Browse Source

Update stage3 targets

Closes: #109

Signed-off-by: Konstantinos Smanis <konstantinos.smanis@gmail.com>
Closes: https://github.com/gentoo/gentoo-docker-images/pull/108
Signed-off-by: Alexys Jacob <ultrabug@gentoo.org>
master
Konstantinos Smanis 2 months ago
committed by Alexys Jacob
parent
commit
7d477af788
No known key found for this signature in database GPG Key ID: 51FF23F1AC97772F
  1. 38
      .github/workflows/build.yml
  2. 94
      README.md
  3. 16
      build.sh
  4. 71
      deploy.sh

38
.github/workflows/build.yml

@ -16,30 +16,34 @@ jobs:
matrix:
target:
- portage
- stage3-amd64
- stage3-amd64-hardened
- stage3-amd64-hardened-nomultilib
- stage3-amd64-hardened-nomultilib-openrc
- stage3-amd64-hardened-openrc
- stage3-amd64-musl
- stage3-amd64-musl-hardened
- stage3-amd64-musl-vanilla
- stage3-amd64-nomultilib
- stage3-amd64-nomultilib-openrc
- stage3-amd64-nomultilib-systemd
- stage3-amd64-openrc
- stage3-amd64-systemd
- stage3-amd64-uclibc-hardened
- stage3-amd64-uclibc-vanilla
- stage3-arm64
- stage3-arm64-systemd
- stage3-armv5tel
- stage3-armv5tel-systemd
- stage3-armv6j
- stage3-armv6j-systemd
- stage3-armv6j_hardfp
- stage3-armv6j_hardfp-systemd
- stage3-armv7a
- stage3-armv7a-systemd
- stage3-armv7a_hardfp
- stage3-ppc64le
- stage3-ppc64le-musl-hardened
- stage3-armv7a_hardfp-systemd
- stage3-arm64
- stage3-arm64-systemd
- stage3-i686-hardened-openrc
- stage3-i686-musl
- stage3-i686-openrc
- stage3-i686-systemd
- stage3-ppc64le-musl-hardened-openrc
- stage3-ppc64le-openrc
- stage3-ppc64le-systemd
- stage3-s390x
- stage3-x86
- stage3-x86-hardened
- stage3-x86-musl-vanilla
- stage3-x86-systemd
- stage3-x86-uclibc-hardened
- stage3-x86-uclibc-vanilla
name: ${{ matrix.target }}
runs-on: ubuntu-latest
env:

