feat: update cpp-dev image

Signed-off-by: Certseeds <51754303+Certseeds@users.noreply.github.com>
Certseeds · Nov 18, 2023 · 6330fdd · 6330fdd
1 parent 93e368c
commit 6330fdd
Show file tree

Hide file tree

Showing 5 changed files with 126 additions and 3 deletions.
diff --git a/.github/workflows/sshable.container.yaml b/.github/workflows/sshable.container.yaml
@@ -7,7 +7,7 @@ name: sshable
 
 on:
   schedule:
-    - cron: '17 20 * * *'
+    - cron: '17 10 * * *'
   push:
     branches: [ "master" ]
     # Publish semver tags as releases.
@@ -18,11 +18,12 @@ on:
 env:
   # Use docker.io for Docker Hub if empty
   REGISTRY: ghcr.io
-  IMAGE_NAME: certseeds/sshable
 
 
 jobs:
-  build:
+  build-sshable:
+    env:
+      IMAGE_NAME: certseeds/sshable
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -95,3 +96,82 @@ jobs:
         # This step uses the identity token to provision an ephemeral certificate
         # against the sigstore community Fulcio instance.
         run: cosign sign "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest"@${{ steps.build-and-push.outputs.digest }} --yes
+
+  build-cpp-dev:
+    env:
+      IMAGE_NAME: certseeds/cppdev
+    needs: build-sshable
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # Install the cosign tool except on PR
+      # https://github.com/sigstore/cosign-installer
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@main
+        with:
+          cosign-release: 'v2.2.1' # optional
+
+
+      # Workaround: https://github.com/docker/build-push-action/issues/461
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@v3.0.0
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3.0.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5.0.0
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: scripts
+        id: prepare
+        run: |
+          docker images
+          docker pull ${{ env.REGISTRY }}/sshable
+          docker images
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@v5.1.0
+        with:
+          context: ./container/cpp
+          file: ./container/cpp/cpp.dockerfile
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest"
+          labels: ${{ steps.meta.outputs.labels }}
+
+      # Sign the resulting Docker image digest except on PRs.
+      # This will only write to the public Rekor transparency log when the Docker
+      # repository is public to avoid leaking data.  If you would like to publish
+      # transparency data even for private images, pass --force to cosign below.
+      # https://github.com/sigstore/cosign
+      - name: Sign the published Docker image
+        if: ${{ github.event_name != 'pull_request' }}
+        env:
+          COSIGN_EXPERIMENTAL: "true"
+        # This step uses the identity token to provision an ephemeral certificate
+        # against the sigstore community Fulcio instance.
+        run: cosign sign "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest"@${{ steps.build-and-push.outputs.digest }} --yes
diff --git a/container/cpp/README.md b/container/cpp/README.md
@@ -0,0 +1,3 @@
+# cpp-dev
+
+一个能在22端口暴露ssh的cpp-dev镜像, 换了源.
diff --git a/container/cpp/cpp.build.sh b/container/cpp/cpp.build.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+set -euox pipefail
+main() {
+    local SOURCE="ghcr.io"
+    local USERNAME="certseeds"
+    local IMAGE_NAME="cppdev"
+    podman build \
+        -f "$(pwd)"/cpp.dockerfile \
+        -t "${SOURCE}"/"${USERNAME}"/"${IMAGE_NAME}" \
+        .
+}
+main
diff --git a/container/cpp/cpp.dockerfile b/container/cpp/cpp.dockerfile
@@ -0,0 +1,15 @@
+FROM ghcr.io/certseeds/sshable
+
+LABEL maintainer="Certseeds <51754303+Certseeds@users.noreply.github.com>" \
+    org.opencontainers.image.source="https://github.com/Certseeds/dotfiles" \
+    org.opencontainers.image.licenses="MIT" \
+    org.opencontainers.image.description="cpp dev image that can ssh"
+
+RUN yes | apt-get update \
+  && yes | apt-get upgrade \
+  && yes | apt-get install build-essential \
+  && yes | apt-get install cmake \
+  && yes | apt-get install gdb \
+  && yes | apt-get install make \
+  && yes | apt-get install ccache
+
diff --git a/container/cpp/cpp.start.sh b/container/cpp/cpp.start.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+set -euox pipefail
+main() {
+    local SOURCE="ghcr.io"
+    local USERNAME="certseeds"
+    local IMAGE_NAME="cppdev"
+    podman run \
+        -dit \
+        --name "${IMAGE_NAME}" \
+        -p 60023:22 \
+        "${SOURCE}"/"${USERNAME}"/"${IMAGE_NAME}"
+}
+main