From ebce06004bdb65a89feb8aea3a38eba4d1d7e1a9 Mon Sep 17 00:00:00 2001 From: Petr Polezhaev Date: Sat, 7 Feb 2026 19:08:03 +0300 Subject: [PATCH] cleanup & fix the workflow --- .gitea/workflows/build.yml | 37 ++++++++++++ .github/workflows/build.yml | 108 ------------------------------------ .gitlab-ci.yml | 67 ---------------------- Dockerfile | 76 ++----------------------- README.md | 8 +-- rpm-sign-expect | 13 ----- ssh_ansible.conf | 3 - 7 files changed, 45 insertions(+), 267 deletions(-) create mode 100644 .gitea/workflows/build.yml delete mode 100644 .github/workflows/build.yml delete mode 100644 .gitlab-ci.yml delete mode 100644 rpm-sign-expect delete mode 100644 ssh_ansible.conf diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml new file mode 100644 index 0000000..21cfe9a --- /dev/null +++ b/.gitea/workflows/build.yml @@ -0,0 +1,37 @@ +name: Build-and-publish podman-in-docker + +on: + push: + branches: + - 'main' + tags: + - 'v*' + pull_request: + +jobs: + build-and-push: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v6 + + - name: Construct image metadata from commit + id: meta + uses: docker/metadata-action@v5 + with: + images: git.ratigorsk-12.ru/ratigorsk/podman-in-docker + + - name: Docker Login + uses: docker/login-action@v3 + with: + registry: git.ratigorsk-12.ru + username: ${{vars.CONTAINER_REGISTRY_USER}} + password: ${{secrets.CONTAINER_REGISTRY_PASSWORD}} + + - name: Build and push + uses: docker/build-push-action@v6 + with: + context: . + push: ${{github.event_name != 'pull_request'}} + tags: ${{steps.meta.outputs.tags}} + labels: ${{steps.meta.outputs.labels}} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index 574f4ca..0000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,108 +0,0 @@ -name: Build podman-dind-like - -on: - push: - branches: - - 'release/**' - - 'feature/**' - - develop - tags: - - '*' - pull_request: - branches: - - main - - 'release/**' - - develop - -env: - GITHUB_DOCKER_USER: ${{ github.actor }} - NEXUS_DOCKER_USER: ${{ secrets.HOME_NEXUS_DOCKER_USER }} - NEXUS_PROXY_REGISTRY: nexus.jamesjonesconsulting.com:5444 - -jobs: - build-and-push: - runs-on: jamesjonesconsulting-arch-gha-set - # runs-on: [ self-hosted, medium, build ] - timeout-minutes: 720 - container: - image: nexus.jamesjonesconsulting.com:5444/podman/stable:latest - # image: quay.io/podman/stable:latest - # options: '--user root' - options: >- - --user root:root - # --privileged - # --group-add keep-groups - # --userns=keep-id - # credentials: - # username: ${{ secrets.HOME_NEXUS_DOCKER_USER }} - # password: ${{ secrets.HOME_NEXUS_DOCKER_PASSWORD }} - strategy: - fail-fast: false - max-parallel: 2 - matrix: - # registry: [ 'ghcr.io', 'nexus.jamesjonesconsulting.com:5443' ] - registry: [ 'ghcr.io' ] - include: - - registry: ghcr.io - user: GITHUB_DOCKER_USER - password: GITHUB_TOKEN - registry_proxy: $NEXUS_PROXY_REGISTRY - proxy_user: NEXUS_DOCKER_USER - proxy_password: HOME_NEXUS_DOCKER_PASSWORD - # - registry: nexus.jamesjonesconsulting.com:5443 - # user: NEXUS_DOCKER_USER - # password: HOME_NEXUS_DOCKER_PASSWORD - # registry_proxy: $NEXUS_PROXY_REGISTRY - # proxy_user: NEXUS_DOCKER_USER - # proxy_password: HOME_NEXUS_DOCKER_PASSWORD - steps: - # Downloads a copy of the code in your repository