Initial commit
This commit is contained in:
parent
46efa74a12
commit
cb5b9832ae
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
build/
|
||||
|
74
.gitlab-ci.yml
Normal file
74
.gitlab-ci.yml
Normal file
@ -0,0 +1,74 @@
|
||||
stages:
|
||||
- build
|
||||
|
||||
.docker-build: &docker-build
|
||||
stage: Build
|
||||
image:
|
||||
name: gcr.io/kaniko-project/executor:debug
|
||||
entrypoint: [ "" ]
|
||||
needs: [ ]
|
||||
variables:
|
||||
GIT_DEPTH: "1"
|
||||
TZ: "UTC"
|
||||
before_script:
|
||||
- mkdir -p /kaniko/.docker
|
||||
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"gitlab-ci-token\",\"password\":\"$CI_JOB_TOKEN\"}}}" > /kaniko/.docker/config.json
|
||||
script: |
|
||||
set -eu
|
||||
|
||||
source "common.config"
|
||||
source "$BUILD_TYPE.config"
|
||||
|
||||
export JOB_TIMESTAMP="$(date -D '%Y-%m-%dT%H:%M:%S%Z' -d "$CI_JOB_STARTED_AT" +'%Y%m%d-%H%M')"
|
||||
|
||||
echo "Building image with"
|
||||
echo " -> haproxy version: $HAPROXY_VER"
|
||||
echo " -> debian codename: $DEBIAN_CODENAME"
|
||||
echo " -> git commit hash: $CI_COMMIT_SHORT_SHA"
|
||||
echo " -> build timestamp: $JOB_TIMESTAMP"
|
||||
|
||||
export IMAGE_TAG_UNIQUE="$HAPROXY_VER-$DEBIAN_CODENAME-$CI_COMMIT_SHORT_SHA-$JOB_TIMESTAMP"
|
||||
export IMAGE_TAG_ROLLING_COMMIT="git-$CI_COMMIT_SHORT_SHA"
|
||||
export IMAGE_TAG_ROLLING_GITREF="$CI_COMMIT_REF_SLUG"
|
||||
|
||||
export IMAGE_TAG_VERSIONS="$HAPROXY_VER-$DEBIAN_CODENAME"
|
||||
if [ "$CI_COMMIT_REF_NAME" != "$CI_DEFAULT_BRANCH" ]; then
|
||||
export IMAGE_TAG_VERSIONS="branch-$CI_COMMIT_REF_SLUG-$IMAGE_TAG_VERSIONS"
|
||||
echo "Git reference $CI_COMMIT_REF_NAME is not the default branch. Rewriting git rolling tag as $IMAGE_TAG_VERSIONS"
|
||||
fi
|
||||
|
||||
export IMAGE_PATH="$CI_REGISTRY_IMAGE/$BUILD_TYPE"
|
||||
|
||||
echo "***"
|
||||
echo "Will build and push image as:"
|
||||
echo "- $IMAGE_PATH:$IMAGE_TAG_UNIQUE"
|
||||
echo "- $IMAGE_PATH:$IMAGE_TAG_ROLLING_COMMIT"
|
||||
echo "- $IMAGE_PATH:$IMAGE_TAG_ROLLING_GITREF"
|
||||
echo "- $IMAGE_PATH:$IMAGE_TAG_VERSIONS"
|
||||
echo "***"
|
||||
|
||||
(
|
||||
set -x;
|
||||
/kaniko/executor \
|
||||
--single-snapshot \
|
||||
--context . \
|
||||
--dockerfile Dockerfile \
|
||||
--build-arg "DEBIAN_CODENAME=$DEBIAN_CODENAME" \
|
||||
--build-arg "QUICTLS_SOURCE=$QUICTLS_SOURCE" \
|
||||
--build-arg "HAPROXY_SOURCE_REPO=$HAPROXY_SOURCE_REPO" \
|
||||
--build-arg "HAPROXY_SOURCE_BRANCH=$HAPROXY_SOURCE_BRANCH" \
|
||||
--destination "$IMAGE_PATH:$IMAGE_TAG_UNIQUE" \
|
||||
--destination "$IMAGE_PATH:$IMAGE_TAG_ROLLING_COMMIT" \
|
||||
--destination "$IMAGE_PATH:$IMAGE_TAG_ROLLING_GITREF" \
|
||||
--destination "$IMAGE_PATH:$IMAGE_TAG_ROLLING_DEB"
|
||||
)
|
||||
|
||||
mainline:
|
||||
<<: *docker-build
|
||||
variables:
|
||||
BUILD_TYPE: mainline
|
||||
|
||||
nightly:
|
||||
<<: *docker-build
|
||||
variables:
|
||||
BUILD_TYPE: nightly
