Removed build role in favor of proper build workflow

Signed-off-by: Nis Wechselberg <enbewe@enbewe.de>
2025-06-09 20:45:55 +02:00 · 2025-06-09 20:45:55 +02:00 · 7ff6a9d62a
commit 7ff6a9d62a
parent 2d672a5e28
11 changed files with 6 additions and 240 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -3,3 +3,7 @@
 ## 1.0.0
 * Initial Release
 ## 1.1.0
 * Removed 'enbewe.uffd.build' role in favor of proper image build
--- a/README.md
+++ b/README.md
@ -2,31 +2,10 @@
 Collecion to deploy [uffd (**U**ser**F**erwaltungs**F**ronten**d**)](https://git.cccv.de/uffd/uffd) as OAuth/OIDC authentication service.
 ## Playbooks
 ### enbewe.uffd.build
 Deploys the role `enbewe.uffd.build` to all hosts of the `uffd` group.
 ### enbewe.uffd.deploy
 Deploys the role `enbewe.uffd.uffd` to all hosts of the `uffd` group.
 ## Roles
 ### enbewe.uffd.build
 Creates the current image of uffd. The image is tagged with the current timestamp as well as 'latest'.
 This role could probably replaced by some build- and publishing job.
 #### Optional Variables
 **build_uffd_tempdir** *(Default: '/tmp/podman-uffd-build')*
 Path to use for building the uffd OCI container in. This path will be created as needed and removed again afterwards.
 **build_uffd_debian_version** *(Default: 'bullseye')*
 The debian version name to use for the uffd container.
 **build_uffd_force_rebuild** *(Default: false)*
 Flag to force the reduilding of the uffd container even if it already exists.
 **build_uffd_tag_latest** *(Default: true)*
 Flag to disable tagging the built image as `latest`.
 ### enbewe.uffd.uffd
 Deploys uffd through a podman container.
 Additionally deploys an nginx container as a HTTP server for static files as well as uWSGI proxy.
--- a/galaxy.yml
+++ b/galaxy.yml
@ -9,7 +9,7 @@ namespace: 'enbewe'
 name: 'uffd'
 # The version of the collection. Must be compatible with semantic versioning
-version: '1.0.0'
+version: '1.1.0'
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: 'README.md'
--- a/playbooks/build.yml
+++ b/playbooks/build.yml
@ -1,5 +0,0 @@
 ---
 - name: 'Build local uffd image'
  hosts: 'uffd'
  roles:
    - 'enbewe.uffd.build'
--- a/roles/build/defaults/main.yml
+++ b/roles/build/defaults/main.yml
@ -1,8 +0,0 @@
 ---
 build_uffd_tempdir: '/tmp/podman-uffd-build'
 # We build with Debian bullseye, even though bookworm is out.
 # uffd throws some errors with bookworm python, so some programs fail
 build_uffd_debian_version: 'bullseye'
 build_uffd_force_rebuild: false
 build_uffd_tag_latest: true
 build_uffd_package_name: '{{ lookup("ansible.builtin.fileglob", "uffd_*.deb") | basename }}'
--- a/roles/build/files/cccv-archive-key.asc
+++ b/roles/build/files/cccv-archive-key.asc