before running CI tests - - name: Check out repository code - uses: actions/checkout@v3 - - name: Add on podman-docker for step compatibility - run: | - dnf install -y podman-docker - - name: Docker Login - uses: azure/docker-login@v1 - with: - login-server: ${{ matrix.registry }} - username: ${{ env[matrix.user] }} - password: ${{ secrets[matrix.password] }} - # - name: Docker Login - # uses: azure/docker-login@v1 - # with: - # login-server: ${{ matrix.registry_proxy }} - # username: ${{ env[matrix.proxy_user] }} - # password: ${{ secrets[matrix.proxy_password] }} - # This requires docker buildx which podman doesn't support - # - name: Extract metadata (tags, labels) for Docker - # id: meta - # uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 - # with: - # images: ${{ matrix.registry }}/${{ env.IMAGE_NAME }} - # - name: Build and push Docker images - # uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc - # with: - # context: . - # push: true - # tags: ${{ steps.meta.outputs.tags }} - # labels: ${{ steps.meta.outputs.labels }} - - name: Build the Docker image - run: | - IMAGE_NAME=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]') - if [[ "$GITHUB_REF" =~ ^refs/tags.* ]]; then - VERSION=$GITHUB_REF_NAME - else - VERSION=$(echo "${GITHUB_REF_NAME}" | sed 's|/|-|g') - fi - podman build . --userns-gid-map-group=1001 --userns-uid-map-user=1001 --file Dockerfile \ - --tag "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" --build-arg ARTIFACTORY=${{ matrix.registry_proxy }} - if [[ "$GITHUB_REF" =~ ^refs/pull.* ]]; then - echo "Pull requests do not get published. Only for testing" - else - podman push "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" - if [[ "$GITHUB_REF" =~ ^refs/tags.* ]]; then - podman tag "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" "${{ matrix.registry }}/$IMAGE_NAME:latest" - podman push "${{ matrix.registry }}/$IMAGE_NAME:latest" - fi - fi diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index 7d5d2a8..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,67 +0,0 @@ -stages: - - dind-build - -.base: - # See https://gitlab.com/gitlab-org/cluster-integration/cluster-applications/ - variables: - DOCKER_AUTH_CONFIG: ${HOME_NEXUS_DOCKER_AUTH_CONFIG} - image: "$HOME_NEXUS_DOCKER_REGISTRY_PROXY/podman/stable:latest" - timeout: 3h 30m - parallel: - matrix: - - REGISTRY_USER: $CI_REGISTRY_USER - REGISTRY_PASSWORD: $CI_REGISTRY_PASSWORD - REGISTRY: $CI_REGISTRY - REGISTRY_IMAGE: $CI_REGISTRY_IMAGE - - REGISTRY_USER: $HOME_NEXUS_DOCKER_USER - REGISTRY_PASSWORD: $HOME_NEXUS_DOCKER_PASSWORD - REGISTRY: $HOME_NEXUS_DOCKER_REGISTRY - REGISTRY_IMAGE: $HOME_NEXUS_DOCKER_REGISTRY/$CI_PROJECT_PATH - -.shared_resources: - script: &build_push - - podman login -u "$REGISTRY_USER" -p "$REGISTRY_PASSWORD" $REGISTRY - - export REGISTRY_IMAGE_LOWER=$(echo "$REGISTRY_IMAGE" | tr '[:upper:]' '[:lower:]') - - podman build --squash --pull -t "$REGISTRY_IMAGE_LOWER:$IMAGE_TAG" --build-arg ARTIFACTORY=$HOME_NEXUS_DOCKER_REGISTRY_PROXY . - - podman push "$REGISTRY_IMAGE_LOWER:$IMAGE_TAG" - before_script: &before_auth - - podman login -u "$HOME_NEXUS_DOCKER_USER" -p "$HOME_NEXUS_DOCKER_PASSWORD" $HOME_NEXUS_DOCKER_REGISTRY_PROXY - -build:prereleases: - stage: dind-build - extends: .base - tags: - - build - - medium - before_script: - - *before_auth - script: - - export IMAGE_TAG=$(echo -en $CI_COMMIT_REF_NAME | sed 's|/|-|g') - - *build_push - only: - refs: - - branches - variables: - - '($CI_PROJECT_URL =~ /gitlab\.jamesjonesconsulting\.com/ && $REGISTRY_USER == "$HOME_NEXUS_DOCKER_USER") || $CI_PROJECT_URL !