Initial commit

This commit is contained in:
Tristan 2022-06-05 05:31:53 +01:00
parent 46efa74a12
commit cb5b9832ae
No known key found for this signature in database
GPG Key ID: BDDFC4A0651ACDE4
10 changed files with 234 additions and 0 deletions

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
build/

74
.gitlab-ci.yml Normal file
View File

@ -0,0 +1,74 @@
stages:
- build
.docker-build: &docker-build
stage: Build
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [ "" ]
needs: [ ]
variables:
GIT_DEPTH: "1"
TZ: "UTC"
before_script:
- mkdir -p /kaniko/.docker
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"gitlab-ci-token\",\"password\":\"$CI_JOB_TOKEN\"}}}" > /kaniko/.docker/config.json
script: |
set -eu
source "common.config"
source "$BUILD_TYPE.config"
export JOB_TIMESTAMP="$(date -D '%Y-%m-%dT%H:%M:%S%Z' -d "$CI_JOB_STARTED_AT" +'%Y%m%d-%H%M')"
echo "Building image with"
echo " -> haproxy version: $HAPROXY_VER"
echo " -> debian codename: $DEBIAN_CODENAME"
echo " -> git commit hash: $CI_COMMIT_SHORT_SHA"
echo " -> build timestamp: $JOB_TIMESTAMP"
export IMAGE_TAG_UNIQUE="$HAPROXY_VER-$DEBIAN_CODENAME-$CI_COMMIT_SHORT_SHA-$JOB_TIMESTAMP"
export IMAGE_TAG_ROLLING_COMMIT="git-$CI_COMMIT_SHORT_SHA"
export IMAGE_TAG_ROLLING_GITREF="$CI_COMMIT_REF_SLUG"
export IMAGE_TAG_VERSIONS="$HAPROXY_VER-$DEBIAN_CODENAME"
if [ "$CI_COMMIT_REF_NAME" != "$CI_DEFAULT_BRANCH" ]; then
export IMAGE_TAG_VERSIONS="branch-$CI_COMMIT_REF_SLUG-$IMAGE_TAG_VERSIONS"
echo "Git reference $CI_COMMIT_REF_NAME is not the default branch. Rewriting git rolling tag as $IMAGE_TAG_VERSIONS"
fi
export IMAGE_PATH="$CI_REGISTRY_IMAGE/$BUILD_TYPE"
echo "***"
echo "Will build and push image as:"
echo "- $IMAGE_PATH:$IMAGE_TAG_UNIQUE"
echo "- $IMAGE_PATH:$IMAGE_TAG_ROLLING_COMMIT"
echo "- $IMAGE_PATH:$IMAGE_TAG_ROLLING_GITREF"
echo "- $IMAGE_PATH:$IMAGE_TAG_VERSIONS"
echo "***"
(
set -x;
/kaniko/executor \
--single-snapshot \
--context . \
--dockerfile Dockerfile \
--build-arg "DEBIAN_CODENAME=$DEBIAN_CODENAME" \
--build-arg "QUICTLS_SOURCE=$QUICTLS_SOURCE" \
--build-arg "HAPROXY_SOURCE_REPO=$HAPROXY_SOURCE_REPO" \
--build-arg "HAPROXY_SOURCE_BRANCH=$HAPROXY_SOURCE_BRANCH" \
--destination "$IMAGE_PATH:$IMAGE_TAG_UNIQUE" \
--destination "$IMAGE_PATH:$IMAGE_TAG_ROLLING_COMMIT" \
--destination "$IMAGE_PATH:$IMAGE_TAG_ROLLING_GITREF" \
--destination "$IMAGE_PATH:$IMAGE_TAG_ROLLING_DEB"
)
mainline:
<<: *docker-build
variables:
BUILD_TYPE: mainline
nightly:
<<: *docker-build
variables:
BUILD_TYPE: nightly

52
Dockerfile Normal file
View File

@ -0,0 +1,52 @@
ARG DEBIAN_CODENAME
FROM docker.io/library/debian:${DEBIAN_CODENAME} as base
FROM base as builder
RUN apt -qq update && \
apt install --no-install-recommends -qq -y build-essential
ENV QUICTLS_PREFIX "/opt/quictls"
ENV HAPROXY_PREFIX "/opt/haproxy"
FROM builder as quictls-build
COPY --chown=root:root scripts/quictls* /scripts/
ENV QUICTLS_BUILD_DIR "/tmp/quictls"
ENV QUICTLS_MAKE_INSTALL "true"
ARG QUICTLS_SOURCE
RUN /scripts/quictls-clone.sh ${QUICTLS_SOURCE} "${QUICTLS_BUILD_DIR}"
RUN /scripts/quictls-build.sh "${QUICTLS_BUILD_DIR}" "${QUICTLS_PREFIX}"
RUN ls -1 "${QUICTLS_PREFIX}/include" "${QUICTLS_PREFIX}/lib" && "${QUICTLS_PREFIX}/bin/openssl" version
FROM builder as haproxy-build
COPY --from=quictls-build /opt/quictls /opt/quictls
COPY --chown=root:root scripts/haproxy* /scripts/
ENV HAPROXY_BUILD_DIR "/tmp/haproxy"
ENV HAPROXY_MAKE_INSTALL "true"
ARG HAPROXY_SOURCE_REPO
ARG HAPROXY_SOURCE_BRANCH
RUN /scripts/haproxy-clone.sh "${HAPROXY_SOURCE_REPO}" "${HAPROXY_SOURCE_BRANCH}" "${HAPROXY_BUILD_DIR}"
RUN /scripts/haproxy-build.sh "${HAPROXY_BUILD_DIR}" "${QUICTLS_PREFIX}" "${HAPROXY_PREFIX}"
RUN "${HAPROXY_PREFIX}/usr/local/sbin/haproxy" -vv
ARG DEBIAN_CODENAME
FROM docker.io/library/debian:${DEBIAN_CODENAME}-slim
RUN apt -qq update && \
apt -qq -y --no-install-recommends install \
ca-certificates \
liblua5.3-0 \
libpcre2-8-0 \
socat && \
apt -qq -y --purge autoremove && \
apt -qq -y clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/* /var/log/*
COPY --from=quictls-build /opt/quictls /opt/quictls
COPY --from=haproxy-build /opt/haproxy /

