From 5c507550a16ed0150e8313363777084826ec45a5 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Sun, 1 Jan 2023 14:56:44 +0000 Subject: [PATCH 01/20] Fix Ansible file transfer issue Fixes `failed to transfer file` issue See https://github.com/hashicorp/packer/issues/11783 --- packer/debian-bullseye.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/packer/debian-bullseye.yaml b/packer/debian-bullseye.yaml index 8ac119d..0a7285a 100644 --- a/packer/debian-bullseye.yaml +++ b/packer/debian-bullseye.yaml @@ -70,6 +70,9 @@ provisioners: ansible_env_vars: - "ANSIBLE_SSH_ARGS='-o HostkeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa'" - "ANSIBLE_PYTHON_INTERPRETER=/usr/bin/python3" + extra_arguments: + - "--scp-extra-args" + - "'-O'" - inline: - rm /boot && mkdir /boot type: shell From 9c822bbba74544097289acec5143a25d3b918793 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Sat, 11 Feb 2023 21:08:39 +0000 Subject: [PATCH 02/20] Update to Debian bookworm --- .gitlab-ci.yml | 2 +- Makefile | 30 +++++++++---------- ...ian-bullseye.yaml => debian-bookworm.yaml} | 4 +-- security-scanner/Dockerfile | 2 +- txt.cfg | 4 +-- 5 files changed, 21 insertions(+), 21 deletions(-) rename packer/{debian-bullseye.yaml => debian-bookworm.yaml} (98%) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a1736a1..b7b0d89 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -74,7 +74,7 @@ security_scanner: services: - docker:dind script: - - scripts/packer.sh debian-bullseye + - scripts/packer.sh debian-bookworm - aws --endpoint-url "$AWS_ENDPOINT_URL" s3 cp images/ "s3://$AWS_BUCKET/$CI_COMMIT_REF_SLUG/$CI_JOB_ID/" --recursive --no-progress artifacts: paths: diff --git a/Makefile b/Makefile index b201b6e..413424f 100644 --- a/Makefile +++ b/Makefile @@ -22,7 +22,7 @@ qemu_network = 10.2.2.0 qemu_netmask = 24 qemu_vm_ip = 10.2.2.10 qemu_disk = tmp/qemu-disk.img -qemu_target ?= debian-bullseye +qemu_target ?= debian-bookworm qemu_kernel = $(qemu_target).linux qemu_torrent = $(qemu_target).torrent qemu_initramfs = $(shell \ @@ -35,7 +35,7 @@ fi \ ci_environment=$(shell env | sed -n 's/^\(CI_.*\)=.*/-e \1/p') .PHONY: default -default: builderimg images/debian-bullseye.squashfs +default: builderimg images/debian-bookworm.squashfs .PHONY: clean clean: @@ -60,7 +60,7 @@ images: [ ! -d "$@" ] && mkdir "$@" touch "$@" -images/debian-bullseye.squashfs: images +images/debian-bookworm.squashfs: images docker run \ --rm \ -v /var/run/docker.sock:/var/run/docker.sock \ @@ -72,9 +72,9 @@ images/debian-bullseye.squashfs: images $(ci_environment) \ "$(DOCKER_IMAGE_BUILDER)" \ scripts/packer.sh \ - debian-bullseye + debian-bookworm -images/debian-bullseye.torrent: images +images/debian-bookworm.torrent: images docker run \ --rm \ -v "${PWD}:${PWD}" \ @@ -82,7 +82,7 @@ images/debian-bullseye.torrent: images -e "WEBSEED=$(WEBSEED)" \ "$(DOCKER_IMAGE_BUILDER)" \ scripts/torrent.sh \ - debian-bullseye + debian-bookworm .PHONY: ansible ansible: @@ -104,24 +104,24 @@ ansible: # updates the initramfs # only used for development -images/debian-bullseye.initramfs.dev: tmp/initramfs-extracted/debian-bullseye packer/initramfs/labsync - cp packer/initramfs/labsync tmp/initramfs-extracted/debian-bullseye/scripts/labsync - (cd tmp/initramfs-extracted/debian-bullseye && find . | cpio -H newc -o | gzip > $(CWD)/images/debian-bullseye.initramfs.dev) +images/debian-bookworm.initramfs.dev: tmp/initramfs-extracted/debian-bookworm packer/initramfs/labsync + cp packer/initramfs/labsync tmp/initramfs-extracted/debian-bookworm/scripts/labsync + (cd tmp/initramfs-extracted/debian-bookworm && find . | cpio -H newc -o | gzip > $(CWD)/images/debian-bookworm.initramfs.dev) tmp: [ ! -d "$@" ] && mkdir "$@" || true -tmp/initramfs-extracted/debian-bullseye: images/debian-bullseye.initramfs - rm -rf tmp/initramfs-extracted/debian-bullseye - mkdir -p tmp/initramfs-extracted/debian-bullseye - (cd tmp/initramfs-extracted/debian-bullseye && zcat "$(CWD)/images/debian-bullseye.initramfs" | cpio -i) - touch tmp/initramfs-extracted/debian-bullseye +tmp/initramfs-extracted/debian-bookworm: images/debian-bookworm.initramfs + rm -rf tmp/initramfs-extracted/debian-bookworm + mkdir -p tmp/initramfs-extracted/debian-bookworm + (cd tmp/initramfs-extracted/debian-bookworm && zcat "$(CWD)/images/debian-bookworm.initramfs" | cpio -i) + touch tmp/initramfs-extracted/debian-bookworm $(qemu_disk): tmp qemu-img create "$@" 20G tmp/netboot.tar.gz: tmp - wget -c -O "$@" https://cdn-aws.deb.debian.org/debian/dists/bullseye/main/installer-amd64/current/images/netboot/netboot.tar.gz + wget -c -O "$@" https://cdn-aws.deb.debian.org/debian/dists/bookworm/main/installer-amd64/current/images/netboot/netboot.tar.gz touch "$@" tmp/tftproot: tmp/netboot.tar.gz diff --git a/packer/debian-bullseye.yaml b/packer/debian-bookworm.yaml similarity index 98% rename from packer/debian-bullseye.yaml rename to packer/debian-bookworm.yaml index 0a7285a..8d9d0a5 100644 --- a/packer/debian-bullseye.yaml +++ b/packer/debian-bookworm.yaml @@ -20,7 +20,7 @@ variables: builders: - discard: true - image: debian:bullseye + image: debian:bookworm type: docker volumes: '{{user `images`}}': /tmp/images @@ -62,7 +62,7 @@ provisioners: - cp $(find /boot/ -name 'vmlinuz-*' | sort -V | tail -n 1) '/tmp/images/{{user `linux_file`}}' type: shell - inline: - - apt-get -y install openssh-server python lsb-release + - apt-get -y install openssh-server python3 lsb-release type: shell - playbook_file: ansible/playbook.yml type: ansible diff --git a/security-scanner/Dockerfile b/security-scanner/Dockerfile index 677e003..10110ad 100644 --- a/security-scanner/Dockerfile +++ b/security-scanner/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bullseye-slim +FROM debian:bookworm-slim RUN apt-get update \ && apt-get -y install \ diff --git a/txt.cfg b/txt.cfg index 1cfc6a4..c61741b 100644 --- a/txt.cfg +++ b/txt.cfg @@ -1,7 +1,7 @@ label labsync menu label ^labsync - kernel images/debian-bullseye.linux - append initrd=images/debian-bullseye.initramfs.dev boot=labsync labsync_disk=sda labsync_partsize_boot=512 labsync_torrent=http://10.2.2.1/debian-bullseye.torrent quiet vga=792 ip=10.2.2.10:::255.255.255.0:qemu-host:ens3:off labsync_wait=pause + kernel images/debian-bookworm.linux + append initrd=images/debian-bookworm.initramfs.dev boot=labsync labsync_disk=sda labsync_partsize_boot=512 labsync_torrent=http://10.2.2.1/debian-bookworm.torrent quiet vga=792 ip=10.2.2.10:::255.255.255.0:qemu-host:ens3:off labsync_wait=pause label install menu label ^Install From 14e7d09c694ae98ac0af82a3dd8e40440f3d276e Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Sat, 11 Feb 2023 22:43:00 +0000 Subject: [PATCH 03/20] Set wiki as homepage --- packer/ansible/roles/firefox/files/policies.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packer/ansible/roles/firefox/files/policies.json b/packer/ansible/roles/firefox/files/policies.json index 65685f9..46d5317 100644 --- a/packer/ansible/roles/firefox/files/policies.json +++ b/packer/ansible/roles/firefox/files/policies.json @@ -19,7 +19,7 @@ "NoDefaultBookmarks": true, "OfferToSaveLogins": true, "Homepage": { - "URL": "about:blank" + "URL": "https://wiki.fablab-nea.de/" }, "OverrideFirstRunPage": "", "SearchEngines": { From db9fc6af8bf51c76ccee441cb24072553080dcee Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Sat, 11 Feb 2023 23:10:35 +0000 Subject: [PATCH 04/20] Remove HTTPS Everywhere It is no longer maintained by EFF and deprecated in favour of native browser support. --- packer/ansible/playbook.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/packer/ansible/playbook.yml b/packer/ansible/playbook.yml index 73983eb..ae8bd60 100644 --- a/packer/ansible/playbook.yml +++ b/packer/ansible/playbook.yml @@ -94,7 +94,6 @@ - de extensions: - uBlock0@raymondhill.net - - https-everywhere@eff.org debian_sections: - main - contrib From 2835e9380a17c935ddb764a3d12aa1e519ee5740 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Sun, 12 Feb 2023 00:00:54 +0000 Subject: [PATCH 05/20] Remove `firmware-and-graphics` package as it is not available on bookworm. --- packer/ansible/playbook.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/packer/ansible/playbook.yml b/packer/ansible/playbook.yml index ae8bd60..8fb1adf 100644 --- a/packer/ansible/playbook.yml +++ b/packer/ansible/playbook.yml @@ -100,8 +100,7 @@ - non-free debian_mirror: http://ftp.de.debian.org/debian hardware: - firmware: - - firmware-amd-graphics + firmware: [] greeting: title: Willkommen im FabLab Bad Windsheim content: > From 1c158dcca275577ebac798b12fb3de2ec6c7ec9c Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Fri, 17 Feb 2023 18:17:37 +0000 Subject: [PATCH 06/20] Add font viewer --- packer/ansible/roles/fonts/tasks/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/packer/ansible/roles/fonts/tasks/main.yml b/packer/ansible/roles/fonts/tasks/main.yml index 2f8f750..6408a58 100644 --- a/packer/ansible/roles/fonts/tasks/main.yml +++ b/packer/ansible/roles/fonts/tasks/main.yml @@ -3,5 +3,11 @@ - import_tasks: google.yml tags: - fonts:google + - name: Install font viewer + apt: + name: + - fontmatrix + tags: + - fonts:fontmatrix tags: - fonts From f64f9028bb81472f613a1dad3a12374b5716c967 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Thu, 9 Mar 2023 23:38:39 +0000 Subject: [PATCH 07/20] Use virtualenv --- .gitlab-ci.yml | 2 +- security-scanner/Dockerfile | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b7b0d89..93829cb 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -57,7 +57,7 @@ security_scanner: script: - set -x - export GITLAB_URL="$(echo "$CI_PROJECT_URL" | grep -Eo '^https?://[^/]*')" - - python3 -m security_scanner $target + - /code/venv/bin/python -m security_scanner $target only: refs: - schedules diff --git a/security-scanner/Dockerfile b/security-scanner/Dockerfile index 10110ad..622e443 100644 --- a/security-scanner/Dockerfile +++ b/security-scanner/Dockerfile @@ -7,14 +7,17 @@ RUN apt-get update \ python3 \ python3-apt \ python3-pip \ + python3-venv \ && rm -rf /var/lib/apt/lists/* COPY setup.py /code/setup.py WORKDIR /code -RUN pip3 install -e . +RUN python3 -m venv --system-site-packages venv + +RUN venv/bin/pip install -e . ADD . /code -RUN python3 setup.py install +RUN venv/bin/python setup.py