcheck diff --git a/.justfile b/.justfile new file mode 100644 index 0000000..e1ff678 --- /dev/null +++ b/.justfile @@ -0,0 +1,31 @@ +# https://just.systems/man/en/ + +[private] +@default: + just --list --unsorted + +# Run linter. +@lint: + docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/shellcheck + docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/hadolint + docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/yamllint + docker run --rm --read-only --volume=$(pwd):$(pwd):rw --workdir=$(pwd) kokuwaio/markdownlint --fix + docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/renovate + docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) woodpeckerci/woodpecker-cli lint + +# Build image with local docker daemon. +@build: + docker build . --target=dockerd --tag=kokuwaio/dockerd:dev + docker build . --target=dockerd-rootless --tag=kokuwaio/dockerd:dev-rootless + docker build . --target=cli --tag=kokuwaio/docker-cli:dev + docker build . --target=cli-git --tag=kokuwaio/docker-cli:dev-git + docker build . --target=cli-az --tag=kokuwaio/docker-cli:dev-az + docker build . --target=cli-az-git --tag=kokuwaio/docker-cli:dev-az-git + +# Inspect image with docker. +@inspect IMAGE="dockerd:dev": build + docker image inspect kokuwaio/{{IMAGE}} + +# Inspect image layers with `dive`. +@dive IMAGE="dockerd:dev": build + dive kokuwaio/{{IMAGE}} diff --git a/.markdownlint.yaml b/.markdownlint.yaml new file mode 100644 index 0000000..5f08047 --- /dev/null +++ b/.markdownlint.yaml @@ -0,0 +1,9 @@ +# Default state for all rules +default: true + +# MD009 - Trailing spaces +MD009: + strict: true + +# MD013 - Line length +MD013: false diff --git a/.woodpecker/build.yaml b/.woodpecker/build.yaml new file mode 100644 index 0000000..e61c8aa --- /dev/null +++ b/.woodpecker/build.yaml @@ -0,0 +1,196 @@ +when: + instance: ci.kokuwa.io + repo: woodpecker/docker + event: [manual, push, pull_request] + branch: main + path: [.woodpecker/build.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh] + +variables: + - step: &pr + image: kokuwaio/buildctl + depends_on: [] + settings: &settings-pr + platform: [linux/amd64, linux/arm64] + auth: + registry.kokuwa.io: + username: {from_secret: kokuwa_io_username} + password: {from_secret: kokuwa_io_password} + annotation: &annotation + org.opencontainers.image.title: Docker CLI for WoodpeckerCI + org.opencontainers.image.description: Docker CLI for usage in WoodpeckerCI. + org.opencontainers.image.url: $CI_REPO_URL + org.opencontainers.image.documentation: $CI_REPO_URL/README.md + org.opencontainers.image.source: $CI_REPO_CLONE_URL + org.opencontainers.image.revision: $CI_COMMIT_SHA + org.opencontainers.image.vendor: kokuwa.io + org.opencontainers.image.licenses: EUPL-1.2 + org.opencontainers.image.ref.name: kokuwaio/docker-cli + org.opencontainers.image.version: 28.2.2 + when: + event: pull_request + - step: &push + image: kokuwaio/buildctl + depends_on: [] + settings: &settings-push + <<: *settings-pr + auth: + "https://index.docker.io/v1/": + username: {from_secret: docker_io_username} + password: {from_secret: docker_io_password} + ghcr.io: + username: {from_secret: ghcr_io_username} + password: {from_secret: ghcr_io_password} + registry.kokuwa.io: + username: {from_secret: kokuwa_io_username} + password: {from_secret: kokuwa_io_password} + when: + event: [manual, push] + branch: main + +steps: + + dockerd-pr: + <<: *pr + settings: + <<: *settings-pr + name: registry.kokuwa.io/kokuwaio/dockerd:ci-${CI_PIPELINE_NUMBER} + target: dockerd + annotation: + <<: *annotation + org.opencontainers.image.title: Docker Daemon for WoodpeckerCI + org.opencontainers.image.description: Docker daemon for usage in WoodpeckerCI. + org.opencontainers.image.ref.name: kokuwaio/dockerd + + dockerd-rootless-pr: + <<: *pr + settings: + <<: *settings-pr + name: registry.kokuwa.io/kokuwaio/dockerd:ci-${CI_PIPELINE_NUMBER}-rootless + target: dockerd-rootless + annotation: + <<: *annotation + org.opencontainers.image.title: Docker Daemon for WoodpeckerCI + org.opencontainers.image.description: Docker daemon for usage in WoodpeckerCI. + org.opencontainers.image.ref.name: kokuwaio/dockerd + + cli-pr: + <<: *pr + settings: + <<: *settings-pr + name: registry.kokuwa.io/kokuwaio/docker-cli:ci-${CI_PIPELINE_NUMBER} + target: cli + + cli-git-pr: + <<: *pr + depends_on: [cli-pr] + settings: + <<: *settings-pr + name: registry.kokuwa.io/kokuwaio/docker-cli:ci-${CI_PIPELINE_NUMBER}-git + target: cli-git + + cli-az-pr: + <<: *pr + depends_on: [cli-pr] + settings: + <<: *settings-pr + name: registry.kokuwa.io/kokuwaio/docker-cli:ci-${CI_PIPELINE_NUMBER}-az + target: cli-az + + cli-az-git-pr: + <<: *pr + depends_on: [cli-az-pr] + settings: + <<: *settings-pr + name: registry.kokuwa.io/kokuwaio/docker-cli:ci-${CI_PIPELINE_NUMBER}-az-git + target: cli-az-git + + dockerd: + <<: *push + settings: + <<: *settings-push + name: + - registry.kokuwa.io/kokuwaio/dockerd:latest + - registry.kokuwa.io/kokuwaio/dockerd:28.2.2 + - docker.io/kokuwaio/dockerd:latest + - docker.io/kokuwaio/dockerd:28.2.2 + - ghcr.io/kokuwaio/dockerd:latest + - ghcr.io/kokuwaio/dockerd:28.2.2 + target: dockerd + annotation: + <<: *annotation + org.opencontainers.image.title: Docker Daemon for WoodpeckerCI + org.opencontainers.image.description: Docker daemon for usage in WoodpeckerCI. + org.opencontainers.image.ref.name: kokuwaio/dockerd + + dockerd-rootless: + <<: *push + settings: + <<: *settings-push + name: + - registry.kokuwa.io/kokuwaio/dockerd:rootless + - registry.kokuwa.io/kokuwaio/dockerd:28.2.2-rootless + - docker.io/kokuwaio/dockerd:rootless + - docker.io/kokuwaio/dockerd:28.2.2-rootless + - ghcr.io/kokuwaio/dockerd:rootless + - ghcr.io/kokuwaio/dockerd:28.2.2-rootless + target: dockerd-rootless + annotation: + <<: *annotation + org.opencontainers.image.title: Docker Daemon for WoodpeckerCI + org.opencontainers.image.description: Docker daemon for usage in WoodpeckerCI. + org.opencontainers.image.ref.name: kokuwaio/dockerd + + cli: + <<: *push + settings: + <<: *settings-push + name: + - registry.kokuwa.io/kokuwaio/docker-cli:latest + - registry.kokuwa.io/kokuwaio/docker-cli:28.2.2 + - docker.io/kokuwaio/docker-cli:latest + - docker.io/kokuwaio/docker-cli:28.2.2 + - ghcr.io/kokuwaio/docker-cli:latest + - ghcr.io/kokuwaio/docker-cli:28.2.2 + target: cli + + cli-git: + <<: *push + depends_on: [cli] + settings: + <<: *settings-push + name: + - registry.kokuwa.io/kokuwaio/docker-cli:git + - registry.kokuwa.io/kokuwaio/docker-cli:28.2.2-git + - docker.io/kokuwaio/docker-cli:git + - docker.io/kokuwaio/docker-cli:28.2.2-git + - ghcr.io/kokuwaio/docker-cli:git + - ghcr.io/kokuwaio/docker-cli:28.2.2-git + target: cli-git + + cli-az: + <<: *push + depends_on: [cli] + settings: + <<: *settings-push + name: + - registry.kokuwa.io/kokuwaio/docker-cli:az + - registry.kokuwa.io/kokuwaio/docker-cli:28.2.2-az + - docker.io/kokuwaio/docker-cli:az + - docker.io/kokuwaio/docker-cli:28.2.2-az + - ghcr.io/kokuwaio/docker-cli:az + - ghcr.io/kokuwaio/docker-cli:28.2.2-az + target: cli-az + + cli-az-git: + <<: *push + depends_on: [cli-az] + settings: + <<: *settings-push + name: + - registry.kokuwa.io/kokuwaio/docker-cli:az-git + - registry.kokuwa.io/kokuwaio/docker-cli:28.2.2-az-git + - docker.io/kokuwaio/docker-cli:az-git + - docker.io/kokuwaio/docker-cli:28.2.2-az-git + - ghcr.io/kokuwaio/docker-cli:az-git + - ghcr.io/kokuwaio/docker-cli:28.2.2-az-git + target: cli-az-git diff --git a/.woodpecker/dockerhub.yaml b/.woodpecker/dockerhub.yaml new file mode 100644 index 0000000..5639dd0 --- /dev/null +++ b/.woodpecker/dockerhub.yaml @@ -0,0 +1,28 @@ +when: + instance: ci.kokuwa.io + repo: woodpecker/docker + event: [manual, push] + branch: main + path: [.woodpecker/dockerhub.yaml, README.md] + +steps: + + dockerd: + image: kokuwaio/dockerhub-metadata + depends_on: [] + settings: + repository: kokuwaio/dockerd + description-short: Docker daemon for usage in WoodpeckerCI. + categories: [developer-tools, integration-and-delivery] + username: {from_secret: dockerhub_username} + password: {from_secret: dockerhub_password} + + docker-cli: + image: kokuwaio/dockerhub-metadata + depends_on: [] + settings: + repository: kokuwaio/docker-cli + description-short: Docker CLI for usage in WoodpeckerCI. + categories: [developer-tools, integration-and-delivery] + username: {from_secret: dockerhub_username} + password: {from_secret: dockerhub_password} diff --git a/.woodpecker/lint.yaml b/.woodpecker/lint.yaml new file mode 100644 index 0000000..59a1252 --- /dev/null +++ b/.woodpecker/lint.yaml @@ -0,0 +1,31 @@ +when: + event: [manual, push, pull_request] + branch: main + path: [.woodpecker/lint.yaml, renovate.json, "**/*.yaml", "**/*.md", "**/*.sh", "**/Dockerfile"] + +steps: + + renovate: + image: kokuwaio/renovate-config-validator + depends_on: [] + when: [path: [.woodpecker/lint.yaml, renovate.json]] + + yaml: + image: kokuwaio/yamllint + depends_on: [] + when: [path: [.woodpecker/lint.yaml, .yamllint.yaml, "**/*.yaml"]] + + markdown: + image: kokuwaio/markdownlint + depends_on: [] + when: [path: [.woodpecker/lint.yaml, .markdownlint.yaml, "**/*.md"]] + + dockerfile: + image: kokuwaio/hadolint + depends_on: [] + when: [path: [.woodpecker/lint.yaml, "**/Dockerfile"]] + + shellcheck: + image: kokuwaio/shellcheck + depends_on: [] + when: [path: [.woodpecker/lint.yaml, "**/*.sh"]] diff --git a/.woodpecker/test.yaml b/.woodpecker/test.yaml new file mode 100644 index 0000000..ffdb42d --- /dev/null +++ b/.woodpecker/test.yaml @@ -0,0 +1,31 @@ +when: + instance: ci.kokuwa.io + repo: woodpecker/docker + event: pull_request + path: [.woodpecker/build.yaml, .woodpecker/test.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh] + +depends_on: [build] +matrix: + PLATFORM: [amd64, arm64] +labels: + platform: linux/${PLATFORM} + +services: + - name: dockerd + image: registry.kokuwa.io/kokuwaio/dockerd:ci-${CI_PIPELINE_NUMBER}-rootless + ports: [2375] + privileged: true + +steps: + + info: + image: registry.kokuwa.io/kokuwaio/docker-cli:ci-${CI_PIPELINE_NUMBER} + commands: docker info + + pull: + image: registry.kokuwa.io/kokuwaio/docker-cli:ci-${CI_PIPELINE_NUMBER} + commands: docker pull bash + + run: + image: registry.kokuwa.io/kokuwaio/docker-cli:ci-${CI_PIPELINE_NUMBER} + commands: docker run --rm bash uname -a diff --git a/.yamllint.yaml b/.yamllint.yaml new file mode 100644 index 0000000..8011808 --- /dev/null +++ b/.yamllint.yaml @@ -0,0 +1,19 @@ +extends: default + +## see https://yamllint.readthedocs.io/en/stable/rules.html +rules: + + # no need for document start + document-start: disable + + # line length is not important + line-length: disable + + # force double quotes everywhere + quoted-strings: + quote-type: double + required: only-when-needed + + # allow everything on keys + truthy: + check-keys: false diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..512e44f --- /dev/null +++ b/Dockerfile @@ -0,0 +1,119 @@ +# hadolint global ignore=DL3008 + +## +## Download docker +## + +FROM docker.io/library/debian:12.11-slim@sha256:e5865e6858dacc255bead044a7f2d0ad8c362433cfaa5acefb670c1edf54dfef AS download +WORKDIR /tmp/docker +RUN --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \ + --mount=type=cache,target=/var/cache \ + --mount=type=tmpfs,target=/var/log \ + apt-get -qq update && \ + apt-get -qq install --yes --no-install-recommends ca-certificates curl && \ + rm -rf /etc/*- /var/lib/dpkg/*-old /var/lib/dpkg/status +RUN ARCH=$(dpkg --print-architecture) && curl --fail --silent --parallel --remote-name-all \ + "https://download.docker.com/linux/debian/dists/bookworm/pool/stable/$ARCH/containerd.io_1.7.27-1_$ARCH.deb" \ + "https://download.docker.com/linux/debian/dists/bookworm/pool/stable/$ARCH/docker-buildx-plugin_0.24.0-1~debian.12~bookworm_$ARCH.deb" \ + "https://download.docker.com/linux/debian/dists/bookworm/pool/stable/$ARCH/docker-ce-cli_28.2.2-1~debian.12~bookworm_$ARCH.deb" \ + "https://download.docker.com/linux/debian/dists/bookworm/pool/stable/$ARCH/docker-ce_28.2.2-1~debian.12~bookworm_$ARCH.deb" \ + "https://download.docker.com/linux/debian/dists/bookworm/pool/stable/$ARCH/docker-ce-rootless-extras_28.2.2-1~debian.12~bookworm_$ARCH.deb" + +## +## Docker Daemon +## + +FROM docker.io/library/debian:12.11-slim@sha256:e5865e6858dacc255bead044a7f2d0ad8c362433cfaa5acefb670c1edf54dfef AS dockerd +RUN --mount=type=bind,from=download,source=/tmp/docker,target=/tmp/docker \ + --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \ + --mount=type=cache,target=/var/cache \ + --mount=type=tmpfs,target=/var/log \ + apt-get -qq update && \ + apt-get -qq install --yes --no-install-recommends ca-certificates \ + "/tmp/docker/containerd.io_1.7.27-1_$(dpkg --print-architecture).deb" \ + "/tmp/docker/docker-ce_28.2.2-1~debian.12~bookworm_$(dpkg --print-architecture).deb" \ + "/tmp/docker/docker-ce-cli_28.2.2-1~debian.12~bookworm_$(dpkg --print-architecture).deb" && \ + rm -rf /var/lib/dpkg/*-old /var/lib/dpkg/status +COPY --chmod=555 entrypoint.sh /usr/bin/entrypoint.sh +ENTRYPOINT ["/usr/bin/entrypoint.sh"] + +## +## Docker Daemon (rootless) +## + +FROM docker.io/library/debian:12.11-slim@sha256:e5865e6858dacc255bead044a7f2d0ad8c362433cfaa5acefb670c1edf54dfef AS dockerd-rootless +RUN --mount=type=bind,from=download,source=/tmp/docker,target=/tmp/docker \ + --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \ + --mount=type=cache,target=/var/cache \ + --mount=type=tmpfs,target=/var/log \ + apt-get -qq