From c31a0d5b152c9108b6dcd58787b38eb30418ed55 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <tim@siosm.fr>
Date: Tue, 9 Jul 2024 19:56:37 +0200
Subject: [PATCH] toolbox-cloud-cli: Re-add, split from main toolbox

---
 .github/workflows/toolbox-cloud-cli.yml | 81 +++++++++++++++++++++++++
 toolbox-cloud-cli/Containerfile         | 43 +++++++++++++
 toolbox-cloud-cli/README.md             |  1 +
 toolbox-cloud-cli/google-cloud-sdk.repo |  7 +++
 4 files changed, 132 insertions(+)
 create mode 100644 .github/workflows/toolbox-cloud-cli.yml
 create mode 100644 toolbox-cloud-cli/Containerfile
 create mode 100644 toolbox-cloud-cli/README.md
 create mode 100644 toolbox-cloud-cli/google-cloud-sdk.repo

diff --git a/.github/workflows/toolbox-cloud-cli.yml b/.github/workflows/toolbox-cloud-cli.yml
new file mode 100644
index 0000000..5f909aa
--- /dev/null
+++ b/.github/workflows/toolbox-cloud-cli.yml
@@ -0,0 +1,81 @@
+name: "Build toolbox-cloud-cli image"
+
+env:
+  NAME: "toolbox-cloud-cli"
+  REGISTRY: "quay.io/travier"
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'toolbox-cloud-cli/**'
+      - '.github/workflows/toolbox-cloud-cli.yml'
+  push:
+    branches:
+      - main
+    paths:
+      - 'toolbox-cloud-cli/**'
+      - '.github/workflows/toolbox-cloud-cli.yml'
+  workflow_dispatch:
+
+permissions: read-all
+
+# Prevent multiple workflow runs from racing to ensure that pushes are made
+# sequentialy for the main branch. Also cancel in progress workflow runs for
+# pull requests only.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+jobs:
+  build-push-image:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Reclaim disk space
+        run: |
+          sudo docker image prune --all --force
+          sudo rm -rf "/usr/local/lib/android"
+
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - name: Build container image
+        uses: redhat-actions/buildah-build@v2
+        with:
+          context: ${{ env.NAME }}
+          image: ${{ env.NAME }}
+          tags: latest
+          containerfiles: ${{ env.NAME }}/Containerfile
+          layers: false
+          oci: true
+
+      - name: Push to Container Registry
+        uses: redhat-actions/push-to-registry@v2
+        id: push
+        if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main'
+        with:
+          username: ${{ secrets.BOT_USERNAME }}
+          password: ${{ secrets.BOT_SECRET }}
+          image: ${{ env.NAME }}
+          registry: ${{ env.REGISTRY }}
+          tags: latest
+
+      - name: Login to Container Registry
+        uses: redhat-actions/podman-login@v1
+        if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main'
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.BOT_USERNAME }}
+          password: ${{ secrets.BOT_SECRET }}
+
+      - uses: sigstore/cosign-installer@v3.5.0
+        if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main'
+
+      - name: Sign container image
+        if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main'
+        run: |
+          cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY }}/${{ env.NAME }}@${{ steps.push.outputs.digest }}
+        env:
+          COSIGN_EXPERIMENTAL: false
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
diff --git a/toolbox-cloud-cli/Containerfile b/toolbox-cloud-cli/Containerfile
new file mode 100644
index 0000000..ed71978
--- /dev/null
+++ b/toolbox-cloud-cli/Containerfile
@@ -0,0 +1,43 @@
+FROM registry.fedoraproject.org/fedora-toolbox:40
+
+# Can not use herdocs here until GitHub workflows move to a newer Ubuntu
+# release with a newer buildah:
+# - https://www.docker.com/blog/introduction-to-heredocs-in-dockerfiles/
+# - https://github.com/containers/buildah/issues/3474
+COPY google-cloud-sdk.repo /etc/yum.repos.d/google-cloud-sdk.repo
+
+# - Install common tools
+# - Install cloud command line tools
+# - Remove mlocate
+RUN sed -i "s/enabled=1/enabled=0/" /etc/yum.repos.d/fedora-cisco-openh264.repo \
+    && dnf -y distrosync \
+    && dnf -y install \
+      git-absorb \
+      git-delta \
+      jq \
+      just \
+      ripgrep \
+      sqlite \
+      vim \
+      zsh \
+    && dnf -y install \
+      awscli \
+      azure-cli \
+      google-cloud-cli \
+      oci-cli \
+    && dnf -y remove mlocate \
+    && dnf clean all
+
+ARG DOCTL_URL="https://github.com/digitalocean/doctl/releases/download/v1.104.0/doctl-1.104.0-linux-amd64.tar.gz"
+ARG DOCTL_SHA256SUMS="f758b0c2fb7857db2bd00439155154f2ab8bee71c4f3640f90f64ec35256ca53  doctl-1.104.0-linux-amd64.tar.gz"
+
+# Manually install doctl
+RUN wget "${DOCTL_URL}" && \
+    echo "${DOCTL_SHA256SUMS}" | sha256sum --check && \
+    tar xf doctl-*-linux-amd64.tar.gz && \
+    rm doctl-*-linux-amd64.tar.gz && \
+    install -o 0 -g 0 -m 755 doctl /usr/local/bin/doctl
+
+# No need to clear the output as we will never use ZSH as a login shell and
+# this clears output when exiting toolboxes.
+RUN sed -i '/clear/d' /etc/zlogout
diff --git a/toolbox-cloud-cli/README.md b/toolbox-cloud-cli/README.md
new file mode 100644
index 0000000..66920fc
--- /dev/null
+++ b/toolbox-cloud-cli/README.md
@@ -0,0 +1 @@
+# Cloud CLIs
diff --git a/toolbox-cloud-cli/google-cloud-sdk.repo b/toolbox-cloud-cli/google-cloud-sdk.repo
new file mode 100644
index 0000000..e0bc693
--- /dev/null
+++ b/toolbox-cloud-cli/google-cloud-sdk.repo
@@ -0,0 +1,7 @@
+[google-cloud-cli]
+name=Google Cloud CLI
+baseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el9-x86_64
+enabled=1
+gpgcheck=1
+repo_gpgcheck=0
+gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg