sarman/tftsr-devops_investigation
1
1
Fork 0
Code Issues 4 Pull Requests Actions 34 Packages Projects 3 Releases 6 Wiki Activity
450ef84da7
tftsr-devops_investigation/.docker/Dockerfile.windows-cross

44 lines
1.6 KiB
Docker
Raw Normal View History

feat(ci): add persistent pre-baked Docker builder images Add three Dockerfiles under .docker/ and a build-images.yml workflow that pushes them to the local Gitea container registry (172.0.0.29:3000). Each image pre-installs all system deps, Node.js 22, and the Rust cross- compilation target so release builds can skip apt-get entirely: trcaa-linux-amd64:rust1.88-node22 — webkit2gtk, gtk3, all Tauri deps trcaa-windows-cross:rust1.88-node22 — mingw-w64, nsis, Windows target trcaa-linux-arm64:rust1.88-node22 — arm64 multiarch dev libs, Rust 1.88 build-images.yml triggers automatically when .docker/ changes on master and supports workflow_dispatch for manual/first-time builds. auto-tag.yml is NOT changed in this commit — switch it to use the new images in the follow-up PR (after images are pushed to the registry). One-time server setup required before first use: echo '{"insecure-registries":["172.0.0.29:3000"]}' \ | sudo tee /etc/docker/daemon.json && sudo systemctl restart docker
2026-04-06 02:07:17 +00:00
# Pre-baked cross-compiler for Windows amd64 Tauri releases (runs on Linux amd64).
# All MinGW and Node.js dependencies are installed once here; CI jobs skip apt-get entirely.
docs(docker): expand rebuild trigger comments to include OpenSSL and Tauri CLI
2026-04-12 23:54:57 +00:00
# Rebuild when: Rust toolchain version changes, Node.js major version changes,
# OpenSSL major version changes (used via OPENSSL_STATIC=1), or Tauri CLI changes
# that affect bundler system deps.
feat(ci): add persistent pre-baked Docker builder images Add three Dockerfiles under .docker/ and a build-images.yml workflow that pushes them to the local Gitea container registry (172.0.0.29:3000). Each image pre-installs all system deps, Node.js 22, and the Rust cross- compilation target so release builds can skip apt-get entirely: trcaa-linux-amd64:rust1.88-node22 — webkit2gtk, gtk3, all Tauri deps trcaa-windows-cross:rust1.88-node22 — mingw-w64, nsis, Windows target trcaa-linux-arm64:rust1.88-node22 — arm64 multiarch dev libs, Rust 1.88 build-images.yml triggers automatically when .docker/ changes on master and supports workflow_dispatch for manual/first-time builds. auto-tag.yml is NOT changed in this commit — switch it to use the new images in the follow-up PR (after images are pushed to the registry). One-time server setup required before first use: echo '{"insecure-registries":["172.0.0.29:3000"]}' \ | sudo tee /etc/docker/daemon.json && sudo systemctl restart docker
2026-04-06 02:07:17 +00:00
# Tag format: rust<VER>-node<VER>
FROM rust:1.88-slim
RUN apt-get update -qq \
&& apt-get install -y -qq --no-install-recommends \
fix(ci): address second AI review — || true, ca-certs, cache@v4, key suffixes Dockerfiles: - Remove || true from rustup component add in all three Linux images; rust:1.88-slim default profile already includes both components so the command is a clean no-op, not a failure risk — silencing errors served no purpose and only hid potential toolchain issues - Add ca-certificates explicitly to Dockerfile.linux-amd64 and Dockerfile.windows-cross (rust:1.88-slim includes it, but being explicit is consistent with the arm64 fix and future-proofs against base image changes) Workflows: - Upgrade actions/cache@v3 → @v4 across test.yml and auto-tag.yml (v3 deprecated; v4 has parallel uploads and better large-cache support) - Add linux-amd64 suffix to cargo cache keys in test.yml Rust jobs and auto-tag.yml build-linux-amd64 job; all four jobs target the same architecture and now share a cache, benefiting from cross-job hits (registry cache is source tarballs, not compiled artifacts — no pollution risk between targets) Not changed: - alpine:latest + docker-cli in build-images.yml is correct; the reviewer confused DinD with socket passthrough — docker:24-cli also has no daemon, both use the host socket; the builds already proved alpine works - curl|bash for rustup is the official install method; rustup.rs publishes no checksums for the installer script itself
2026-04-13 01:07:20 +00:00
ca-certificates \
