Переход на nstart.cloud

2026-04-29 21:55:19 +03:00 · 2026-04-29 21:55:19 +03:00 · 5462812cc4
commit 5462812cc4
parent 45befff053
20 changed files with 37 additions and 95 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -3,9 +3,9 @@ stages:
 build-images:
  stage: build
-  image: repo.nstart.local/nstart/docker-cli-buildx:1.0.0
+  image: repo.nstart.cloud/nstart/docker-cli-buildx:1.0.0
  services:
-    - name: repo.nstart.local/nstart/docker-dind-ca:1.0.0
+    - name: repo.nstart.cloud/library/docker:29.1.2-dind
      alias: docker
      command: ["--tls=false"]
  variables:
--- a/Dockerfile.alpine
+++ b/Dockerfile.alpine
@ -1,7 +1,6 @@
-ARG BASE_REPO="repo.nstart.local/library/"
+ARG BASE_REPO="repo.nstart.cloud/library/"
 ARG BASE_TAG="3.23.2"
 FROM ${BASE_REPO}alpine:${BASE_TAG}
 COPY ca/nstart.local.crt /etc/apk/ca.pem
 COPY alpine/repositories /etc/apk/
--- a/Dockerfile.jdk-rhel
+++ b/Dockerfile.jdk-rhel
@ -1,13 +1,10 @@
-ARG BASE_REPO="repo.nstart.local/library/"
+ARG BASE_REPO="repo.nstart.cloud/library/"
 ARG BASE_TAG="jdk25-ubi10"
 FROM ${BASE_REPO}gradle:${BASE_TAG}
 COPY rhel/ubi.repo /etc/yum.repos.d/
 COPY ca/nstart.local.crt /certificates/
 ENV USE_SYSTEM_CA_CERTS=1
 COPY java/maven.xml /etc/maven/settings.xml
 ENV GRADLE_USER_HOME=/etc/gradle
--- a/Dockerfile.jdk-ubuntu
+++ b/Dockerfile.jdk-ubuntu
@ -1,16 +1,10 @@
-ARG BASE_REPO="repo.nstart.local/library/"
+ARG BASE_REPO="repo.nstart.cloud/library/"
 ARG BASE_TAG="jdk17-noble"
 FROM ${BASE_REPO}gradle:${BASE_TAG}
 COPY --chmod=007 ca/nstart.local.crt /usr/local/share/ca-certificates/nstart.local.crt
 COPY apt/99ca /etc/apt/apt.conf.d/99ca
 COPY apt/ubuntu.sources /etc/apt/sources.list.d/ubuntu.sources
 COPY ca/nstart.local.crt /certificates/
 ENV USE_SYSTEM_CA_CERTS=1
 ENV GRADLE_USER_HOME=/etc/gradle
 COPY java/00-nstart-repos.gradle /etc/gradle/init.d/00-nstart-repos.gradle
@ -18,8 +12,7 @@ RUN <<EOF
    set -eux
    apt-get update
-    apt-get install -y --no-install-recommends maven ca-certificates
+    apt-get install -y --no-install-recommends maven
    update-ca-certificates
 EOF
--- a/Dockerfile.jre-rhel
+++ b/Dockerfile.jre-rhel
@ -1,11 +1,8 @@
-ARG BASE_REPO="repo.nstart.local/library/"
+ARG BASE_REPO="repo.nstart.cloud/library/"
 ARG BASE_TAG="25-jre-ubi10-minimal"
 FROM ${BASE_REPO}eclipse-temurin:${BASE_TAG}
 COPY rhel/ubi.repo /etc/yum.repos.d/
 COPY ca/nstart.local.crt /certificates/
 ENV USE_SYSTEM_CA_CERTS=1
 COPY java/maven.xml /etc/maven/settings.xml
--- a/Dockerfile.node-deb
+++ b/Dockerfile.node-deb
@ -1,11 +1,8 @@
-ARG BASE_REPO="repo.nstart.local/library/"
+ARG BASE_REPO="repo.nstart.cloud/library/"
 ARG BASE_TAG="25-trixie-slim"
 FROM ${BASE_REPO}node:${BASE_TAG}
 COPY --chmod=007 ca/nstart.local.crt /usr/local/share/ca-certificates/nstart.local.crt
 COPY apt/99ca /etc/apt/apt.conf.d/99ca
