update

- Get source package version from the public altlinux api.
- Add build options: --dry-run, --push, --skip-build, --latest
- Separate build and push stages of images

.gitea/workflows/testscript

@@ -24,20 +24,25 @@ do
     then imgpath="$2-$1/$IM:latest"
   fi
 
+  entrypoint='/usr/bin/sh'
+  if [[ $1 == 'p10' ]]
+    then entrypoint='/bin/sh'
+  fi
+
   command="echo empty_command"
   if [[ $test != '' ]]; then
-    command="podman run --rm --entrypoint=\"/bin/sh\" $3/$imgpath -c \"$test\""
+    command="podman run --rm --entrypoint=\"$entrypoint\" $3/$imgpath -c \"$test\""
   else
-    if [[ $IM = 'distroless-true' ]]; then
+    if [[ $IM == 'distroless-true' ]]; then
       command="podman run --rm $3/$imgpath \"true\""
     fi
-    if [[ $IM = 'distroless-gotop' ]]; then 
+    if [[ $IM == 'distroless-gotop' ]]; then 
       command="podman run --rm $3/$imgpath \"--version\""
     fi 
-    if [[ $IM = 'flannel-cni-plugin' ]]; then
+    if [[ $IM == 'flannel-cni-plugin' ]]; then
       command="podman run --rm $3/$imgpath \"/flannel\""
     fi
-    if [[ $IM = 'pause' ]]; then 
+    if [[ $IM == 'pause' ]]; then 
       command="podman run --rm $3/$imgpath \"/pause\" \"-v\""
     fi 
   fi

.gitea/workflows/wf_full_p11.yaml

@@ -0,0 +1,133 @@
+name: Full building alt images
+on:
+  push:
+    tags:
+      - 'p11_*'
+
+jobs:
+  build-process:
+    runs-on: alt-sisyphus
+    outputs:
+      branch: ${{ env.BRANCH }}
+      org: ${{ env.ORG }}
+      url: ${{ env.URL }}
+      repo: ${{ env.REPO }}
+      buildres: ${{ steps.build-script.outcome }}
+    steps:
+      - name: Check workspace
+        run: |
+          repourl=$(echo $GU | cut -d '/' -f 3)
+          echo "URL=$repourl" >> ${GITHUB_ENV}
+          echo $repourl
+          reponame=$(echo $GR | cut -d '/' -f 1)
+          echo "REPO=$reponame" >> ${GITHUB_ENV}
+          echo $reponame
+        env:
+          GU: ${{ gitea.server_url }}
+          GR: ${{ gitea.repository }}
+      - name: Set repo for p11 (Temporary)
+        if: ${{ contains(github.ref_name, 'p11') }}
+        run: |
+          echo "event tag=${{ github.ref_name }}" 
+          echo "10.4.0.3        update.altsp.su" >> /etc/hosts
+          echo "cat /etc/hosts"
+          cat /etc/hosts 
+      - name: Update apt
+        uses: actions/init-alt-env@v1
+      - name: Install requires
+        run: |
+          echo "apt-get install -y python3-module-tomli python3-module-jinja2 podman buildah jq curl"
+          apt-get install -y python3-module-tomli python3-module-jinja2 podman buildah jq curl
+          echo "apt-get install -y qemu-user-static-binfmt-aarch64 qemu-user-static-binfmt-arm qemu-user-static-binfmt-ppc"
+          apt-get install -y qemu-user-static-binfmt-aarch64 qemu-user-static-binfmt-arm qemu-user-static-binfmt-ppc          
+      - name: Check out current repo
+        uses: actions/checkout@v4
+      - name: Parse target branch and tag from events context, save to env                                
+        env:
+          EV: ${{ toJson(gitea.event) }}                                         
+        run: |
+          echo $EV | jq '.ref' -r | sed "s/refs\/tags\//BRANCH=/g" | cut -d '_' -f 1
+          echo $EV | jq '.ref' -r | sed "s/refs\/tags\//BRANCH=/g" | cut -d '_' -f 1 >> ${GITHUB_ENV}
+          org=$(echo $EV | jq '.ref' -r | sed 's/refs\/tags\///g' | cut -d '_' -f 2)
+          echo "ORG=$org" >> ${GITHUB_ENV}                              
+          echo "ORG=$org"
+      - name: Login podman gitea
+        run: |
+          echo "podman login ${{ env.URL }}"
+          podman login --username $P_USER --password $P_PASS ${{ env.URL }}          
+        env:
+          P_USER: ${{ secrets.PODMAN_USER }}
+          P_PASS: ${{ secrets.PODMAN_PASS }}
+      - name: Run building script
+        id: build-script
+        run: |
+          build_args="-b $BR -o $ORG --skip-images alt/distroless-devel"          
+          if [[ $ORG == 'k8s' ]]; then build_args="$build_args --tags tags.toml --overwrite-organization $ORG-$BR --skip-images k8s/kube-apiserver k8s/kube-controller-manager k8s/kube-proxy k8s/kube-scheduler"; fi
+          echo "build.py $build_args"
+          ${{ gitea.workspace }}/build.py $build_args
+        env:
+          ORG: ${{ env.ORG }}
+          BR: ${{ env.BRANCH }}
+        continue-on-error: true
+      - name: Send notification if build crashed
+        if: ${{ steps.build-script.outcome != 'success' }}
+        run: |
+          issueid=1
+          body="Building images finish with some errors."
+          curl -X 'POST' "$URL/api/v1/repos/$REPO/image-forge/issues/$issueid/comments?token=$T" -H 'accept: application/json' -H 'Content-Type: application/json' -d "{ \"body\": \"$body\" }" -s
+          echo "notification about test error is sent to issue $issueid"
+        env:
+          T: ${{ secrets.TOKEN }}
+          BR: ${{ env.BRANCH }}
+          URL: ${{ gitea.server_url }}
+          REPO: ${{ env.REPO }}
+      - name: Delete event tag
+        run: |
+          tagname=$(echo $EV | jq '.ref' -r | sed "s/refs\/tags\///g")
+          curl -X 'DELETE' "$URL/api/v1/repos/$REPO/image-forge/tags/$tagname?token=$T" -H 'accept: application/json' -s
+          echo "tag $tagname is deleted"                    
+        env:
+          T: ${{ secrets.TOKEN }}
+          BR: ${{ env.BRANCH }}
+          URL: ${{ gitea.server_url }}
+          REPO: ${{ env.REPO }}
+          EV: ${{ toJson(gitea.event) }}
+  test-process:
+    needs: build-process
+    if: ${{ needs.build-process.outputs.buildres == 'success' }}
+    runs-on: alt-sisyphus
+    steps:
+      - name: Update apt
+        uses: actions/init-alt-env@v1
+      - name: Install requires
+        run: |
+          echo "apt-get install -y python3-module-tomli python3-module-jinja2 podman buildah jq curl"
+          apt-get install -y python3-module-tomli python3-module-jinja2 podman buildah jq curl
+      - name: Check out current repo
+        uses: https://gitea.com/actions/checkout@v4
+      - name: Test
+        id: test-script
+        continue-on-error: true
+        run: |
+          $WS/.gitea/workflows/testscript $BR $ORG $URL $REPO $WS
+          cat haserr.log >> ${GITHUB_ENV}
+          echo "test process finished"
+        env:
+          BR: ${{ needs.build-process.outputs.branch }}
+          ORG: ${{ needs.build-process.outputs.org }}
+          URL: ${{ needs.build-process.outputs.url }}
+          REPO: ${{ needs.build-process.outputs.repo }}
+          WS: ${{ gitea.workspace }}
+      - name: Send notification if test crashed
+        if: ${{ env.ERR == 'true' || steps.test-script.outcome == 'failure' }}
+        run: |
+          issueid=1
+          errors=$(cat errors.log)
+          body="Testing images finish with some errors. $errors"
+          curl -X 'POST' "$URL/api/v1/repos/$REPO/image-forge/issues/$issueid/comments?token=$T" -H 'accept: application/json' -H 'Content-Type: application/json' -d "{ \"body\": \"$body\" }" -s
+          echo "notification about test error is sent to issue $issueid"
+        env:
+          T: ${{ secrets.TOKEN }}
+          BR: ${{ needs.build-process.outputs.branch }}
+          URL: ${{ gitea.server_url }}
+          REPO: ${{ needs.build-process.outputs.repo }}

.gitea/workflows/wf_single.yaml

