Using balena-cli with concourse CI

Hi!

I want to build a balena application using balena-cli running concourse CI.
I tried several things now:

  • Docker image with installed balena-cli and docker using docker-image resource
  • using a concourse docker-image, then downloaded balena-cli release from github
  • running a dind concourse resource and running my docker image with preinstalled balena-cli

In many cases concourse will refuse to handle the whole construct correctly in other cases after a successully balena login i get the error Docker seems to be unavailable. Is it installed and running?

So, am i the first person who tries to manage their balena releases with concourse CI or is there a way someone ever found out how to do that?

My latest concourse task definition looks something like that:

---
resources:
- name: balena-cli
  type: docker-image
  source:
    repository: ((registry))/balena-cli/11.9.7
    ca_certs: {{docker_registry_ca_cert}}
    tag: latest
...

jobs:
...
- task: Build-Balena-Release
    privileged: true
    config:
      platform: linux
      image_resource:
        type: docker-image
        source:
          repository: amidos/dcind
      inputs:
      - name: balena-cli
      - name: install
      - name: source
      outputs:
      - name: output
      run:
        path: bash
        args:
          - -exc
          - |
            source /docker-lib.sh
            start_docker
            export BALENA_API_KEY=((balena_api_key))
            docker load -i balena-cli/image
            docker tag "$(cat balena-cli/image-id)" "$(cat balena-cli/repository):$(cat balena-cli/tag)"
            export ROOT=$(pwd)
            cp -rv $ROOT/source/building/docker/ $ROOT/output/
            cp -rv $ROOT/install $ROOT/output/docker/images/balena/app/output
            cd $ROOT/output/docker/images/balena/app
            docker run --rm -it ((registry)/balena-cli/11.9.7:latest sh -c "export DEBUG=1; balena login -t $BALENA_API_KEY && balena deploy app --build"

Hi @arschlegel ,
This seems to be quite an interesting project :slight_smile:

So let me clarify a bit what exactly you are doing. You want to build balena app images without our builders, using your own infrastructure with ConcourceCI. Am I getting this right?

Speaking about your problem,

In many cases concourse will refuse to handle the whole construct correctly in other cases after a successully balena login i get the error Docker seems to be unavailable. Is it installed and running?

Have you tried running some different pipeline that uses docker on Concourse? So you can eliminate balena-cli from the equation and make sure that Concourse setup is done right.

Hey @arschlegel I think the latest error you report happens because docker might be missing, or might not be started correctly in the ((registry)/balena-cli/11.9.7:latest container. I think the first approach you mention should be the one to follow here: you can build an image with docker and balena-cli, and then use that as the image_resource for your task (also don’t forget to include https://github.com/concourse/docker-image-resource/blob/master/assets/common.sh and start_docker in there as a first step)
Let me know if this makes sense or what kind of errors pop up when attempting this solution.

HI!

thanks for the replies!
i got it working yesterday. Only thing missing was the mounted docker socket to my docker balena image (with preinstalled docker ce).
For the concourse job i am using the docker in docker image amidos/dcind
Concourse does the pull of the balena image, saves it and passes the image as input to the job. This way pulling from a private registry with a self signed certificate is way more easy than importing the certificate within the dind task.
The rest is pretty straight forward:

  1. Let docker import the passed image
  2. Copy all stuff together to the places where the balena Dockerfile needs them
  3. balena login with the token and then balena deploy.
  - task: Build-and-Deploy-Balena-Release
    privileged: true
    config:
      platform: linux
      image_resource:
        type: docker-image
        source:
          repository: amidos/dcind
      inputs:
      - name: balena-cli
      - name: install
      - name: source
      outputs:
      - name: output
      run:
        path: bash
        args:
          - -exc
          - |
            # Install openssl and get and import the servers self signed certificate
            apk upgrade --update-cache --available
            apk add openssl
            source /docker-lib.sh
            mkdir -p /etc/docker/certs.d/<registry>
            echo -n | openssl s_client -connect <registry>:443 | \
            sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /etc/docker/certs.d/<registry>/ca.crt 
            # Start the docker daemon and importing the recently pulled image by concourse (input: balena-cli)
            start_docker
            docker load -i balena-cli/image
            docker tag "$(cat balena-cli/image-id)" "$(cat balena-cli/repository):$(cat balena-cli/tag)"
            # Do the actual work: Copy and run balena-cli from the container
            export BALENA_API_KEY=((balena_api_key))
            export ROOT=$(pwd)
            cp -rv $ROOT/source/building/docker/ $ROOT/output/
            cp -rv $ROOT/install/* $ROOT/output/docker/images/balena/<app>/output
            cd $ROOT/output/docker/images/balena/<app>
            docker run --rm -it -v $(pwd):/build -v /var/run/docker.sock:/var/run/docker.sock \
            <registry>/balena-cli/11.9.7:latest \
            sh -c "export DEBUG=1; balena login -t $BALENA_API_KEY && balena deploy <app> --build"

I am importing the self signed certificate here anyway because i am using some image for my balena Dockerfile that comes from my private docker registry. If i had a official signed certificate this step would not be necessary.

Hi,

We are happy to know that you made it work.

Feel free to contact us in the future if you need further help.

Regards!