BREAKING: use setup.sh instead of Dockerfile

Instead of causing infinite amounts of traffic per day, only ship a
preconfigured setup.sh file with SNAPSHOT containers and ask the
downstream user to run `setup.sh` on their own.

Signed-off-by: Paul Spooren <mail@aparcar.org>

.github/workflows/containers.yml

@@ -20,16 +20,10 @@ on:
         description: "Prefix for the image name (add '-' at the end)"
         required: false
 
-  # schedule:
-  #   - cron: "0 5 * * *" # daily snapshot
-  #   - cron: "0 6 * * *" # daily 23.05-SNAPSHOT
-  #   - cron: "0 7 * * 2" # weekly 22.03-SNAPSHOT
-  #   - cron: "0 8 16 * *" # monthly 21.02-SNAPSHOT
-
 jobs:
   generate_matrix:
     name: Set matrix
-    runs-on: ${{ (github.event_name != 'pull_request') && fromJSON('[ "docker-builder", "Linux", "X64" ]') || 'ubuntu-latest' }}
+    runs-on: ubuntu-latest
 
     outputs:
       imagebuilders: ${{ steps.find_targets.outputs.imagebuilders }}
@@ -39,24 +33,22 @@ jobs:
       version: ${{ steps.find_targets.outputs.version }}
       version_path: ${{ steps.find_targets.outputs.version_path }}
       file_host: ${{ steps.find_targets.outputs.file_host }}
+      run_setup: ${{ steps.find_targets.outputs.run_setup }}
 
     steps:
       - name: Set release to 23.05-SNAPSHOT
-        if: github.event.schedule == '0 6 * * *'
         run: |
           echo "VERSION=23.05-SNAPSHOT" >> "$GITHUB_ENV"
           echo "VERSION_PATH=releases/23.05-SNAPSHOT" >> "$GITHUB_ENV"
           echo "REF=openwrt-23.05" >> "$GITHUB_ENV"
 
       - name: Set release to 22.03-SNAPSHOT
-        if: github.event.schedule == '0 7 * * 2'
         run: |
           echo "VERSION=22.03-SNAPSHOT" >> "$GITHUB_ENV"
           echo "VERSION_PATH=releases/22.03-SNAPSHOT" >> "$GITHUB_ENV"
           echo "REF=openwrt-22.03" >> "$GITHUB_ENV"
 
       - name: Set release to 21.02-SNAPSHOT
-        if: github.event.schedule == '0 8 16 * *'
         run: |
           echo "VERSION=21.02-SNAPSHOT" >> "$GITHUB_ENV"
           echo "VERSION_PATH=releases/21.02-SNAPSHOT" >> "$GITHUB_ENV"
@@ -80,6 +72,7 @@ jobs:
             v*)
               VERSION=${REF//v/}
               echo "VERSION_PATH=releases/$VERSION" >> "$GITHUB_ENV"
+              echo "RUN_SETUP=1" >> "$GITHUB_ENV"
             ;;
             *)
               echo "No tag or branch found"
@@ -170,7 +163,7 @@ jobs:
 
   push-imagebuilder-container:
     name: ImageBuilder
-    runs-on: ${{ (github.event_name != 'pull_request') && fromJSON('[ "docker-builder", "Linux", "X64" ]') || 'ubuntu-latest' }}
+    runs-on: ubuntu-latest
     needs: generate_matrix
     strategy:
       fail-fast: False
@@ -230,13 +223,14 @@ jobs:
             VERSION_PATH=${{ needs.generate_matrix.outputs.version_path }}
             TARGET=${{ matrix.target }}
             FILE_HOST=${{ needs.generate_matrix.outputs.file_host }}
+            RUN_SETUP=${{ needs.generate_matrix.outputs.run_setup }}
 
       - name: Cleanup Docker containers
         run: docker system prune -f
 
   push-sdk-container:
     name: SDK
-    runs-on: ${{ (github.event_name != 'pull_request') && fromJSON('[ "docker-builder", "Linux", "X64" ]') || 'ubuntu-latest' }}
+    runs-on: ubuntu-latest
     needs: generate_matrix
     strategy:
       fail-fast: False
@@ -350,6 +344,7 @@ jobs:
             VERSION_PATH=${{ needs.generate_matrix.outputs.version_path }}
             TARGET=${{ matrix.target }}
             FILE_HOST=${{ needs.generate_matrix.outputs.file_host }}
+            RUN_SETUP=${{ needs.generate_matrix.outputs.run_setup }}
           labels: ${{ steps.meta_ref.outputs.labels }}
 
       - name: Cleanup Docker containers
@@ -357,7 +352,7 @@ jobs:
 
   push-rootfs-container:
     name: RootFS
-    runs-on: ${{ (github.event_name != 'pull_request') && fromJSON('[ "docker-builder", "Linux", "X64" ]') || 'ubuntu-latest' }}
+    runs-on: ubuntu-latest
     needs: generate_matrix
     if: needs.generate_matrix.outputs.rootfs != '{"include":[]}'
     strategy:
@@ -432,6 +427,7 @@ jobs:
             BASE_IMAGE=scratch
             CMD=ash
             FILE_HOST=${{ needs.generate_matrix.outputs.file_host }}
+            RUN_SETUP=${{ needs.generate_matrix.outputs.run_setup }}
           EOF' >> $GITHUB_OUTPUT
 
       - name: Build

Dockerfile

@@ -1,54 +1,30 @@
-ARG BASE_IMAGE=ghcr.io/openwrt/buildbot/buildworker-v3.11.8:latest
+ARG BASE_IMAGE=ghcr.io/openwrt/buildbot/buildworker-v3.11.8:v20
 
