diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 6388c3a..41b1a41 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -12,6 +12,8 @@ permissions: contents: read pages: write id-token: write + # Push container images + packages: write # Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. # However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. @@ -48,6 +50,27 @@ jobs: name: build-artifacts path: 'build' + container-image: + runs-on: ubuntu-latest + needs: + - build + if: github.ref == 'refs/heads/main' + steps: + - uses: actions/checkout@v4 + - name: Set up JDK 21 + uses: actions/setup-java@v4 + with: + java-version: '21' + distribution: 'temurin' + - run: mkdir -p build + - uses: actions/download-artifact@v4 + with: + name: build-artifacts + path: build + - run: ./build.sh + - run: podman push ghcr.io/gardenlinux/glvd-api:edge + - run: podman push ghcr.io/gardenlinux/glvd-api:edge_bare + dependency-submission: runs-on: ubuntu-latest diff --git a/.gitignore b/.gitignore index c2065bc..f8d0889 100644 --- a/.gitignore +++ b/.gitignore @@ -35,3 +35,6 @@ out/ ### VS Code ### .vscode/ + +### Unbase OCI ### +*.oci diff --git a/Containerfile b/Containerfile new file mode 100644 index 0000000..90cdfa6 --- /dev/null +++ b/Containerfile @@ -0,0 +1,8 @@ +FROM sapmachine:21-jre-ubuntu + +RUN mkdir /opt/glvd +COPY build/libs/glvd-0.0.1-SNAPSHOT.jar /opt/glvd/glvd.jar + +EXPOSE 8080 + +CMD ["java", "-jar", "/opt/glvd/glvd.jar"] diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..51e2ec7 --- /dev/null +++ b/build.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env bash + +set -eufo pipefail + +if [[ ! -f build/libs/glvd-0.0.1-SNAPSHOT.jar ]]; then + ./gradlew bootJar +fi + +podman build --tag ghcr.io/gardenlinux/glvd-api:edge . + +podman save --format oci-archive ghcr.io/gardenlinux/glvd-api:edge > glvd.oci + +podman pull ubuntu:22.04 +podman save --format oci-archive ubuntu:22.04 > ubuntu.oci + +./unbase_oci --exclude exclude --include include --ldd-dependencies --print-tree ubuntu.oci glvd.oci glvd_bare.oci + +image="$(podman load < glvd_bare.oci | awk '{ print $NF }')" +podman tag "$image" ghcr.io/gardenlinux/glvd-api:edge_bare diff --git a/exclude b/exclude new file mode 100644 index 0000000..0d06841 --- /dev/null +++ b/exclude @@ -0,0 +1,3 @@ +var/cache +var/lib/apt +var/log diff --git a/include b/include new file mode 100644 index 0000000..a9a5aec --- /dev/null +++ b/include @@ -0,0 +1 @@ +tmp diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 15ee5c3..8bf7c99 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -1,6 +1,6 @@ spring.application.name=glvd -spring.datasource.url=jdbc:postgresql://localhost:5432/glvd +spring.datasource.url=jdbc:postgresql://postgres:5432/glvd spring.datasource.username=glvd spring.datasource.password=glvd spring.sql.init.mode=never -spring.jpa.properties.javax.persistence.query.timeout=5000 \ No newline at end of file +spring.jpa.properties.javax.persistence.query.timeout=5000 diff --git a/unbase_oci b/unbase_oci new file mode 100755 index 0000000..1a6db1b --- /dev/null +++ b/unbase_oci @@ -0,0 +1,55 @@ +#!/usr/bin/env bash + +set -eufo pipefail + +container_image=ghcr.io/gardenlinux/unbase_oci:233f4213036fadd4b91b965b4ca71b457f1a6b88 +container_engine=podman + +container_mount_opts=() + +while [ $# -gt 0 ]; do + case "$1" in + --container-image) + container_image="$2" + shift 2 + ;; + --container-engine) + container_engine="$2" + shift 2 + ;; + --print-container-image) + printf '%s\n' "$container_image" + exit 0 + ;; + *) + break + ;; + esac +done + +args=() + +while [ $# -gt 0 ]; do + case "$1" in + -i|--include|-x|--exclude|--dpkg-include) + container_mount_opts+=(-v "$(realpath "$2"):/mnt$(realpath "$2")") + args+=("$1" "/mnt$(realpath "$2")") + shift 2 + ;; + --no-default-include|--no-default-exclude|-d|--dpkg-dependencies|-l|--ldd-dependencies|--print-tree) + args+=("$1") + shift + ;; + *) + break + ;; + esac +done + +container_mount_opts+=(-v "$(realpath "$1"):/mnt$(realpath "$1")") +[ "$1" = "$2" ] || container_mount_opts+=(-v "$(realpath "$2"):/mnt$(realpath "$2")") +[ -e "$3" ] || touch "$3" +container_mount_opts+=(-v "$(realpath "$3"):/mnt$(realpath "$3")") +args+=("/mnt$(realpath "$1")" "/mnt$(realpath "$2")" "/mnt$(realpath "$3")") + +"$container_engine" run --rm --read-only --tmpfs /tmp:rw,exec "${container_mount_opts[@]}" "$container_image" "${args[@]}"