ci: add do image build via packer
This commit is contained in:
parent
62a5cfa40e
commit
c42e0f9888
130
.github/workflows/build.yml
vendored
130
.github/workflows/build.yml
vendored
@ -6,7 +6,7 @@ on:
|
|||||||
- main
|
- main
|
||||||
tags:
|
tags:
|
||||||
- 'v*'
|
- 'v*'
|
||||||
|
|
||||||
env:
|
env:
|
||||||
BASE_DEV_VERSION: 2.5.0
|
BASE_DEV_VERSION: 2.5.0
|
||||||
|
|
||||||
@ -20,7 +20,7 @@ jobs:
|
|||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
|
|
||||||
- name: Set Build Variables
|
- name: Set Build Variables
|
||||||
run: |
|
run: |
|
||||||
if [[ "$GITHUB_REF" =~ ^refs/tags/v* ]]; then
|
if [[ "$GITHUB_REF" =~ ^refs/tags/v* ]]; then
|
||||||
@ -32,7 +32,7 @@ jobs:
|
|||||||
echo "REL_VERSION=v$BASE_DEV_VERSION-dev.$GITHUB_RUN_NUMBER" >> $GITHUB_ENV
|
echo "REL_VERSION=v$BASE_DEV_VERSION-dev.$GITHUB_RUN_NUMBER" >> $GITHUB_ENV
|
||||||
echo "REL_VERSION_STRICT=$BASE_DEV_VERSION-dev.$GITHUB_RUN_NUMBER" >> $GITHUB_ENV
|
echo "REL_VERSION_STRICT=$BASE_DEV_VERSION-dev.$GITHUB_RUN_NUMBER" >> $GITHUB_ENV
|
||||||
fi
|
fi
|
||||||
|
|
||||||
- name: Disable DEV Flag + Set Version
|
- name: Disable DEV Flag + Set Version
|
||||||
run: |
|
run: |
|
||||||
sudo apt-get install jq -y
|
sudo apt-get install jq -y
|
||||||
@ -40,20 +40,20 @@ jobs:
|
|||||||
jq --arg vs "$REL_VERSION_STRICT" -r '. + {dev:false, version:$vs}' pkg-temp.json > package.json
|
jq --arg vs "$REL_VERSION_STRICT" -r '. + {dev:false, version:$vs}' pkg-temp.json > package.json
|
||||||
rm pkg-temp.json
|
rm pkg-temp.json
|
||||||
cat package.json
|
cat package.json
|
||||||
|
|
||||||
- name: Login to DockerHub
|
- name: Login to DockerHub
|
||||||
uses: docker/login-action@v1
|
uses: docker/login-action@v1
|
||||||
with:
|
with:
|
||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
|
|
||||||
- name: Login to GitHub Container Registry
|
- name: Login to GitHub Container Registry
|
||||||
uses: docker/login-action@v1
|
uses: docker/login-action@v1
|
||||||
with:
|
with:
|
||||||
registry: ghcr.io
|
registry: ghcr.io
|
||||||
username: ${{ github.repository_owner }}
|
username: ${{ github.repository_owner }}
|
||||||
password: ${{ secrets.GITHUB_TOKEN }}
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
- name: Build and push Docker images
|
- name: Build and push Docker images
|
||||||
uses: docker/build-push-action@v2.9.0
|
uses: docker/build-push-action@v2.9.0
|
||||||
with:
|
with:
|
||||||
@ -65,7 +65,7 @@ jobs:
|
|||||||
requarks/wiki:canary-${{ env.REL_VERSION_STRICT }}
|
requarks/wiki:canary-${{ env.REL_VERSION_STRICT }}
|
||||||
ghcr.io/requarks/wiki:canary
|
ghcr.io/requarks/wiki:canary
|
||||||
ghcr.io/requarks/wiki:canary-${{ env.REL_VERSION_STRICT }}
|
ghcr.io/requarks/wiki:canary-${{ env.REL_VERSION_STRICT }}
|
||||||
|
|
||||||
- name: Extract compiled files
|
- name: Extract compiled files
|
||||||
run: |
|
run: |
|
||||||
mkdir -p _dist
|
mkdir -p _dist
|
||||||
@ -81,12 +81,12 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
name: drop
|
name: drop
|
||||||
path: wiki-js.tar.gz
|
path: wiki-js.tar.gz
|
||||||
|
|
||||||
cypress:
|
cypress:
|
||||||
name: Run Cypress Tests
|
name: Run Cypress Tests
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
needs: [build]
|
needs: [build]
|
||||||
|
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
dbtype: [postgres, mysql, mariadb, mssql, sqlite]
|
dbtype: [postgres, mysql, mariadb, mssql, sqlite]
|
||||||
@ -112,14 +112,14 @@ jobs:
|
|||||||
chmod u+x dev/cypress/ci-setup.sh
|
chmod u+x dev/cypress/ci-setup.sh
|
||||||
dev/cypress/ci-setup.sh
|
dev/cypress/ci-setup.sh
|
||||||
docker run --name cypress --ipc=host --shm-size 1G -v $GITHUB_WORKSPACE:/e2e -w /e2e cypress/included:4.9.0 --record --key "$CYPRESS_KEY" --headless --group "$MATRIXENV" --ci-build-id "$REL_VERSION_STRICT-run$GITHUB_RUN_NUMBER.$GITHUB_RUN_ATTEMPT" --tag "$REL_VERSION_STRICT" --config baseUrl=http://172.17.0.1:3000
|
docker run --name cypress --ipc=host --shm-size 1G -v $GITHUB_WORKSPACE:/e2e -w /e2e cypress/included:4.9.0 --record --key "$CYPRESS_KEY" --headless --group "$MATRIXENV" --ci-build-id "$REL_VERSION_STRICT-run$GITHUB_RUN_NUMBER.$GITHUB_RUN_ATTEMPT" --tag "$REL_VERSION_STRICT" --config baseUrl=http://172.17.0.1:3000
|
||||||
|
|
||||||
arm:
|
arm:
|
||||||
name: ARM Build
|
name: ARM Build
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
needs: [cypress]
|
needs: [cypress]
|
||||||
permissions:
|
permissions:
|
||||||
packages: write
|
packages: write
|
||||||
|
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
include:
|
include:
|
||||||
@ -127,10 +127,10 @@ jobs:
|
|||||||
docker: arm64
|
docker: arm64
|
||||||
- platform: linux/arm/v7
|
- platform: linux/arm/v7
|
||||||
docker: armv7
|
docker: armv7
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
|
|
||||||
- name: Set Version Variables
|
- name: Set Version Variables
|
||||||
run: |
|
run: |
|
||||||
if [[ "$GITHUB_REF" =~ ^refs/tags/v* ]]; then
|
if [[ "$GITHUB_REF" =~ ^refs/tags/v* ]]; then
|
||||||
@ -140,26 +140,26 @@ jobs:
|
|||||||
echo "Using BRANCH mode: v$BASE_DEV_VERSION-dev.$GITHUB_RUN_NUMBER"
|
echo "Using BRANCH mode: v$BASE_DEV_VERSION-dev.$GITHUB_RUN_NUMBER"
|
||||||
echo "REL_VERSION_STRICT=$BASE_DEV_VERSION-dev.$GITHUB_RUN_NUMBER" >> $GITHUB_ENV
|
echo "REL_VERSION_STRICT=$BASE_DEV_VERSION-dev.$GITHUB_RUN_NUMBER" >> $GITHUB_ENV
|
||||||
fi
|
fi
|
||||||
|
|
||||||
- name: Set up QEMU
|
- name: Set up QEMU
|
||||||
uses: docker/setup-qemu-action@v1
|
uses: docker/setup-qemu-action@v1
|
||||||
|
|
||||||
- name: Set up Docker Buildx
|
- name: Set up Docker Buildx
|
||||||
uses: docker/setup-buildx-action@v1
|
uses: docker/setup-buildx-action@v1
|
||||||
|
|
||||||
- name: Login to DockerHub
|
- name: Login to DockerHub
|
||||||
uses: docker/login-action@v1
|
uses: docker/login-action@v1
|
||||||
with:
|
with:
|
||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
|
|
||||||
- name: Login to GitHub Container Registry
|
- name: Login to GitHub Container Registry
|
||||||
uses: docker/login-action@v1
|
uses: docker/login-action@v1
|
||||||
with:
|
with:
|
||||||
registry: ghcr.io
|
registry: ghcr.io
|
||||||
username: ${{ github.repository_owner }}
|
username: ${{ github.repository_owner }}
|
||||||
password: ${{ secrets.GITHUB_TOKEN }}
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
- name: Download a Build Artifact
|
- name: Download a Build Artifact
|
||||||
uses: actions/download-artifact@v2.1.0
|
uses: actions/download-artifact@v2.1.0
|
||||||
with:
|
with:
|
||||||
@ -170,7 +170,7 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
mkdir -p build
|
mkdir -p build
|
||||||
tar -xzf $GITHUB_WORKSPACE/drop/wiki-js.tar.gz -C $GITHUB_WORKSPACE/build --exclude=node_modules
|
tar -xzf $GITHUB_WORKSPACE/drop/wiki-js.tar.gz -C $GITHUB_WORKSPACE/build --exclude=node_modules
|
||||||
|
|
||||||
- name: Build and push Docker images
|
- name: Build and push Docker images