-FROM ghcr.io/openwrt/buildbot/buildworker-v3.11.8:latest
+FROM $BASE_IMAGE
+ARG USER=buildbot
+ARG WORKDIR=/builder/
+ARG CMD="/bin/bash"
 
-WORKDIR /build/
-
-# use "sdk-.*.Linux-x86_64.tar.xz" to create the SDK
 ARG DOWNLOAD_FILE="imagebuilder-.*x86_64.tar.[xz|zst]"
 ARG TARGET=x86/64
 ARG FILE_HOST=downloads.openwrt.org
 ARG VERSION_PATH
 
-# if $VERSION is empty fallback to snapshots
-ENV VERSION_PATH=${VERSION_PATH:-snapshots}
-ENV DOWNLOAD_PATH=$VERSION_PATH/targets/$TARGET
-
-RUN curl "https://$FILE_HOST/$DOWNLOAD_PATH/sha256sums" -fs -o sha256sums
-RUN curl "https://$FILE_HOST/$DOWNLOAD_PATH/sha256sums.asc" -fs -o sha256sums.asc || true
-RUN curl "https://$FILE_HOST/$DOWNLOAD_PATH/sha256sums.sig" -fs -o sha256sums.sig || true
-
-ADD keys/*.asc keys/
-RUN gpg --import keys/*.asc
-RUN gpg --with-fingerprint --verify sha256sums.asc sha256sums
-
-# determine archive name
-RUN echo $(grep "$DOWNLOAD_FILE" sha256sums | cut -d "*" -f 2) >> ~/file_name
-
-# download imagebuilder/sdk archive
-RUN wget --quiet "https://$FILE_HOST/$DOWNLOAD_PATH/$(cat ~/file_name)"
-
-# shrink checksum file to single desired file and verify downloaded archive
-RUN grep "$(cat ~/file_name)" sha256sums > sha256sums_min
-RUN cat sha256sums_min
-RUN sha256sum -c sha256sums_min
-
-# cleanup
-RUN rm -rf sha256sums{,_min,.sig,.asc} keys/
-
-RUN tar xf "$(cat ~/file_name)" --strip=1 --no-same-owner -C .
-RUN rm -rf "$(cat ~/file_name)"
-
-FROM $BASE_IMAGE
-
-ARG USER=buildbot
-ARG WORKDIR=/builder/
-ARG CMD="/bin/bash"
+ENV DOWNLOAD_FILE=$DOWNLOAD_FILE
+ENV TARGET=$TARGET
+ENV FILE_HOST=$FILE_HOST
+ENV VERSION_PATH=$VERSION_PATH
 
 USER $USER
 WORKDIR $WORKDIR
 
-COPY --from=0 --chown=$USER:$USER /build/ ./
+ADD --chown=buildbot:buildbot keys/*.asc /builder/keys/
+RUN gpg --import /builder/keys/*.asc && rm -rf /builder/keys/
+
+COPY --chmod=0755 setup.sh /builder/setup.sh
+
+ARG RUN_SETUP=0
+RUN if [ "$RUN_SETUP" -eq 1 ]; then /builder/setup.sh; fi
 
 ENTRYPOINT [ ]
 

README.md

@@ -4,10 +4,16 @@
 [![CI][ci-badge]][ci-ref]
 [![Docker Hub][docker-hub-badge]][docker-hub-ref]
 
-
 This repository contains files to create OpenWrt containers. While mostly used
 for our CI you may use the scripts to build containers on your own.
 
+> [!WARNING]
+> Starting with the branch of OpenWrt 24.10 any snapshot (aka nightly) builds no
+> longer contain the actual binaries but instead a `setup.sh` script. The
+> environment variables are set automatically per contaier to download the
+> correct archive containing the SDK/ImageBuilder/rootfs. This reduces
+> dramatically bandwidth and storage usage. Sorry for the inconvenience.
+
 Available containers:
 
 * `sdk` compile OpenWrt packages

setup.sh

@@ -0,0 +1,30 @@
+set -e
+
+# the inputs:
+TARGET="${TARGET:-x86/64}"
+VERSION_PATH="${VERSION_PATH:-snapshots}"
+UPSTREAM_URL="${UPSTREAM_URL:-https://downloads.openwrt.org}"
+DOWNLOAD_FILE="${DOWNLOAD_FILE:-imagebuilder-.*x86_64.tar.[xz|zst]}"
+DOWNLOAD_PATH="$VERSION_PATH/targets/$TARGET"
+
+wget "$UPSTREAM_URL/$DOWNLOAD_PATH/sha256sums" -O sha256sums
+wget "$UPSTREAM_URL/$DOWNLOAD_PATH/sha256sums.asc" -O sha256sums.asc
+
+gpg --with-fingerprint --verify sha256sums.asc sha256sums
+
+# determine archive name
+file_name="$(grep "$DOWNLOAD_FILE" sha256sums | cut -d "*" -f 2)"
+
+# download imagebuilder/sdk archive
+wget "$UPSTREAM_URL/$DOWNLOAD_PATH/$file_name"
+
+# shrink checksum file to single desired file and verify downloaded archive
+grep "$file_name" sha256sums > sha256sums_min
+cat sha256sums_min
+sha256sum -c sha256sums_min
+
+# cleanup
+rm -vrf sha256sums{,_min,.asc} keys/
+
+tar xf "$file_name" --strip=1 --no-same-owner -C .
+rm -vrf "$file_name"