Skip to content

Commit f8d1fb2

Browse files
authored
Merge pull request #2 from balinorLiang/CICD_updating
CI/CD init & chmod 777 all shell scripts
2 parents 186076a + 85b0edf commit f8d1fb2

13 files changed

+843
-5
lines changed

.github/workflows/ci.yml

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
name: GitHub CI
2+
3+
on:
4+
pull_request:
5+
push:
6+
schedule:
7+
- cron: 0 0 * * 0
8+
workflow_dispatch:
9+
10+
defaults:
11+
run:
12+
shell: 'bash -Eeuo pipefail -x {0}'
13+
14+
jobs:
15+
16+
generate-jobs:
17+
name: Generate Jobs
18+
runs-on: ubuntu-latest
19+
outputs:
20+
strategy: ${{ steps.generate-jobs.outputs.strategy }}
21+
steps:
22+
- uses: actions/checkout@v3
23+
- uses: docker-library/bashbrew@HEAD
24+
- id: generate-jobs
25+
name: Generate Jobs
26+
run: |
27+
strategy="$("$BASHBREW_SCRIPTS/github-actions/generate.sh")"
28+
strategy="$(.github/workflows/munge.sh -c <<<"$strategy")"
29+
echo "strategy=$strategy" >> "$GITHUB_OUTPUT"
30+
jq . <<<"$strategy" # sanity check / debugging aid
31+
32+
test:
33+
needs: generate-jobs
34+
strategy: ${{ fromJson(needs.generate-jobs.outputs.strategy) }}
35+
name: ${{ matrix.name }}
36+
runs-on: ${{ matrix.os }}
37+
steps:
38+
- uses: actions/checkout@v3
39+
- name: Prepare Environment
40+
run: ${{ matrix.runs.prepare }}
41+
- name: Pull Dependencies
42+
run: ${{ matrix.runs.pull }}
43+
- name: Build ${{ matrix.name }}
44+
run: ${{ matrix.runs.build }}
45+
- name: History ${{ matrix.name }}
46+
run: ${{ matrix.runs.history }}
47+
- name: Test ${{ matrix.name }}
48+
run: ${{ matrix.runs.test }}
49+
- name: '"docker images"'
50+
run: ${{ matrix.runs.images }}

.github/workflows/munge.sh

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
#!/usr/bin/env bash
2+
set -Eeuo pipefail
3+
4+
# copy all the Debian build jobs into "force deb build" jobs which build like architectures upstream doesn't publish for will
5+
jq \
6+
--arg prefix '[ "$(dpkg --print-architecture)" = "amd64" ]' \
7+
--arg dfMunge 'grep -qE "amd64 [|] " "$df"; sed -ri -e "s/amd64 [|] //g" "$df"; ! grep -qE "amd64 [|] " "$df"' \
8+
'
9+
.matrix.include += [
10+
.matrix.include[]
11+
| select(.name | test(" (.+)") | not) # ignore any existing munged builds
12+
| select(.meta.froms[] | test("^debian:|^ubuntu:"))
13+
| .name += " (force deb build)"
14+
| .runs.build = (
15+
[
16+
"# force us to build debs instead of downloading them",
17+
$prefix,
18+
("for df in " + ([ .meta.dockerfiles[] | @sh ] | join(" ")) + "; do " + $dfMunge + "; done"),
19+
.runs.build
20+
] | join ("\n")
21+
)
22+
]
23+
' "$@"
Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
name: Verify Templating
2+
3+
on:
4+
pull_request:
5+
push:
6+
workflow_dispatch:
7+
8+
defaults:
9+
run:
10+
shell: 'bash -Eeuo pipefail -x {0}'
11+
12+
jobs:
13+
apply-templates:
14+
name: Check For Uncomitted Changes
15+
runs-on: ubuntu-latest
16+
steps:
17+
- uses: actions/checkout@v3
18+
- name: Apply Templates
19+
run: ./apply-templates.sh
20+
- name: Check Git Status
21+
run: |
22+
status="$(git status --short)"
23+
[ -z "$status" ]

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
.jq-template.awk

3/ubi-8/DockerFile renamed to 3/ubi8/Dockerfile

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,14 @@
1+
#
2+
# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
3+
#
4+
# PLEASE DO NOT EDIT IT DIRECTLY.
5+
#
6+
17
FROM redhat/ubi8:latest as builder
28

9+
# explicitly set user/group IDs
310
RUN groupadd -g 1000 ivorysql; \
4-
useradd -u 1000 -g ivorysql -d /var/local/ivorysql -s /bin/sh ivorysql; \
11+
useradd -u 1000 -g ivorysql -d /var/local/ivorysql -s /bin/sh ivorysql; \
512
mkdir -p /var/local/ivorysql; \
613
mkdir -p /usr/src/ivorysql; \
714
mkdir -p /var/lib/ivorysql; \
@@ -89,7 +96,7 @@ RUN chown -R ivorysql:ivorysql /usr/local/bin
8996
ENV PGDATA /var/local/ivorysql/ivorysql-$IVORY_MAJOR/data
9097
# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values)
9198
RUN mkdir -p "$PGDATA" && chown -R ivorysql:ivorysql "$PGDATA" && chmod 1777 "$PGDATA"
92-
RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql
99+
RUN mkdir -p /var/run/postgresql && chown -R ivorysql:ivorysql /var/run/postgresql && chmod 3777 /var/run/postgresql
93100

94101
VOLUME /var/lib/ivorysql/data
95102

@@ -104,4 +111,4 @@ STOPSIGNAL SIGINT
104111

105112
EXPOSE 5432 5866
106113

107-
CMD ["postgres"]
114+
CMD ["postgres"]
File renamed without changes.

3/ubi-8/docker-entrypoint.sh renamed to 3/ubi8/docker-entrypoint.sh

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -90,7 +90,7 @@ docker_init_database_dir() {
9090

9191
# --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025
9292
eval 'initdb --username="$IVORYSQL_USER" --pwfile=<(printf "%s\n" "$IVORYSQL_PASSWORD") '"$IVORYSQL_INITDB_ARGS"' "$@"'
93-
93+
sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" $PGDATA/postgresql.conf
9494
# unset/cleanup "nss_wrapper" bits
9595
if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then
9696
rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
@@ -347,7 +347,7 @@ _main() {
347347
EOM
348348
fi
349349
fi
350-
sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" $PGDATA/postgresql.conf
350+
351351
exec "$@"
352352
}
353353

Dockerfile-redhat.template

Lines changed: 108 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,108 @@
1+
FROM redhat/{{ env.variant }}:latest as builder
2+
3+
# explicitly set user/group IDs
4+
RUN groupadd -g 1000 ivorysql; \
5+
useradd -u 1000 -g ivorysql -d /var/local/ivorysql -s /bin/sh ivorysql; \
6+
mkdir -p /var/local/ivorysql; \
7+
mkdir -p /usr/src/ivorysql; \
8+
mkdir -p /var/lib/ivorysql; \
9+
chown -R ivorysql:ivorysql /var/local/ivorysql; \
10+
chown -R ivorysql:ivorysql /usr/src/ivorysql; \
11+
chown -R ivorysql:ivorysql /var/lib/ivorysql
12+
13+
RUN mkdir /docker-entrypoint-initdb.d
14+
15+
ENV IVORY_MAJOR {{ env.version }}
16+
ENV IVORY_VERSION {{ .[env.variant].version }}
17+
18+
RUN curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-8.repo; \
19+
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
20+
21+
RUN mkdir -p /usr/src/ivorysql; \
22+
dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm; \
23+
dnf install -y epel-release;\
24+
dnf install -y \
25+
make \
26+
readline-devel \
27+
zlib-devel \
28+
openssl-devel \
29+
flex \
30+
wget \
31+
dpkg; \
32+
dnf groupinstall -y "Development Tools";\
33+
dnf install -y \
34+
llvm-toolset llvm-devel lz4 lz4-devel lz4-libs clang-devel \
35+
krb5-devel libselinux-devel libxml2-devel cyrus-sasl-gssapi \
36+
libicu-devel e2fsprogs-devel selinux-policy systemd-devel \
37+
libxslt-devel openldap-devel openssl-devel pam-devel \
38+
libuuid-devel python3-devel readline-devel tcl-devel zlib-devel \
39+
perl perl-devel perl-ExtUtils-Embed;\
40+
dnf install -y --enablerepo=*ower*ools perl-IPC-Run perl-Time-HiRes perl-Test-Simple uuid-devel;\
41+
wget -O ivorysql.tar.gz "https://github.com/IvorySQL/IvorySQL/archive/refs/tags/IvorySQL_$IVORY_VERSION.tar.gz"; \
42+
tar \
43+
--extract \
44+
--file ivorysql.tar.gz \
45+
--directory /usr/src/ivorysql \
46+
--strip-components 1 \
47+
; \
48+
rm ivorysql.tar.gz; \
49+
cd /usr/src/ivorysql; \
50+
wget http://mirror.centos.org/centos/7/os/x86_64/Packages/bison-devel-3.0.4-2.el7.x86_64.rpm; \
51+
dnf install -y bison-devel-3.0.4-2.el7.x86_64.rpm; \
52+
wget https://www.rpmfind.net/linux/centos/8-stream/AppStream/x86_64/os/Packages/bison-3.0.4-10.el8.x86_64.rpm; \
53+
dnf install -y bison-3.0.4-10.el8.x86_64.rpm; \
54+
./configure \
55+
--prefix=/var/local/ivorysql/ivorysql-$IVORY_MAJOR \
56+
--enable-cassert --enable-debug --enable-rpath --with-tcl \
57+
--with-python --with-gssapi --with-pam --with-ldap \
58+
--with-openssl --with-libedit-preferred --with-uuid=e2fs \
59+
--with-ossp-uuid --with-libxml --with-libxslt --with-perl \
60+
--with-icu \
61+
; \
62+
make && make install; \
63+
rm -rf \
64+
/usr/src/ivorysql \
65+
/usr/local/share/doc \
66+
/usr/local/share/man
67+
68+
RUN chown -R ivorysql:ivorysql /var/local/ivorysql/ivorysql-$IVORY_MAJOR
69+
RUN curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/1.11/gosu-amd64"
70+
RUN chmod +x /usr/local/bin/gosu
71+
72+
FROM redhat/{{ env.variant }}:latest
73+
74+
COPY --from=builder /var/local/ivorysql /var/local/ivorysql/
75+
COPY --from=builder /usr/local/bin/gosu /usr/local/bin/gosu
76+
77+
ENV IVORY_MAJOR {{ env.version}}
78+
ENV IVORY_VERSION {{ .[env.variant].version }}
79+
80+
RUN mkdir /docker-entrypoint-initdb.d
81+
82+
RUN useradd -u 1000 ivorysql
83+
84+
RUN dnf install -y \
85+
lz4 lz4-devel lz4-libs krb5-devel libxslt-devel libicu-devel && dnf -y clean all
86+
87+
RUN chown -R ivorysql:ivorysql /var/local/ivorysql
88+
RUN chown -R ivorysql:ivorysql /usr/local/bin
89+
90+
ENV PGDATA /var/local/ivorysql/ivorysql-$IVORY_MAJOR/data
91+
# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values)
92+
RUN mkdir -p "$PGDATA" && chown -R ivorysql:ivorysql "$PGDATA" && chmod 1777 "$PGDATA"
93+
RUN mkdir -p /var/run/postgresql && chown -R ivorysql:ivorysql /var/run/postgresql && chmod 3777 /var/run/postgresql
94+
95+
VOLUME /var/lib/ivorysql/data
96+
97+
ENV PATH $PATH:/var/local/ivorysql/ivorysql-$IVORY_MAJOR/bin
98+
99+
COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/
100+
RUN ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh
101+
102+
ENTRYPOINT ["docker-entrypoint.sh"]
103+
104+
STOPSIGNAL SIGINT
105+
106+
EXPOSE 5432 5866
107+
108+
CMD ["postgres"]

