Add gitea dockerfile

Change-Id: Iae2c4cbd174212e97445dd3080e2b85be730c5c4
Story: 2004627

.zuul.yaml

@@ -22,6 +22,81 @@
     vars:
       project_src_dir: "{{ zuul.project.src_dir }}/modules/openstack_project"
 
+# Image building jobs
+- secret:
+    name: system-config-dockerhub
+    data:
+      username: openstackzuul
+      password: !encrypted/pkcs1-oaep
+        - iz3aVtc1eXwM/d02gaA8qyvryJtrOOTmPZhfWiRw3VaVpuU/lrpSD/qRKPwBEbhFCpzCh
+          B3eelTaJMKaMsVFU/cD+EOB6MBpCtHreKug3+B1g1Ag9TQaLGfa2d7swPRrhFEENpQBzm
+          D9OqBYVCWTyGo/Y1nkC/zb+e1H2IdI1axNJrVaKR6FYN8vhpPsflvyW2PCNsdT2YlKCMz
+          G0wFMJv6zMH6Jw1c0ruHm5pa9O4EWLwhmdxHMeTRAT4JVJdLehVGQLBXvXxZzMOXB2Jrj
+          KHIMFFhzlc1bZXcFKAMakvfP0ARLmPySEnIcVHjHXvsXmGLuVB0lSXUtUB1QW8qJcso1m
+          C0ky4VAFHoNB/EV5VGu7btkZDtJKzsQcPXnaT1LcX1xS+QC0bC4SYR25WN9RK7z1sXvMn
+          dxMIwJIvXOb+aE5mdl63G8OBTxznPAGioCZNjqoMPQJ7VzITSYnPiW5CyZDUinTSDDver
+          zHBG/Svpwiu7Lm2vOgExHYdCDeo0a5lacxjcwW2FfP7fal3ZLoTeSTGXvIaffS552mZ9L
+          I0cLfq/ikkbaC4a+bqFnVdDm9wNAyBtOkq5wn3TqOFMrFaBlkI5/34i2fLauZOoka6bcN
+          zJnvDrjRemvgmWP1q4uI8cPzJK3zjN9/GYrs1MQxHCsNn33sWpc1oHRO+TL/8g=
+
+- job:
+    name: system-config-build-image
+    description: |
+      Build a docker image.
+
+      .. zuul:jobvar:: images
+
+         A list of images to build.  Each item in the list should have:
+
+         .. zuul:jobvar:: context
+
+            The docker build context; should be a directory in this repo.
+
+         .. zuul:jobvar:: target
+
+            Optional; if supplied, the target for a multi-stage build.
+
+         .. zuul:jobvar:: repository
+
+            The name of the target repository in dockerhub for the
+            image.  Supply this even if the image is not going to be
+            uploaded (it will be tagged with this in the local
+            registry).
+
+      .. zuul:jobvar:: credentials
+
+         If this is provided, the resulting image will be uploaded.
+         This should be a secret with two keys: ``username`` and
+         ``password``.
+
+    abstract: true
+    pre-run: playbooks/zuul/build-image-pre.yaml
+    run: playbooks/zuul/build-image.yaml
+    post-run: playbooks/zuul/build-image-upload.yaml
+
+- job:
+    name: system-config-build-image-gitea
+    description: Build a gitea image
+    parent: system-config-build-image
+    vars:
+      images:
+        - context: docker/gitea
+          target: gitea
+          repository: opendevorg/gitea
+        - context: docker/gitea
+          target: gitea-openssh
+          repository: opendevorg/gitea-openssh
+    files:
+      - docker/gitea/.*
+
+- job:
+    name: system-config-upload-image-gitea
+    description: Build and upload a gitea image
+    parent: system-config-build-image-gitea
+    secrets:
+      name: credentials
+      secret: system-config-dockerhub
+
 # Role integration jobs.  These test the top-level generic roles/*
 # under Zuul.  The range of platforms should be the same as those for
 # openstack-zuul-jobs.
@@ -304,6 +379,7 @@
         - system-config-run-eavesdrop
         - system-config-run-nodepool
         - system-config-run-docker
+        - system-config-build-image-gitea
     gate:
       jobs:
         - tox-linters
@@ -317,3 +393,7 @@
         - system-config-run-eavesdrop
         - system-config-run-nodepool
         - system-config-run-docker
+        - system-config-build-image-gitea
+    post:
+      jobs:
+        - system-config-upload-image-gitea

