Adding VersionStream for haproxy-3.3

haproxy-3.3.yaml

@@ -0,0 +1,186 @@
+package:
+  name: haproxy-3.3
+  version: "3.3.0"
+  epoch: 0
+  description: "A TCP/HTTP reverse proxy for high availability environments"
+  copyright:
+    - license: GPL-2.0-or-later
+  dependencies:
+    runtime:
+      - libgcc
+      - merged-usrsbin
+      - wolfi-baselayout
+    provides:
+      - haproxy=${{package.full-version}}
+
+var-transforms:
+  - from: ${{package.version}}
+    match: ^(\d+\.\d+)\.\d+$
+    replace: "$1"
+    to: major-minor-version
+  - from: ${{package.version}}
+    match: ^(\d+).*
+    replace: $1
+    to: major-version
+
+environment:
+  contents:
+    packages:
+      - build-base
+      - busybox
+      - ca-certificates-bundle
+      - libcap-utils
+      - linux-headers
+      - lua5.3-dev
+      - openssl-dev
+      - pcre2-dev
+  accounts:
+    # Need to run with privilege to be able to do setcap
+    run-as: root
+
+pipeline:
+  - uses: git-checkout
+    with:
+      repository: https://git.haproxy.org/git/haproxy-${{vars.major-minor-version}}.git
+      tag: v${{package.version}}
+      expected-commit: 7832fb21fe2dd11ce44e996d8e86802731b871b2
+
+  - uses: autoconf/make
+    with:
+      opts: |
+        TARGET=linux-glibc \
+        USE_THREAD=1 \
+        USE_PCRE2=1 \
+        USE_PCRE2_JIT=1 \
+        USE_OPENSSL=1 \
+        USE_LUA=1 \
+        USE_NS=1 \
+        USE_PROMEX=1 \
+        LUA_LIB=/usr/lib/lua5.3 \
+        LUA_INC=/usr/include/lua5.3 \
+        USE_GETADDRINFO=1 \
+        SBINDIR=/usr/bin
+
+  - runs: |
+      make install DESTDIR="${{targets.destdir}}" PREFIX=/usr DOCDIR=/usr/share/doc/haproxy
+      install -d "${{targets.destdir}}"/var/lib/haproxy
+      mkdir -p "${{targets.destdir}}"/usr/bin
+      mv "${{targets.destdir}}"/usr/sbin/* "${{targets.destdir}}"/usr/bin
+      rmdir "${{targets.destdir}}"/usr/sbin
+
+  - uses: strip
+
+  # This MUST run after strip, which strips capabilities too!
+  - runs: setcap cap_net_bind_service=+eip "${{targets.destdir}}/usr/bin/haproxy"
+
+subpackages:
+  - name: "${{package.name}}-nocaps"
+    description: "haproxy without cap_net_bind_service capabilities"
+    pipeline:
+      - runs: |
+          mkdir -p ${{targets.contextdir}}/usr/bin
+          cp /home/build/melange-out/${{package.name}}/usr/bin/haproxy ${{targets.contextdir}}/usr/bin/
+    test:
+      environment:
+        contents:
+          packages:
+            - libcap-utils
+      pipeline:
+        - uses: test/tw/help-check
+          with:
+            bins: /usr/bin/haproxy
+        - name: Test there are no capabilities present
+          runs: |
+            if [ $(getcap /usr/bin/haproxy | wc -l ) -ne 0 ]; then exit 1; fi
+
+  - name: "${{package.name}}-doc"
+    description: "haproxy documentation"
+    pipeline:
+      - uses: split/manpages
+    dependencies:
+      provides:
+        - haproxy-doc=${{package.full-version}}
+      runtime:
+        - merged-usrsbin
+        - wolfi-baselayout
+    test:
+      pipeline:
+        - uses: test/docs
+
+  - name: ${{package.name}}-oci-entrypoint
+    description: Entrypoint for using HAProxy in OCI containers
+    dependencies:
+      runtime:
+        - busybox
+        - merged-usrsbin
+        - posix-libc-utils # `getent` is required for certain helm chart startups
+        - wolfi-baselayout
+      provides:
+        - haproxy-oci-entrypoint=${{package.full-version}}
+    pipeline:
+      - runs: |
+          mkdir -p ${{targets.subpkgdir}}/usr/local/bin/
+          cp docker-entrypoint.sh ${{targets.subpkgdir}}/usr/local/bin/
+          chmod +x ${{targets.subpkgdir}}/usr/local/bin/docker-entrypoint.sh
+    test:
+      pipeline:
+        - uses: test/virtualpackage
+          with:
+            virtual-pkg-name: haproxy-oci-entrypoint
+            real-pkg-name: ${{subpkg.name}}
+
+  - name: ${{package.name}}-iamguarded-compat
+    dependencies:
+      provides:
+        - haproxy-iamguarded-compat=${{package.full-version}}
+      runtime:
+        - ${{package.name}}
+    pipeline:
+      - uses: iamguarded/build-compat
+        with:
+          package: haproxy
+          version: ${{vars.major-version}}
+      - runs: |
+          mkdir -p /iamguarded/haproxy/conf
+
+          mkdir -p /opt/iamguarded/haproxy/bin
+          mkdir -p /opt/iamguarded/haproxy-dataplaneapi/bin
+          mkdir -p /opt/iamguarded/lua/bin
+          chmod g+rwX /opt/iamguarded
+
+          ln -s /usr/bin/haproxy /opt/iamguarded/haproxy/bin/haproxy
+          ln -s /usr/bin/dataplaneapi /opt/iamguarded/haproxy-dataplaneapi/bin/dataplaneapi
+      - uses: iamguarded/finalize-compat
+        with:
+          package: haproxy
+          version: ${{vars.major-version}}
+    test:
+      environment:
+        contents:
+          packages:
+            - dataplaneapi
+      pipeline:
+        - uses: iamguarded/test-compat
+          with:
+            package: haproxy
+            version: ${{vars.major-version}}
+        - runs: |
+            /opt/iamguarded/haproxy/bin/haproxy -v
+
+update:
+  enabled: true
+  git:
+    strip-prefix: v
+    tag-filter-prefix: v3.3
+
+test:
+  environment:
+    contents:
+      packages:
+        - libcap-utils
+  pipeline:
+    - runs: |
+        haproxy -v
+    - name: Test file capabilities
+      runs: |
+        getcap /usr/bin/haproxy | cut -d ' ' -f2 | grep -q -E '^cap_net_bind_service=eip$'

haproxy-3.3/docker-entrypoint.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+
+# src: https://github.com/docker-library/haproxy/blob/817555017600e0dac39d93a75ef920adac450958/2.8/alpine/docker-entrypoint.sh
+
+set -e
+
+# first arg is `-f` or `--some-option`
+if [ "${1#-}" != "$1" ]; then
+	set -- haproxy "$@"
+fi
+
+if [ "$1" = 'haproxy' ]; then
+	shift # "haproxy"
+	# if the user wants "haproxy", let's add a couple useful flags
+	#   -W  -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2")
+	#   -db -- disables background mode
+	set -- haproxy -W -db "$@"
+fi
+
+exec "$@"