apply-templates.sh

Lines changed: 63 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,63 @@
1+
#!/usr/bin/env bash
2+
set -Eeuo pipefail
3+
4+
[ -f versions.json ] # run "versions.sh" first
5+
6+
cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
7+
8+
jqt='.jq-template.awk'
9+
if [ -n "${BASHBREW_SCRIPTS:-}" ]; then
10+
jqt="$BASHBREW_SCRIPTS/jq-template.awk"
11+
elif [ "$BASH_SOURCE" -nt "$jqt" ]; then
12+
# https://github.com/docker-library/bashbrew/blob/master/scripts/jq-template.awk
13+
wget -qO "$jqt" 'https://github.com/docker-library/bashbrew/raw/9f6a35772ac863a0241f147c820354e4008edf38/scripts/jq-template.awk'
14+
fi
15+
16+
if [ "$#" -eq 0 ]; then
17+
versions="$(jq -r 'keys | map(@sh) | join(" ")' versions.json)"
18+
eval "set -- $versions"
19+
fi
20+
21+
generated_warning() {
22+
cat <<-EOH
23+
#
24+
# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
25+
#
26+
# PLEASE DO NOT EDIT IT DIRECTLY.
27+
#
28+
29+
EOH
30+
}
31+
32+
for version; do
33+
export version
34+
35+
major="$(jq -r '.[env.version].major' versions.json)"
36+
37+
variants="$(jq -r '.[env.version].variants | map(@sh) | join(" ")' versions.json)"
38+
eval "variants=( $variants )"
39+
40+
rm -rf "$version"
41+
42+
for variant in "${variants[@]}"; do
43+
export variant
44+
45+
dir="$version/$variant"
46+
mkdir -p "$dir"
47+
48+
echo "processing $dir ..."
49+
50+
cp -a docker-entrypoint.sh docker-ensure-initdb.sh "$dir/"
51+
52+
case "$variant" in
53+
*)
54+
template='Dockerfile-redhat.template'
55+
;;
56+
esac
57+
58+
{
59+
generated_warning
60+
gawk -f "$jqt" "$template"
61+
} > "$dir/Dockerfile"
62+
done
63+
done

docker-ensure-initdb.sh

Lines changed: 71 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,71 @@
1+
#!/usr/bin/env bash
2+
set -Eeuo pipefail
3+
4+
#
5+
# This script is intended for three main use cases:
6+
#
7+
# 1. (most importantly) as an example of how to use "docker-entrypoint.sh" to extend/reuse the initialization behavior
8+
#
9+
# 2. ("docker-ensure-initdb.sh") as a Kubernetes "init container" to ensure the provided database directory is initialized; see also "startup probes" for an alternative solution
10+
# (no-op if database is already initialized)
11+
#
12+
# 3. ("docker-enforce-initdb.sh") as part of CI to ensure the database is fully initialized before use
13+
# (error if database is already initialized)
14+
#
15+
16+
source /usr/local/bin/docker-entrypoint.sh
17+
18+
# arguments to this script are assumed to be arguments to the "postgres" server (same as "docker-entrypoint.sh"), and most "docker-entrypoint.sh" functions assume "postgres" is the first argument (see "_main" over there)
19+
if [ "$#" -eq 0 ] || [ "$1" != 'postgres' ]; then
20+
set -- postgres "$@"
21+
fi
22+
23+
# see also "_main" in "docker-entrypoint.sh"
24+
25+
docker_setup_env
26+
# setup data directories and permissions (when run as root)
27+
docker_create_db_directories
28+
if [ "$(id -u)" = '0' ]; then
29+
# then restart script as postgres user
30+
exec su-exec postgres "$BASH_SOURCE" "$@"
31+
fi
32+
33+
# only run initialization on an empty data directory
34+
if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
35+
docker_verify_minimum_env
36+
37+
# check dir permissions to reduce likelihood of half-initialized database
38+
ls /docker-entrypoint-initdb.d/ > /dev/null
39+
40+
docker_init_database_dir
41+
pg_setup_hba_conf "$@"
42+
43+
# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
44+
# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
45+
export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
46+
docker_temp_server_start "$@"
47+
48+
docker_setup_db
49+
docker_process_init_files /docker-entrypoint-initdb.d/*
50+
51+
docker_temp_server_stop
52+
unset PGPASSWORD
53+
else
54+
self="$(basename "$0")"
55+
case "$self" in
56+
docker-ensure-initdb.sh)
57+
echo >&2 "$self: note: database already initialized in '$PGDATA'!"
58+
exit 0
59+
;;
60+
61+
docker-enforce-initdb.sh)
62+
echo >&2 "$self: error: (unexpected) database found in '$PGDATA'!"
63+
exit 1
64+
;;
65+
66+
*)
67+
echo >&2 "$self: error: unknown file name: $self"
68+
exit 99
69+
;;
70+
esac
71+
fi

0 commit comments

Comments
 (0)