CD/CD consolidation

2025-12-26 17:32:23 +02:00
parent a866eb6277
commit c786faae84
638 changed files with 3821 additions and 181 deletions
--- a/devops/docker/Dockerfile.ci
+++ b/devops/docker/Dockerfile.ci
@@ -0,0 +1,150 @@
+# Dockerfile.ci - Local CI testing container matching Gitea runner environment
+# Sprint: SPRINT_20251226_006_CICD
+#
+# Usage:
+#   docker build -t stellaops-ci:local -f devops/docker/Dockerfile.ci .
+#   docker run --rm -v $(pwd):/src stellaops-ci:local ./devops/scripts/test-local.sh
+
+FROM ubuntu:22.04
+
+LABEL org.opencontainers.image.title="StellaOps CI"
+LABEL org.opencontainers.image.description="Local CI testing environment matching Gitea runner"
+LABEL org.opencontainers.image.source="https://git.stella-ops.org/stella-ops.org/git.stella-ops.org"
+
+# Environment variables
+ENV DEBIAN_FRONTEND=noninteractive
+ENV DOTNET_VERSION=10.0.100
+ENV NODE_VERSION=20
+ENV HELM_VERSION=3.16.0
+ENV COSIGN_VERSION=2.2.4
+ENV TZ=UTC
+
+# Disable .NET telemetry
+ENV DOTNET_NOLOGO=1
+ENV DOTNET_CLI_TELEMETRY_OPTOUT=1
+ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1
+
+# .NET paths
+ENV DOTNET_ROOT=/usr/share/dotnet
+ENV PATH="/usr/share/dotnet:/root/.dotnet/tools:${PATH}"
+
+# ===========================================================================
+# BASE DEPENDENCIES
+# ===========================================================================
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    # Core utilities
+    curl \
+    wget \
+    gnupg2 \
+    ca-certificates \
+    git \
+    unzip \
+    jq \
+    # Build tools
+    build-essential \
+    # Docker CLI (for DinD scenarios)
+    docker.io \
+    docker-compose-plugin \
+    # Cross-compilation
+    binutils-aarch64-linux-gnu \
+    # Python (for scripts)
+    python3 \
+    python3-pip \
+    # Locales
+    locales \
+    && rm -rf /var/lib/apt/lists/*
+
+# Set locale
+RUN locale-gen en_US.UTF-8
+ENV LANG=en_US.UTF-8
+ENV LANGUAGE=en_US:en
+ENV LC_ALL=en_US.UTF-8
+
+# ===========================================================================
+# POSTGRESQL CLIENT 16
+# ===========================================================================
+
+RUN curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /usr/share/keyrings/postgresql-archive-keyring.gpg \
+    && echo "deb [signed-by=/usr/share/keyrings/postgresql-archive-keyring.gpg] http://apt.postgresql.org/pub/repos/apt jammy-pgdg main" > /etc/apt/sources.list.d/pgdg.list \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends postgresql-client-16 \
+    && rm -rf /var/lib/apt/lists/*
+
+# ===========================================================================
+# .NET 10 SDK
+# ===========================================================================
+
+RUN curl -fsSL https://dot.net/v1/dotnet-install.sh -o /tmp/dotnet-install.sh \
+    && chmod +x /tmp/dotnet-install.sh \
+    && /tmp/dotnet-install.sh --version ${DOTNET_VERSION} --install-dir /usr/share/dotnet \
+    && rm /tmp/dotnet-install.sh \
+    && dotnet --version
+
+# Install common .NET tools
+RUN dotnet tool install -g trx2junit \
+    && dotnet tool install -g dotnet-reportgenerator-globaltool
+
+# ===========================================================================
+# NODE.JS 20
+# ===========================================================================
+
+RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
+    && apt-get install -y --no-install-recommends nodejs \
+    && rm -rf /var/lib/apt/lists/* \
+    && node --version \
+    && npm --version
+
+# ===========================================================================
+# HELM 3.16.0
+# ===========================================================================
+
+RUN curl -fsSL https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz | \
+    tar -xzf - -C /tmp \
+    && mv /tmp/linux-amd64/helm /usr/local/bin/helm \
+    && rm -rf /tmp/linux-amd64 \
+    && helm version
+
+# ===========================================================================
+# COSIGN
+# ===========================================================================
+
+RUN curl -fsSL https://github.com/sigstore/cosign/releases/download/v${COSIGN_VERSION}/cosign-linux-amd64 \
+    -o /usr/local/bin/cosign \
+    && chmod +x /usr/local/bin/cosign \
+    && cosign version
+
+# ===========================================================================
+# SYFT (SBOM generation)
+# ===========================================================================
+
+RUN curl -fsSL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
+
+# ===========================================================================
+# SETUP
+# ===========================================================================
+
+WORKDIR /src
+
+# Create non-root user for safer execution (optional)
+RUN useradd -m -s /bin/bash ciuser \
+    && mkdir -p /home/ciuser/.dotnet/tools \
+    && chown -R ciuser:ciuser /home/ciuser
+
+# Health check script
+COPY --chmod=755 <<'EOF' /usr/local/bin/ci-health-check
+#!/bin/bash
+set -e
+echo "=== CI Environment Health Check ==="
+echo "OS: $(cat /etc/os-release | grep PRETTY_NAME | cut -d= -f2)"
+echo ".NET: $(dotnet --version)"
+echo "Node: $(node --version)"
+echo "npm: $(npm --version)"
+echo "Helm: $(helm version --short)"
+echo "Cosign: $(cosign version 2>&1 | head -1)"
+echo "Docker: $(docker --version 2>/dev/null || echo 'Not available')"
+echo "PostgreSQL client: $(psql --version)"
+echo "=== All checks passed ==="
+EOF
+
+ENTRYPOINT ["/bin/bash"]