update && \ + apt-get -qq install --yes --no-install-recommends ca-certificates uidmap slirp4netns dbus-user-session iproute2 fuse-overlayfs \ + "/tmp/docker/containerd.io_1.7.27-1_$(dpkg --print-architecture).deb" \ + "/tmp/docker/docker-ce_28.2.2-1~debian.12~bookworm_$(dpkg --print-architecture).deb" \ + "/tmp/docker/docker-ce-cli_28.2.2-1~debian.12~bookworm_$(dpkg --print-architecture).deb" \ + "/tmp/docker/docker-ce-rootless-extras_28.2.2-1~debian.12~bookworm_$(dpkg --print-architecture).deb" && \ + rm -rf /var/lib/dpkg/*-old /var/lib/dpkg/status +RUN useradd dockerd --uid 1000 --home-dir /home/docker --create-home && rm -fr /etc/*- && \ + echo dockerd:100000:65536 >/etc/subuid && \ + echo dockerd:100000:65536 >/etc/subgid +COPY --chmod=555 entrypoint-rootless.sh /usr/bin/entrypoint.sh +ENTRYPOINT ["/usr/bin/entrypoint.sh"] +ENV HOME=/home/docker +USER 1000 + +## +## Docker CLI +## + +FROM docker.io/library/debian:12.11-slim@sha256:e5865e6858dacc255bead044a7f2d0ad8c362433cfaa5acefb670c1edf54dfef AS cli-base +RUN --mount=type=bind,from=download,source=/tmp/docker,target=/tmp/docker \ + --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \ + --mount=type=cache,target=/var/cache \ + --mount=type=tmpfs,target=/var/log \ + apt-get -qq update && \ + apt-get -qq install --yes --no-install-recommends ca-certificates \ + "/tmp/docker/docker-buildx-plugin_0.24.0-1~debian.12~bookworm_$(dpkg --print-architecture).deb" \ + "/tmp/docker/docker-ce-cli_28.2.2-1~debian.12~bookworm_$(dpkg --print-architecture).deb" && \ + rm -rf /etc/*- /var/lib/dpkg/*-old /var/lib/dpkg/status +ENV DOCKER_HOST=tcp://dockerd:2375 +ENV HOME=/woodpecker + +FROM cli-base AS cli-base-az +RUN --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \ + --mount=type=cache,target=/var/cache \ + --mount=type=tmpfs,target=/var/log \ + apt-get -qq update && \ + apt-get -qq install --yes --no-install-recommends python3 pip && \ + rm -rf /etc/*- /var/lib/dpkg/*-old /var/lib/dpkg/status +ARG PYPI_MIRROR=https://mirror.kokuwa.io/pypi/simple/ +# pip cache is explicit stored in cache mount +# hadolint ignore=DL3042 +RUN --mount=type=cache,target=/var/cache pip install azure-cli==2.66.0 \ + --root-user-action=ignore \ + --break-system-packages \ + --cache-dir=/var/cache/.cache/pip \ + --index-url=$PYPI_MIRROR + +FROM cli-base AS cli +USER 1000:1000 + +FROM cli-base AS cli-git +RUN --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \ + --mount=type=cache,target=/var/cache \ + --mount=type=tmpfs,target=/var/log \ + apt-get -qq update && \ + apt-get -qq install --yes --no-install-recommends git && \ + rm -rf /var/lib/dpkg/*-old /var/lib/dpkg/status +USER 1000:1000 + +FROM cli-base-az AS cli-az +USER 1000:1000 + +FROM cli-base-az AS cli-az-git +RUN --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \ + --mount=type=cache,target=/var/cache \ + --mount=type=tmpfs,target=/var/log \ + apt-get -qq update && \ + apt-get -qq install --yes --no-install-recommends git && \ + rm -rf /var/lib/dpkg/*-old /var/lib/dpkg/status +USER 1000:1000 diff --git a/Dockerfile.dockerignore b/Dockerfile.dockerignore new file mode 100644 index 0000000..f30c598 --- /dev/null +++ b/Dockerfile.dockerignore @@ -0,0 +1,4 @@ +.* + +!entrypoint.sh +!entrypoint-rootless.sh diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..ebcf5a5 --- /dev/null +++ b/LICENSE @@ -0,0 +1,288 @@ + + EUROPEAN UNION PUBLIC LICENCE v. 1.2 + EUPL © the European Union 2007, 2016 + +This European Union Public Licence (the 'EUPL') applies to the Work (as defined +below) which is provided under the terms of this Licence. Any use of the Work, +other than as authorised under this Licence is prohibited (to the extent such +use is covered by a right of the copyright holder of the Work). + +The Work is provided under the terms of this Licence when the Licensor (as +defined below) has placed the following notice immediately following the +copyright notice for the Work: + + Licensed under the EUPL + +or has expressed by any other means his willingness to license under the EUPL. + +1. Definitions + +In this Licence, the following terms have the following meaning: + +- 'The Licence': this Licence. + +- 'The Original Work': the work or software distributed or communicated by the + Licensor under this Licence, available as Source Code and also as Executable + Code as the case may be. + +- 'Derivative Works': the works or software that could be created by the + Licensee, based upon the Original Work or modifications thereof. This