Add Gitea Alpine registry workflow

scripts/apk/Dockerfile

@@ -1,4 +1,4 @@
-ARG ALPINE_VERSION=3.22
+ARG ALPINE_VERSION=3.23
 FROM alpine:${ALPINE_VERSION}
 
 ARG BUILDER_UID=1000

scripts/apk/build.sh

@@ -4,9 +4,18 @@ set -euo pipefail
 command_name="${1:-build}"
 requested_arch="${2:-${ALPINE_ARCH:-x86_64}}"
 repo_root="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
-alpine_version="${ALPINE_VERSION:-3.22}"
+alpine_version="${ALPINE_VERSION:-3.23}"
 repo_name="${ALPINE_REPO_NAME:-local}"
 build_platform="${ALPINE_BUILD_PLATFORM:-linux/amd64}"
+builder_uid="$(id -u)"
+builder_gid="$(id -g)"
+
+if [[ "${builder_uid}" == "0" ]]; then
+  builder_uid=1000
+fi
+if [[ "${builder_gid}" == "0" ]]; then
+  builder_gid=1000
+fi
 
 validate_arch() {
   case "$1" in
@@ -26,8 +35,8 @@ run_for_arch() {
   docker build \
     --platform "${build_platform}" \
     --build-arg "ALPINE_VERSION=${alpine_version}" \
-    --build-arg "BUILDER_UID=$(id -u)" \
-    --build-arg "BUILDER_GID=$(id -g)" \
+    --build-arg "BUILDER_UID=${builder_uid}" \
+    --build-arg "BUILDER_GID=${builder_gid}" \
     -f "${repo_root}/scripts/apk/Dockerfile" \
     -t "${image_name}" \
     "${repo_root}"
@@ -41,7 +50,7 @@ run_for_arch() {
     -e "ALPINE_ARCH=${arch}" \
     -e "CARCH=${arch}" \
     -e "ALPINE_REPO_NAME=${repo_name}" \
-    -e "PACKAGER=${PACKAGER:-Local Builder <local@example.invalid>}" \
+    -e "PACKAGER=${PACKAGER:-Joachim Schlöffel <me@joachim-schloeffel.com>}" \
     -v "${repo_root}:/work" \
     -v "${repo_root}/.cache/abuild:/home/builder/.abuild" \
     -v "${repo_root}/.cache/apk-distfiles:/var/cache/distfiles" \

scripts/apk/ci-build.sh

@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+repo_root="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+package_dir="${APKBUILD_DIR:-${repo_root}/packaging/alpine/local/seaweedfs}"
+repo_name="${ALPINE_REPO_NAME:-local}"
+arches="${ALPINE_ARCHES:-x86_64 aarch64}"
+packager="${PACKAGER:-Joachim Schlöffel <me@joachim-schloeffel.com>}"
+
+if [[ "${1:-}" != "--as-builder" && "$(id -u)" == "0" ]]; then
+  addgroup -g 1000 builder 2>/dev/null || addgroup builder
+  adduser -D -u 1000 -G builder builder 2>/dev/null || true
+  addgroup builder abuild
+  addgroup builder wheel
+  printf 'permit nopass :wheel\n' > /etc/doas.d/wheel.conf
+  printf '%%wheel ALL=(ALL) NOPASSWD: ALL\n' > /etc/sudoers.d/wheel
+  chown -R builder:builder "${repo_root}"
+  exec su builder -c "ALPINE_ARCHES='${arches}' ALPINE_REPO_NAME='${repo_name}' PACKAGER='${packager}' '${BASH_SOURCE[0]}' --as-builder"
+fi
+
+export PACKAGER="${packager}"
+export REPODEST="${repo_root}/packages"
+export SRCDEST="${repo_root}/.cache/apk-distfiles"
+
+git config --global --add safe.directory "${repo_root}"
+mkdir -p "${repo_root}/.cache/abuild" "${SRCDEST}" "${REPODEST}" "${HOME}/.abuild"
+
+if [[ ! -e "${HOME}/.abuild/abuild.conf" && -d "${repo_root}/.cache/abuild" ]]; then
+  rmdir "${HOME}/.abuild" 2>/dev/null || true
+  ln -s "${repo_root}/.cache/abuild" "${HOME}/.abuild"
+fi
+
+if ! compgen -G "${HOME}/.abuild/*.rsa" > /dev/null; then
+  abuild-keygen -a -n
+fi
+
+doas cp "${HOME}"/.abuild/*.rsa.pub /etc/apk/keys/
+
+for arch in ${arches}; do
+  case "${arch}" in
+    x86_64|aarch64) ;;
+    *) printf 'unsupported Alpine architecture: %s\n' "${arch}" >&2; exit 2 ;;
+  esac
+
+  printf 'Building %s for %s\n' "$(basename "${package_dir}")" "${arch}"
+  (
+    export ALPINE_ARCH="${arch}"
+    export CARCH="${arch}"
+    cd "${package_dir}"
+    abuild -r
+  )
+
+  mkdir -p "${REPODEST}/${repo_name}/${arch}"
+  cp "${HOME}"/.abuild/*.rsa.pub "${REPODEST}/${repo_name}/${arch}/"
+done