 COPY apt/debian.sources /etc/apt/sources.list.d/debian.sources
 COPY node/npmrc /usr/local/etc/npmrc
--- a/Dockerfile.python-deb
+++ b/Dockerfile.python-deb
@ -1,11 +1,8 @@
-ARG BASE_REPO="repo.nstart.local/library/"
+ARG BASE_REPO="repo.nstart.cloud/library/"
 ARG BASE_TAG="3.14-slim-trixie"
 FROM ${BASE_REPO}python:${BASE_TAG}
 COPY --chmod=007 ca/nstart.local.crt /usr/local/share/ca-certificates/nstart.local.crt
 COPY apt/99ca /etc/apt/apt.conf.d/99ca
 COPY apt/debian.sources /etc/apt/sources.list.d/debian.sources
 COPY python/pip.conf /etc/pip.conf
--- a/Dockerfile.ubuntu
+++ b/Dockerfile.ubuntu
@ -1,9 +1,6 @@
-ARG BASE_REPO="repo.nstart.local/library/"
+ARG BASE_REPO="repo.nstart.cloud/library/"
 ARG BASE_TAG="24.04"
 FROM ${BASE_REPO}ubuntu:${BASE_TAG}
 COPY --chmod=007 ca/nstart.local.crt /usr/local/share/ca-certificates/nstart.local.crt
 COPY apt/99ca /etc/apt/apt.conf.d/99ca
 COPY apt/ubuntu.sources /etc/apt/sources.list.d/ubuntu.sources
--- a/README.md
+++ b/README.md
@ -1,7 +1,7 @@
 # Базовые OCI-образы
-Набор базовых Docker-образов для внутренней инфраструктуры: с корпоративным CA
+Набор базовых Docker-образов для внутренней инфраструктуры: с настройками для
-и настройками для локальных зеркал репозиториев
+локальных зеркал репозиториев
 ## Собираемые образы
@ -41,8 +41,8 @@ docker bake all --push
 Переопределяемые переменные (`docker-bake.hcl`):
- `registry` (по умолчанию `repo.nstart.local`) - registry для публикации итоговых образов
+- `registry` (по умолчанию `repo.nstart.cloud`) - registry для публикации итоговых образов
- `base_repo` (по умолчанию `repo.nstart.local/library/`) - репозиторий базовых образов
+- `base_repo` (по умолчанию `repo.nstart.cloud/library/`) - репозиторий базовых образов
 Пример переопределения:
--- a/alpine/repositories
+++ b/alpine/repositories
@ -1,2 +1,2 @@
-https://repo.nstart.local/repository/alpine//v3.23/main
+https://repo.nstart.cloud/repository/alpine//v3.23/main
-https://repo.nstart.local/repository/alpine/v3.23/community
+https://repo.nstart.cloud/repository/alpine/v3.23/community
--- a/apt/99ca
+++ b/apt/99ca
@ -1,3 +0,0 @@
 Acquire::https::repo.nstart.local::Verify-Peer "true";
 Acquire::https::repo.nstart.local::Verify-Host "true";
 Acquire::https::repo.nstart.local::CaInfo "/usr/local/share/ca-certificates/nstart.local.crt";
--- a/apt/debian.sources
+++ b/apt/debian.sources
@ -1,11 +1,11 @@
 Types: deb
-URIs: https://repo.nstart.local/repository/apt-proxy/debian
+URIs: https://repo.nstart.cloud/repository/apt-proxy/debian
 Suites: trixie trixie-updates
 Components: main
 Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
 Types: deb
-URIs: https://repo.nstart.local/repository/apt-proxy/debian-security
+URIs: https://repo.nstart.cloud/repository/apt-proxy/debian-security
 Suites: trixie-security
 Components: main
 Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
