forked from chainguard-dev/apko
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapko-playground.yaml
109 lines (99 loc) · 4.51 KB
/
apko-playground.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# apko lima configuration file
#
# To start environment:
# limactl start --tty=false apko-playground.yaml
#
# To obtain root shell (needed for apko build):
# limactl shell apko-playground sudo su -c "HOME=\"${HOME}\" ash"
#
# Build an example image:
# apko build /examples/nginx.yaml tag /tmp/output.tar
#
# Publish an example image:
# apko publish /examples/nginx.yaml <registry_ref>
#
# To delete environment:
# limactl delete -f apko-playground
#
images:
- location: https://github.com/lima-vm/alpine-lima/releases/download/v0.2.27/alpine-lima-std-3.17.0-x86_64.iso
arch: "x86_64"
digest: "sha512:07b88838734de63edf302a531aaf57f5a48ec31b31b8a95740faa4fac11852b375c5c83180ff34311ee284b8123536b86b70f0606591b1986e9af2268f3ea675"
- location: https://github.com/lima-vm/alpine-lima/releases/download/v0.2.27/alpine-lima-std-3.17.0-aarch64.iso
arch: "aarch64"
digest: "sha512:b8028c96385ea5be499e37c142cb9e9d9c861f2647ff7f8cceaf867961ef8878e34a8ba0e8cfe2e01ac082191048e7acc30534782b13c5ec4bea53dad5919c33"
cpus: 1
memory: 2GiB
disk: 10GiB
firmware:
legacyBIOS: true
containerd:
system: false
user: false
mounts:
# Allow access to things like ~/.docker/config.json and cloud credentials etc.
- location: "~"
provision:
- mode: system
script: |
#!/bin/ash
set -eux -o pipefail
# Install apko from Alpine edge repo
apk add apko -X https://dl-cdn.alpinelinux.org/alpine/edge/testing/
# Add useful tools like vim
apk update
apk add vim
# Add Docker credential helpers needed for pushing to various cloud registries
arch="$(uname -m)"
if [[ "${arch}" != "x86_64" ]] && [[ "${arch}" != "aarch64" ]]; then
echo "Unsupported arch: ${arch}. Exiting."
exit 1
fi
# 1. docker-credential-gcr (Google)
# https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases
if [[ "${arch}" == "x86_64" ]]; then
wget -O tmp.tar.gz https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v2.1.0/docker-credential-gcr_linux_amd64-2.1.0.tar.gz
sha256sum tmp.tar.gz | grep '^91cca7b5ca33133bcd217982be31d670efe7f1a33eb5be72e014f74feecac00f '
else
wget -O tmp.tar.gz https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v2.1.0/docker-credential-gcr_linux_arm64-2.1.0.tar.gz
sha256sum tmp.tar.gz | grep '^0fcde1af46a4ddc3135a673b61707a4e241b5fc994d493c6c0c03e9ebcf5eee4 '
fi
tar -xvf tmp.tar.gz docker-credential-gcr
chmod +x docker-credential-gcr
mv docker-credential-gcr /usr/bin
rm -f tmp.tar.gz
# 2. docker-credential-ecr-login (Amazon)
# https://github.com/awslabs/amazon-ecr-credential-helper/releases
if [[ "${arch}" == "x86_64" ]]; then
wget -O docker-credential-ecr-login https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.6.0/linux-amd64/docker-credential-ecr-login
sha256sum docker-credential-ecr-login | grep '^af805202cb5d627dde2e6d4be1f519b195fd5a3a35ddc88d5010b4a4e5a98dd8 '
else
wget -O docker-credential-ecr-login https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.6.0/linux-arm64/docker-credential-ecr-login
sha256sum docker-credential-ecr-login | grep '^760ecd36acf720cfe6a6ddb6fb20a32845e8886ea2e5333441c4bcca0a1d9620 '
fi
chmod +x docker-credential-ecr-login
mv docker-credential-ecr-login /usr/bin
# 3. docker-credential-acr-env (Microsoft)
# https://github.com/chrismellard/docker-credential-acr-env/releases
# No version yet available for aarch64, skipping.
# See: https://github.com/chrismellard/docker-credential-acr-env/issues/6
# 4. docker-credential-osxkeychain (mac system)
# Add a dummy version of docker-credential-osxkeychain typically found
# in mac ~/.docker/config.json
echo '#!/bin/ash' > /usr/bin/docker-credential-osxkeychain
echo 'echo "{\"ServerURL\":\"${1}\",\"Username\":\"\",\"Secret\":\"\"}"' \
>> /usr/bin/docker-credential-osxkeychain
chmod +x /usr/bin/docker-credential-osxkeychain
# Get the examples/ dir from GitHub release, place at /examples
wget https://github.com/chainguard-dev/apko/archive/refs/heads/main.zip
unzip main.zip "apko-main/examples/*" -d /examples -j
rm -f main.zip
message: |-
---
Run the following to get a root shell (needed to run apko build):
limactl shell apko-playground sudo su -c "HOME=\"${HOME}\" ash"
Try building an image:
apko build /examples/nginx.yaml tag /tmp/output.tar
Try publishing an image:
apko publish /examples/nginx.yaml <registry_ref>
---