|
||||||
uses: docker/build-push-action@v2.9.0
|
uses: docker/build-push-action@v2.9.0
|
||||||
with:
|
with:
|
||||||
@ -181,12 +181,12 @@ jobs:
|
|||||||
tags: |
|
tags: |
|
||||||
requarks/wiki:canary-${{ matrix.docker }}-${{ env.REL_VERSION_STRICT }}
|
requarks/wiki:canary-${{ matrix.docker }}-${{ env.REL_VERSION_STRICT }}
|
||||||
ghcr.io/requarks/wiki:canary-${{ matrix.docker }}-${{ env.REL_VERSION_STRICT }}
|
ghcr.io/requarks/wiki:canary-${{ matrix.docker }}-${{ env.REL_VERSION_STRICT }}
|
||||||
|
|
||||||
windows:
|
windows:
|
||||||
name: Windows Build
|
name: Windows Build
|
||||||
runs-on: windows-latest
|
runs-on: windows-latest
|
||||||
needs: [cypress]
|
needs: [cypress]
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Setup Node.js environment
|
- name: Setup Node.js environment
|
||||||
uses: actions/setup-node@v2.5.1
|
uses: actions/setup-node@v2.5.1
|
||||||
@ -207,16 +207,16 @@ jobs:
|
|||||||
- name: Install Dependencies
|
- name: Install Dependencies
|
||||||
run: yarn --production --frozen-lockfile --non-interactive
|
run: yarn --production --frozen-lockfile --non-interactive
|
||||||
working-directory: win
|
working-directory: win
|
||||||
|
|
||||||
- name: Create Bundle
|
- name: Create Bundle
|
||||||
run: tar -czf wiki-js-windows.tar.gz -C $env:GITHUB_WORKSPACE\win .
|
run: tar -czf wiki-js-windows.tar.gz -C $env:GITHUB_WORKSPACE\win .
|
||||||
|
|
||||||
- name: Upload a Build Artifact
|
- name: Upload a Build Artifact
|
||||||
uses: actions/upload-artifact@v2.3.1
|
uses: actions/upload-artifact@v2.3.1
|
||||||
with:
|
with:
|
||||||
name: drop-win
|
name: drop-win
|
||||||
path: wiki-js-windows.tar.gz
|
path: wiki-js-windows.tar.gz
|
||||||
|
|
||||||
beta:
|
beta:
|
||||||
name: Publish Beta Images
|
name: Publish Beta Images
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
@ -224,31 +224,26 @@ jobs:
|
|||||||
needs: [build, arm, windows]
|
needs: [build, arm, windows]
|
||||||
permissions:
|
permissions:
|
||||||
packages: write
|
packages: write
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Set Version Variables
|
- name: Set Version Variables
|
||||||
run: |
|
run: |
|
||||||
if [[ "$GITHUB_REF" =~ ^refs/tags/v* ]]; then
|
echo "Using TAG mode: $GITHUB_REF_NAME"
|
||||||
echo "Using TAG mode: $GITHUB_REF_NAME"
|
echo "REL_VERSION_STRICT=${GITHUB_REF_NAME#?}" >> $GITHUB_ENV
|
||||||
echo "REL_VERSION_STRICT=${GITHUB_REF_NAME#?}" >> $GITHUB_ENV
|
|
||||||
else
|
|
||||||
echo "Using BRANCH mode: v$BASE_DEV_VERSION-dev.$GITHUB_RUN_NUMBER"
|
|
||||||
echo "REL_VERSION_STRICT=$BASE_DEV_VERSION-dev.$GITHUB_RUN_NUMBER" >> $GITHUB_ENV
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Login to DockerHub
|
- name: Login to DockerHub
|
||||||
uses: docker/login-action@v1
|
uses: docker/login-action@v1
|
||||||
with:
|
with:
|
||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
|
|
||||||
- name: Login to GitHub Container Registry
|
- name: Login to GitHub Container Registry
|
||||||
uses: docker/login-action@v1
|
uses: docker/login-action@v1
|
||||||
with:
|
with:
|
||||||
registry: ghcr.io
|
registry: ghcr.io
|
||||||
username: ${{ github.repository_owner }}
|
username: ${{ github.repository_owner }}
|
||||||
password: ${{ secrets.GITHUB_TOKEN }}
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
- name: Create and Push Manifests
|
- name: Create and Push Manifests
|
||||||
run: |
|
run: |
|
||||||
echo "Creating the manifests..."
