Use circleci for continuous integegration.

Build container descriptions are in the new docker directory.

.circleci/config.yml

@@ -0,0 +1,45 @@
+# TODO: use matrix to test different build options and linux distros
+version: 2.1
+
+jobs:
+  build:
+    docker:
+      - image: docker.io/sudoproject/debian:latest
+    steps:
+      - checkout
+      - run:
+          name: "Building and packaging sudo"
+          command: ./scripts/mkpkg --flavor=ldap --enable-warnings --enable-werror
+      # Save workspace for subsequent jobs (i.e. test)
+      - persist_to_workspace:
+          root: .
+          paths:
+            - .
+  test:
+    docker:
+      - image: docker.io/sudoproject/debian:latest
+    steps:
+      # Reuse the workspace from the build job
+      - attach_workspace:
+          at: .
+      - run:
+          name: "Running tests"
+          command: make check
+
+# Orchestrate our job run sequence
+workflows:
+  version: 2
+  build_and_test:
+    jobs:
+      - build:
+          # Only build the "main" branch
+          filters:
+            branches:
+              only: main
+      - test:
+          filters:
+          # Only test the "main" branch
+            branches:
+              only: main
+          requires:
+            - build

MANIFEST

@@ -55,6 +55,14 @@ doc/sudoreplay.man.in
 doc/sudoreplay.mdoc.in
 doc/visudo.man.in
 doc/visudo.mdoc.in
+docker/README
+docker/debian/latest/Dockerfile
+docker/debian/testing/Dockerfile
+docker/fedora/latest/Dockerfile
+docker/fedora/rawhide/Dockerfile
+docker/ubuntu/devel/Dockerfile
+docker/ubuntu/latest/Dockerfile
+docker/ubuntu/rolling/Dockerfile
 etc/codespell.exclude
 etc/codespell.ignore
 etc/codespell.skip

docker/README

@@ -0,0 +1,29 @@
+Container images are stored in https://hub.docker.com/repositories as
+user sudoproject.  Build images are named based on the distro and use
+the tag to differentiate between different versions and architectures.
+There should always be a "latest" tag (or manifest).
+
+When creating a new Dockerfile, use one of the Debian or Fedora files
+as a template.  The examples below use podman rather than docker but it
+should be possible to them interchangably.
+
+To build Debian containers for both amd64 and i386 (others only have amd64):
+
+    podman build --arch amd64 --pull -t sudoproject/debian:latest.amd64 \
+	docker/debian/latest
+    podman build --arch 386 --pull -t sudoproject/debian:latest.i386 \
+	docker/debian/latest
+
+Then push it to dockerhub (may need to run "podman login" first):
+    podman push sudoproject/debian:latest.amd64
+    podman push sudoproject/debian:latest.i386
+
+Multi-arch containers are supported by creating a manifest, e.g.:
+    podman manifest create sudoproject/debian:latest
+    podman manifest add sudoproject/debian:latest \
+	sudoproject/debian:latest.amd64
+    podman manifest add sudoproject/debian:latest \
+	sudoproject/debian:latest.i386
+
+Finally push the manifest to dockerhub:
+    podman push sudoproject/debian:latest

docker/debian/latest/Dockerfile

@@ -0,0 +1,8 @@
+FROM docker.io/library/debian:latest
+
+RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \
+    DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \
+	build-essential curl dpkg-dev ed libldap2-dev libpam0g-dev \
+	libsasl2-dev libselinux1-dev libsepol1-dev libssl-dev zlib1g-dev \
+	libaudit-dev libssl-dev python3-dev libpython3-dev \
+	file lsb-release fakeroot procps git ssh openssh-client

docker/debian/testing/Dockerfile

@@ -0,0 +1,8 @@
+FROM docker.io/library/debian:testing
+
+RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \
+    DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \
+	build-essential curl dpkg-dev ed libldap2-dev libpam0g-dev \
+	libsasl2-dev libselinux1-dev libsepol1-dev libssl-dev zlib1g-dev \
+	libaudit-dev libssl-dev python3-dev libpython3-dev \
+	file lsb-release fakeroot procps git ssh openssh-client

docker/fedora/latest/Dockerfile

@@ -0,0 +1,7 @@
+FROM docker.io/library/fedora:latest
+ENV TZ=America/Denver
+
+RUN dnf -y install audit-libs-devel cyrus-sasl-devel glibc-devel \
+    libselinux-devel libsepol-devel openldap-devel openssl-devel pam-devel \
+    python3-devel rpm-build zlib-devel binutils ed gcc gdb git openssh \
+    procps which

docker/fedora/rawhide/Dockerfile

@@ -0,0 +1,7 @@
+FROM docker.io/library/fedora:rawhide
+ENV TZ=America/Denver
+
+RUN dnf -y install audit-libs-devel cyrus-sasl-devel glibc-devel \
+    libselinux-devel libsepol-devel openldap-devel openssl-devel pam-devel \
+    python3-devel rpm-build zlib-devel binutils ed gcc gdb git openssh \
+    procps which

docker/ubuntu/devel/Dockerfile

@@ -0,0 +1,8 @@
+FROM docker.io/library/ubuntu:devel
+
+RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \
+    DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \
+	build-essential curl dpkg-dev ed libldap2-dev libpam0g-dev \
+	libsasl2-dev libselinux1-dev libsepol1-dev libssl-dev zlib1g-dev \
+	libaudit-dev libssl-dev python3-dev libpython3-dev \
+	file lsb-release fakeroot procps git ssh openssh-client

docker/ubuntu/latest/Dockerfile

@@ -0,0 +1,8 @@
+FROM docker.io/library/ubuntu:latest
+
+RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \
+    DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \
+	build-essential curl dpkg-dev ed libldap2-dev libpam0g-dev \
+	libsasl2-dev libselinux1-dev libsepol1-dev libssl-dev zlib1g-dev \
+	libaudit-dev libssl-dev python3-dev libpython3-dev \
+	file lsb-release fakeroot procps git ssh openssh-client

docker/ubuntu/rolling/Dockerfile

@@ -0,0 +1,8 @@
+FROM docker.io/library/ubuntu:rolling
+
+RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \
+    DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \
+	build-essential curl dpkg-dev ed libldap2-dev libpam0g-dev \
+	libsasl2-dev libselinux1-dev libsepol1-dev libssl-dev zlib1g-dev \
+	libaudit-dev libssl-dev python3-dev libpython3-dev \
+	file lsb-release fakeroot procps git ssh openssh-client