Compare commits
13 Commits
0d8851a16a
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
 Lumpiasty
|
8363cfe970 | ||
|
Lumpiasty
|
0fa1df814f | ||
 Renovate
|
77d7cdcd25 | ||
|
Renovate
|
a121513f32 | ||
|
Lumpiasty
|
a396d20a18 | ||
|
Lumpiasty
|
0753c314a9
|
||
|
Renovate
|
cd83a6146f | ||
|
Renovate
|
b96f88680f | ||
|
Lumpiasty
|
8092d27cb9 | ||
|
Lumpiasty
|
5bb34731cb | ||
|
Renovate
|
c191d8dc47 | ||
|
Renovate
|
ad3850b634 | ||
|
Renovate
|
9fc48bac7b |
@@ -29,7 +29,7 @@ when:
|
|||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Get git token from OpenBao
|
- name: Get git token from OpenBao
|
||||||
image: quay.io/openbao/openbao:2.5.4
|
image: quay.io/openbao/openbao:2.5.5
|
||||||
environment:
|
environment:
|
||||||
VAULT_ADDR: https://openbao.lumpiasty.xyz:8200
|
VAULT_ADDR: https://openbao.lumpiasty.xyz:8200
|
||||||
ROLE_ID:
|
ROLE_ID:
|
||||||
@@ -72,7 +72,7 @@ steps:
|
|||||||
- git push "https://woodpecker:$GIT_TOKEN@gitea.lumpiasty.xyz/lumpiasty/mikrotik-tailscale.git" "$TAG"
|
- git push "https://woodpecker:$GIT_TOKEN@gitea.lumpiasty.xyz/lumpiasty/mikrotik-tailscale.git" "$TAG"
|
||||||
- echo "Pushed $TAG"
|
- echo "Pushed $TAG"
|
||||||
- name: Invalidate OpenBao token
|
- name: Invalidate OpenBao token
|
||||||
image: quay.io/openbao/openbao:2.5.4
|
image: quay.io/openbao/openbao:2.5.5
|
||||||
environment:
|
environment:
|
||||||
VAULT_ADDR: https://openbao.lumpiasty.xyz:8200
|
VAULT_ADDR: https://openbao.lumpiasty.xyz:8200
|
||||||
commands:
|
commands:
|
||||||
|
|||||||
@@ -25,7 +25,7 @@ when:
|
|||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Get registry creds from OpenBao
|
- name: Get registry creds from OpenBao
|
||||||
image: quay.io/openbao/openbao:2.5.4
|
image: quay.io/openbao/openbao:2.5.5
|
||||||
environment:
|
environment:
|
||||||
VAULT_ADDR: https://openbao.lumpiasty.xyz:8200
|
VAULT_ADDR: https://openbao.lumpiasty.xyz:8200
|
||||||
ROLE_ID:
|
ROLE_ID:
|
||||||
@@ -57,7 +57,7 @@ steps:
|
|||||||
# Credentials (PLUGIN_USERNAME / PLUGIN_PASSWORD) come from OpenBao.
|
# Credentials (PLUGIN_USERNAME / PLUGIN_PASSWORD) come from OpenBao.
|
||||||
env_file: /woodpecker/registry.env
|
env_file: /woodpecker/registry.env
|
||||||
- name: Invalidate OpenBao token
|
- name: Invalidate OpenBao token
|
||||||
image: quay.io/openbao/openbao:2.5.4
|
image: quay.io/openbao/openbao:2.5.5
|
||||||
environment:
|
environment:
|
||||||
VAULT_ADDR: https://openbao.lumpiasty.xyz:8200
|
VAULT_ADDR: https://openbao.lumpiasty.xyz:8200
|
||||||
commands:
|
commands:
|
||||||
|
|||||||
@@ -30,7 +30,7 @@ skip_clone: true
|
|||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Get renovate token from OpenBao
|
- name: Get renovate token from OpenBao
|
||||||
image: quay.io/openbao/openbao:2.5.4
|
image: quay.io/openbao/openbao:2.5.5
|
||||||
environment:
|
environment:
|
||||||
VAULT_ADDR: https://openbao.lumpiasty.xyz:8200
|
VAULT_ADDR: https://openbao.lumpiasty.xyz:8200
|
||||||
ROLE_ID:
|
ROLE_ID:
|
||||||
@@ -45,8 +45,9 @@ steps:
|
|||||||
- bao kv get -mount secret -field RENOVATE_TOKEN renovate > /woodpecker/renovate_token
|
- bao kv get -mount secret -field RENOVATE_TOKEN renovate > /woodpecker/renovate_token
|
||||||
- bao kv get -mount secret -field GITHUB_COM_TOKEN renovate > /woodpecker/github_com_token
|
- bao kv get -mount secret -field GITHUB_COM_TOKEN renovate > /woodpecker/github_com_token
