├── .gitignore
├── 1.0
    ├── root
    │   ├── opt
    │   │   └── app-root
    │   │   │   ├── .slynk.lisp
    │   │   │   ├── .bashrc
    │   │   │   ├── etc
    │   │   │       └── scl_enable
    │   │   │   ├── install.lisp
    │   │   │   └── quicklisp-mirror.patch
    │   └── usr
    │   │   └── bin
    │   │       └── cgroup-limits
    ├── s2i
    │   └── bin
    │   │   ├── usage
    │   │   ├── run
    │   │   └── assemble
    ├── s2i-lisp.json
    └── Dockerfile
├── Makefile
├── hack
    ├── common.mk
    ├── update-base.sh
    ├── update-quicklisp.sh
    ├── update-sbcl.sh
    └── build.sh
├── .travis.yml
├── lisp-image-streams.json
├── .github
    └── workflows
    │   └── build.yml
├── tekton
    └── s2i-lisp-task.yaml
├── .travis
    └── scan-container.sh
├── README.md
├── lisp-web-basic-s2i.json
└── LICENSE


/.gitignore:
--------------------------------------------------------------------------------
1 | *~
2 | Dockerfile.version
3 | .travis/microscanner
4 | Dockerfile.scan
5 | 


--------------------------------------------------------------------------------
/1.0/root/opt/app-root/.slynk.lisp:
--------------------------------------------------------------------------------
1 | (setf slynk:*use-dedicated-output-stream* nil)
2 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
1 | # Variables are documented in hack/build.sh.
2 | BASE_IMAGE_NAME = lisp
3 | VERSIONS = 1.0
4 | OPENSHIFT_NAMESPACES = 2.0
5 | 
6 | # Include common Makefile code.
7 | include hack/common.mk
8 | 


--------------------------------------------------------------------------------
/1.0/root/opt/app-root/.bashrc:
--------------------------------------------------------------------------------
1 | export PS1='\[\033[01;32m\]\t \h \W \$\[\033[00m\] '
2 | alias l='ls -CF'
3 | alias la='ls -A'
4 | alias ll='ls -alF'
5 | alias ls='ls --color=auto'
6 | [ -e /etc/profile.d/bash_completion.sh ] && source /etc/profile.d/bash_completion.sh
7 | 


--------------------------------------------------------------------------------
/1.0/root/opt/app-root/etc/scl_enable:
--------------------------------------------------------------------------------
1 | # IMPORTANT: Do not add more content to this file unless you know what you are
2 | #            doing. This file is sourced everytime the shell session is opened.
3 | #
4 | # This will make scl collection binaries work out of box.
5 | unset BASH_ENV PROMPT_COMMAND ENV
6 | source scl_source enable devtoolset-7
7 | umask 002
8 | 


--------------------------------------------------------------------------------
/1.0/s2i/bin/usage:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | DISTRO=`cat /etc/*-release | grep ^ID= | grep -Po '".*?"' | tr -d '"'`
 4 | 
 5 | cat <<EOF
 6 | This is a S2I lisp-1.0 ${DISTRO} base image:
 7 | To use it, install S2I: https://github.com/openshift/source-to-image
 8 | 
 9 | Sample invocation:
10 | 
11 | s2i build https://github.com/container-lisp/sample-lisp-app.git containerlisp/lisp-10-ubi9
12 | 
13 | You can then run the resulting image via:
14 | docker run -p 8080:8080 sample-lisp-app
15 | EOF
16 | 


--------------------------------------------------------------------------------
/hack/common.mk:
--------------------------------------------------------------------------------
 1 | SKIP_SQUASH?=1
 2 | 
 3 | build = hack/build.sh
 4 | 
 5 | OS = ubi9
 6 | 
 7 | script_env = \
 8 | 	SKIP_SQUASH=$(SKIP_SQUASH)                      \
 9 | 	UPDATE_BASE=$(UPDATE_BASE)                      \
10 | 	VERSIONS="$(VERSIONS)"                          \
11 | 	OS=$(OS)                                        \
12 | 	VERSION=$(VERSION)                              \
13 | 	BASE_IMAGE_NAME=$(BASE_IMAGE_NAME)              \
14 | 	OPENSHIFT_NAMESPACES="$(OPENSHIFT_NAMESPACES)"
15 | 
16 | .PHONY: build
17 | build:
18 | 	$(script_env) $(build)
19 | 
20 | .PHONY: test
21 | test:
22 | 	$(script_env) TAG_ON_SUCCESS=$(TAG_ON_SUCCESS) TEST_MODE=true $(build)
23 | 


--------------------------------------------------------------------------------
/1.0/s2i/bin/run:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | source cgroup-limits
 4 | 
 5 | DYNAMIC_SPACE_SIZE=${APP_MEM-$((MEMORY_LIMIT * 90 / 100))}
 6 | 
 7 | if [ -n "$APP_SCRIPT" ]; then
 8 |     PROJECT_PATH=./quicklisp/local-projects/${APP_SYSTEM_NAME}
 9 |     SBCL_OPTS=(
10 |         "${SBCL_OPTS[@]}"
11 |         --dynamic-space-size "${DYNAMIC_SPACE_SIZE}"
12 |         --lose-on-corruption
13 |         --disable-debugger
14 |         --load "${PROJECT_PATH}/$(eval echo ${APP_SCRIPT})"
15 |     )
16 | else
17 |     SBCL_OPTS=(
18 |         "${SBCL_OPTS[@]}"
19 |         --dynamic-space-size "${DYNAMIC_SPACE_SIZE}"
20 |         --lose-on-corruption
21 |         --disable-debugger
22 |         --eval "(ql:quickload :$(eval echo ${APP_SYSTEM_NAME}))"
23 |         --eval "$(eval echo ${APP_EVAL})"
24 |     )
25 | fi
26 | 
27 | 
28 | trap 'kill -TERM $PID' TERM
29 | sbcl "${SBCL_OPTS[@]}" &
30 | PID=$!
31 | wait $PID
32 | trap - TERM
33 | wait $PID
34 | exit $?
35 | 


--------------------------------------------------------------------------------
/hack/update-base.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -x
 3 | # Update the LISP_BASE_BUILD_DATE environment variable in order to
 4 | # trigger a rebuild of the image.  Trigger this when there are CVE
 5 | # errata from the base OS image to be applied.
 6 | 
 7 | die() {
 8 |     echo "$@"
 9 |     exit 1
10 | }
11 | 
12 | which grype &>/dev/null || die "This script requires grype."
13 | 
14 | echo "Scanning latest image for fixed vulnerabilities..."
15 | podman rmi quay.io/containerlisp/lisp-10-ubi9:latest > /dev/null
16 | VULNS=$(grype -q -o table --only-fixed quay.io/containerlisp/lisp-10-ubi9:latest | grep -i rpm | grep -v suppressed | awk '{printf("%25s\t%s\n", $1, $5)}')
17 | 
18 | if ! test -z "$VULNS"; then
19 |     LISP_BASE_BUILD_DATE=$(date)
20 |     sed -i "s/LISP_BASE_BUILD_DATE=.*/LISP_BASE_BUILD_DATE=\"$LISP_BASE_BUILD_DATE\"/g" ../1.0/Dockerfile
21 |     echo "Adding git commit"
22 |     git add ../1.0/Dockerfile && git commit -m "Fix vulnerabilities in the base image.
23 | 
24 | $VULNS"
25 | else
26 |     echo "Nothing to do"
27 | fi
28 | 


--------------------------------------------------------------------------------
/1.0/root/opt/app-root/install.lisp:
--------------------------------------------------------------------------------
 1 | (defvar *dist-url* "http://beta.quicklisp.org/dist/quicklisp/2023-10-21/distinfo.txt")
 2 | 
 3 | (load "quicklisp.lisp")
 4 | 
 5 | (quicklisp-quickstart:install :path "/opt/app-root/quicklisp/" :dist-url *dist-url*)
 6 | 
 7 | (format t "Patching quicklisp to automatically use a local quicklisp mirror...~%")
 8 | (uiop:run-program "patch -p0 < quicklisp-mirror.patch" :output *standard-output*)
 9 | 
10 | ;; Pre-load/compile slynk and swank
11 | (ql:quickload :swank)
12 | (ql:quickload :slynk)
13 | 
14 | (with-open-file (out "/opt/app-root/.sbclrc" :direction :output)
15 |   (format out "
16 |   (setf sb-ext:*exit-timeout* 15)
17 |   (load \"/opt/app-root/quicklisp\/setup.lisp\")
18 |   (let ((backend (sb-ext:posix-getenv \"DEV_BACKEND\"))
19 |         (backend-port (sb-ext:posix-getenv \"DEV_BACKEND_PORT\")))
20 |     (setq backend-port
21 |           (if backend-port
22 |               (parse-integer (remove #\\\" backend-port))
23 |               4005))
24 |     (when backend
25 |       (ql:quickload backend)
26 |       (setq backend (string-upcase backend))
27 |       (funcall (find-symbol \"CREATE-SERVER\" (find-package backend))
28 |                :port backend-port :interface \"0.0.0.0\" :dont-close t)))~%"))
29 | 


--------------------------------------------------------------------------------
/1.0/root/opt/app-root/quicklisp-mirror.patch:
--------------------------------------------------------------------------------
 1 | --- quicklisp/quicklisp/http.lisp.orig	2019-01-26 04:59:20.377982385 -0500
 2 | +++ quicklisp/quicklisp/http.lisp	2019-01-26 05:00:57.778004324 -0500
 3 | @@ -809,6 +809,26 @@
 4 |                (maximum-redirects *maximum-redirects*))
 5 |    "default scheme-function for http protocol."
 6 |    (setf url (merge-urls url *default-url-defaults*))
 7 | +
 8 | +  ;; --- container-lisp local hack ----------------------------------------
 9 | +  ;;
10 | +  ;; We want to use a local quicklisp mirror if one is deployed in the
11 | +  ;; current OpenShift project.  Test whether we can do this by
12 | +  ;; performing a DNS check for "quicklisp-mirror" (FQDN is
13 | +  ;; "quicklisp-mirror.PROJECT.svc.cluster.local").  quicklisp-mirror
14 | +  ;; always talks on port 8080.
15 | +  
16 | +  (if (string= (hostname url) "beta.quicklisp.org")
17 | +      (setf (hostname url)
18 | +	    (handler-case
19 | +		(progn
20 | +		  (sb-bsd-sockets:get-host-by-name "quicklisp-mirror")
21 | +		  (setf (port url) 8080)
22 | +		  "quicklisp-mirror")
23 | +	      (sb-bsd-sockets:host-not-found-error ()
24 | +		"beta.quicklisp.org"))))
25 | +  ;; ----------------------------------------------------------------------
26 | +
27 |    (setf file (merge-pathnames file))
28 |    (let ((redirect-count 0)
29 |          (original-url url)
30 | 


--------------------------------------------------------------------------------
/hack/update-quicklisp.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Update URL to point to the up-to-date quicklisp dist in the
 4 | # install.lisp file and commit the changes to the repository. This
 5 | # script checks the quicklisp website to fetch the latest quicklisp
 6 | # dist URL.
 7 | 
 8 | INSTALL=../1.0/root/opt/app-root/install.lisp
 9 | QL="http://beta.quicklisp.org/dist/quicklisp.txt"
10 | 
11 | die() {
12 |     echo "$@"
13 |     exit 1
14 | }
15 | 
16 | which wget &>/dev/null || die "This script requires wget."
17 | 
18 | [ -f "$INSTALL" ] || die "File $INSTALL does not exist."
19 | 
20 | URL_OLD=$(grep "defvar \*dist-url\*" "$INSTALL" | \
21 |             perl -n -e 'm!(https?://.*/distinfo.txt)!; print "$1"')
22 | [ -n "$URL_OLD" ] || die "Could not determine current ql-dist version in ${INSTALL}!"
23 | 
24 | URL_NEW=$(wget -O - -q "$QL" | grep ^canonical-distinfo-url: | awk '{print $2}')
25 | [ -n "$URL_NEW" ] || die "Could not determine up-to-date quicklisp dist from ${QL}!"
26 | 
27 | VERSION=$(echo "$URL_NEW" | perl -ne 'm/(\d{4}-\d{2}-\d{2})/; print "$1"')
28 | [ -n "$VERSION" ] || die "Could not determine version string from URL ${URL_NEW}!"
29 | 
30 | if [ "$URL_OLD" == "$URL_NEW" ]; then
31 |     echo "Quicklisp dist is up-to-date ($URL_NEW)."
32 |     exit 0
33 | fi
34 | 
35 | echo "Replacing $URL_OLD with $URL_NEW in $INSTALL..."
36 | sed -i -e "s!${URL_OLD}!${URL_NEW}!" "$INSTALL" || \
37 |     die "Error updating quicklisp dist URL."
38 | 
39 | git add "$INSTALL" && git commit -m "Bump quicklisp dist version to $VERSION"
40 | 


--------------------------------------------------------------------------------
/1.0/s2i/bin/assemble:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | source cgroup-limits
 6 | 
 7 | DYNAMIC_SPACE_SIZE=${APP_MEM-$((MEMORY_LIMIT * 90 / 100))}
 8 | 
 9 | SBCL_OPTS=(
10 |     --dynamic-space-size "${DYNAMIC_SPACE_SIZE}"
11 |     --disable-debugger
12 | )
13 | 
14 | echo "---> Installing application source ..."
15 | whoami
16 | PROJECT_PATH=./quicklisp/local-projects/${APP_SYSTEM_NAME}
17 | 
18 | mkdir -vp "${PROJECT_PATH}"
19 | cp -Rf /tmp/src/. "${PROJECT_PATH}"
20 | 
21 | # Move local projects into the quicklisp local-projects dir
22 | find "${PROJECT_PATH}"
23 | if [ -d "${PROJECT_PATH}/local-projects" ]; then
24 |     if ! [ -z "$(ls -A ${PROJECT_PATH}/local-projects)" ]; then
25 |         echo "   > setting up local projects $(ls -A ${PROJECT_PATH}/local-projects)"
26 | 	mv ${PROJECT_PATH}/local-projects/* ./quicklisp/local-projects
27 |     else
28 |         echo "   > no local projects"
29 |     fi
30 | else
31 |     echo "   > no local-projects dir"
32 | fi
33 | 
34 | echo "---> Building your Common Lisp application from source ..."
35 | if [ -n "${APP_BUILD_SCRIPT}" ]; then
36 |     SBCL_OPTS=(
37 |         "${SBCL_OPTS[@]}"
38 |         --load "${PROJECT_PATH}/$(eval echo ${APP_BUILD_SCRIPT})"
39 |     )
40 | else
41 |     SBCL_OPTS=(
42 |         "${SBCL_OPTS[@]}"
43 |         --eval "(ql:quickload :$(eval echo ${APP_SYSTEM_NAME}))"
44 |         --eval "(quit)"
45 |     )
46 | fi
47 | 
48 | echo sbcl "${SBCL_OPTS[@]}"
49 | sbcl "${SBCL_OPTS[@]}"
50 | 
51 | chown -R 1001 ./quicklisp
52 | find /opt/app-root/.cache/common-lisp/ -type d | xargs -n1 chmod 775
53 | 


--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
 1 | sudo: required
 2 | 
 3 | language: c
 4 | 
 5 | env:
 6 |   global:
 7 |      - COMMIT=${TRAVIS_COMMIT::7}
 8 |      - DREPO=containerlisp/lisp-10-ubi9
 9 |      - QREPO=quay.io/containerlisp/lisp-10-ubi9
10 |      - RLGL_POLICY=https://github.com/container-lisp/rlgl-policy.git
11 | 
12 | services:
13 |   - docker
14 | 
15 | before_install:
16 |   - make
17 |   - travis_wait 59 sleep infinity &
18 |   - # ./.travis/scan-container.sh
19 | 
20 | script:
21 | - ls
22 | 
23 | after_success:
24 |   - if [ "$TRAVIS_BRANCH" == "master" ]; then
25 |       echo Logging in, tagging and pushing;
26 |       docker login -u="$DOCKER_USERNAME" -p="$DOCKER_PASSWORD" quay.io;
27 |       QLTAG=$(date -d $(grep http://beta.quicklisp.org 1.0/root/opt/app-root/install.lisp | awk -F'/' '{ print $6 }') +%Y%m%d);
28 |       # Push to Docker Hub
29 |       docker tag $DREPO:latest $DREPO:$QLTAG;
30 |       docker tag $DREPO:latest $DREPO:$QLTAG.$TRAVIS_BUILD_NUMBER;
31 |       docker tag $DREPO:latest $DREPO:$COMMIT;
32 |       docker push $DREPO:latest;
33 |       docker push $DREPO:$QLTAG;
34 |       docker push $DREPO:$QLTAG.$TRAVIS_BUILD_NUMBER;
35 |       docker push $DREPO:$COMMIT;
36 |       # Push to Quay
37 |       docker tag $DREPO:latest $QREPO:$QLTAG;
38 |       docker tag $DREPO:latest $QREPO:$QLTAG.$TRAVIS_BUILD_NUMBER;
39 |       docker tag $DREPO:latest $QREPO:$COMMIT;
40 |       docker push $QREPO:latest;
41 |       docker push $QREPO:$QLTAG;
42 |       docker push $QREPO:$QLTAG.$TRAVIS_BUILD_NUMBER;
43 |       docker push $QREPO:$COMMIT;
44 |     fi
45 |   - echo All done.
46 | 


