[#4] Create CI environment for building OCI images
Some checks are pending
/ build-dotnet-8.0 (pull_request) Successful in 5m45s
/ build-oci-image-builder-bookworm (pull_request) Successful in 3m20s
/ build-openjdk-11-maven-3.8.6 (pull_request) Successful in 5m40s
/ build-python-3.11 (pull_request) Successful in 1m24s
/ build-python-3.13 (pull_request) Successful in 5m58s
/ build-dotnet-8.0 (push) Successful in 5m30s
/ build-oci-image-builder-bookworm (push) Successful in 4m6s
/ build-openjdk-11-maven-3.8.6 (push) Successful in 1m25s
/ build-python-3.11 (push) Successful in 5m39s
/ build-python-3.13 (push) Has started running
Some checks are pending
/ build-dotnet-8.0 (pull_request) Successful in 5m45s
/ build-oci-image-builder-bookworm (pull_request) Successful in 3m20s
/ build-openjdk-11-maven-3.8.6 (pull_request) Successful in 5m40s
/ build-python-3.11 (pull_request) Successful in 1m24s
/ build-python-3.13 (pull_request) Successful in 5m58s
/ build-dotnet-8.0 (push) Successful in 5m30s
/ build-oci-image-builder-bookworm (push) Successful in 4m6s
/ build-openjdk-11-maven-3.8.6 (push) Successful in 1m25s
/ build-python-3.11 (push) Successful in 5m39s
/ build-python-3.13 (push) Has started running
This saves some workflow time previously spent on installing Debian packages and also allows for easier reuse of Buildah in other repos' actions. Signed-off-by: Vitaliy Potyarkin <v.potyarkin@yadro.com>
This commit is contained in:
parent
f36d1e57de
commit
f37c89b1fd
7 changed files with 98 additions and 13 deletions
|
@ -7,16 +7,15 @@ jobs:
|
|||
build:
|
||||
name: build-${{matrix.tag}}
|
||||
runs-on: docker
|
||||
container: node:22-bullseye
|
||||
container: git.frostfs.info/truecloudlab/env:oci-image-builder-bookworm
|
||||
strategy:
|
||||
matrix:
|
||||
tag:
|
||||
- dotnet-8.0
|
||||
- oci-image-builder-bookworm
|
||||
- openjdk-11-maven-3.8.6
|
||||
- python-3.11
|
||||
- python-3.13
|
||||
env:
|
||||
STORAGE_DRIVER: vfs
|
||||
steps:
|
||||
- name: Clone git repo
|
||||
uses: actions/checkout@v3
|
||||
|
@ -28,16 +27,6 @@ jobs:
|
|||
${{matrix.tag}}/**
|
||||
id: changed
|
||||
|
||||
- name: Install Buildah
|
||||
run: |-
|
||||
apt update; apt install -y buildah
|
||||
|
||||
# STORAGE_DRIVER variable is ignored if this file does not exist
|
||||
touch /etc/containers/storage.conf
|
||||
if: >-
|
||||
github.event_name == 'workflow_dispatch'
|
||||
|| steps.changed.outputs.any_changed == 'true'
|
||||
|
||||
- name: Build OCI image
|
||||
run: make ${{matrix.tag}}
|
||||
if: >-
|
||||
|
|
15
oci-image-builder-bookworm/Dockerfile
Normal file
15
oci-image-builder-bookworm/Dockerfile
Normal file
|
@ -0,0 +1,15 @@
|
|||
FROM docker.io/node:20-bookworm-slim as node
|
||||
FROM docker.io/golang:1.23-bookworm
|
||||
COPY --from=node /usr/local /usr/local
|
||||
COPY --from=node /opt /opt
|
||||
|
||||
RUN apt-get update && \
|
||||
apt-get install -y buildah && \
|
||||
apt-get clean && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
COPY docker-wrapper.sh /usr/local/bin/docker
|
||||
|
||||
# Configuration for buildah inside rootless podman
|
||||
COPY containers.conf /etc/containers/containers.conf
|
||||
COPY registries.conf /etc/containers/registries.conf
|
||||
COPY storage.conf /etc/containers/storage.conf
|
39
oci-image-builder-bookworm/README.md
Normal file
39
oci-image-builder-bookworm/README.md
Normal file
|
@ -0,0 +1,39 @@
|
|||
# Forgejo Actions environment for building OCI container images
|
||||
|
||||
Building OCI container images inside Forgejo Actions is somewhat non-trivial.
