Break gateway build cycle with runtime base bootstrap

.gitea/workflows/gateway-build.yml

@@ -8,6 +8,7 @@ on:
 env:
   DEPLOY_PATH: /opt/vpn-proxy
   BASE_IMAGE: vpn-proxy-runtime-base:bookworm-slim
+  RUNTIME_BASE_SOURCE_IMAGE: mirror.gcr.io/library/debian:bookworm-slim
   SINGBOX_VERSION: 1.12.13
 
 jobs:
@@ -34,6 +35,7 @@ jobs:
           DEPLOY_HOST=111 \
           DEPLOY_PATH="${{ env.DEPLOY_PATH }}" \
           BASE_IMAGE="${{ env.BASE_IMAGE }}" \
+          RUNTIME_BASE_SOURCE_IMAGE="${{ env.RUNTIME_BASE_SOURCE_IMAGE }}" \
           SINGBOX_VERSION="${{ env.SINGBOX_VERSION }}" \
           IMAGE_TAG="${{ gitea.sha }}" \
           bash scripts/build-on-107-deploy-111.sh

Dockerfile.runtime-base

@@ -1,12 +1,24 @@
 ARG BASE_IMAGE=mirror.gcr.io/library/debian:bookworm-slim
 FROM ${BASE_IMAGE}
 ARG SINGBOX_VERSION=1.12.13
+ARG HTTP_PROXY
+ARG HTTPS_PROXY
+ARG NO_PROXY
+ARG http_proxy
+ARG https_proxy
+ARG no_proxy
 
-RUN apt-get update \
+RUN export http_proxy="${http_proxy:-${HTTP_PROXY:-}}" \
+    && export https_proxy="${https_proxy:-${HTTPS_PROXY:-}}" \
+    && export no_proxy="${no_proxy:-${NO_PROXY:-}}" \
+    && apt-get update \
     && apt-get install -y --no-install-recommends ca-certificates curl iptables ipset iproute2 nodejs dumb-init \
     && rm -rf /var/lib/apt/lists/*
 
 RUN set -eux; \
+    export http_proxy="${http_proxy:-${HTTP_PROXY:-}}"; \
+    export https_proxy="${https_proxy:-${HTTPS_PROXY:-}}"; \
+    export no_proxy="${no_proxy:-${NO_PROXY:-}}"; \
     arch="$(dpkg --print-architecture)"; \
     case "$arch" in \
     amd64) sb_arch="amd64" ;; \

scripts/build-on-107-deploy-111.sh

@@ -10,15 +10,18 @@ GIT_REF="$(git rev-parse --short HEAD 2>/dev/null || echo manual)"
 IMAGE_TAG="${IMAGE_TAG:-${GIT_REF}-$(date +%Y%m%d%H%M%S)}"
 GATEWAY_IMAGE="${GATEWAY_IMAGE:-${IMAGE_NAME}:${IMAGE_TAG}}"
 BASE_IMAGE="${BASE_IMAGE:-vpn-proxy-runtime-base:bookworm-slim}"
+RUNTIME_BASE_SOURCE_IMAGE="${RUNTIME_BASE_SOURCE_IMAGE:-mirror.gcr.io/library/debian:bookworm-slim}"
 SINGBOX_VERSION="${SINGBOX_VERSION:-1.12.13}"
 DOCKER_BUILD_PULL="${DOCKER_BUILD_PULL:-false}"
 INSTALL_RUNTIME_DEPS="${INSTALL_RUNTIME_DEPS:-false}"
 INSTALL_SINGBOX="${INSTALL_SINGBOX:-false}"
+AUTO_BUILD_RUNTIME_BASE="${AUTO_BUILD_RUNTIME_BASE:-true}"
 
 echo "Build host: ${BUILD_HOST}"
 echo "Deploy host: ${DEPLOY_HOST}"
 echo "Image: ${GATEWAY_IMAGE}"
 echo "Base image: ${BASE_IMAGE}"
+echo "Runtime base source: ${RUNTIME_BASE_SOURCE_IMAGE}"
 
 echo "Syncing source to ${BUILD_HOST}:${BUILD_PATH}"
 if [ "${BUILD_HOST}" = "local" ]; then
@@ -35,7 +38,7 @@ else
 fi
 
