Initial import

.ansible-lint

@@ -0,0 +1,3 @@
+---
+skip_list:
+- no-changed-when

.github/actions/build/action.yml

@@ -0,0 +1,23 @@
+name: 'Build images'
+inputs:
+  base_image:
+    description: Base image.
+    required: true
+  tag:
+    description: Output tag.
+    required: true
+  unavailable:
+    description: Space separated list of unavailable services.
+    required: false
+    default: ""
+runs:
+  using: "composite"
+  steps:
+  - name: Build containers
+    shell: bash
+    run: |
+      sudo --preserve-env=ANSIBLE_FORCE_COLOR,DOCKER_HOST \
+        make build                                        \
+          BASE_IMAGE="${{ inputs.base_image }}"           \
+          TAG="${{ inputs.tag }}"                         \
+          UNAVAILABLE="${{ inputs.unavailable }}"

.github/actions/get-build-matrix/action.yml

@@ -0,0 +1,14 @@
+name: 'Get build matrix'
+description: 'Get build matrix for the CI containers'
+outputs:
+  matrix:
+    description: Build matrix in JSON format.
+    value: ${{ steps.matrix.outputs.matrix }}
+runs:
+  using: "composite"
+  steps:
+  - name: Get build matrix
+    id: matrix
+    shell: bash
+    run: |
+      ./src/tools/get-build-matrix.py action

.github/actions/install-dependencies/action.yml

@@ -0,0 +1,16 @@
+name: 'Install dependencies'
+description: 'Install dependencies for building and publishing containers'
+runs:
+  using: "composite"
+  steps:
+  - name: Install packages
+    shell: bash
+    run: |
+      sudo pip3 install ansible
+      sudo apt-get update
+      sudo apt-get install -y podman docker-compose
+
+  - name: Enable podman socket
+    shell: bash
+    run: |
+      sudo systemctl enable --now podman.socket

.github/actions/publish/action.yml

@@ -0,0 +1,32 @@
+name: 'Publish images'
+inputs:
+  credentials:
+    description: Registry credentials.
+    required: true
+  tag:
+    description: Output tag.
+    required: true
+  registry:
+    description: Target image resigty.
+    required: false
+    default: "quay.io/sssd"
+  extra_tags:
+    description: Space separated list of extra tags.
+    required: false
+    default: ""
+runs:
+  using: "composite"
+  steps:
+  - name: Build containers
+    shell: bash
+    env:
+      CREDENTIALS: ${{ inputs.credentials }}
+    run: |
+        authfile=`mktemp`
+        trap "rm -f '$authfile' || :" EXIT
+        sudo echo -e "$CREDENTIALS" > "$authfile"
+        sudo make push                            \
+          REGISTRY="${{ inputs.registry }}"       \
+          TAG="${{ inputs.tag }}"                 \
+          EXTRA_TAGS="${{ inputs.extra_tags }}"   \
+          REGISTRY_AUTH_FILE="$authfile"

.github/workflows/build.yml

@@ -0,0 +1,100 @@
+name: Build
+on:
+  push:
+    branches:
+    - master
+    paths:
+    - 'src/**'
+    - 'data/**'
+    - 'docker-compose.yml'
+  pull_request:
+    paths:
+    - 'src/**'
+    - 'data/**'
+    - 'docker-compose.yml'
+  workflow_dispatch:
+  schedule:
+  - cron: '0 1 * * 0'
+env:
+  ANSIBLE_FORCE_COLOR: 1
+  DOCKER_HOST: unix:///run/podman/podman.sock
+jobs:
+  get-matrix:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    outputs:
+      matrix: ${{ steps.matrix.outputs.matrix }}
+    steps:
+    - uses: actions/checkout@v2
+    - name: Get build matrix
+      id: matrix
+      uses: ./.github/actions/get-build-matrix
+
+  fedora:
+    runs-on: ubuntu-latest
+    needs: 'get-matrix'
+    permissions:
+      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        image: ${{ fromJson(needs.get-matrix.outputs.matrix) }}
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v2
+
+    - name: Install dependencies
+      uses: ./.github/actions/install-dependencies
+
+    - name: Build images
+      uses: ./.github/actions/build
+      with:
+        base_image: ${{ matrix.image.base }}
+        tag: ${{ matrix.image.tag }}
+
+    - name: Publish images
+      if: github.event_name != 'pull_request'
+      uses: ./.github/actions/publish
+      with:
+        credentials: ${{ secrets.QUAY_IO_CREDENTIALS }}
+        tag: ${{ matrix.image.tag }}
+        extra_tags: ${{ matrix.image.extra }}
+
+  other:
+    runs-on: ubuntu-latest
+    needs: 'fedora'
+    if: ${{ !cancelled() }}
+    permissions:
+      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        image: [
+          { base: 'quay.io/centos/centos:stream8', tag: 'centos8', extra: '', unavailable: 'samba' },
+          { base: 'quay.io/centos/centos:stream9', tag: 'centos9', extra: 'centos-latest', unavailable: 'samba' },
+          { base: 'docker.io/debian:10', tag: 'debian-10', extra: 'debian-latest', unavailable: 'ipa ldap samba' },
+          { base: 'docker.io/ubuntu:latest', tag: 'ubuntu-latest', extra: '', unavailable: 'ipa ldap samba' },
+          { base: 'docker.io/ubuntu:rolling', tag: 'ubuntu-rolling', extra: '', unavailable: 'ipa ldap samba' },
+        ]
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v2
+
+    - name: Install dependencies
+      uses: ./.github/actions/install-dependencies
+
+    - name: Build images
+      uses: ./.github/actions/build
+      with:
+        base_image: ${{ matrix.image.base }}
+        tag: ${{ matrix.image.tag }}
+        unavailable: ${{ matrix.image.unavailable }}
+
+    - name: Publish images
+      if: github.event_name != 'pull_request'
+      uses: ./.github/actions/publish
+      with:
+        credentials: ${{ secrets.QUAY_IO_CREDENTIALS }}
+        tag: ${{ matrix.image.tag }}
+        extra_tags: ${{ matrix.image.extra }}

.gitignore

@@ -0,0 +1,4 @@
+.vscode
+__pycache__
+/.env
+/docker-compose.override*