--------------------------------------------------------------------------------
/1.0/root/usr/bin/cgroup-limits:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | #
 3 | # Script for parsing cgroup information
 4 | #
 5 | # This script will read some limits from the cgroup system and parse
 6 | # them, printing out "VARIABLE=VALUE" on each line for every limit that is
 7 | # successfully read. Output of this script can be directly fed into
 8 | # bash's export command. Recommended usage from a bash script:
 9 | #
10 | #     source cgroup-limits
11 | #
12 | # Variables currently supported:
13 | #     MEMORY_LIMIT_IN_BYTES
14 | #         Maximum amount of user memory in bytes. The value is taken from
15 | #         /sys/fs/cgroup/memory/memory.limit_in_bytes
16 | #
17 | #         Fallback: physical memory (arbitary high value)
18 | #     CPU_CORES
19 | #         Number of detected CPU cores that can be used. This value is taken from
20 | #          `grep -c ^processor /proc/cpuinfo`
21 | 
22 | PHYSICAL_MEMORY_LIMIT_IN_BYTES=$(free -b | awk 'NR==2{print$2}')
23 | if [ -f /sys/fs/cgroup/memory/memory.limit_in_bytes ]; then
24 |     export MEMORY_LIMIT_IN_BYTES=$(cat /sys/fs/cgroup/memory/memory.limit_in_bytes)
25 | 
26 |     # Fall back to physical memory limit if cgroups returns arbitary value
27 |     if (($MEMORY_LIMIT_IN_BYTES >= $PHYSICAL_MEMORY_LIMIT_IN_BYTES)); then
28 |         MEMORY_LIMIT_IN_BYTES=$PHYSICAL_MEMORY_LIMIT_IN_BYTES
29 |     fi
30 | else
31 |     export MEMORY_LIMIT_IN_BYTES=$PHYSICAL_MEMORY_LIMIT_IN_BYTES
32 | fi
33 | # Set a memory limit in MB
34 | export MEMORY_LIMIT=$((MEMORY_LIMIT_IN_BYTES/1024/1024))
35 | 
36 | # CPU Count
37 | export CPU_CORES=$(grep -c ^processor /proc/cpuinfo)
38 | 


--------------------------------------------------------------------------------
/lisp-image-streams.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "kind": "List",
 3 |     "apiVersion": "v1",
 4 |     "metadata": {
 5 |         "name": "lisp-image-streams",
 6 |         "annotations": {
 7 |             "description": "ImageStream definitions for Commons Lisp app foundations.",
 8 |             "openshift.io/provider-display-name": "The container-lisp hackers"
 9 |         }
10 |     },
11 |     "items": [
12 |         {
13 |             "kind": "ImageStream",
14 |             "apiVersion": "v1",
15 |             "metadata": {
16 |                 "name": "s2i-lisp",
17 |                 "annotations": {
18 |                     "openshift.io/display-name": "SBCL",
19 |                     "openshift.io/provider-display-name": "The container-lisp hackers"
20 |                 }
21 |             },
22 |             "spec": {
23 |                 "tags": [
24 |                     {
25 |                         "name": "latest",
26 |                         "annotations": {
27 |                             "openshift.io/display-name": "SBCL",
28 |                             "description": "Build and run Common Lisp applications using Quicklisp and SBCL.",
29 |                             "iconClass": "icon-rh-openjdk",
30 |                             "tags": "builder,lisp,commonlisp,hidden",
31 |                             "supports": "commonlisp",
32 |                             "sampleRepo": "https://github.com/container-lisp/sample-lisp-app",
33 |                             "sampleContextDir": "",
34 |                             "version": "latest"
35 |                         },
36 |                         "from": {
37 |                             "kind": "DockerImage",
38 |                             "name": "containerlisp/s2i-lisp"
39 |                         }
40 |                     }
41 |                 ]
42 |             }
43 |         }
44 |     ]
45 | }
46 | 


--------------------------------------------------------------------------------
/.github/workflows/build.yml:
--------------------------------------------------------------------------------
 1 | name: CI
 2 | 
 3 | # Controls when the action will run.
 4 | on:
 5 |   # Triggers the workflow on push or pull request events but only for the master branch
 6 |   push:
 7 |     branches: [ master ]
 8 |   pull_request:
 9 |     branches: [ master ]
10 | 
11 |   # Allows you to run this workflow manually from the Actions tab
12 |   workflow_dispatch:
13 | 
14 | # A workflow run is made up of one or more jobs that can run sequentially or in parallel
15 | jobs:
16 |   build:
17 |     name: Build image
18 |     runs-on: ubuntu-latest
19 |     steps:
20 |     - uses: actions/checkout@v2
21 | 
22 |     - name: Get quicklisp version
23 |       id: date
24 |       run: echo "::set-output name=date::$(date -d $(grep http://beta.quicklisp.org 1.0/root/opt/app-root/install.lisp | awk -F'/' '{ print $6 }') +%Y%m%d)"
25 | 
26 |     - name: Get short git commit hash
27 |       id: hash
28 |       run: echo "::set-output name=hash::${GITHUB_SHA::7}"
29 | 
30 |     - name: Get run number
31 |       id: run
32 |       run: echo "::set-output name=run::${GITHUB_RUN_NUMBER}"
33 | 
34 |     - name: Buildah Action
35 |       id: build-image
36 |       uses: redhat-actions/buildah-build@v2
37 |       with:
38 |         context: "1.0"
39 |         image: lisp-10-ubi9
40 |         tags: latest ${{ steps.hash.outputs.hash }} ${{ steps.date.outputs.date }} ${{ steps.date.outputs.date }}.${{ steps.run.outputs.run }}
41 |         dockerfiles: |
42 |           1.0/Dockerfile
43 |         build-args: |
44 | 
45 |     - name: Push To quay.io
46 |       id: push-to-quay
47 |       uses: redhat-actions/push-to-registry@v2
48 |       with:
49 |         image: ${{ steps.build-image.outputs.image }}
50 |         tags: ${{ steps.build-image.outputs.tags }}
51 |         registry: quay.io/containerlisp
52 |         username: ${{ secrets.QUAY_USERNAME }}
53 |         password: ${{ secrets.QUAY_PASSWORD }}
54 | 
55 |     - name: Print image url
56 |       run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}"
57 | 


--------------------------------------------------------------------------------
/hack/update-sbcl.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Find up-to-date SBCL version for x86-64 linux on sbcl.org and update
 4 | # Dockerfiles if necessary. It will check for the existence of the new
 5 | # remote file and add a git commit. Run the script from the path it
 6 | # resides in, or change FILES appropriately.
 7 | 
 8 | die() {
 9 |     echo "$@"
10 |     exit 1
11 | }
12 | 
13 | FILES=( ../1.0/Dockerfile )
14 | 
15 | which wget &>/dev/null || die "This script requires wget."
16 | 
17 | V_NEW=$(wget -q -O - "http://sbcl.org/platform-table.html" | \
18 |             grep "tar.bz2?download" | head -1 | \
19 |             perl -n -e 'm/sbcl-(\d+\.\d+\.\d+)-source.tar.bz2/; print "$1"' )
20 | [ -n "$V_NEW" ] || die "Could not find new sbcl version on sbcl.org."
21 | 
22 | CHANGED=n
23 | 
24 | update_file() {
25 |     local file="$1"
26 |     local v_old=$(grep SBCL_VERSION= "$file" | \
27 |                       perl -n -e 'm/=(\d+\.\d+\.\d+)/; print "$1"')
28 |     [ -n "$v_old" ] || die "Could not find old sbcl version in $file!"
29 | 
30 |     if [ "$v_old" == "$V_NEW" ]; then
31 |         echo "SBCL as specified in $file is already up-to-date."
32 |         return 0
33 |     fi
34 |     CHANGED=y
35 | 
36 |     echo "Updating SBCL_VERSION in $file from $v_old to $V_NEW"
37 |     sed -i -e "s/SBCL_VERSION=$v_old/SBCL_VERSION=$V_NEW/g" "$file" || \
38 |         die "Error replacing version strings, please check manually!"
39 | 
40 |     DL_LINK=$(grep --only-matching "https://.*/sbcl-.*.tar.bz2" "$file" | \
41 |            sed -e "s/\${SBCL_VERSION}/$V_NEW/g")
42 |     echo "Checking for remote file existence at $DL_LINK..."
43 |     wget -nv --method HEAD "$DL_LINK" || die "Failed to confirm remote file existence."
44 | }
45 | 
46 | for f in "${FILES[@]}"; do
47 |     echo "Updating file $f"
48 |     update_file "$f"
49 | done
50 | 
51 | if [ $CHANGED == y ]; then
52 |     echo "Adding git commit"
53 |     git add "${FILES[@]}" && git commit -m "Update SBCL to $V_NEW"
54 | else
55 |     echo "All files already up-to-date."
56 | fi
57 | 


