From a6603efbc27198c06ce1d456400e8bfec3e98c1c Mon Sep 17 00:00:00 2001
From: classabbyamp <void@placeviolette.net>
Date: Sun, 30 Jul 2023 01:00:16 -0400
Subject: [PATCH] common/container: move masterdir image building to
 void-packages

see void-linux/void-docker#11
---
 .dockerignore                    |  3 ++
 .github/workflows/container.yaml | 64 ++++++++++++++++++++++++++++++++
 common/container/Containerfile   | 34 +++++++++++++++++
 common/container/docker-bake.hcl | 37 ++++++++++++++++++
 common/container/noextract.conf  | 13 +++++++
 common/container/setup.sh        | 29 +++++++++++++++
 6 files changed, 180 insertions(+)
 create mode 100644 .dockerignore
 create mode 100644 .github/workflows/container.yaml
 create mode 100644 common/container/Containerfile
 create mode 100644 common/container/docker-bake.hcl
 create mode 100644 common/container/noextract.conf
 create mode 100644 common/container/setup.sh

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000000000..2d28584d8dbfb
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,3 @@
+*
+!common/container/
+!common/repo-keys/
diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml
new file mode 100644
index 0000000000000..3b55629a85578
--- /dev/null
+++ b/.github/workflows/container.yaml
@@ -0,0 +1,64 @@
+---
+name: 'Build build-root containers'
+
+on:
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    outputs:
+      metadata: ${{ steps.build_and_push.outputs.metadata }}
+    steps:
+      - name: Checkout
+        uses: classabbyamp/treeless-checkout-action@v1
+
+      - name: Docker metadata
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            ghcr.io/${{ github.repository_owner }}/void-build-root-glibc
+            ghcr.io/${{ github.repository_owner }}/void-build-root-musl
+          tags: |
+            type=sha,prefix=
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=raw,value={{date 'YYYYMMDD'}},enable={{is_default_branch}},priority=1000
+          flavor: latest=false
+          labels: |
+            org.opencontainers.image.authors=Void Linux team and contributors
+            org.opencontainers.image.url=https://voidlinux.org
+            org.opencontainers.image.documentation=https://github.com/${{ github.repository }}
+            org.opencontainers.image.source=https://github.com/${{ github.repository }}
+            org.opencontainers.image.vendor=Void Linux
+            org.opencontainers.image.title=Void Linux build root
+            org.opencontainers.image.description=Image for building packages with xbps-src on Void Linux
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to GCHR
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push images
+        id: build_and_push
+        uses: docker/bake-action@v3
+        with:
+          push: ${{ endsWith(github.ref, 'master') }}
+          files: |
+            common/container/docker-bake.hcl
+            ${{ steps.meta.outputs.bake-file }}
+          set: |
+            _common.cache-to=type=gha
+            _common.cache-from=type=gha
diff --git a/common/container/Containerfile b/common/container/Containerfile
new file mode 100644
index 0000000000000..008aab15eea83
--- /dev/null
+++ b/common/container/Containerfile
@@ -0,0 +1,34 @@
+# syntax=docker/dockerfile:1
+FROM --platform=${BUILDPLATFORM} alpine:3.18 AS bootstrap
+ARG TARGETPLATFORM
+ARG MIRROR=https://repo-ci.voidlinux.org
+ARG LIBC
+RUN apk add ca-certificates curl && \
+  curl "${MIRROR}/static/xbps-static-static-0.59_5.$(uname -m)-musl.tar.xz" | tar vJx
+COPY common/repo-keys/* /target/var/db/xbps/keys/
+COPY common/container/setup.sh /bootstrap/setup.sh
+RUN --mount=type=cache,sharing=locked,target=/target/var/cache/xbps,id=repocache-${LIBC} \
+  . /bootstrap/setup.sh; \
+  XBPS_TARGET_ARCH=${ARCH} xbps-install -S \
+    -R "${REPO}" -R "${REPO}/bootstrap" \
+    -r /target
+
+FROM --platform=${BUILDPLATFORM} bootstrap AS install
+ARG TARGETPLATFORM
+ARG MIRROR
+ARG LIBC
+COPY --from=bootstrap /target /target
+COPY common/container/noextract.conf /target/etc/xbps.d/noextract.conf
+RUN --mount=type=cache,sharing=locked,target=/target/var/cache/xbps,id=repocache-${LIBC} \
+  . /bootstrap/setup.sh; \
+  XBPS_TARGET_ARCH=${ARCH} xbps-install -y \
+    -R "${REPO}" -R "${REPO}/bootstrap" \
+    -r /target \
+    base-chroot void-repo-bootstrap
+
+FROM scratch AS image
+COPY --link --from=install /target /
+RUN --mount=type=tmpfs,target=/tmp \
+  xbps-reconfigure -a; \
+  rm -rf /var/cache/xbps/*
+CMD ["/bin/sh"]
diff --git a/common/container/docker-bake.hcl b/common/container/docker-bake.hcl
new file mode 100644
index 0000000000000..375b34393625a
--- /dev/null
+++ b/common/container/docker-bake.hcl
@@ -0,0 +1,37 @@
+variable "MIRROR" {
+  default = "https://repo-ci.voidlinux.org/"
+}
+
+target "docker-metadata-action" {}
+
+target "_common" {
+  inherits = ["docker-metadata-action"]
+  dockerfile = "common/container/Containerfile"
+  no-cache-filter = ["bootstrap"]
+  cache-to = ["type=local,dest=/tmp/buildx-cache"]
+  cache-from = ["type=local,src=/tmp/buildx-cache"]
+  target = "image"
+  args = {
+    "MIRROR" = "${MIRROR}"
+  }
+}
+
+target "void-build-root-glibc" {
+  inherits = ["_common"]
+  platforms = ["linux/amd64", "linux/386", "linux/arm64", "linux/arm/v7", "linux/arm/v6"]
+  args = { "LIBC" = "glibc" }
+}
+
+target "void-build-root-musl" {
+  inherits = ["_common"]
+  platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"]
+  args = { "LIBC" = "musl" }
+}
+
+group "default" {
+  targets = [
+    "void-build-root-glibc",
+    "void-build-root-musl",
+  ]
+}
+
diff --git a/common/container/noextract.conf b/common/container/noextract.conf
new file mode 100644
index 0000000000000..be8ac91510c5e
--- /dev/null
+++ b/common/container/noextract.conf
@@ -0,0 +1,13 @@
+noextract=/etc/sv*
+noextract=/usr/share/man*
+noextract=/usr/lib/dracut*
+noextract=/etc/skel*
+noextract=/usr/lib/modprobe.d*
+noextract=/usr/lib/sysctl.d*
+noextract=/usr/lib/udev*
+noextract=/usr/share/bash-completion*
+noextract=/usr/share/fish/vendor-completions.d*
+noextract=/usr/share/zsh/site-functions*
+noextract=/usr/share/info*
+noextract=/usr/share/locale*
+noextract=/usr/lib/gconv*
diff --git a/common/container/setup.sh b/common/container/setup.sh
new file mode 100644
index 0000000000000..f28a2b2073c64
--- /dev/null
+++ b/common/container/setup.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+: "${MIRROR:=https://repo-default.voidlinux.org/}"
+
+suffix() {
+	case "${LIBC:?}" in
+	musl) echo "-musl" ;;
+	esac
+}
+
+repo() {
+	case "${ARCH:?}" in
+	aarch64*) echo "${MIRROR}/current/aarch64" ;;
+	*-musl)   echo "${MIRROR}/current/musl"    ;;
+	*)        echo "${MIRROR}/current"         ;;
+	esac
+}
+
+case "${TARGETPLATFORM:?}" in
+linux/arm/v6) ARCH="armv6l$(suffix)"  ;;
+linux/arm/v7) ARCH="armv7l$(suffix)"  ;;
+linux/arm64)  ARCH="aarch64$(suffix)" ;;
+linux/amd64)  ARCH="x86_64$(suffix)"  ;;
+linux/386)    ARCH="i686$(suffix)"    ;;
+esac
+
+REPO="$(repo)"
+
+export ARCH REPO