|
52
Dockerfile
Normal file
52
Dockerfile
Normal file
@ -0,0 +1,52 @@
|
||||
ARG DEBIAN_CODENAME
|
||||
FROM docker.io/library/debian:${DEBIAN_CODENAME} as base
|
||||
|
||||
FROM base as builder
|
||||
|
||||
RUN apt -qq update && \
|
||||
apt install --no-install-recommends -qq -y build-essential
|
||||
|
||||
ENV QUICTLS_PREFIX "/opt/quictls"
|
||||
ENV HAPROXY_PREFIX "/opt/haproxy"
|
||||
|
||||
FROM builder as quictls-build
|
||||
|
||||
COPY --chown=root:root scripts/quictls* /scripts/
|
||||
|
||||
ENV QUICTLS_BUILD_DIR "/tmp/quictls"
|
||||
ENV QUICTLS_MAKE_INSTALL "true"
|
||||
ARG QUICTLS_SOURCE
|
||||
|
||||
RUN /scripts/quictls-clone.sh ${QUICTLS_SOURCE} "${QUICTLS_BUILD_DIR}"
|
||||
RUN /scripts/quictls-build.sh "${QUICTLS_BUILD_DIR}" "${QUICTLS_PREFIX}"
|
||||
RUN ls -1 "${QUICTLS_PREFIX}/include" "${QUICTLS_PREFIX}/lib" && "${QUICTLS_PREFIX}/bin/openssl" version
|
||||
|
||||
FROM builder as haproxy-build
|
||||
|
||||
COPY --from=quictls-build /opt/quictls /opt/quictls
|
||||
COPY --chown=root:root scripts/haproxy* /scripts/
|
||||
|
||||
ENV HAPROXY_BUILD_DIR "/tmp/haproxy"
|
||||
ENV HAPROXY_MAKE_INSTALL "true"
|
||||
ARG HAPROXY_SOURCE_REPO
|
||||
ARG HAPROXY_SOURCE_BRANCH
|
||||
|
||||
RUN /scripts/haproxy-clone.sh "${HAPROXY_SOURCE_REPO}" "${HAPROXY_SOURCE_BRANCH}" "${HAPROXY_BUILD_DIR}"
|
||||
RUN /scripts/haproxy-build.sh "${HAPROXY_BUILD_DIR}" "${QUICTLS_PREFIX}" "${HAPROXY_PREFIX}"
|
||||
RUN "${HAPROXY_PREFIX}/usr/local/sbin/haproxy" -vv
|
||||
|
||||
ARG DEBIAN_CODENAME
|
||||
FROM docker.io/library/debian:${DEBIAN_CODENAME}-slim
|
||||
|
||||
RUN apt -qq update && \
|
||||
apt -qq -y --no-install-recommends install \
|
||||
ca-certificates \
|
||||
liblua5.3-0 \
|
||||
libpcre2-8-0 \
|
||||
socat && \
|
||||
apt -qq -y --purge autoremove && \
|
||||
apt -qq -y clean && \
|
||||
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/* /var/log/*
|
||||
|
||||
COPY --from=quictls-build /opt/quictls /opt/quictls
|
||||
COPY --from=haproxy-build /opt/haproxy /
|
2
common.config
Normal file
2
common.config
Normal file
@ -0,0 +1,2 @@
|
||||
DEBIAN_CODENAME=bullseye
|
||||
QUICTLS_SOURCE=https://codeload.github.com/quictls/openssl/tar.gz/openssl-3.0.3+quic
|
3
mainline.config
Normal file
3
mainline.config
Normal file
@ -0,0 +1,3 @@
|
||||
HAPROXY_VER=2.6
|
||||
HAPROXY_MAINLINE_REPO=http://git.haproxy.org/git/haproxy-2.6.git
|
||||
HAPROXY_MAINLINE_BRANCH=master
|
3
nightly.config
Normal file
3
nightly.config
Normal file
@ -0,0 +1,3 @@
|
||||
HAPROXY_VER=nightly
|
||||
HAPROXY_NIGHTLY_REPO=https://github.com/haproxy/haproxy.git
|
||||
HAPROXY_NIGHTLY_BRANCH=master
|
45
scripts/haproxy-build.sh
Executable file
45
scripts/haproxy-build.sh
Executable file
@ -0,0 +1,45 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
SRC_DIR=$1
|
||||
QUICTLS_PREFIX=$2
|
||||
HAPROXY_PREFIX=$3
|
||||
|
||||
if ! [ -d "$QUICTLS_PREFIX/include" ]; then