2
common.config Normal file
View File

@ -0,0 +1,2 @@
DEBIAN_CODENAME=bullseye
QUICTLS_SOURCE=https://codeload.github.com/quictls/openssl/tar.gz/openssl-3.0.3+quic

3
mainline.config Normal file
View File

@ -0,0 +1,3 @@
HAPROXY_VER=2.6
HAPROXY_MAINLINE_REPO=http://git.haproxy.org/git/haproxy-2.6.git
HAPROXY_MAINLINE_BRANCH=master

3
nightly.config Normal file
View File

@ -0,0 +1,3 @@
HAPROXY_VER=nightly
HAPROXY_NIGHTLY_REPO=https://github.com/haproxy/haproxy.git
HAPROXY_NIGHTLY_BRANCH=master

45
scripts/haproxy-build.sh Executable file
View File

@ -0,0 +1,45 @@
#!/usr/bin/env bash
set -euo pipefail
SRC_DIR=$1
QUICTLS_PREFIX=$2
HAPROXY_PREFIX=$3
if ! [ -d "$QUICTLS_PREFIX/include" ]; then
echo "No include dir in $QUICTLS_PREFIX"
fi
if ! [ -d "$QUICTLS_PREFIX/lib" ]; then
echo "No lib dir in $QUICTLS_PREFIX"
fi
apt -qq update && apt -qq -y --no-install-recommends install \
liblua5.3-dev \
libpcre2-dev \
libsystemd-dev
pushd "$SRC_DIR"
# HAProxy build flags
make -j "$(nproc)" \
DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS" \
LDFLAGS="-Wl,-rpath,${QUICTLS_PREFIX}/lib" \
SSL_INC="${QUICTLS_PREFIX}/include" \
SSL_LIB="${QUICTLS_PREFIX}/lib" \
TARGET="linux-glibc" \
EXTRAVERSION="+mangadex" \
VERDATE="$(date -u -I'minutes')" \
USE_DL=1 \
USE_GETADDRINFO=1 \
USE_LINUX_TPROXY=1 \
USE_LUA=1 \
USE_OPENSSL=1 \
USE_PCRE2=1 \
USE_PCRE2_JIT=1 \
USE_PROMEX=1 \
USE_QUIC=1 \
USE_SLZ=1 \
USE_TFO=1 \
USE_SYSTEMD=1
[ "${HAPROXY_MAKE_INSTALL:-'false'}" == "true" ] && make -j"$(nproc)" DESTDIR="${HAPROXY_PREFIX}" install

15
scripts/haproxy-clone.sh Executable file
View File

@ -0,0 +1,15 @@
#!/usr/bin/env bash
set -euo pipefail
SRC_REPO=$1
SRC_BRANCH=$2
OUT_DIR=$3
PARENT_DIR=$(dirname "$OUT_DIR")
[ -d "$PARENT_DIR" ] || mkdir -pv "$(dirname "$PARENT_DIR")"
apt -qq update && apt -qq -y --no-install-recommends install git
git clone "$SRC_REPO" "$OUT_DIR"
git -C "$OUT_DIR" checkout "$SRC_BRANCH"

18
scripts/quictls-build.sh Executable file
View File

@ -0,0 +1,18 @@
#!/usr/bin/env bash
set -euo pipefail
SRC_DIR=$1
OUT_DIR=$2
[ -d "$OUT_DIR" ] || mkdir -pv "$OUT_DIR"
pushd "$SRC_DIR"
echo "Ensuring dependencies"
apt -qq update && apt -qq -y --no-install-recommends install \
build-essential
./Configure --libdir=lib -static --prefix="$OUT_DIR" --openssldir="$OUT_DIR"
make -j "$(nproc)"
[ "${QUICTLS_MAKE_INSTALL:-'false'}" == "true" ] && make -j"$(nproc)" install

20
scripts/quictls-clone.sh Executable file
View File

@ -0,0 +1,20 @@
#!/usr/bin/env bash
set -euo pipefail
SRC_TARBALL=$1
OUT_DIR=$2
[ -d "$OUT_DIR" ] || mkdir -pv "$OUT_DIR"
pushd "$OUT_DIR"
echo "Ensuring dependencies"
apt -qq update && apt -qq -y --no-install-recommends install \
ca-certificates \
curl \
tar
echo "Cloning QuicTLS from $SRC_TARBALL in $OUT_DIR..."
curl -sSL -o quictls.tar.gz "$SRC_TARBALL"
tar --strip-components=1 -xf quictls.tar.gz
rm -v quictls.tar.gz