public
/
stack
5
0
Fork 1
Code Issues 4 Pull Requests 2 Packages Projects Releases Wiki Activity

feat: update tools container deps and add update script

This commit is contained in:
Anton Livaja 2025-05-06 18:52:58 -07:00
parent 6f75bb991e
commit 46c9dbfa8e
Signed by: anton
GPG Key ID: 44A86CFF1FDF0E85
3 changed files with 110 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
Containerfile.tools
View File

@ -1,42 +1,42 @@
# Tools used for managing the stagex stack # Tools used for managing the stagex stack
FROM quay.io/stagex/core-busybox AS busybox FROM stagex/core-busybox@sha256:cac5d773db1c69b832d022c469ccf5f52daf223b91166e6866d42d6983a3b374 AS core-busybox
FROM quay.io/stagex/core-musl AS musl FROM stagex/core-musl@sha256:d5f86324920cfc7fc34f0163502784b73161543ba0a312030a3ddff3ef8ab2f8 AS core-musl
FROM quay.io/stagex/core-ca-certificates AS ca-certificates FROM stagex/core-ca-certificates@sha256:d6fca6c0080e8e5360cd85fc1c4bd3eab71ce626f40602e38488bfd61fd3e89d AS core-ca-certificates
FROM quay.io/stagex/core-zlib AS zlib FROM stagex/core-zlib@sha256:b35b643642153b1620093cfe2963f5fa8e4d194fb2344a5786da5717018976c2 AS core-zlib
FROM quay.io/stagex/user-gpg AS gpg FROM stagex/user-gpg@sha256:92946bb4143ecbd53999cd520fbcb958aecacbac7a85bd58a758be1b57086a9c AS user-gpg
FROM quay.io/stagex/user-npth AS npth FROM stagex/user-npth@sha256:6ac9a90ca714ba01911c1f617553a5b23b96e9e37ec4a21e5ba132c4886a70e9 AS user-npth
FROM quay.io/stagex/user-libksba AS libksba FROM stagex/user-libksba@sha256:c165fb5b7949473cb00b0fe59add90663346b33c6c682309ca0fcccdcf78d569 AS user-libksba
FROM quay.io/stagex/user-libgpg-error AS libgpg-error FROM stagex/user-libgpg-error@sha256:6d7c09e3a7d055a6722910439c533f2babc8eda24b636bf4dfb2b29a3ed6327a AS user-libgpg-error
FROM quay.io/stagex/user-libassuan AS libassuan FROM stagex/user-libassuan@sha256:dea35799659be7b85e523312c55621007b1918ff3590631155ecf2c699ca470f AS user-libassuan
FROM quay.io/stagex/user-libgcrypt AS libgcrypt FROM stagex/user-libgcrypt@sha256:384f0e703afad6f8885ec77fb814ef182a08600a2032183d231fee5c048a7d2d AS user-libgcrypt
FROM quay.io/stagex/user-tofu AS tofu FROM stagex/user-opentofu@sha256:b5053a5966f7ec06ea894db315c4990b73e8bee69798889de747e9a99c32b041 AS user-opentofu
FROM quay.io/stagex/user-sops AS sops FROM stagex/user-sops@sha256:72b09ff439f422889af815f19a223b48b3b3fd0701d312a413069cbabcad7a12 AS user-sops
FROM quay.io/stagex/user-talosctl AS talosctl FROM stagex/user-talosctl@sha256:23ff2d686a0c251db4f8a8f07e9b18c81c64eaa07da97de5a75fccbea3e595c4 AS user-talosctl
FROM quay.io/stagex/user-kubectl AS kubectl FROM stagex/user-kubectl@sha256:6df028ecb71097c182276cad295f7a68a28f2c8d7fc82ea47fb22a451b11a4ff AS user-kubectl
FROM quay.io/stagex/user-kustomize AS kustomize FROM stagex/user-kustomize@sha256:9886d6c855f763398a8bf52cd16e07f78cb8dab75396903645612e9cd4094cfa AS user-kustomize
FROM quay.io/stagex/user-kustomize-sops AS kustomize-sops FROM stagex/user-kustomize-sops@sha256:25040e0adf7dc6806da9996a252dbf7f8f5bb4f0b9a9dd1835035eeaea3861d9 AS user-kustomize-sops
FROM quay.io/stagex/user-helm AS helm FROM stagex/user-helm@sha256:e7d2e13db8483f5356b96337308edbd5a0e602cc76c4c5ea5ed730ae6d2b2dcc AS user-helm
FROM scratch FROM scratch
COPY --from=busybox . / COPY --from=core-busybox . /
COPY --from=musl . / COPY --from=core-musl . /
COPY --from=ca-certificates . / COPY --from=core-ca-certificates . /
COPY --from=zlib . / COPY --from=core-zlib . /
COPY --from=npth . / COPY --from=user-npth . /
COPY --from=libksba . / COPY --from=user-libksba . /
COPY --from=libgpg-error . / COPY --from=user-libgpg-error . /
COPY --from=libassuan . / COPY --from=user-libassuan . /
COPY --from=libgcrypt . / COPY --from=user-libgcrypt . /
COPY --from=gpg . / COPY --from=user-gpg . /
COPY --from=tofu . / COPY --from=user-opentofu . /
COPY --from=sops . / COPY --from=user-sops . /
COPY --from=talosctl . / COPY --from=user-talosctl . /
COPY --from=kubectl . / COPY --from=user-kubectl . /
COPY --from=kustomize . / COPY --from=user-kustomize . /
COPY --from=kustomize-sops . / COPY --from=user-kustomize-sops . /
COPY --from=sops . / COPY --from=user-sops . /
COPY --from=helm . / COPY --from=user-helm . /
RUN mkdir -p /root/.gnupg RUN mkdir -p /root/.gnupg
RUN chmod 0700 /root/.gnupg RUN chmod 0700 /root/.gnupg

