From 45082321b507ede81426ffb1371fbcd461d18c16 Mon Sep 17 00:00:00 2001 From: usimd <11619247+usimd@users.noreply.github.com> Date: Sun, 3 Nov 2024 20:54:48 +0100 Subject: [PATCH] Add APT proxy and document use case --- .github/workflows/integration-test.yml | 37 +++++++++++++++++++ README.md | 50 ++++++++++++++++++++++++++ action.yml | 7 +++- src/configure.ts | 1 + src/pi-gen-config.ts | 11 ++++++ 5 files changed, 105 insertions(+), 1 deletion(-) diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml index 47cbf7e..3734653 100644 --- a/.github/workflows/integration-test.yml +++ b/.github/workflows/integration-test.yml @@ -61,6 +61,34 @@ jobs: - name: Compile action code before test run: npm ci && npm run package + - name: Select Debian package mirror + id: select-mirror + # This is just to demonstrate that you could determine the mirror to use + # however you fancy. + run: echo "mirror=debian-archive.trafficmanager.net" >> $GITHUB_OUTPUT + + - name: Setup APT proxy on runner + run: | + sudo apt-get install -y nginx --no-install-recommends --no-install-suggests + sudo bash -c 'cat > /etc/nginx/sites-enabled/default <<-EOF + server { + listen 3128; + access_log /var/log/nginx/cache-access.log; + error_log /var/log/nginx/cache-error.log; + allow all; + resolver 127.0.0.11; + location / { + if ($host ~* ^deb\.debian\.org) { + proxy_pass $scheme://${{ steps.select-mirror.outputs.mirror }}$request_uri; + break; + } + proxy_pass $scheme://$host$request_uri; + } + } + EOF' + sudo service apache2 stop + sudo service nginx restart + - name: Run pi-gen build uses: ./ id: build @@ -81,6 +109,8 @@ jobs: timezone: ${{ env.CONFIG_TIMEZONE }} pubkey-ssh-first-user: ${{ env.CONFIG_PUBLIC_KEY }} increase-runner-disk-size: ${{ github.event_name != 'workflow_dispatch' || inputs.increase-runner-disk }} + docker-opts: --add-host=host.docker.internal:host-gateway + apt-proxy: http://host.docker.internal:3128 - name: List working directory run: tree @@ -112,4 +142,11 @@ jobs: with: labels: test + - name: Debug APT proxy + if: always() + run: | + sudo tail -n 100 /etc/squid-deb-proxy/squid-deb-proxy.conf + sudo service squid status + sudo tail -n 200 /var/log/syslog /var/log/squid/* /var/log/squid-deb-proxy/* + \ No newline at end of file diff --git a/README.md b/README.md index 3a8527e..32ca137 100644 --- a/README.md +++ b/README.md @@ -314,6 +314,56 @@ jobs: increase-runner-disk-size: true ``` +### Use fast APT proxy for `pi-gen` + +If you want to speed up your build by improving the package download speed, you can setup +a local APT proxy and let `pi-gen` use it during the build. The proxy should point to a +fast mirror, on GitHub Actions runners this will _very_ likely be `debian-archive.trafficmanager.net` +hosted on Azure. Make sure, though, that the selected mirror contains your targeted +architecture (`debian-archive.trafficmanager.net` does **not** include `armhf`): + +``` +jobs: + pi-gen-with-fast-apt-proxy: + runs-on: ubuntu-latest + steps: + - name: Select Debian package mirror + id: select-mirror + # This is just to demonstrate that you could determine the mirror to use + # however you fancy. + run: echo "mirror=debian-archive.trafficmanager.net" >> $GITHUB_OUTPUT + + - name: Setup APT proxy on runner + run: | + sudo apt-get install -y nginx --no-install-recommends --no-install-suggests + sudo bash -c 'cat > /etc/nginx/sites-enabled/default <<-EOF + server { + listen 3128; + access_log /var/log/nginx/cache-access.log; + error_log /var/log/nginx/cache-error.log; + allow all; + resolver 127.0.0.11; + location / { + if ($host ~* ^deb\.debian\.org) { + proxy_pass $scheme://${{ steps.select-mirror.outputs.mirror }}$request_uri; + break; + } + proxy_pass $scheme://$host$request_uri; + } + } + EOF' + sudo service nginx restart + + - uses: usimd/pi-gen-action@v1 + with: + image-name: test + stage-list: stage0 stage1 stage2 custom-stage + pi-gen-dir: ${{ inputs.custom-pi-gen-dir }} + # This is important: make the host service available to the pi-gen container + docker-opts: --add-host=host.docker.internal:host-gateway + apt-proxy: http://host.docker.internal:3128 +``` + ## License The scripts and documentation in this project are released under the [MIT License](LICENSE) diff --git a/action.yml b/action.yml index 328ea88..3190d1b 100644 --- a/action.yml +++ b/action.yml @@ -4,7 +4,12 @@ author: Simon Domke inputs: # pi-gen variables - + apt-proxy: + description: | + If you require the use of an apt proxy, set it here. This proxy setting will not be included in the image, + making it safe to use an apt-cacher or similar package for development. + required: false + default: '' image-name: description: Final image name. required: true diff --git a/src/configure.ts b/src/configure.ts index 6ecd63e..b04c35d 100644 --- a/src/configure.ts +++ b/src/configure.ts @@ -56,6 +56,7 @@ export async function configure(): Promise { userConfig.setfcap = core.getInput('setfcap') || DEFAULT_CONFIG.setfcap userConfig.piGenRelease = core.getInput('pi-gen-release') || DEFAULT_CONFIG.piGenRelease + userConfig.aptProxy = core.getInput('apt-proxy') || DEFAULT_CONFIG.aptProxy await validateConfig(userConfig) diff --git a/src/pi-gen-config.ts b/src/pi-gen-config.ts index bc4e04a..57b4fde 100644 --- a/src/pi-gen-config.ts +++ b/src/pi-gen-config.ts @@ -6,6 +6,7 @@ import * as exec from '@actions/exec' import * as io from '@actions/io' export interface PiGenConfig { + aptProxy?: string imgName: string piGenRelease: string release: string @@ -220,6 +221,16 @@ export async function validateConfig(config: PiGenConfig): Promise { } } } + + if (config.aptProxy) { + try { + new URL(config.aptProxy) + } catch (error) { + throw new Error( + 'apt-proxy is not a valid URL. Make it point to a correct http/https address.' + ) + } + } } function camelCaseToSnakeCase(label: string): string {