--------------------------------------------------------------------------------
/1.0/s2i-lisp.json:
--------------------------------------------------------------------------------
 1 | {
 2 |    "kind": "List",
 3 |    "apiVersion": "v1",
 4 |    "metadata": {
 5 |       "name": "s2i-lisp"
 6 |    },
 7 |    "items": [
 8 |       {
 9 |         "kind": "BuildConfig",
10 |         "apiVersion": "v1",
11 |         "metadata":{
12 |           "name": "lisp-ubi9-build"
13 |         },
14 |         "spec": {
15 |           "triggers": [
16 |              {
17 |                 "type": "GitHub",
18 |                 "github": {
19 |                    "secret": "secret101"
20 |                 }
21 |              },
22 |              {
23 |                 "type": "ImageChange",
24 |                 "imageChange": {}
25 |              }
26 |           ],
27 |           "source" : {
28 |             "type" : "Git",
29 |             "git" : {
30 |               "uri": "git://github.com/container-lisp/s2i-lisp.git"
31 |             },
32 |             "contextDir": "1.0"
33 |           },
34 |           "strategy": {
35 |             "type": "Docker",
36 |             "dockerStrategy": {
37 |               "env": [
38 |                 {
39 |                   "name": "IMAGE_NAME",
40 |                   "value": "openshift/lisp-ubi9"
41 |                 }],
42 |               "from": {
43 |                  "kind": "ImageStreamTag",
44 |                  "name": "swarm-ubi9:latest"
45 |               }
46 |             }
47 |           },
48 |           "output": {
49 |             "to": {
50 |               "kind": "ImageStreamTag",
51 |               "name": "lisp-ubi9:latest"
52 |             }
53 |           }
54 |         }
55 |       },
56 |     {
57 |       "kind": "ImageStream",
58 |       "apiVersion": "v1",
59 |       "metadata": {
60 |         "name": "lisp-ubi9"
61 |       },
62 |       "spec": {
63 |           "dockerImageRepository": "",
64 |           "tags": [
65 |              {
66 |                 "name": "latest",
67 |                 "annotations": {
68 |                    "description": "Common Lisp S2I image",
69 |                    "iconClass": "icon-lisp",
70 |                    "tags": "builder,lisp",
71 |                    "supports": "lisp:1",
72 |                    "version": "1.0"
73 |                 }
74 |              }
75 |           ]
76 |        }
77 |     }
78 |   ]
79 | }
80 | 


--------------------------------------------------------------------------------
/tekton/s2i-lisp-task.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: tekton.dev/v1alpha1
 2 | kind: Task
 3 | metadata:
 4 |   name: s2i-lisp
 5 | spec:
 6 |   inputs:
 7 |     resources:
 8 |       - name: source
 9 |         type: git
10 |     params:
11 |       - name: PATH_CONTEXT
12 |         description: The location of the path to run s2i from.
13 |         default: .
14 |       - name: TLSVERIFY
15 |         description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)
16 |         default: "true"
17 |   outputs:
18 |     resources:
19 |       - name: image
20 |         type: image
21 |   steps:
22 |     - name: generate
23 |       image: quay.io/openshift-pipeline/s2i
24 |       workingdir: /workspace/source
25 |       command: ['s2i', 'build', '$(inputs.params.PATH_CONTEXT)', 'quay.io/containerlisp/lisp-10-ubi9', '--as-dockerfile', '/gen-source/Dockerfile.gen']
26 |       volumeMounts:
27 |         - name: gen-source
28 |           mountPath: /gen-source
29 |       resources:
30 |         limits:
31 |           cpu: 500m
32 |           memory: 1Gi
33 |         requests:
34 |           cpu: 500m
35 |           memory: 1Gi
36 |     - name: build
37 |       image: quay.io/buildah/stable
38 |       workingdir: /gen-source
39 |       command: ['buildah', 'bud', '--tls-verify=$(inputs.params.TLSVERIFY)', '--layers', '-f', '/gen-source/Dockerfile.gen', '-t', '$(outputs.resources.image.url)', '.']
40 |       volumeMounts:
41 |         - name: varlibcontainers
42 |           mountPath: /var/lib/containers
43 |         - name: gen-source
44 |           mountPath: /gen-source
45 |       resources:
46 |         limits:
47 |           cpu: 500m
48 |           memory: 1Gi
49 |         requests:
50 |           cpu: 500m
51 |           memory: 1Gi
52 |       securityContext:
53 |         privileged: true
54 |     - name: push
55 |       image: quay.io/buildah/stable
56 |       command: ['buildah', 'push', '--tls-verify=$(inputs.params.TLSVERIFY)', '$(outputs.resources.image.url)', 'docker://$(outputs.resources.image.url)']
57 |       volumeMounts:
58 |         - name: varlibcontainers
59 |           mountPath: /var/lib/containers
60 |       resources:
61 |         limits:
62 |           cpu: 500m
63 |           memory: 1Gi
64 |         requests:
65 |           cpu: 500m
66 |           memory: 1Gi
67 |       securityContext:
68 |         privileged: true
69 |   volumes:
70 |     - name: varlibcontainers
71 |       emptyDir: {}
72 |     - name: gen-source
73 |       emptyDir: {}
74 | 


--------------------------------------------------------------------------------
/1.0/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM registry.access.redhat.com/ubi9/s2i-core
 2 | 
 3 | # This image provides a Common Lisp environment based on QuickLisp and
 4 | # that you can use to run your Common Lisp applications.
 5 | 
 6 | MAINTAINER The container-lisp hackers @ github.com/container-lisp
 7 | 
 8 | EXPOSE 8080
 9 | 
10 | LABEL io.k8s.description="Platform for building and running Common Lisp applications" \
11 |       io.k8s.display-name="Common Lisp" \
12 |       io.openshift.expose-services="8080:http" \
13 |       io.openshift.tags="builder,cl,lisp,sbcl" \
14 |       io.openshift.s2i.scripts-url=image://$STI_SCRIPTS_PATH
15 | 
16 | # Copy the S2I scripts from the specific language image to $STI_SCRIPTS_PATH
17 | COPY ./s2i/bin/ $STI_SCRIPTS_PATH
18 | 
19 | ENV HOME=/opt/app-root \
20 |     LC_ALL=C.utf8 \
21 |     LANG=C.utf8 \
22 |     LANGUAGE=C.utf8 \
23 |     LISP_VERSION=1.0 \
24 |     SBCL_VERSION=2.4.4 \
25 |     LIBEV_VERSION=4.33 \
26 |     LIBSSH2_VERSION=1.11.0 \
27 |     LISP_BASE_BUILD_DATE="Thu 16 Mar 2023 07:49:06 AM EDT"
28 | 
29 | RUN rm /etc/rhsm-host && \
30 |     yum install -y \
31 |         bzip2 git make patch automake autoconf libtool gcc gcc-c++ libuv openssl-devel && \
32 |     yum update -y && \
33 |     yum clean -y all && \
34 |     locale -a && \
35 |     gcc --version
36 | 
37 | WORKDIR $HOME
38 | COPY ./root/ /
39 | 
40 | # Build libev from source since it is not available in ubi9-base nor ubi9-app-stream repos
41 | RUN curl -O "http://dist.schmorp.de/libev/Attic/libev-${LIBEV_VERSION}.tar.gz" && \
42 |     tar xvf libev-${LIBEV_VERSION}.tar.gz && \
43 |     cd libev-${LIBEV_VERSION} && \
44 |     chmod +x autogen.sh && \
45 |     ./autogen.sh && \
46 |     ./configure --prefix=/usr && \
47 |     make && \
48 |     make install && \
49 |     cd "$HOME" && \
50 |     rm -rf libev*
51 | 
52 | # Build libssh2 from source since it is not available in ubi9-base nor ubi9-app-stream repos
53 | RUN curl -O "https://libssh2.org/download/libssh2-${LIBSSH2_VERSION}.tar.bz2" && \
54 |     tar xvf libssh2-${LIBSSH2_VERSION}.tar.bz2 && \
55 |     cd libssh2-${LIBSSH2_VERSION} && \
56 |     ./configure --prefix=/usr --with-crypto=openssl && \
57 |     make && \
58 |     make install && \
59 |     cd "$HOME" && \
60 |     rm -rf libssh2* && \
61 |     mkdir -p /opt/app-root/.ssh && \
62 |     dnf remove -y openssl-devel && ls -la /opt/app-root
63 | 
64 | RUN curl -L -O "https://downloads.sourceforge.net/project/sbcl/sbcl/${SBCL_VERSION}/sbcl-${SBCL_VERSION}-x86-64-linux-binary.tar.bz2" && \
65 |     curl -L -O https://beta.quicklisp.org/quicklisp.lisp && \
66 |     tar -xvf sbcl-${SBCL_VERSION}-x86-64-linux-binary.tar.bz2 && \
67 |     cd sbcl-${SBCL_VERSION}-x86-64-linux && \
68 |     ./install.sh && \
69 |     cd .. && \
70 |     rm -rf sbcl-${SBCL_VERSION}-x86-64-linux-binary.tar.bz2 \
71 |        sbcl-${SBCL_VERSION}-x86-64-linux && \
72 |     git clone --depth 1 https://github.com/joaotavora/sly-quicklisp.git && \
73 |     mv sly-quicklisp common-lisp && \
74 |     sbcl --non-interactive --disable-debugger --load install.lisp
75 | 
76 | RUN usermod -d ${HOME} default && \
77 |     chown -R 1001:0 ${HOME} && \
78 |     chmod -R g+rwX,o= ${HOME}
79 | 
80 | USER 1001
81 | 
82 | RUN touch /opt/app-root/.ssh/trivial_ssh_hosts
83 | 
84 | # Set the default CMD to print the usage of the language image
85 | CMD $STI_SCRIPTS_PATH/usage
86 | 