--- a/apt/ubuntu.sources
+++ b/apt/ubuntu.sources
@ -1,5 +1,5 @@
 Types: deb
-URIs: https://repo.nstart.local/repository/apt-proxy/ubuntu
+URIs: https://repo.nstart.cloud/repository/apt-proxy/ubuntu
 Suites: noble noble-updates noble-backports noble-security
 Components: main restricted universe multiverse
 Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
--- a/ca/nstart.local.crt
+++ b/ca/nstart.local.crt
@ -1,21 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIDbTCCAlWgAwIBAgIUIjJbBQwjttGdplafh/xeEbpQsVEwDQYJKoZIhvcNAQEL
 BQAwRjEjMCEGA1UECgwa0JDQniDQndC+0LLRi9C5INCh0YLQsNGA0YIxHzAdBgNV
 BAMMFnNydmt3dHMwMS5uc3RhcnQubG9jYWwwHhcNMjUwOTAyMTM0NDQzWhcNMzcx
 MjE1MTM0NDQzWjBGMSMwIQYDVQQKDBrQkNCeINCd0L7QstGL0Lkg0KHRgtCw0YDR
 gjEfMB0GA1UEAwwWc3J2a3d0czAxLm5zdGFydC5sb2NhbDCCASIwDQYJKoZIhvcN
 AQEBBQADggEPADCCAQoCggEBAPHmRc1s3oYq9VJFZ0a6iCuXI4PtZt0fnrvmtL1x
 qZ2B2SefdWHMiGu7uZeN+n5hbefYxwLNG5uvoZGOObYfaHAmwNdEea6xKT15Q9+y
 yaV4i4zvTvyJhb/Q2Vldpc0h62DWSMRMTYFnfXuvaRFIYtUWe0xa92zNFi5/rCA3
 F0LhxJtJBe/52UgNHFaJ8xw4do38ihoLsM93UJrt86SkDj4XtvRP5wJBTDYdMUhg
 Uw1wgOjHNC5OSwnGLmvd2agI9DxfrFtts7C2m4TfpQRSEv1RBepuRRhsh2P/3edW
 9paegFxZQxoSuGzl47b+bFjZ1Qa+AYDWRa2d00IwBp4FK2UCAwEAAaNTMFEwHQYD
 VR0OBBYEFGxIHnoLch0XMz+Vq/OWbLSpxCVOMB8GA1UdIwQYMBaAFGxIHnoLch0X
 Mz+Vq/OWbLSpxCVOMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
 AGnFpgBBnXbXw2SgYeGSrKwe2Ash66MSzNFXZEuNoIjkS64ZymvysE7S9peezVCb
 u26p3DSPGVFXuXCe+trt1OnTTkOMHOYMrrWwjBkPlU/hjEUDmjhr11d/a6HfRC5i
 r/44xy1/i8F7yBVRYKTrHkC1pFs1hyabFB9C4PNBJ3eAnk3s5Ikh08lRQ5nD4Eoe
 5/Gz62znb09b2+/SobHRm8gufOXzd8AT9OWuyt6KgHIJ5Gc5F3tydXGDpxeWRtux
 0o7O1wGEbKAVcfKvx/2NgRUmEhASXjVsjiB56BBEHxRlZpV38BTjUBPryuRiz3Ze
 hneIyDjekpH7U7LogVpAkUg=
 -----END CERTIFICATE-----
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@ -1,9 +1,9 @@
 variable "registry" {
-  default = "repo.nstart.local"
+  default = "repo.nstart.cloud"
 }
 variable "base_repo" {
-  default = "repo.nstart.local/library/"
+  default = "repo.nstart.cloud/library/"
 }
 function "oci_labels" {
@ -13,8 +13,8 @@ function "oci_labels" {
    "org.opencontainers.image.vendor"      = "New Start",
    "org.opencontainers.image.authors"     = "Sychev Nikita <Sychev.NA@nstart.space>",
    "org.opencontainers.image.base.name"   = "${base_repo}${name}:${version}",
-    "org.opencontainers.image.title"       = "Base image for ${name} with custom CA and local repos",
+    "org.opencontainers.image.title"       = "Base image for ${name} with local repos",
-    "org.opencontainers.image.description" = "Slim base image for ${name} with internal CA and local package mirrors",
+    "org.opencontainers.image.description" = "Slim base image for ${name} with local package mirrors",
  }
 }
--- a/java/00-nstart-repos.gradle
+++ b/java/00-nstart-repos.gradle
@ -1,7 +1,7 @@
 allprojects {
  buildscript.repositories.clear()
-  buildscript.repositories.maven { url = uri("https://repo.nstart.local/repository/maven-proxy/") }
+  buildscript.repositories.maven { url = uri("https://repo.nstart.cloud/repository/maven-proxy/") }
  repositories.clear()
-  repositories.maven { url = uri("https://repo.nstart.local/repository/maven-proxy/") }
+  repositories.maven { url = uri("https://repo.nstart.cloud/repository/maven-proxy/") }
 }
--- a/java/maven.xml
+++ b/java/maven.xml
@ -161,7 +161,7 @@ under the License.
    <mirror>
      <id>nstart</id>
      <mirrorOf>*</mirrorOf>
-      <url>https://repo.nstart.local/repository/maven-proxy/</url>
+      <url>https://repo.nstart.cloud/repository/maven-proxy/</url>
    </mirror>
    <mirror>
--- a/node/npmrc
+++ b/node/npmrc
@ -1,4 +1,3 @@
-registry=https://repo.nstart.local/repository/npm-group/
+registry=https://repo.nstart.cloud/repository/npm-group/
 strict-ssl=true
 cafile=/usr/local/share/ca-certificates/nstart.local.crt
 min-release-age=7
--- a/python/pip.conf
+++ b/python/pip.conf
@ -1,4 +1,3 @@
 [global]
-index-url = https://repo.nstart.local/repository/pypi-group/simple
+index-url = https://repo.nstart.cloud/repository/pypi-group/simple
 cert = /usr/local/share/ca-certificates/nstart.local.crt
 disable-pip-version-check = true
--- a/rhel/ubi.repo
+++ b/rhel/ubi.repo
@ -1,71 +1,62 @@
 [ubi-10-baseos-rpms]
 name = Red Hat Universal Base Image 10 (RPMs) - BaseOS
-baseurl = https://repo.nstart.local/repository/ubi-redhat//content/public/ubi/dist/ubi10/10/$basearch/baseos/os
+baseurl = https://repo.nstart.cloud/repository/ubi-redhat//content/public/ubi/dist/ubi10/10/$basearch/baseos/os
 enabled = 1
 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
 gpgcheck = 1
 sslcacert=/certificates/nstart.local.crt
 [ubi-10-baseos-debug-rpms]
 name = Red Hat Universal Base Image 10 (Debug RPMs) - BaseOS
-baseurl = https://repo.nstart.local/repository/ubi-redhat//content/public/ubi/dist/ubi10/10/$basearch/baseos/debug
+baseurl = https://repo.nstart.cloud/repository/ubi-redhat//content/public/ubi/dist/ubi10/10/$basearch/baseos/debug
 enabled = 0
 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
 gpgcheck = 1
 sslcacert=/certificates/nstart.local.crt
 [ubi-10-baseos-source-rpms]
 name = Red Hat Universal Base Image 10 (Source RPMs) - BaseOS
-baseurl = https://repo.nstart.local/repository/ubi-redhat//content/public/ubi/dist/ubi10/10/$basearch/baseos/source/SRPMS
+baseurl = https://repo.nstart.cloud/repository/ubi-redhat//content/public/ubi/dist/ubi10/10/$basearch/baseos/source/SRPMS
 enabled = 0
 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
 gpgcheck = 1
 sslcacert=/certificates/nstart.local.crt
 [ubi-10-appstream-rpms]
 name = Red Hat Universal Base Image 10 (RPMs) - AppStream
-baseurl = https://repo.nstart.local/repository/ubi-redhat//content/public/ubi/dist/ubi10/10/$basearch/appstream/os
