auth-proxy: configurable upstream proxy via env vars #1117
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'oci-image' | |
| on: | |
| push: | |
| jobs: | |
| docker-buildx: | |
| runs-on: ubuntu-24.04 | |
| services: | |
| registry: | |
| image: registry:2 | |
| ports: | |
| - 80:5000 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - name: auth-proxy | |
| file: imags/git-auth-proxy/Dockerfile | |
| context: imags/git-auth-proxy | |
| tags: localhost/l7/auth-proxy:latest | |
| - name: container-socket-proxy | |
| context: imags/container-socket-proxy | |
| file: imags/container-socket-proxy/Dockerfile | |
| tags: localhost/l7/container-socket-proxy:latest | |
| - name: dnsmasq | |
| file: imags/dnsmasq/Containerfile | |
| context: imags/dnsmasq | |
| tags: localhost/l7/dnsmasq:latest | |
| - name: gpg-vault | |
| file: imags/gpg-vault-pk/Containerfile | |
| context: . | |
| tags: localhost/l7/gpg-vault:latest | |
| - name: node | |
| file: imags/node-runner/Containerfile | |
| context: . | |
| tags: | | |
| localhost/l7/node:latest | |
| localhost/l7/node:20-bookworm | |
| - name: nvim | |
| file: imags/nvim/Containerfile | |
| context: . | |
| tags: | | |
| localhost/l7/nvim:latest | |
| localhost/l7/dev-shell:latest | |
| localhost/l7/dev-shell:nvim | |
| build-args: | | |
| BASE_IMAGE=localhost/l7/podman-remote:latest | |
| steps: | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Allow cleartext http to localhost container registry (docker) | |
| run: | | |
| echo '{"insecure-registries" : [ "localhost" ]}' | sudo tee /etc/docker/daemon.json | |
| - name: Allow cleartext http to localhost container registry (podman) | |
| run: | | |
| mkdir -p ~/.config/containers/registries.conf.d ~/.config/containers/containers.conf.d | |
| echo "[[registry]] | |
| location = 'localhost:80' | |
| insecure = true" | tee ~/.config/containers/registries.conf.d/insecure-localhost.conf | |
| echo "[containers] | |
| default_ulimits = [ | |
| 'nofile=65535:65535', | |
| ]" | tee ~/.config/containers/containers.conf.d/ulimits.conf | |
| systemctl --user restart podman | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver-opts: network=host | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: Build and load caddy image | |
| if: ${{ matrix.name == 'nvim' || matrix.name == 'node' }} | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: imags/caddy | |
| file: imags/caddy/Containerfile | |
| tags: localhost/l7/caddy:latest | |
| load: true | |
| push: true | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Build and load base image | |
| if: ${{ matrix.name == 'nvim' || matrix.name == 'node' }} | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: imags/alpine/Containerfile | |
| tags: localhost/l7/alpine:3.20 | |
| build-args: | | |
| ALPINE_VERSION=3.20 | |
| load: true | |
| push: true | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Build and load podman-remote image | |
| if: ${{ matrix.name == 'nvim' || matrix.name == 'node' }} | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: imags/alpine/Containerfile | |
| tags: localhost/l7/podman-remote:latest | |
| build-args: | | |
| BASE_IMAGE=localhost/l7/alpine:3.20 | |
| load: true | |
| push: true | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Build and load ${{ matrix.name }} image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: ${{ matrix.context }} | |
| file: ${{ matrix.file }} | |
| build-args: ${{ matrix.build-args }} | |
| tags: ${{ matrix.tags }} | |
| load: true | |
| push: true | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| test-make-all: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| cmd: | |
| - podman | |
| os: | |
| - ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: Allow cleartext http to localhost container registry (podman) | |
| run: | | |
