Move container tooling to toolbox subdir

2025-11-13 13:49:48 -05:00
parent f6e49f3610
commit 60d5d88e96
9 changed files with 8 additions and 6 deletions
--- a/toolbox/Containerfile
+++ b/toolbox/Containerfile
@@ -0,0 +1,69 @@
+ARG BASE_IMAGE
+ARG BASE_IMAGE_VERSION
+
+FROM ${BASE_IMAGE}:${BASE_IMAGE_VERSION}
+
+ARG BUILD_COMMIT
+
+LABEL local.build.commit=${BUILD_COMMIT}
+
+ADD static-repos/google-cloud-sdk.repo /etc/yum.repos.d/google-cloud-sdk.repo
+ADD static-repos/kubernetes.repo /etc/yum.repos.d/kubernetes.repo
+ADD https://rpm.releases.hashicorp.com/fedora/hashicorp.repo /etc/yum.repos.d/hashicorp.repo
+ADD https://cli.github.com/packages/rpm/gh-cli.repo /etc/yum.repos.d/github-cli.repo
+ADD https://download.docker.com/linux/fedora/docker-ce.repo /etc/yum.repos.d/docker-ce.repo
+
+RUN dnf install --assumeyes \
+  bind-utils \
+  direnv \
+  docker-ce-cli \
+  docker-buildx-plugin \
+  docker-compose-plugin \
+  gcc \
+  gcc-c++ \
+  gh \
+  golang \
+  google-cloud-cli \
+  google-cloud-sdk-gke-gcloud-auth-plugin \
+  jq \
+  kubectl \
+  libacl-devel \
+  libffi-devel \
+  libpq-devel \
+  libvirt-daemon-driver-qemu \
+  libzstd-devel \
+  lz4-devel \
+  make \
+  net-tools \
+  oathtool \
+  openssl-devel \
+  packer \
+  pinentry \
+  podman-remote \
+  postgresql \
+  python3-devel \
+  python3.10 \
+  python3.10-devel \
+  python3.11 \
+  python3.11-devel \
+  python3.12 \
+  python3.12-devel \
+  python3.13 \
+  python3.13-devel \
+  python3.14 \
+  python3.9 \
+  ShellCheck \
+  virsh \
+  virt-install \
+  xxhash-devel
+
+ADD github-install.bash /tmp/github-install.bash
+RUN bash /tmp/github-install.bash && \
+  rm -rf /tmp/github-install.bash && \
+  curl -sSLo /tmp/starship.sh https://starship.rs/install.sh && \
+  sh /tmp/starship.sh --yes && \
+  rm -rf /tmp/starship.sh
+
+ADD profile.d/*.sh /etc/profile.d/
+
+RUN ln -s /usr/bin/podman-remote /usr/bin/podman
--- a/toolbox/github-install.bash
+++ b/toolbox/github-install.bash
@@ -0,0 +1,75 @@
+#!/usr/bin/env bash
+
+set -e
+
+function get_latest() {
+    local repo="${1}"
+    echo $(curl -sSL "https://api.github.com/repos/${repo}/releases/latest" | jq -r '.tag_name')
+}
+
+function do_install() {
+    local name
+    name="${1}"
+    
+    local url
+    url="${2}"
+    
+    local working
+    working=$(mktemp -d)
+
+    local current
+    current=$(pwd)
+
+    echo "Downloading ${name} from ${url}"
+
+    if [[ "${url}" == *.tar.gz ]]; then
+        curl --fail-with-body -sSLo "${working}/${name}.tar.gz" "${url}"
+        cd "${working}"
+        tar -xf "${name}.tar.gz"
+    elif [[ "${url}" == *.zip ]]; then
+        curl --fail-with-body -sSLo "${working}/${name}.zip" "${url}"
+        cd "${working}"
+        unzip "${name}.zip"
+    elif [[ "${url}" == *.rpm ]]; then
+        curl --fail-with-body -sSLo "${working}/${name}.rpm" "${url}"
+    else
+        curl --fail-with-body -sSLo "${working}/${name}" "${url}"
+    fi
+
+    if [[ "${url}" == *.rpm ]]; then
+        dnf install --assumeyes "${working}/${name}.rpm"
+    else
+        mv "${working}/${name}" "/usr/local/bin/${name}"
+        chmod +x "/usr/local/bin/${name}"
+    fi
+
+    cd "${current}"
+    rm -rf "${working}"
+}
+
+doctl=$(get_latest digitalocean/doctl)
+do_install "doctl" "https://github.com/digitalocean/doctl/releases/download/${doctl}/doctl-${doctl:1}-linux-amd64.tar.gz"
+
+tflint=$(get_latest terraform-linters/tflint)
+do_install "tflint" "https://github.com/terraform-linters/tflint/releases/download/${tflint}/tflint_linux_amd64.zip"
+
+butane=$(get_latest coreos/butane)
