libops
diff --git a/‎.github/workflows/build-push.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/build-push.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎base/Dockerfile‎
Lines changed: 63 additions & 0 deletions b/‎base/Dockerfile‎
Lines changed: 63 additions & 0 deletions
diff --git a/‎base/rootfs/usr/local/bin/create-service-user.sh‎
Lines changed: 109 additions & 0 deletions b/‎base/rootfs/usr/local/bin/create-service-user.sh‎
Lines changed: 109 additions & 0 deletions
diff --git a/‎base/rootfs/usr/local/bin/download.sh‎
Lines changed: 171 additions & 0 deletions b/‎base/rootfs/usr/local/bin/download.sh‎
Lines changed: 171 additions & 0 deletions
diff --git a/‎go1.25/Dockerfile‎
Lines changed: 0 additions & 39 deletions b/‎go1.25/Dockerfile‎
Lines changed: 0 additions & 39 deletions
diff --git a/‎go1.25/rootfs/etc/s6-overlay/s6-rc.d/goapp/dependencies.d/container-environment‎ b/‎go1.25/rootfs/etc/s6-overlay/s6-rc.d/goapp/dependencies.d/container-environment‎
@@ -9,7 +9,7 @@ jobs:
       fail-fast: false
       matrix:
         dir:
-          - go1.25
+          - base
     uses: libops/.github/.github/workflows/build-push-ghcr.yaml@main
     with:
       image: ${{ matrix.dir }}
 
@@ -0,0 +1,63 @@
+FROM alpine:3.23@sha256:865b95f46d98cf867a156fe4a135ad3fe50d2056aa3f25ed31662dff6da4eb62
+
+ARG \
+    TARGETARCH \
+    # renovate: datasource=repology depName=alpine_3_23/bash
+    BASH_VERSION=5.3.3-r1 \
+    # renovate: datasource=repology depName=alpine_3_23/ca-certificates
+    CA_CERTIFICATES_VERSION=20251003-r0 \
+    # renovate: datasource=repology depName=alpine_3_23/curl
+    CURL_VERSION=8.17.0-r1 \
+    # renovate: datasource=repology depName=alpine_3_23/git
+    GIT_VERSION=2.52.0-r0 \
+    # renovate: datasource=repology depName=alpine_3_23/gnupg
+    GNUPG_VERSION=2.4.8-r1 \
+    # renovate: datasource=repology depName=alpine_3_23/go
+    GO_VERSION=1.25.5-r0 \
+    # renovate: datasource=repology depName=alpine_3_23/gzip
+    GZIP_VERSION=1.14-r2 \
+    # renovate: datasource=repology depName=alpine_3_23/jq
+    JQ_VERSION=1.8.1-r0 \
+    # renovate: datasource=repology depName=alpine_3_23/mariadb-client
+    MARIADB_CLIENT_VERSION=11.4.9-r0 \
+    # renovate: datasource=repology depName=alpine_3_23/netcat-openbsd
+    NETCAT_OPENBSD_VERSION=1.234.1-r0 \
+    # renovate: datasource=repology depName=alpine_3_23/openssl
+    OPENSSL_VERSION=3.5.4-r0 \
+    # renovate: datasource=repology depName=alpine_3_23/patch
+    PATCH_VERSION=2.8-r0 \
+    # renovate: datasource=repology depName=alpine_3_23/postgresql18-client
+    POSTGRES_CLIENT_VERSION=18.1-r0 \
+    # renovate: datasource=repology depName=alpine_3_23/procps-ng
+    PROCPS_VERSION=4.0.5-r0 \
+    # renovate: datasource=repology depName=alpine_3_23/shadow
+    SHADOW_VERSION=4.18.0-r0 \
+    # renovate: datasource=repology depName=alpine_3_23/util-linux
+    UTIL_LINUX_VERSION=2.41.2-r0 \
+    # renovate: datasource=repology depName=alpine_3_23/yq-go
+    YQ_VERSION=4.49.2-r1
+
+RUN --mount=type=cache,id=base-apk-${TARGETARCH},sharing=locked,target=/var/cache/apk \
+    ln -s /var/cache/apk /etc/apk/cache && \
+    apk add \
+    bash=="${BASH_VERSION}" \
+    ca-certificates=="${CA_CERTIFICATES_VERSION}" \
+    curl=="${CURL_VERSION}" \
+    git=="${GIT_VERSION}" \
+    gnupg=="${GNUPG_VERSION}" \
+    go=="${GO_VERSION}" \
+    gzip=="${GZIP_VERSION}" \
+    jq=="${JQ_VERSION}" \
+    mariadb-client=="${MARIADB_CLIENT_VERSION}" \
+    netcat-openbsd=="${NETCAT_OPENBSD_VERSION}" \
+    openssl=="${OPENSSL_VERSION}" \
+    patch=="${PATCH_VERSION}" \
+    postgresql18-client=="${POSTGRES_CLIENT_VERSION}" \
+    procps=="${PROCPS_VERSION}" \
+    shadow=="${SHADOW_VERSION}" \
+    util-linux=="${UTIL_LINUX_VERSION}" \
+    yq=="${YQ_VERSION}"
+
+COPY --link rootfs /
+
+RUN create-service-user.sh --name goapp
@@ -0,0 +1,109 @@
+#!/usr/bin/env bash
+set -e
+
+ARGS=("$@")
+PROGNAME=$(basename "$0")
+readonly ARGS PROGNAME
+
+function usage() {
+    cat <<-EOF
+    usage: $PROGNAME options [DIR]...