feat(ci): add persistent pre-baked Docker builder images Add three Dockerfiles under .docker/ and a build-images.yml workflow that pushes them to the local Gitea container registry (172.0.0.29:3000). Each image pre-installs all system deps, Node.js 22, and the Rust cross- compilation target so release builds can skip apt-get entirely: trcaa-linux-amd64:rust1.88-node22 — webkit2gtk, gtk3, all Tauri deps trcaa-windows-cross:rust1.88-node22 — mingw-w64, nsis, Windows target trcaa-linux-arm64:rust1.88-node22 — arm64 multiarch dev libs, Rust 1.88 build-images.yml triggers automatically when .docker/ changes on master and supports workflow_dispatch for manual/first-time builds. auto-tag.yml is NOT changed in this commit — switch it to use the new images in the follow-up PR (after images are pushed to the registry). One-time server setup required before first use: echo '{"insecure-registries":["172.0.0.29:3000"]}' \ | sudo tee /etc/docker/daemon.json && sudo systemctl restart docker
2026-04-06 02:07:17 +00:00
mingw-w64 \
curl \
nsis \
perl \
make \
jq \
git \
&& curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
&& apt-get install -y --no-install-recommends nodejs \
&& rm -rf /var/lib/apt/lists/*
fix: revert incorrect sanitization - use 172.0.0.29 for CI runners Critical fixes for CI/CD workflows: 1. Reverted gitea.tftsr.com:3000 → 172.0.0.29:3000 in ALL workflow files - CI runners MUST use internal IP address 172.0.0.29 - This was incorrectly sanitized in the initial backport 2. Removed GitHub CLI (gh) from Dockerfiles - Replaced with commented-out tea (Gitea CLI) installation - This project uses Gitea, not GitHub Files changed: - .gitea/workflows/auto-tag.yml - Fixed 19 URLs - .gitea/workflows/build-images.yml - Fixed registry URLs - .gitea/workflows/test.yml - Fixed git remote URLs - .docker/Dockerfile.* - Removed gh CLI, added tea as optional Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-06-05 19:52:00 +00:00
# tea (Gitea CLI) can be installed if needed:
# RUN curl -sL https://dl.gitea.com/tea/master/tea-master-linux-amd64 -o /usr/local/bin/tea \
# && chmod +x /usr/local/bin/tea
feat: full copy from apollo_nxt-trcaa with complete sanitization Complete backport of all features from apollo_nxt-trcaa repository: - Three-tier shell execution safety system (Tier 1: auto, Tier 2: approve, Tier 3: deny) - Ollama function calling with tool use support - AI provider tool calling auto-detection - kubectl binary bundling and management - kubeconfig upload and context management - Shell approval modal with real-time UI - MCP protocol HTTP transport with custom headers - Enhanced security audit logging - Comprehensive test coverage (275+ tests) - Updated CI/CD workflows for Gitea Actions - Complete documentation (ADRs, wiki, release notes) Sanitization applied to all files: - Removed all MSI, Motorola, VNXT, Vesta references - Replaced internal infrastructure references with TFTSR equivalents - Updated all URLs and API endpoints - Sanitized commit history references in documentation Technical changes: - New modules: shell/classifier, shell/executor, shell/kubectl, shell/kubeconfig - Enhanced AI providers: ollama.rs, openai.rs with function calling - New Tauri commands: shell execution, kubeconfig management, tool calling detection - Database migrations: shell_execution_audit table - Frontend: ShellApprovalModal, ShellExecution, KubeconfigManager pages - CI/CD: kubectl bundling, multi-platform builds, Gitea Actions integration Version: 1.0.8 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-06-05 19:11:00 +00:00
# Pre-build libsodium for x86_64-pc-windows-gnu so libsodium-sys-stable
# does not attempt a network download at cargo build time (no DNS in CI containers).
RUN set -eu \
&& SODIUM_VER="1.0.20" \
&& curl -fsSL "https://download.libsodium.org/libsodium/releases/libsodium-${SODIUM_VER}.tar.gz" \
| tar -xz -C /tmp \
&& cd "/tmp/libsodium-${SODIUM_VER}" \
&& ./configure \
--host=x86_64-w64-mingw32 \
--prefix=/usr/x86_64-w64-mingw32 \
--disable-shared \
--enable-static \
&& make -j"$(nproc)" \
&& make install \
&& rm -rf "/tmp/libsodium-${SODIUM_VER}"
feat(ci): add persistent pre-baked Docker builder images Add three Dockerfiles under .docker/ and a build-images.yml workflow that pushes them to the local Gitea container registry (172.0.0.29:3000). Each image pre-installs all system deps, Node.js 22, and the Rust cross- compilation target so release builds can skip apt-get entirely: trcaa-linux-amd64:rust1.88-node22 — webkit2gtk, gtk3, all Tauri deps trcaa-windows-cross:rust1.88-node22 — mingw-w64, nsis, Windows target trcaa-linux-arm64:rust1.88-node22 — arm64 multiarch dev libs, Rust 1.88 build-images.yml triggers automatically when .docker/ changes on master and supports workflow_dispatch for manual/first-time builds. auto-tag.yml is NOT changed in this commit — switch it to use the new images in the follow-up PR (after images are pushed to the registry). One-time server setup required before first use: echo '{"insecure-registries":["172.0.0.29:3000"]}' \ | sudo tee /etc/docker/daemon.json && sudo systemctl restart docker
2026-04-06 02:07:17 +00:00
RUN rustup target add x86_64-pc-windows-gnu
Reference in New Issue Copy Permalink