--------------------------------------------------------------------------------
/hack/build.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash -e
 2 | # This script is used to build, test and squash the OpenShift Docker images.
 3 | #
 4 | # Name of resulting image will be: 'NAMESPACE/BASE_IMAGE_NAME-VERSION-OS'.
 5 | #
 6 | # BASE_IMAGE_NAME - Usually name of the main component within container.
 7 | # OS - Specifies distribution - "ubi9"
 8 | # VERSION - Specifies the image version - (must match with subdirectory in repo)
 9 | # TEST_MODE - If set, build a candidate image and test it
10 | # TAG_ON_SUCCESS - If set, tested image will be re-tagged as a non-candidate
11 | #       image, if the tests pass.
12 | # VERSIONS - Must be set to a list with possible versions (subdirectories)
13 | # OPENSHIFT_NAMESPACES - Which of available versions (subdirectories) should be
14 | #       put into openshift/ namespace.
15 | 
16 | OS=${1-$OS}
17 | VERSION=${2-$VERSION}
18 | 
19 | DOCKERFILE_PATH=""
20 | 
21 | test -z "$BASE_IMAGE_NAME" && {
22 |   BASE_DIR_NAME=$(echo $(basename `pwd`) | sed -e 's/-[0-9]*$//g')
23 |   BASE_IMAGE_NAME="${BASE_DIR_NAME#s2i-}"
24 | }
25 | 
26 | NAMESPACE="openshift/"
27 | 
28 | # Cleanup the temporary Dockerfile created by docker build with version
29 | trap "rm -f ${DOCKERFILE_PATH}.version" SIGINT SIGQUIT EXIT
30 | 
31 | # Perform docker build but append the LABEL with GIT commit id at the end
32 | function docker_build_with_version {
33 |   local dockerfile="$1"
34 |   # Use perl here to make this compatible with OSX
35 |   DOCKERFILE_PATH=$(perl -MCwd -e 'print Cwd::abs_path shift' $dockerfile)
36 |   cp ${DOCKERFILE_PATH} "${DOCKERFILE_PATH}.version"
37 |   git_version=$(git rev-parse HEAD)
38 |   echo "LABEL io.openshift.builder-version=\"${git_version}\"" >> "${dockerfile}.version"
39 |   if [[ "${UPDATE_BASE}" == "1" ]]; then
40 |     BUILD_OPTIONS+=" --pull=true"
41 |   fi
42 |   docker build ${BUILD_OPTIONS} -t ${IMAGE_NAME} -f "${dockerfile}.version" .
43 |   if [[ "${SKIP_SQUASH}" != "1" ]]; then
44 |     squash "${dockerfile}.version"
45 |   fi
46 |   rm -f "${DOCKERFILE_PATH}.version"
47 | }
48 | 
49 | # Install the docker squashing tool[1] and squash the result image
50 | # [1] https://github.com/goldmann/docker-squash
51 | function squash {
52 |   # FIXME: We have to use the exact versions here to avoid Docker client
53 |   #        compatibility issues
54 |   easy_install -q --user docker_py==1.7.2 docker-squash==1.0.1
55 |   base=$(awk '/^FROM/{print $2}' $1)
56 |   ${HOME}/.local/bin/docker-squash -f $base ${IMAGE_NAME}
57 | }
58 | 
59 | # Versions are stored in subdirectories. You can specify VERSION variable
60 | # to build just one single version. By default we build all versions
61 | dirs=${VERSION:-$VERSIONS}
62 | 
63 | for dir in ${dirs}; do
64 |   case " $OPENSHIFT_NAMESPACES " in
65 |     *\ ${dir}\ *) ;;
66 |     *) NAMESPACE="containerlisp/"
67 |   esac
68 | 
69 |   IMAGE_NAME="${NAMESPACE}${BASE_IMAGE_NAME}-${dir//./}-${OS}"
70 | 
71 |   if [[ -v TEST_MODE ]]; then
72 |     IMAGE_NAME+="-candidate"
73 |   fi
74 | 
75 |   echo "-> Building ${IMAGE_NAME} ..."
76 | 
77 |   pushd ${dir} > /dev/null
78 |   docker_build_with_version Dockerfile
79 | 
80 |   if [[ -v TEST_MODE ]]; then
81 |     IMAGE_NAME=${IMAGE_NAME} test/run
82 | 
83 |     if [[ $? -eq 0 ]] && [[ "${TAG_ON_SUCCESS}" == "true" ]]; then
84 |       echo "-> Re-tagging ${IMAGE_NAME} image to ${IMAGE_NAME%"-candidate"}"
85 |       docker tag -f $IMAGE_NAME ${IMAGE_NAME%"-candidate"}
86 |     fi
87 |   fi
88 | 
89 |   popd > /dev/null
90 | done
91 | 


--------------------------------------------------------------------------------
/.travis/scan-container.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | # -----------------------------------------------------------------------------
  4 | # Copyright 2019, 2020  Anthony Green
  5 | # 
  6 | # Licensed under the Apache License, Version 2.0 (the "License"); you
  7 | # may not use this file except in compliance with the License. You may
  8 | # obtain a copy of the License at
  9 | # 
 10 | # http://www.apache.org/licenses/LICENSE-2.0
 11 | # 
 12 | # Unless required by applicable law or agreed to in writing, software
 13 | # distributed under the License is distributed on an "AS IS" BASIS,
 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
 15 | # implied. See the License for the specific language governing
 16 | # permissions and limitations under the License.
 17 | #
 18 | # -----------------------------------------------------------------------------
 19 | # Scan our image, $REPO:latest, with multiple container scanners,
 20 | # checking for known vulnerabilities.  Use Red Light Green Light to
 21 | # evaluate the scan results against the policy specified in git at
 22 | # $RLGL_POLICY.  See https://github.com/atgreen/red-light-green-light
 23 | # for details.
 24 | # -----------------------------------------------------------------------------
 25 | 
 26 | # Experiment by scanning an old container image...
 27 | # REPO=containerlisp/lisp-10-ubi8:20190711.62
 28 | # docker pull containerlisp/lisp-10-ubi8:20190711.62
 29 | 
 30 | set -euo pipefail
 31 | IFS=$'\n\t'
 32 | 
 33 | set -x
 34 | 
 35 | # -----------------------------------------------------------------------------
 36 | # Configure the rlgl cli.
 37 | 
 38 | # Download and extract the client
 39 | wget -qO - https://rl.gl/cli/rlgl-linux-amd64.tgz | \
 40 |     tar --strip-components=2 -xvzf - ./rlgl/rlgl
 41 | 
 42 | # Log into the server
 43 | ./rlgl login --key=$RLGL_KEY https://rl.gl
 44 | 
 45 | # Generate a player ID for use during report evaluation
 46 | ID=$(./rlgl start)
 47 | 
 48 | # Set the policy
 49 | RLGL_POLICY=https://github.com/container-lisp/rlgl-policy.git
 50 | 
 51 | # -----------------------------------------------------------------------------
 52 | # Use the Clair scanner...
 53 | # -----------------------------------------------------------------------------
 54 | 
 55 | # travis-ci comes with postgresql on, which clashes with the postgresql we're
 56 | # about to fire up.
 57 | sudo apt-get --yes remove postgresql\* > /dev/null 2>&1
 58 | docker run -d --name db arminc/clair-db
 59 | sleep 15 # wait for db to come up
 60 | docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan
 61 | sleep 1
 62 | DOCKER_GATEWAY=$(docker network inspect bridge --format "{{range .IPAM.Config}}{{.Gateway}}{{end}}")
 63 | 
 64 | wget -qO clair-scanner https://github.com/arminc/clair-scanner/releases/download/v12/clair-scanner_linux_amd64
 65 | ls -l
 66 | chmod +x clair-scanner
 67 | 
 68 | ./clair-scanner --ip="$DOCKER_GATEWAY" -r clair-report.json $REPO
 69 | ./rlgl e --id=$ID --policy=$RLGL_POLICY clair-report.json
 70 | 
 71 | # -----------------------------------------------------------------------------
 72 | # Use Anchore's inline scanner...
 73 | # -----------------------------------------------------------------------------
 74 | 
 75 | curl -s https://ci-tools.anchore.io/inline_scan-v0.4.1 | bash -s -- -t 3300 -r $REPO
 76 | ls -lRt
 77 | if test -f anchore-reports/*-vuln.json; then 
 78 |     ./rlgl e --id=$ID --policy=$RLGL_POLICY anchore-reports/*-vuln.json
 79 | fi
 80 | 
 81 | # -----------------------------------------------------------------------------
 82 | # Use Aqua Security's microscanner...
 83 | # -----------------------------------------------------------------------------
 84 | 
 85 | if [[ -z "${AQUACODE}" ]]; then
 86 |     echo "Skipping AquaSecurity Scan.  Missing AQUACODE environment variable."
 87 | else    
 88 |     if ! test -f microscanner; then
 89 | 	wget https://get.aquasec.com/microscanner
 90 | 	chmod +x microscanner
 91 |     fi  
 92 | 
 93 |     cat > Dockerfile.scan <<EOF
 94 | FROM $REPO
 95 | USER 0
 96 | ADD microscanner /
 97 | RUN /microscanner $AQUACODE -c
 98 | EOF
 99 | 
100 |     # FIXME: this fails because Aqua can't handle ubi9 images yet
101 |     docker build . -f Dockerfile.scan || true
102 | 
103 |     # TODO: Run rlgl here once Aqua has fixed their ubi9 scanner
104 | fi
105 | 
106 | # -----------------------------------------------------------------------------
107 | # Summarize scans
108 | # -----------------------------------------------------------------------------
109 | 
110 | ./rlgl log --id=$ID
111 | 
112 | echo All scans pass.
113 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | [![Build Status](https://github.com/container-lisp/s2i-lisp/actions/workflows/build.yml/badge.svg)](https://github.com/container-lisp/s2i-lisp/actions)
  2 | 
  3 | Common Lisp + Quicklisp OpenShift Build Image
  4 | =============================================
  5 | 
  6 | This repository contains the source for building a Quicklisp based
  7 | Common Lisp application as a reproducible docker image using
  8 | [source-to-image](https://github.com/openshift/source-to-image). This
  9 | docker image is UBI-8 based. The resulting images can be run using
 10 | [docker](http://docker.io).
 11 | 
 12 | Usage
 13 | -----
 14 | To build a simple
 15 | [sample-lisp-app](https://github.com/container-lisp/sample-lisp-app)
 16 | application using standalone
 17 | [S2I](https://github.com/openshift/source-to-image) and then run the
 18 | resulting image with [docker](http://docker.io) execute:
 19 | ```
 20 | $ s2i build https://github.com/container-lisp/sample-lisp-app quay.io/containerlisp/lisp-10-ubi9 sample-lisp-app
 21 | $ docker run -p 8080:8080 sample-lisp-app
 22 | ```
 23 | 
 24 | **Accessing the application:**
 25 | 
 26 | Run interactively as above, you can access the sample-lisp-app like so:
 27 | ```
 28 | $ curl 127.0.0.1:8080
 29 | ```
 30 | 
 31 | You will likely, however, prefer [OpenShift](https://www.openshift.com), where applications are created like so:
 32 | ```
 33 | $ oc new-app quay.io/containerlisp/lisp-10-ubi9~git://github.com/container-lisp/sample-lisp-app
 34 | ```
 35 | 
 36 | A [slynk](https://github.com/joaotavora/sly) server will be started on
 37 | port 4005 for every application.  With OpenShift, you can forward port
 38 | 4005 to your local host and connect to it with
 39 | [SLY](https://github.com/joaotavora/sly) for interactive
 40 | [Emacs](https://www.gnu.org/software/emacs/) based development.  Just
 41 | identify the pod running your container with `oc get pods`, and
 42 | then....
 43 | 
 44 | ```oc port-forward sample-lisp-app-1-h5o5f 4005```
 45 | 
 46 | Follow this up in Emacs with...
 47 | 
 48 | ```M-x sly-connect RET RET```
 49 | 
 50 | To teach Emacs how to translate filenames between the remote and local
 51 | machines, you'll need to define
 52 | [```sly-filename-translations```](http://joaotavora.github.io/sly/#Setting-up-pathname-translations).
 53 | 
 54 | There are a number of excellent screencasts and tutorials on using SLY
 55 | on the project web site at
 56 | [https://github.com/joaotavora/sly](https://github.com/joaotavora/sly).
 57 | 
 58 | Also note that instead of using sly, you can also decide to use slime,
 59 | the traditional emacs common lisp development environment. See below
 60 | the section about environment variable `DEV_BACKEND` on how to do
 61 | this.
 62 | 
 63 | To install this image along with sample application template into OpenShift, run the following as the cluster manager:
 64 | ```
 65 | $ oc create -f lisp-image-streams.json -n openshift
 66 | $ oc create -f lisp-web-basic-s2i.json -n openshift
 67 | ```
 68 | 
 69 | Overriding Quicklisp Packages
 70 | -----------------------------
 71 | 
 72 | If the top-level directory of your source repo contains a
 73 | `local-projects` directory, then all of the contents of that directory
 74 | will be moved to quicklisp's `local-projects` directory before
 75 | build-time.  This is useful is you ever need to use a different
 76 | version of a quicklisp-provided package, perhaps with local changes.
 77 | 
 78 | 
 79 | Environment variables
 80 | ---------------------
 81 | 
 82 | To set these environment variables, you can place them as a key value
 83 | pair into a `.s2i/environment` file inside your source code
 84 | repository.
 85 | 
 86 | * **APP_SYSTEM_NAME**
 87 | 
 88 |     The name that quicklisp will know this application by and which
 89 |     will become the name of the directory in the quicklisp
 90 |     local-project subdirectory, where the application source code will
 91 |     be copied into and build and run from.
 92 | 
 93 | * **APP_EVAL**
 94 | 
 95 |     SBCL evaluates this lisp form after ql:quickload'ing
 96 |     `:$APP_SYSTEM_NAME`, e.g. "`(webapp:start-webapp)`". This only happens
 97 |     when `:$APP_SCRIPT` is not used.
 98 | 
 99 | * **APP_SCRIPT**
100 | 
101 |     SBCL loads this script and executes it instead of evaluating
102 |     `:$APP_EVAL`. This script needs to take care of setting up and
103 |     quickloading the application but thus gives full control over the
104 |     startup process. Note that this variable should point to a
105 |     relative path, which will be within the quicklisp project defined
106 |     by `APP_SYSTEM_NAME`, e.g. "`.s2i/run.lisp`".
107 | 
108 | * **APP_BUILD_SCRIPT**
109 | 
110 |     SBCL loads this script and executes it during the build process.
111 |     If this is used, `:$APP_EVAL` and `$APP_SYSTEM_NAME` will not be used
112 |     for quickloading and building the app. Instead, the script
113 |     specified needs to take care of setting up and quickloading the
114 |     application but thus gives more control over the build
115 |     process. Note that this variable should point to a relative path,
116 |     which will be within the quicklisp project defined by
117 |     `APP_SYSTEM_NAME`, e.g. "`.s2i/build.lisp`".
118 | 
119 | * **APP_MEM**
120 | 
121 |     This value will be passed to sbcl via `--dynamic-space-size` and
122 |     should be set to the amount of memory the application needs. It
123 |     will be used for both building the image as well as running it.
124 |     Its default value is 90% of available memory as reported by
125 |     cgroups.
126 | 
127 | * **DEV_BACKEND**
128 | 
129 |     Set this variable to `slynk` or `swank` to choose the development
130 |     backend to start, or leave it unset to start no backend at all.
131 | 
132 | * **DEV_BACKEND_PORT**
133 | 
134 |     The default slynk/swank port is 4005. Set this value to something
135 |     else for your application to use a different port (e.g. if your
136 |     application needs to use this port). This setting will only come
137 |     into effect when a development backend has been selected via
138 |     `DEV_BACKEND`.
139 | 
140 | Public Container Images
141 | -----------------------
142 | 
143 | The ubi9-based S2I images are published on quay.io, as
144 | `quay.io/containerlisp/lisp-10-ubi9`.  Image tags are as follows:
145 | 
146 | * `latest`: the most recent build of the very latest quicklisp, SBCL
147 |   and OS bits.
148 | 
149 | * Quicklisp dist version date (eg. `20181210`): The latest build based
150 |   on this quicklisp distribution version.  If you use this tag, the
151 |   quicklisp bits will never change, but the underlying OS and SBCL
152 |   bits may.
153 | 
154 | * Git commit hash (eg. `b6ef12a`): The semantics of this tag are the
155 |   same as above. It is provided as a convenience in order to map back
156 |   to the original source version.
157 | 
158 | * Quicklisp dist version date + build number (eg. `20181210.26`):
159 |   This identifies a specific build for a specific
160 |   quicklisp distribution.  This is a unique build, and will never
161 |   change.
162 | 


--------------------------------------------------------------------------------
/lisp-web-basic-s2i.json:
--------------------------------------------------------------------------------
  1 | {
  2 |     "kind": "Template",
  3 |     "apiVersion": "v1",
  4 |     "metadata": {
  5 |         "annotations": {
  6 |             "iconClass": "icon-rh-openjdk",
  7 |             "tags": "lisp",
  8 |             "version": "1.0.0",
  9 |             "openshift.io/display-name": "Lisp",
 10 |             "openshift.io/provider-display-name": "The container-lisp hackers",
 11 |             "description": "An example Lisp web application using SBCL.",
 12 |             "template.openshift.io/long-description": "This template defines resources needed to develop Common Lisp based web applications."
 13 |         },
 14 |         "name": "lisp-web-basic-s2i"
 15 |     },
 16 |     "labels": {
 17 |         "template": "lisp-web-basic-s2i"
 18 |     },
 19 |     "message": "A new Common Lisp application has been created in your project. A [slynk](https://github.com/joaotavora/sly) server will start on port 4005 of this container.  You can forward port 4005 to your local host and connect to it with [SLY](https://github.com/joaotavora/sly) for interactive [Emacs](https://www.gnu.org/software/emacs/) based development.  Just identify the pod running your container with `oc get pods`, and then....```oc port-forward sample-lisp-app-1-h5o5f 4005``` Follow this up in Emacs with... ```M-x sly-connect RET RET``` To teach Emacs how to translate filenames between the remote and local machines, you'll need to define [```sly-filename-translations```](http://joaotavora.github.io/sly/#Setting-up-pathname-translations).",
 20 |     "parameters": [
 21 |         {
 22 |             "description": "The name for the application.",
 23 |             "displayName": "Application Name",
 24 |             "name": "APPLICATION_NAME",
 25 |             "value": "lisp-app",
 26 |             "required": true
 27 |         },
 28 |         {
 29 |             "description": "Custom hostname for http service route.  Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>",
 30 |             "displayName": "Custom http Route Hostname",
 31 |             "name": "HOSTNAME_HTTP",
 32 |             "value": "",
 33 |             "required": false
 34 |         },
 35 |         {
 36 |             "description": "Git source URI for application",
 37 |             "displayName": "Git Repository URL",
 38 |             "name": "SOURCE_REPOSITORY_URL",
 39 |             "value": "https://github.com/container-lisp/sample-lisp-app",
 40 |             "required": true
 41 |         },
 42 |         {
 43 |             "description": "Git branch/tag reference",
 44 |             "displayName": "Git Reference",
 45 |             "name": "SOURCE_REPOSITORY_REF",
 46 |             "value": "master",
 47 |             "required": false
 48 |         },
 49 |         {
 50 |             "description": "Path within Git project to build; empty for root project directory.",
 51 |             "displayName": "Context Directory",
 52 |             "name": "CONTEXT_DIR",
 53 |             "value": "",
 54 |             "required": false
 55 |         },
 56 |         {
 57 |             "description": "GitHub trigger secret",
 58 |             "displayName": "Github Webhook Secret",
 59 |             "name": "GITHUB_WEBHOOK_SECRET",
 60 |             "from": "[a-zA-Z0-9]{8}",
 61 |             "generate": "expression",
 62 |             "required": true
 63 |         },
 64 |         {
 65 |             "description": "Generic build trigger secret",
 66 |             "displayName": "Generic Webhook Secret",
 67 |             "name": "GENERIC_WEBHOOK_SECRET",
 68 |             "from": "[a-zA-Z0-9]{8}",
 69 |             "generate": "expression",
 70 |             "required": true
 71 |         },
 72 |         {
 73 |             "description": "Namespace in which the ImageStreams for Lisp images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
 74 |             "displayName": "ImageStream Namespace",
 75 |             "name": "IMAGE_STREAM_NAMESPACE",
 76 |             "value": "openshift",
 77 |             "required": true
 78 |         }
 79 |     ],
 80 |     "objects": [
 81 |         {
 82 |             "kind": "Service",
 83 |             "apiVersion": "v1",
 84 |             "spec": {
 85 |                 "ports": [
 86 |                     {
 87 |                         "port": 8080,
 88 |                         "targetPort": 8080
 89 |                     }
 90 |                 ],
 91 |                 "selector": {
 92 |                     "deploymentConfig": "${APPLICATION_NAME}"
 93 |                 }
 94 |             },
 95 |             "metadata": {
 96 |                 "name": "${APPLICATION_NAME}",
 97 |                 "labels": {
 98 |                     "application": "${APPLICATION_NAME}"
 99 |                 },
100 |                 "annotations": {
101 |                     "description": "The application's http port."
102 |                 }
103 |             }
104 |         },
105 |         {
106 |             "kind": "Route",
107 |             "apiVersion": "v1",
108 |             "id": "${APPLICATION_NAME}-http",
109 |             "metadata": {
110 |                 "name": "${APPLICATION_NAME}",
111 |                 "labels": {
112 |                     "application": "${APPLICATION_NAME}"
113 |                 },
114 |                 "annotations": {
115 |                     "description": "Route for application's http service."
116 |                 }
117 |             },
118 |             "spec": {
119 |                 "host": "${HOSTNAME_HTTP}",
120 |                 "to": {
121 |                     "name": "${APPLICATION_NAME}"
122 |                 }
123 |             }
124 |         },
125 |         {
126 |             "kind": "ImageStream",
127 |             "apiVersion": "v1",
128 |             "metadata": {
129 |                 "name": "${APPLICATION_NAME}",
130 |                 "labels": {
131 |                     "application": "${APPLICATION_NAME}"
132 |                 }
133 |             }
134 |         },
135 |         {
136 |             "kind": "BuildConfig",
137 |             "apiVersion": "v1",
138 |             "metadata": {
139 |                 "name": "${APPLICATION_NAME}",
140 |                 "labels": {
141 |                     "application": "${APPLICATION_NAME}"
142 |                 }
143 |             },
144 |             "spec": {
145 |                 "source": {
146 |                     "type": "Git",
147 |                     "git": {
148 |                         "uri": "${SOURCE_REPOSITORY_URL}",
149 |                         "ref": "${SOURCE_REPOSITORY_REF}"
150 |                     },
151 |                     "contextDir": "${CONTEXT_DIR}"
152 |                 },
153 |                 "strategy": {
154 |                     "type": "Source",
155 |                     "sourceStrategy": {
156 |                         "forcePull": true,
157 |                         "from": {
158 |                             "kind": "ImageStreamTag",
159 |                             "namespace": "${IMAGE_STREAM_NAMESPACE}",
160 |                             "name": "s2i-lisp:latest"
161 |                         }
162 |                     }
163 |                 },
164 |                 "output": {
165 |                     "to": {
166 |                         "kind": "ImageStreamTag",
167 |                         "name": "${APPLICATION_NAME}:latest"
168 |                     }
169 |                 },
170 |                 "triggers": [
171 |                     {
172 |                         "type": "GitHub",
173 |                         "github": {
174 |                             "secret": "${GITHUB_WEBHOOK_SECRET}"
175 |                         }
176 |                     },
177 |                     {
178 |                         "type": "Generic",
179 |                         "generic": {
180 |                             "secret": "${GENERIC_WEBHOOK_SECRET}"
181 |                         }
182 |                     },
183 |                     {
184 |                         "type": "ImageChange",
185 |                         "imageChange": {}
186 |                     },
187 |                     {
188 |                         "type": "ConfigChange"
189 |                     }
190 |                 ]
191 |             }
192 |         },
193 |         {
194 |             "kind": "DeploymentConfig",
195 |             "apiVersion": "v1",
196 |             "metadata": {
197 |                 "name": "${APPLICATION_NAME}",
198 |                 "labels": {
199 |                     "application": "${APPLICATION_NAME}"
200 |                 }
201 |             },
202 |             "spec": {
203 |                 "strategy": {
204 |                     "type": "Recreate"
205 |                 },
206 |                 "triggers": [
207 |                     {
208 |                         "type": "ImageChange",
209 |                         "imageChangeParams": {
210 |                             "automatic": true,
211 |                             "containerNames": [
212 |                                 "${APPLICATION_NAME}"
213 |                             ],
214 |                             "from": {
215 |                                 "kind": "ImageStreamTag",
216 |                                 "name": "${APPLICATION_NAME}:latest"
217 |                             }
218 |                         }
219 |                     },
220 |                     {
221 |                         "type": "ConfigChange"
222 |                     }
223 |                 ],
224 |                 "replicas": 1,
225 |                 "selector": {
226 |                     "deploymentConfig": "${APPLICATION_NAME}"
227 |                 },
228 |                 "template": {
229 |                     "metadata": {
230 |                         "name": "${APPLICATION_NAME}",
231 |                         "labels": {
232 |                             "deploymentConfig": "${APPLICATION_NAME}",
233 |                             "application": "${APPLICATION_NAME}"
234 |                         }
235 |                     },
236 |                     "spec": {
237 |                         "terminationGracePeriodSeconds": 75,
238 |                         "containers": [
239 |                             {
240 |                                 "name": "${APPLICATION_NAME}",
241 |                                 "image": "${APPLICATION_NAME}",
242 |                                 "imagePullPolicy": "Always",
243 |                                 "env": [
244 |                                 ],
245 |                                 "ports": [
246 |                                     {
247 |                                         "name": "http",
248 |                                         "containerPort": 8080,
249 |                                         "protocol": "TCP"
250 |                                     }
251 |                                 ]
252 |                             }
253 |                         ]
254 |                     }
255 |                 }
256 |             }
257 |         }
258 |     ]
259 | }
260 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 | 
  2 |                                  Apache License
  3 |                            Version 2.0, January 2004
  4 |                         http://www.apache.org/licenses/
  5 | 
  6 |    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
  7 | 
  8 |    1. Definitions.
  9 | 
 10 |       "License" shall mean the terms and conditions for use, reproduction,
 11 |       and distribution as defined by Sections 1 through 9 of this document.
 12 | 
 13 |       "Licensor" shall mean the copyright owner or entity authorized by
 14 |       the copyright owner that is granting the License.