@@ -0,0 +1,147 @@
+name: Building alt images
+on:
+  push:
+    tags:
+      - '*_*/*'
+
+jobs:
+  build-process:
+    runs-on: alt-latest
+    outputs:
+      branch: ${{ env.BRANCH }}
+      image: ${{ env.IMAGE }}
+      url: ${{ env.URL }}
+      repo: ${{ env.REPO }}
+      buildres: ${{ steps.build-script.outcome }}
+      test: ${{ env.TEST }}
+    steps:
+      - name: Check workspace
+        run: |
+          repourl=$(echo $GU | cut -d '/' -f 3)
+          echo "URL=$repourl" >> ${GITHUB_ENV}
+          echo "URL=$repourl"
+          reponame=$(echo $GR | cut -d '/' -f 1)
+          echo "REPO=$reponame" >> ${GITHUB_ENV} 
+          echo "REPO=$reponame"
+        env:
+          GU: ${{ gitea.server_url }}
+          GR: ${{ gitea.repository }}
+      - name: Update apt
+        uses: actions/init-alt-env@v1
+      - name: Install requires
+        run: |
+          echo "apt-get install -y python3-module-tomli python3-module-jinja2 podman buildah jq curl"
+          apt-get install -y python3-module-tomli python3-module-jinja2 podman buildah jq curl
+          echo "apt-get install -y qemu-user-static-binfmt-aarch64 qemu-user-static-binfmt-arm qemu-user-static-binfmt-ppc"
+          apt-get install -y qemu-user-static-binfmt-aarch64 qemu-user-static-binfmt-arm qemu-user-static-binfmt-ppc          
+      - name: Check out current repo
+        uses: actions/checkout@v4
+      - name: Login podman gitea
+        run: |
+          echo "podman login ${{ env.URL }}"
+          podman login --username $P_USER --password $P_PASS ${{ env.URL }}          
+        env:
+          P_USER: ${{ secrets.PODMAN_USER }}
+          P_PASS: ${{ secrets.PODMAN_PASS }}
+      - name: Check files in the repository
+        run: |
+          ls -a ${{ gitea.workspace }}          
+      - name: Parse target branch and tag from events context, save to env                                
+        env:
+          EV: ${{ toJson(gitea.event) }}                                         
+        run: |
+          echo $EV | jq '.ref' -r | sed "s/refs\/tags\//BRANCH=/g" | cut -d '_' -f 1
+          echo $EV | jq '.ref' -r | sed "s/refs\/tags\//BRANCH=/g" | cut -d '_' -f 1 >> ${GITHUB_ENV}
+          localimage=$(echo $EV | jq '.ref' -r | sed 's/refs\/tags\///g' | cut -d '_' -f 2)
+          echo "IMAGE=$localimage" >> ${GITHUB_ENV}                              
+          echo "IMAGE=$localimage"          
+      - name: Get test for image
+        run: |
+          if test -f ${{ gitea.workspace }}/org/$IM/test; then testscript=$(cat ${{ gitea.workspace }}/org/$IM/test); else testscript=""; fi
+          echo "TEST=$testscript" >> ${GITHUB_ENV}          
+        env:                                     
+          IM: ${{ env.IMAGE }}
+          BR: ${{ env.BRANCH }}
+      - name: Run building script
+        id: build-script
+        run: |
+          echo "build.py -i $IM -b $BR"
+          ${{ gitea.workspace }}/build.py -i $IM -b $BR          
+        env:
+          IM: ${{ env.IMAGE }}
+          BR: ${{ env.BRANCH }}
+        continue-on-error: true
+      - name: Send notification if build crashed
+        if: ${{ steps.build-script.outcome != 'success' }}
+        run: |
+          issueid=1
+          body="Building image $IM finish with some errors."
+          curl -X 'POST' "$URL/api/v1/repos/$REPO/image-forge/issues/$issueid/comments?token=$T" -H 'accept: application/json' -H 'Content-Type: application/json' -d "{ \"body\": \"$body\" }" -s
+          echo "notification about test error is sent to issue $issueid"          
+        env:
+          T: ${{ secrets.TOKEN }}
+          BR: ${{ env.BRANCH }}
+          URL: ${{ gitea.server_url }}
+          REPO: ${{ env.REPO }}
+          IM: ${{ env.IMAGE }}
+      - name: Delete event tag
+        run: |
+          tagname=$(echo $EV | jq '.ref' -r | sed "s/refs\/tags\///g")
+          curl -X 'DELETE' "$URL/api/v1/repos/$REPO/image-forge/tags/$tagname?token=$T" -H 'accept: application/json' -s
+          echo "tag $tagname is deleted"                              
+        env:
+          T: ${{ secrets.TOKEN }}
+          BR: ${{ env.BRANCH }}
+          URL: ${{ gitea.server_url }}
+          REPO: ${{ env.REPO }}
+          EV: ${{ toJson(gitea.event) }}
+  test-process:
+    needs: build-process
+    if: ${{ needs.build-process.outputs.buildres == 'success' }}
+    runs-on: alt-latest
+    steps:
+      - name: Update apt
+        uses: https://gitea.basealt.ru/actions/init-alt-env@v1
+      - name: Install requires
+        run: |
+          echo "apt-get install -y python3-module-tomli python3-module-jinja2 podman buildah curl"
+          apt-get install -y python3-module-tomli python3-module-jinja2 podman buildah curl                 
+      - name: Run test
+        id: test-script
+        if: ${{ needs.build-process.outputs.test != '' }}
+        continue-on-error: true
+        run: |
+          if [[ $BR = 'p10' ]]; then podman run --rm --entrypoint="/bin/sh" $URL/$IM:$BR -c "$TEST"; else podman run --rm --entrypoint="/usr/bin/sh" $URL/$IM:$BR -c "$TEST"; fi
+        env:                
+          IM: ${{ needs.build-process.outputs.image }} 
+          BR: ${{ needs.build-process.outputs.branch }}
+          URL: ${{ needs.build-process.outputs.url }}  
+          REPO: ${{ needs.build-process.outputs.repo }}
+          TEST: ${{ needs.build-process.outputs.test }}
+      - name: Run special test
+        id: special-test
+        if: ${{ needs.build-process.outputs.test == '' }}
+        continue-on-error: true
+        run: |
+          if [[ $IM = 'alt/distroless-true' ]]; then podman run --rm $URL/$IM:$BR true; fi
+          if [[ $IM = 'alt/distroless-gotop' ]]; then podman run --rm $URL/$IM:$BR --version; fi
+        env:
+          IM: ${{ needs.build-process.outputs.image }}
+          BR: ${{ needs.build-process.outputs.branch }}
+          URL: ${{ needs.build-process.outputs.url }}
+          REPO: ${{ needs.build-process.outputs.repo }}
+      - name: Send notification if test crashed
+        if: ${{ steps.test-script.outcome == 'failure' || steps.special-test.outcome == 'failure' }}
+        run: |
+          issueid=1
+          errors=$(cat errors.log)
+          body="Testing image $IM finish with some errors."
+          curl -X 'POST' "$URL/api/v1/repos/$REPO/image-forge/issues/$issueid/comments?token=$T" -H 'accept: application/json' -H 'Content-Type: application/json' -d "{ \"body\": \"$body\" }" -s
+          echo "notification about test error is sent to issue $issueid"          
+        env:
+          T: ${{ secrets.TOKEN }}
+          BR: ${{ needs.build-process.outputs.branch }}
+          URL: ${{ gitea.server_url }}
+          REPO: ${{ needs.build-process.outputs.repo }}
+          IM: ${{ needs.build-process.outputs.image }}
+

README.md

@@ -1,5 +1,22 @@
 # image-forge
 
+## Wrapper
+
+### Examples
+
+From the repository
+
+```shell
+image-build -b sisyphus -r registry.altlinux.org --prefix=k8s-sisyphus kube-apiserver kubernetes1.28
+```
+
+From a task
+
+```shell
+image-build -b sisyphus -r test.registry.altlinux.org -t 335250 --prefix=k8s-sisyphus kube-apiserver kubernetes1.28
+```
+
+
 ## alt images
 To build `alt` images, run:
 ```bash
@@ -29,6 +46,7 @@ If you push to the users repository, then organiztion is your username.