install From 2db45a612bbd8e2d651833860e14d745ba7e25dc Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Sun, 12 Mar 2023 20:47:19 +0000 Subject: [PATCH 08/20] Disable platformio pip install without venv is not possible on bookworm. As I don't want to fix it now, let's remove it until I have time to fix it properly. --- packer/ansible/roles/fablab/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packer/ansible/roles/fablab/tasks/main.yml b/packer/ansible/roles/fablab/tasks/main.yml index 4702f08..40c6d9a 100644 --- a/packer/ansible/roles/fablab/tasks/main.yml +++ b/packer/ansible/roles/fablab/tasks/main.yml @@ -24,8 +24,8 @@ - import_tasks: prusa.yml tags: - fablab:prusa - - import_tasks: platformio.yml - tags: - - fablab:platformio +# - import_tasks: platformio.yml +# tags: +# - fablab:platformio tags: - fablab From 6f52c72093d2f0dd6e6e2819d3c9734f6bd8a196 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Thu, 6 Apr 2023 21:55:13 +0000 Subject: [PATCH 09/20] Update inkscape-silhouette --- packer/ansible/roles/inkscape/files/inkscape-silhouette | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packer/ansible/roles/inkscape/files/inkscape-silhouette b/packer/ansible/roles/inkscape/files/inkscape-silhouette index 05d9c57..2f40eef 160000 --- a/packer/ansible/roles/inkscape/files/inkscape-silhouette +++ b/packer/ansible/roles/inkscape/files/inkscape-silhouette @@ -1 +1 @@ -Subproject commit 05d9c57336b13028c01c5bfd850431708c934016 +Subproject commit 2f40eef85264eb6646ea7e89cbd4659560b88235 From 76da536bbdaa93a85eeda086ad13c402d5b15ee7 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Thu, 13 Jul 2023 02:10:45 +0000 Subject: [PATCH 10/20] Rename CI token variable --- .gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 93829cb..a173edc 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -23,7 +23,7 @@ dockerimage_builder: - docker:dind script: - docker pull $DOCKER_IMAGE_BUILDER || true - - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY + - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY - make builderimg - docker push $DOCKER_IMAGE_BUILDER tags: @@ -41,7 +41,7 @@ dockerimage_security_scanner: - docker:dind script: - docker pull $DOCKER_IMAGE_SECURITY_SCANNER || true - - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY + - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY - make secscanimg - docker push $DOCKER_IMAGE_SECURITY_SCANNER tags: From 1e0e997f17cf73e8e6b1c9f0d9e73f7dddef8720 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Thu, 13 Jul 2023 10:22:20 +0000 Subject: [PATCH 11/20] Update tags The `dedicated` runner was removed --- .gitlab-ci.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a173edc..c430cd6 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -28,7 +28,6 @@ dockerimage_builder: - docker push $DOCKER_IMAGE_BUILDER tags: - fablab - - ssd except: refs: - schedules @@ -46,7 +45,6 @@ dockerimage_security_scanner: - docker push $DOCKER_IMAGE_SECURITY_SCANNER tags: - fablab - - ssd except: refs: - schedules @@ -66,7 +64,7 @@ security_scanner: - $task == "security-scanner" - $target tags: - - dedicated + - fablab .squashfs_template: &squashfs_template image: $DOCKER_IMAGE_BUILDER From 27ec180b7940d07ae6df334db370e100b56e3d2d Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Thu, 7 Sep 2023 19:31:11 +0000 Subject: [PATCH 12/20] Use lightburn without docker --- .gitlab-ci.yml | 11 ++++ packer/ansible/playbook.yml | 4 ++ .../fablab/files/lightburn/lightburn.desktop | 9 --- .../roles/fablab/files/lightburn/lightburn.sh | 34 ---------- .../ansible/roles/fablab/tasks/lightburn.yml | 66 ------------------- packer/ansible/roles/fablab/tasks/main.yml | 3 - .../fablab/templates/lightburn/lightburn.j2 | 1 - packer/ansible/roles/lightburn/.gitignore | 1 + .../roles/lightburn/files/lightburn.desktop | 6 ++ .../ansible/roles/lightburn/tasks/devices.yml | 34 ++++++++++ .../ansible/roles/lightburn/tasks/install.yml | 13 ++++ packer/ansible/roles/lightburn/tasks/main.yml | 10 +++ 12 files changed, 79 insertions(+), 113 deletions(-) delete mode 100644 packer/ansible/roles/fablab/files/lightburn/lightburn.desktop delete mode 100755 packer/ansible/roles/fablab/files/lightburn/lightburn.sh delete mode 100644 packer/ansible/roles/fablab/tasks/lightburn.yml delete mode 100755 packer/ansible/roles/fablab/templates/lightburn/lightburn.j2 create mode 100644 packer/ansible/roles/lightburn/.gitignore create mode 100644 packer/ansible/roles/lightburn/files/lightburn.desktop create mode 100644 packer/ansible/roles/lightburn/tasks/devices.yml create mode 100644 packer/ansible/roles/lightburn/tasks/install.yml create mode 100644 packer/ansible/roles/lightburn/tasks/main.