Update semaphore to 2.9.112

Update opentofu to 1.7

Containerfile

@@ -0,0 +1,131 @@
+ARG PYTHON_VERSION
+ARG SEMAPHORE_VERSION
+ARG OPENTOFU_VERSION
+ARG SPECTRE_VERSION
+
+# Python Wheel Build container
+# =================================
+FROM docker.io/library/python:${PYTHON_VERSION} AS build_wheel
+
+RUN python -m pip install pip --upgrade
+RUN curl -sSL -o /install-poetry.py https://install.python-poetry.org
+RUN python /install-poetry.py --yes
+
+ADD . /build
+WORKDIR /build
+
+RUN /root/.local/bin/poetry self add poetry-plugin-export
+RUN /root/.local/bin/poetry export \
+  --format requirements.txt \
+  --output /build/requirements.txt \
+  --without-hashes
+RUN python -m pip wheel \
+  --wheel-dir /build/wheels \
+  --requirement /build/requirements.txt \
+  --disable-pip-version-check \
+  --no-cache-dir
+
+
+# Spectre Build container
+# ==================================
+FROM docker.io/library/debian:12 as build_spectre
+
+ARG SPECTRE_VERSION
+
+RUN apt-get update --yes
+RUN apt-get install --yes \
+  git \
+  build-essential \
+  libsodium-dev \
+  libjson-c-dev \
+  libxml2-dev
+RUN mkdir --parents /build
+RUN git -C /build clone https://gitlab.com/spectre.app/cli.git spectre
+
+WORKDIR /build/spectre
+
+RUN git checkout ${SPECTRE_VERSION}
+RUN git submodule update --init
+
+RUN bash ./build
+
+
+# Runtime container
+# ==================================
+# The semaphore project's official container is built on
+# alpine linux which uses musl instead of glibc. What does
+# that mean? I don't really know and I don't really care, but
+# the effect is that we can't build spectre/mpw on alpine
+# which makes them mutually exclusive. Since we need both,
+# we need a container to run both. And it's easier to repackage
+# semaphore under not-alpine than it is to get spectre to build
+# under alpine. So here we are.
+#
+FROM docker.io/library/python:${PYTHON_VERSION}-slim AS final
+
+ARG SEMAPHORE_VERSION
+ARG OPENTOFU_VERSION
+
+COPY --from=build_spectre /build/spectre/spectre /usr/local/bin/spectre
+COPY --from=build_wheel /build/wheels /tmp/wheels
+
+ADD --chmod=755 https://raw.githubusercontent.com/ansible-semaphore/semaphore/v${SEMAPHORE_VERSION}/deployment/docker/common/semaphore-wrapper /usr/local/bin/semaphore-wrapper
+
+# Symlink **special** binaries for backwards compatibility
+RUN ln -s /usr/local/bin/spectre /usr/local/bin/mpw
+RUN ln -s /usr/bin/tofu /usr/local/bin/terraform
+
+RUN apt-get update --yes
+RUN apt-get install --yes --no-install-recommends \
+  openssh-client \
+  apt-transport-https \
+  ca-certificates \
+  curl \
+  gnupg \
+  sshpass \
+  git \
+  tini \
+  zip \
+  unzip \
+  tar \
+  python3-aiohttp \
+  netcat-traditional
+RUN apt-get clean --yes
+
+RUN mkdir --parents /tmp/apt
+RUN curl -sSL -o /tmp/apt/opentofu.deb https://github.com/opentofu/opentofu/releases/download/v${OPENTOFU_VERSION}/tofu_${OPENTOFU_VERSION}_amd64.deb
+RUN dpkg --install /tmp/apt/opentofu.deb
+RUN curl -sSL -o /tmp/apt/semaphore.deb https://github.com/ansible-semaphore/semaphore/releases/download/v${SEMAPHORE_VERSION}/semaphore_${SEMAPHORE_VERSION}_linux_amd64.deb
+RUN dpkg --install /tmp/apt/semaphore.deb
+RUN rm -rf /tmp/apt
+
+RUN python -m pip install /tmp/wheels/*.whl \
+  --upgrade \
+  --pre \
+  --no-index \
+  --no-cache-dir \
+  --find-links /tmp/wheels \
+  --disable-pip-version-check
+RUN rm -rf /tmp/wheels
+
+# From here down we are adapting the prod deployment
+# container directly from the semaphore project
+RUN adduser semaphore \
+   --disabled-password \
+   --uid 1001 \
+   --gid 0
+RUN mkdir --parents \
+  /etc/semaphore \
+  /tmp/semaphore \
+  /var/lib/semaphore
+RUN chown -R semaphore:root \
+  /etc/semaphore \
+  /tmp/semaphore \
+  /var/lib/semaphore
+
+WORKDIR /home/semaphore
+USER 1001
+
+ENTRYPOINT ["tini", "--"]
+
+CMD ["/usr/local/bin/semaphore-wrapper", "semaphore", "server", "--config", "/etc/semaphore/config.json"]