+baseurl = https://repo.nstart.cloud/repository/ubi-redhat//content/public/ubi/dist/ubi10/10/$basearch/appstream/os
 enabled = 1
 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
 gpgcheck = 1
 sslcacert=/certificates/nstart.local.crt
 [ubi-10-appstream-debug-rpms]
 name = Red Hat Universal Base Image 10 (Debug RPMs) - AppStream
-baseurl = https://repo.nstart.local/repository/ubi-redhat//content/public/ubi/dist/ubi10/10/$basearch/appstream/debug
+baseurl = https://repo.nstart.cloud/repository/ubi-redhat//content/public/ubi/dist/ubi10/10/$basearch/appstream/debug
 enabled = 0
 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
 gpgcheck = 1
 sslcacert=/certificates/nstart.local.crt
 [ubi-10-appstream-source-rpms]
 name = Red Hat Universal Base Image 10 (Source RPMs) - AppStream
-baseurl = https://repo.nstart.local/repository/ubi-redhat//content/public/ubi/dist/ubi10/10/$basearch/appstream/source/SRPMS
+baseurl = https://repo.nstart.cloud/repository/ubi-redhat//content/public/ubi/dist/ubi10/10/$basearch/appstream/source/SRPMS
 enabled = 0
 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
 gpgcheck = 1
 sslcacert=/certificates/nstart.local.crt
 [ubi-10-codeready-builder-rpms]
 name = Red Hat Universal Base Image 10 (RPMs) - CodeReady Builder
-baseurl = https://repo.nstart.local/repository/ubi-redhat//content/public/ubi/dist/ubi10/10/$basearch/codeready-builder/os
+baseurl = https://repo.nstart.cloud/repository/ubi-redhat//content/public/ubi/dist/ubi10/10/$basearch/codeready-builder/os
 enabled = 1
 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
 gpgcheck = 1
 sslcacert=/certificates/nstart.local.crt
 [ubi-10-codeready-builder-debug-rpms]
 name = Red Hat Universal Base Image 10 (Debug RPMs) - CodeReady Builder
-baseurl = https://repo.nstart.local/repository/ubi-redhat//content/public/ubi/dist/ubi10/10/$basearch/codeready-builder/debug
+baseurl = https://repo.nstart.cloud/repository/ubi-redhat//content/public/ubi/dist/ubi10/10/$basearch/codeready-builder/debug
 enabled = 0
 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
 gpgcheck = 1
 sslcacert=/certificates/nstart.local.crt
 [ubi-10-codeready-builder-source-rpms]
 name = Red Hat Universal Base Image 10 (Source RPMs) - CodeReady Builder
-baseurl = https://repo.nstart.local/repository/ubi-redhat//content/public/ubi/dist/ubi10/10/$basearch/codeready-builder/source/SRPMS
+baseurl = https://repo.nstart.cloud/repository/ubi-redhat//content/public/ubi/dist/ubi10/10/$basearch/codeready-builder/source/SRPMS
 enabled = 0
 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
 gpgcheck = 1
 sslcacert=/certificates/nstart.local.crt
`@ -1,2 +1,2 @@`
	`https://repo.nstart.local/repository/alpine//v3.23/main`	`https://repo.nstart.cloud/repository/alpine//v3.23/main`
	`https://repo.nstart.local/repository/alpine/v3.23/community`	`https://repo.nstart.cloud/repository/alpine/v3.23/community`