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c430cd6..77525ea 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -66,6 +66,17 @@ security_scanner: tags: - fablab +lightburn-download: + stage: prepare + image: alpine + script: + - mkdir -p packer/ansible/roles/lightburn/files + - 'wget -O packer/ansible/roles/lightburn/files/lightburn.zip --header "JOB-TOKEN: $CI_JOB_TOKEN" "${CI_SERVER_URL}/api/v4/projects/fablab%2Flightburn-patched/jobs/artifacts/main/download?job=patch-Linux64"' + artifacts: + paths: + - packer/ansible/roles/lightburn/files/lightburn.zip + expire_in: 4 hours + .squashfs_template: &squashfs_template image: $DOCKER_IMAGE_BUILDER stage: build diff --git a/packer/ansible/playbook.yml b/packer/ansible/playbook.yml index 8fb1adf..22db53b 100644 --- a/packer/ansible/playbook.yml +++ b/packer/ansible/playbook.yml @@ -11,6 +11,7 @@ - role: firefox - role: windowmanager - role: inkscape + - role: lightburn - role: fablab - role: hardware - role: docker @@ -109,3 +110,6 @@ Du hast Dich mit einem Gast-Account angemeldet. Alle Daten werden nach der Anmeldung gelöscht. Wenn Du Deine Daten dauerhaft speichern möchtest, lege Dir bitte einen Account an! + lightburn: + devices: + - https://raw.githubusercontent.com/fablab-nea/LaserKutter/main/lightburn/LaserKutter.lbdev diff --git a/packer/ansible/roles/fablab/files/lightburn/lightburn.desktop b/packer/ansible/roles/fablab/files/lightburn/lightburn.desktop deleted file mode 100644 index 90496bc..0000000 --- a/packer/ansible/roles/fablab/files/lightburn/lightburn.desktop +++ /dev/null @@ -1,9 +0,0 @@ -[Desktop Entry] -Name=LightBurn -GenericName=LightBurn -Comment=Laser Cutter Job Control Application -Exec=x-terminal-emulator -e 'sudo /usr/local/bin/lightburn' -Icon=/usr/local/share/lightburn/lightburn.png -Terminal=false -Type=Application -Categories=Graphics diff --git a/packer/ansible/roles/fablab/files/lightburn/lightburn.sh b/packer/ansible/roles/fablab/files/lightburn/lightburn.sh deleted file mode 100755 index 5e84a58..0000000 --- a/packer/ansible/roles/fablab/files/lightburn/lightburn.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env bash - -. /etc/default/lightburn - -if [ ! -z "$SUDO_COMMAND" ] && [ "$SUDO_COMMAND" = "$0" ]; then - home="$(getent passwd "$SUDO_UID" | cut -d: -f6)" - export PUID="$SUDO_UID" - export PGID="$SUDO_GID" -else - home="$HOME" - export PUID=$(id -u) - export PGID=$(id -g) -fi - -config_dir="$home/.config/lightburn" - -mkdir -p "$config_dir" - -media="/media/$(id -un $PUID)" -if [ -e "$media" ]; then - media_volume="-v $media:/media" -fi - -docker run \ - --rm \ - -e PUID \ - -e PGID \ - -e DISPLAY \ - -v /tmp/.X11-unix/:/tmp/.X11-unix/ \ - -v $config_dir:/config/ \ - -v $home:/workdir/ \ - $media_volume \ - --network=none \ - "$LIGHTBURN_DOCKER_IMAGE" diff --git a/packer/ansible/roles/fablab/tasks/lightburn.yml b/packer/ansible/roles/fablab/tasks/lightburn.yml deleted file mode 100644 index 19f9386..0000000 --- a/packer/ansible/roles/fablab/tasks/lightburn.yml +++ /dev/null @@ -1,66 +0,0 @@ ---- -- file: - path: /usr/local/share/lightburn - state: directory - mode: "0755" - owner: root - group: root - -- name: copy icon - copy: - src: lightburn/lightburn.png - dest: /usr/local/share/lightburn/lightburn.png - owner: root - group: root - mode: "0644" - -- name: copy script - copy: - src: lightburn/lightburn.sh - dest: /usr/local/bin/lightburn - owner: root - group: root - mode: "0755" - -- name: add lightburn configuration - template: - src: lightburn/lightburn.j2 - dest: /etc/default/lightburn - owner: root - group: root - mode: "0644" - -- name: add lightburn to applications menu - copy: - src: lightburn/lightburn.desktop - dest: /usr/share/applications/lightburn.desktop - owner: root - group: root - mode: "0644" - -- name: add group - group: - name: lightburn - system: yes - -- name: add sudoers config - copy: - content: "%lightburn ALL=/usr/local/bin/lightburn, NOPASSWD:/usr/local/bin/lightburn\n" - dest: /etc/sudoers.d/lightburn - owner: root - group: root - mode: "0644" - -- name: ensure guest-account settings directory exists - file: - path: /etc/guest-account - state: directory - mode: "0755" - owner: root - group: root - -- name: add lightburn group to guest account - lineinfile: - path: /etc/guest-account/groups - line: lightburn - create: yes diff --git a/packer/ansible/roles/fablab/tasks/main.yml b/packer/ansible/roles/fablab/tasks/main.yml index 40c6d9a..02faee9 100644 --- a/packer/ansible/roles/fablab/tasks/main.yml +++ b/packer/ansible/roles/fablab/tasks/main.yml @@ -18,9 +18,6 @@ - import_tasks: visicut.yml tags: - fablab:visicut - - import_tasks: lightburn.yml - tags: - - fablab:lightburn - import_tasks: prusa.yml tags: - fablab:prusa diff --git a/packer/ansible/roles/fablab/templates/lightburn/lightburn.j2 b/packer/ansible/roles/fablab/templates/lightburn/lightburn.j2 deleted file mode 100755 index bf7cfad..0000000 --- a/packer/ansible/roles/fablab/templates/lightburn/lightburn.j2 +++ /dev/null @@ -1 +0,0 @@ -LIGHTBURN_DOCKER_IMAGE='{{ fablab.lightburn.dockerimage }}' diff --git a/packer/ansible/roles/lightburn/.gitignore b/packer/ansible/roles/lightburn/.gitignore new file mode 100644 index 0000000..c4c4ffc --- /dev/null +++ b/packer/ansible/roles/lightburn/.gitignore @@ -0,0 +1 @@ +*.zip diff --git a/packer/ansible/roles/lightburn/files/lightburn.desktop b/packer/ansible/roles/lightburn/files/lightburn.desktop new file mode 100644 index 0000000..62d3c05 --- /dev/null +++ b/packer/ansible/roles/lightburn/files/lightburn.desktop @@ -0,0 +1,6 @@ +[Desktop Entry] +Name=LightBurn +Exec=/opt/LightBurn/LightBurn +Icon=/opt/LightBurn/LightBurn.png +Type=Application +Categories=Graphics;VectorGraphics;Engineering; diff --git a/packer/ansible/roles/lightburn/tasks/devices.yml b/packer/ansible/roles/lightburn/tasks/devices.yml new file mode 100644 index 0000000..2981a65 --- /dev/null +++ b/packer/ansible/roles/lightburn/tasks/devices.yml @@ -0,0 +1,34 @@ +- name: Download devices files + uri: + url: "{{ device_url }}" + return_content: true + loop: "{{ lightburn.devices }}" + loop_control: + loop_var: device_url + register: lightburn_downloaded_devices + +- name: Create lightburn settings + set_fact: + lightburn_devices: "{{ lightburn_devices | default([]) + [device_settings] }}" + vars: + device_settings: "{{ (device.content | from_json)['DeviceList'][0] }}" + loop: "{{ lightburn_downloaded_devices.results }}" + loop_control: + loop_var: device + label: "{{ device_settings.DisplayName }}" + +- name: Create settings directory + file: + path: "{{ item }}" + state: directory + loop: + - /etc/skel/.config + - /etc/skel/.config/LightBurn + +- name: Create settings file + copy: + dest: /etc/skel/.config/LightBurn/prefs.ini + content: "{{ lightburn_settings | to_nice_json() }}" + vars: + lightburn_settings: + DeviceList: "{{ lightburn_devices }}" diff --git a/packer/ansible/roles/lightburn/tasks/install.yml b/packer/ansible/roles/lightburn/tasks/install.yml new file mode 100644 index 0000000..cd9895d --- /dev/null +++ b/packer/ansible/roles/lightburn/tasks/install.yml @@ -0,0 +1,13 @@ +--- +- name: Extract zip file + unarchive: + src: lightburn.zip + dest: /opt +- name: Create applications directory + file: + path: /usr/local/share/applications/ + state: directory +- name: Copy desktop file + copy: + src: lightburn.desktop + dest: /usr/local/share/applications/lightburn.desktop diff --git a/packer/ansible/roles/lightburn/tasks/main.yml b/packer/ansible/roles/lightburn/tasks/main.yml new file mode 100644 index 0000000..82ab78c --- /dev/null +++ b/packer/ansible/roles/lightburn/tasks/main.yml @@ -0,0 +1,10 @@ +--- +- block: + - import_tasks: install.yml + tags: + - lightburn:install + - import_tasks: devices.yml + tags: + - lightburn:devices + tags: + - lightburn From dbb05df99fcdf5e143188fbda7faa85bb38cd2b9 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Thu, 7 Sep 2023 22:36:48 +0000 Subject: [PATCH 13/20] Remove tags --- .gitlab-ci.yml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 77525ea..670a6ad 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -26,8 +26,6 @@ dockerimage_builder: - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY - make builderimg - docker push $DOCKER_IMAGE_BUILDER - tags: - - fablab except: refs: - schedules @@ -43,8 +41,6 @@ dockerimage_security_scanner: - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY - make secscanimg - docker push $DOCKER_IMAGE_SECURITY_SCANNER - tags: - - fablab except: refs: - schedules @@ -63,8 +59,6 @@ security_scanner: variables: - $task == "security-scanner" - $target - tags: - - fablab lightburn-download: stage: prepare @@ -93,9 +87,6 @@ lightburn-download: - images/*.linux #- images/*.squashfs - images/*.torrent - tags: - - fablab - - ssd squashfs_featurebranch: <<: *squashfs_template From d372cd9f098a79f7fefff1e5c8d74fa3341f5bc0 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Thu, 14 Sep 2023 20:19:04 +0000 Subject: [PATCH 14/20] Move prusa-slicer to own role --- packer/ansible/playbook.yml | 91 ++++++++++--------- packer/ansible/roles/fablab/tasks/main.yml | 3 - .../tasks/configure.yml} | 7 +- .../roles/prusa-slicer/tasks/install.yml | 5 + .../ansible/roles/prusa-slicer/tasks/main.yml | 12 +++ 5 files changed, 64 insertions(+), 54 deletions(-) rename packer/ansible/roles/{fablab/tasks/prusa.yml => prusa-slicer/tasks/configure.yml} (78%) create mode 100644 packer/ansible/roles/prusa-slicer/tasks/install.yml create mode 100644 packer/ansible/roles/prusa-slicer/tasks/main.yml diff --git a/packer/ansible/playbook.yml b/packer/ansible/playbook.yml index 22db53b..b994b60 100644 --- a/packer/ansible/playbook.yml +++ b/packer/ansible/playbook.yml @@ -12,6 +12,7 @@ - role: windowmanager - role: inkscape - role: lightburn + - role: prusa-slicer - role: fablab - role: hardware - role: docker @@ -45,51 +46,6 @@ version: 3.3.1 lightburn: dockerimage: r.jalr.de/fablab/lightburn - prusa_slicer: - settings: | - no_controller = 1 - no_defaults = 1 - preset_update = 0 - show_splash_screen = 0 - use_inches = 0 - version_check = 0 - view_mode = expert - - [filaments] - AmazonBasics TPU @MINI = 1 - Das Filament PLA = 1 - Generic PETG = 1 - Generic PETG @MINI = 1 - Generic PETG @MMU2 = 1 - Generic PLA = 1 - Generic PLA @MMU2 = 1 - Prusament ASA = 1 - Prusament ASA @MINI = 1 - Prusament ASA @MMU2 = 1 - Prusament PC Blend = 1 - Prusament PC Blend @MINI = 1 - Prusament PC Blend @MMU2 = 1 - Prusament PETG = 1 - Prusament PETG @MINI = 1 - Prusament PETG @MMU2 = 1 - Prusament PLA = 1 - Prusament PLA @MMU2 = 1 - Prusament PVB = 1 - Prusament PVB @MMU2 = 1 - Verbatim BVOH = 1 - Verbatim BVOH @MMU2 = 1 - - [presets] - filament = Prusament PLA - physical_printer = - print = 0.15mm QUALITY @MK3 - printer = Original Prusa i3 MK3 - sla_material = - sla_print = - - [vendor:PrusaResearch] - model:MK3 = 0.4 - model:MK3SMMU2S = 0.4 firefox: language_packs: - de @@ -113,3 +69,48 @@ lightburn: devices: - https://raw.githubusercontent.com/fablab-nea/LaserKutter/main/lightburn/LaserKutter.lbdev + prusa_slicer: + settings: | + no_controller = 1 + no_defaults = 1 + preset_update = 0 + show_splash_screen = 0 + use_inches = 0 + version_check = 0 + view_mode = expert + + [filaments] + AmazonBasics TPU @MINI = 1 + Das Filament PLA = 1 + Generic PETG = 1 + Generic PETG @MINI = 1 + Generic PETG @MMU2 = 1 + Generic PLA = 1 + Generic PLA @MMU2 = 1 + Prusament ASA = 1 + Prusament ASA @MINI = 1 + Prusament ASA @MMU2 = 1 + Prusament PC Blend = 1 + Prusament PC Blend @MINI = 1 + Prusament PC Blend @MMU2 = 1 + Prusament PETG = 1 + Prusament PETG @MINI = 1 + Prusament PETG @MMU2 = 1 + Prusament PLA = 1 + Prusament PLA @MMU2 = 1 + Prusament PVB = 1 + Prusament PVB @MMU2 = 1 + Verbatim BVOH = 1 + Verbatim BVOH @MMU2 = 1 + + [presets] + filament = Prusament PLA + physical_printer = + print = 0.15mm QUALITY @MK3 + printer = Original Prusa i3 MK3 + sla_material = + sla_print = + + [vendor:PrusaResearch] + model:MK3 = 0.4 + model:MK3SMMU2S = 0.4 diff --git a/packer/ansible/roles/fablab/tasks/main.yml b/packer/ansible/roles/fablab/tasks/main.yml index 02faee9..1bb8ab5 100644 --- a/packer/ansible/roles/fablab/tasks/main.yml +++ b/packer/ansible/roles/fablab/tasks/main.yml @@ -18,9 +18,6 @@ - import_tasks: visicut.yml tags: - fablab:visicut - - import_tasks: prusa.yml - tags: - - fablab:prusa # - import_tasks: platformio.yml # tags: # - fablab:platformio diff --git a/packer/ansible/roles/fablab/tasks/prusa.yml b/packer/ansible/roles/prusa-slicer/tasks/configure.yml similarity index 78% rename from packer/ansible/roles/fablab/tasks/prusa.yml rename to packer/ansible/roles/prusa-slicer/tasks/configure.yml index 8211e1c..817ae54 100644 --- a/packer/ansible/roles/fablab/tasks/prusa.yml +++ b/packer/ansible/roles/prusa-slicer/tasks/configure.yml @@ -1,9 +1,4 @@ --- -- name: install slic3r-prusa - apt: - name: slic3r-prusa - state: present - - name: create skel directories file: path: "/etc/skel/{{ item }}" @@ -21,5 +16,5 @@ - name: Copy Prusa slicer settings copy: - content: "{{ fablab.prusa_slicer.settings }}" + content: "{{ prusa_slicer.settings }}" dest: /etc/skel/.config/PrusaSlicer/PrusaSlicer.ini diff --git a/packer/ansible/roles/prusa-slicer/tasks/install.yml b/packer/ansible/roles/prusa-slicer/tasks/install.yml new file mode 100644 index 0000000..31a992c --- /dev/null +++ b/packer/ansible/roles/prusa-slicer/tasks/install.yml @@ -0,0 +1,5 @@ +--- +- name: install slic3r-prusa + apt: + name: slic3r-prusa + state: present diff --git a/packer/ansible/roles/prusa-slicer/tasks/main.yml b/packer/ansible/roles/prusa-slicer/tasks/main.yml new file mode 100644 index 0000000..6f1600a --- /dev/null +++ b/packer/ansible/roles/prusa-slicer/tasks/main.yml @@ -0,0 +1,12 @@ +--- +- block: + - import_tasks: install.yml + tags: + - prusa-slicer:install + + - import_tasks: configure.yml + tags: + - prusa-slicer:configure + + tags: + - prusa-slicer From 9e1f29dfd9e89984a6c47872d7b6b3af9534c0ec Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Thu, 14 Sep 2023 22:09:06 +0000 Subject: [PATCH 15/20] Download PrusaSlicer from GitHub --- packer/ansible/playbook.yml | 2 + .../roles/prusa-slicer/defaults/main.yml | 2 + .../files/PrusaGcodeviewer.desktop | 9 +++ .../prusa-slicer/files/PrusaSlicer.desktop | 12 ++++ .../roles/prusa-slicer/tasks/configure.yml | 27 ++++++++- .../tasks/install_from_github.yml | 60 +++++++++++++++++++ .../ansible/roles/prusa-slicer/tasks/main.yml | 8 ++- .../tasks/{install.yml => package.yml} | 0 8 files changed, 117 insertions(+), 3 deletions(-) create mode 100644 packer/ansible/roles/prusa-slicer/defaults/main.yml create mode 100644 packer/ansible/roles/prusa-slicer/files/PrusaGcodeviewer.desktop create mode 100644 packer/ansible/roles/prusa-slicer/files/PrusaSlicer.desktop create mode 100644 packer/ansible/roles/prusa-slicer/tasks/install_from_github.yml rename packer/ansible/roles/prusa-slicer/tasks/{install.yml => package.yml} (100%) diff --git a/packer/ansible/playbook.yml b/packer/ansible/playbook.yml index b994b60..842fcd6 100644 --- a/packer/ansible/playbook.yml +++ b/packer/ansible/playbook.yml @@ -78,6 +78,8 @@ use_inches = 0 version_check = 0 view_mode = expert + tls_accepted_cert_store_location = /etc/ssl/certs/ca-certificates.crt + tls_cert_store_accepted = yes [filaments] AmazonBasics TPU @MINI = 1 diff --git a/packer/ansible/roles/prusa-slicer/defaults/main.yml b/packer/ansible/roles/prusa-slicer/defaults/main.yml new file mode 100644 index 0000000..cd9af8b --- /dev/null +++ b/packer/ansible/roles/prusa-slicer/defaults/main.yml @@ -0,0 +1,2 @@ +--- +prusa_slicer_use_package: false diff --git a/packer/ansible/roles/prusa-slicer/files/PrusaGcodeviewer.desktop b/packer/ansible/roles/prusa-slicer/files/PrusaGcodeviewer.desktop new file mode 100644 index 0000000..51d1b4d --- /dev/null +++ b/packer/ansible/roles/prusa-slicer/files/PrusaGcodeviewer.desktop @@ -0,0 +1,9 @@ +[Desktop Entry] +Name=Prusa GCode viewer +Exec=/opt/PrusaSlicer/bin/prusa-slicer --gcodeviewer %F +Icon=/opt/PrusaSlicer/resources/icons/PrusaSlicer-gcodeviewer.svg +Terminal=false +Type=Application +MimeType=text/x.gcode; +Categories=Graphics;3DGraphics; +Keywords=3D;Printing;Slicer; diff --git a/packer/ansible/roles/prusa-slicer/files/PrusaSlicer.desktop b/packer/ansible/roles/prusa-slicer/files/PrusaSlicer.desktop new file mode 100644 index 0000000..42680f4 --- /dev/null +++ b/packer/ansible/roles/prusa-slicer/files/PrusaSlicer.desktop @@ -0,0 +1,12 @@ +[Desktop Entry] +Name=PrusaSlicer +GenericName=3D Printing Software +Terminal=false +Exec=/opt/PrusaSlicer/bin/prusa-slicer %F +Icon=/opt/PrusaSlicer/resources/icons/PrusaSlicer.png +Type=Application +MimeType=model/stl;application/vnd.ms-3mfdocument;application/prs.wavefront-obj;application/x-amf; +Categories=Graphics;3DGraphics;Engineering; +Keywords=3D;Printing;Slicer;slice;3D;printer;convert;gcode;stl;obj;amf;SLA +StartupNotify=false +StartupWMClass=prusa-slicer diff --git a/packer/ansible/roles/prusa-slicer/tasks/configure.yml b/packer/ansible/roles/prusa-slicer/tasks/configure.yml index 817ae54..c59887b 100644 --- a/packer/ansible/roles/prusa-slicer/tasks/configure.yml +++ b/packer/ansible/roles/prusa-slicer/tasks/configure.yml @@ -1,4 +1,12 @@ --- +- set_fact: + prusa_slicer_profiles_directory: /usr/share/PrusaSlicer/profiles + when: prusa_slicer_use_package | bool + +- set_fact: + prusa_slicer_profiles_directory: /opt/PrusaSlicer/resources/profiles + when: not prusa_slicer_use_package | bool + - name: create skel directories file: path: "/etc/skel/{{ item }}" @@ -10,11 +18,26 @@ - name: create symlink to vendor profiles file: - src: /usr/share/PrusaSlicer/profiles/PrusaResearch.ini + src: "{{ prusa_slicer_profiles_directory }}/PrusaResearch.ini" dest: /etc/skel/.config/PrusaSlicer/vendor/PrusaResearch.ini state: link +- name: Stat /opt/PrusaSlicer + stat: + path: /opt/PrusaSlicer + register: prusa_slicer_stat + +- name: Set version + set_fact: + prusa_slicer_version: "{{ prusa_slicer_stat.stat.lnk_target | regex_replace('^/opt/PrusaSlicer-(.*)-[0-9]{12}$', '\\1') }}" + when: prusa_slicer_stat.stat.exists and prusa_slicer_stat.stat.islnk + +- debug: + var: prusa_slicer_version + - name: Copy Prusa slicer settings copy: - content: "{{ prusa_slicer.settings }}" + content: | + version_system_info_sent = {{ prusa_slicer_version | default('') }} + {{ prusa_slicer.settings }} dest: /etc/skel/.config/PrusaSlicer/PrusaSlicer.ini diff --git a/packer/ansible/roles/prusa-slicer/tasks/install_from_github.yml b/packer/ansible/roles/prusa-slicer/tasks/install_from_github.yml new file mode 100644 index 0000000..c191e33 --- /dev/null +++ b/packer/ansible/roles/prusa-slicer/tasks/install_from_github.yml @@ -0,0 +1,60 @@ +--- +- name: Get latest release + uri: + url: https://api.github.com/repos/prusa3d/PrusaSlicer/releases/latest + return_content: true + register: prusa_slicer_release + +- name: Create tarball tempfile + tempfile: + state: file + suffix: .tar.gz + register: prusa_slicer_tarball + +- name: Select asset + set_fact: + prusa_slicer_asset: "{{ asset }}" + when: "asset.name | regex_search('PrusaSlicer-.*linux-x64-GTK3.*\\.tar\\.bz2$')" + loop: "{{ prusa_slicer_release.json.assets }}" + loop_control: + loop_var: asset + label: "{{ asset.name }}" + +- name: Download release file + get_url: + url: "{{ prusa_slicer_asset.browser_download_url }}" + dest: "{{ prusa_slicer_tarball.path }}" + force: true + +- name: Extract tarball + unarchive: + src: "{{ prusa_slicer_tarball.path }}" + dest: /opt + remote_src: true + +- name: Remove tarball + ansible.builtin.file: + path: "{{ prusa_slicer_tarball.path }}" + state: absent + when: prusa_slicer_tarball.path is defined + +- name: Create symlink + file: + src: "/opt/{{ prusa_slicer_directory }}" + dest: "/opt/PrusaSlicer" + state: link + vars: + prusa_slicer_directory: "{{ prusa_slicer_asset.name | regex_replace('\\.tar\\.bz2$', '') }}" + +- name: Create applications directory + file: + path: /usr/local/share/applications/ + state: directory + +- name: Copy desktop files + copy: + src: "{{ item }}.desktop" + dest: /usr/local/share/applications/{{ item }}.desktop + loop: + - PrusaSlicer + - PrusaGcodeviewer diff --git a/packer/ansible/roles/prusa-slicer/tasks/main.yml b/packer/ansible/roles/prusa-slicer/tasks/main.yml index 6f1600a..2487822 100644 --- a/packer/ansible/roles/prusa-slicer/tasks/main.yml +++ b/packer/ansible/roles/prusa-slicer/tasks/main.yml @@ -1,6 +1,12 @@ --- - block: - - import_tasks: install.yml + - import_tasks: package.yml + when: prusa_slicer_use_package | bool + tags: + - prusa-slicer:install + + - import_tasks: install_from_github.yml + when: not prusa_slicer_use_package | bool tags: - prusa-slicer:install diff --git a/packer/ansible/roles/prusa-slicer/tasks/install.yml b/packer/ansible/roles/prusa-slicer/tasks/package.yml similarity index 100% rename from packer/ansible/roles/prusa-slicer/tasks/install.yml rename to packer/ansible/roles/prusa-slicer/tasks/package.yml From 71122c46b6c06b3ab0a60a283f7a8c224df3c351 