|
||||||
- name: renovate
|
- name: renovate
|
||||||
|
pull: true
|
||||||
# Renovate's built-in "woodpecker" manager tracks this image automatically.
|
# Renovate's built-in "woodpecker" manager tracks this image automatically.
|
||||||
image: renovate/renovate:43.220.0
|
image: renovate/renovate:43
|
||||||
environment:
|
environment:
|
||||||
# --- platform / target ---
|
# --- platform / target ---
|
||||||
RENOVATE_PLATFORM: gitea
|
RENOVATE_PLATFORM: gitea
|
||||||
@@ -75,7 +76,7 @@ steps:
|
|||||||
- export GITHUB_COM_TOKEN=$(cat /woodpecker/github_com_token)
|
- export GITHUB_COM_TOKEN=$(cat /woodpecker/github_com_token)
|
||||||
- /usr/local/sbin/renovate-entrypoint.sh renovate
|
- /usr/local/sbin/renovate-entrypoint.sh renovate
|
||||||
- name: Invalidate OpenBao token
|
- name: Invalidate OpenBao token
|
||||||
image: quay.io/openbao/openbao:2.5.4
|
image: quay.io/openbao/openbao:2.5.5
|
||||||
environment:
|
environment:
|
||||||
VAULT_ADDR: https://openbao.lumpiasty.xyz:8200
|
VAULT_ADDR: https://openbao.lumpiasty.xyz:8200
|
||||||
commands:
|
commands:
|
||||||
|
|||||||
+3
-3
@@ -1,4 +1,4 @@
|
|||||||
# syntax=docker/dockerfile:1.24.0@sha256:87999aa3d42bdc6bea60565083ee17e86d1f3339802f543c0d03998580f9cb89
|
# syntax=docker/dockerfile:1.25.0@sha256:0adf442eae370b6087e08edc7c50b552d80ddf261576f4ebd6421006b2461f12
|
||||||
# =============================================================================
|
# =============================================================================
|
||||||
# Multi-architecture build
|
# Multi-architecture build
|
||||||
# =============================================================================
|
# =============================================================================
|
||||||
@@ -32,7 +32,7 @@ FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.9.0@sha256:c64defb9ed5a91eacb37f9
|
|||||||
# =============================================================================
|
# =============================================================================
|
||||||
# Stage 1: Build Tailscale combined binary (cross-compiled, runs natively)
|
# Stage 1: Build Tailscale combined binary (cross-compiled, runs natively)
|
||||||
# =============================================================================
|
# =============================================================================
|
||||||
FROM --platform=$BUILDPLATFORM golang:1.26.4-alpine@sha256:f1ddd9fe14fffc091dd98cb4bfa999f32c5fc77d2f2305ea9f0e2595c5437c14 AS builder
|
FROM --platform=$BUILDPLATFORM golang:1.26.4-alpine@sha256:3ad57304ad93bbec8548a0437ad9e06a455660655d9af011d58b993f6f615648 AS builder
|
||||||
|
|
||||||
# renovate: datasource=github-releases depName=tailscale packageName=tailscale/tailscale versioning=semver
|
# renovate: datasource=github-releases depName=tailscale packageName=tailscale/tailscale versioning=semver
|
||||||
ARG TAILSCALE_VERSION=v1.98.5
|
ARG TAILSCALE_VERSION=v1.98.5
|
||||||
@@ -303,7 +303,7 @@ RUN printf '%s\n' \
|
|||||||
# only for this one lightweight probe step (busybox --help per applet), not
|
# only for this one lightweight probe step (busybox --help per applet), not
|
||||||
# for the compile itself. The probe can alternatively be skipped by using
|
# for the compile itself. The probe can alternatively be skipped by using
|
||||||
# a pre-enumerated applet list, but the current approach is simpler.
|
# a pre-enumerated applet list, but the current approach is simpler.
|
||||||
FROM --platform=$BUILDPLATFORM alpine:3.24.0@sha256:a2d49ea686c2adfe3c992e47dc3b5e7fa6e6b5055609400dc2acaeb241c829f4 AS busybox
|
FROM --platform=$BUILDPLATFORM alpine:3.24.1@sha256:28bd5fe8b56d1bd048e5babf5b10710ebe0bae67db86916198a6eec434943f8b AS busybox
|
||||||
|
|
||||||
# Copy xx cross-compilation helpers (xx-clang, xx-apk, xx-info, etc.)
|
# Copy xx cross-compilation helpers (xx-clang, xx-apk, xx-info, etc.)
|
||||||
COPY --from=xx / /
|
COPY --from=xx / /
|
||||||
|
|||||||
Reference in New Issue
Block a user