 ## Dependencies
 On x86_64 machine using p10 branch you need:
 - `python3-module-tomli`
+- `python3-module-jinja2`
 - `qemu-user-static-binfmt-aarch64` to build for arm64 architecture
 - `qemu-user-static-binfmt-arm` to build for arm architecture
 - `qemu-user-static-binfmt-ppc` to build for ppc64le architecture

build.py

@@ -15,6 +15,7 @@ from jinja2 import Template
 
 ORG_DIR = Path("org")
 
+PKG_VERSION: str = ""
 
 class Image:
     def __init__(self, canonical_name):
@@ -578,6 +579,7 @@ class DockerBuilder:
             "--force-rm",
             f"--manifest={manifest}",
             f"--platform={platforms}",
+            f'--build-arg=PKG_VERSION={PKG_VERSION}',
             ".",
         ]
         self.run(build_cmd, cwd=image.path)
@@ -639,7 +641,7 @@ class ImagesInfo:
 def parse_args():
     stages = ["build", "remove_dockerfiles", "render_dockerfiles", "push"]
     arches = ["amd64", "386", "arm64"]
-    branches = ["p10", "sisyphus", "c10f1", "c10f2"]
+    branches = ["p11", "p10", "sisyphus", "c10f1", "c10f2"]
     organizations = list(ORG_DIR.iterdir())
     images = [f"{o.name}/{i.name}" for o in organizations for i in o.iterdir()]
     organizations = [o.name for o in organizations]
@@ -749,6 +751,10 @@ def parse_args():
         choices=stages,
         help="list of stages to skip",
     )
+    parser.add_argument(
+        "--package-version",
+        help="from which package to build",
+    )
     args = parser.parse_args()
 
     args.stages = set(args.stages) - set(args.skip_stages)
@@ -760,7 +766,10 @@ def parse_args():
 
 
 def main():
+    global PKG_VERSION
+
     args = parse_args()
+    PKG_VERSION = args.package_version
     arches = args.arches
     images_info = ImagesInfo()
     tags = Tags(args.tags, args.latest)

image-build

@@ -0,0 +1,328 @@
+#!/bin/sh
+
+set -uo pipefail
+
+PROG='image-build'
+HELP_MSG="$(cat <<EOF
+$PROG - build an OCI image from a package
+
+Usage: $PROG [options] <image name> <package name>
+
+Options:
+  -b <branch>		package repository branch
+  -r <registry>		OCI destination registry
+  -t <task id>		task id
+  --latest		also tag this image as latest
+  --push		push the image to the registry after build
+  --skip-build		if push is true, then skip the build stage
+  --dry-run		only print what would be done
+  --prefix <prefix>	image name prefix
+  --help		show this text and exit
+
+Notes:
+  The image is only pushed to the destination registry
+  if the option --push is present.
+EOF
+)"
+
+function show_help() {
+	printf '%s' "$HELP_MSG"
+	exit
+}
+
+function show_usage() {
+	echo "$PROG: $1" >&2
+	echo "Try \`image-build --help' for more information." >&2
+	exit 1
+}
+
+TEMP="$(getopt -n "$PROG" -o b:r:t: -l help,latest,push,skip-build,dry-run,prefix:: -- "$@")" || show_usage ""
+
+eval set -- "$TEMP"
+
+branch='sisyphus'
+registry='registry.altlinux.org'
+task_id=
+latest=
+push=
+skip_build=
+dry_run=
+prefix=
+while :; do
+	case "$1" in
+		--) shift; break ;;
+		-b) shift; branch="$1" ;;
+		-r) shift; registry="$1" ;;
+		-t) shift; task_id="$1" ;;
+		--latest) latest="1" ;;
+		--push) push="1" ;;
+		--skip-build) skip_build="1" ;;
+		--dry-run) dry_run="1" ;;
+		--prefix) shift; prefix="$1" ;;
+		-h|--help) show_help ;;
+		*) show_usage "unrecognized option: $1" ;;
+	esac
+	shift
+done
+
+[ "$#" -ge 2 ] || show_usage "not enough arguments"
+
+image="$1"
+package="$2"
+
+declare -A package_urls
+package_urls["c10f2"]="http://update.altsp.su/pub/distributions/ALTLinux/c10f2/branch/files/x86_64/RPMS/"
+package_urls["p10"]="http://ftp.altlinux.org/pub/distributions/archive/p10/release/latest/files/x86_64/RPMS/"
+package_urls["sisyphus"]="http://ftp.altlinux.org/pub/distributions/archive/sisyphus/latest/files/x86_64/RPMS/"
+
+function handle_error() {
+	echo "$PROG: $1" >&2
+	exit 2
+}
+
+function get_binary_package_version() {
+	local branch="$1"
+	local package="$2"
+
+	local line;
+	line="$(curl -s "${package_urls["$branch"]}" | grep "$package")"
+	[ "$?" -eq 0 ] || handle_error "package not found: $package"
+
+	local version;
+	version="$(echo "$line" | sed -E "s/.*href=\"$package-(.+)-.+\".+/\1/")"
+	[ "$?" -eq 0 ] || handle_error "package version not found: $package"
+
+	echo "$version"
+}
+
+function api_get_source_package_version() {
+	local branch="$1"
+	local package="$2"
+
+	local version;
+	version="$(curl -s "https://rdb.altlinux.org/api/site/package_versions_from_tasks?branch=$branch&name=$package" | jq -e -r '.versions[0].version')"
+	[ "$?" -eq 0 ] || handle_error "error getting package version: no package $package for branch $branch"
+
+	echo "$version"
+}
+
+function api_get_source_package_version_from_task() {
+	local task_id="$1"
+	local package="$2"
+
+	local version;
+	version="$(curl -s "https://rdb.altlinux.org/api/task/packages/$task_id" | jq -e -r --arg package "$package" '.subtasks[].source | select(.name == $package).version')"
+	[ "$?" -eq 0 ] || handle_error "error getting package version: no package $package in task $task_id"
+
+	echo "$version"
+}
+
+function string_count() {
+	local substring="$1"
+	awk -F"$substring" '{ print NF-1 }'
+}
+
+case "$image" in
+	'etcd' | \
+	'flannel' | \
+	'flannel-cni-plugin' | \
+	'pause' | \
+	'cert-manager-acmesolver' | \
+	'cert-manager-cainjector' | \
+	'cert-manager-controller' | \
+	'cert-manager-startupapicheck' | \
+	'cert-manager-webhook')
+		image="k8s/$image"
+
+		version=
+		additional_options=
+
+		if [ -n "$task_id" ]; then
+			version="$(api_get_source_package_version_from_task "$task_id" "$package")"
+			[ "$?" -eq 0 ] || handle_error "error getting remote rpm package version: $package, task: $task_id"
+
+			tasks_file='/tmp/k8s-tasks.toml'
+			jq --null-input --arg branch "$branch" --arg task_id "$task_id" --arg image "$image" '{
+				$branch: {$task_id: [$image]},
+			}' | dasel -r json -w toml > "$tasks_file"
+
+			additional_options+="--tasks $tasks_file "
+		else
+			version="$(api_get_source_package_version "$branch" "$package")"
+			[ "$?" -eq 0 ] || handle_error "error getting remote rpm package version: $package, branch: $branch"
+		fi
+
+		tags_file="/tmp/k8s-tags.toml"
+		case "$image" in
+			'k8s/flannel-cni-plugin')
+				num_dots="$(echo "$version" | string_count '.')"