|
||||
echo "No include dir in $QUICTLS_PREFIX"
|
||||
fi
|
||||
if ! [ -d "$QUICTLS_PREFIX/lib" ]; then
|
||||
echo "No lib dir in $QUICTLS_PREFIX"
|
||||
fi
|
||||
|
||||
apt -qq update && apt -qq -y --no-install-recommends install \
|
||||
liblua5.3-dev \
|
||||
libpcre2-dev \
|
||||
libsystemd-dev
|
||||
|
||||
pushd "$SRC_DIR"
|
||||
|
||||
# HAProxy build flags
|
||||
make -j "$(nproc)" \
|
||||
DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS" \
|
||||
LDFLAGS="-Wl,-rpath,${QUICTLS_PREFIX}/lib" \
|
||||
SSL_INC="${QUICTLS_PREFIX}/include" \
|
||||
SSL_LIB="${QUICTLS_PREFIX}/lib" \
|
||||
TARGET="linux-glibc" \
|
||||
EXTRAVERSION="+mangadex" \
|
||||
VERDATE="$(date -u -I'minutes')" \
|
||||
USE_DL=1 \
|
||||
USE_GETADDRINFO=1 \
|
||||
USE_LINUX_TPROXY=1 \
|
||||
USE_LUA=1 \
|
||||
USE_OPENSSL=1 \
|
||||
USE_PCRE2=1 \
|
||||
USE_PCRE2_JIT=1 \
|
||||
USE_PROMEX=1 \
|
||||
USE_QUIC=1 \
|
||||
USE_SLZ=1 \
|
||||
USE_TFO=1 \
|
||||
USE_SYSTEMD=1
|
||||
|
||||
[ "${HAPROXY_MAKE_INSTALL:-'false'}" == "true" ] && make -j"$(nproc)" DESTDIR="${HAPROXY_PREFIX}" install
|
15
scripts/haproxy-clone.sh
Executable file
15
scripts/haproxy-clone.sh
Executable file
@ -0,0 +1,15 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
SRC_REPO=$1
|
||||
SRC_BRANCH=$2
|
||||
OUT_DIR=$3
|
||||
|
||||
PARENT_DIR=$(dirname "$OUT_DIR")
|
||||
[ -d "$PARENT_DIR" ] || mkdir -pv "$(dirname "$PARENT_DIR")"
|
||||
|
||||
apt -qq update && apt -qq -y --no-install-recommends install git
|
||||
|
||||
git clone "$SRC_REPO" "$OUT_DIR"
|
||||
git -C "$OUT_DIR" checkout "$SRC_BRANCH"
|
18
scripts/quictls-build.sh
Executable file
18
scripts/quictls-build.sh
Executable file
@ -0,0 +1,18 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
SRC_DIR=$1
|
||||
OUT_DIR=$2
|
||||
|
||||
[ -d "$OUT_DIR" ] || mkdir -pv "$OUT_DIR"
|
||||
pushd "$SRC_DIR"
|
||||
|
||||
echo "Ensuring dependencies"
|
||||
apt -qq update && apt -qq -y --no-install-recommends install \
|
||||
build-essential
|
||||
|
||||
./Configure --libdir=lib -static --prefix="$OUT_DIR" --openssldir="$OUT_DIR"
|
||||
make -j "$(nproc)"
|
||||
|
||||
[ "${QUICTLS_MAKE_INSTALL:-'false'}" == "true" ] && make -j"$(nproc)" install
|
20
scripts/quictls-clone.sh
Executable file
20
scripts/quictls-clone.sh
Executable file
@ -0,0 +1,20 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
SRC_TARBALL=$1
|
||||
OUT_DIR=$2
|
||||
|
||||
[ -d "$OUT_DIR" ] || mkdir -pv "$OUT_DIR"
|
||||
pushd "$OUT_DIR"
|
||||
|
||||
echo "Ensuring dependencies"
|
||||
apt -qq update && apt -qq -y --no-install-recommends install \
|
||||
ca-certificates \
|
||||
curl \
|
||||
tar
|
||||
|
||||
echo "Cloning QuicTLS from $SRC_TARBALL in $OUT_DIR..."
|
||||
curl -sSL -o quictls.tar.gz "$SRC_TARBALL"
|
||||
tar --strip-components=1 -xf quictls.tar.gz
|
||||
rm -v quictls.tar.gz
|
Loading…
Reference in New Issue
Block a user