|
echo "Creating the manifests..."
|
||||||
@ -260,7 +255,7 @@ jobs:
|
|||||||
|
|
||||||
docker manifest push -p requarks/wiki:beta-$REL_VERSION_STRICT
|
docker manifest push -p requarks/wiki:beta-$REL_VERSION_STRICT
|
||||||
docker manifest push -p ghcr.io/requarks/wiki:beta-$REL_VERSION_STRICT
|
docker manifest push -p ghcr.io/requarks/wiki:beta-$REL_VERSION_STRICT
|
||||||
|
|
||||||
release:
|
release:
|
||||||
name: Publish Release Images
|
name: Publish Release Images
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
@ -270,31 +265,26 @@ jobs:
|
|||||||
permissions:
|
permissions:
|
||||||
packages: write
|
packages: write
|
||||||
contents: write
|
contents: write
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Set Version Variables
|
- name: Set Version Variables
|
||||||
run: |
|
run: |
|
||||||
if [[ "$GITHUB_REF" =~ ^refs/tags/v* ]]; then
|
echo "Using TAG mode: $GITHUB_REF_NAME"
|
||||||
echo "Using TAG mode: $GITHUB_REF_NAME"
|
echo "REL_VERSION_STRICT=${GITHUB_REF_NAME#?}" >> $GITHUB_ENV
|
||||||
echo "REL_VERSION_STRICT=${GITHUB_REF_NAME#?}" >> $GITHUB_ENV
|
|
||||||
else
|
|
||||||
echo "Using BRANCH mode: v$BASE_DEV_VERSION-dev.$GITHUB_RUN_NUMBER"
|
|
||||||
echo "REL_VERSION_STRICT=$BASE_DEV_VERSION-dev.$GITHUB_RUN_NUMBER" >> $GITHUB_ENV
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Login to DockerHub
|
- name: Login to DockerHub
|
||||||
uses: docker/login-action@v1
|
uses: docker/login-action@v1
|
||||||
with:
|
with:
|
||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
|
|
||||||
- name: Login to GitHub Container Registry
|
- name: Login to GitHub Container Registry
|
||||||
uses: docker/login-action@v1
|
uses: docker/login-action@v1
|
||||||
with:
|
with:
|
||||||
registry: ghcr.io
|
registry: ghcr.io
|
||||||
username: ${{ github.repository_owner }}
|
username: ${{ github.repository_owner }}
|
||||||
password: ${{ secrets.GITHUB_TOKEN }}
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
- name: Create and Push Manifests
|
- name: Create and Push Manifests
|
||||||
run: |
|
run: |
|
||||||
echo "Fetching semver tool..."
|
echo "Fetching semver tool..."
