aur: move docker build (#895)

2023-02-13 15:27:51 -05:00
parent 0d100a57a6
commit 032680ca9d
14 changed files with 349 additions and 117 deletions
--- a/docker/archlinux.dockerfile
+++ b/docker/archlinux.dockerfile
@@ -0,0 +1,234 @@
+# syntax=docker/dockerfile:1.4
+# artifacts: true
+# platforms: linux/amd64
+# archlinux does not have an arm64 base image
+ARG BASE=archlinux
+ARG TAG=base-devel
+FROM ${BASE}:${TAG} AS sunshine-base
+
+# install dependencies
+RUN <<_DEPS
+#!/bin/bash
+set -e
+pacman -Syu --noconfirm \
+  archlinux-keyring \
+  git
+_DEPS
+
+# Setup builder user, arch prevents running makepkg as root
+RUN useradd -m builder && \
+    echo 'builder ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
+WORKDIR /home/builder
+USER builder
+
+# install paru
+WORKDIR /tmp
+RUN git clone https://aur.archlinux.org/paru.git
+WORKDIR /tmp/paru
+RUN makepkg -si --noconfirm
+
+# install optional dependencies
+RUN paru -Syu --noconfirm \
+  cuda \
+  libcap \
+  libdrm
+
+# switch back to root user, hadolint will complain if last user is root
+# hadolint ignore=DL3002
+USER root
+
+FROM sunshine-base as sunshine-build
+
+ARG BUILD_VERSION
+ARG COMMIT
+ARG CLONE_URL
+# note: BUILD_VERSION may be blank
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+# install dependencies
+RUN <<_DEPS
+#!/bin/bash
+set -e
+pacman -Syu --noconfirm \
+  base-devel \
+  cmake \
+  namcap
+_DEPS
+
+# Setup builder user
+USER builder
+
+# copy repository
+WORKDIR /build/sunshine/
+COPY .. .
+
+# setup build directory
+WORKDIR /build/sunshine/build
+
+# configure PKGBUILD file
+RUN <<_MAKE
+#!/bin/bash
+set -e
+if [[ "${BUILD_VERSION}" == '' ]]; then
+  sub_version=".r${COMMIT}"
+else
+  sub_version=""
+fi
+cmake \
+  -DSUNSHINE_CONFIGURE_AUR=ON \
+  -DSUNSHINE_SUB_VERSION="${sub_version}" \
+  -DGITHUB_CLONE_URL="${CLONE_URL}" \
+  -DGITHUB_COMMIT="${COMMIT}" \
+  -DSUNSHINE_CONFIGURE_ONLY=ON \
+  /build/sunshine
+_MAKE
+
+WORKDIR /build/sunshine/pkg
+RUN mv /build/sunshine/build/PKGBUILD .
+
+# namcap and build PKGBUILD file
+RUN <<_PKGBUILD
+#!/bin/bash
+set -e
+namcap -i PKGBUILD
+makepkg -si --noconfirm
+ls -a
+_PKGBUILD
+
+FROM scratch as artifacts
+
+COPY --from=sunshine-build /build/sunshine/pkg/PKGBUILD /PKGBUILD
+COPY --from=sunshine-build /build/sunshine/pkg/sunshine*.pkg.tar.zst /sunshine.pkg.tar.zst
+
+FROM sunshine-base as uploader
+
+# most of this stage is borrowed from
+# https://github.com/KSXGitHub/github-actions-deploy-aur/blob/master/build.sh
+
+ARG BUILD_VERSION
+ARG RELEASE
+ARG TARGETPLATFORM
+
+# Setup builder user
+WORKDIR /home/builder
+USER builder
+
+# hadolint ignore=SC3010
+RUN <<_SSH_CONFIG
+#!/bin/bash
+set -e
+if [[ "${TARGETPLATFORM}" == 'linux/amd64' ]]; then
+  echo "Host aur.archlinux.org"; echo "  IdentityFile ~/.ssh/aur"; echo "  User aur" >>~/.ssh/config