~ /gitlab\.jamesjonesconsulting\.com/' - except: - refs: - - main -build:releases: - extends: .base - stage: dind-build - tags: - - build - - medium - before_script: - - *before_auth - script: - - export IMAGE_TAG=$CI_COMMIT_TAG - - *build_push - - podman tag "$REGISTRY_IMAGE_LOWER:$IMAGE_TAG" "$REGISTRY_IMAGE_LOWER:latest" - - podman push "$REGISTRY_IMAGE_LOWER:latest" - only: - refs: - - tags - variables: - - '($CI_PROJECT_URL =~ /gitlab\.jamesjonesconsulting\.com/ && $REGISTRY_USER == "$HOME_NEXUS_DOCKER_USER") || $CI_PROJECT_URL !~ /gitlab\.jamesjonesconsulting\.com/' - diff --git a/Dockerfile b/Dockerfile index fbf70fc..acd2802 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,76 +1,8 @@ -ARG ARTIFACTORY -FROM ${ARTIFACTORY}/podman/stable:latest +FROM podman/stable:latest -ENV SONAR_SCANNER_VERSION=5.0.1.3006 -ENV SONAR_SCANNER_HOME=/opt/sonar-scanner - -RUN echo ipv4 >> ~/.curlrc && \ - echo "inet4_only = on" >> ~/.wgetrc - -RUN dnf install -y --nogpgcheck \ - https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \ - https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm && \ - dnf config-manager setopt fedora-cisco-openh264.enabled=1 -y - -# Adding on the docker alias, docker-compose and other useful stuff including the Azure CLI and RPM build tools along with FPM -# docker-compose - broken dependencies in F38 so removing -RUN dnf install -y podman-docker buildah skopeo \ - util-linux ansible-core openssh-clients krb5-devel krb5-libs krb5-workstation git jq wget curl unzip coreutils \ - nss-tools samba-client samba-common cifs-utils helm doctl gnupg2 pinentry expect gh awscli glab yq \ - python3-jsonpatch python3-requests-oauthlib python3-kubernetes python3-pyyaml python3-pip \ - && curl -k -s -o - \ - https://nexus.jamesjonesconsulting.com/repository/package-config/dist/proxy/rpmfusion/rpmfusion-setup-proxy-repos.sh |\ - bash \ - && rpm --import https://packages.microsoft.com/keys/microsoft.asc \ - && dnf install -y https://packages.microsoft.com/config/rhel/9.0/packages-microsoft-prod.rpm \ - && curl -k -s -o - \ - https://nexus.jamesjonesconsulting.com/repository/package-config/dist/proxy/microsoft/microsoft-setup-yum-proxy-repos.sh |\ - bash \ - && dnf install -y azure-cli \ - && dnf install -y rpm-build rpm-sign rubygems ruby-devel gcc gcc-c++ make libffi-devel \ - && dnf install -y ansible-collection* \ - && dnf install -y cpanminus perl-Mojolicious perl-Test-Mojo perl-Test-Harness perl-Perl-Critic perl-Carton \ - && dnf install -y \ - $(curl -k -sS -X 'GET' 'https://nexus.jamesjonesconsulting.com/service/rest/v1/search/assets?sort=version&direction=desc&repository=yum-hosted-arch&yum.architecture=noarch&yum.name=jamesjonesconsulting-repos' |\ - jq '.items[] | .downloadUrl' -r | head -n1) \ - && dnf install -y okd-client okd-client-helm-plugin operator-sdk \ - && dnf install -y sonar-scanner-cli-${SONAR_SCANNER_VERSION} \ +RUN dnf install -y \ + podman-docker \ + podman-compose \ && dnf