Add custom Kingfisher container built from sporked feature branches
- Dockerfile: deterministic build from pinned CONTAINER_APP_VERSION + FEATURES - Merges named feature branches at specific SHAs for reproducibility - Switch CronJob to custom image with --clone-url-base and --all-organizations - Add kingfisher to service-versions.yaml (version tracks upstream main SHA) - Document spork container builds in new how-to card - Document spork workflow in CLAUDE.md - Update kingfisher service docs for custom image Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
924325ebd5
commit
646fb4f2dc
9 changed files with 182 additions and 6 deletions
67
containers/kingfisher/Dockerfile
Normal file
67
containers/kingfisher/Dockerfile
Normal file
|
|
@ -0,0 +1,67 @@
|
|||
# Kingfisher — deterministic build from sporked feature branches
|
||||
#
|
||||
# Builds a fully-pinned kingfisher binary by checking out a specific upstream
|
||||
# SHA and merging feature branches at specific SHAs on top. Independent of
|
||||
# the 'deploy' branch, which is a convenience view and may have moved.
|
||||
#
|
||||
# Inputs:
|
||||
# CONTAINER_APP_VERSION — commit on the upstream 'main' branch to base on
|
||||
# FEATURES — space-separated "branch=sha" pairs to merge on top
|
||||
#
|
||||
# The resulting binary includes upstream code + local patches, reproducible
|
||||
# from the same inputs regardless of when the build runs.
|
||||
|
||||
# --- Build stage ---
|
||||
FROM rust:1.92-bookworm AS build
|
||||
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
cmake pkg-config libboost-dev git ca-certificates \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
WORKDIR /build
|
||||
|
||||
ARG CONTAINER_APP_VERSION=1d37d29
|
||||
ARG FEATURES="feature/upstream/clone-url-base=677c7a5"
|
||||
|
||||
RUN git clone https://forge.ops.eblu.me/eblume/kingfisher.git . \
|
||||
&& git checkout "${CONTAINER_APP_VERSION}" \
|
||||
&& git config user.name "container-build" \
|
||||
&& git config user.email "build@blumeops"
|
||||
|
||||
# Merge each pinned feature branch
|
||||
RUN set -e; \
|
||||
for spec in ${FEATURES}; do \
|
||||
branch="${spec%%=*}"; \
|
||||
sha="${spec##*=}"; \
|
||||
echo "Merging ${branch} at ${sha}..."; \
|
||||
git fetch origin "${branch}"; \
|
||||
git merge --no-ff "${sha}" \
|
||||
-m "container-build: merge ${branch} at ${sha}" \
|
||||
|| { echo "ERROR: merge conflict on ${branch}"; exit 1; }; \
|
||||
done; \
|
||||
echo "Build tree ready at $(git rev-parse --short HEAD)"
|
||||
|
||||
RUN cargo build --release \
|
||||
&& install -m 0755 target/release/kingfisher /usr/local/bin/kingfisher
|
||||
|
||||
# Quick smoke-test
|
||||
RUN kingfisher --version
|
||||
|
||||
# --- Runtime stage ---
|
||||
FROM debian:bookworm-slim
|
||||
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
git ca-certificates \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
COPY --from=build /usr/local/bin/kingfisher /usr/local/bin/kingfisher
|
||||
|
||||
RUN groupadd -r app && useradd -r -g app -d /app app \
|
||||
&& mkdir -p /app && chown app:app /app
|
||||
|
||||
USER app
|
||||
WORKDIR /app
|
||||
|
||||
RUN kingfisher --version
|
||||
|
||||
ENTRYPOINT ["kingfisher"]
|
||||
Loading…
Add table
Add a link
Reference in a new issue