Dockerfile

@@ -1,61 +0,0 @@
-# Build container
-# =================================
-FROM python:3.11 AS build
-
-RUN python -m pip install pip --upgrade
-RUN curl -sSL -o /install-poetry.py https://install.python-poetry.org
-RUN python /install-poetry.py --yes
-
-ADD . /build
-WORKDIR /build
-
-RUN /root/.local/bin/poetry self add poetry-plugin-export
-RUN /root/.local/bin/poetry export \
-  --format requirements.txt \
-  --output /build/requirements.txt \
-  --without-hashes
-RUN python -m pip wheel \
-  --wheel-dir /build/wheels \
-  --requirement /build/requirements.txt \
-  --disable-pip-version-check \
-  --no-cache-dir
-
-
-# Runtime container
-# ==================================
-FROM python:3.11-slim
-
-ARG OPENTOFU_VERSION
-ARG SEMAPHORE_VERSION
-
-ENV SEMAPHORE_RUNNER_CONFIG_FILE /semaphore/config.json
-
-COPY --from=build /build/wheels /tmp/wheels
-
-RUN apt-get update --yes && \
-  apt-get install --yes \
-    openssh-client \
-    apt-transport-https \
-    ca-certificates \
-    curl \
-    gnupg && \
-  mkdir --parents /tmp/apt && \
-  curl -sSL -o /tmp/apt/opentofu.deb https://github.com/opentofu/opentofu/releases/download/v${OPENTOFU_VERSION}/tofu_${OPENTOFU_VERSION}_amd64.deb && \
-  curl -sSL -o /tmp/apt/semaphore.deb https://github.com/ansible-semaphore/semaphore/releases/download/v${SEMAPHORE_VERSION}/semaphore_${SEMAPHORE_VERSION}_linux_amd64.deb && \
-  apt-get install --yes /tmp/apt/*.deb && \
-  apt-get clean --yes && \
-  rm -rf /tmp/apt && \
-  python -m pip install /tmp/wheels/*.whl \
-    --upgrade \
-    --pre \
-    --no-index \
-    --no-cache-dir \
-    --find-links /tmp/wheels \
-    --disable-pip-version-check && \
-  rm -rf /tmp/wheels && \
-  mkdir --parents /semaphore
-
-ADD entrypoint.sh /entrypoint.sh
-ADD configure.py /configure.py
-
-ENTRYPOINT ["/entrypoint.sh"]

Makefile

@@ -1,6 +1,8 @@
-REPOSITORY         = vcs.enp.one/skylab/semaphore-runner
+REPOSITORY         = vcs.enp.one/skylab/semaphore-container
-OPENTOFU_VERSION   = 1.6.2
+OPENTOFU_VERSION   = 1.7.2
-SEMAPHORE_VERSION  = 2.9.45
+SEMAPHORE_VERSION  = 2.9.112
+SPECTRE_VERSION    = main
+PYTHON_VERSION     = 3.11
 