clean all \ && rm -rf /var/cache/yum \ - && curl --silent \ - --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | \ - tar xz -C /tmp \ - && mv /tmp/eksctl /usr/bin \ && touch /etc/containers/nodocker - -ENV PATH=$SONAR_SCANNER_HOME/bin:$PATH - -# Adding some Ansible Key and Timeout setting as well as accepting ssh-rsa -ENV ANSIBLE_HOST_KEY_CHECKING=False \ - ANSIBLE_TIMEOUT=120 \ - GPG_TTY=/dev/console -COPY ssh_ansible.conf /etc/ssh/ssh_config.d/99-ansible.conf -RUN chown root:root /etc/ssh/ssh_config.d/99-ansible.conf && chmod 644 /etc/ssh/ssh_config.d/99-ansible.conf - -# Ensuring the fpm tool is installed to build distro packages such as RPM and DEB -COPY rpm-sign-expect /usr/bin -RUN curl -k -s -o - \ - https://nexus.jamesjonesconsulting.com/repository/package-config/rubygems/rubygems-repos.sh |\ - bash -RUN gem install ffi \ - && gem install fpm \ - && chmod +x /usr/bin/rpm-sign-expect - -# Setting up Pypi to use proxy -RUN curl -k -s -o - \ - https://nexus.jamesjonesconsulting.com/repository/package-config/pypi/python3-pypi-repos.sh |\ - bash \ - && mv ~/.config/pip/pip.conf /etc/pip.conf \ - && chmod 644 /etc/pip.conf \ - && rm -Rf ~/.config/pip - -ENV PIP_CONFIG_FILE=/etc/pip.conf - -# Adding on the CPAN mirror settings for Carton and cpanminus -ENV PERL_CPANM_OPT="--mirror https://nexus.jamesjonesconsulting.com/repository/cpan-proxy/" \ - PERL_CARTON_MIRROR=https://nexus.jamesjonesconsulting.com/repository/cpan-proxy/ \ No newline at end of file diff --git a/README.md b/README.md index 833f9d3..0f2da3b 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # podman-in-docker -A fork of https://github.com/JamesJonesConsulting/podman-dind-like that seemed defunct +A cleaned-up fork of https://github.com/JamesJonesConsulting/podman-dind-like that seems to be defunct. -This is a dind-like container using podman based on `quay.io/podman/stable` with podman.sock service running - -Meant to be used with gitea runner as dind replacement to avoid docker --rm race conditions (as act_runner does not properly wait for docker operations to complete and those are async) \ No newline at end of file +This is a dind-like container using podman based on `quay.io/podman/stable` with podman.sock service running. Meant to +be used with gitea runner as dind replacement to avoid docker --rm race conditions, as `act_runner` does not properly +wait for docker operations to complete and those are async. Podman does not seem to have that issue diff --git a/rpm-sign-expect b/rpm-sign-expect deleted file mode 100644 index 112f8ab..0000000 --- a/rpm-sign-expect +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/expect -f - -set rpm [lindex $argv 0] -set passphrase [lindex $argv 1] -set email [lindex $argv 2] -set name [lindex $argv 3] - -### rpm-sign-expect -- Sign RPMs by sending passphrase and other elements - -spawn rpm --define {"_gpg_name $name <$email>"} --addsign $rpm -expect -exact "Enter pass phrase: " -send -- "$passphrase\r" -expect eof \ No newline at end of file diff --git a/ssh_ansible.conf b/ssh_ansible.conf deleted file mode 100644 index 6c2570a..0000000 --- a/ssh_ansible.conf +++ /dev/null @@ -1,3 +0,0 @@ -StrictHostKeyChecking no -PubkeyAcceptedKeyTypes +ssh-rsa -HostKeyAlgorithms +ssh-rsa \ No newline at end of file