I want to build a balena application using balena-cli running concourse CI.
I tried several things now:
Docker image with installed balena-cli and docker using docker-image resource
using a concourse docker-image, then downloaded balena-cli release from github
running a dind concourse resource and running my docker image with preinstalled balena-cli
In many cases concourse will refuse to handle the whole construct correctly in other cases after a successully balena login i get the error Docker seems to be unavailable. Is it installed and running?
So, am i the first person who tries to manage their balena releases with concourse CI or is there a way someone ever found out how to do that?
My latest concourse task definition looks something like that:
Hi @arschlegel ,
This seems to be quite an interesting project
So let me clarify a bit what exactly you are doing. You want to build balena app images without our builders, using your own infrastructure with ConcourceCI. Am I getting this right?
Speaking about your problem,
In many cases concourse will refuse to handle the whole construct correctly in other cases after a successully balena login i get the error Docker seems to be unavailable. Is it installed and running?
Have you tried running some different pipeline that uses docker on Concourse? So you can eliminate balena-cli from the equation and make sure that Concourse setup is done right.
Hey @arschlegel I think the latest error you report happens because docker might be missing, or might not be started correctly in the ((registry)/balena-cli/11.9.7:latest container. I think the first approach you mention should be the one to follow here: you can build an image with docker and balena-cli, and then use that as the image_resource for your task (also don’t forget to include https://github.com/concourse/docker-image-resource/blob/master/assets/common.sh and start_docker in there as a first step)
Let me know if this makes sense or what kind of errors pop up when attempting this solution.
thanks for the replies!
i got it working yesterday. Only thing missing was the mounted docker socket to my docker balena image (with preinstalled docker ce).
For the concourse job i am using the docker in docker image amidos/dcind
Concourse does the pull of the balena image, saves it and passes the image as input to the job. This way pulling from a private registry with a self signed certificate is way more easy than importing the certificate within the dind task.
The rest is pretty straight forward:
Let docker import the passed image
Copy all stuff together to the places where the balena Dockerfile needs them
balena login with the token and then balena deploy.
- task: Build-and-Deploy-Balena-Release
privileged: true
config:
platform: linux
image_resource:
type: docker-image
source:
repository: amidos/dcind
inputs:
- name: balena-cli
- name: install
- name: source
outputs:
- name: output
run:
path: bash
args:
- -exc
- |
# Install openssl and get and import the servers self signed certificate
apk upgrade --update-cache --available
apk add openssl
source /docker-lib.sh
mkdir -p /etc/docker/certs.d/<registry>
echo -n | openssl s_client -connect <registry>:443 | \
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /etc/docker/certs.d/<registry>/ca.crt
# Start the docker daemon and importing the recently pulled image by concourse (input: balena-cli)
start_docker
docker load -i balena-cli/image
docker tag "$(cat balena-cli/image-id)" "$(cat balena-cli/repository):$(cat balena-cli/tag)"
# Do the actual work: Copy and run balena-cli from the container
export BALENA_API_KEY=((balena_api_key))
export ROOT=$(pwd)
cp -rv $ROOT/source/building/docker/ $ROOT/output/
cp -rv $ROOT/install/* $ROOT/output/docker/images/balena/<app>/output
cd $ROOT/output/docker/images/balena/<app>
docker run --rm -it -v $(pwd):/build -v /var/run/docker.sock:/var/run/docker.sock \
<registry>/balena-cli/11.9.7:latest \
sh -c "export DEBUG=1; balena login -t $BALENA_API_KEY && balena deploy <app> --build"
I am importing the self signed certificate here anyway because i am using some image for my balena Dockerfile that comes from my private docker registry. If i had a official signed certificate this step would not be necessary.