|
||||||
@ -327,19 +317,19 @@ jobs:
|
|||||||
docker manifest push -p ghcr.io/requarks/wiki:$MAJOR
|
docker manifest push -p ghcr.io/requarks/wiki:$MAJOR
|
||||||
docker manifest push -p ghcr.io/requarks/wiki:$MAJORMINOR
|
docker manifest push -p ghcr.io/requarks/wiki:$MAJORMINOR
|
||||||
docker manifest push -p ghcr.io/requarks/wiki:latest
|
docker manifest push -p ghcr.io/requarks/wiki:latest
|
||||||
|
|
||||||
- name: Download Linux Build
|
- name: Download Linux Build
|
||||||
uses: actions/download-artifact@v2.1.0
|
uses: actions/download-artifact@v2.1.0
|
||||||
with:
|
with:
|
||||||
name: drop
|
name: drop
|
||||||
path: drop
|
path: drop
|
||||||
|
|
||||||
- name: Download Windows Build
|
- name: Download Windows Build
|
||||||
uses: actions/download-artifact@v2.1.0
|
uses: actions/download-artifact@v2.1.0
|
||||||
with:
|
with:
|
||||||
name: drop-win
|
name: drop-win
|
||||||
path: drop-win
|
path: drop-win
|
||||||
|
|
||||||
- name: Generate Changelog
|
- name: Generate Changelog
|
||||||
id: changelog
|
id: changelog
|
||||||
uses: Requarks/changelog-action@v1
|
uses: Requarks/changelog-action@v1
|
||||||
@ -357,4 +347,30 @@ jobs:
|
|||||||
body: ${{ steps.changelog.outputs.changes }}
|
body: ${{ steps.changelog.outputs.changes }}
|
||||||
token: ${{ github.token }}
|
token: ${{ github.token }}
|
||||||
artifacts: 'drop/wiki-js.tar.gz,drop-win/wiki-js-windows.tar.gz'
|
artifacts: 'drop/wiki-js.tar.gz,drop-win/wiki-js-windows.tar.gz'
|
||||||
|
|
||||||
|
build-do-image:
|
||||||
|
name: Build DigitalOcean Image
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
needs: [release]
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v2
|
||||||
|
|
||||||
|
- name: Set Version Variables
|
||||||
|
run: |
|
||||||
|
echo "Using TAG mode: $GITHUB_REF_NAME"
|
||||||
|
echo "REL_VERSION_STRICT=${GITHUB_REF_NAME#?}" >> $GITHUB_ENV
|
||||||
|
|
||||||
|
- name: Install Packer
|
||||||
|
run: |
|
||||||
|
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
|
||||||
|
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
|
||||||
|
sudo apt-get update && sudo apt-get install packer
|
||||||
|
|
||||||
|
- name: Build Droplet Image
|
||||||
|
env:
|
||||||
|
DIGITALOCEAN_API_TOKEN: ${{ secrets.DO_TOKEN }}
|
||||||
|
WIKI_APP_VERSION: ${{ env.REL_VERSION_STRICT }}
|
||||||
|
working-directory: dev/packer
|
||||||
|
run: |
|
||||||
|
packer build digitalocean.json
|
||||||
|
31
.github/workflows/packer.yml
vendored
Normal file
31
.github/workflows/packer.yml
vendored
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
name: Build DigitalOcean Image
|
||||||
|
|
||||||
|
on:
|
||||||
|
workflow_dispatch:
|
||||||
|
inputs:
|
||||||
|
version:
|
||||||
|
description: 'App Version'
|
||||||
|
required: true
|
||||||
|
type: string
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build-do-image:
|
||||||
|
name: Build DigitalOcean Image
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v2
|
||||||
|
|
||||||
|
- name: Install Packer
|
||||||
|
run: |
|
||||||
|
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
|
||||||
|
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
|
||||||
|
sudo apt-get update && sudo apt-get install packer
|
||||||
|
|
||||||
|
- name: Build Droplet Image
|
||||||
|
env:
|
||||||
|