| mkdir -p ~/.config/containers/registries.conf.d ~/.config/containers/containers.conf.d | |
| echo "[[registry]] | |
| location = 'localhost:80' | |
| insecure = true" | tee ~/.config/containers/registries.conf.d/insecure-localhost.conf | |
| echo "[containers] | |
| default_ulimits = [ | |
| 'nofile=65535:65535', | |
| ]" | tee ~/.config/containers/containers.conf.d/ulimits.conf | |
| systemctl --user restart podman | |
| - name: Make images | |
| run: | | |
| make images_deps | |
| - name: Make test images | |
| run: | | |
| make -j2 images_test | |
| - name: Increase resources | |
| run: | | |
| ulimit -a | |
| sudo sysctl -w fs.file-max=65536 | |
| ulimit -a | |
| - name: Make GUI images | |
| run: | | |
| make images_gui | |
| env: | |
| CMD: ${{ matrix.cmd }} | |
| CONTAINER_CMD: ${{ matrix.cmd }} | |
| test-make: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| image: | |
| - acng | |
| - auth_proxy | |
| - container_proxy | |
| - caddy | |
| - dnsmasq | |
| - gpg_pk | |
| - nvim | |
| - runner_node | |
| cmd: | |
| #- docker | |
| - podman | |
| os: | |
| #- ubuntu-20.04 | |
| #- ubuntu-22.04 | |
| - ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: Setup podman | |
| run: | | |
| mkdir -p ~/.config/containers/registries.conf.d ~/.config/containers/containers.conf.d | |
| echo "[[registry]] | |
| location = 'localhost:80' | |
| insecure = true" | tee ~/.config/containers/registries.conf.d/insecure-localhost.conf | |
| echo "[containers] | |
| default_ulimits = [ | |
| 'nofile=65535:65535', | |
| ]" | tee ~/.config/containers/containers.conf.d/ulimits.conf | |
| systemctl --user restart podman.socket | |
| podman info | |
| - name: Prep | |
| run: sudo apt-get install -y whois --no-install-recommends | |
| - name: Make deps | |
| if: ${{ matrix.image == 'nvim' || matrix.image == 'runner_node' }} | |
| run: make CMD=${{ matrix.cmd }} image_caddy | |
| - run: make -j4 CMD=${{ matrix.cmd }} image_${{ matrix.image }} | |
| - run: make CMD=${{ matrix.cmd }} inspect_${{ matrix.image }} | |
| - run: make -j4 CMD=${{ matrix.cmd }} test_${{ matrix.image }} | |
| - name: Extra tests | |
| if: ${{ matrix.image == 'nvim' && matrix.os == 'ubuntu-24.04' }} | |
| run: | | |
| make -j6 CMD=${{ matrix.cmd }} images | |
| make -j4 CMD=${{ matrix.cmd }} test_extra_${{ matrix.image }} | |
| env: | |
| CMD: ${{ matrix.cmd }} | |
| CONTAINER_CMD: ${{ matrix.cmd }} | |
| L7_DISABLE_SELINUX: '1' | |
| test-compose: | |
| runs-on: ${{ matrix.os }} | |
| services: | |
| registry: | |
| image: registry:2 | |
| ports: | |
| - 80:5000 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| test: | |
| - test_compose_run | |
| - images_gui | |
| os: | |
| - ubuntu-24.04 | |
| steps: | |
| - name: Setup podman | |
| run: | | |
| mkdir -p ~/.config/containers/registries.conf.d ~/.config/containers/containers.conf.d | |
| echo "[[registry]] | |
| location = 'localhost:80' | |
| insecure = true" | tee ~/.config/containers/registries.conf.d/insecure-localhost.conf | |
| echo "[containers] | |
| default_ulimits = [ | |
| 'nofile=65535:65535', | |
| ]" | tee ~/.config/containers/containers.conf.d/ulimits.conf | |
| systemctl --user restart podman.socket | |
| podman info | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: Prep | |
| run: | | |
| sudo apt-get install -y whois --no-install-recommends | |
| make -j4 image_alpine | |
| - run: make -j4 ${{ matrix.test }} | |
| env: | |
| DEBUG: '' | |
| L7_DISABLE_SELINUX: '1' | |
| test-e2e-podman: | |
| runs-on: ubuntu-${{ matrix.ubuntu-version }} | |
| services: | |
| registry: | |
| image: registry:2 | |
| ports: | |
| - 80:5000 | |
| permissions: | |
| contents: read | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| test: | |
| - curl | |
| - ghauth | |
| - node_corepack | |
| - lsp_typescript | |
| - node_majors | |
| ubuntu-version: | |
| - 24.04 | |
| steps: | |
