Rewrite for Podman based infrastructure
All checks were successful
/ build (push) Successful in 2m28s
All checks were successful
/ build (push) Successful in 2m28s
Replace Docker buildx based container building with buildah configured for running in a Forgejo runner that's inside a rootless Podman deployment. This also removes kubectl and ansible as my infrastructure is not going to target these technologies for deployment.
This commit is contained in:
parent
466c9ef7be
commit
402bc210aa
5 changed files with 112 additions and 142 deletions
|
|
@ -1,56 +1,43 @@
|
|||
on: [push]
|
||||
env:
|
||||
REGISTRY: forgejo.sbox.hornwitser.no
|
||||
REGISTRY_IMAGE: forgejo.sbox.hornwitser.no/furnavia/builder
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: docker
|
||||
container:
|
||||
image: node:20-bookworm
|
||||
steps:
|
||||
-
|
||||
name: Install docker
|
||||
run: |
|
||||
apt-get update
|
||||
apt-get install -y --no-install-recommends ca-certificates curl git
|
||||
install -m 0755 -d /etc/apt/keyrings
|
||||
curl -sSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
|
||||
chmod a+r /etc/apt/keyrings/docker.asc
|
||||
echo \
|
||||
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] \
|
||||
https://download.docker.com/linux/debian \
|
||||
bookworm stable" \
|
||||
> /etc/apt/sources.list.d/docker.list
|
||||
apt-get update
|
||||
apt-get install -y --no-install-recommends docker-ce-cli docker-buildx-plugin docker-compose-plugin
|
||||
-
|
||||
name: Get image tags
|
||||
id: info
|
||||
shell: bash
|
||||
run: |
|
||||
tee -a ${GITHUB_OUTPUT} <<EOF
|
||||
TAGS<<EOT
|
||||
$(
|
||||
echo ${{ env.REGISTRY_IMAGE }}:${{ github.ref_name }}
|
||||
if [[ "${{ github.ref_name }}" =~ ^r[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
|
||||
echo ${{ env.REGISTRY_IMAGE }}:latest
|
||||
elif [[ "${{ github.ref_name }}" == forgejo ]]; then
|
||||
echo ${{ env.REGISTRY_IMAGE }}:development
|
||||
fi
|
||||
)
|
||||
EOT
|
||||
EOF
|
||||
-
|
||||
name: Authenticate
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
username: ${{ secrets.REGISTRY_USERNAME }}
|
||||
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||
registry: ${{ env.REGISTRY }}
|
||||
-
|
||||
name: Build and push
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
push: true
|
||||
tags: ${{ steps.info.outputs.TAGS }}
|
||||
on:
|
||||
push:
|
||||
env:
|
||||
REGISTRY_IMAGE: ${{ vars.REGISTRY }}/${{ github.repository }}:${{ github.ref_name }}
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: debian
|
||||
steps:
|
||||
-
|
||||
name: Install and configure dependencies
|
||||
run: |
|
||||
apt-get update
|
||||
apt-get install -y --no-install-recommends \
|
||||
buildah \
|
||||
ca-certificates \
|
||||
containers-storage \
|
||||
crun \
|
||||
git \
|
||||
netavark \
|
||||
;
|
||||
shared=/var/lib/shared/storage
|
||||
sed /usr/share/containers/storage.conf \
|
||||
-e "/^additionalimagestores/a"'\
|
||||
'"\"$shared\"" \
|
||||
> /etc/containers/storage.conf
|
||||
-
|
||||
name: Checkout repository
|
||||
run: |
|
||||
git config --global credential.helper store
|
||||
echo "https://runner:${{ secrets.GITHUB_TOKEN }}@$(echo "${{ github.server_url }}" | cut -b 9-)" > ~/.git-credentials
|
||||
git clone --branch ${{ github.ref_name }} ${{ github.server_url }}/${{ github.repository }} ${{ github.workspace }}
|
||||
-
|
||||
name: Authenticate with registry
|
||||
run: |
|
||||
echo "${{ secrets.REGISTRY_TOKEN }}" | buildah login ${{ vars.REGISTRY }} --username runner --password-stdin
|
||||
-
|
||||
name: Build and push
|
||||
run: |
|
||||
export BUILDAH_ISOLATION=chroot
|
||||
export _BUILDAH_STARTED_IN_USERNS=""
|
||||
${{ github.workspace }}/builder.sh ${{ env.REGISTRY_IMAGE }}
|
||||
buildah push ${{ env.REGISTRY_IMAGE }}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue