Gitlab runner container pr 1.x (#28)

gregharvey · web-flow · commit 5012d48ae264 · 2021-07-02T10:47:28.000+02:00
* Adding a build for a prebuilt CI image.

* Adding the docker SSH entrypoint script.

* Updating container image name.

* Making apt handling more robust.

* Moving the CI container code to just be documentation.
diff --git a/docker-images/controller-ci/Dockerfile b/docker-images/controller-ci/Dockerfile
@@ -1,6 +1,47 @@
-# GitLab Runner controller based on
+# This Dockerfile is a mix of ce-dev's controller image
+# https://github.com/codeenigma/ce-dev/tree/1.x/docker-images/controller
+#
+# And a GitLab Runner controller based on
 # https://gitlab.com/tmaczukin-test-projects/fargate-driver-debian/-/blob/master/Dockerfile
-FROM codeenigma/ce-dev-controller-1.x:latest
+
+# Prepare the container
+
+FROM codeenigma/ce-dev-1.x:latest
+
+RUN \
+  set -x && \
+  export DEBIAN_FRONTEND=noninteractive && \
+  apt-get update && \
+  apt-get dist-upgrade -y -o Dpkg::Options::="--force-confnew" && \
+  apt-get install -y -o Dpkg::Options::="--force-confnew" \
+  git ca-certificates git-lfs && \
+  apt-get clean  && \
+  pip3 install ansible boto3 && \
+  git lfs install --skip-repo && \
+  update-alternatives --install /usr/bin/python python /usr/bin/python3 1 && \
+  rm -rf \
+  /var/lib/apt/lists/* \
+  /var/log/* \
+  /tmp/*
+
+
+RUN su - ce-dev -c "git clone --branch 1.x https://github.com/codeenigma/ce-provision.git /home/ce-dev/ce-provision"
+
+COPY ./provision.yml /home/ce-dev/ce-provision/provision.yml
+
+RUN \
+  set -x && \
+  export DEBIAN_FRONTEND=noninteractive && \
+  apt-get update && \
+  su - ce-dev -c "/usr/local/bin/ansible-playbook /home/ce-dev/ce-provision/provision.yml" && \
+  rm /home/ce-dev/ce-provision/provision.yml && \
+  apt-get clean  && \
+  rm -rf \
+  /var/lib/apt/lists/* \
+  /var/log/* \
+  /tmp/*
+
+# Install GitLab Runner and requirements
 
 # ---------------------------------------------------------------------
 # Install https://github.com/krallin/tini - a very small 'init' process
@@ -25,15 +66,6 @@ RUN curl -Lo /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.ama
   # like that.
   gitlab-runner --version
 
-
-RUN set -x && \
-  export DEBIAN_FRONTEND=noninteractive && \
-  apt-get update && \
-  apt-get dist-upgrade -y -o Dpkg::Options::="--force-confnew" && \
-  apt-get install -y ca-certificates git-lfs && \
-  apt-get clean  && \
-  git lfs install --skip-repo
-
 # ---------------------------------------------------------------------------------------------------
 # Execute a startup script.
 # https://success.docker.com/article/use-a-script-to-initialize-stateful-container-data
diff --git a/docker-images/controller-ci/README.md b/docker-images/controller-ci/README.md
@@ -0,0 +1,16 @@
+controller-ci
+=============
+
+This is simply an EXAMPLE for provisioning a controller for running ce-provision in a container with GitLab CI.
+
+Every organisation wanting to run ce-provision in a container must necessarily make their own container image which incorporates their own version of ce-provision-config and installs the dependencies for their choice of CI. There can be no such thing as a "generic" CI container because it needs to contain secrets and it needs to be tailored to the CI product.
+
+As such any generated CI container *must* be private in the container registry, never make them public.
+
+The Dockerfile within is a mix of ce-dev's controller image:
+* https://github.com/codeenigma/ce-dev/tree/1.x/docker-images/controller
+
+And a GitLab Runner controller based on this project:
+* https://gitlab.com/tmaczukin-test-projects/fargate-driver-debian/-/blob/master/Dockerfile
+
+You can build this container to see how it works, but it will not work with your infra because it currently incorporates an example ce-provision-config repo.
diff --git a/docker-images/controller-ci/provision.yml b/docker-images/controller-ci/provision.yml
@@ -0,0 +1,22 @@
+---
+- hosts: localhost
+  become: yes
+  vars:
+    - _domain_name: ci.example.com
+    - _ce_provision_build_tmp_dir: /tmp
+    - _ce_provision_data_dir: /tmp
+    - is_local: yes
+    - _env_type: utility
+    - ce_provision:
+        own_repository: https://github.com/codeenigma/ce-provision.git
+        own_repository_branch: 1.x
+        own_repository_skip_checkout: false
+        config_repository: https://github.com/codeenigma/ce-dev-ce-provision-config.git
+        config_repository_branch: 1.x
+        config_repository_skip_checkout: false
+        username: ce-dev
+        local_dir: /home/ce-dev/ce-provision
+        groups: []
+        galaxy_custom_requirements_file: ""
+  roles:
+    - ce_provision
diff --git a/docker-images/export.sh b/docker-images/export.sh
@@ -45,14 +45,6 @@ if [ "$2" = "--push" ]; then
   docker image push "codeenigma/ce-dev-controller-1.x:$1"
 fi
 
-# Build controller image for CI.
-echo "Building controller image for CI"
-docker image build --compress "--label=ce-dev-controller-ci-1.x:$1" --no-cache=true -t "codeenigma/ce-dev-controller-ci-1.x:$1" "$OWN_DIR/controller-ci" || exit 1
-if [ "$2" = "--push" ]; then
-  echo "Publishing the image with docker image push codeenigma/ce-dev-controller-ci-1.x:$1"
-  docker image push "codeenigma/ce-dev-controller-ci-1.x:$1"
-fi
-
 # Build dind image.
 # echo "Building dind image"
 # sudo docker image build --compress "--label=ce-dev-dind-1.x:$1" --no-cache=true -t "codeenigma/ce-dev-dind-1.x:$1" "$OWN_DIR/dind" || exit 1