 15 | 
 16 |       "Legal Entity" shall mean the union of the acting entity and all
 17 |       other entities that control, are controlled by, or are under common
 18 |       control with that entity. For the purposes of this definition,
 19 |       "control" means (i) the power, direct or indirect, to cause the
 20 |       direction or management of such entity, whether by contract or
 21 |       otherwise, or (ii) ownership of fifty percent (50%) or more of the
 22 |       outstanding shares, or (iii) beneficial ownership of such entity.
 23 | 
 24 |       "You" (or "Your") shall mean an individual or Legal Entity
 25 |       exercising permissions granted by this License.
 26 | 
 27 |       "Source" form shall mean the preferred form for making modifications,
 28 |       including but not limited to software source code, documentation
 29 |       source, and configuration files.
 30 | 
 31 |       "Object" form shall mean any form resulting from mechanical
 32 |       transformation or translation of a Source form, including but
 33 |       not limited to compiled object code, generated documentation,
 34 |       and conversions to other media types.
 35 | 
 36 |       "Work" shall mean the work of authorship, whether in Source or
 37 |       Object form, made available under the License, as indicated by a
 38 |       copyright notice that is included in or attached to the work
 39 |       (an example is provided in the Appendix below).
 40 | 
 41 |       "Derivative Works" shall mean any work, whether in Source or Object
 42 |       form, that is based on (or derived from) the Work and for which the
 43 |       editorial revisions, annotations, elaborations, or other modifications
 44 |       represent, as a whole, an original work of authorship. For the purposes
 45 |       of this License, Derivative Works shall not include works that remain
 46 |       separable from, or merely link (or bind by name) to the interfaces of,
 47 |       the Work and Derivative Works thereof.
 48 | 
 49 |       "Contribution" shall mean any work of authorship, including
 50 |       the original version of the Work and any modifications or additions
 51 |       to that Work or Derivative Works thereof, that is intentionally
 52 |       submitted to Licensor for inclusion in the Work by the copyright owner
 53 |       or by an individual or Legal Entity authorized to submit on behalf of
 54 |       the copyright owner. For the purposes of this definition, "submitted"
 55 |       means any form of electronic, verbal, or written communication sent
 56 |       to the Licensor or its representatives, including but not limited to
 57 |       communication on electronic mailing lists, source code control systems,
 58 |       and issue tracking systems that are managed by, or on behalf of, the
 59 |       Licensor for the purpose of discussing and improving the Work, but
 60 |       excluding communication that is conspicuously marked or otherwise
 61 |       designated in writing by the copyright owner as "Not a Contribution."
 62 | 
 63 |       "Contributor" shall mean Licensor and any individual or Legal Entity
 64 |       on behalf of whom a Contribution has been received by Licensor and
 65 |       subsequently incorporated within the Work.
 66 | 
 67 |    2. Grant of Copyright License. Subject to the terms and conditions of
 68 |       this License, each Contributor hereby grants to You a perpetual,
 69 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 70 |       copyright license to reproduce, prepare Derivative Works of,
 71 |       publicly display, publicly perform, sublicense, and distribute the
 72 |       Work and such Derivative Works in Source or Object form.
 73 | 
 74 |    3. Grant of Patent License. Subject to the terms and conditions of
 75 |       this License, each Contributor hereby grants to You a perpetual,
 76 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 77 |       (except as stated in this section) patent license to make, have made,
 78 |       use, offer to sell, sell, import, and otherwise transfer the Work,
 79 |       where such license applies only to those patent claims licensable
 80 |       by such Contributor that are necessarily infringed by their
 81 |       Contribution(s) alone or by combination of their Contribution(s)
 82 |       with the Work to which such Contribution(s) was submitted. If You
 83 |       institute patent litigation against any entity (including a
 84 |       cross-claim or counterclaim in a lawsuit) alleging that the Work
 85 |       or a Contribution incorporated within the Work constitutes direct
 86 |       or contributory patent infringement, then any patent licenses
 87 |       granted to You under this License for that Work shall terminate
 88 |       as of the date such litigation is filed.
 89 | 
 90 |    4. Redistribution. You may reproduce and distribute copies of the
 91 |       Work or Derivative Works thereof in any medium, with or without
 92 |       modifications, and in Source or Object form, provided that You
 93 |       meet the following conditions:
 94 | 
 95 |       (a) You must give any other recipients of the Work or
 96 |           Derivative Works a copy of this License; and
 97 | 
 98 |       (b) You must cause any modified files to carry prominent notices
 99 |           stating that You changed the files; and
100 | 
101 |       (c) You must retain, in the Source form of any Derivative Works
102 |           that You distribute, all copyright, patent, trademark, and
103 |           attribution notices from the Source form of the Work,
104 |           excluding those notices that do not pertain to any part of
105 |           the Derivative Works; and
106 | 
107 |       (d) If the Work includes a "NOTICE" text file as part of its
108 |           distribution, then any Derivative Works that You distribute must
109 |           include a readable copy of the attribution notices contained
110 |           within such NOTICE file, excluding those notices that do not
111 |           pertain to any part of the Derivative Works, in at least one
112 |           of the following places: within a NOTICE text file distributed
113 |           as part of the Derivative Works; within the Source form or
114 |           documentation, if provided along with the Derivative Works; or,
115 |           within a display generated by the Derivative Works, if and
116 |           wherever such third-party notices normally appear. The contents
117 |           of the NOTICE file are for informational purposes only and
118 |           do not modify the License. You may add Your own attribution
119 |           notices within Derivative Works that You distribute, alongside
120 |           or as an addendum to the NOTICE text from the Work, provided
121 |           that such additional attribution notices cannot be construed
122 |           as modifying the License.
123 | 
124 |       You may add Your own copyright statement to Your modifications and
125 |       may provide additional or different license terms and conditions
126 |       for use, reproduction, or distribution of Your modifications, or
127 |       for any such Derivative Works as a whole, provided Your use,
128 |       reproduction, and distribution of the Work otherwise complies with
129 |       the conditions stated in this License.
130 | 
131 |    5. Submission of Contributions. Unless You explicitly state otherwise,
132 |       any Contribution intentionally submitted for inclusion in the Work
133 |       by You to the Licensor shall be under the terms and conditions of
134 |       this License, without any additional terms or conditions.
135 |       Notwithstanding the above, nothing herein shall supersede or modify
136 |       the terms of any separate license agreement you may have executed
137 |       with Licensor regarding such Contributions.
138 | 
139 |    6. Trademarks. This License does not grant permission to use the trade
140 |       names, trademarks, service marks, or product names of the Licensor,
141 |       except as required for reasonable and customary use in describing the
142 |       origin of the Work and reproducing the content of the NOTICE file.
143 | 
144 |    7. Disclaimer of Warranty. Unless required by applicable law or
145 |       agreed to in writing, Licensor provides the Work (and each
146 |       Contributor provides its Contributions) on an "AS IS" BASIS,
147 |       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
148 |       implied, including, without limitation, any warranties or conditions
149 |       of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
150 |       PARTICULAR PURPOSE. You are solely responsible for determining the
151 |       appropriateness of using or redistributing the Work and assume any
152 |       risks associated with Your exercise of permissions under this License.
153 | 
154 |    8. Limitation of Liability. In no event and under no legal theory,
155 |       whether in tort (including negligence), contract, or otherwise,
156 |       unless required by applicable law (such as deliberate and grossly
157 |       negligent acts) or agreed to in writing, shall any Contributor be
158 |       liable to You for damages, including any direct, indirect, special,
159 |       incidental, or consequential damages of any character arising as a
160 |       result of this License or out of the use or inability to use the
161 |       Work (including but not limited to damages for loss of goodwill,
162 |       work stoppage, computer failure or malfunction, or any and all
163 |       other commercial damages or losses), even if such Contributor
164 |       has been advised of the possibility of such damages.
165 | 
166 |    9. Accepting Warranty or Additional Liability. While redistributing
167 |       the Work or Derivative Works thereof, You may choose to offer,
168 |       and charge a fee for, acceptance of support, warranty, indemnity,
169 |       or other liability obligations and/or rights consistent with this
170 |       License. However, in accepting such obligations, You may act only
171 |       on Your own behalf and on Your sole responsibility, not on behalf
172 |       of any other Contributor, and only if You agree to indemnify,
173 |       defend, and hold each Contributor harmless for any liability
174 |       incurred by, or claims asserted against, such Contributor by reason
175 |       of your accepting any such warranty or additional liability.
176 | 
177 |    END OF TERMS AND CONDITIONS
178 | 
179 |    APPENDIX: How to apply the Apache License to your work.
180 | 
181 |       To apply the Apache License to your work, attach the following
182 |       boilerplate notice, with the fields enclosed by brackets "[]"
183 |       replaced with your own identifying information. (Don't include
184 |       the brackets!)  The text should be enclosed in the appropriate
185 |       comment syntax for the file format. We also recommend that a
186 |       file or class name and description of purpose be included on the
187 |       same "printed page" as the copyright notice for easier
188 |       identification within third-party archives.
189 | 
190 |    Copyright [yyyy] [name of copyright owner]
191 | 
192 |    Licensed under the Apache License, Version 2.0 (the "License");
193 |    you may not use this file except in compliance with the License.
194 |    You may obtain a copy of the License at
195 | 
196 |        http://www.apache.org/licenses/LICENSE-2.0
197 | 
198 |    Unless required by applicable law or agreed to in writing, software
199 |    distributed under the License is distributed on an "AS IS" BASIS,
200 |    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
201 |    See the License for the specific language governing permissions and
202 |    limitations under the License.


--------------------------------------------------------------------------------