Trying to make sure the two sides of the image play nicely together.
Some checks failed
Tests / Build and Push CICD Base Image (push) Successful in 19m40s
Tests / Build and Push CICD Complete Image (push) Successful in 57m16s
Tests / End of File Check (push) Successful in 1m5s
Tests / TOML Syntax Check (push) Successful in 58s
Tests / Mixed Line Ending Check (push) Successful in 55s
Tests / TOML Formatting Check (push) Successful in 57s
Tests / Ruff Linting (push) Successful in 1m0s
Tests / Ruff Format Check (push) Successful in 54s
Tests / Pyright Type Check (push) Successful in 1m12s
Tests / Darglint Docstring Check (push) Successful in 57s
Tests / No Docstring Types Check (push) Successful in 52s
Tests / ESLint Check (push) Successful in 1m10s
Tests / Prettier Format Check (push) Successful in 59s
Tests / TypeScript Type Check (push) Successful in 1m22s
Tests / TSDoc Lint Check (push) Successful in 1m13s
Tests / Integration Tests (push) Has been cancelled
Tests / End-to-End Tests (push) Has been cancelled
Tests / YAML Syntax Check (push) Has been cancelled
Tests / Backend Tests (push) Has been cancelled
Tests / Frontend Tests (push) Has been cancelled
Tests / Backend Doctests (push) Has been cancelled
Tests / Trailing Whitespace Check (push) Has started running
Some checks failed
Tests / Build and Push CICD Base Image (push) Successful in 19m40s
Tests / Build and Push CICD Complete Image (push) Successful in 57m16s
Tests / End of File Check (push) Successful in 1m5s
Tests / TOML Syntax Check (push) Successful in 58s
Tests / Mixed Line Ending Check (push) Successful in 55s
Tests / TOML Formatting Check (push) Successful in 57s
Tests / Ruff Linting (push) Successful in 1m0s
Tests / Ruff Format Check (push) Successful in 54s
Tests / Pyright Type Check (push) Successful in 1m12s
Tests / Darglint Docstring Check (push) Successful in 57s
Tests / No Docstring Types Check (push) Successful in 52s
Tests / ESLint Check (push) Successful in 1m10s
Tests / Prettier Format Check (push) Successful in 59s
Tests / TypeScript Type Check (push) Successful in 1m22s
Tests / TSDoc Lint Check (push) Successful in 1m13s
Tests / Integration Tests (push) Has been cancelled
Tests / End-to-End Tests (push) Has been cancelled
Tests / YAML Syntax Check (push) Has been cancelled
Tests / Backend Tests (push) Has been cancelled
Tests / Frontend Tests (push) Has been cancelled
Tests / Backend Doctests (push) Has been cancelled
Tests / Trailing Whitespace Check (push) Has started running
Signed-off-by: Cliff Hill <xlorep@darkhelm.org>
This commit is contained in:
@@ -116,18 +116,18 @@ jobs:
|
||||
ssh-keyscan -p 2222 dogar.darkhelm.org >> ~/.ssh/known_hosts 2>/dev/null
|
||||
fi
|
||||
|
||||
# Clone just enough to get the Dockerfile
|
||||
# Clone just enough to get the Dockerfiles
|
||||
GIT_SSH_COMMAND="ssh -o StrictHostKeyChecking=no" \
|
||||
git clone --depth 1 --no-checkout \
|
||||
ssh://git@dogar.darkhelm.org:2222/DarkHelm.org/plex-playlist.git .
|
||||
|
||||
# Checkout only the Dockerfile and dockerignore
|
||||
git checkout HEAD -- Dockerfile.cicd .dockerignore
|
||||
# Checkout Dockerfiles and dockerignore (include base for fallback)
|
||||
git checkout HEAD -- Dockerfile.cicd Dockerfile.cicd-base .dockerignore
|
||||
|
||||
# Clean up SSH key for security
|
||||
rm -f ~/.ssh/id_rsa
|
||||
|
||||
echo "✓ Dockerfile.cicd ready for secure build"
|
||||
echo "✓ Dockerfile.cicd and fallback base ready for secure build"
|
||||
|
||||
- name: Build and push complete CICD image
|
||||
env:
|
||||
@@ -141,6 +141,29 @@ jobs:
|
||||
# Login to registry
|
||||
echo "${PACKAGE_ACCESS_TOKEN}" | docker login dogar.darkhelm.org -u "${REGISTRY_USER}" --password-stdin
|
||||
|
||||
# Verify base image availability with fallback strategy
|
||||
BASE_IMAGE="dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd-base:latest"
|
||||
echo "Checking base image availability: ${BASE_IMAGE}"
|
||||
|
||||
if docker pull "${BASE_IMAGE}" 2>/dev/null; then
|
||||
echo "✓ Base image pulled successfully from registry"
|
||||
else
|
||||
echo "❌ Failed to pull base image from registry"
|
||||
echo "This might be the first run - checking if we need to build base locally..."
|
||||
|
||||
# Check if base Dockerfile exists and build it locally as fallback
|
||||
if [ -f "Dockerfile.cicd-base" ]; then
|
||||
echo "Building base image locally as fallback..."
|
||||
export DOCKER_BUILDKIT=1
|
||||
docker build -f Dockerfile.cicd-base -t cicd-base-local:latest .
|
||||
BASE_IMAGE="cicd-base-local:latest"
|
||||
echo "✓ Base image built locally: ${BASE_IMAGE}"
|
||||
else
|
||||
echo "❌ Cannot find Dockerfile.cicd-base for fallback build"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# Create temporary SSH key file for BuildKit secrets
|
||||
echo "${SSH_PRIVATE_KEY}" > /tmp/ssh_key
|
||||
chmod 600 /tmp/ssh_key
|
||||
@@ -150,10 +173,11 @@ jobs:
|
||||
|
||||
# Build complete CICD image using secure BuildKit secrets, inheriting from base
|
||||
# SSH key is mounted securely and never stored in image layers
|
||||
echo "Building complete image with base: ${BASE_IMAGE}"
|
||||
docker build -f Dockerfile.cicd \
|
||||
--secret id=ssh_private_key,src=/tmp/ssh_key \
|
||||
--build-arg GITHUB_SHA="$GITHUB_SHA" \
|
||||
--build-arg CICD_BASE_IMAGE="dogar.darkhelm.org/darkhelm.org/plex-playlist/cicd-base:latest" \
|
||||
--build-arg CICD_BASE_IMAGE="${BASE_IMAGE}" \
|
||||
-t cicd:latest .
|
||||
|
||||
# Clean up temporary SSH key file
|
||||
|
||||
Reference in New Issue
Block a user