From af7f7d11e61acf9f6113811615d1baa46daf3bd1 Mon Sep 17 00:00:00 2001 From: Patrik Lundin Date: Fri, 4 Oct 2024 12:48:34 +0200 Subject: [PATCH] Initial commit --- .forgejo/workflows/container.yaml | 11 ++++++ Dockerfile | 56 +++++++++++++++++++++++++++++++ README.md | 7 ++++ 3 files changed, 74 insertions(+) create mode 100644 .forgejo/workflows/container.yaml create mode 100644 Dockerfile create mode 100644 README.md diff --git a/.forgejo/workflows/container.yaml b/.forgejo/workflows/container.yaml new file mode 100644 index 0000000..0911bab --- /dev/null +++ b/.forgejo/workflows/container.yaml @@ -0,0 +1,11 @@ +on: + push: +jobs: + container: + runs-on: docker + steps: + - uses: https://code.forgejo.org/actions/checkout@v4 + - uses: https://platform.sunet.se/sunet-cdn/runner-action-kaniko@2088faeaa6a22c2f85b61a7b41cdecf4f83cf36a + with: + credential: ci-sunet-cdn:${{ secrets.CI_SUNET_CDN }} + image: sunet-cdn/cdn-varnish:${{ env.GITHUB_SHA }} diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..4730092 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,56 @@ +# syntax=docker/dockerfile:1-labs + +# The above is needed to give us access to "RUN --security=insecure" below, and +# this is needed to make fellow tests succeed. Otherwise the docker sandbox +# will prevent access to io_uring: +# +# /tmp/slash/src/test-suite.log: +# === +# fellow: io_uring try: FATAL, got -1 (Operation not permitted) +# Wrong turn in try_flag(), fellow_io_uring.c line 262: Unexpected io_uring error. Is it available? +# errno = 1 (Operation not permitted) +# === + +# Dockerfile contents Based on +# https://github.com/varnish/docker-varnish/blob/master/vmod-examples/Dockerfile.with-varnish-src +# to get access to varnish source as expected by slash build steps. +FROM varnish:7.5.0 + +# https://code.uplex.de/uplex-varnish/slash/blob/master/INSTALL.rst +ENV SLASH_DEPS="git autoconf autoconf-archive automake libtool python3-docutils python3-sphinx libpcre2-dev libreadline-dev liburing-dev libxxhash-dev libncurses-dev" +ENV SLASH_RUNTIME_DEPS="liburing2 libxxhash0" +ENV VARNISHSRC=/tmp/varnish-cache + +# Might as well use a variable for the slash source as well +ENV SLASHSRC=/tmp/slash + +USER root +# --security=insecure is not supported by kaniko, but needed if building +# directly with docker, comment out the one you dont need. +#RUN --security=insecure set -e && \ +RUN set -e && \ + # get the dependencies + apt-get update && \ + apt-get -y install /pkgs/*.deb $VMOD_DEPS $SLASH_DEPS $SLASH_RUNTIME_DEPS && \ + # grab the right commit of the Varnish source + git clone https://github.com/varnishcache/varnish-cache.git $VARNISHSRC && \ + cd /tmp/varnish-cache && \ + # make sure to check out the exact same version that's already compiled and installed + git checkout $(varnishd -V 2>&1 | grep -o '[0-9a-f]\{40\}*') && \ + # BEGIN slash specific + ./autogen.des && \ + cd include && \ + make vcs_version.h && \ + cd ../lib/libvsc && \ + make && \ + git clone https://code.uplex.de/uplex-varnish/slash.git $SLASHSRC && \ + cd $SLASHSRC && \ + # use specific commit for reproducibility + git checkout a06224b9c6087349c511135f6011a3d33aacf934 && \ + ./bootstrap && \ + make check && \ + make install && \ + # END slash specific + apt-get -y purge --auto-remove $VMOD_DEPS varnish-dev $SLASH_DEPS && \ + rm -rf /var/lib/apt/lists/* $VARNISHSRC $SLASHSRC +USER varnish diff --git a/README.md b/README.md new file mode 100644 index 0000000..f6ea267 --- /dev/null +++ b/README.md @@ -0,0 +1,7 @@ +# cdn-varnish + +This is used to build our custom varnish container with the `SLASH/` storage +engine present. + +The reason for using `SLASH/` is to be able to have the cache survive reboots +of the varnish nodes.