+				if [ "$num_dots" -eq 2 ]; then
+					jq --null-input --arg image "$image" --arg branch "$branch" --arg version "v$version-flannel1" '{
+						$image: {$branch: [$version]},
+					}' | dasel -r json -w toml > "$tags_file"
+				elif [ "$num_dots" -eq 3 ]; then
+					# up to the last number in version
+					flannel_version="${version%.*}"
+					# the last number in version
+					flannel_release="${version##*.}"
+					jq --null-input --arg image "$image" --arg branch "$branch" --arg version "v$flannel_version-flannel$flannel_release" '{
+						$image: {$branch: [$version]},
+					}' | dasel -r json -w toml > "$tags_file"
+				else
+					handle_error "wrong version for package $package: $version"
+				fi
+				;;
+			'k8s/etcd')
+				jq --null-input --arg image "$image" --arg branch "$branch" --arg version "$version-0" '{
+					$image: {$branch: [$version]},
+				}' | dasel -r json -w toml > "$tags_file"
+				;;
+			'k8s/pause')
+				jq --null-input --arg image "$image" --arg branch "$branch" --arg version "$version" '{
+					$image: {$branch: [$version]},
+				}' | dasel -r json -w toml > "$tags_file"
+				;;
+			*)
+				jq --null-input --arg image "$image" --arg branch "$branch" --arg version "v$version" '{
+					$image: {$branch: [$version]},
+				}' | dasel -r json -w toml > "$tags_file"
+				;;
+		esac
+
+		if [ -n "$latest" ]; then
+			additional_options+="--latest $branch "
+		fi
+
+		if [ -z "$push" ]; then
+			additional_options+='--skip-stages push '
+		elif [ -n "$skip_build" ]; then
+			additional_options+='--stages push '
+		fi
+
+		if [ -n "$dry_run" ]; then
+			additional_options+='--dry-run '
+		fi
+
+		./build.py \
+			--branch "$branch" \
+			--registry "$registry" \
+			--overwrite-organization "$prefix" \
+			--images "$image" \
+			--tags "$tags_file" \
+			$additional_options
+		;;
+	'coredns')
+		image="k8s/$image"
+
+		version=
+		additional_options=
+
+		if [ -n "$task_id" ]; then
+			version="$(api_get_source_package_version_from_task "$task_id" "$package")"
+			[ "$?" -eq 0 ] || handle_error "error getting remote rpm package version: $package, task: $task_id"
+
+			tasks_file='/tmp/k8s-tasks.toml'
+			jq --null-input --arg branch "$branch" --arg task_id "$task_id" --arg image "$image" '{
+				$branch: {$task_id: [$image]},
+			}' | dasel -r json -w toml > "$tasks_file"
+
+			additional_options+="--tasks $tasks_file "
+		else
+			version="$(api_get_source_package_version "$branch" "$package")"
+			[ "$?" -eq 0 ] || handle_error "error getting remote rpm package version: $package, branch: $branch"
+		fi
+
+		# if binary package
+		#version_str="$(echo "$package" | sed -E 's/kubernetes(.+)-.+/\1/')"
+		#[ "$?" -eq 0 ] || handle_error "error getting specified rpm package version: $package"
+
+		# if source package
+		version_str="$(echo "$package" | sed -E 's/coredns(.+)/\1/')"
+		[ "$?" -eq 0 ] || handle_error "error getting specified rpm package version: $package"
+
+		tags_file="/tmp/k8s-tags.toml"
+		jq --null-input --arg image "$image" --arg branch "$branch" --arg version "v$version" '{
+			$image: {$branch: [$version]},
+		}' | dasel -r json -w toml > "$tags_file"
+
+		if [ -n "$latest" ]; then
+			additional_options+="--latest $branch "
+		fi
+
+		if [ -z "$push" ]; then
+			additional_options+="--skip-stages push "
+		elif [ -n "$skip_build" ]; then
+			additional_options+="--stages push "
+		fi
+
+		if [ -n "$dry_run" ]; then
+			additional_options+="--dry-run "
+		fi
+
+		./build.py \
+			--branch "$branch" \
+			--registry "$registry" \
+			--overwrite-organization "$prefix" \
+			--images "$image" \
+			--tags "$tags_file" \
+			--package-version "$version_str" \
+			$additional_options
+		;;
+	'kube-apiserver' | 'kube-controller-manager' | 'kube-scheduler' | 'kube-proxy')
+		image="k8s/$image"
+
+		version=
+		additional_options=
+
+		if [ -n "$task_id" ]; then
+			version="$(api_get_source_package_version_from_task "$task_id" "$package")"
+			[ "$?" -eq 0 ] || handle_error "error getting remote rpm package version: $package, task: $task_id"
+
+			tasks_file='/tmp/k8s-tasks.toml'
+			jq --null-input --arg branch "$branch" --arg task_id "$task_id" --arg image "$image" '{
+				$branch: {$task_id: [$image]},
+			}' | dasel -r json -w toml > "$tasks_file"
+
+			additional_options+="--tasks $tasks_file "
+		else
+			version="$(api_get_source_package_version "$branch" "$package")"
+			[ "$?" -eq 0 ] || handle_error "error getting remote rpm package version: $package, branch: $branch"
+		fi
+
+		# if binary package
+		#version_str="$(echo "$package" | sed -E 's/kubernetes(.+)-.+/\1/')"
+		#[ "$?" -eq 0 ] || handle_error "error getting specified rpm package version: $package"
+
+		# if source package
+		version_str="$(echo "$package" | sed -E 's/kubernetes(.+)/\1/')"
+		[ "$?" -eq 0 ] || handle_error "error getting specified rpm package version: $package"
+
+		tags_file="/tmp/k8s-tags.toml"
+		jq --null-input --arg image "$image" --arg branch "$branch" --arg version "v$version" '{
+			$image: {$branch: [$version]},
+		}' | dasel -r json -w toml > "$tags_file"
+
+		if [ -n "$latest" ]; then
+			additional_options+="--latest $branch "
+		fi
+
+		if [ -z "$push" ]; then
+			additional_options+="--skip-stages push "
+		elif [ -n "$skip_build" ]; then
+			additional_options+="--stages push "
+		fi
+
+		if [ -n "$dry_run" ]; then
+			additional_options+="--dry-run "
+		fi
+
+		./build.py \
+			--branch "$branch" \
+			--registry "$registry" \
+			--overwrite-organization "$prefix" \
+			--images "$image" \
+			--tags "$tags_file" \
+			--package-version "$version_str" \
+			$additional_options
+		;;
+esac

images-info.toml

@@ -1,65 +1,8 @@
 ["alt/buildpack-deps"]
 skip-branches = [ "p9" ]
 
-["alt/distroless-base"]
-skip-branches = [ "p9" ]
+["alt/openjdk21"]
+skip-arches = [ "386" ]
 
-["alt/distroless-builder"]
-skip-branches = [ "p9" ]
-
-["alt/distroless-devel"]
-skip-branches = [ "p9" ]
-
-["alt/distroless-gotop"]
-skip-branches = [ "p9" ]
-
-["alt/distroless-static"]
-skip-branches = [ "p9" ]
-
-["alt/distroless-true"]
-skip-branches = [ "p9" ]
-
-["alt/gitea"]
-skip-branches = [ "p9" ]
-
-["alt/node"]
-skip-branches = [ "p9" ]
-
-["alt/unit"]
-skip-branches = [ "p9" ]
-
-["alt/prometheus"]
-skip-branches = [ "p9" ]
-
-["alt/registry"]
-skip-branches = [ "p9" ]
-
-["k8s/cert-manager-cainjector"]
-skip-branches = [ "p9" ]
-
-["k8s/cert-manager-controller"]
-skip-branches = [ "p9" ]
-
-["k8s/cert-manager-webhook"]
