feat: nerdctl

Signed-off-by: thediveo <[email protected]>

Author: thediveo

README.md

@@ -14,6 +14,9 @@ Alpine](https://github.com/devcontainers/features/blob/091886b3568dad70f835cc428
   https://github.com/libbpf/bpftool binary releases, especially avoiding the
   usual pain of upstream Debian/Ubuntu kernel-specific bpftool packages.
 
+- [cni-plugins](src/cni-plugins/README.md) – installs CNI plugins directly from
+  upstream https://github.com/containernetworking/plugins binary releases.
+
 - [docsify](src/docsify/README.md) – automatically serves ./docs workspace
   directory via `docsify serve` in the background (with the specific workspace
   location being configurable).
@@ -40,6 +43,9 @@ Alpine](https://github.com/devcontainers/features/blob/091886b3568dad70f835cc428
 - [local-pkgsite](src/local-pkgsite/README.md) – a local Go pkgsite serving the
   module documentation, with automatic project reload and browser refresh. 
 
+- [nerdctl](src/nerdctl/README.md) – installs `nerdctl` directly from upstream
+  https://github.com/containerd/nerdctl binary releases.
+
 - [pin-github-action](src/pin-github-action/README.md) – provides mheaps's
   `pin-github-action` for pinning GitHub actions to specific hashes.
 

src/nerdctl/NOTES.md

@@ -0,0 +1,33 @@
+## Combining with `docker-in-docker` Feature
+
+Please note that the `docker-in-docker` feature is only available for
+Debian/Docker-based base images.
+
+In order to use nerdctl with the `containerd` included in the
+[`docker-in-docker`](https://github.com/devcontainers/features/tree/main/src/docker-in-docker)
+feature, you need to explicitly configure the non-standard API endpoint URL for
+`containerd` as follows:
+
+```json
+    "features": {
+        "ghcr.io/devcontainers/features/docker-in-docker:2": {
+            "dockerDashComposeVersion": "none",
+            "installDockerBuildx": false
+        },
+        "ghcr.io/devcontainers/features/nerdctl:0": {
+            "containerd-api": "unix:///run/docker/containerd/containerd.sock"
+        }
+    }
+```
+
+## OS Support
+
+Tested with:
+- [ghcr.io/almalinux/almalinux](https://ghcr.io/almalinux/almalinux),
+- [mcr.microsoft.com/devcontainers/base:debian](https://mcr.microsoft.com/en-us/artifact/mar/devcontainers/base/about#about:_debian),
+- [fedora](https://hub.docker.com/_/fedora),
+- [mcr.microsoft.com/devcontainers/base:ubuntu](https://mcr.microsoft.com/en-us/artifact/mar/devcontainers/base/about#about:_ubuntu).
+
+## Acknowledgement
+
+[@containerd/nerdctl](https://github.com/containerd/nerdctl)

src/nerdctl/README.md

@@ -0,0 +1,58 @@
+
+# containerd control CLI (nerdctl)
+
+Installs nerdctl from upstream.
+
+## Example Usage
+
+```json
+"features": {
+    "ghcr.io/thediveo/devcontainer-features/nerdctl:0": {}
+}
+```
+
+## Options
+
+| Options Id | Description | Type | Default Value |
+|-----|-----|-----|-----|
+| version | version of cni-plugins to install | string | latest |
+| containerd-api | path to containerd API endpoint | string | unix:///run/containerd/containerd.sock |
+
+## Combining with `docker-in-docker` Feature
+
+Please note that the `docker-in-docker` feature is only available for
+Debian/Docker-based base images.
+
+In order to use nerdctl with the `containerd` included in the
+[`docker-in-docker`](https://github.com/devcontainers/features/tree/main/src/docker-in-docker)
+feature, you need to explicitly configure the non-standard API endpoint URL for
+`containerd` as follows:
+
+```json
+    "features": {
+        "ghcr.io/devcontainers/features/docker-in-docker:2": {
+            "dockerDashComposeVersion": "none",
+            "installDockerBuildx": false
+        },
+        "ghcr.io/devcontainers/features/nerdctl:0": {
+            "containerd-api": "unix:///run/docker/containerd/containerd.sock"
+        }
+    }
+```
+
+## OS Support
+
+Tested with:
+- [ghcr.io/almalinux/almalinux](https://ghcr.io/almalinux/almalinux),
+- [mcr.microsoft.com/devcontainers/base:debian](https://mcr.microsoft.com/en-us/artifact/mar/devcontainers/base/about#about:_debian),
+- [fedora](https://hub.docker.com/_/fedora),
+- [mcr.microsoft.com/devcontainers/base:ubuntu](https://mcr.microsoft.com/en-us/artifact/mar/devcontainers/base/about#about:_ubuntu).
+
+## Acknowledgement
+
+[@containerd/nerdctl](https://github.com/containerd/nerdctl)
+
+
+---
+
+_Note: This file was auto-generated from the [devcontainer-feature.json](https://github.com/thediveo/devcontainer-features/blob/main/src/nerdctl/devcontainer-feature.json).  Add additional notes to a `NOTES.md`._