+
+    Creates a user/group for the service and as well as a directory in /opt
+    ensuring that all files are owned by that user/group.
+
+    Additional parameters are directories to be created, and owned by the new
+    user/group.
+
+    OPTIONS:
+       -n --name          The name of the user (used to create user/group and home directory).
+       -g --group         The secondary group to add the user to (Optional).
+       -h --help          Show this help.
+       -x --debug         Debug this script.
+
+    Examples:
+       Create user/group "activemq" and home folder /opt/activemq:
+       $PROGNAME --name "activemq"
+EOF
+}
+
+function cmdline() {
+    local arg=
+    for arg; do
+        local delim=""
+        case "$arg" in
+        # Translate --gnu-long-options to -g (short options)
+        --name) args="${args}-n " ;;
+        --group) args="${args}-g " ;;
+        --help) args="${args}-h " ;;
+        --debug) args="${args}-x " ;;
+        # Pass through anything else
+        *)
+            [[ "${arg:0:1}" == "-" ]] || delim="\""
+            args="${args}${delim}${arg}${delim} "
+            ;;
+        esac
+    done
+
+    # Reset the positional parameters to the short options
+    eval set -- "${args}"
+
+    while getopts "n:g:hx" OPTION; do
+        case $OPTION in
+        n)
+            readonly NAME=${OPTARG}
+            ;;
+        g)
+            readonly GROUP=${OPTARG}
+            ;;
+        h)
+            usage
+            exit 0
+            ;;
+        x)
+            set -x
+            ;;
+        *)
+            echo "Invalid Option: $OPTION" >&2
+            usage
+            exit 1
+            ;;
+        esac
+    done
+
+    if [[ ! -v NAME ]]; then
+        echo "Missing one or more required options: --name" >&2
+        exit 1
+    fi
+
+    # All remaning parameters are directories to be created.
+    shift $((OPTIND - 1))
+    DIRECTORIES=("$@")
+    readonly DIRECTORIES
+
+    return 0
+}
+
+function main {
+    local install_directory user group
+    cmdline "${ARGS[@]}"
+
+    install_directory="/opt/${NAME}"
+    user="${NAME}"
+    group="${NAME}"
+    mkdir -p "${install_directory}"
+    addgroup "${group}" # Primary group is always the same as the name.
+    # Users that run services should permit login and should not require passwords.
+    adduser --system --disabled-password --no-create-home --ingroup "${group}" --shell /sbin/nologin --home "${install_directory}" "${user}"
+    # User also needs to be a member of tty to write directly to /dev/stdout, etc.
+    addgroup "${user}" tty
+    # Optional secondary group.
+    if [[ -v GROUP ]]; then
+        addgroup "${NAME}" "${GROUP}"
+    fi
+    if ((${#DIRECTORIES[@]})); then
+        mkdir -p "${DIRECTORIES[@]}"
+    fi
+    chown -R "${user}:${group}" "${install_directory}" "${DIRECTORIES[@]}"
+}
+main
@@ -0,0 +1,171 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+ARGS=("$@")
+PROGNAME=$(basename "$0")
+readonly ARGS PROGNAME
+
+function usage {
+    cat <<-EOF
+    usage: $PROGNAME options
+
+    Downloads the file at the given url to the download cache folder.
+
+    Does not re-download the file it already exists and matches the given checksum.
+
+    Unpacks the file if the destination option is given.
+
+    Download is placed in the directory ${DOWNLOAD_CACHE_DIRECTORY}.
+
+    OPTIONS:
+       -u --url           The url of the file to download.
+       -c --sha256        The sha256 checksum to use to validate the download.
+       -d --dest          The location to unpack file into (optional).
+       -s --strip         Exclude the root folder when unpacking (optional, not supported with gzip or jar).