|
||||
We need to execute Buildah inside of a rootless Podman container, which
|
||||
eventually leads to a podman-in-podman scenario. Thankfully, this is not as
|
||||
complex as docker-in-docker.
|
||||
|
||||
This image contains everything we need for executing `make image` in our
|
||||
Golang repos:
|
||||
|
||||
- Go toolchain (for helper scripts called by Makefile)
|
||||
- Docker wrapper (for abstracting Buildah away from human Makefile users)
|
||||
- Podman configuration files
|
||||
|
||||
## Usage
|
||||
|
||||
Referencing this container from `.forgejo/workflows/workflow.yml`:
|
||||
|
||||
```yaml
|
||||
jobs:
|
||||
oci-image:
|
||||
runs-on: docker
|
||||
container: git.frostfs.info/truecloudlab/env:oci-image-builder-bookworm
|
||||
```
|
||||
|
||||
See full [live
|
||||
example](https://git.frostfs.info/TrueCloudLab/action-env/src/branch/master/.forgejo/workflows/build.yml)
|
||||
in action in this repo.
|
||||
|
||||
## Initial Forgejo setup
|
||||
|
||||
We use this image to build all images in this repo. To avoid chicken-and-egg
|
||||
situation in case of disaster recovery, the first version of this image must
|
||||
be pushed from outside of Forgejo Actions, e.g. from sysadmin laptop:
|
||||
|
||||
```console
|
||||
$ make oci-image-builder-bookworm
|
||||
$ make push-oci-image-builder-bookworm
|
||||
```
|
8
oci-image-builder-bookworm/containers.conf
Normal file
8
oci-image-builder-bookworm/containers.conf
Normal file
|
@ -0,0 +1,8 @@
|
|||
# https://github.com/containers/podman/issues/20453#issuecomment-1912725982
|
||||
[containers]
|
||||
cgroupns="host"
|
||||
ipcns="host"
|
||||
netns="host"
|
||||
pidns="host"
|
||||
userns="host"
|
||||
utsns="host"
|
18
oci-image-builder-bookworm/docker-wrapper.sh
Executable file
18
oci-image-builder-bookworm/docker-wrapper.sh
Executable file
|
@ -0,0 +1,18 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# A wrapper that translates `docker build` commands for use with buildah
|
||||
#
|
||||
set -euo pipefail
|
||||
while [[ $# -ne 0 ]]
|
||||
do
|
||||
case "$1" in
|
||||
--rm|--force-rm)
|
||||
# 'rm' and 'force-rm' can only be set with either 'layers' or 'no-cache'
|
||||
;;
|
||||
*)
|
||||
args+=("$1")
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
buildah "${args[@]}"
|
11
oci-image-builder-bookworm/registries.conf
Normal file
11
oci-image-builder-bookworm/registries.conf
Normal file
|
@ -0,0 +1,11 @@
|
|||
unqualified-search-registries = ["docker.io"]
|
||||
|
||||
[[registry]]
|
||||
prefix = "docker.io"
|
||||
location = "docker.io"
|
||||
|
||||
[[registry.mirror]]
|
||||
location = "quay.io"
|
||||
|
||||
[[registry.mirror]]
|
||||
location = "docker.io"
|
5
oci-image-builder-bookworm/storage.conf
Normal file
5
oci-image-builder-bookworm/storage.conf
Normal file
|
@ -0,0 +1,5 @@
|
|||
# STORAGE_DRIVER variable is ignored if /etc/containers/storage.conf does not exist
|
||||
[storage]
|
||||
driver = "vfs"
|
||||
runroot = "/run/containers/storage"
|
||||
graphroot = "/var/lib/containers/storage"
|
Loading…
Reference in a new issue