ci: set up container to build containers within podman #3
6 changed files with 90 additions and 59 deletions
|
@ -16,12 +16,9 @@ jobs:
|
|||
webhook-url: ${{secrets.DISCORD_WEBHOOK_URL}}
|
||||
status: "Started"
|
||||
init: true
|
||||
build-images:
|
||||
build-runner:
|
||||
needs: [pre-run]
|
||||
runs-on: imagefactory-latest
|
||||
strategy:
|
||||
matrix:
|
||||
image-name: ['debian-12.6-slim']
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/setup-python@v5
|
||||
|
@ -33,21 +30,21 @@ jobs:
|
|||
id: image-metadata
|
||||
run: |
|
||||
echo "image-tag=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
|
||||
echo "full-image-name=${{ matrix.image-name }}:$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
|
||||
echo "full-image-name=debian-12.6-slim:$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
|
||||
- name: Build image
|
||||
run: python ./build_image.py ${{ steps.image-metadata.outputs.full-image-name }} ./images/${{ matrix.image-name }}/Dockerfile
|
||||
run: python ./build_image.py ${{ steps.image-metadata.outputs.full-image-name }} ./images/debian-12.6-slim/Dockerfile
|
||||
- name: Tag image as latest
|
||||
run: podman tag ${{ steps.image-metadata.outputs.full-image-name }} ${{ matrix.image-name }}:latest
|
||||
run: podman tag ${{ steps.image-metadata.outputs.full-image-name }} debian-12.6-slim:latest
|
||||
- name: List images
|
||||
run: podman image ls
|
||||
- name: Push tagged image to registry
|
||||
if: ${{ github.event_name == "push" }}
|
||||
if: ${{ github.event_name == 'push' }}
|
||||
run: |
|
||||
podman push ${{ steps.image-metadata.outputs.full-image-name }} ${{ env.REGISTRY_ENDPOINT }}/forge-runners/${{ steps.image-metadata.outputs.full-image-name }}
|
||||
podman push ${{ steps.image-metadata.outputs.full-image-name }} ${{ env.REGISTRY_ENDPOINT }}/forge-runners/${{ matrix.image-name }}:latest
|
||||
podman push ${{ steps.image-metadata.outputs.full-image-name }} ${{ env.REGISTRY_ENDPOINT }}/forge-runners/debian-12.6-slim:latest
|
||||
post-run:
|
||||
runs-on: imagefactory-latest
|
||||
needs: [build-images]
|
||||
needs: [build-runner]
|
||||
steps:
|
||||
- uses: https://forge.karnov.club/marc/push-status-to-discord-action@main
|
||||
if: ${{success()}}
|
||||
|
|
14
README.md
14
README.md
|
@ -1,3 +1,15 @@
|
|||
# runner-images
|
||||
|
||||
Image factory for Forgejo action runners
|
||||
Image factory for Forgejo Action runners
|
||||
|
||||
## Building
|
||||
|
||||
Images can be build locally if needed:
|
||||
|
||||
```sh
|
||||
python build_image.py <image-name> <Dockerfile path>
|
||||
```
|
||||
|
||||
CI will also build images when a tag of the format `v*` is pushed. The images built by CI are tagged as `:latest` and pushed to the registry at the run.
|
||||
|
||||
If CI workflows are triggered manually (i.e. via `workflow_dispatch`), then the image push is skipped.
|
||||
|
|
|
@ -18,11 +18,13 @@ RUN apt update && \
|
|||
python3 \
|
||||
python3-pip \
|
||||
pipx \
|
||||
fuse-overlayfs \
|
||||
--no-install-recommends \
|
||||
--autoremove && \
|
||||
apt-get clean
|
||||
|
||||
COPY ./files/registries.conf /etc/containers/registries.conf
|
||||
COPY ./files/storage.conf /etc/containers/storage.conf
|
||||
|
||||
FROM skeleton as runner
|
||||
|
||||
|
|
68
images/debian-12.6-slim/files/storage.conf
Normal file
68
images/debian-12.6-slim/files/storage.conf
Normal file
|
@ -0,0 +1,68 @@
|
|||
[storage]
|
||||
driver = "overlay"
|
||||
runroot = "/run/containers/storage"
|
||||
graphroot = "/var/lib/containers/storage"
|
||||
|
||||
[storage.options.overlay]
