sunet-cdn/cdn-varnish
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Initial commit
All checks were successful
/ container (push) Successful in 13m15s
Details

Browse source
This commit is contained in:
Patrik Lundin 2024-10-04 12:48:34 +02:00
commit af7f7d11e6
Signed by: patlu
GPG key ID: A0A812BA2249F294
3 changed files with 74 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
.forgejo/workflows/container.yaml Normal file
View file

@ -0,0 +1,11 @@
on:
push:
jobs:
container:
runs-on: docker
steps:
- uses: https://code.forgejo.org/actions/checkout@v4
- uses: https://platform.sunet.se/sunet-cdn/runner-action-kaniko@2088faeaa6a22c2f85b61a7b41cdecf4f83cf36a
with:
credential: ci-sunet-cdn:${{ secrets.CI_SUNET_CDN }}
image: sunet-cdn/cdn-varnish:${{ env.GITHUB_SHA }}

56
Dockerfile Normal file
View file

@ -0,0 +1,56 @@
# syntax=docker/dockerfile:1-labs
# The above is needed to give us access to "RUN --security=insecure" below, and
# this is needed to make fellow tests succeed. Otherwise the docker sandbox
# will prevent access to io_uring:
#
# /tmp/slash/src/test-suite.log:
# ===
# fellow: io_uring try: FATAL, got -1 (Operation not permitted)
# Wrong turn in try_flag(), fellow_io_uring.c line 262: Unexpected io_uring error. Is it available?
# errno = 1 (Operation not permitted)
# ===
# Dockerfile contents Based on
# https://github.com/varnish/docker-varnish/blob/master/vmod-examples/Dockerfile.with-varnish-src
# to get access to varnish source as expected by slash build steps.
FROM varnish:7.5.0
# https://code.uplex.de/uplex-varnish/slash/blob/master/INSTALL.rst
ENV SLASH_DEPS="git autoconf autoconf-archive automake libtool python3-docutils python3-sphinx libpcre2-dev libreadline-dev liburing-dev libxxhash-dev libncurses-dev"
ENV SLASH_RUNTIME_DEPS="liburing2 libxxhash0"
ENV VARNISHSRC=/tmp/varnish-cache
# Might as well use a variable for the slash source as well
ENV SLASHSRC=/tmp/slash
USER root
# --security=insecure is not supported by kaniko, but needed if building
# directly with docker, comment out the one you dont need.
#RUN --security=insecure set -e && \
RUN set -e && \
# get the dependencies
apt-get update && \
apt-get -y install /pkgs/*.deb $VMOD_DEPS $SLASH_DEPS $SLASH_RUNTIME_DEPS && \
# grab the right commit of the Varnish source
git clone https://github.com/varnishcache/varnish-cache.git $VARNISHSRC && \
cd /tmp/varnish-cache && \
# make sure to check out the exact same version that's already compiled and installed
git checkout $(varnishd -V 2>&1 | grep -o '[0-9a-f]\{40\}*') && \
# BEGIN slash specific
./autogen.des && \
cd include && \
make vcs_version.h && \
cd ../lib/libvsc && \
make && \
git clone https://code.uplex.de/uplex-varnish/slash.git $SLASHSRC && \
cd $SLASHSRC && \
# use specific commit for reproducibility
git checkout a06224b9c6087349c511135f6011a3d33aacf934 && \
./bootstrap && \
make check && \
make install && \
# END slash specific
apt-get -y purge --auto-remove $VMOD_DEPS varnish-dev $SLASH_DEPS && \
rm -rf /var/lib/apt/lists/* $VARNISHSRC $SLASHSRC
USER varnish

7
README.md Normal file
View file

@ -0,0 +1,7 @@
# cdn-varnish
This is used to build our custom varnish container with the `SLASH/` storage
engine present.
The reason for using `SLASH/` is to be able to have the cache survive reboots
of the varnish nodes.