8
Makefile
View File

@ -21,11 +21,15 @@ default: \
tools \ tools \
apply apply
.PHONY: .PHONY: clean
clean: clean:
rm -rf $(CACHE_DIR) rm -rf $(CACHE_DIR)
.PHONY: .PHONY: update-tools
update-tools:
./src/make/update.sh
.PHONY: credentials
credentials: \ credentials: \
$(CACHE_DIR)/secrets/credentials.tfvars $(CACHE_DIR)/secrets/credentials.tfvars

69
src/make/update.sh Executable file
View File

@ -0,0 +1,69 @@
#!/bin/sh
TARGET="Containerfile.tools"
SOURCE="https://codeberg.org/stagex/stagex/raw/branch/main/digests"
STAGES="core user pallet bootstrap"
TMPFILE="$(mktemp)"
DIGESTS_TMP="$(mktemp)"
for stage in $STAGES; do
curl -fsSL "$SOURCE/$stage.txt" | while read -r digest name; do
echo "$name $digest" >> "$DIGESTS_TMP"
done
done
while IFS= read -r line; do
case "$line" in
FROM*stagex/*)
full_image="$(printf '%s' "$line" | awk '{print $2}')"
base="${full_image%@sha256:*}"
prefix="${base%%stagex/*}"
registry="${prefix%/}"
path="stagex/${base#*stagex/}"
rest="${path#stagex/}"
if echo "$rest" | grep -q ':'; then
name="${rest%%:*}"
tag="${rest#*:}"
else
name="$rest"
tag=""
fi
digest="$(awk -v n="$name" '$1==n{print $2; exit}' "$DIGESTS_TMP")"
if [ -z "$digest" ]; then
for stage in $STAGES; do
staged_name="$stage-$name"
digest="$(awk -v n="$staged_name" '$1==n{print $2; exit}' "$DIGESTS_TMP")"
if [ -n "$digest" ]; then
name="$staged_name"
break
fi
done
fi
if [ -n "$digest" ]; then
if [ -n "$registry" ]; then
image_ref="$registry/stagex/$name"
else
image_ref="stagex/$name"
fi
if [ -n "$tag" ]; then
image_ref="$image_ref:$tag"
fi
echo "FROM $image_ref@sha256:$digest AS $name" >> "$TMPFILE"
else
echo "$line" >> "$TMPFILE"
fi
;;
*)
echo "$line" >> "$TMPFILE"
;;
esac
done < "$TARGET"
mv "$TMPFILE" "$TARGET"
rm -f "$DIGESTS_TMP"