-skip-branches = [ "p9" ]
-
-["k8s/coredns"]
-skip-branches = [ "p9" ]
-
-["k8s/etcd"]
-skip-branches = [ "p9" ]
-
-["k8s/kube-apiserver"]
-skip-branches = [ "p9" ]
-
-["k8s/kube-controller-manager"]
-skip-branches = [ "p9" ]
-
-["k8s/kube-proxy"]
-skip-branches = [ "p9" ]
-
-["k8s/kube-scheduler"]
-skip-branches = [ "p9" ]
-
-["k8s/pause"]
-skip-branches = [ "p9" ]
+["alt/ansible"]
+skip-arches = [ "c10f2", "c10f1" ]

org/alt/ansible/Dockerfile.template

@@ -0,0 +1,17 @@
+FROM {{ registry }}{{ organization }}/node:{{ branch }}
+
+MAINTAINER alt-cloud
+
+LABEL org.opencontainers.image.title="ansible"
+LABEL org.opencontainers.image.description="A radically simple IT automation system"
+LABEL org.opencontainers.image.source="http://www.ansible.com"
+LABEL org.opencontainers.image.licenses="GPL-3.0"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"
+
+{{ install_packages(
+        "ansible-vim",
+        "ansible-core",
+        "ansible-lint"
+) }}
+
+WORKDIR /etc/ansible/playbooks

org/alt/ansible/test

@@ -0,0 +1 @@
+ansible --version

org/alt/distroless-base/distroless.toml

@@ -4,8 +4,8 @@ builder-install-packages = [
     '{{if_branches(["p10"], "glibc-nss")}}',
     "glibc-timezones",
     "libselinux",
-    '{{if_branches(["p9", "p10"], "libssl1.1")}}',
-    '{{if_branches(["sisyphus"], "libssl1.1")}}',
+    '{{if_branches(["p10"], "libssl1.1")}}',
+    '{{if_branches(["p11"], "libssl3")}}',
     '{{if_branches(["sisyphus"], "libssl3")}}',
     "tzdata",
     "zlib",

org/alt/golang/Dockerfile.template

@@ -0,0 +1,11 @@
+FROM {{ registry }}{{ organization }}/base:{{ branch }}
+
+MAINTAINER alt-cloud
+
+LABEL org.opencontainers.image.title="golang"
+LABEL org.opencontainers.image.description="The Golang environment for development"
+LABEL org.opencontainers.image.source="https://github.com/golang/go"
+LABEL org.opencontainers.image.licenses="BSD"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"
+
+{{ install_packages("golang") }}

org/alt/golang/test

@@ -0,0 +1 @@
+go version

org/alt/grafana/Dockerfile.template

@@ -0,0 +1,22 @@
+FROM {{ registry }}{{ alt_image }}:{{ branch }}
+
+MAINTAINER alt-cloud
+
+LABEL org.opencontainers.image.title="grafana"
+LABEL org.opencontainers.image.description="Metrics dashboard and graph editor"
+LABEL org.opencontainers.image.source="https://github.com/grafana/grafana"
+LABEL org.opencontainers.image.licenses="AGPL-3.0-only AND Apache-2.0"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"
+
+{{ install_packages("grafana") }}
+
+USER grafana
+EXPOSE 3000
+VOLUME ["/var/lib/grafana"]
+
+ENV GF_PATHS_PROVISIONING=/etc/grafana/provisioning
+ENV GF_AUTH_ANONYMOUS_ENABLED=true
+ENV GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
+
+ENTRYPOINT [ "/usr/bin/grafana" ]
+CMD [ "server", "--config=/etc/grafana/grafana.ini", "--homepath=/usr/share/grafana", "--packaging=docker", "-configOverrides='cfg:default.paths.provisioning=/etc/grafana/provisioning cfg:default.paths.data=/var/lib/grafana cfg:default.paths.logs=/var/log/grafana cfg:default.paths.plugins=/var/lib/grafana/plugins'" ]

org/alt/grafana/README.md

@@ -0,0 +1,6 @@
+# Prometheus image
+
+Command for run:
+```
+docker run -d --name="grafana" -p 3000:3000 -v grafana-data:/var/lib/grafana IMAGENAME
+```

org/alt/grafana/test

@@ -0,0 +1 @@
+grafana --version

org/alt/loki/Dockerfile.template

@@ -0,0 +1,19 @@
+FROM {{ registry }}{{ alt_image }}:{{ branch }}
+
+MAINTAINER alt-cloud
+
+LABEL org.opencontainers.image.title="loki"
+LABEL org.opencontainers.image.description="Like Prometheus, but for logs"
+LABEL org.opencontainers.image.source="https://github.com/grafana/loki"
+LABEL org.opencontainers.image.licenses="Apache-2.0"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"
+
+{{ install_packages("loki") }}
+
+USER _loki:_loki
+
+VOLUME ["/var/lib/loki", "/etc/loki/loki.yml"]
+EXPOSE 3100
+
+ENTRYPOINT ["/usr/bin/loki"]
+CMD ["-config.file=/etc/loki/loki.yaml"]

org/alt/loki/README.md

@@ -0,0 +1,6 @@
+# Prometheus image
+
+Command for run:
+```
+docker run -d --name="loki" -p 3100:3100 -v loki-data:/var/lib/loki -v loki-config:/etc/loki/loki.yaml IMAGENAME
+```

org/alt/loki/test

@@ -0,0 +1 @@
+loki -version -config.file=/etc/loki/loki.yaml

org/alt/openjdk21/Dockerfile.template

@@ -0,0 +1,14 @@
+FROM {{ registry }}{{ organization }}/base:{{ branch }}
+
+MAINTAINER alt-cloud
+
+LABEL org.opencontainers.image.title="openjdk21"
+LABEL org.opencontainers.image.description="OpenJDK 21 Runtime Environment"
+LABEL org.opencontainers.image.source="https://openjdk-sources.osci.io"
+LABEL org.opencontainers.image.licenses="Apache-1.1 and Apache-2.0 and BSD and BSD with advertising and GPL-2.0 and GPL-2.0 with exceptions and IJG and LGPL-2.0+ and MIT and MPL-2.0 and ALT-Public-Domain and W3C and Zlib and ISC and FTL and RSA-MD"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"
+
+{{ install_packages(
+    "java-21-openjdk",
+    "java-21-openjdk-devel"
+) }}

org/alt/openjdk21/test

@@ -0,0 +1 @@
+javac --version && java --version

org/alt/php/Dockerfile.template

@@ -0,0 +1,14 @@
+FROM {{ registry }}{{ organization }}/base:{{ branch }}
+
+MAINTAINER alt-cloud
+
+LABEL org.opencontainers.image.title="php"
+LABEL org.opencontainers.image.description="The PHP language environment for development"
+LABEL org.opencontainers.image.source="https://github.com/php/php-src"
+LABEL org.opencontainers.image.licenses="PHP-3.01"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"
+
+{{ install_packages(
+"php8.2",
+"php8.2-xdebug",
+) }}

org/alt/php/test

@@ -0,0 +1 @@
+php --version

org/alt/postgresql/Dockerfile.template

@@ -0,0 +1,20 @@
+FROM {{ registry }}{{ organization }}/base:{{ branch }}
+
+MAINTAINER alt-cloud
+ 
+LABEL org.opencontainers.image.title="postgresql16"
+LABEL org.opencontainers.image.description="PostgreSQL rograms and libraries"
+LABEL org.opencontainers.image.source="https://github.com/postgres/postgres"
+LABEL org.opencontainers.image.licenses="PostgreSQL"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"
+                                
+{{ install_packages("postgresql16","postgresql16-server") }}
+
+RUN usermod -a -G postgres postgres
+RUN chown -R postgres:postgres /var/lib/pgsql
+
+USER postgres
+WORKDIR /var/lib/pgsql
+EXPOSE 5432
+VOLUME [ "/var/lib/pgsql/data" ]
+

org/alt/postgresql/README.md

@@ -0,0 +1,16 @@
+dockerfiles-alt-postgresql
+==========================
+
+ALT dockerfile for postgresql.