Licence + does not define the extent of modification or dependence on the Original Work + required in order to classify a work as a Derivative Work; this extent is + determined by copyright law applicable in the country mentioned in Article 15. + +- 'The Work': the Original Work or its Derivative Works. + +- 'The Source Code': the human-readable form of the Work which is the most + convenient for people to study and modify. + +- 'The Executable Code': any code which has generally been compiled and which is + meant to be interpreted by a computer as a program. + +- 'The Licensor': the natural or legal person that distributes or communicates + the Work under the Licence. + +- 'Contributor(s)': any natural or legal person who modifies the Work under the + Licence, or otherwise contributes to the creation of a Derivative Work. + +- 'The Licensee' or 'You': any natural or legal person who makes any usage of + the Work under the terms of the Licence. + +- 'Distribution' or 'Communication': any act of selling, giving, lending, + renting, distributing, communicating, transmitting, or otherwise making + available, online or offline, copies of the Work or providing access to its + essential functionalities at the disposal of any other natural or legal + person. + +2. Scope of the rights granted by the Licence + +The Licensor hereby grants You a worldwide, royalty-free, non-exclusive, +sublicensable licence to do the following, for the duration of copyright vested +in the Original Work: + +- use the Work in any circumstance and for all usage, +- reproduce the Work, +- modify the Work, and make Derivative Works based upon the Work, +- communicate to the public, including the right to make available or display + the Work or copies thereof to the public and perform publicly, as the case may + be, the Work, +- distribute the Work or copies thereof, +- lend and rent the Work or copies thereof, +- sublicense rights in the Work or copies thereof. + +Those rights can be exercised on any media, supports and formats, whether now +known or later invented, as far as the applicable law permits so. + +In the countries where moral rights apply, the Licensor waives his right to +exercise his moral right to the extent allowed by law in order to make effective +the licence of the economic rights here above listed. + +The Licensor grants to the Licensee royalty-free, non-exclusive usage rights to +any patents held by the Licensor, to the extent necessary to make use of the +rights granted on the Work under this Licence. + +3. Communication of the Source Code + +The Licensor may provide the Work either in its Source Code form, or as +Executable Code. If the Work is provided as Executable Code, the Licensor +provides in addition a machine-readable copy of the Source Code of the Work +along with each copy of the Work that the Licensor distributes or indicates, in +a notice following the copyright notice attached to the Work, a repository where +the Source Code is easily and freely accessible for as long as the Licensor +continues to distribute or communicate the Work. + +4. Limitations on copyright + +Nothing in this Licence is intended to deprive the Licensee of the benefits from +any exception or limitation to the exclusive rights of the rights owners in the +Work, of the exhaustion of those rights or of other applicable limitations +thereto. + +5. Obligations of the Licensee + +The grant of the rights mentioned above is subject to some restrictions and +obligations imposed on the Licensee. Those obligations are the following: + +Attribution right: The Licensee shall keep intact all copyright, patent or +trademarks notices and all notices that refer to the Licence and to the +disclaimer of warranties. The Licensee must include a copy of such notices and a +copy of the Licence with every copy of the Work he/she distributes or +communicates. The Licensee must cause any Derivative Work to carry prominent +notices stating that the Work has been modified and the date of modification. + +Copyleft clause: If the Licensee distributes or communicates copies of the +Original Works or Derivative Works, this Distribution or Communication will be +done under the terms of this Licence or of a later version of this Licence +unless the Original Work is expressly distributed only under this version of the +Licence — for example by communicating 'EUPL v. 1.2 only'. The Licensee +(becoming Licensor) cannot offer or impose any additional terms or conditions on +the