eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions

Unify container build workflows (#306)
All checks were successful
Build Container / detect (push) Successful in 3s
Details

Browse source 
## Summary
- Merges `build-container.yaml` and `build-container-nix.yaml` into a single workflow
- Detect job classifies each changed container by presence of `Dockerfile` and/or `default.nix`
- Dockerfile containers build on `k8s` (indri) via Dagger; Nix containers build on `nix-container-builder` (ringtail) via nix-build + skopeo
- Containers with both build files (alloy, nettest, ntfy) get built on both runners

## Test plan
- [ ] Push a change to a Dockerfile-only container (e.g. grafana) — verify it builds on k8s only
- [ ] Push a change to a nix-only container (e.g. jobsync) — verify it builds on nix-container-builder only
- [ ] Push a change to a dual container (e.g. ntfy) — verify it builds on both runners
- [ ] Test workflow_dispatch with a specific container name

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: #306
This commit is contained in:
Erich Blume 2026-03-23 20:55:50 -07:00
commit bd0ff30d3f
12 changed files with 124 additions and 365 deletions
Download patch file Download diff file Expand all files Collapse all files

27
containers/nettest/Dockerfile
View file

@ -1,27 +0,0 @@
# Network connectivity test container for blumeops CI/CD debugging
#
# This container tests connectivity to tailnet services from various environments:
# - Docker on indri (during CI build)
# - Minikube pods (manual testing)
ARG CONTAINER_APP_VERSION=0.1.0
FROM alpine:3.22
ARG CONTAINER_APP_VERSION
LABEL org.opencontainers.image.title="nettest"
LABEL org.opencontainers.image.description="Network connectivity test container for CI/CD debugging"
LABEL org.opencontainers.image.version="${CONTAINER_APP_VERSION}"
LABEL org.opencontainers.image.source="https://forge.eblu.me/eblume/blumeops"
LABEL org.opencontainers.image.vendor="blumeops"
RUN apk add --no-cache \
curl \
ca-certificates \
jq \
bind-tools
COPY test-connectivity.sh /test-connectivity.sh
RUN chmod +x /test-connectivity.sh
ENTRYPOINT ["/test-connectivity.sh"]

39
containers/nettest/default.nix
View file

@ -1,39 +0,0 @@
# Nix-built nettest container
# Equivalent to the Dockerfile: curl, jq, bind (nslookup), ca-certs, bash
# Built with dockerTools.buildLayeredImage for efficient layer caching
{ pkgs ? import <nixpkgs> { } }:
let
testScript = ./test-connectivity.sh;
tools = pkgs.buildEnv {
name = "nettest-tools";
paths = [
pkgs.curl
pkgs.jq
pkgs.dnsutils # provides nslookup, dig
pkgs.cacert
pkgs.coreutils
pkgs.hostname
pkgs.bashInteractive
];
};
in
pkgs.dockerTools.buildLayeredImage {
name = "blumeops/nettest";
tag = "latest";
contents = [ tools ];
extraCommands = ''
cp ${testScript} test-connectivity.sh
chmod +x test-connectivity.sh
'';
config = {
Entrypoint = [ "/bin/bash" "/test-connectivity.sh" ];
Env = [
"SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
];
};
}

115
containers/nettest/test-connectivity.sh
View file

@ -1,115 +0,0 @@
#!/bin/ash
# shellcheck shell=dash
# Network connectivity test script for blumeops
# Tests access to tailnet services from within the container
set -e
echo "========================================"
echo "BlumeOps Network Connectivity Test"
echo "========================================"
echo ""
echo "Timestamp: $(date -Iseconds)"
echo "Hostname: $(hostname)"
echo ""
# Test targets
FORGE_HOST="forge.ops.eblu.me"
REGISTRY_HOST="registry.ops.eblu.me"
test_dns() {
local host="$1"
echo "--- DNS: $host ---"
if nslookup "$host" 2>/dev/null; then
echo "DNS: OK"
return 0
else
echo "DNS: FAILED"
return 1
fi
}
test_https() {
local url="$1"
local name="$2"
echo ""
echo "--- HTTPS: $name ---"
echo "URL: $url"
# Try to fetch with verbose output
http_code=$(curl -s -o /dev/null -w "%{http_code}" --max-time 10 "$url" 2>&1) || true
if [ "$http_code" = "200" ] || [ "$http_code" = "401" ] || [ "$http_code" = "302" ]; then
echo "HTTP Status: $http_code"
echo "Result: OK (service reachable)"
return 0
elif [ -n "$http_code" ] && [ "$http_code" != "000" ]; then
echo "HTTP Status: $http_code"
echo "Result: OK (service reachable, status $http_code)"
return 0
else
echo "HTTP Status: $http_code"
echo "Result: FAILED (could not connect)"
return 1
fi
}
test_registry_api() {
local host="$1"
echo ""
echo "--- Registry API: $host ---"
# Try to query the registry API
response=$(curl -sf --max-time 10 "https://$host/v2/_catalog" 2>/dev/null) || true
if [ -n "$response" ]; then
echo "Response: $response"
repo_count=$(echo "$response" | jq -r '.repositories | length' 2>/dev/null) || repo_count="unknown"
echo "Repository count: $repo_count"
echo "Result: OK"
return 0
else
echo "Result: FAILED (no response from /v2/_catalog)"
return 1
fi
}
echo "========================================"
echo "Testing DNS Resolution"
echo "========================================"
dns_ok=0
test_dns "$FORGE_HOST" && dns_ok=$((dns_ok + 1)) || true
echo ""
test_dns "$REGISTRY_HOST" && dns_ok=$((dns_ok + 1)) || true
echo ""
echo "========================================"
echo "Testing HTTPS Connectivity"
echo "========================================"
https_ok=0
test_https "https://$FORGE_HOST" "Forgejo" && https_ok=$((https_ok + 1)) || true
test_https "https://$REGISTRY_HOST/v2/" "Zot Registry" && https_ok=$((https_ok + 1)) || true
echo ""
echo "========================================"
echo "Testing Registry API"
echo "========================================"
api_ok=0
test_registry_api "$REGISTRY_HOST" && api_ok=1 || true
echo ""
echo "========================================"
echo "Summary"
echo "========================================"
echo "DNS tests passed: $dns_ok/2"
echo "HTTPS tests passed: $https_ok/2"
echo "Registry API: $([ $api_ok -eq 1 ] && echo 'OK' || echo 'FAILED')"
echo ""
if [ "$dns_ok" -eq 2 ] && [ "$https_ok" -eq 2 ] && [ "$api_ok" -eq 1 ]; then
echo "OVERALL: ALL TESTS PASSED"
exit 0
else
echo "OVERALL: SOME TESTS FAILED"
exit 1
fi