DIGITALOCEAN_API_TOKEN: ${{ secrets.DO_TOKEN }}
|
||||||
|
WIKI_APP_VERSION: ${{ github.event.inputs.version }}
|
||||||
|
working-directory: dev/packer
|
||||||
|
run: |
|
||||||
|
packer build digitalocean.json
|
78
dev/packer/digitalocean.json
Normal file
78
dev/packer/digitalocean.json
Normal file
@ -0,0 +1,78 @@
|
|||||||
|
{
|
||||||
|
"variables": {
|
||||||
|
"do_api_token": "{{env `DIGITALOCEAN_API_TOKEN`}}",
|
||||||
|
"image_name": "wikijs-snapshot-{{timestamp}}",
|
||||||
|
"apt_packages": "apt-transport-https ca-certificates curl jq linux-image-extra-virtual software-properties-common gnupg-agent openssl ",
|
||||||
|
"application_name": "Wiki.js",
|
||||||
|
"application_version": "{{env `WIKI_APP_VERSION`}}",
|
||||||
|
"docker_compose_version": "1.29.2"
|
||||||
|
},
|
||||||
|
"sensitive-variables": [
|
||||||
|
"do_api_token"
|
||||||
|
],
|
||||||
|
"builders": [
|
||||||
|
{
|
||||||
|
"type": "digitalocean",
|
||||||
|
"api_token": "{{user `do_api_token`}}",
|
||||||
|
"image": "ubuntu-20-04-x64",
|
||||||
|
"region": "tor1",
|
||||||
|
"size": "s-1vcpu-1gb",
|
||||||
|
"ssh_username": "root",
|
||||||
|
"snapshot_name": "{{user `image_name`}}"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"provisioners": [
|
||||||
|
{
|
||||||
|
"type": "shell",
|
||||||
|
"inline": [
|
||||||
|
"cloud-init status --wait"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "file",
|
||||||
|
"source": "scripts/001-onboot.sh",
|
||||||
|
"destination": "/var/lib/cloud/scripts/per-instance/001-onboot.sh"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "file",
|
||||||
|
"source": "scripts/099-one-click",
|
||||||
|
"destination": "/etc/update-motd.d/099-one-click"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "shell",
|
||||||
|
"environment_vars": [
|
||||||
|
"DEBIAN_FRONTEND=noninteractive",
|
||||||
|
"LC_ALL=C",
|
||||||
|
"LANG=en_US.UTF-8",
|
||||||
|
"LC_CTYPE=en_US.UTF-8"
|
||||||
|
],
|
||||||
|
"inline": [
|
||||||
|
"apt -qqy update",
|
||||||
|
"apt -qqy -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' full-upgrade",
|
||||||
|
"apt -qqy -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' install {{user `apt_packages`}}",
|
||||||
|
"apt-get -qqy clean"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "shell",
|
||||||
|
"environment_vars": [
|
||||||
|
"application_name={{user `application_name`}}",
|
||||||
|
"application_version={{user `application_version`}}",
|
||||||
|
"docker_compose_version={{user `docker_compose_version`}}",
|
||||||
|
"DEBIAN_FRONTEND=noninteractive",
|
||||||
|
"LC_ALL=C",
|
||||||
|
"LANG=en_US.UTF-8",
|
||||||
|
"LC_CTYPE=en_US.UTF-8"
|
||||||
|
],
|
||||||
|
"scripts": [
|
||||||
|
"common/scripts/010-docker.sh",
|
||||||
|
"common/scripts/011-docker-compose.sh",
|
||||||
|
"common/scripts/012-grub-opts.sh",
|
||||||
|
"common/scripts/013-docker-dns.sh",
|
||||||
|
"common/scripts/014-ufw-docker.sh",
|
||||||
|
"common/scripts/020-application-tag.sh",
|
||||||
|
"common/scripts/900-cleanup.sh"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
15
dev/packer/scripts/001-onboot.sh
Normal file
15
dev/packer/scripts/001-onboot.sh
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Scripts in this directory will be executed by cloud-init on the first boot of droplets