Work or Derivative Work that alter or restrict the terms of the Licence. + +Compatibility clause: If the Licensee Distributes or Communicates Derivative +Works or copies thereof based upon both the Work and another work licensed under +a Compatible Licence, this Distribution or Communication can be done under the +terms of this Compatible Licence. For the sake of this clause, 'Compatible +Licence' refers to the licences listed in the appendix attached to this Licence. +Should the Licensee's obligations under the Compatible Licence conflict with +his/her obligations under this Licence, the obligations of the Compatible +Licence shall prevail. + +Provision of Source Code: When distributing or communicating copies of the Work, +the Licensee will provide a machine-readable copy of the Source Code or indicate +a repository where this Source will be easily and freely available for as long +as the Licensee continues to distribute or communicate the Work. + +Legal Protection: This Licence does not grant permission to use the trade names, +trademarks, service marks, or names of the Licensor, except as required for +reasonable and customary use in describing the origin of the Work and +reproducing the content of the copyright notice. + +6. Chain of Authorship + +The original Licensor warrants that the copyright in the Original Work granted +hereunder is owned by him/her or licensed to him/her and that he/she has the +power and authority to grant the Licence. + +Each Contributor warrants that the copyright in the modifications he/she brings +to the Work are owned by him/her or licensed to him/her and that he/she has the +power and authority to grant the Licence. + +Each time You accept the Licence, the original Licensor and subsequent +Contributors grant You a licence to their contributions to the Work, under the +terms of this Licence. + +7. Disclaimer of Warranty + +The Work is a work in progress, which is continuously improved by numerous +Contributors. It is not a finished work and may therefore contain defects or +'bugs' inherent to this type of development. + +For the above reason, the Work is provided under the Licence on an 'as is' basis +and without warranties of any kind concerning the Work, including without +limitation merchantability, fitness for a particular purpose, absence of defects +or errors, accuracy, non-infringement of intellectual property rights other than +copyright as stated in Article 6 of this Licence. + +This disclaimer of warranty is an essential part of the Licence and a condition +for the grant of any rights to the Work. + +8. Disclaimer of Liability + +Except in the cases of wilful misconduct or damages directly caused to natural +persons, the Licensor will in no event be liable for any direct or indirect, +material or moral, damages of any kind, arising out of the Licence or of the use +of the Work, including without limitation, damages for loss of goodwill, work +stoppage, computer failure or malfunction, loss of data or any commercial +damage, even if the Licensor has been advised of the possibility of such damage. +However, the Licensor will be liable under statutory product liability laws as +far such laws apply to the Work. + +9. Additional agreements + +While distributing the Work, You may choose to conclude an additional agreement, +defining obligations or services consistent with this Licence. However, if +accepting obligations, You may act only on your own behalf and on your sole +responsibility, not on behalf of the original Licensor or any other Contributor, +and only if You agree to indemnify, defend, and hold each Contributor harmless +for any liability incurred by, or claims asserted against such Contributor by +the fact You have accepted any warranty or additional liability. + +10. Acceptance of the Licence + +The provisions of this Licence can be accepted by clicking on an icon 'I agree' +placed under the bottom of a window displaying the text of this Licence or by +affirming consent in any other similar way, in accordance with the rules of +applicable law. Clicking on that icon indicates your clear and irrevocable +acceptance of this Licence and all of its terms and conditions. + +Similarly, you irrevocably accept this Licence and all of its terms and +conditions by exercising any rights granted to You by Article 2 of this Licence, +such as the use of the Work, the creation by You of a Derivative Work or the +Distribution or Communication by You of the Work or copies