ratigorsk/podman-in-docker
2
0
Fork 0
Code Actions Packages Activity

Merge branch 'develop' into 'main'
Some checks failed
Build podman-dind-like / build-and-push (GITHUB_TOKEN, HOME_NEXUS_DOCKER_PASSWORD, NEXUS_DOCKER_USER, ghcr.io, $NEXUS_PROXY_REGISTRY, GITHUB_DOCKER_USER) (push) Has been cancelled
Details

Browse Source 
Adding on the nss-tools package for certutil

See merge request ymdllc/containers/podman-dind-like!26
This commit is contained in:
James Jones
2025-02-01 17:36:06 +00:00
parent 94000acba6 c37c8989bb
commit bfc843f991
2 changed files with 28 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
.github/workflows/build.yml vendored
View File

@@ -21,20 +21,27 @@ env:
jobs: jobs:
build-and-push: build-and-push:
runs-on: [ self-hosted, medium, build ] runs-on: jamesjonesconsulting-arch-gha-set
# runs-on: [ self-hosted, medium, build ]
timeout-minutes: 720 timeout-minutes: 720
container: container:
image: nexus.jamesjonesconsulting.com:5444/podman/stable:latest image: nexus.jamesjonesconsulting.com:5444/podman/stable:latest
# image: quay.io/podman/stable:latest # image: quay.io/podman/stable:latest
options: --userns=keep-id --group-add keep-groups --privileged --user root # options: '--user root'
credentials: options: >-
username: ${{ secrets.HOME_NEXUS_DOCKER_USER }} --user root:root
password: ${{ secrets.HOME_NEXUS_DOCKER_PASSWORD }} # --privileged
# --group-add keep-groups
# --userns=keep-id
# credentials:
# username: ${{ secrets.HOME_NEXUS_DOCKER_USER }}
# password: ${{ secrets.HOME_NEXUS_DOCKER_PASSWORD }}
strategy: strategy:
fail-fast: false fail-fast: false
max-parallel: 2 max-parallel: 2
matrix: matrix:
registry: [ 'ghcr.io', 'nexus.jamesjonesconsulting.com:5443' ] # registry: [ 'ghcr.io', 'nexus.jamesjonesconsulting.com:5443' ]
registry: [ 'ghcr.io' ]
include: include:
- registry: ghcr.io - registry: ghcr.io
user: GITHUB_DOCKER_USER user: GITHUB_DOCKER_USER
@@ -42,12 +49,12 @@ jobs:
registry_proxy: $NEXUS_PROXY_REGISTRY registry_proxy: $NEXUS_PROXY_REGISTRY
proxy_user: NEXUS_DOCKER_USER proxy_user: NEXUS_DOCKER_USER
proxy_password: HOME_NEXUS_DOCKER_PASSWORD proxy_password: HOME_NEXUS_DOCKER_PASSWORD
- registry: nexus.jamesjonesconsulting.com:5443 # - registry: nexus.jamesjonesconsulting.com:5443
user: NEXUS_DOCKER_USER # user: NEXUS_DOCKER_USER
password: HOME_NEXUS_DOCKER_PASSWORD # password: HOME_NEXUS_DOCKER_PASSWORD
registry_proxy: $NEXUS_PROXY_REGISTRY # registry_proxy: $NEXUS_PROXY_REGISTRY
proxy_user: NEXUS_DOCKER_USER # proxy_user: NEXUS_DOCKER_USER
proxy_password: HOME_NEXUS_DOCKER_PASSWORD # proxy_password: HOME_NEXUS_DOCKER_PASSWORD
steps: steps:
# Downloads a copy of the code in your repository before running CI tests # Downloads a copy of the code in your repository before running CI tests
- name: Check out repository code - name: Check out repository code
@@ -61,12 +68,12 @@ jobs:
login-server: ${{ matrix.registry }} login-server: ${{ matrix.registry }}
username: ${{ env[matrix.user] }} username: ${{ env[matrix.user] }}
password: ${{ secrets[matrix.password] }} password: ${{ secrets[matrix.password] }}
- name: Docker Login # - name: Docker Login
uses: azure/docker-login@v1 # uses: azure/docker-login@v1
with: # with:
login-server: ${{ matrix.registry_proxy }} # login-server: ${{ matrix.registry_proxy }}
username: ${{ env[matrix.proxy_user] }} # username: ${{ env[matrix.proxy_user] }}
password: ${{ secrets[matrix.proxy_password] }} # password: ${{ secrets[matrix.proxy_password] }}
# This requires docker buildx which podman doesn't support # This requires docker buildx which podman doesn't support
# - name: Extract metadata (tags, labels) for Docker # - name: Extract metadata (tags, labels) for Docker
# id: meta # id: meta
@@ -88,7 +95,8 @@ jobs:
else else
VERSION=$(echo "${GITHUB_REF_NAME}" | sed 's|/|-|g') VERSION=$(echo "${GITHUB_REF_NAME}" | sed 's|/|-|g')
fi fi
podman build . --file Dockerfile --tag "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" --build-arg ARTIFACTORY=${{ matrix.registry_proxy }} podman build . --userns-gid-map-group=1001 --userns-uid-map-user=1001 --file Dockerfile \
--tag "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" --build-arg ARTIFACTORY=${{ matrix.registry_proxy }}
if [[ "$GITHUB_REF" =~ ^refs/pull.* ]]; then if [[ "$GITHUB_REF" =~ ^refs/pull.* ]]; then
echo "Pull requests do not get published. Only for testing" echo "Pull requests do not get published. Only for testing"
else else

2
Dockerfile
View File

@@ -16,7 +16,7 @@ RUN dnf install -y --nogpgcheck \
# docker-compose - broken dependencies in F38 so removing # docker-compose - broken dependencies in F38 so removing
RUN dnf install -y podman-docker buildah skopeo \ RUN dnf install -y podman-docker buildah skopeo \
util-linux ansible-core openssh-clients krb5-devel krb5-libs krb5-workstation git jq wget curl unzip coreutils \ util-linux ansible-core openssh-clients krb5-devel krb5-libs krb5-workstation git jq wget curl unzip coreutils \
samba-client samba-common cifs-utils helm doctl gnupg2 pinentry expect gh awscli glab yq \ nss-tools samba-client samba-common cifs-utils helm doctl gnupg2 pinentry expect gh awscli glab yq \
python3-jsonpatch python3-requests-oauthlib python3-kubernetes python3-pyyaml python3-pip \ python3-jsonpatch python3-requests-oauthlib python3-kubernetes python3-pyyaml python3-pip \
&& curl -k -s -o - \ && curl -k -s -o - \
https://nexus.jamesjonesconsulting.com/repository/package-config/dist/proxy/rpmfusion/rpmfusion-setup-proxy-repos.sh |\ https://nexus.jamesjonesconsulting.com/repository/package-config/dist/proxy/rpmfusion/rpmfusion-setup-proxy-repos.sh |\