src/nerdctl/devcontainer-feature.json

@@ -0,0 +1,18 @@
+{
+    "name": "containerd control CLI",
+    "id": "nerdctl",
+    "version": "0.0.1",
+    "description": "Installs nerdctl from upstream.",
+    "options": {
+        "version": {
+            "type": "string",
+            "default": "latest",
+            "description": "version of cni-plugins to install"
+        },
+        "containerd-api": {
+            "type": "string",
+            "default": "unix:///run/containerd/containerd.sock",
+            "description": "path to containerd API endpoint"
+        }
+    }
+}

src/nerdctl/install.sh

@@ -0,0 +1,169 @@
+#!/usr/bin/env bash
+
+# Distribution and package manager detection are licensed by Microsoft
+# Corporation under the MIT License, please refer to:
+# https://github.com/devcontainers/features/blob/main/src/go/install.sh:
+#
+# Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the
+# MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license
+# information
+
+set -e
+
+NERDCTL_VERSION="${VERSION:-"latest"}"
+CONTAINERD_API="${CONTAINERD_API:-"unix:///run/containerd/containerd.sock"}"
+
+REPOSLUG="containerd/nerdctl"
+QUERYLATEST_URL="https://api.github.com/repos/${REPOSLUG}/releases/latest"
+RELEASE_URL="https://github.com/${REPOSLUG}/releases/download/"
+
+echo "installing feature nerdctl..."
+
+if [ "$(id -u)" -ne 0 ]; then
+    echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
+    exit 1
+fi
+
+# Bring in ID, ID_LIKE, VERSION_ID, VERSION_CODENAME
+. /etc/os-release
+# Get an adjusted ID independent of distro variants
+MAJOR_VERSION_ID=$(echo ${VERSION_ID} | cut -d . -f 1)
+if [ "${ID}" = "debian" ] || [ "${ID_LIKE}" = "debian" ]; then
+    ADJUSTED_ID="debian"
+elif [[ "${ID}" = "rhel" || "${ID}" = "fedora" || "${ID}" = "mariner" || "${ID_LIKE}" = *"rhel"* || "${ID_LIKE}" = *"fedora"* || "${ID_LIKE}" = *"mariner"* ]]; then
+    ADJUSTED_ID="rhel"
+    if [[ "${ID}" = "rhel" ]] || [[ "${ID}" = *"alma"* ]] || [[ "${ID}" = *"rocky"* ]]; then
+        VERSION_CODENAME="rhel${MAJOR_VERSION_ID}"
+    else
+        VERSION_CODENAME="${ID}${MAJOR_VERSION_ID}"
+    fi
+else
+    echo "Linux distro ${ID} not supported."
+    exit 1
+fi
+
+if [ "${ADJUSTED_ID}" = "rhel" ] && [ "${VERSION_CODENAME-}" = "centos7" ]; then
+    # As of 1 July 2024, mirrorlist.centos.org no longer exists.
+    # Update the repo files to reference vault.centos.org.
+    sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo
+    sed -i s/^#.*baseurl=http/baseurl=http/g /etc/yum.repos.d/*.repo
+    sed -i s/^mirrorlist=http/#mirrorlist=http/g /etc/yum.repos.d/*.repo
+fi
+
+# Setup INSTALL_CMD & PKG_MGR_CMD
+if type apt-get > /dev/null 2>&1; then
+    PKG_MGR_CMD=apt-get
+    INSTALL_CMD="${PKG_MGR_CMD} -y install --no-install-recommends"
+elif type microdnf > /dev/null 2>&1; then
+    PKG_MGR_CMD=microdnf
+    INSTALL_CMD="${PKG_MGR_CMD} ${INSTALL_CMD_ADDL_REPOS} -y install --refresh --best --nodocs --noplugins --setopt=install_weak_deps=0"
+elif type dnf > /dev/null 2>&1; then
+    PKG_MGR_CMD=dnf
+    INSTALL_CMD="${PKG_MGR_CMD} ${INSTALL_CMD_ADDL_REPOS} -y install --refresh --best --nodocs --noplugins --setopt=install_weak_deps=0"
+else
+    PKG_MGR_CMD=yum
+    INSTALL_CMD="${PKG_MGR_CMD} ${INSTALL_CMD_ADDL_REPOS} -y install --noplugins --setopt=install_weak_deps=0"
+fi
+
+# Clean up
+clean_up() {
+    case ${ADJUSTED_ID} in
+        debian)
+            rm -rf /var/lib/apt/lists/*
+            ;;
+        rhel)
+            rm -rf /var/cache/dnf/* /var/cache/yum/*
+            rm -rf /tmp/yum.log
+            rm -rf ${GPG_INSTALL_PATH}
+            ;;
+    esac
+}
+clean_up
+
+pkg_mgr_update() {
+    case $ADJUSTED_ID in
+        debian)
+            if [ "$(find /var/lib/apt/lists/* | wc -l)" = "0" ]; then
+                echo "Running apt-get update..."
+                ${PKG_MGR_CMD} update -y
+            fi
+            ;;
+        rhel)
+            if [ ${PKG_MGR_CMD} = "microdnf" ]; then
+                if [ "$(ls /var/cache/yum/* 2>/dev/null | wc -l)" = 0 ]; then
+                    echo "Running ${PKG_MGR_CMD} makecache ..."
+                    ${PKG_MGR_CMD} makecache
+                fi
+            else
+                if [ "$(ls /var/cache/${PKG_MGR_CMD}/* 2>/dev/null | wc -l)" = 0 ]; then
+                    echo "Running ${PKG_MGR_CMD} check-update ..."
+                    set +e
+                    ${PKG_MGR_CMD} check-update
+                    rc=$?
+                    if [ $rc != 0 ] && [ $rc != 100 ]; then
+                        exit 1
+                    fi
+                    set -e
+                fi
+            fi
+            ;;
+    esac
+}
+
+# Checks if packages are installed and installs them if not
+check_packages() {
+    case ${ADJUSTED_ID} in
+        debian)
+            if ! dpkg -s "$@" > /dev/null 2>&1; then
+                pkg_mgr_update
+                ${INSTALL_CMD} "$@"
+            fi
+            ;;
+        rhel)
+            if ! rpm -q "$@" > /dev/null 2>&1; then
+                pkg_mgr_update
+                ${INSTALL_CMD} "$@"
+            fi
+            ;;
+    esac
+}
+
+case $(uname -m) in
+    x86_64) ARCH="amd64";;
+    aarch64 | armv8*) ARCH="arm64";;
+    *) echo "Unsupported architecture: $(uname -m)"; exit 1;;
+esac
+
+export DEBIAN_FRONTEND=noninteractive
+
+if ! type curl > /dev/null 2>&1; then
+    check_packages curl
+fi
+
+if [ "$NERDCTL_VERSION" = "latest" ]; then
+    # get latest release    
+    NERDCTL_VERSION=$(curl -s ${QUERYLATEST_URL} | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
+fi
+
+echo version: $NERDCTL_VERSION
+echo for arch: $ARCH
+
+URL="${RELEASE_URL}${NERDCTL_VERSION}/nerdctl-${NERDCTL_VERSION#v}-linux-${ARCH}.tar.gz"
+echo "${URL}"
+
+curl -sSL -o /tmp/nerdctl.tar.gz "${URL}"
+ls -lH /tmp/nerdctl.tar.gz
+tar xzof /tmp/nerdctl.tar.gz -C /usr/local/bin/ nerdctl
+chmod 0755 /usr/local/bin/nerdctl
+rm /tmp/nerdctl.tar.gz
+
+mkdir -p /etc/nerdctl
+cat <<EOF >"/etc/nerdctl/nerdctl.toml"
+debug = false
+debug_full = false
+address = "${CONTAINERD_API}"
+EOF
+
+clean_up
+
+echo "Done!"