thereof. + +11. Information to the public + +In case of any Distribution or Communication of the Work by means of electronic +communication by You (for example, by offering to download the Work from a +remote location) the distribution channel or media (for example, a website) must +at least provide to the public the information requested by the applicable law +regarding the Licensor, the Licence and the way it may be accessible, concluded, +stored and reproduced by the Licensee. + +12. Termination of the Licence + +The Licence and the rights granted hereunder will terminate automatically upon +any breach by the Licensee of the terms of the Licence. + +Such a termination will not terminate the licences of any person who has +received the Work from the Licensee under the Licence, provided such persons +remain in full compliance with the Licence. + +13. Miscellaneous + +Without prejudice of Article 9 above, the Licence represents the complete +agreement between the Parties as to the Work. + +If any provision of the Licence is invalid or unenforceable under applicable +law, this will not affect the validity or enforceability of the Licence as a +whole. Such provision will be construed or reformed so as necessary to make it +valid and enforceable. + +The European Commission may publish other linguistic versions or new versions of +this Licence or updated versions of the Appendix, so far this is required and +reasonable, without reducing the scope of the rights granted by the Licence. New +versions of the Licence will be published with a unique version number. + +All linguistic versions of this Licence, approved by the European Commission, +have identical value. Parties can take advantage of the linguistic version of +their choice. + +14. Jurisdiction + +Without prejudice to specific agreement between parties, + +- any litigation resulting from the interpretation of this License, arising + between the European Union institutions, bodies, offices or agencies, as a + Licensor, and any Licensee, will be subject to the jurisdiction of the Court + of Justice of the European Union, as laid down in article 272 of the Treaty on + the Functioning of the European Union, + +- any litigation arising between other parties and resulting from the + interpretation of this License, will be subject to the exclusive jurisdiction + of the competent court where the Licensor resides or conducts its primary + business. + +15. Applicable Law + +Without prejudice to specific agreement between parties, + +- this Licence shall be governed by the law of the European Union Member State + where the Licensor has his seat, resides or has his registered office, + +- this licence shall be governed by Belgian law if the Licensor has no seat, + residence or registered office inside a European Union Member State. + +Appendix + +'Compatible Licences' according to Article 5 EUPL are: + +- GNU General Public License (GPL) v. 2, v. 3 +- GNU Affero General Public License (AGPL) v. 3 +- Open Software License (OSL) v. 2.1, v. 3.0 +- Eclipse Public License (EPL) v. 1.0 +- CeCILL v. 2.0, v. 2.1 +- Mozilla Public Licence (MPL) v. 2 +- GNU Lesser General Public Licence (LGPL) v. 2.1, v. 3 +- Creative Commons Attribution-ShareAlike v. 3.0 Unported (CC BY-SA 3.0) for + works other than software +- European Union Public Licence (EUPL) v. 1.1, v. 1.2 +- Québec Free and Open-Source Licence — Reciprocity (LiLiQ-R) or Strong + Reciprocity (LiLiQ-R+). + +The European Commission may update this Appendix to later versions of the above +licences without producing a new version of the EUPL, as long as they provide +the rights granted in Article 2 of this Licence and protect the covered Source +Code from exclusive appropriation. + +All other changes or additions to this Appendix require the production of a new +EUPL version. diff --git a/README.md b/README.md new file mode 100644 index 0000000..894cd6a --- /dev/null +++ b/README.md @@ -0,0 +1,47 @@ +# Docker Daemon and CLI for WoodpeckerCI Plugin + +[![dockerd pulls](https://img.shields.io/docker/pulls/kokuwaio/dockerd)](https://hub.docker.com/r/kokuwaio/dockerd) +[![dockerd size](https://img.shields.io/docker/image-size/kokuwaio/dockerd)](https://hub.docker.com/r/kokuwaio/dockerd) +[![cli pulls](https://img.shields.io/docker/pulls/kokuwaio/docker-cli)](https://hub.docker.com/r/kokuwaio/docker-cli) +[![cli