| - name: Setup podman | |
| run: | | |
| mkdir -p ~/.config/containers/registries.conf.d ~/.config/containers/containers.conf.d | |
| echo "[[registry]] | |
| location = 'localhost:80' | |
| insecure = true" | tee ~/.config/containers/registries.conf.d/insecure-localhost.conf | |
| echo "[containers] | |
| default_ulimits = [ | |
| 'nofile=65535:65535', | |
| ]" | tee ~/.config/containers/containers.conf.d/ulimits.conf | |
| systemctl --user restart podman.socket | |
| podman info | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: set up user config | |
| run: | | |
| sudo chown -R $(id -u):$(id -g) "${HOME}" | |
| sudo apt install -y whois | |
| usertokenhash="$(mkpasswd -m sha512crypt 'e2e-test-token')" | |
| echo 'GITHUB_TOKEN=e2e-test-token' > env | |
| echo 'GH_TOKEN=e2e-test-token' >> env | |
| echo "export L7_USER_TOKEN_HASH='${usertokenhash}'" > .env | |
| echo 'export L7_GITHUB_TOKEN=${{ github.token }}' >> .env | |
| - name: Build images | |
| run: | | |
| make images_deps | |
| make -j6 image_dev_shell image_runner_node | |
| make -j6 test_runner_node | |
| if: ${{ matrix.test == 'node_corepack' }} | |
| - name: Build images | |
| run: | | |
| make image_caddy | |
| make -j6 image_dev_shell image_runner_node_all | |
| if: ${{ matrix.test == 'node_majors' }} | |
| - name: Build images | |
| run: | | |
| make images_deps | |
| make -j6 images | |
| make -j2 images_test | |
| make -j2 test_lsp_node | |
| if: ${{ matrix.test == 'lsp_typescript' }} | |
| - run: | | |
| make images_deps | |
| make -j6 images | |
| if: ${{ matrix.test == 'ghauth' }} | |
| - run: | | |
| make images_deps | |
| make -j6 images | |
| if: ${{ matrix.test == 'curl' }} | |
| - name: Run test ${{ matrix.test }} | |
| run: | | |
| podman network ls | |
| make test_e2e_${{ matrix.test }} | |
| env: | |
| DEBUG: '' | |
| L7_DISABLE_SELINUX: '1' | |
| # TODO: should work | |
| # test-e2e-docker: | |
| # runs-on: ubuntu-${{ matrix.ubuntu-version }} | |
| # needs: test-make-all | |
| # services: | |
| # registry: | |
| # image: registry:2 | |
| # ports: | |
| # - 80:5000 | |
| # permissions: | |
| # contents: read | |
| # strategy: | |
| # fail-fast: false | |
| # matrix: | |
| # test: | |
| # - curl | |
| # - ghauth | |
| # ubuntu-version: | |
| # - 22.04 | |
| # - 24.04 | |
| # steps: | |
| # - name: Allow cleartext http to localhost container registry (docker) | |
| # run: | | |
| # echo '{"insecure-registries" : [ "localhost" ]}' | sudo tee /etc/docker/daemon.json | |
| # | |
| # - name: Restore image cache | |
| # uses: actions/cache/restore@v4 | |
| # with: | |
| # path: /tmp/ci-images | |
| # key: 'ci-test-${{ github.sha }}' | |
| # | |
| # - name: Import cached images | |
| # run: | | |
| # set -x | |
| # ls -la /tmp/ci-images | |
| # find /tmp/ci-images -type f -name '*.tar' -exec sudo docker load -i '{}' \; | |
| # sudo docker images | |
| # | |
| # - uses: actions/checkout@v4 | |
| # with: | |
| # submodules: true | |
| # | |
| # - name: set up user config | |
| # run: | | |
| # sudo chown -R $(id -u):$(id -g) "${HOME}" | |
| # sudo apt install -y whois | |
| # usertokenhash="$(mkpasswd -m sha512crypt 'e2e-test-token')" | |
| # echo 'GITHUB_TOKEN=e2e-test-token' > env | |
| # echo "export L7_USER_TOKEN_HASH=${usertokenhash}" > .env | |
| # echo 'export L7_GITHUB_TOKEN=${{ github.token }}' > .env | |
| # | |
| # - name: Prep docker | |
| # run: | | |
| # sudo apt-get update | |
| # sudo apt-get dist-upgrade -y | |
| # sudo apt-get install -y --no-install-recommends docker-compose | |
| # sudo systemctl restart docker.service | |
| # sudo -E docker --version | |
| # - name: Run test ${{ matrix.test }} | |
| # run: | | |
| # sudo -E docker network ls | |
| # make test_e2e_${{ matrix.test }} | |
| # env: | |
| # CMD: sudo -E docker | |
| # CONTAINER_CMD: sudo -E docker | |
| # DEBUG: '1' |