@ -1,41 +0,0 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mQGNBGEXIFwBDADRhAYP8td+AVcnbMkswu3SaF1FzqVldwQSHA0tVXpAw7wUtE9s
 QEnbLE3cD//SEMQGzwr8LsMpnuWImcS5nk9gIc5p9M076tgyAeS4NFzbvaIpOZJL
 V0VK2Q+o6fyaAriY5lb88pU3cR6uTJInwR5MgEki7RLCIjOPW/Nzvw8LdBhgtbJv
 jW04IPI1gAiqSfPCjXY8z81JOSLhsk1ED8zrJ/kTWm4yIBbVLMhFu7Snz9UbbF2n
 40dA9VydoxlVdjzH+AM7+Ga8FTYu4UivGO+5WFp+iWcoXLqmECSvW+H+Evy8ES9M
 7QIkgGTXWsL3YrjrxcwOAu/dXhQVV9woDXWWQRwILNG2poSLUjmVuXMPKnofJpMO
 34+n3dvaiPTp31YxTWhOSXdbO3e6Abpd+PKoXqaRy/HrulBuBRf+5/edDKLNVUC/
 tPqs61AL9cw6Jxx1vFdmmZm6RWK2CgVWPc9e3GPGfbZYuUBgOphhkJ+3yXRcc1sN
 VRyc3Ve87OG6GiUAEQEAAbQgcGFja2FnZXMuY2Njdi5kZSA8aW5mcmFAY2Njdi5k
 ZT6JAdQEEwEIAD4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQRVPlzDYknN
 /1ubu7WpKBpvpuSJcQUCZPjPbAUJDUdK5QAKCRCpKBpvpuSJcVuFC/45TV/8Dvt8
 VTS2yoFUjpy0las7qm0fPNkazSVpMhQkxcEz/LysEr5sbc0jZIQZ1zD+rm0RfahM
 g7vytTs/xqplgmIXOEPub6CPr+G1ZHgU5pHAc2DqFUR4z3pp37RNtFuhi0TyK0Pp
 qVJgAg6/Hf9dkEIwI5orUTTDWhAvxz7wo7/3tb4fqkrWk/Fp0qM8kMEjYyh9/PSb
 V4HfhJauXxzBx8T/Wc7TveGyRGVMYH29bK0SssDDvzGJD3Mxd/dXV4JYTk8sw//k
 zQwN3lZ7SfsZR5rddRr/BpghdR1k451FdCj9iWF3v3p1TwN93AL6TQ6AF2aFykkB
 1JWxockDlGrlRkk+0WiEOYvDUaBo3ppz4QhrO8TFrluGyifv2BNSFMKHdhkvF2IE
 DRQles45+CmhgPxVw7qc69pLsXRxN/0BE5P6wNl8DGnk2ZYDlYW/vcosHYbeeRCp
 OUpsKF6OSHXjCfMObuG6wYulFhMqrDHtLiD0e6fxWjATqoj+F6TX7Te5AY0EYRcg
 XAEMAKNhLd8nN2AYPdqn/9OfTzXOFEoHMGFKVH9E9LRFEp7SXI0Phr+2gPsBEP13
 In0dGbvABRvywtTRih+3Jg/5QxyEDcVB0bbWK44XZLmShm9TYmJSqrW8sgOh2Nqi
 2LcGroWg2crrd6t+HDmXFZVtiBRy/5Y7s5mqTM/byEvMnReczeTSlwmJHNLTOmME
 tganIwmQxfbit99gxjjoz/sGqVxf59/Ytq8P6J+3LMt9ApmPFgK6wB0BAtTJGaOJ
 rgSIVdNQ082laXQlHXKMguVKk8ivErzwsCs7ukxSVhIvfwgbM7WZfdM7l6h1ZhDr
 mBBGGj+9Ag0mPHF3ycrh9fW43r8KYONbzQq0xtsE+WeOKPaFhMQ/dwv6d4Sn0gTV
 crV++l6ut1DLlGHCZtSsB0z1LBUu4jMvpHwVfCeqZ4f5Al27oUhjTh3eoe184+VG
 /M3nkh9C1wyvLBFo69AS+9VQSwnsWu/CXnWrzPZeX0KmbezNeNvwCbYgXIrEEWhy
 XJgYLQARAQABiQG8BBgBCAAmAhsMFiEEVT5cw2JJzf9bm7u1qSgab6bkiXEFAmT4
 z18FCQ1HSukACgkQqSgab6bkiXFVagv+LFrGoHKm4woVvlWHWfanok/YsPyGFsvL
 Ogz6U0nhRB5f3wSq9kl0t1esdyNsFGfz+E0fCzyAyML6dBzKv9uHp2+TtcdKLTQ1
 kSo/JdbMsva+/e8Y9OHmmv7pAFatLln7XXwa2cPiFRg0VkOQgByR1yEiGAyMIYL8
 VLAqdE6fywGLXE5k91+XZCFqKu90+XrtiJo2xy4RQ8C5u2WQWI0k5V/oGgTxOh/J
 uhXzmU1Goeie4ukjZYdzwZjzzm2vY9LWfZRaRtkJ0itxNezYCtWEOKHvto5PqtT4
 thSsNuC9qQruh3itVykI7lZ9yxkOyuzqjFGKQDNcUlvnZHqdoKuW121/cgMXbAvz
 HWHdY4cbc74obm8V8Gx4dX/GNFL868twzMVoBoEgQVA1PURz5Xu73RvWcBpOpYj0
 GP3nLdP3s2J9rAhrzS6K+MIHeEUnPi1MavRd4bROpnbJ32yvkSGWR55mWCpdCepj
 JRWMzY9EoBOHB1PubZuzUNIUQeui1vyX
 =uRc5
 -----END PGP PUBLIC KEY BLOCK-----
--- a/roles/build/files/entrypoint.sh
+++ b/roles/build/files/entrypoint.sh
@ -1,49 +0,0 @@
 #!/bin/bash
 echo "Copying static files ..."
 cp -r /usr/share/uffd/uffd/static /var/www/uffd
 db_ready="false"
 count=0
 while [ $count -lt 4 ] && [ "$db_ready" != "true" ] ;do
  if uffd-admin db current >> /dev/null 2>&1 ;then
    db_ready="true"
  else
    echo "Waiting for db to become ready..."
    ((duration=2**$count))
    sleep $duration
    ((count=$count+1))
  fi
 done
 if [ "$db_ready" == "true" ] ;then
  echo "Running datbase migrations ..."
  uffd-admin db upgrade
  if [ -n "$UFFD_INITIAL_ADMIN_PW" ] && [ "$(uffd-admin user list)" == "" ]; then
    echo "Creating groups and roles for initial admin user ..."
    if ! uffd-admin group show 'uffd_admin' >> /dev/null 2>&1 ;then
      uffd-admin group create 'uffd_admin'
    fi
    if ! uffd-admin group show 'uffd_access' >> /dev/null 2>&1 ;then
      uffd-admin group create 'uffd_access'
    fi
    if ! uffd-admin role show 'uffd_admin' >> /dev/null 2>&1 ;then
      uffd-admin role create 'uffd_admin' --add-group 'uffd_admin' --add-group 'uffd_access'
    fi
    if [ -z "$UFFD_INITIAL_ADMIN_USER" ] ;then
      UFFD_INITIAL_ADMIN_USER='uffd_admin'
    fi
    if [ -z "$UFFD_INITIAL_ADMIN_MAIL" ] ;then
      UFFD_INITIAL_ADMIN_MAIL='uffd_admin@localhost'
    fi
    echo "Creating initial admin user ..."
    uffd-admin user create "$UFFD_INITIAL_ADMIN_USER" --password "$UFFD_INITIAL_ADMIN_PW" --mail "$UFFD_INITIAL_ADMIN_MAIL" --add-role 'uffd_admin'
  fi
 else
  echo "WARNING: Database is not ready yet, skipping migration and initialization"
 fi
 echo "Starting server ..."
