feat: Add an entrypoint to perform env setup

.github/workflows/docker-publish.yml

@@ -27,7 +27,7 @@ jobs:
   publish_release:
     if: github.event.pull_request.merged == true
     needs: set_date
-    uses: famedly/github-workflows/.github/workflows/docker.yml@49401388492ed7fe3eeb13fbefacf68168e9bc64
+    uses: famedly/github-workflows/.github/workflows/docker.yml@597134d3c9ce40aa5b2ca12f8236483dab96a20c
     with:
       push: true
       image_name: rust-container
@@ -43,7 +43,7 @@ jobs:
   publish_dev:
     if: github.event.pull_request.merged != true
     needs: set_date
-    uses: famedly/github-workflows/.github/workflows/docker.yml@49401388492ed7fe3eeb13fbefacf68168e9bc64
+    uses: famedly/github-workflows/.github/workflows/docker.yml@597134d3c9ce40aa5b2ca12f8236483dab96a20c
     with:
       push: true
       image_name: rust-container

Dockerfile

@@ -3,9 +3,24 @@ FROM docker.io/rust:bookworm
 ARG NIGHTLY_VERSION_DATE
 ENV NIGHTLY_VERSION=nightly-$NIGHTLY_VERSION_DATE
 
+# Add the docker apt repo.
+#
+# See instructions in the docker docs:
+# https://docs.docker.com/engine/install/ubuntu/#installation-methods
+RUN apt install ca-certificates curl \
+    && install -m 0755 -d /etc/apt/keyrings \
+    && curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc \
+    && chmod a+r /etc/apt/keyrings/docker.asc \
+    && echo \
+      "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+      tee /etc/apt/sources.list.d/docker.list
+
+# Note that we do not need docker engine as we mount a docker socket
+# into the container
 RUN apt update -yqq \
      && apt install -yqq --no-install-recommends \
      build-essential cmake libssl-dev pkg-config git musl-tools jq xmlstarlet lcov protobuf-compiler libprotobuf-dev libprotoc-dev \
+     docker-ce-cli docker-compose-plugin \
      && rustup toolchain add $NIGHTLY_VERSION --component rustfmt --component clippy --component llvm-tools-preview \
      && rustup toolchain add beta --component rustfmt --component clippy --component llvm-tools-preview \
      && rustup toolchain add stable --component rustfmt --component clippy --component llvm-tools-preview \
@@ -24,4 +39,8 @@ RUN apt update -yqq \
      && cargo install cargo-auditable \
      && cargo install cargo-license \
      && cargo cache -a
+
 COPY cobertura_transform.xslt /opt/
+
+COPY entrypoint.sh /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]

README.md

@@ -0,0 +1,15 @@
+# Famedly Rust Container
+
+Container used for Rust CI jobs. Set up with all necessary packages
+and configuration to build, test and publish our crates.
+
+For full environment setup, some secrets need to be defined:
+
+## Settings
+
+| Variable                     | Example Value                                     | Explanation |
+|------------------------------|---------------------------------------------------|-------------|
+| FRC_ADDITIONAL_PACKAGES      | libxml2 dbus                                      | Additional ubuntu packages to install before running the given command. |
+| FRC_CRATES_REGISTRY          | famedly                                           | Additional registry to pull crates from.                              |
+| FRC_CRATES_REGISTRY_INDEX    | ssh://[email protected]/famedly/crate-index.git | The index URL of the registry; Can be omitted for `famedly`.          |
+| FRC_SSH_KEY                  |                                                   | The SSH key to use                                                    |

entrypoint.sh

@@ -0,0 +1,85 @@
+#!/bin/sh
+
+# Famedly Rust Container entrypoint.
+#
+# Configures the runtime to be used for various CI jobs.
+
+echo "Preparing Rust build environment"
+
+
+if [ -n "${FRC_SSH_KEY}" ]; then
+    echo "Setting up SSH"
+
+    # Get an ssh agent running
+    USER="$(whoami)"
+    SSH_HOME="$(getent passwd "$USER" | cut -d: -f6)" # Is different from $HOME in docker containers, because github CI..
+    eval "$(ssh-agent)" # This exports the socket to `SSH_AUTH_SOCK`
+
+    # Import the SSH key from the secret.
+    #
+    # `echo` ensures there will be a newline at the end of the key.
+    echo "${FRC_SSH_KEY}" | ssh-add -vvv -
+
+    # Import host keys for GitHub and Gitlab
+    mkdir -p "$SSH_HOME/.ssh"
+    (
+        ssh-keyscan -H gitlab.com
+        ssh-keyscan -H github.com
+    ) >> "$SSH_HOME/.ssh/known_hosts"
+else
+    echo "SSH key not specified; SSH not available in this run"
+fi
+
+
+if [ -n "${FRC_ADDITIONAL_PACKAGES}" ]; then
+    echo "Installing additional packages: ${FRC_ADDITIONAL_PACKAGES}"
+    # shellcheck disable=SC2086
+    apt-get install -yqq --no-install-recommends ${FRC_ADDITIONAL_PACKAGES}
+fi
+
+
+echo "Configuring cargo"
+
+CARGO_HOME="${HOME}/${CARGO_HOME}"
+mkdir -p "${CARGO_HOME}"
+cat << EOF >> "${CARGO_HOME}/config.toml"
+[term]
+color = 'always'
+[net]
+git-fetch-with-cli = true
+EOF
+
+# Don't write anything for crates-io, since it is baked-in and cargo
+# special cases on it so configuring it works differently anyway.
+if [ -n "${FRC_CRATES_REGISTRY}" ] &&  [ "${FRC_CRATES_REGISTRY}" != "crates-io" ]; then
+    case "${FRC_CRATES_REGISTRY}" in
+        "famedly")
+            FRC_CRATES_REGISTRY_INDEX="${FRC_CRATES_REGISTRY_INDEX:-ssh://git@ssh.shipyard.rs/famedly/crate-index.git}"
+            ;;
+        "")
+            if [ -z "${FRC_CRATES_REGISTRY_INDEX}" ]; then
+                echo "Error: Crate registry index URL not known for ${FRC_CRATES_REGISTRY}. Configure it using \$FRC_CRATES_REGISTRY_INDEX." > /dev/stderr
+                exit 1
+            fi
+            ;;
+    esac
+
+    cat << EOF >> "${CARGO_HOME}/config.toml"
+[registries.${FRC_CRATES_REGISTRY}]
+index = "${FRC_CRATES_REGISTRY_INDEX}"
+EOF
+fi
+
+
+if [ -n "${GITHUB_ENV}" ]; then
+    echo "Exporting created environment variables"
+
+    (
+        echo "CARGO_HOME=${CARGO_HOME}"
+        echo "SSH_AUTH_SOCK=${SSH_AUTH_SOCK}"
+    ) >> "$GITHUB_ENV"
+fi
+
+
+echo "Preparations finished"
+"$@"