 echo "Building image on ${BUILD_HOST}"
-BUILD_COMMAND="set -e; echo 'Docker context:' \$(docker context show 2>/dev/null || true); docker info 2>/dev/null | sed -n '/HTTP Proxy:/p;/HTTPS Proxy:/p;/Name:/p'; docker image inspect '${BASE_IMAGE}' >/dev/null || { echo 'Runtime base image ${BASE_IMAGE} is missing on ${BUILD_HOST}.'; echo 'Seed it once with: ./scripts/build-runtime-base.sh'; exit 1; }; cd '${BUILD_PATH}' && npm ci && npm run build && docker build --pull='${DOCKER_BUILD_PULL}' --build-arg BASE_IMAGE='${BASE_IMAGE}' --build-arg SINGBOX_VERSION='${SINGBOX_VERSION}' --build-arg INSTALL_RUNTIME_DEPS='${INSTALL_RUNTIME_DEPS}' --build-arg INSTALL_SINGBOX='${INSTALL_SINGBOX}' -t '${GATEWAY_IMAGE}' ."
+BUILD_COMMAND="set -e; echo 'Docker context:' \$(docker context show 2>/dev/null || true); docker info 2>/dev/null | sed -n '/HTTP Proxy:/p;/HTTPS Proxy:/p;/Name:/p'; cd '${BUILD_PATH}'; if ! docker image inspect '${BASE_IMAGE}' >/dev/null 2>&1; then if [ '${AUTO_BUILD_RUNTIME_BASE}' = 'true' ]; then echo 'Runtime base image ${BASE_IMAGE} is missing on ${BUILD_HOST}; building it now.'; BASE_IMAGE='${RUNTIME_BASE_SOURCE_IMAGE}' RUNTIME_BASE_IMAGE='${BASE_IMAGE}' SINGBOX_VERSION='${SINGBOX_VERSION}' ./scripts/build-runtime-base.sh; else echo 'Runtime base image ${BASE_IMAGE} is missing on ${BUILD_HOST}.'; echo 'Seed it once with: ./scripts/build-runtime-base.sh'; exit 1; fi; fi; npm ci && npm run build && docker build --pull='${DOCKER_BUILD_PULL}' --build-arg BASE_IMAGE='${BASE_IMAGE}' --build-arg SINGBOX_VERSION='${SINGBOX_VERSION}' --build-arg INSTALL_RUNTIME_DEPS='${INSTALL_RUNTIME_DEPS}' --build-arg INSTALL_SINGBOX='${INSTALL_SINGBOX}' -t '${GATEWAY_IMAGE}' ."
 if [ "${BUILD_HOST}" = "local" ]; then
   bash -lc "${BUILD_COMMAND}"
 else

scripts/build-runtime-base.sh

@@ -4,13 +4,24 @@ set -euo pipefail
 BASE_IMAGE="${BASE_IMAGE:-mirror.gcr.io/library/debian:bookworm-slim}"
 RUNTIME_BASE_IMAGE="${RUNTIME_BASE_IMAGE:-vpn-proxy-runtime-base:bookworm-slim}"
 SINGBOX_VERSION="${SINGBOX_VERSION:-1.12.13}"
+HTTP_PROXY="${HTTP_PROXY:-$(docker info 2>/dev/null | awk -F': ' '/HTTP Proxy:/ {print $2; exit}')}"
+HTTPS_PROXY="${HTTPS_PROXY:-$(docker info 2>/dev/null | awk -F': ' '/HTTPS Proxy:/ {print $2; exit}')}"
+NO_PROXY="${NO_PROXY:-$(docker info 2>/dev/null | awk -F': ' '/No Proxy:/ {print $2; exit}')}"
 
 echo "Building runtime base: ${RUNTIME_BASE_IMAGE}"
 echo "Source base image: ${BASE_IMAGE}"
+if [ -n "${HTTP_PROXY}" ]; then echo "HTTP proxy: ${HTTP_PROXY}"; fi
+if [ -n "${HTTPS_PROXY}" ]; then echo "HTTPS proxy: ${HTTPS_PROXY}"; fi
 
 docker build \
   --build-arg BASE_IMAGE="${BASE_IMAGE}" \
   --build-arg SINGBOX_VERSION="${SINGBOX_VERSION}" \
+  --build-arg HTTP_PROXY="${HTTP_PROXY}" \
+  --build-arg HTTPS_PROXY="${HTTPS_PROXY}" \
+  --build-arg NO_PROXY="${NO_PROXY}" \
+  --build-arg http_proxy="${HTTP_PROXY}" \
+  --build-arg https_proxy="${HTTPS_PROXY}" \
+  --build-arg no_proxy="${NO_PROXY}" \
   -f Dockerfile.runtime-base \
   -t "${RUNTIME_BASE_IMAGE}" \
   .