-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Basic repo feeding, bearer token auth and locking (useless)
Also a Dockerfile to build an env capable of running the whole thing, including borgbackup.
- Loading branch information
Jinna Kiisuo
committed
Aug 27, 2023
1 parent
70f676f
commit 9ba0e20
Showing
6 changed files
with
253 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
name: Docker image | ||
|
||
on: push | ||
|
||
env: | ||
REGISTRY: ghcr.io | ||
IMAGE_NAME: ${{ github.repository }} | ||
|
||
jobs: | ||
build-and-push-image: | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: read | ||
packages: write | ||
|
||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v2 | ||
|
||
- name: Get the release channel | ||
id: get_channel | ||
shell: bash | ||
run: | | ||
if [[ "$GITHUB_REF" == 'refs/heads/main' ]]; then | ||
echo ::set-output name=channel::"latest" | ||
echo ::set-output name=version::main_${GITHUB_SHA::6} | ||
elif [[ "$GITHUB_REF" == "refs/heads/"* ]]; then | ||
echo ::set-output name=version::${GITHUB_REF/refs\/heads\//}_${GITHUB_SHA::6} | ||
elif [[ "$GITHUB_REF" == "refs/tags/"* ]]; then | ||
echo ::set-output name=channel::${GITHUB_REF/refs\/tags\//} | ||
fi | ||
- name: Extract metadata (tags, labels) for Docker | ||
id: meta | ||
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 | ||
with: | ||
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
tags: | | ||
type=raw,value=${{ steps.get_channel.outputs.channel }} | ||
type=raw,value=${{ steps.get_channel.outputs.version }} | ||
- name: Log in to the Container registry | ||
uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 | ||
with: | ||
registry: ${{ env.REGISTRY }} | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Build and push Docker image | ||
uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc | ||
with: | ||
context: . | ||
push: true | ||
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
FROM python:3.11-buster AS poetry_builder | ||
ENV POETRY_HOME="/opt/poetry" | ||
ENV PATH="$POETRY_HOME/bin:$PATH" | ||
RUN curl -sSL https://install.python-poetry.org | python - | ||
|
||
|
||
FROM poetry_builder as builder | ||
RUN mkdir /build | ||
WORKDIR /build | ||
RUN apt update && apt install -y build-essential libfuse-dev libacl1-dev | ||
RUN pip wheel borgbackup | ||
COPY borg_lockservice ./borg_lockservice | ||
COPY README.md ./README.md | ||
COPY poetry.lock pyproject.toml ./ | ||
RUN poetry build -f wheel | ||
|
||
|
||
FROM python:3.11-slim-buster | ||
WORKDIR /srv | ||
COPY --from=builder /build/*.whl /build/dist/*.whl ./ | ||
RUN pip install *.whl | ||
|
||
ENTRYPOINT ["borg_lockservice"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,6 @@ | ||
This is highly WIP. The design intent is to have a tiny service running on the node with borgbackup repos to handle locking them. This allows dependent upstream services, such as offsite sync jobs, to perform their work without having write access to the repositories. | ||
|
||
### Debian build dependencies | ||
Since some packges may not have wheels available, the following were observed as needed on Debian 12 to build: | ||
- `libacl1-dev` | ||
- `libfuse-dev` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters