Update semaphore to 2.9.112

Update opentofu to 1.7

.pre-commit-config.yaml

@@ -0,0 +1,47 @@
+---
+repos:
+  - repo: local
+    hooks:
+      - id: end-of-file-fixer
+        name: Fix whitespace at EOF
+        entry: end-of-file-fixer
+        language: system
+        types:
+        - text
+
+      - id: trailing-whitespace-fixer
+        name: Fix trailing line whitespace
+        entry: trailing-whitespace-fixer
+        language: system
+        types:
+        - text
+
+      - id: black
+        name: Enforce python formatting
+        entry: black
+        language: system
+        types:
+        - python
+
+      - id: check-toml
+        name: Check TOML file syntax
+        entry: check-toml
+        language: system
+        types:
+        - toml
+
+      - id: check-yaml
+        name: Check YAML file syntax
+        entry: check-yaml
+        language: system
+        args:
+        - "--unsafe"
+        types:
+        - yaml
+
+      - id: check-merge-conflict
+        name: Check for unresolved git conflicts
+        entry: check-merge-conflict
+        language: system
+        types:
+        - text

Containerfile

@@ -0,0 +1,131 @@
+ARG PYTHON_VERSION
+ARG SEMAPHORE_VERSION
+ARG OPENTOFU_VERSION
+ARG SPECTRE_VERSION
+
+# Python Wheel Build container
+# =================================
+FROM docker.io/library/python:${PYTHON_VERSION} AS build_wheel
+
+RUN python -m pip install pip --upgrade
+RUN curl -sSL -o /install-poetry.py https://install.python-poetry.org
+RUN python /install-poetry.py --yes
+
+ADD . /build
+WORKDIR /build
+
+RUN /root/.local/bin/poetry self add poetry-plugin-export
+RUN /root/.local/bin/poetry export \
+  --format requirements.txt \
+  --output /build/requirements.txt \
+  --without-hashes
+RUN python -m pip wheel \
+  --wheel-dir /build/wheels \
+  --requirement /build/requirements.txt \
+  --disable-pip-version-check \
+  --no-cache-dir
+
+
+# Spectre Build container
+# ==================================
+FROM docker.io/library/debian:12 as build_spectre
+
+ARG SPECTRE_VERSION
+
+RUN apt-get update --yes
+RUN apt-get install --yes \
+  git \
+  build-essential \
+  libsodium-dev \
+  libjson-c-dev \
+  libxml2-dev
+RUN mkdir --parents /build
+RUN git -C /build clone https://gitlab.com/spectre.app/cli.git spectre
+
+WORKDIR /build/spectre
+
+RUN git checkout ${SPECTRE_VERSION}
+RUN git submodule update --init
+
+RUN bash ./build
+
+
+# Runtime container
+# ==================================
+# The semaphore project's official container is built on
+# alpine linux which uses musl instead of glibc. What does
+# that mean? I don't really know and I don't really care, but
+# the effect is that we can't build spectre/mpw on alpine
+# which makes them mutually exclusive. Since we need both,
+# we need a container to run both. And it's easier to repackage
+# semaphore under not-alpine than it is to get spectre to build
+# under alpine. So here we are.
+#
+FROM docker.io/library/python:${PYTHON_VERSION}-slim AS final
+
+ARG SEMAPHORE_VERSION
+ARG OPENTOFU_VERSION
+
+COPY --from=build_spectre /build/spectre/spectre /usr/local/bin/spectre
+COPY --from=build_wheel /build/wheels /tmp/wheels
+
+ADD --chmod=755 https://raw.githubusercontent.com/ansible-semaphore/semaphore/v${SEMAPHORE_VERSION}/deployment/docker/common/semaphore-wrapper /usr/local/bin/semaphore-wrapper
+
+# Symlink **special** binaries for backwards compatibility
+RUN ln -s /usr/local/bin/spectre /usr/local/bin/mpw
+RUN ln -s /usr/bin/tofu /usr/local/bin/terraform
+
+RUN apt-get update --yes
+RUN apt-get install --yes --no-install-recommends \
+  openssh-client \
+  apt-transport-https \
+  ca-certificates \
+  curl \
+  gnupg \
+  sshpass \
+  git \
+  tini \
+  zip \
+  unzip \
+  tar \
+  python3-aiohttp \
+  netcat-traditional
+RUN apt-get clean --yes
+
+RUN mkdir --parents /tmp/apt
+RUN curl -sSL -o /tmp/apt/opentofu.deb https://github.com/opentofu/opentofu/releases/download/v${OPENTOFU_VERSION}/tofu_${OPENTOFU_VERSION}_amd64.deb
+RUN dpkg --install /tmp/apt/opentofu.deb
+RUN curl -sSL -o /tmp/apt/semaphore.deb https://github.com/ansible-semaphore/semaphore/releases/download/v${SEMAPHORE_VERSION}/semaphore_${SEMAPHORE_VERSION}_linux_amd64.deb
+RUN dpkg --install /tmp/apt/semaphore.deb
+RUN rm -rf /tmp/apt
+
+RUN python -m pip install /tmp/wheels/*.whl \
+  --upgrade \
+  --pre \
+  --no-index \
+  --no-cache-dir \
+  --find-links /tmp/wheels \
+  --disable-pip-version-check
+RUN rm -rf /tmp/wheels
+
+# From here down we are adapting the prod deployment
+# container directly from the semaphore project
+RUN adduser semaphore \
+   --disabled-password \
+   --uid 1001 \
+   --gid 0
+RUN mkdir --parents \
+  /etc/semaphore \
+  /tmp/semaphore \
+  /var/lib/semaphore
+RUN chown -R semaphore:root \
+  /etc/semaphore \
+  /tmp/semaphore \
+  /var/lib/semaphore
+
+WORKDIR /home/semaphore
+USER 1001
+
+ENTRYPOINT ["tini", "--"]
+
+CMD ["/usr/local/bin/semaphore-wrapper", "semaphore", "server", "--config", "/etc/semaphore/config.json"]

Makefile

@@ -0,0 +1,24 @@
+REPOSITORY         = vcs.enp.one/skylab/semaphore-container
+OPENTOFU_VERSION   = 1.7.2
+SEMAPHORE_VERSION  = 2.9.112
+SPECTRE_VERSION    = main
+PYTHON_VERSION     = 3.11
+
+
+.PHONY: help docs
+# source: https://marmelab.com/blog/2016/02/29/auto-documented-makefile.html
+help: ## List Makefile targets
+	$(info Makefile documentation)
+	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-10s\033[0m %s\n", $$1, $$2}'
+
+
+image:  ## Build image
+	podman build . --tag $(REPOSITORY):v$(SEMAPHORE_VERSION) --build-arg "OPENTOFU_VERSION=$(OPENTOFU_VERSION)" --build-arg "SEMAPHORE_VERSION=$(SEMAPHORE_VERSION)" --build-arg "PYTHON_VERSION=$(PYTHON_VERSION)" --build-arg "SPECTRE_VERSION=$(SPECTRE_VERSION)"
+
+push: image  ## Build and publish image
+	podman login $(shell echo $(REPOSITORY) | cut -d '/' -f 1)
+	podman push $(REPOSITORY):v$(SEMAPHORE_VERSION)
+
+dev:  ## Setup local dev environment
+	poetry install --with dev
+	poetry run pre-commit install

README.md

@@ -1,3 +1,8 @@
-# semaphore-runner
+# semaphore-container
 
-Runner for semaphore runner with custom environment dependencies
+Custom container for Ansible Semaphore that:
+
+* Is based on debian instead of alpine
+* Includes required dependencies for Skylab operations
+
+Usage of this container should be identical to the official container

pyproject.toml

@@ -0,0 +1,24 @@
+[tool.poetry]
+name = "semaphore-runner"
+package-mode = false
+description = "Custom runner for semaphore"
+authors = ["Ethan Paul <admin@enp.one>"]
+license = "MIT"
+readme = "README.md"
+
+[tool.poetry.dependencies]
+python = "^3.11"
+ansible-core = "^2.16.4"
+docker = "^7.0.0"
+paramiko = "^3.4.0"
+poetry = "^1.8.1"
+poetry-plugin-export = "^1.6.0"
+six = "^1.16.0"
+
+
+[tool.poetry.group.dev.dependencies]
+black = "^24.2.0"
+reorder-python-imports = "^3.12.0"
+pylint = "^3.1.0"
+pre-commit = "^3.6.2"
+pre-commit-hooks = "^4.5.0"