public/builder
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Rewrite for Podman based infrastructure
All checks were successful
/ build (push) Successful in 2m28s
Details

Browse source 
Replace Docker buildx based container building with buildah configured
for running in a Forgejo runner that's inside a rootless Podman
deployment.

This also removes kubectl and ansible as my infrastructure is not going
to target these technologies for deployment.
This commit is contained in:
Hornwitser 2025-05-18 22:16:49 +02:00
parent 466c9ef7be
commit 402bc210aa
5 changed files with 112 additions and 142 deletions
Download patch file Download diff file Expand all files Collapse all files

99
.forgejo/workflows/build.yaml
View file

@ -1,56 +1,43 @@
on: [push] on:
env: push:
REGISTRY: forgejo.sbox.hornwitser.no env:
REGISTRY_IMAGE: forgejo.sbox.hornwitser.no/furnavia/builder REGISTRY_IMAGE: ${{ vars.REGISTRY }}/${{ github.repository }}:${{ github.ref_name }}
jobs: jobs:
build: build:
runs-on: docker runs-on: debian
container: steps:
image: node:20-bookworm -
steps: name: Install and configure dependencies
- run: |
name: Install docker apt-get update
run: | apt-get install -y --no-install-recommends \
apt-get update buildah \
apt-get install -y --no-install-recommends ca-certificates curl git ca-certificates \
install -m 0755 -d /etc/apt/keyrings containers-storage \
curl -sSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc crun \
chmod a+r /etc/apt/keyrings/docker.asc git \
echo \ netavark \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] \ ;
https://download.docker.com/linux/debian \ shared=/var/lib/shared/storage
bookworm stable" \ sed /usr/share/containers/storage.conf \
> /etc/apt/sources.list.d/docker.list -e "/^additionalimagestores/a"'\
apt-get update '"\"$shared\"" \
apt-get install -y --no-install-recommends docker-ce-cli docker-buildx-plugin docker-compose-plugin > /etc/containers/storage.conf
- -
name: Get image tags name: Checkout repository
id: info run: |
shell: bash git config --global credential.helper store
run: | echo "https://runner:${{ secrets.GITHUB_TOKEN }}@$(echo "${{ github.server_url }}" | cut -b 9-)" > ~/.git-credentials
tee -a ${GITHUB_OUTPUT} <<EOF git clone --branch ${{ github.ref_name }} ${{ github.server_url }}/${{ github.repository }} ${{ github.workspace }}
TAGS<<EOT -
$( name: Authenticate with registry
echo ${{ env.REGISTRY_IMAGE }}:${{ github.ref_name }} run: |
if [[ "${{ github.ref_name }}" =~ ^r[0-9]+\.[0-9]+\.[0-9]+$ ]]; then echo "${{ secrets.REGISTRY_TOKEN }}" | buildah login ${{ vars.REGISTRY }} --username runner --password-stdin
echo ${{ env.REGISTRY_IMAGE }}:latest -
elif [[ "${{ github.ref_name }}" == forgejo ]]; then name: Build and push
echo ${{ env.REGISTRY_IMAGE }}:development run: |
fi export BUILDAH_ISOLATION=chroot
) export _BUILDAH_STARTED_IN_USERNS=""
EOT ${{ github.workspace }}/builder.sh ${{ env.REGISTRY_IMAGE }}
EOF buildah push ${{ env.REGISTRY_IMAGE }}
-
name: Authenticate
uses: docker/login-action@v3
with:
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_TOKEN }}
registry: ${{ env.REGISTRY }}
-
name: Build and push
uses: docker/build-push-action@v6
with:
push: true
tags: ${{ steps.info.outputs.TAGS }}

17
.gitlab-ci.yml
View file

@ -1,17 +0,0 @@
default:
image: docker:24.0.5
build:
stage: build
script:
- docker build $CI_PROJECT_DIR
--tag ${REGISTRY_IMAGE}:${CI_COMMIT_REF_SLUG}
$(echo "$CI_COMMIT_TAG" | if grep -q $(date -u '+^r%g\.%-V\.\(0\|[1-9][0-9]*\)$');
then echo --tag ${REGISTRY_IMAGE}:latest;
fi)
deploy:
stage: deploy
script:
- echo "$REGISTRY_PASSWORD" | docker login $CI_REGISTRY -u $REGISTRY_USER --password-stdin
- docker push --all-tags ${REGISTRY_IMAGE}