scripts/apk/ci-smoke.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+repo_root="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+repo_name="${ALPINE_REPO_NAME:-local}"
+arch="${ALPINE_ARCH:-$(apk --print-arch)}"
+packages="${SMOKE_PACKAGES:-seaweedfs seaweedfs-master-openrc seaweedfs-filer-openrc seaweedfs-worker-openrc}"
+repo_dir="${repo_root}/packages/${repo_name}/${arch}"
+read -r -a package_list <<< "${packages}"
+
+if [[ ! -d "${repo_dir}" ]]; then
+  printf 'missing local repository: packages/%s/%s\n' "${repo_name}" "${arch}" >&2
+  exit 1
+fi
+
+cp "${repo_dir}"/*.rsa.pub /etc/apk/keys/
+echo "${repo_root}/packages/${repo_name}" >> /etc/apk/repositories
+apk update
+apk add "${package_list[@]}"
+weed version
+ls -1 /etc/seaweedfs
+if ls /etc/init.d/seaweedfs.* >/dev/null 2>&1; then
+  find /etc/init.d -maxdepth 1 -name 'seaweedfs.*' -print | sort
+fi

scripts/apk/container-entrypoint.sh

@@ -7,7 +7,7 @@ repo_name="${ALPINE_REPO_NAME:-local}"
 arch="${ALPINE_ARCH:-x86_64}"
 
 export CARCH="${CARCH:-$arch}"
-export PACKAGER="${PACKAGER:-Local Builder <local@example.invalid>}"
+export PACKAGER="${PACKAGER:-Joachim Schlöffel <me@joachim-schloeffel.com>}"
 if [[ -n "${PACKAGER_PRIVKEY:-}" ]]; then
   export PACKAGER_PRIVKEY
 fi

scripts/apk/publish-gitea.sh

@@ -0,0 +1,81 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+repo_root="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+repo_name="${ALPINE_REPO_NAME:-local}"
+alpine_version="${ALPINE_VERSION:-3.23}"
+branch="${ALPINE_REGISTRY_BRANCH:-v${alpine_version}}"
+repository="${ALPINE_REGISTRY_REPOSITORY:-${PACKAGE_NAME:-main}}"
+instance_url="${INSTANCE_URL:-}"
+owner="${PACKAGE_OWNER:-}"
+user="${PACKAGE_USER:-}"
+token="${PACKAGE_TOKEN:-}"
+allow_conflicts="${GITEA_APK_ALLOW_CONFLICTS:-1}"
+
+require_env() {
+  local name="$1"
+  local value="$2"
+
+  if [[ -z "${value}" ]]; then
+    printf 'missing required environment variable: %s\n' "${name}" >&2
+    exit 2
+  fi
+}
+
+require_env INSTANCE_URL "${instance_url}"
+require_env PACKAGE_OWNER "${owner}"
+require_env PACKAGE_USER "${user}"
+require_env PACKAGE_TOKEN "${token}"
+
+instance_url="${instance_url%/}"
+upload_url="${instance_url}/api/packages/${owner}/alpine/${branch}/${repository}"
+package_root="${repo_root}/packages/${repo_name}"
+
+if [[ ! -d "${package_root}" ]]; then
+  printf 'missing local package repository: %s\n' "${package_root}" >&2
+  printf 'run: mise run apk:build-all\n' >&2
+  exit 1
+fi
+
+shopt -s nullglob
+apks=("${package_root}"/*/*.apk)
+shopt -u nullglob
+
+if [[ "${#apks[@]}" -eq 0 ]]; then
+  printf 'no APK files found under %s\n' "${package_root}" >&2
+  exit 1
+fi
+
+printf 'Publishing %d APK files to %s\n' "${#apks[@]}" "${upload_url}"
+
+for apk in "${apks[@]}"; do
+  filename="$(basename "${apk}")"
+  status="$(
+    curl --silent --show-error --location \
+      --user "${user}:${token}" \
+      --upload-file "${apk}" \
+      --write-out '%{http_code}' \
+      --output /tmp/gitea-apk-publish-response \
+      "${upload_url}"
+  )"
+
+  case "${status}" in
+    201)
+      printf 'published: %s\n' "${filename}"
+      ;;
+    409)
+      if [[ "${allow_conflicts}" == "1" ]]; then
+        printf 'already exists: %s\n' "${filename}"
+      else
+        printf 'conflict: %s already exists\n' "${filename}" >&2
+        cat /tmp/gitea-apk-publish-response >&2
+        exit 1
+      fi
+      ;;
+    *)
+      printf 'publish failed for %s: HTTP %s\n' "${filename}" "${status}" >&2
+      cat /tmp/gitea-apk-publish-response >&2
+      exit 1
+      ;;
+  esac
+done

scripts/apk/smoke.sh

@@ -2,7 +2,7 @@
 set -euo pipefail
 
 repo_root="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
-alpine_version="${ALPINE_VERSION:-3.22}"
+alpine_version="${ALPINE_VERSION:-3.23}"
 platform="${ALPINE_BUILD_PLATFORM:-linux/amd64}"
 arch="${ALPINE_ARCH:-x86_64}"
 packages="${SMOKE_PACKAGES:-seaweedfs seaweedfs-master-openrc seaweedfs-filer-openrc seaweedfs-worker-openrc}"

scripts/apk/test-shell.sh

@@ -2,7 +2,7 @@
 set -euo pipefail
 
 repo_root="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
-alpine_version="${ALPINE_VERSION:-3.22}"
+alpine_version="${ALPINE_VERSION:-3.23}"
 platform="${ALPINE_BUILD_PLATFORM:-linux/amd64}"
 arch="${ALPINE_ARCH:-x86_64}"
 packages="${TEST_SHELL_PACKAGES:-seaweedfs seaweedfs-doc bash-completion seaweedfs-master-openrc seaweedfs-filer-openrc seaweedfs-worker-openrc}"