+
+Copy Dockerfile somewhere and build the image:
+`$ docker build --rm -t <username>/postgresql .`
+
+And launch the rabbitmq-server container:
+`docker run -d -p 5432:5432 --name="postgresql" -v pgsql-data:/var/lib/pgsql/data IMAGENAME`
+
+First steps to start service and create db:
+`/usr/bin/initdb /var/lib/pgsql/data`
+`/usr/bin/pg_ctl -D /var/lib/pgsql/data -l logfile start`
+`/usr/bin/createdb mydb`
+`psql mydb`

org/alt/postgresql/test

@@ -0,0 +1 @@
+pg_ctl --version

org/alt/prometheus-alertmanager/Dockerfile.template

@@ -0,0 +1,20 @@
+FROM {{ registry }}{{ alt_image }}:{{ branch }}
+
+MAINTAINER alt-cloud
+
+LABEL org.opencontainers.image.title="alertmanager"
+LABEL org.opencontainers.image.description="The Alertmanager handles alerts sent by client applications"
+LABEL org.opencontainers.image.source="https://github.com/prometheus/alertmanager"
+LABEL org.opencontainers.image.licenses="Apache-2.0"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"
+
+{{ install_packages("prometheus-alertmanager") }}
+
+WORKDIR /var/lib/prometheus/alertmanager
+RUN useradd -r -u 10001 alertmanager
+RUN usermod -a -G prometheus alertmanager
+USER alertmanager
+EXPOSE     9093
+VOLUME     [ "/var/lib/prometheus/alertmanager" ]
+ENTRYPOINT [ "/usr/bin/prometheus/alertmanager" ]
+CMD [ "--config.file=/etc/prometheus/alertmanager.yml" ]

org/alt/prometheus-alertmanager/README.md

@@ -0,0 +1,11 @@
+# Prometheus alertmanager image
+
+Command for run:
+```
+docker run -d --name="alertmanager" -p 9093:9093 -v promdata-am:/var/lib/prometheus/alertmanager IMAGENAME
+```
+
+*If you want to be able to view services on localhost, instead of -p, specify the flag:
+```
+--network="host"
+```

org/alt/prometheus-alertmanager/test

@@ -0,0 +1 @@
+alertmanager --version

org/alt/prometheus-node_exporter/Dockerfile.template

@@ -0,0 +1,19 @@
+FROM {{ registry }}{{ alt_image }}:{{ branch }}
+
+MAINTAINER alt-cloud
+
+LABEL org.opencontainers.image.title="prometheus-node_exporter"
+LABEL org.opencontainers.image.description="Prometheus exporter for hardware and OS metrics exposed by *NIX kernels"
+LABEL org.opencontainers.image.source="https://github.com/prometheus/node_exporter"
+LABEL org.opencontainers.image.licenses="Apache-2.0"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"
+
+{{ install_packages("prometheus-node_exporter") }}
+
+WORKDIR /var/lib/prometheus/node-exporter
+RUN useradd -r -u 10001 node_exporter
+RUN usermod -a -G prometheus node_exporter
+USER node_exporter
+EXPOSE 9100
+VOLUME [ "/var/lib/prometheus/node-exporter" ]
+ENTRYPOINT [ "/usr/bin/prometheus-node_exporter" ]

org/alt/prometheus-node_exporter/README.md

@@ -0,0 +1,11 @@
+# Prometheus node_exporter image
+
+Command for run:
+```
+docker run -d --name="prometheus-node_exporter" -p 9100:9100 -v promdata-ne:/var/lib/prometheus/node-exporter IMAGENAME
+```
+
+*If you want to be able to view services on localhost, instead of -p, specify the flag:
+```
+--network="host"
+```

org/alt/prometheus-node_exporter/test

@@ -0,0 +1 @@
+node_exporter --version

org/alt/prometheus/Dockerfile.template

@@ -14,4 +14,5 @@ WORKDIR /var/lib/prometheus
 USER prometheus
 EXPOSE     9090
 VOLUME     [ "/var/lib/prometheus" ]
-ENTRYPOINT [ "/usr/bin/prometheus", "--config.file=/etc/prometheus/prometheus.yml"]
+ENTRYPOINT [ "/usr/bin/prometheus" ]
+CMD [ "--config.file=/etc/prometheus/prometheus.yml" ]

org/alt/python2/Dockerfile.template

@@ -0,0 +1,17 @@
+FROM {{ registry }}{{ organization }}/base:{{ branch }}
+
+MAINTAINER alt-cloud
+ 
+LABEL org.opencontainers.image.title="python"
+LABEL org.opencontainers.image.description="Python 2 and tools needed for development"
+LABEL org.opencontainers.image.source="https://www.python.org/downloads/source"
+LABEL org.opencontainers.image.licenses="Python-2.0"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"
+
+{{ install_packages(
+    "python-module-setuptools", 
+    "python-dev", 
+    "gcc",
+) }}
+
+CMD ["python2"] 

org/alt/python2/README.md

@@ -0,0 +1,13 @@
+dockerfiles-alt-python
+=======================
+
+ALT dockerfile for python.
+
+Image contains python(2) and tools to get upstream python modules. Main purpose
+of the image is to run python apps using upstream modules.
+
+Copy Dockerfile somewhere and build the image:
+`$ docker build --rm -t <image_name> .`
+
+And launch the python container:
+`docker run -it <image_name>`

org/alt/python2/test

@@ -0,0 +1 @@
+python2 --version

org/alt/rabbitmq/Dockerfile.template

@@ -0,0 +1,19 @@
+FROM {{ registry }}{{ organization }}/base:{{ branch }}
+
+MAINTAINER alt-cloud
+ 
+LABEL org.opencontainers.image.title="rabbitmq"
+LABEL org.opencontainers.image.description="The RabbitMQ server"
+LABEL org.opencontainers.image.source="https://github.com/rabbitmq/rabbitmq-server"
+LABEL org.opencontainers.image.licenses="MPL-1.1"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"
+                                
+{{ install_packages("rabbitmq-server") }}
+
+USER rabbitmq
+WORKDIR /var/lib/rabbitmq
+EXPOSE 5672 25672
+VOLUME [ "/var/lib/rabbitmq", "/etc/rabbitmq" ]
+
+ENTRYPOINT [ "/usr/sbin/rabbitmq-server" ]
+CMD ["start", "rabbitmq"]

org/alt/rabbitmq/README.md

@@ -0,0 +1,18 @@
+dockerfiles-alt-rabbitmq
+========================
+
+ALT dockerfile for rabbitmq.
+
+Copy Dockerfile somewhere and build the image:
+`$ docker build --rm -t <username>/rabbitmq .`
+
+And launch the rabbitmq-server container:
+`docker run -d -p 5672:5672 --name="rabbitmq" -v rabbit-data:/var/lib/rabbitmq -v rabbit-conf:/etc/rabbitmq IMAGENAME`
+
+With mounting /etc/rabbitmq/rabbitmq-env.conf could be change settings of rabbitmq-server.
+
+It could be test via:
+`curl localhost:5672`
+
+For starting app:
+`rabbitmqctl start_app`

org/alt/rabbitmq/test

@@ -0,0 +1 @@
+rabbitmqctl version

org/k8s/cert-manager-acmesolver/Dockerfile.template

@@ -0,0 +1,17 @@
+FROM {{ registry }}{{ alt_image }}:{{ branch }}
+
+MAINTAINER alt-cloud
+
+LABEL org.opencontainers.image.title="cert-manager-acmesolver"
+LABEL org.opencontainers.image.description="HTTP server used to solve ACME challenges."
+LABEL org.opencontainers.image.source="https://github.com/cert-manager/cert-manager"
+LABEL org.opencontainers.image.licenses="Apache-2.0"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"
+
+{{ install_packages("cert-manager") }}
+
+RUN groupadd -r -g 1000 cert-manger && useradd --no-log-init -r -u 1000 -g cert-manger cert-manger
+
+USER 1000
+
+ENTRYPOINT ["/usr/bin/acmesolver"]

org/k8s/cert-manager-acmesolver/test

@@ -0,0 +1 @@
+acmesolver --help

org/k8s/cert-manager-cainjector/Dockerfile.template

@@ -3,7 +3,7 @@ FROM {{ registry }}{{ alt_image }}:{{ branch }}
 MAINTAINER alt-cloud
 
 LABEL org.opencontainers.image.title="cert-manager-cainjector"
-LABEL org.opencontainers.image.description="Cainjector component for automatic provisioning and managing TLS certificates in Kubernetes"
+LABEL org.opencontainers.image.description="cert-manager CA injector is a Kubernetes addon to automate the injection of CA data into webhooks and APIServices from cert-manager certificates."