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Thu, 14 Sep 2023 22:23:54 +0000 Subject: [PATCH 16/20] Add Ultimaker2 to Prusa slicer --- packer/ansible/playbook.yml | 3 +++ packer/ansible/roles/prusa-slicer/tasks/configure.yml | 7 +++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/packer/ansible/playbook.yml b/packer/ansible/playbook.yml index 842fcd6..773a7bc 100644 --- a/packer/ansible/playbook.yml +++ b/packer/ansible/playbook.yml @@ -116,3 +116,6 @@ [vendor:PrusaResearch] model:MK3 = 0.4 model:MK3SMMU2S = 0.4 + + [vendor:Ultimaker] + model:ULTIMAKER2 = 0.4 diff --git a/packer/ansible/roles/prusa-slicer/tasks/configure.yml b/packer/ansible/roles/prusa-slicer/tasks/configure.yml index c59887b..649fb4d 100644 --- a/packer/ansible/roles/prusa-slicer/tasks/configure.yml +++ b/packer/ansible/roles/prusa-slicer/tasks/configure.yml @@ -18,9 +18,12 @@ - name: create symlink to vendor profiles file: - src: "{{ prusa_slicer_profiles_directory }}/PrusaResearch.ini" - dest: /etc/skel/.config/PrusaSlicer/vendor/PrusaResearch.ini + src: "{{ prusa_slicer_profiles_directory }}/{{ item }}.ini" + dest: /etc/skel/.config/PrusaSlicer/vendor/{{ item }}.ini state: link + loop: + - PrusaResearch + - Ultimaker - name: Stat /opt/PrusaSlicer stat: From a649d9686e9f3c5a52cbd8491269d6d01e25a66c Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Sun, 1 Oct 2023 19:59:03 +0000 Subject: [PATCH 17/20] Build docker image only when necessary --- .gitlab-ci.yml | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 670a6ad..ef8bbab 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -6,7 +6,7 @@ variables: PACKER_VERSION: 1.4.3 ANNOUNCE: http://labsync.lab.fablab-nea.de:6969/announce WEBSEED: http://labsync.lab.fablab-nea.de/labsync/$CI_COMMIT_REF_NAME/$CI_PIPELINE_ID/images - DOCKER_IMAGE_BUILDER: ${CI_REGISTRY_IMAGE}/labsync-builder:$CI_COMMIT_REF_SLUG + DOCKER_IMAGE_BUILDER: ${CI_REGISTRY_IMAGE}/labsync-builder:main DOCKER_IMAGE_SECURITY_SCANNER: ${CI_REGISTRY_IMAGE}/security-scanner:$CI_COMMIT_REF_SLUG DOCKER_TLS_CERTDIR: "" @@ -21,14 +21,26 @@ dockerimage_builder: - apk add --no-cache make services: - docker:dind + variables: + DOCKER_IMAGE_BUILDER: ${CI_REGISTRY_IMAGE}/labsync-builder:$CI_COMMIT_REF_SLUG script: - docker pull $DOCKER_IMAGE_BUILDER || true - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY - make builderimg - docker push $DOCKER_IMAGE_BUILDER - except: - refs: - - schedules + - echo "DOCKER_IMAGE_BUILDER=$DOCKER_IMAGE_BUILDER" >> build.env + artifacts: + reports: + dotenv: build.env + rules: + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH + when: on_success + - if: + changes: + paths: + - builder + compare_to: main + when: on_success dockerimage_security_scanner: stage: prepare From 0acc97e09eb8c6a7a30b88acd9252b9e47be13d2 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Wed, 4 Oct 2023 15:32:47 +0000 Subject: [PATCH 18/20] Print docker images --- .gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ef8bbab..c1ca052 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -89,6 +89,8 @@ lightburn-download: services: - docker:dind script: + - echo DOCKER_IMAGE_BUILDER=$DOCKER_IMAGE_BUILDER + - echo DOCKER_IMAGE_SECURITY_SCANNER=$DOCKER_IMAGE_SECURITY_SCANNER - scripts/packer.sh debian-bookworm - aws --endpoint-url "$AWS_ENDPOINT_URL" s3 cp images/ "s3://$AWS_BUCKET/$CI_COMMIT_REF_SLUG/$CI_JOB_ID/" --recursive --no-progress artifacts: From 8e8647fdbd5de91f69c95c566393a3bab66a2853 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Wed, 4 Oct 2023 15:30:59 +0000 Subject: [PATCH 19/20] Fix path matching --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c1ca052..aa2492f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -38,7 +38,7 @@ dockerimage_builder: - if: changes: paths: - - builder + - builder/**/* compare_to: main when: on_success From f6070572faadff6e9bfb0c463417ae1323c534f0 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Wed, 4 Oct 2023 15:11:34 +0000 Subject: [PATCH 20/20] Build security-scanner image only when necessary --- .gitlab-ci.yml | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index aa2492f..5b8b6f3 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -7,7 +7,7 @@ variables: ANNOUNCE: http://labsync.lab.fablab-nea.de:6969/announce WEBSEED: http://labsync.lab.fablab-nea.de/labsync/$CI_COMMIT_REF_NAME/$CI_PIPELINE_ID/images DOCKER_IMAGE_BUILDER: ${CI_REGISTRY_IMAGE}/labsync-builder:main - DOCKER_IMAGE_SECURITY_SCANNER: ${CI_REGISTRY_IMAGE}/security-scanner:$CI_COMMIT_REF_SLUG + DOCKER_IMAGE_SECURITY_SCANNER: ${CI_REGISTRY_IMAGE}/security-scanner:main DOCKER_TLS_CERTDIR: "" stages: @@ -53,9 +53,19 @@ dockerimage_security_scanner: - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY - make secscanimg - docker push $DOCKER_IMAGE_SECURITY_SCANNER - except: - refs: - - schedules + - echo "DOCKER_IMAGE_SECURITY_SCANNER=${CI_REGISTRY_IMAGE}/security-scanner:$CI_COMMIT_REF_SLUG" >> build.env + artifacts: + reports: + dotenv: build.env + rules: + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH + when: on_success + - if: + changes: + paths: + - security-scanner/**/* + compare_to: main + when: on_success security_scanner: stage: check