cloudfoundry
diff --git a/‎.github/workflows/ensure-ci-image.yml
Lines changed: 77 additions & 0 deletions b/‎.github/workflows/ensure-ci-image.yml
Lines changed: 77 additions & 0 deletions
diff --git a/‎ci/Dockerfile
Lines changed: 95 additions & 0 deletions b/‎ci/Dockerfile
Lines changed: 95 additions & 0 deletions
@@ -0,0 +1,77 @@
+name: Ensure CI image
+
+on:
+  workflow_dispatch:
+
+env:
+  IMAGE_REGISTRY: ghcr.io
+  CI_DOCKERFILE_DIR: ./ci # Relative to project root
+  CI_DOCKERFILE_PATH: Dockerfile # Relative to CI_DOCKERFILE_DIR
+  CI_DOCKERFILE_MOST_RECENT_SHA: # Determined dynamically later on
+
+jobs:
+  calculate-latest-label:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+
+    outputs:
+      ci_dockerfile_latest_sha: ${{ steps.calculate_latest_sha.outputs.ci_dockerfile_latest_sha }}
+
+    steps:
+    - name: Checkout repo
+      uses: actions/checkout@v4
+
+    - name: Calculate label for CI image
+      id: calculate_latest_sha
+      env:
+        IMAGE_NAME: ${{ github.repository }}
+      run: |
+        dockerfile_path=${CI_DOCKERFILE_DIR}/${CI_DOCKERFILE_PATH}
+
+        [[ ! -f ${dockerfile_path} ]] && echo "Could not find Dockerfile at ${dockerfile_path}" 1>&2 && exit 1
+
+        echo "ci_dockerfile_latest_sha=$(git log --max-count 1 --pretty=format:%H "${dockerfile_path}")" >> $GITHUB_OUTPUT
+
+  build-and-push-ci-image:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: write
+
+    needs:
+    - calculate-latest-label
+
+    steps:
+    - name: Checkout repo
+      uses: actions/checkout@v4
+
+    - name: Login to GitHub container registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ env.IMAGE_REGISTRY }}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Extract metadata
+      uses: docker/metadata-action@v5
+      id: meta
+      with:
+        images: ${{ env.IMAGE_REGISTRY }}/${{ github.repository }}-ci
+        tags: |
+          type=raw,value=${{ needs.calculate-latest-label.outputs.ci_dockerfile_latest_sha }}
+          type=raw,value=${{ github.ref_name }}-latest
+
+    - name: Build and push CI image
+      uses: docker/build-push-action@v5
+      with:
+        push: true
+        context: ${{ env.CI_DOCKERFILE_DIR }}/..
+        file: ${{ env.CI_DOCKERFILE_DIR }}/${{ env.CI_DOCKERFILE_PATH }}
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
@@ -0,0 +1,95 @@
+FROM summerwind/actions-runner:latest
+
+ENV bbl_version 8.4.111
+ENV bosh_cli_version 7.2.3
+ENV NODE_VERSION 22.2.0
+ENV terraform_version 0.11.5
+
+USER root
+RUN usermod -a -G sudo root
+
+ENV PATH="./node_modules/.bin:/node_modules/.bin:${PATH}"
+
+RUN \
+  apt-get update && \
+  apt-get -y install \
+    shellcheck \
+    yamllint && \
+  apt list --installed
+
+COPY package.json \
+     package-lock.json \
+     ./
+
+RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
+  && case "${dpkgArch##*-}" in \
+    amd64) ARCH='x64';; \
+    ppc64el) ARCH='ppc64le';; \
+    s390x) ARCH='s390x';; \
+    arm64) ARCH='arm64';; \
+    armhf) ARCH='armv7l';; \
+    i386) ARCH='x86';; \
+    *) echo "unsupported architecture"; exit 1 ;; \
+  esac \
+  # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
+  && export GNUPGHOME="$(mktemp -d)" \
+  # gpg keys listed at https://github.com/nodejs/node#release-keys
+  && set -ex \
+  && for key in \
+    4ED778F539E3634C779C87C6D7062848A1AB005C \
+    141F07595B7B3FFE74309A937405533BE57C7D57 \
+    74F12602B6F1C4E913FAA37AD3A89613643B6201 \
+    DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \
+    61FC681DFB92A079F1685E77973F295594EC4689 \
+    8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
+    C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
+    890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \
+    C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
+    108F52B48DB57BB0CC439B2997B01419BD92F80A \
+    A363A499291CBBC940DD62E41F10027AF002F8B0 \
+    CC68F5A3106FF448322E48ED27F5E38D5B0A215F \
+  ; do \
+      gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \
+      gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \
+  done \
+  && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
+  && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
+  && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
+  && gpgconf --kill all \
+  && rm -rf "$GNUPGHOME" \
+  && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
+  && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
+  && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
+  && ln -s /usr/local/bin/node /usr/local/bin/nodejs \
+  # smoke tests
+  && node --version \
+  && npm --version \
+  && npm install-clean
+
+# bosh-cli
+RUN \
+  wget --no-verbose https://s3.amazonaws.com/bosh-cli-artifacts/bosh-cli-${bosh_cli_version}-linux-amd64 --output-document="/usr/local/bin/bosh" && \
+  chmod +x /usr/local/bin/bosh
+
+# bbl and dependencies
+RUN \
+  wget --no-verbose https://github.com/cloudfoundry/bosh-bootloader/releases/download/v${bbl_version}/bbl-v${bbl_version}_linux_x86-64 -P /tmp && \
+  mv /tmp/bbl-* /usr/local/bin/bbl && \
+  cd /usr/local/bin && \
+  chmod +x bbl
+
+RUN \
+  wget --no-verbose https://github.com/cloudfoundry/bosh-bootloader/archive/v${bbl_version}.tar.gz -P /tmp && \
+  mkdir -p /var/repos/bosh-bootloader && \
+  tar xvf  /tmp/v${bbl_version}.tar.gz --strip-components=1 -C /var/repos/bosh-bootloader && \
+  rm -rf /tmp/*
+
+RUN \
+  wget --no-verbose "https://releases.hashicorp.com/terraform/${terraform_version}/terraform_${terraform_version}_linux_amd64.zip" -P /tmp && \
+  cd /tmp && \
+  curl https://releases.hashicorp.com/terraform/${terraform_version}/terraform_${terraform_version}_SHA256SUMS | grep linux_amd64 | shasum -c - && \
+  unzip "/tmp/terraform_${terraform_version}_linux_amd64.zip" -d /tmp && \
+  mv /tmp/terraform /usr/local/bin/terraform && \
+  cd /usr/local/bin && \
+  chmod +x terraform && \
+  rm -rf /tmp/*