From 914b2158fcfdae7968e0f7b3b83971cf82001265 Mon Sep 17 00:00:00 2001
From: nkraetzschmar <9020053+nkraetzschmar@users.noreply.github.com>
Date: Tue, 5 Dec 2023 16:41:00 +0100
Subject: [PATCH] use snapshot

---
 .github/workflows/build_container.yml | 43 ++++++++++++++++-----------
 container/build.containerfile         | 15 +++++-----
 container/crossbuild.containerfile    | 18 ++++++-----
 3 files changed, 44 insertions(+), 32 deletions(-)

diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml
index 0d9f862..111c88a 100644
--- a/.github/workflows/build_container.yml
+++ b/.github/workflows/build_container.yml
@@ -1,4 +1,13 @@
-on: push
+on:
+  push:
+  workflow_dispatch:
+    inputs:
+      version:
+        type: string
+        default: latest
+      publish:
+        type: boolean
+        default: false
 jobs:
   build:
     name: build (host=${{ matrix.host }}, target=${{ matrix.target }})
@@ -16,35 +25,35 @@ jobs:
         run: |
           set -x
           if [ ${{ matrix.host }} = ${{ matrix.target }} ]; then
-            podman build --build-arg arch=${{ matrix.host }} -f build.containerfile -t ghcr.io/${{ github.repository }}/${{ matrix.host }}:${{ matrix.target }} .
+            podman build --build-arg arch=${{ matrix.host }} -f build.containerfile -t ghcr.io/${{ github.repository }}/host-${{ matrix.host }}/target-${{ matrix.target }}:${{ inputs.version || 'latest' || 'latest' }} .
           else
             case ${{ matrix.target }} in
               amd64) gnu_arch=x86-64 ;;
               arm64v8) gnu_arch=aarch64 ;;
             esac
-            podman build --build-arg native_arch=${{ matrix.host }} --build-arg target_arch=${{ matrix.target }} --build-arg gnu_arch=$gnu_arch -f crossbuild.containerfile -t ghcr.io/${{ github.repository }}/${{ matrix.host }}:${{ matrix.target }} .
+            podman build --build-arg native_arch=${{ matrix.host }} --build-arg target_arch=${{ matrix.target }} --build-arg gnu_arch=$gnu_arch -f crossbuild.containerfile -t ghcr.io/${{ github.repository }}/host-${{ matrix.host }}/target-${{ matrix.target }}:${{ inputs.version || 'latest' || 'latest' }} .
           fi
       - name: publish
-        if: ${{ github.ref == 'refs/heads/main' }}
+        if: ${{ inputs.publish }}
         run: |
           podman login -u token -p ${{ github.token }} ghcr.io
-          podman push ghcr.io/${{ github.repository }}/${{ matrix.host }}:${{ matrix.target }}
-          podman inspect ghcr.io/${{ github.repository }}/${{ matrix.host }}:${{ matrix.target }}
+          podman push ghcr.io/${{ github.repository }}/host-${{ matrix.host }}/target-${{ matrix.target }}:${{ inputs.version || 'latest' || 'latest' }}
+          podman inspect ghcr.io/${{ github.repository }}/host-${{ matrix.host }}/target-${{ matrix.target }}:${{ inputs.version || 'latest' || 'latest' }}
   publish:
     runs-on: ubuntu-latest
     needs: build
-    if: ${{ github.ref == 'refs/heads/main' }}
+    if: ${{ inputs.publish }}
     steps:
       - name: publish
         run: |
           podman login -u token -p ${{ github.token }} ghcr.io
-          podman manifest create ghcr.io/${{ github.repository }}:amd64
-          podman manifest add --arch amd64 ghcr.io/${{ github.repository }}:amd64 ghcr.io/${{ github.repository }}/amd64:amd64
-          podman manifest add --arch arm64 ghcr.io/${{ github.repository }}:amd64 ghcr.io/${{ github.repository }}/arm64v8:amd64
-          podman push ghcr.io/${{ github.repository }}:amd64
-          podman manifest inspect ghcr.io/${{ github.repository }}:amd64
-          podman manifest create ghcr.io/${{ github.repository }}:arm64v8
-          podman manifest add --arch amd64 ghcr.io/${{ github.repository }}:arm64v8 ghcr.io/${{ github.repository }}/amd64:arm64v8
-          podman manifest add --arch arm64 ghcr.io/${{ github.repository }}:arm64v8 ghcr.io/${{ github.repository }}/arm64v8:arm64v8
-          podman push ghcr.io/${{ github.repository }}:arm64v8
-          podman manifest inspect ghcr.io/${{ github.repository }}:arm64v8
+          podman manifest create ghcr.io/${{ github.repository }}/target-amd64:${{ inputs.version || 'latest' }}
+          podman manifest add --arch amd64 ghcr.io/${{ github.repository }}/target-amd64:${{ inputs.version || 'latest' }} ghcr.io/${{ github.repository }}/host-amd64/target-amd64:${{ inputs.version || 'latest' }}
+          podman manifest add --arch arm64 ghcr.io/${{ github.repository }}/target-amd64:${{ inputs.version || 'latest' }} ghcr.io/${{ github.repository }}/host-arm64/target-amd64:${{ inputs.version || 'latest' }}
+          podman push ghcr.io/${{ github.repository }}/target-amd64:${{ inputs.version || 'latest' }}
+          podman manifest inspect ghcr.io/${{ github.repository }}/target-amd64:${{ inputs.version || 'latest' }}
+          podman manifest create ghcr.io/${{ github.repository }}/target-arm64v8:${{ inputs.version || 'latest' }}
+          podman manifest add --arch amd64 ghcr.io/${{ github.repository }}/target-arm64v8:${{ inputs.version || 'latest' }} ghcr.io/${{ github.repository }}/host-amd64/target-arm64v8:${{ inputs.version || 'latest' }}
+          podman manifest add --arch arm64 ghcr.io/${{ github.repository }}/target-arm64v8:${{ inputs.version || 'latest' }} ghcr.io/${{ github.repository }}/host-arm64/target-arm64v8:${{ inputs.version || 'latest' }}
+          podman push ghcr.io/${{ github.repository }}/target-arm64v8:${{ inputs.version || 'latest' }}
+          podman manifest inspect ghcr.io/${{ github.repository }}/target-arm64v8:${{ inputs.version || 'latest' }}
diff --git a/container/build.containerfile b/container/build.containerfile
index 5589788..cd7cb90 100755
--- a/container/build.containerfile
+++ b/container/build.containerfile
@@ -1,7 +1,8 @@
-ARG image=debian:testing
 ARG arch=amd64
+ARG version=latest
+ARG image=ghcr.io/gardenlinux/package-snapshot/$arch:$version
 