94
README.md

@ -18,50 +18,86 @@ The following targets are built and pushed to Docker Hub:
* `portage`
* `stage3`
* `amd64`
* `stage3-amd64`
* `stage3-amd64-hardened`
* `stage3-amd64-hardened-nomultilib`
* `stage3-amd64-hardened-nomultilib-openrc`
* `stage3-amd64-hardened-openrc`
* `stage3-amd64-musl`
* `stage3-amd64-musl-hardened`
* `stage3-amd64-musl-vanilla`
* `stage3-amd64-nomultilib`
* `stage3-amd64-nomultilib-openrc`
* `stage3-amd64-nomultilib-systemd`
* `stage3-amd64-openrc`
* `stage3-amd64-systemd`
* `stage3-amd64-uclibc-hardened`
* `stage3-amd64-uclibc-vanilla`
* `arm64`
* `stage3-arm64`
* `stage3-arm64-systemd`
* `arm`
* `stage3-armv5tel`
* `stage3-armv5tel-systemd`
* `stage3-armv6j`
* `stage3-armv6j-systemd`
* `stage3-armv6j_hardfp`
* `stage3-armv6j_hardfp-systemd`
* `stage3-armv7a`
* `stage3-armv7a-systemd`
* `stage3-armv7a_hardfp`
* `stage3-armv7a_hardfp-systemd`
* `arm64`
* `stage3-arm64`
* `stage3-arm64-systemd`
* `ppc`
* `stage3-ppc64le`
* `stage3-ppc64le-musl-hardened-openrc`
* `stage3-ppc64le-openrc`
* `stage3-ppc64le-systemd`
* `s390`
* `stage3-s390x`
* `x86`
* `stage3-x86`
* `stage3-x86-hardened`
* `stage3-x86-musl-vanilla`
* `stage3-x86-systemd`
* `stage3-x86-uclibc-hardened`
* `stage3-x86-uclibc-vanilla`
The following upstream stage3 targets are not built at all (see [rationale](https://github.com/gentoo/gentoo-docker-images/issues/75#issuecomment-680776939)):
* `stage3-i686-hardened-openrc`
* `stage3-i686-musl`
* `stage3-i686-openrc`
* `stage3-i686-systemd`
The following upstream stage3 targets are not built at all:
* `amd64`
* `stage3-amd64-hardened-selinux`
* `stage3-amd64-hardened-selinux+nomultilib`
* `stage3-x32`
* `stage3-amd64` [[deprecated](#deprecated)]
* `stage3-amd64-hardened` [[deprecated](#deprecated)]
* `stage3-amd64-hardened+nomultilib` [[deprecated](#deprecated)]
* `stage3-amd64-hardened-selinux` [[deprecated](#deprecated), [selinux](#selinux)]
* `stage3-amd64-hardened-selinux+nomultilib` [[deprecated](#deprecated), [selinux](#selinux)]
* `stage3-amd64-hardened-selinux-openrc` [[selinux](#selinux)]
* `stage3-amd64-musl-vanilla` [[deprecated](#deprecated)]
* `stage3-amd64-nomultilib` [[deprecated](#deprecated)]
* `stage3-amd64-nomultilib-selinux-openrc` [[selinux](#selinux)]
* `stage3-amd64-uclibc-hardened` [[deprecated](#deprecated)]
* `stage3-amd64-uclibc-vanilla` [[deprecated](#deprecated)]
* `stage3-x32` [[deprecated](#deprecated), [unsupported](#unsupported)]
* `stage3-x32-openrc` [[unsupported](#unsupported)]
* `arm`
* `stage3-armv4tl`
* `stage3-armv6j`
* `stage3-armv7a`
* `stage3-armv4tl` [[unsupported](#unsupported)]
* `stage3-armv4tl-systemd` [[unsupported](#unsupported)]
* `ppc`
* `stage3-ppc`
* `stage3-ppc64`
* `stage3-power9le-openrc` [[unsupported](#unsupported)]
* `stage3-power9le-systemd` [[unsupported](#unsupported)]
* `stage3-ppc` [[deprecated](#deprecated), [unsupported](#unsupported)]
* `stage3-ppc-openrc` [[unsupported](#unsupported)]
* `stage3-ppc64` [[deprecated](#deprecated), [unsupported](#unsupported)]
* `stage3-ppc64-musl-hardened` [[deprecated](#deprecated), [unsupported](#unsupported)]
* `stage3-ppc64-musl-hardened-openrc` [[unsupported](#unsupported)]
* `stage3-ppc64-openrc` [[unsupported](#unsupported)]
* `stage3-ppc64-systemd` [[unsupported](#unsupported)]
* `stage3-ppc64le` [[deprecated](#deprecated)]
* `stage3-ppc64le-musl-hardened` [[deprecated](#deprecated)]
* `s390`
* `stage3-s390`
* `stage3-s390` [[unsupported](#unsupported)]
* `x86`
* `stage3-i486`
* `stage3-i486` [[deprecated](#deprecated), [unsupported](#unsupported)]
* `stage3-i486-openrc` [[unsupported](#unsupported)]
* `stage3-i686` [[deprecated](#deprecated)]
* `stage3-i686-hardened` [[deprecated](#deprecated)]
* `stage3-i686-musl-vanilla` [[deprecated](#deprecated)]
* `stage3-i686-uclibc-hardened` [[deprecated](#deprecated)]
* `stage3-i686-uclibc-vanilla` [[deprecated](#deprecated)]
<a name="deprecated">[deprecated]</a>: Deprecated stage3 target
<a name="selinux">[selinux]</a>: [SELinux doesn't seem to make sense inside containers](https://serverfault.com/q/757606/)
<a name="unsupported">[unsupported]</a>: [Unsupported Docker architecture](https://github.com/docker-library/official-images#architectures-other-than-amd64)
# Building the containers

16
build.sh

@ -5,7 +5,7 @@
# Example usage: TARGET=stage3-amd64 ./build.sh
if [[ -z "$TARGET" ]]; then
echo "TARGET environment variable must be set e.g. TARGET=stage3-amd64."
echo "TARGET environment variable must be set e.g. TARGET=stage3-amd64-openrc."
exit 1
fi
@ -33,6 +33,11 @@ case $ARCH in
MICROARCH="${ARCH}"
ARCH="arm"
;;
"i686")
DOCKER_ARCH="386"
MICROARCH="${ARCH}"
ARCH="x86"
;;
"ppc64le")
DOCKER_ARCH="${ARCH}"
MICROARCH="${ARCH}"
@ -43,20 +48,11 @@ case $ARCH in
MICROARCH="${ARCH}"
ARCH="s390"
;;
"x86")
DOCKER_ARCH="386"
MICROARCH="i686"
;;
*) # portage
DOCKER_ARCH="amd64"
;;
esac
# Handle targets with special characters in the suffix
if [[ "${TARGET}" == "stage3-amd64-hardened-nomultilib" ]]; then
SUFFIX="hardened+nomultilib"
fi
# Prefix the suffix with a hyphen to make sure the URL works
if [[ -n "${SUFFIX}" ]]; then
SUFFIX="-${SUFFIX}"