+do_install "butane" "https://github.com/coreos/butane/releases/download/${butane}/butane-x86_64-unknown-linux-gnu"
+
+act=$(get_latest nektos/act)
+do_install "act" "https://github.com/nektos/act/releases/download/${act}/act_Linux_x86_64.tar.gz"
+
+hadolint=$(get_latest hadolint/hadolint)
+do_install "hadolint" "https://github.com/hadolint/hadolint/releases/download/${hadolint}/hadolint-Linux-x86_64"
+
+tenv=$(get_latest tofuutils/tenv)
+do_install "tenv" "https://github.com/tofuutils/tenv/releases/download/${tenv}/tenv_${tenv}_amd64.rpm"
+
+sops=$(get_latest getsops/sops)
+do_install "sops" "https://github.com/getsops/sops/releases/download/${sops}/sops-${sops:1}-1.x86_64.rpm"
+
+cosign=$(get_latest sigstore/cosign)
+do_install cosign "https://github.com/sigstore/cosign/releases/download/${cosign}/cosign-${cosign:1}-1.x86_64.rpm"
+
+codium=$(get_latest VSCodium/vscodium)
+do_install codium "https://github.com/VSCodium/vscodium/releases/download/${codium}/codium-${codium}-el8.x86_64.rpm"
--- a/toolbox/profile.d/99-aliases.sh
+++ b/toolbox/profile.d/99-aliases.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+alias dnf='echo "WARNING: Package installs should require a toolbox rebuild, use dnf-local to override"'
+alias dnf-local='command dnf'
+
+alias prun="poetry run"
+alias psync="poetry install --sync"
+alias code='codium'
+alias ssh='ssh -F ~/.ssh/config'
+
+alias bk='cd -'
+alias fuck='sudo $(history -p \!\!)'
+alias cls='clear'
--- a/toolbox/profile.d/99-load-user-bashrc.sh
+++ b/toolbox/profile.d/99-load-user-bashrc.sh
@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+
+# If we are running in a toolbox container that uses an alt home dir, then we
+# won't be automatically loading the global user bashrc, which is annoying becasue
+# I worked hard to make that bashrc very useful to me. So the below conditional
+# checks whether the user bashrc exists (because we can't load it if it isn't there)
+# and that the current home dir does not match the user home dir (because if it does
+# then we will have already loaded the bashrc when the shell spawned and we'll get
+# stuck in a loop)
+
+if [ -f /var/home/"${USER}"/.bashrc ] && [ "${HOME}" != "/var/home/${USER}" ]; then
+    source /var/home/"${USER}"/.bashrc;
+fi
+
+if [ -f "${HOME}"/.bashrc ]; then
+    source "${HOME}/.bashrc";
+fi
--- a/toolbox/profile.d/toolbox.sh
+++ b/toolbox/profile.d/toolbox.sh
@@ -0,0 +1,87 @@
+# This is a patched version of the default toolbox.sh that
+# comes with default toolbox images. The only thing I modified
+# is removing the mucking about with PS1 since I'm using starship
+# for that
+
+# shellcheck shell=sh
+
+# shellcheck disable=SC2153
+[ "${BASH_VERSION:-}" != "" ] || [ "${ZSH_VERSION:-}" != "" ] || return 0
+[ "$PS1" != "" ] || return 0
+
+toolbox_config="$HOME/.config/toolbox"
+host_welcome_stub="$toolbox_config/host-welcome-shown"
+toolbox_welcome_stub="$toolbox_config/toolbox-welcome-shown"
+
+# shellcheck disable=SC1091
+# shellcheck disable=SC2046
+eval $(
+          if [ -f /etc/os-release ]; then
+              . /etc/os-release
+          else
+              . /usr/lib/os-release
+          fi
+
+          echo ID="$ID"
+          echo PRETTY_NAME="\"$PRETTY_NAME\""
+          echo VARIANT_ID="$VARIANT_ID"
+      )
+
+if [ -f /run/ostree-booted ] \
+   && ! [ -f "$host_welcome_stub" ] \
+   && [ "${ID}" = "fedora" ] \
+   && { [ "${VARIANT_ID}" = "workstation" ] \
+        || [ "${VARIANT_ID}" = "silverblue" ] \
+        || [ "${VARIANT_ID}" = "kinoite" ] \
+        || [ "${VARIANT_ID}" = "sericea" ]; }; then
+    echo ""
+    echo "Welcome to ${PRETTY_NAME:-Linux}."