-FROM $arch/$image AS mini_sudo
+FROM $image AS mini_sudo
 WORKDIR /tmp
 RUN apt-get update \
     && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y gcc libc-dev
@@ -9,13 +10,9 @@ COPY mini_sudo.c ./
 RUN gcc -Wall -Werror -static -o sudo mini_sudo.c \
     && install -m 6755 sudo /usr/local/bin/sudo
 
-FROM $arch/$image
+FROM $image
 WORKDIR /tmp
 COPY bin /usr/local/bin
-RUN mkdir /pkgs \
-    && touch /pkgs/Packages \
-    && echo 'deb [trusted=yes] file:/pkgs /' >> /etc/apt/sources.list \
-    && echo -e 'Package: *\nPin: origin ""\nPin-Priority: 900' > /etc/apt/preferences.d/local-pkgs
 COPY pkgs ./
 RUN apt-get update \
     && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y build-essential ca-certificates debhelper devscripts git sudo yq $(awk '{ print $1 }' pkgs) \
@@ -25,6 +22,10 @@ RUN gcc --print-search-dir \
     && gcc -o main main.c \
     && ./main
 RUN find /tmp -mindepth 1 -delete
+RUN mkdir /pkgs \
+    && touch /pkgs/Packages \
+    && echo 'deb [trusted=yes] file:/pkgs /' >> /etc/apt/sources.list \
+    && printf 'Package: *\nPin: origin ""\nPin-Priority: 900\n' > /etc/apt/preferences.d/local-pkgs
 COPY --from=mini_sudo /usr/local/bin/sudo /usr/local/bin/sudo
 RUN groupadd dev && useradd -m -g dev dev
 USER dev
diff --git a/container/crossbuild.containerfile b/container/crossbuild.containerfile
index 5af43de..ac06575 100644
--- a/container/crossbuild.containerfile
+++ b/container/crossbuild.containerfile
@@ -1,8 +1,10 @@
-ARG image=debian:testing
 ARG native_arch=amd64
 ARG target_arch=arm64v8
+ARG version=latest
+ARG native_image=ghcr.io/gardenlinux/package-snapshot/$native_arch:$version
+ARG target_image=ghcr.io/gardenlinux/package-snapshot/$target_arch:$version
 
-FROM $native_arch/$image AS mini_sudo
+FROM $native_image AS mini_sudo
 WORKDIR /tmp
 RUN apt-get update \
     && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y gcc libc-dev
@@ -10,7 +12,7 @@ COPY mini_sudo.c ./
 RUN gcc -Wall -Werror -static -o sudo mini_sudo.c \
     && install -m 6755 sudo /usr/local/bin/sudo
 
-FROM $native_arch/$image AS native
+FROM $native_image AS native
 ARG gnu_arch=aarch64
 WORKDIR /tmp
 COPY pkg setup_native ./
@@ -18,13 +20,9 @@ RUN apt-get update \
     && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y bbe patchelf $(sed 's/\$arch/'"$gnu_arch"'/' pkgs | awk '{ print $NF }') \
     && ./setup_native export $(sed 's/\$arch/'"$gnu_arch"'/' pkgs | awk '{ print $NF }')
 
-FROM $target_arch/$image
+FROM $target_image
 WORKDIR /tmp
 COPY bin /usr/local/bin
-RUN mkdir /pkgs \
-    && touch /pkgs/Packages \
-    && echo 'deb [trusted=yes] file:/pkgs /' >> /etc/apt/sources.list \
-    && echo -e 'Package: *\nPin: origin ""\nPin-Priority: 900' > /etc/apt/preferences.d/local-pkgs
 COPY pkgs setup_native ./
 RUN apt-get update \
     && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y build-essential ca-certificates debhelper devscripts git yq $(awk '{ print $1 }' pkgs) \
@@ -36,6 +34,10 @@ RUN gcc --print-search-dir \
     && gcc -o main main.c \
     && ./main
 RUN find /tmp -mindepth 1 -delete
+RUN mkdir /pkgs \
+    && touch /pkgs/Packages \
+    && echo 'deb [trusted=yes] file:/pkgs /' >> /etc/apt/sources.list \
+    && printf 'Package: *\nPin: origin ""\nPin-Priority: 900\n' > /etc/apt/preferences.d/local-pkgs
 COPY --from=mini_sudo /usr/local/bin/sudo /usr/local/bin/sudo
 RUN groupadd dev && useradd -m -g dev dev
 USER dev