Compare commits
3 commits
05b69f2143
...
1feb59ab14
| Author | SHA1 | Date | |
|---|---|---|---|
| 1feb59ab14 | |||
| 99a1a49175 | |||
| a842b9c1e8 |
1 changed files with 0 additions and 72 deletions
|
|
@ -1,72 +0,0 @@
|
|||
# Kingfisher — deterministic build from sporked feature branches
|
||||
#
|
||||
# Builds a fully-pinned kingfisher binary by checking out a specific upstream
|
||||
# SHA and merging feature branches at specific SHAs on top. Independent of
|
||||
# the 'deploy' branch, which is a convenience view and may have moved.
|
||||
#
|
||||
# Inputs:
|
||||
# CONTAINER_APP_VERSION — commit on the upstream 'main' branch to base on
|
||||
# FEATURES — space-separated "branch=sha" pairs to merge on top
|
||||
#
|
||||
# The resulting binary includes upstream code + local patches, reproducible
|
||||
# from the same inputs regardless of when the build runs.
|
||||
|
||||
# --- Build stage ---
|
||||
FROM rust:1.92-bookworm AS build
|
||||
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
cmake pkg-config libboost-dev git ca-certificates \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
WORKDIR /build
|
||||
|
||||
ARG CONTAINER_APP_VERSION=1d37d29
|
||||
ARG FEATURES="feature/upstream/clone-url-base=677c7a5"
|
||||
|
||||
# Limit parallelism to avoid overwhelming shared infrastructure.
|
||||
# cargo -j controls Rust compilation; CMAKE_BUILD_PARALLEL_LEVEL
|
||||
# controls the vectorscan/Boost cmake build (called from build.rs).
|
||||
ENV CMAKE_BUILD_PARALLEL_LEVEL=1
|
||||
|
||||
RUN git clone https://forge.ops.eblu.me/eblume/kingfisher.git . \
|
||||
&& git checkout "${CONTAINER_APP_VERSION}" \
|
||||
&& git config user.name "container-build" \
|
||||
&& git config user.email "build@blumeops"
|
||||
|
||||
# Merge each pinned feature branch
|
||||
RUN set -e; \
|
||||
for spec in ${FEATURES}; do \
|
||||
branch="${spec%%=*}"; \
|
||||
sha="${spec##*=}"; \
|
||||
echo "Merging ${branch} at ${sha}..."; \
|
||||
git fetch origin "${branch}"; \
|
||||
git merge --no-ff "${sha}" \
|
||||
-m "container-build: merge ${branch} at ${sha}" \
|
||||
|| { echo "ERROR: merge conflict on ${branch}"; exit 1; }; \
|
||||
done; \
|
||||
echo "Build tree ready at $(git rev-parse --short HEAD)"
|
||||
|
||||
RUN cargo build --release -j 1 \
|
||||
&& install -m 0755 target/release/kingfisher /usr/local/bin/kingfisher
|
||||
|
||||
# Quick smoke-test
|
||||
RUN kingfisher --version
|
||||
|
||||
# --- Runtime stage ---
|
||||
FROM debian:bookworm-slim
|
||||
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
git ca-certificates \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
COPY --from=build /usr/local/bin/kingfisher /usr/local/bin/kingfisher
|
||||
|
||||
RUN groupadd -r app && useradd -r -g app -d /app app \
|
||||
&& mkdir -p /app && chown app:app /app
|
||||
|
||||
USER app
|
||||
WORKDIR /app
|
||||
|
||||
RUN kingfisher --version
|
||||
|
||||
ENTRYPOINT ["kingfisher"]
|
||||
Loading…
Add table
Add a link
Reference in a new issue