size](https://img.shields.io/docker/image-size/kokuwaio/docker-cli)](https://hub.docker.com/r/kokuwaio/docker-cli) +[![dockerfile](https://img.shields.io/badge/source-Dockerfile%20-blue)](https://git.kokuwa.io/woodpecker/docker/src/branch/main/Dockerfile) +[![license](https://img.shields.io/badge/License-EUPL%201.2-blue)](https://git.kokuwa.io/woodpecker/docker/src/branch/main/LICENSE) +[![prs](https://img.shields.io/gitea/pull-requests/open/woodpecker/dockerd?gitea_url=https%3A%2F%2Fgit.kokuwa.io)](https://git.kokuwa.io/woodpecker/docker/pulls) +[![issues](https://img.shields.io/gitea/issues/open/woodpecker/dockerd?gitea_url=https%3A%2F%2Fgit.kokuwa.io)](https://git.kokuwa.io/woodpecker/docker/issues) + +A [Woodpecker I](https://woodpecker-ci.org) prepared docker daemon and cli. +Also usable with Gitlab, Github or locally, see examples for usage. + +## Features + +- dockerd: with and without rootlesskit +- dockerd: configures mirror for dockerd +- cli: with buildkit +- cli: [variants](https://hub.docker.com/r/kokuwaio/docker-cli/tags): + - `git`: with git + - `az`: with Azure CLI + - `az-git`: with Azure CLI and git + +## Example + +```yaml +services: + - name: dockerd + image: kokuwaio/dockerd + ports: [2375, 8080] + +steps: + info: + image: kokuwaio/docker-cli + commands: docker info +``` + +## Settings + +| Environment | Default | Description | +| ------------------------- | ------- | ---------------------------------------------------------------------------------- | +| DOCKERD_PORT | `2375` | Specifies the port to listen on | +| DOCKERD_SHUTDOWN_TIMEOUT | `0` | Set the default shutdown timeout | +| DOCKERD_LOG_LEVEL | `none` | Set the [logging level](https://docs.docker.com/reference/cli/dockerd/#log-format) | +| DOCKERD_REGISTRY_MIRROR | `none` | Specifies a list of registry mirrors. | +| DOCKERD_INSECURE_REGISTRY | `none | Configure [insecure registry](https://docs.docker.com/reference/cli/dockerd/#insecure-registries) | diff --git a/entrypoint-rootless.sh b/entrypoint-rootless.sh new file mode 100755 index 0000000..ae72ebf --- /dev/null +++ b/entrypoint-rootless.sh @@ -0,0 +1,36 @@ +#!/bin/bash +set -e; + +# https://docs.docker.com/reference/cli/dockerd/ + +## +## build command to execute +## + +COMMAND="dockerd --rootless --host=0.0.0.0:${DOCKERD_PORT:-2375} --tls=false --data-root=/home/docker --storage-driver=fuse-overlayfs --shutdown-timeout=${DOCKERD_SHUTDOWN_TIMEOUT:-0} --feature=buildkit=true --feature=containerd-snapshotter=true" +if [[ -n "$DOCKERD_LOG_LEVEL" ]]; then + COMMAND+=" --log-level=$DOCKERD_LOG_LEVEL" +fi +if [[ -n "$DOCKERD_REGISTRY_MIRROR" ]]; then + COMMAND+=" --registry-mirror=$DOCKERD_REGISTRY_MIRROR" + if [[ "$DOCKERD_REGISTRY_MIRROR" =~ ^http:\/\/.*$ ]]; then + COMMAND+=" --insecure-registry=${DOCKERD_REGISTRY_MIRROR//http:\/\//}" + fi +fi +if [[ -n "$DOCKERD_INSECURE_REGISTRY" ]]; then + COMMAND+=" --insecure-registry=$DOCKERD_INSECURE_REGISTRY" +fi + +## +## execute command +## + +export XDG_RUNTIME_DIR=/home/docker/runtime +COMMAND="rootlesskit --publish=0.0.0.0:${DOCKERD_PORT:-2375}:${DOCKERD_PORT:-2375}/tcp --disable-host-loopback --copy-up=/etc --copy-up=/run --net=slirp4netns --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --port-driver=builtin $COMMAND" + +echo +echo Running now: +echo +echo -e " ${COMMAND// --/ \\n --}" +echo +eval "$COMMAND" diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100755 index 0000000..d3901e4 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,33 @@ +#!/bin/bash +set -e; + +# https://docs.docker.com/reference/cli/dockerd/ + +## +## build command to execute +## + +COMMAND="dockerd --host=0.0.0.0:${DOCKERD_PORT:-2375} --tls=false --data-root=/woodpecker/dockerd --feature=buildkit=true --feature=containerd-snapshotter=true --shutdown-timeout=${DOCKERD_SHUTDOWN_TIMEOUT:-0} " +if [[ -n "$DOCKERD_LOG_LEVEL" ]]; then + COMMAND+=" --log-level=$DOCKERD_LOG_LEVEL" +fi +if [[ -n "$DOCKERD_REGISTRY_MIRROR" ]]; then + COMMAND+=" --registry-mirror=$DOCKERD_REGISTRY_MIRROR" + if [[ "$DOCKERD_REGISTRY_MIRROR" =~ ^http:\/\/.*$ ]]; then + COMMAND+=" --insecure-registry=${DOCKERD_REGISTRY_MIRROR//http:\/\//}" + fi +fi +if [[ -n "$DOCKERD_INSECURE_REGISTRY" ]]; then + COMMAND+=" --insecure-registry=$DOCKERD_INSECURE_REGISTRY" +fi + +## +## execute command +## + +echo +echo Running now: +echo +echo -e " ${COMMAND// --/ \\n --}" +echo +eval "$COMMAND" diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..47fe869 --- /dev/null +++ b/renovate.json @@ -0,0 +1,4 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": ["local>infrastructure/renovate-config", ":reviewer(stephan.schnabel)"] +}