docker/gitea/Dockerfile

@@ -0,0 +1,111 @@
+# Copyright (c) 2018 Red Hat, Inc.
+# Copyright (c) 2016 The Gitea Authors
+# Copyright (c) 2015 The Gogs Authors
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+###################################
+#Build stage
+FROM golang:1.11-stretch AS build-env
+
+LABEL maintainer="infra-root@openstack.org"
+
+ARG GITEA_VERSION=v1.6.0
+ENV TAGS "bindata $TAGS"
+
+#Build deps
+RUN apt-get update && apt-get -y install build-essential git \
+  && mkdir -p ${GOPATH}/src/code.gitea.io/gitea
+
+#Setup repo
+RUN git clone https://github.com/go-gitea/gitea ${GOPATH}/src/code.gitea.io/gitea
+WORKDIR ${GOPATH}/src/code.gitea.io/gitea
+
+#Checkout version if set
+RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
+ && make clean generate build
+
+###################################
+# Basic system setup common to all containers in our pod
+
+FROM debian:testing as base
+
+RUN apt-get update && apt-get -y install \
+    bash \
+    ca-certificates \
+    curl \
+    gettext \
+    git \
+    openssh-client \
+    tzdata \
+  && apt-get clean \
+  && rm -rf /var/lib/apt/lists/*
+
+RUN addgroup \
+    --system --gid 1000 \
+    git && \
+  adduser \
+    --system --no-create-home --disabled-login \
+    --home /data/git \
+    --shell /bin/bash \
+    --uid 1000 \
+    --gid 1000 \
+    git && \
+  echo "git:$(dd if=/dev/urandom bs=24 count=1 status=none | base64)" | chpasswd
+
+# Copy the /etc config files and entrypoint script
+COPY --from=build-env /go/src/code.gitea.io/gitea/docker /
+
+# Copy the app
+COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
+RUN ln -s /app/gitea/gitea /usr/local/bin/gitea
+
+###################################
+# The gitea image
+FROM base as gitea
+
+RUN apt-get update && apt-get -y install pandoc \
+  && apt-get clean \
+  && rm -rf /var/lib/apt/lists/*
+
+EXPOSE 3000
+ENV USER git
+ENV GITEA_CUSTOM /data/gitea
+VOLUME ["/data"]
+ENTRYPOINT ["/usr/bin/entrypoint"]
+CMD ["/app/gitea/gitea"]
+USER 1000:1000
+
+###################################
+# The openssh server image
+FROM base as gitea-openssh
+
+RUN apt-get update \
+  && DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confold" \
+    install openssh-server \
+  && apt-get clean \
+  && rm -rf /var/lib/apt/lists/* \
+  && mkdir /run/sshd
+
+COPY sshd-entrypoint.sh /usr/bin/entrypoint
+
+EXPOSE 22
+VOLUME ["/data"]
+ENTRYPOINT ["/usr/bin/entrypoint"]
+CMD ["/usr/sbin/sshd", "-D"]

docker/gitea/sshd-entrypoint.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -e
+
+# Generate host keys if necessary
+/etc/s6/openssh/setup
+
+exec "$@"

playbooks/zuul/build-image-pre.yaml

@@ -0,0 +1,3 @@
+- hosts: all
+  roles:
+    - install-docker

playbooks/zuul/build-image-upload.yaml

@@ -0,0 +1,11 @@
+- hosts: all
+  tasks:
+    - name: Upload image to dockerhub
+      when: credentials is defined
+      block:
+        - name: Log in to dockerhub
+          command: "docker login -u {{ credentials.username }} -p {{ credentials.password }}"
+          no_log: true
+        - name: Upload to dockerhub
+          command: "docker push {{ item.repository }}"
+          loop: "{{ images }}"

playbooks/zuul/build-image.yaml

@@ -0,0 +1,7 @@
+- hosts: all
+  tasks:
+    - name: Build a docker image
+      command: "docker build . {{ target | default(false) | ternary('--target ', '') }}{{ target | default('') }} --tag {{ item.repository }}"
+      args:
+        chdir: "{{ zuul.project.src_dir }}/{{ item.context }}"
+      loop: "{{ images }}"