 LABEL org.opencontainers.image.source="https://github.com/cert-manager/cert-manager"
 LABEL org.opencontainers.image.licenses="Apache-2.0"
 LABEL org.opencontainers.image.vendor="ALT Linux Team"

org/k8s/cert-manager-controller/Dockerfile.template

@@ -3,7 +3,7 @@ FROM {{ registry }}{{ alt_image }}:{{ branch }}
 MAINTAINER alt-cloud
 
 LABEL org.opencontainers.image.title="cert-manager-controller"
-LABEL org.opencontainers.image.description="Controller component for automatic provisioning and managing TLS certificates in Kubernetes"
+LABEL org.opencontainers.image.description="Automatically provision and manage TLS certificates in Kubernetes."
 LABEL org.opencontainers.image.source="https://github.com/cert-manager/cert-manager"
 LABEL org.opencontainers.image.licenses="Apache-2.0"
 LABEL org.opencontainers.image.vendor="ALT Linux Team"

org/k8s/cert-manager-startupapicheck/Dockerfile.template

@@ -0,0 +1,17 @@
+FROM {{ registry }}{{ alt_image }}:{{ branch }}
+
+MAINTAINER alt-cloud
+
+LABEL org.opencontainers.image.title="cert-manager-startupapicheck"
+LABEL org.opencontainers.image.description="Check that cert-manager started successfully."
+LABEL org.opencontainers.image.source="https://github.com/cert-manager/cert-manager"
+LABEL org.opencontainers.image.licenses="Apache-2.0"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"
+
+{{ install_packages("cert-manager") }}
+
+RUN groupadd -r -g 1000 cert-manger && useradd --no-log-init -r -u 1000 -g cert-manger cert-manger
+
+USER 1000
+
+ENTRYPOINT ["/usr/bin/startupapicheck"]

org/k8s/cert-manager-startupapicheck/test

@@ -0,0 +1 @@
+startupapicheck --help

org/k8s/cert-manager-webhook/Dockerfile.template

@@ -3,7 +3,7 @@ FROM {{ registry }}{{ alt_image }}:{{ branch }}
 MAINTAINER alt-cloud
 
 LABEL org.opencontainers.image.title="cert-manager-webhook"
-LABEL org.opencontainers.image.description="Webhook component for automatic provisioning and managing TLS certificates in Kubernetes"
+LABEL org.opencontainers.image.description="The webhook component provides API validation, mutation and conversion functionality for cert-manager."
 LABEL org.opencontainers.image.source="https://github.com/cert-manager/cert-manager"
 LABEL org.opencontainers.image.licenses="Apache-2.0"
 LABEL org.opencontainers.image.vendor="ALT Linux Team"

org/k8s/coredns/Dockerfile.template

@@ -8,6 +8,8 @@ LABEL org.opencontainers.image.source="https://github.com/coredns/coredns"
 LABEL org.opencontainers.image.licenses="Apache-2.0"
 LABEL org.opencontainers.image.vendor="ALT Linux Team"
 
-{{ install_packages("coredns") }}
+ARG PKG_VERSION
+
+{{ install_packages("coredns${PKG_VERSION}") }}
 
 ENTRYPOINT ["/usr/bin/coredns"]

org/k8s/kube-apiserver/Dockerfile.template

@@ -8,6 +8,8 @@ LABEL org.opencontainers.image.source="https://github.com/kubernetes/kubernetes"
 LABEL org.opencontainers.image.licenses="Apache-2.0"
 LABEL org.opencontainers.image.vendor="ALT Linux Team"
 
-{{ install_packages("kubernetes-master") }}
+ARG PKG_VERSION
+
+{{ install_packages("kubernetes${PKG_VERSION}-master") }}
 
 ENTRYPOINT ["/usr/bin/kube-apiserver"]

org/k8s/kube-controller-manager/Dockerfile.template

@@ -8,6 +8,8 @@ LABEL org.opencontainers.image.source="https://github.com/kubernetes/kubernetes"
 LABEL org.opencontainers.image.licenses="Apache-2.0"
 LABEL org.opencontainers.image.vendor="ALT Linux Team"
 
-{{ install_packages("kubernetes-master") }}
+ARG PKG_VERSION
+
+{{ install_packages("kubernetes${PKG_VERSION}-master") }}
 
 ENTRYPOINT ["/usr/bin/kube-controller-manager"]

org/k8s/kube-proxy/Dockerfile.template

@@ -8,7 +8,9 @@ LABEL org.opencontainers.image.source="https://github.com/kubernetes/kubernetes"
 LABEL org.opencontainers.image.licenses="Apache-2.0"
 LABEL org.opencontainers.image.vendor="ALT Linux Team"
 
-{{ install_packages("kubernetes-node") }}
+ARG PKG_VERSION
+
+{{ install_packages("kubernetes${PKG_VERSION}-node") }}
 
 RUN ln -s /usr/bin/kube-proxy /usr/local/bin/kube-proxy
 

org/k8s/kube-scheduler/Dockerfile.template

@@ -8,6 +8,8 @@ LABEL org.opencontainers.image.source="https://github.com/kubernetes/kubernetes"
 LABEL org.opencontainers.image.licenses="Apache-2.0"
 LABEL org.opencontainers.image.vendor="ALT Linux Team"
 
-{{ install_packages("kubernetes-master") }}
+ARG PKG_VERSION
+
+{{ install_packages("kubernetes${PKG_VERSION}-master") }}
 
 ENTRYPOINT ["/usr/bin/kube-scheduler"]

scripts/build-k8s-c10f2.sh

@@ -0,0 +1,46 @@
+#!/bin/sh
+
+set -eu
+
+registry='registry.altlinux.org'
+#registry='10.4.4.52:5000'
+task_id=
+
+additional_options=
+if [ -n "$task_id" ]; then
+	additional_options="-t $task_id"
+fi
+
+./image-build -b c10f2 -r "$registry" $additional_options --prefix=k8s-c10f2 kube-apiserver kubernetes1.28
+./image-build -b c10f2 -r "$registry" $additional_options --prefix=k8s-c10f2 kube-controller-manager kubernetes1.28
+./image-build -b c10f2 -r "$registry" $additional_options --prefix=k8s-c10f2 kube-scheduler kubernetes1.28
+./image-build -b c10f2 -r "$registry" $additional_options --prefix=k8s-c10f2 kube-proxy kubernetes1.28
+
+./image-build -b c10f2 -r "$registry" $additional_options --prefix=k8s-c10f2 kube-apiserver kubernetes1.29
+./image-build -b c10f2 -r "$registry" $additional_options --prefix=k8s-c10f2 kube-controller-manager kubernetes1.29
+./image-build -b c10f2 -r "$registry" $additional_options --prefix=k8s-c10f2 kube-scheduler kubernetes1.29
+./image-build -b c10f2 -r "$registry" $additional_options --prefix=k8s-c10f2 kube-proxy kubernetes1.29
+
+./image-build -b c10f2 -r "$registry" $additional_options --prefix=k8s-c10f2 kube-apiserver kubernetes1.30
+./image-build -b c10f2 -r "$registry" $additional_options --prefix=k8s-c10f2 kube-controller-manager kubernetes1.30
+./image-build -b c10f2 -r "$registry" $additional_options --prefix=k8s-c10f2 kube-scheduler kubernetes1.30
+./image-build -b c10f2 -r "$registry" $additional_options --prefix=k8s-c10f2 kube-proxy kubernetes1.30
+
+./image-build --latest -b c10f2 -r "$registry" $additional_options --prefix=k8s-c10f2 kube-apiserver kubernetes1.31
+./image-build --latest -b c10f2 -r "$registry" $additional_options --prefix=k8s-c10f2 kube-controller-manager kubernetes1.31
+./image-build --latest -b c10f2 -r "$registry" $additional_options --prefix=k8s-c10f2 kube-scheduler kubernetes1.31