71
deploy.sh

@ -1,60 +1,67 @@
#!/bin/bash
if [[ -z "$TARGET" ]]; then
echo "TARGET environment variable must be set e.g. TARGET=stage3-amd64."
echo "TARGET environment variable must be set e.g. TARGET=stage3-amd64-openrc."
exit 1
fi
# Split the TARGET variable into three elements separated by hyphens
IFS=- read -r NAME ARCH SUFFIX <<< "${TARGET}"
VERSION=${VERSION:-$(date -u +%Y%m%d)}
ORG=${ORG:-gentoo}
# Push built images
docker push --all-tags "${ORG}/${NAME}"
if [[ "${TARGET}" != stage* ]]; then
declare -A MANIFEST_TAGS=(
[stage3:latest]="amd64-openrc;armv5tel;armv6j_hardfp;armv7a_hardfp;arm64;i686-openrc;ppc64le-openrc;s390x"
[stage3:hardened]="amd64-hardened-openrc;i686-hardened-openrc"
[stage3:hardened-nomultilib]="amd64-hardened-nomultilib-openrc"
[stage3:musl]="amd64-musl;i686-musl"
[stage3:musl-hardened]="amd64-musl-hardened;ppc64le-musl-hardened-openrc"
[stage3:nomultilib]="amd64-nomultilib-openrc"
[stage3:nomultilib-systemd]="amd64-nomultilib-systemd"
[stage3:systemd]="amd64-systemd;armv5tel-systemd;armv6j_hardfp-systemd;armv7a_hardfp-systemd;arm64-systemd;i686-systemd;ppc64le-systemd"
)
# Find latest manifest
TAG="${ARCH}${SUFFIX:+-${SUFFIX}}"
for MANIFEST in "${!MANIFEST_TAGS[@]}"; do
if [[ "${MANIFEST_TAGS[${MANIFEST}]}" =~ (^|;)"${TAG}"(;|$) ]]; then
IFS=';' read -ra TAGS <<< "${MANIFEST_TAGS[${MANIFEST}]}"
break
fi
done
if [[ -z "${TAGS+x}" ]]; then
echo "Done! No manifests to push for TARGET=${TARGET}."
exit 0
fi
VERSION=${VERSION:-$(date -u +%Y%m%d)}
declare -A MANIFEST_ARCHES=(
[stage3:latest]="amd64;arm64;armv5tel;armv6j_hardfp;armv7a_hardfp;ppc64le;s390x;x86"
[stage3:hardened]="amd64;x86"
[stage3:hardened-nomultilib]="amd64"
[stage3:musl-hardened]="amd64;ppc64le"
[stage3:musl-vanilla]="amd64;x86"
[stage3:nomultilib]="amd64"
[stage3:systemd]="amd64;arm64;x86;ppc64le"
[stage3:uclibc-hardened]="amd64;x86"
[stage3:uclibc-vanilla]="amd64;x86"
)
# Latest manifests
MANIFEST="${NAME}:${SUFFIX:-latest}"
IFS=';' read -ra ARCHES <<< "${MANIFEST_ARCHES[${MANIFEST}]}"
TAGS=()
for ARCH in "${ARCHES[@]}"; do
TAG="${ORG}/${NAME}:${ARCH}${SUFFIX:+-${SUFFIX}}"
if docker manifest inspect "${TAG}" 1>/dev/null 2>&1; then
TAGS+=("${TAG}")
IMAGES=()
for TAG in "${TAGS[@]}"; do
IMAGE="${ORG}/${NAME}:${TAG}"
if docker manifest inspect "${IMAGE}" &>/dev/null; then
IMAGES+=("${IMAGE}")
fi
done
docker manifest create "${ORG}/${MANIFEST}" "${TAGS[@]}"
docker manifest create "${ORG}/${MANIFEST}" "${IMAGES[@]}"
docker manifest push "${ORG}/${MANIFEST}"
# Dated manifests
MANIFEST="${NAME}:${SUFFIX:+${SUFFIX}-}${VERSION}"
MANIFEST="${MANIFEST}-${VERSION}"
MANIFEST="${MANIFEST/:latest-/:}" # Remove "latest" tag prefix
TAGS=()
for ARCH in "${ARCHES[@]}"; do
TAG="${ORG}/${NAME}:${ARCH}${SUFFIX:+-${SUFFIX}}-${VERSION}"
if docker manifest inspect "${TAG}" 1>/dev/null 2>&1; then
TAGS+=("${TAG}")
IMAGES=()
for TAG in "${TAGS[@]}"; do
IMAGE="${ORG}/${NAME}:${TAG}-${VERSION}"
if docker manifest inspect "${IMAGE}" &>/dev/null; then
IMAGES+=("${IMAGE}")
fi
done
docker manifest create "${ORG}/${MANIFEST}" "${TAGS[@]}"
docker manifest create "${ORG}/${MANIFEST}" "${IMAGES[@]}"
docker manifest push "${ORG}/${MANIFEST}"

Loading…
Cancel
Save