60
Dockerfile
View file

@ -1,60 +0,0 @@
FROM debian:bookworm
ARG KUBE_RELEASE=v1.30.2
ARG YQ_VERSION=v4.44.2
ARG NODE_VERSION=20.x
ARG PNPM_VERSION=v9.5.0
ARG UBUNTU_CODENAME=jammy
RUN set -eux; \
apt-get update; \
apt-get install -y --no-install-recommends \
ca-certificates \
curl \
git \
gpg \
openssh-client \
; \
install -m 0755 -d /etc/apt/keyrings; \
curl -sSL "https://keyserver.ubuntu.com/pks/lookup?fingerprint=on&op=get&search=0x6125E2A8C77F2818FB7BD15B93C4A3FD7BB9C367" \
> /etc/apt/keyrings/ansible.asc \
; \
echo \
"deb [signed-by=/etc/apt/keyrings/ansible.asc] \
http://ppa.launchpad.net/ansible/ansible/ubuntu \
$UBUNTU_CODENAME main" \
> /etc/apt/sources.list.d/ansible.list; \
curl -sSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc; \
chmod a+r /etc/apt/keyrings/docker.asc; \
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] \
https://download.docker.com/linux/debian \
bookworm stable" \
> /etc/apt/sources.list.d/docker.list; \
apt-get update; \
apt-get install -y --no-install-recommends \
ansible \
docker-ce-cli \
docker-buildx-plugin \
docker-compose-plugin \
; \
curl --silent --location "https://dl.k8s.io/release/$KUBE_RELEASE/bin/linux/amd64/kubectl" \
| install --owner=root --group=root --mode=0755 /dev/stdin /usr/local/bin/kubectl \
; \
curl --silent --location "https://github.com/mikefarah/yq/releases/download/$YQ_VERSION/yq_linux_amd64.tar.gz" \
| tar --extract --gzip --to-stdout ./yq_linux_amd64 \
| install --owner=root --group=root --mode=0755 /dev/stdin /usr/local/bin/yq \
; \
curl --silent --location "https://deb.nodesource.com/setup_$NODE_VERSION" | bash; \
apt-get install -y --no-install-recommends nodejs; \
corepack install --global pnpm@$PNPM_VERSION; \
corepack enable pnpm; \
rm -rf /var/lib/apt/lists/*
# References:
# - ansible: https://docs.ansible.com/ansible/latest/installation_guide/installation_distros.html#installing-ansible-on-debian
# - docker: https://docs.docker.com/engine/install/debian/#install-from-a-package
# - kubectl: https://kubectl.docs.kubernetes.io/installation/kubectl/binaries/
# - node: https://github.com/nodesource/distributions#installation-instructions-deb
# - pnpm: https://nodejs.org/api/corepack.html#upgrading-the-global-versions
# - yq: https://github.com/mikefarah/yq?tab=readme-ov-file#install

16
Readme.md
View file

@ -1,16 +1,14 @@
# Builder # Builder
Common docker image used for running application builds, CI pipelines, and deployment scripts based on Debian 12. Common container image used for running application builds, CI pipelines, and deployment scripts based on Debian Trixie.
## Tools included ## Tools included
- `ansible` latest - https://www.ansible.com/ - `buildah` trixie - https://packages.debian.org/trixie/buildah
- `docker` latest - https://www.docker.com/ - `curl` trixie - https://packages.debian.org/trixie/curl
- `curl` bookworm - https://packages.debian.org/bookworm/curl - `git` trixie - https://packages.debian.org/trixie/git
- `git` bookworm - https://packages.debian.org/bookworm/git - `node` v22.x - https://github.com/nodesource/distributions
- `gpg` bookworm - https://packages.debian.org/bookworm/gpg
- `kubectl` v1.30.2 - https://kubectl.docs.kubernetes.io/
- `node` v20.x - https://nodejs.org/
- `pnpm` v9.5.0 - https://pnpm.io/ - `pnpm` v9.5.0 - https://pnpm.io/
- `ssh` bookworm - https://packages.debian.org/bookworm/openssh-client - `podman` trixie - https://packages.debian.org/trixie/podman
- `ssh` trixie - https://packages.debian.org/trixie/openssh-client
- `yq` v4.44.2 - https://github.com/mikefarah/yq - `yq` v4.44.2 - https://github.com/mikefarah/yq

62
builder.sh Executable file
View file

@ -0,0 +1,62 @@
#!/usr/bin/env bash
set -xe
YQ_VERSION=v4.44.2
NODE_VERSION=22.x
PNPM_VERSION=v9.5.0
ctr=$(buildah from "docker.io/library/debian:trixie-20250428")
mnt=$(buildah mount $ctr) # Used to verify mounts work
# Install dependencies
buildah run $ctr -- apt-get update
buildah run $ctr -- apt-get install -y --no-install-recommends \
buildah \
ca-certificates \
containers-storage \
crun \
curl \
git \
netavark \
openssh-client \
podman \
podman-docker \
;
# Configure container storage
shared=/var/lib/shared/storage
buildah run $ctr -- sh -c "sed /usr/share/containers/storage.conf \
-e '/^additionalimagestores/a"'\
'" \"$shared\"' \
> /etc/containers/storage.conf"
buildah run $ctr -- sh -c "\
mkdir -p $shared/overlay-images $shared/overlay-layers; \
touch $shared/overlay-images/images.lock; \
touch $shared/overlay-layers/layers.lock; \
"
# yq https://github.com/mikefarah/yq?tab=readme-ov-file#install
buildah run $ctr -- sh -c "curl --silent --location \"https://github.com/mikefarah/yq/releases/download/$YQ_VERSION/yq_linux_amd64.tar.gz\" \
| tar --extract --gzip --to-stdout ./yq_linux_amd64 \
| install --owner=root --group=root --mode=0755 /dev/stdin /usr/local/bin/yq \
;"
# node https://github.com/nodesource/distributions?tab=readme-ov-file#using-debian-as-root-nodejs-22
buildah run $ctr -- sh -c "curl --silent --location \"https://deb.nodesource.com/setup_$NODE_VERSION\" | bash"
buildah run $ctr -- apt-get install -y --no-install-recommends nodejs
# pnpm https://nodejs.org/api/corepack.html#upgrading-the-global-versions
buildah run $ctr -- corepack install --global pnpm@$PNPM_VERSION
buildah run $ctr -- corepack enable pnpm
# Clear caches
buildah run $ctr -- rm -rf /var/lib/apt/lists/*
# Config
buildah config \
--env BUILDAH_ISOLATION=chroot \
--env _BUILDAH_STARTED_IN_USERNS= \
$ctr;
buildah unmount $ctr
buildah commit --rm $ctr $1