|
||||||
|
# created from your image. Things ike generating passwords, configuration requiring IP address
|
||||||
|
# or other items that will be unique to each instance should be done in scripts here.
|
||||||
|
|
||||||
|
openssl rand -base64 32 > /etc/wiki/.db-secret
|
||||||
|
|
||||||
|
if [[ -z $DATABASE_URL ]]; then
|
||||||
|
docker start db
|
||||||
|
fi
|
||||||
|
docker start wiki
|
||||||
|
docker start wiki-update-companion
|
||||||
|
# docker start nginx-proxy
|
||||||
|
# docker start watchtower
|
19
dev/packer/scripts/010-docker.sh
Normal file
19
dev/packer/scripts/010-docker.sh
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
|
||||||
|
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
|
||||||
|
apt -qqy update
|
||||||
|
apt -qqy -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' install docker-ce docker-ce-cli containerd.io
|
||||||
|
|
||||||
|
systemctl enable docker
|
||||||
|
systemctl start docker
|
||||||
|
|
||||||
|
mkdir -p /etc/wiki
|
||||||
|
|
||||||
|
docker network create wikinet
|
||||||
|
docker volume create pgdata
|
||||||
|
docker create --name=db -e POSTGRES_DB=wiki -e POSTGRES_USER=wiki -e POSTGRES_PASSWORD_FILE=/etc/wiki/.db-secret -v /etc/wiki/.db-secret:/etc/wiki/.db-secret:ro -v pgdata:/var/lib/postgresql/data --restart=unless-stopped -h db --network=wikinet postgres:11
|
||||||
|
docker create --name=wiki -e DB_TYPE=postgres -e DB_HOST=db -e DB_PORT=5432 -e DB_PASS_FILE=/etc/wiki/.db-secret -v /etc/wiki/.db-secret:/etc/wiki/.db-secret:ro -e DB_USER=wiki -e DB_NAME=wiki -e UPGRADE_COMPANION=1 --restart=unless-stopped -h wiki --network=wikinet -p 80:3000 -p 443:3443 ghcr.io/requarks/wiki:2
|
||||||
|
docker create --name=wiki-update-companion -v /var/run/docker.sock:/var/run/docker.sock:ro --restart=unless-stopped -h wiki-update-companion --network=wikinet requarks/wiki-update-companion:latest
|
||||||
|
# docker create --name=nginx-proxy -p 80:80 -p 443:443 -e DEFAULT_HOST=wiki.local --network=wikinet -v /var/run/docker.sock:/tmp/docker.sock:ro --restart=unless-stopped jwilder/nginx-proxy
|
||||||
|
# docker create --name=watchtower --network=wikinet -v /var/run/docker.sock:/var/run/docker.sock --restart=unless-stopped containrrr/watchtower --cleanup --schedule="0 2 * * 6" wiki
|
4
dev/packer/scripts/011-docker-compose.sh
Normal file
4
dev/packer/scripts/011-docker-compose.sh
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
sudo curl -L "https://github.com/docker/compose/releases/download/${docker_compose_version}/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose;
|
||||||
|
chmod +x /usr/local/bin/docker-compose;
|
6
dev/packer/scripts/012-grub-opts.sh
Normal file
6
dev/packer/scripts/012-grub-opts.sh
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
sed -e 's|GRUB_CMDLINE_LINUX="|GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1|g' \
|
||||||
|
-i /etc/default/grub
|
||||||
|
|
||||||
|
update-grub
|
4
dev/packer/scripts/013-docker-dns.sh
Normal file
4
dev/packer/scripts/013-docker-dns.sh
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
sed -e 's|#DOCKER_OPTS|DOCKER_OPTS|g' \
|
||||||
|
-i /etc/default/docker
|
9
dev/packer/scripts/014-ufw-docker.sh
Normal file
9
dev/packer/scripts/014-ufw-docker.sh
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
sudo ufw allow ssh
|
||||||
|
sudo ufw allow http
|
||||||
|
sudo ufw allow https
|
||||||
|
|
||||||
|
sudo ufw --force enable
|
||||||
|
|
||||||
|
cat /dev/null > /var/log/ufw.log
|
25
dev/packer/scripts/020-application-tag.sh
Normal file
25
dev/packer/scripts/020-application-tag.sh
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
################################
|
||||||
|
## PART: Write the application tag
|
||||||
|
##
|
||||||
|
## vi: syntax=sh expandtab ts=4
|
||||||
|
|
||||||
|
build_date=$(date +%Y-%m-%d)
|
||||||
|
distro="$(lsb_release -s -i)"
|
||||||
|
distro_release="$(lsb_release -s -r)"
|
||||||
|
distro_codename="$(lsb_release -s -c)"
|
||||||
|
distro_arch="$(uname -m)"
|
||||||
|
|
||||||
|
mkdip -p /var/lib/digitalocean
|
||||||
|
touch /var/lib/digitalocean/application.info
|
||||||
|
|
||||||
|
cat >> /var/lib/digitalocean/application.info <<EOM
|
||||||
|
application_name="${application_name}"
|
||||||
|
build_date="${build_date}"
|
||||||
|
distro="${distro}"
|
||||||
|
distro_release="${distro_release}"
|
||||||
|
distro_codename="${distro_codename}"
|
||||||
|
distro_arch="${distro_arch}"
|
||||||
|
application_version="${application_version}"
|
||||||
|
EOM
|
21
dev/packer/scripts/099-one-click
Normal file
21
dev/packer/scripts/099-one-click
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# Configured as part of the DigitalOcean 1-Click Image build process
|
||||||
|
|
||||||
|
myip=$(hostname -I | awk '{print$1}')
|
||||||
|
cat <<EOF
|
||||||
|
********************************************************************************
|
||||||
|
Welcome to DigitalOcean's 1-Click Docker Droplet.