+       -h --help          Show this help.
+       -x --debug         Debug this script.
+
+    Examples:
+       $PROGNAME  \\
+        --url https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-amd64.tar.gz
+        --sha256 7f3aba1d803543dd1df3944d014f055112cf8dadf0a583c76dd5f46578ebe3c2 \\
+        --dest /opt/s6-overlay
+EOF
+}
+
+function cmdline {
+    local arg=
+    local args=
+    for arg; do
+        local delim=""
+        case "$arg" in
+        # Translate --gnu-long-options to -g (short options)
+        --url) args="${args}-u " ;;
+        --sha256) args="${args}-c " ;;
+        --dest) args="${args}-d " ;;
+        --strip) args="${args}-s " ;;
+        --help) args="${args}-h " ;;
+        --debug) args="${args}-x " ;;
+        # Pass through anything else
+        *)
+            [[ "${arg:0:1}" == "-" ]] || delim="\""
+            args="${args}${delim}${arg}${delim} "
+            ;;
+        esac
+    done
+
+    # Reset the positional parameters to the short options
+    eval set -- "${args}"
+
+    while getopts "u:c:d:shx" OPTION; do
+        case $OPTION in
+        u)
+            readonly URL=${OPTARG}
+            ;;
+        c)
+            readonly CHECKSUM=${OPTARG}
+            ;;
+        d)
+            readonly DEST=${OPTARG}
+            ;;
+        s)
+            readonly STRIP=true
+            ;;
+        h)
+            usage
+            exit 0
+            ;;
+        x)
+            set -x
+            ;;
+        *)
+            echo "Invalid Option: $OPTION" >&2
+            usage
+            exit 1
+            ;;
+        esac
+    done
+
+    if [[ -z $URL || -z $CHECKSUM ]]; then
+        echo "Missing one or more required options: --url --sha256"
+        exit 1
+    fi
+
+    # All remaning parameters are files to be removed from the installation.
+    shift $((OPTIND-1))
+    readonly REMOVE=("$@")
+
+    return 0
+}
+
+function validate {
+    local file=${1}
+    sha256sum "${file}" | cut -f1 -d' ' | xargs test "${CHECKSUM}" ==
+}
+
+function unpack {
+    local file="${1}"
+    local dest="${2}"
+    local args=()
+    local filename=
+    mkdir -p "${dest}"
+    if [[ -v STRIP ]]; then
+        args+=("--strip-components" "1")
+    fi
+    filename=$(basename "${file}")
+    case "${file}" in
+    *.tar.xz | *.txz)
+        tar -xf "${file}" -C "${dest}" "${args[@]}"
+        ;;
+    *.tar.gz | *.tgz)
+        tar -xzf "${file}" -C "${dest}" "${args[@]}"
+        ;;
+    *.gz | *.gzip)
+        gunzip "${file}" -f -c > "${dest}/${filename%.*}"
+        ;;
+    *.zip | *.war)
+        if [[ -v STRIP ]]; then
+            mkdir -p /tmp/unpack
+            unzip "${file}" -d /tmp/unpack
+            mv "$(find /tmp/unpack/ -type d -mindepth 1 -maxdepth 1)"/* "${dest}"
+            rm -fr /tmp/unpack
+        else
+            unzip "${file}" -d "${dest}"
+        fi
+        ;;
+    *.jar)
+        cp "${file}" "${dest}"
+        ;;
+    *)
+        echo "Unable to unpack ${file} please update script to support additional formats." >&2
+        exit 1
+        ;;
+    esac
+    # Remove extraneous files.
+    for i in "${REMOVE[@]}"; do
+        rm -fr "${dest:?}/${i}"
+    done
+}
+
+function main {
+    local file
+    cmdline "${ARGS[@]}"
+
+    DOWNLOAD_CACHE_DIRECTORY=${DOWNLOAD_CACHE_DIRECTORY:-/tmp}
+    file="${DOWNLOAD_CACHE_DIRECTORY:?}/$(basename "${URL}")"
+    # Remove the downloaded file if it exist and does not match the checksum so that it can be downloaded again.
+    if [ -f "${file}" ] && ! validate "${file}"; then
+        rm "${file}"
+    fi
+    curl \
+      -o "${DOWNLOAD_CACHE_DIRECTORY}/$(basename "${URL}")" \
+      -z "${DOWNLOAD_CACHE_DIRECTORY}/$(basename "${URL}")" \
+      -L "${URL}"
+    # Return non-zero if the checksum does not match the downloaded file.
+    validate "${file}"
+    if [[ -v DEST ]]; then
+        unpack "${file}" "${DEST}"
+    fi
+}
+main