From 9df81a9cbfc45791477e3118f8c3d424a10035fe Mon Sep 17 00:00:00 2001 From: Justin Kromlinger Date: Wed, 14 Jun 2023 14:43:34 +0200 Subject: [PATCH] Add daily releases to quay.io repository See #73. --- .gitlab-ci.yml | 14 +++++++++----- README.md | 17 +++++++++-------- 2 files changed, 18 insertions(+), 13 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 9ec24b2..108c1e0 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -130,7 +130,9 @@ image:build:secure: before_script: - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$GITLAB_PROJECT_USER\",\"password\":\"$GITLAB_PROJECT_TOKEN\"}}}" > /kaniko/.docker/config.json -# Build and publish to the Arch Linux group namespace: https://hub.docker.com/r/archlinux/archlinux +# Build and publish to the Arch Linux group namespaces: +# https://hub.docker.com/r/archlinux/archlinux +# https://quay.io/repository/archlinux/archlinux image:publish:secure: extends: .image retry: 2 @@ -142,19 +144,21 @@ image:publish:secure: matrix: - GROUP: [base, base-devel] before_script: - - echo "{\"auths\":{\"https://index.docker.io/v1/\":{\"username\":\"$DOCKERHUB_USERNAME\",\"password\":\"$DOCKERHUB_ACCESS_TOKEN\"}}}" > /kaniko/.docker/config.json + - echo "{\"auths\":{\"https://index.docker.io/v1/\":{\"username\":\"$DOCKERHUB_USERNAME\",\"password\":\"$DOCKERHUB_ACCESS_TOKEN\"}, \"quay.io\":{\"username\":\"$QUAY_USERNAME\",\"password\":\"$QUAY_PASSWORD\"}}}" > /kaniko/.docker/config.json script: - LATEST="" - if [[ "$GROUP" == "base" ]]; then - LATEST="--destination archlinux/archlinux:latest"; + LATEST="--destination docker.io/archlinux/archlinux:latest --destination quay.io/archlinux/archlinux:latest"; fi - /kaniko/executor --force --ignore-var-run="false" --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile.$GROUP - --destination archlinux/archlinux:$GROUP - --destination archlinux/archlinux:$GROUP-$BUILD_VERSION + --destination docker.io/archlinux/archlinux:$GROUP + --destination docker.io/archlinux/archlinux:$GROUP-$BUILD_VERSION + --destination quay.io/archlinux/archlinux:$GROUP + --destination quay.io/archlinux/archlinux:$GROUP-$BUILD_VERSION $LATEST .test: diff --git a/README.md b/README.md index ccca94a..edbb469 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,11 @@ -# Arch Linux Docker Image +# Arch Linux OCI Images [![pipeline status](https://gitlab.archlinux.org/archlinux/archlinux-docker/badges/master/pipeline.svg)](https://gitlab.archlinux.org/archlinux/archlinux-docker/-/commits/master) -Arch Linux provides Docker images both in the [official DockerHub library](https://hub.docker.com/_/archlinux) (`docker pull library/archlinux:latest`) and in our [own repository](https://hub.docker.com/r/archlinux/archlinux) (`docker pull archlinux/archlinux:latest`). - -Images in the official library are updated weekly while our own repository is updated daily. +Arch Linux provides OCI-Compliant container images in multiple repositories: +* [Weekly in the official DockerHub library](https://hub.docker.com/_/archlinux): `podman pull docker.io/archlinux/archlinux:latest` or `docker pull archlinux/archlinux:latest` +* [Daily in our DockerHub repository](https://hub.docker.com/r/archlinux/archlinux): `podman pull docker.io/archlinux/archlinux:latest` or `docker pull archlinux/archlinux:latest` +* [Daily in our Quay.io repository](https://quay.io/repository/archlinux/archlinux): `podman pull quay.io/archlinux/archlinux:latest` or `docker pull quay.io/archlinux/archlinux:latest` Two versions of the image are provided: `base` (approx. 150 MiB) and `base-devel` (approx. 260 MiB), containing the respective meta package / package group. Both are available as tags with `latest` pointing to `base`. Additionally, images are tagged with their date and build job number, f.e. `base-devel-20201118.0.9436`. @@ -22,12 +23,12 @@ While the images are regularly kept up to date it is strongly recommended runnin image, allowing for malicious actors to inject packages (via, for example, a man-in-the-middle). In order to create an lsign-key run `pacman-key --init` on the first execution, but be careful to not redistribute that - key.⚠️⚠️⚠️ + key.⚠️⚠️⚠️ >>> ## Building your own image -[This repository](https://gitlab.archlinux.org/archlinux/archlinux-docker) contains all scripts and files needed to create a Docker image for Arch Linux. +[This repository](https://gitlab.archlinux.org/archlinux/archlinux-docker) contains all scripts and files needed to create an OCI image for Arch Linux. ### Dependencies Install the following Arch Linux packages: @@ -47,9 +48,9 @@ build the image `archlinux:base-devel` which additionally has the `base-devel` g ## Pipeline -### Daily builds +### Daily releases -Daily images are build with scheduled [GitLab CI](https://gitlab.archlinux.org/archlinux/archlinux-docker/-/blob/master/.gitlab-ci.yml) using our own runner infrastructure. Initially root filesystem archives are constructed and provided in our [package registry](https://gitlab.archlinux.org/archlinux/archlinux-docker/-/packages). The released multi-stage Dockerfile downloads those archives and verifies their integrity before unpacking it into a Docker image layer. Images are built using [kaniko](https://github.com/GoogleContainerTools/kaniko) to avoid using privileged Docker containers, which also publishes them to our DockerHub repository. +Daily images are build with scheduled [GitLab CI](https://gitlab.archlinux.org/archlinux/archlinux-docker/-/blob/master/.gitlab-ci.yml) using our own runner infrastructure. Initially root filesystem archives are constructed and provided in our [package registry](https://gitlab.archlinux.org/archlinux/archlinux-docker/-/packages). The released multi-stage Dockerfile downloads those archives and verifies their integrity before unpacking it into a OCI image layer. Images are built using [kaniko](https://github.com/GoogleContainerTools/kaniko) to avoid using privileged Docker containers, which also publishes them to our external repositories. ### Weekly releases