|
||||||
|
To keep this Droplet secure, the UFW firewall is enabled.
|
||||||
|
All ports are BLOCKED except 22 (SSH), 80 (Docker) and 443 (Docker).
|
||||||
|
* The Docker 1-Click Quickstart guide is available at:
|
||||||
|
https://docs.requarks.io/install/digitalocean
|
||||||
|
* You can SSH to this Droplet in a terminal as root: ssh root@$myip
|
||||||
|
* Docker is installed and configured per Docker's recommendations:
|
||||||
|
https://docs.docker.com/install/linux/docker-ce/ubuntu/
|
||||||
|
* Docker Compose is installed and configured per Docker's recommendations:
|
||||||
|
https://docs.docker.com/compose/install/#install-compose
|
||||||
|
For more information, visit https://docs.requarks.io/install/digitalocean
|
||||||
|
********************************************************************************
|
||||||
|
To delete this message of the day: rm -rf $(readlink -f ${0})
|
||||||
|
EOF
|
44
dev/packer/scripts/900-cleanup.sh
Normal file
44
dev/packer/scripts/900-cleanup.sh
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Ensure /tmp exists and has the proper permissions before
|
||||||
|
# checking for security updates
|
||||||
|
# https://github.com/digitalocean/marketplace-partners/issues/94
|
||||||
|
if [[ ! -d /tmp ]]; then
|
||||||
|
mkdir /tmp
|
||||||
|
fi
|
||||||
|
chmod 1777 /tmp
|
||||||
|
|
||||||
|
apt-get -y update
|
||||||
|
apt-get -y upgrade
|
||||||
|
rm -rf /tmp/* /var/tmp/*
|
||||||
|
history -c
|
||||||
|
cat /dev/null > /root/.bash_history
|
||||||
|
unset HISTFILE
|
||||||
|
apt-get -y autoremove
|
||||||
|
apt-get -y autoclean
|
||||||
|
find /var/log -mtime -1 -type f -exec truncate -s 0 {} \;
|
||||||
|
rm -rf /var/log/*.gz /var/log/*.[0-9] /var/log/*-????????
|
||||||
|
rm -rf /var/lib/cloud/instances/*
|
||||||
|
rm -f /root/.ssh/authorized_keys /etc/ssh/*key*
|
||||||
|
touch /etc/ssh/revoked_keys
|
||||||
|
chmod 600 /etc/ssh/revoked_keys
|
||||||
|
|
||||||
|
# Securely erase the unused portion of the filesystem
|
||||||
|
GREEN='\033[0;32m'
|
||||||
|
NC='\033[0m'
|
||||||
|
printf "\n${GREEN}Writing zeros to the remaining disk space to securely
|
||||||
|
erase the unused portion of the file system.
|
||||||
|
Depending on your disk size this may take several minutes.
|
||||||
|
The secure erase will complete successfully when you see:${NC}
|
||||||
|
dd: writing to '/zerofile': No space left on device\n
|
||||||
|
Beginning secure erase now\n"
|
||||||
|
|
||||||
|
dd if=/dev/zero of=/zerofile &
|
||||||
|
PID=$!
|
||||||
|
while [ -d /proc/$PID ]
|
||||||
|
do
|
||||||
|
printf "."
|
||||||
|
sleep 5
|
||||||
|
done
|
||||||
|
sync; rm /zerofile; sync
|
||||||
|
cat /dev/null > /var/log/lastlog; cat /dev/null > /var/log/wtmp
|
Loading…
Reference in New Issue
Block a user