+./image-build --latest -b c10f2 -r "$registry" $additional_options --prefix=k8s-c10f2 kube-proxy kubernetes1.31
+
+./image-build --latest -b c10f2 -r "$registry" $additional_options --prefix=k8s-c10f2 etcd etcd
+./image-build -b c10f2 -r "$registry" $additional_options --prefix=k8s-c10f2 coredns coredns1.11.1
+./image-build --latest -b c10f2 -r "$registry" $additional_options --prefix=k8s-c10f2 coredns coredns1.11.3
+./image-build --latest -b c10f2 -r "$registry" $additional_options --prefix=k8s-c10f2 pause kubernetes-pause
+
+#./image-build --latest -b c10f2 -r "$registry" $additional_options --prefix=k8s-c10f2 flannel flannel
+#./image-build --latest -b c10f2 -r "$registry" $additional_options --prefix=k8s-c10f2 flannel-cni-plugin cni-plugin-flannel
+
+#./image-build --latest -b c10f2 -r "$registry" $additional_options --prefix=k8s-c10f2 cert-manager-startupapicheck cert-manager
+#./image-build --latest -b c10f2 -r "$registry" $additional_options --prefix=k8s-c10f2 cert-manager-acmesolver cert-manager
+#./image-build --latest -b c10f2 -r "$registry" $additional_options --prefix=k8s-c10f2 cert-manager-cainjector cert-manager
+#./image-build --latest -b c10f2 -r "$registry" $additional_options --prefix=k8s-c10f2 cert-manager-controller cert-manager
+#./image-build --latest -b c10f2 -r "$registry" $additional_options --prefix=k8s-c10f2 cert-manager-webhook cert-manager

scripts/build-k8s-sisyphus.sh

@@ -0,0 +1,44 @@
+#!/bin/sh
+
+set -eu
+
+registry='registry.altlinux.org'
+#registry='10.4.4.52:5000'
+task_id=
+
+additional_options=
+if [ -n "$task_id" ]; then
+	additional_options="-t $task_id"
+fi
+
+./image-build -b sisyphus -r "$registry" $additional_options --prefix=k8s-sisyphus kube-apiserver kubernetes1.28
+./image-build -b sisyphus -r "$registry" $additional_options --prefix=k8s-sisyphus kube-controller-manager kubernetes1.28
+./image-build -b sisyphus -r "$registry" $additional_options --prefix=k8s-sisyphus kube-scheduler kubernetes1.28
+./image-build -b sisyphus -r "$registry" $additional_options --prefix=k8s-sisyphus kube-proxy kubernetes1.28
+
+./image-build -b sisyphus -r "$registry" $additional_options --prefix=k8s-sisyphus kube-apiserver kubernetes1.29
+./image-build -b sisyphus -r "$registry" $additional_options --prefix=k8s-sisyphus kube-controller-manager kubernetes1.29
+./image-build -b sisyphus -r "$registry" $additional_options --prefix=k8s-sisyphus kube-scheduler kubernetes1.29
+./image-build -b sisyphus -r "$registry" $additional_options --prefix=k8s-sisyphus kube-proxy kubernetes1.29
+
+./image-build -b sisyphus -r "$registry" $additional_options --prefix=k8s-sisyphus kube-apiserver kubernetes1.30
+./image-build -b sisyphus -r "$registry" $additional_options --prefix=k8s-sisyphus kube-controller-manager kubernetes1.30
+./image-build -b sisyphus -r "$registry" $additional_options --prefix=k8s-sisyphus kube-scheduler kubernetes1.30
+./image-build -b sisyphus -r "$registry" $additional_options --prefix=k8s-sisyphus kube-proxy kubernetes1.30
+
+./image-build --latest -b sisyphus -r "$registry" $additional_options --prefix=k8s-sisyphus kube-apiserver kubernetes1.31
+./image-build --latest -b sisyphus -r "$registry" $additional_options --prefix=k8s-sisyphus kube-controller-manager kubernetes1.31
+./image-build --latest -b sisyphus -r "$registry" $additional_options --prefix=k8s-sisyphus kube-scheduler kubernetes1.31
+./image-build --latest -b sisyphus -r "$registry" $additional_options --prefix=k8s-sisyphus kube-proxy kubernetes1.31
+
+./image-build --latest -b sisyphus -r "$registry" $additional_options --prefix=k8s-sisyphus etcd etcd
+./image-build --latest -b sisyphus -r "$registry" $additional_options --prefix=k8s-sisyphus coredns coredns1.11.3
+./image-build --latest -b sisyphus -r "$registry" $additional_options --prefix=k8s-sisyphus pause kubernetes-pause
+#./image-build --latest -b sisyphus -r "$registry" $additional_options --prefix=k8s-sisyphus flannel flannel
+#./image-build --latest -b sisyphus -r "$registry" $additional_options --prefix=k8s-sisyphus flannel-cni-plugin cni-plugin-flannel
+
+#./image-build --latest -b sisyphus -r "$registry" $additional_options --prefix=k8s-sisyphus cert-manager-startupapicheck cert-manager
+#./image-build --latest -b sisyphus -r "$registry" $additional_options --prefix=k8s-sisyphus cert-manager-acmesolver cert-manager
+#./image-build --latest -b sisyphus -r "$registry" $additional_options --prefix=k8s-sisyphus cert-manager-cainjector cert-manager
+#./image-build --latest -b sisyphus -r "$registry" $additional_options --prefix=k8s-sisyphus cert-manager-controller cert-manager
+#./image-build --latest -b sisyphus -r "$registry" $additional_options --prefix=k8s-sisyphus cert-manager-webhook cert-manager

scripts/notify.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -xeuo pipefail
+
+command="$1"
+
+function at_err() {
+	mpv -really-quiet /usr/share/sounds/freedesktop/stereo/dialog-error.oga &
+	notify-send -a "$command" "Failed to execute '$command'!"
+}
+
+trap at_err ERR
+
+$command
+
+mpv -really-quiet /usr/share/sounds/freedesktop/stereo/complete.oga &
+notify-send -a "$command" "Done executing '$command'!"

tags.toml

@@ -38,26 +38,36 @@ c10f2 = [ "3.5.9-0" ]
 p10 = [ "v1.10.1" ]
 sisyphus = [ "v1.10.1" ]
 c10f1 = [ "v1.9.3" ]
-c10f2 = [ "v1.9.3" ] 
+c10f2 = [ "v1.9.3" ]
 
 ["k8s/cert-manager-cainjector"]
-p10 = [ "v1.9.1" ]
-sisyphus = [ "v1.11.0" ]
+p10 = [ "v1.14.5" ]
+sisyphus = [ "v1.14.5" ]
 c10f1 = [ "v1.9.1" ]
 c10f2 = [ "v1.9.1" ]
 
 ["k8s/cert-manager-controller"]
-p10 = [ "v1.9.1" ]
-sisyphus = [ "v1.11.0" ]
+p10 = [ "v1.14.5" ]
+sisyphus = [ "v1.14.5" ]
 c10f1 = [ "v1.9.1" ]
 c10f2 = [ "v1.9.1" ]
 
 ["k8s/cert-manager-webhook"]
-p10 = [ "v1.9.1" ]
-sisyphus = [ "v1.11.0" ]
+p10 = [ "v1.14.5" ]
+sisyphus = [ "v1.14.5" ]
 c10f1 = [ "v1.9.1" ]
 c10f2 = [ "v1.9.1" ]
 
+["k8s/cert-manager-acmesolver"]
+p10 = [ "v1.14.5" ]
+sisyphus = [ "v1.14.5" ]
+c10f1 = [ "v1.9.1" ]
+c10f2 = [ "v1.9.1" ]
+
+["k8s/cert-manager-startupapicheck"]
+p10 = [ "v1.14.5" ]
+sisyphus = [ "v1.14.5" ]
+
 ["k8s/flannel"]
 p10 = [ "v0.21.4" ]
 sisyphus = [ "v0.24.2" ]
@@ -66,7 +76,7 @@ c10f2 = [ "v0.21.4" ]
 
 ["k8s/flannel-cni-plugin"]
 p10 = [ "v1.1.2" ]
-sisyphus = [ "v1.2.0" ]
+sisyphus = [ "v1.5.1-flannel1" ]
 c10f1 = [ "v1.1.2" ]
 c10f2 = [ "v1.1.2" ]