+fi
+_SSH_CONFIG
+
+# create and apply secrets, hadolint is giving a false positive
+# hadolint ignore=SC1133
+RUN --mount=type=secret,id=AUR_EMAIL,target=/secrets/AUR_EMAIL \
+    --mount=type=secret,id=AUR_SSH_PRIVATE_KEY,target=/secrets/AUR_SSH_PRIVATE_KEY \
+    --mount=type=secret,id=AUR_USERNAME,target=/secrets/AUR_USERNAME && \
+    cat /secrets/AUR_SSH_PRIVATE_KEY >~/.ssh/aur && \
+    git config --global user.name "$(cat /secrets/AUR_USERNAME)" && \
+    git config --global user.email "$(cat /secrets/AUR_EMAIL)"
+
+WORKDIR /tmp
+
+# hadolint ignore=SC3010
+RUN <<_AUR_SETUP
+#!/bin/bash
+set -e
+
+if [[ "${TARGETPLATFORM}" == 'linux/amd64' ]]; then
+  # Adding aur.archlinux.org to known hosts
+  ssh_keyscan_types="rsa,dsa,ecdsa,ed25519"
+  ssh-keyscan -v -t "$ssh_keyscan_types" aur.archlinux.org >>~/.ssh/known_hosts
+
+  # Importing private key
+  chmod -vR 600 ~/.ssh/aur*
+  ssh-keygen -vy -f ~/.ssh/aur >~/.ssh/aur.pub
+
+  # Clone AUR package
+  mkdir -p /tmp/local-repo
+  git clone -v "https://aur.archlinux.org/sunshine.git" /tmp/local-repo
+
+  # Copy built package
+  COPY --from=artifacts /PRKBUILD /tmp/local-repo/
+fi
+_AUR_SETUP
+
+WORKDIR /tmp/local-repo
+# aur upload if release event
+# hadolint ignore=SC3010
+RUN <<_AUR_UPLOAD
+#!/bin/bash
+set -e
+if [[ "${RELEASE}" == "true" && "${TARGETPLATFORM}" == 'linux/amd64' ]]; then
+  # update package checksums
+  updpkgsums
+
+  # generate srcinfo
+  makepkg --printsrcinfo >.SRCINFO
+
+  # commit changes
+  git add --all
+
+  # check if there are any changes and commit/push
+  if [[ $(git diff-index --quiet HEAD) != "" ]]; then
+    git commit -m "${BUILD_VERSION}"
+    git remote add aur "https://aur.archlinux.org/sunshine.git"
+    git push -v aur master
+  fi
+fi
+_AUR_UPLOAD
+
+# remove secrets
+RUN rm -rf /secrets
+
+FROM sunshine-base as sunshine
+
+COPY --from=artifacts /sunshine*.pkg.tar.zst /sunshine.pkg.tar.zst
+
+# install sunshine
+RUN <<_INSTALL_SUNSHINE
+#!/bin/bash
+set -e
+pacman -U --noconfirm \
+  /sunshine.pkg.tar.zst
+_INSTALL_SUNSHINE
+
+# network setup
+EXPOSE 47984-47990/tcp
+EXPOSE 48010
+EXPOSE 47998-48000/udp
+
+# setup user
+ARG PGID=1000
+ENV PGID=${PGID}
+ARG PUID=1000
+ENV PUID=${PUID}
+ENV TZ="UTC"
+ARG UNAME=lizard
+ENV UNAME=${UNAME}
+
+ENV HOME=/home/$UNAME
+
+# setup user
+RUN <<_SETUP_USER
+#!/bin/bash
+set -e
+# first delete the builder
+userdel -r builder
+
+# then create the lizard user
+groupadd -f -g "${PGID}" "${UNAME}"
+useradd -lm -d ${HOME} -s /bin/bash -g "${PGID}" -G input -u "${PUID}" "${UNAME}"
+mkdir -p ${HOME}/.config/sunshine
+ln -s ${HOME}/.config/sunshine /config
+chown -R ${UNAME} ${HOME}
+_SETUP_USER
+
+USER ${UNAME}
+WORKDIR ${HOME}
+
+# entrypoint
+ENTRYPOINT ["/usr/bin/sunshine"]