|
||||
# ignore_chown_errors can be set to allow a non privileged user running with
|
||||
# a single UID within a user namespace to run containers. The user can pull
|
||||
# and use any image even those with multiple uids. Note multiple UIDs will be
|
||||
# squashed down to the default uid in the container. These images will have no
|
||||
# separation between the users in the container. Only supported for the overlay
|
||||
# and vfs drivers.
|
||||
# This is a "string bool": "false" | "true" (cannot be native TOML boolean)
|
||||
#ignore_chown_errors = "false"
|
||||
|
||||
# Inodes is used to set a maximum inodes of the container image.
|
||||
# inodes = ""
|
||||
|
||||
# Path to an helper program to use for mounting the file system instead of mounting it
|
||||
# directly.
|
||||
mount_program = "/usr/bin/fuse-overlayfs"
|
||||
|
||||
# mountopt specifies comma separated list of extra mount options
|
||||
mountopt = "nodev"
|
||||
|
||||
# Set to skip a PRIVATE bind mount on the storage home directory.
|
||||
# This is a "string bool": "false" | "true" (cannot be native TOML boolean)
|
||||
# skip_mount_home = "false"
|
||||
|
||||
# Set to use composefs to mount data layers with overlay.
|
||||
# This is a "string bool": "false" | "true" (cannot be native TOML boolean)
|
||||
# use_composefs = "false"
|
||||
|
||||
# Size is used to set a maximum size of the container image.
|
||||
# size = ""
|
||||
|
||||
# ForceMask specifies the permissions mask that is used for new files and
|
||||
# directories.
|
||||
#
|
||||
# The values "shared" and "private" are accepted.
|
||||
# Octal permission masks are also accepted.
|
||||
#
|
||||
# "": No value specified.
|
||||
# All files/directories, get set with the permissions identified within the
|
||||
# image.
|
||||
# "private": it is equivalent to 0700.
|
||||
# All files/directories get set with 0700 permissions. The owner has rwx
|
||||
# access to the files. No other users on the system can access the files.
|
||||
# This setting could be used with networked based homedirs.
|
||||
# "shared": it is equivalent to 0755.
|
||||
# The owner has rwx access to the files and everyone else can read, access
|
||||
# and execute them. This setting is useful for sharing containers storage
|
||||
# with other users. For instance have a storage owned by root but shared
|
||||
# to rootless users as an additional store.
|
||||
# NOTE: All files within the image are made readable and executable by any
|
||||
# user on the system. Even /etc/shadow within your image is now readable by
|
||||
# any user.
|
||||
#
|
||||
# OCTAL: Users can experiment with other OCTAL Permissions.
|
||||
#
|
||||
# Note: The force_mask Flag is an experimental feature, it could change in the
|
||||
# future. When "force_mask" is set the original permission mask is stored in
|
||||
# the "user.containers.override_stat" xattr and the "mount_program" option must
|
||||
# be specified. Mount programs like "/usr/bin/fuse-overlayfs" present the
|
||||
# extended attribute permissions to processes within containers rather than the
|
||||
# "force_mask" permissions.
|
||||
#
|
||||
# force_mask = ""
|
|
@ -1,45 +0,0 @@
|
|||
FROM ubuntu:22.04 as skeleton
|
||||
|
||||
ENV NODE_VERSION "20.12.2"
|
||||
ENV NVM_VERSION "0.37.2"
|
||||
|
||||
ENV DEBIAN_FRONTEND noninteractive
|
||||
ENV TZ Etc/UTC
|
||||
|
||||
RUN apt update && \
|
||||
apt upgrade -y && \
|
||||
apt install -y \
|
||||
curl \
|
||||
podman \
|
||||
jq \
|
||||
git \
|
||||
xz-utils \
|
||||
ca-certificates \
|
||||
python3 \
|
||||
python3-venv \
|
||||
python3-pip \
|
||||
--no-install-recommends \
|
||||
--autoremove && \
|
||||
apt-get clean
|
||||
|
||||
COPY ./files/registries.conf /etc/containers/registries.conf
|
||||
|
||||
FROM skeleton as runner
|
||||
|
||||
WORKDIR /runner
|
||||
|
||||
RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v$NVM_VERSION/install.sh | bash
|
||||
|
||||
RUN . $HOME/.nvm/nvm.sh && \
|
||||
nvm install $NODE_VERSION && \
|
||||
nvm use $NODE_VERSION && \
|
||||
nvm cache clear
|
||||
|
||||
ENV NVM_DIR $HOME/.nvm
|
||||
ENV PATH /root/.nvm/versions/node/v$NODE_VERSION/bin:$PATH
|
||||
|
||||
RUN node --version
|
||||
|
||||
RUN corepack enable
|
||||
|
||||
RUN python3 -m pip install pipx
|
|
@ -1,3 +0,0 @@
|
|||
[[registry]]
|
||||
insecure = true
|
||||
location = "host.containers.internal:5000"
|
Loading…
Reference in a new issue