test/nerdctl/almalinux.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -e
+
+source dev-container-features-test-lib
+
+check "nerdctl" bash -c "nerdctl --version"
+
+reportResults

test/nerdctl/debian.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+set -e
+
+source dev-container-features-test-lib
+
+# as we're combining this test with docker-in-docker, containerd's socket isn't
+# in its default location and we explicitly specify it in this feature's options
+# (whalewatchers: hold my beer...)
+check "nerdctl" bash -c "sudo nerdctl ps"
+
+reportResults

test/nerdctl/fedora.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+set -e
+
+source dev-container-features-test-lib
+
+# as we're combining this test with docker-in-docker, containerd's socket isn't
+# in its default location and we explicitly specify it in this feature's options
+# (whalewatchers: hold my beer...)
+check "nerdctl" bash -c "nerdctl --version"
+
+reportResults

test/nerdctl/scenarios.json

@@ -0,0 +1,26 @@
+{
+    "almalinux": {
+        "image": "ghcr.io/almalinux/almalinux:9",
+        "features": {
+            "nerdctl": {}
+        }
+    },
+    "debian": {
+        "image": "mcr.microsoft.com/devcontainers/base:debian-12",
+        "features": {
+            "ghcr.io/devcontainers/features/docker-in-docker:2": {
+                "dockerDashComposeVersion": "none",
+                "installDockerBuildx": false
+            },
+            "nerdctl": {
+                "containerd-api": "unix:///run/docker/containerd/containerd.sock"
+            }
+        }
+    },
+    "fedora": {
+        "image": "fedora",
+        "features": {
+            "nerdctl": {}
+        }
+    }
+}

test/nerdctl/test.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -e
+
+source dev-container-features-test-lib
+
+check "nerdctl" bash -c "nerdctl --version"
+
+reportResults