+    echo ""
+    echo "This terminal is running on the host system. You may want to try"
+    echo "out the Toolbx for a directly mutable environment that allows "
+    echo "package installation with DNF."
+    echo ""
+    printf "For more information, see the "
+    # shellcheck disable=SC1003
+    printf '\033]8;;https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox/\033\\documentation\033]8;;\033\\'
+    printf ".\n"
+    echo ""
+
+    mkdir -p "$toolbox_config"
+    touch "$host_welcome_stub"
+fi
+
+if [ -f /run/.containerenv ] \
+   && [ -f /run/.toolboxenv ]; then
+    if ! [ -f /etc/profile.d/vte.sh ] && [ -z "$PROMPT_COMMAND" ] && [ "${VTE_VERSION:-0}" -ge 3405 ]; then
+        case "$TERM" in
+            xterm*|vte*)
+                [ -n "${BASH_VERSION:-}" ] && PROMPT_COMMAND=" "
+                ;;
+        esac
+    fi
+
+    if [ "$TERM" != "" ]; then
+        error_message="Error: terminfo entry not found for $TERM"
+        term_without_first_character="${TERM#?}"
+        term_just_first_character="${TERM%"$term_without_first_character"}"
+        terminfo_sub_directory="$term_just_first_character/$TERM"
+
+        if [ "$TERMINFO" = "" ]; then
+          ! [ -e "/usr/share/terminfo/$terminfo_sub_directory" ] \
+            && ! [ -e "/lib/terminfo/$terminfo_sub_directory" ] \
+            && ! [ -e "$HOME/.terminfo/$terminfo_sub_directory" ] \
+            && echo "$error_message" >&2
+        else
+          ! [ -e "$TERMINFO/$terminfo_sub_directory" ] \
+            && echo "$error_message" >&2
+        fi
+    fi
+fi
+
+unset ID
+unset PRETTY_NAME
+unset VARIANT_ID
+unset toolbox_config
+unset host_welcome_stub
+unset toolbox_welcome_stub
--- a/toolbox/static-repos/README.md
+++ b/toolbox/static-repos/README.md
@@ -0,0 +1,2 @@
+These repository files have no canonical home online so need to be statically
+saved and directly added to the container.
--- a/toolbox/static-repos/google-cloud-sdk.repo
+++ b/toolbox/static-repos/google-cloud-sdk.repo
@@ -0,0 +1,7 @@
+[google-cloud-cli]  
+name=Google Cloud CLI  
+baseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el9-x86_64  
+enabled=1 
+gpgcheck=1 
+repo_gpgcheck=0 
+gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
--- a/toolbox/static-repos/kubernetes.repo
+++ b/toolbox/static-repos/kubernetes.repo
@@ -0,0 +1,6 @@
+[kubernetes]
+name=Kubernetes
+baseurl=https://pkgs.k8s.io/core:/stable:/v1.32/rpm/
+enabled=1
+gpgcheck=1
+gpgkey=https://pkgs.k8s.io/core:/stable:/v1.32/rpm/repodata/repomd.xml.key