 runuser --preserve-environment -u uffd -- \
 uwsgi --ini /etc/uwsgi/apps-enabled/uffd.ini --socket 0.0.0.0:3031 --master --stats 0.0.0.0:9191
--- a/roles/build/files/uffd_2.3.1+git20241021T122809-98fe5690_all.deb
+++ b/roles/build/files/uffd_2.3.1+git20241021T122809-98fe5690_all.deb
--- a/roles/build/tasks/main.yml
+++ b/roles/build/tasks/main.yml
@ -1,74 +0,0 @@
 ---
 - name: 'Install required software'
  become: true
  ansible.builtin.apt:
    name: 'podman'
    state: 'present'
 # Build image to run uffd in
 - name: 'Create temporary build directory'
  become: true
  ansible.builtin.file:
    path: '{{ build_uffd_tempdir }}'
    state: 'directory'
    mode: 'u=rwx,g=rx,o=rx'
 - name: 'Copy static files for image'
  become: true
  ansible.builtin.copy:
    src: '{{ item.file }}'
    dest: '{{ build_uffd_tempdir }}/{{ item.file }}'
    owner: 'root'
    group: 'root'
    mode: '{{ item.mode }}'
  loop:
    - file: 'cccv-archive-key.asc'
      mode: 'u=rw,g=r,o=r'
    - file: 'entrypoint.sh'
      mode: 'u=rwx,g=rx,o=rx'
    - file: '{{ build_uffd_package_name }}'
      mode: 'u=rw,g=r,o=r'
 - name: 'Copy templates for image'
  become: true
  ansible.builtin.template:
    src: '{{ item.file }}'
    dest: '{{ build_uffd_tempdir }}/{{ item.file }}'
    owner: 'root'
    group: 'root'
    mode: '{{ item.mode }}'
  loop:
    - file: 'cccv-archive.list'
      mode: 'u=rw,g=r,o=r'
    - file: 'Containerfile'
      mode: 'u=rw,g=r,o=r'
 - name: 'Create recent uffd image'
  become: true
  containers.podman.podman_image:
    build:
      cache: false
      force_rm: true
      rm: true
    pull: false
    push: false
    force: '{{ build_uffd_force_rebuild }}'
    name: 'uffd'
    path: '{{ build_uffd_tempdir }}'
    tag: '{{ ansible_date_time.iso8601_basic_short }}'
  register: 'created_image_data'
 - name: 'Tag image as latest'
  when: 'build_uffd_tag_latest'
  become: true
  containers.podman.podman_tag:
    image: '{{ created_image_data.image[0].NamesHistory[0] }}'
    target_names:
      - 'uffd:latest'
  register: 'created_image_data'
 - name: 'Cleanup temporary build directory'
  become: true
  ansible.builtin.file:
    state: 'absent'
    path: '{{ build_uffd_tempdir }}'
--- a/roles/build/templates/Containerfile
+++ b/roles/build/templates/Containerfile
@ -1,39 +0,0 @@
 FROM docker.io/library/debian:{{ build_uffd_debian_version }}-slim
 # Disable interactivity for debconf
 ENV DEBIAN_FRONTEND=noninteractive
 # Configure uwsgi parameters for running uffd as an app in there
 ENV UWSGI_DEB_CONFNAMESPACE="app"
 ENV UWSGI_DEB_CONFNAME="uffd"
 # Prepare the package sources and install needed software
 RUN apt-get -qq update && \
    apt-get -qq dist-upgrade && \
    apt-get -qq install ca-certificates
 # Place the pacakge sources data in the image to download uffd
 COPY cccv-archive-key.asc /etc/apt/trusted.gpg.d/
 COPY cccv-archive.list /etc/apt/sources.list.d/
 COPY {{ build_uffd_package_name }} /tmp/
 # Install uffd from (new) package sources
 RUN apt-get -qq update && \
    apt-get -qq install --no-install-recommends /tmp/{{ build_uffd_package_name }} && \
 # Create a "new" config from the inital config without the preset secret key
    cat /etc/uffd/uffd.cfg | grep -v "SECRET_KEY=" > /etc/uffd/uffd.cfg.tmp && \
    mv /etc/uffd/uffd.cfg.tmp /etc/uffd/uffd.cfg && \
 # Create the needed paths for the app
    mkdir --parents /var/www/uffd && \
    mkdir -p /run/uwsgi/app/uffd && \
    chown root:uffd /var/www/uffd
 COPY entrypoint.sh /entrypoint.sh
 USER uffd
 USER root
 # Uffd application is exposed on port 3031
 EXPOSE 3031/tcp
 # Statistics are exposed on port 9191
 EXPOSE 9191/tcp
 CMD bash /entrypoint.sh
 LABEL project="https://git.cccv.de/uffd/uffd"
--- a/roles/build/templates/cccv-archive.list
+++ b/roles/build/templates/cccv-archive.list
@ -1 +0,0 @@
 deb [signed-by=/etc/apt/trusted.gpg.d/cccv-archive-key.asc] https://packages.cccv.de/uffd {{ build_uffd_debian_version }} main
		`@ -1 +0,0 @@`
			`deb [signed-by=/etc/apt/trusted.gpg.d/cccv-archive-key.asc] https://packages.cccv.de/uffd {{ build_uffd_debian_version }} main`