 
 .PHONY: help docs
@@ -11,7 +13,12 @@ help: ## List Makefile targets
 
 
 image:  ## Build image
-	podman build . --tag $(REPOSITORY):$(SEMAPHORE_VERSION) --build-arg "OPENTOFU_VERSION=$(OPENTOFU_VERSION)" --build-arg "SEMAPHORE_VERSION=$(SEMAPHORE_VERSION)"
+	podman build . --tag $(REPOSITORY):v$(SEMAPHORE_VERSION) --build-arg "OPENTOFU_VERSION=$(OPENTOFU_VERSION)" --build-arg "SEMAPHORE_VERSION=$(SEMAPHORE_VERSION)" --build-arg "PYTHON_VERSION=$(PYTHON_VERSION)" --build-arg "SPECTRE_VERSION=$(SPECTRE_VERSION)"
 
 push: image  ## Build and publish image
-	podman push $(REPOSITORY):$(SEMAPHORE_VERSION)
+	podman login $(shell echo $(REPOSITORY) | cut -d '/' -f 1)
+	podman push $(REPOSITORY):v$(SEMAPHORE_VERSION)
+
+dev:  ## Setup local dev environment
+	poetry install --with dev
+	poetry run pre-commit install

README.md

@@ -1,3 +1,8 @@
-# semaphore-runner
+# semaphore-container
 
-Runner for semaphore runner with custom environment dependencies
+Custom container for Ansible Semaphore that:
+
+* Is based on debian instead of alpine
+* Includes required dependencies for Skylab operations
+
+Usage of this container should be identical to the official container

configure.py

@@ -1,31 +0,0 @@
-import sys
-import os
-import json
-
-CONSTRUCTED_CONFIG_FILE = "/tmp/runner-config.json"
-
-
-def main() -> str:
-    try:
-        config = {
-            "registration_token": os.environ["SEMAPHORE_RUNNER_REGISTRATION_TOKEN"],
-            "config_file": os.getenv(
-                "SEMAPHORE_RUNNER_CONFIG_FILE", "/semaphore/runner.json"
-            ),
-            "api_url": os.environ["SEMAPHORE_RUNNER_API_URL"],
-            "max_parallel_tasks": int(
-                os.getenv("SEMAPHORE_RUNNER_MAX_PARALLEL_TASKS", "1")
-            ),
-        }
-    except KeyError as err:
-        print(f"Missing required configuration value {err}", file=sys.stderr)
-        sys.exit(1)
-
-    with open(CONSTRUCTED_CONFIG_FILE, "w") as outfile:
-        json.dump(config, outfile, indent=4)
-
-    sys.exit(0)
-
-
-if __name__ == "__main__":
-    main()

entrypoint.sh

@@ -1,7 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-python /configure.py
-
-semaphore runner --config=/tmp/runner-config.json

poetry.lock

@@ -1565,6 +1565,17 @@ files = [
     {file = "shellingham-1.5.4.tar.gz", hash = "sha256:8dbca0739d487e5bd35ab3ca4b36e11c4078f3a234bfce294b0a0291363404de"},
 ]
 
+[[package]]
+name = "six"
+version = "1.16.0"
+description = "Python 2 and 3 compatibility utilities"
+optional = false
+python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*"
+files = [
+    {file = "six-1.16.0-py2.py3-none-any.whl", hash = "sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254"},
+    {file = "six-1.16.0.tar.gz", hash = "sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926"},
+]
+
 [[package]]
 name = "tomlkit"
 version = "0.12.4"
@@ -1715,4 +1726,4 @@ testing = ["big-O", "jaraco.functools", "jaraco.itertools", "more-itertools", "p
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.11"
-content-hash = "dae11f8fc0d46b61d52ff2873a3cf0cc1f3ededfe89492dbb50df2ab72358e2e"
+content-hash = "0a271952e4a2d506a09f33a4009f52a668a5fcf57b9c12ff6aaddd258d1c1788"

pyproject.toml

@@ -13,6 +13,7 @@ docker = "^7.0.0"
 paramiko = "^3.4.0"
 poetry = "^1.8.1"
 poetry-plugin-export = "^1.6.0"
+six = "^1.16.0"
 
 
 [tool.poetry.group.dev.dependencies]
@@ -21,7 +22,3 @@ reorder-python-imports = "^3.12.0"
 pylint = "^3.1.0"
 pre-commit = "^3.6.2"
 pre-commit-hooks = "^4.5.0"
-
-[build-system]
-requires = ["poetry-core"]
-build-backend = "poetry.core.masonry.api"