ratigorsk/podman-in-docker
2
0
Fork 0
Code Actions Packages Activity

cleanup & fix the workflow
Some checks failed
Build-and-publish podman-in-docker / build-and-push (push) Failing after 14s
Details

Browse Source
This commit is contained in:
Пётр Полежаев
2026-02-07 19:08:03 +03:00
parent 54b551a29b
commit ebce06004b
7 changed files with 45 additions and 267 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
.gitea/workflows/build.yml Normal file
View File

@@ -0,0 +1,37 @@
name: Build-and-publish podman-in-docker
on:
push:
branches:
- 'main'
tags:
- 'v*'
pull_request:
jobs:
build-and-push:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Construct image metadata from commit
id: meta
uses: docker/metadata-action@v5
with:
images: git.ratigorsk-12.ru/ratigorsk/podman-in-docker
- name: Docker Login
uses: docker/login-action@v3
with:
registry: git.ratigorsk-12.ru
username: ${{vars.CONTAINER_REGISTRY_USER}}
password: ${{secrets.CONTAINER_REGISTRY_PASSWORD}}
- name: Build and push
uses: docker/build-push-action@v6
with:
context: .
push: ${{github.event_name != 'pull_request'}}
tags: ${{steps.meta.outputs.tags}}
labels: ${{steps.meta.outputs.labels}}

108
.github/workflows/build.yml vendored
View File

@@ -1,108 +0,0 @@
name: Build podman-dind-like
on:
push:
branches:
- 'release/**'
- 'feature/**'
- develop
tags:
- '*'
pull_request:
branches:
- main
- 'release/**'
- develop
env:
GITHUB_DOCKER_USER: ${{ github.actor }}
NEXUS_DOCKER_USER: ${{ secrets.HOME_NEXUS_DOCKER_USER }}
NEXUS_PROXY_REGISTRY: nexus.jamesjonesconsulting.com:5444
jobs:
build-and-push:
runs-on: jamesjonesconsulting-arch-gha-set
# runs-on: [ self-hosted, medium, build ]
timeout-minutes: 720
container:
image: nexus.jamesjonesconsulting.com:5444/podman/stable:latest
# image: quay.io/podman/stable:latest
# options: '--user root'
options: >-
--user root:root
# --privileged
# --group-add keep-groups
# --userns=keep-id
# credentials:
# username: ${{ secrets.HOME_NEXUS_DOCKER_USER }}
# password: ${{ secrets.HOME_NEXUS_DOCKER_PASSWORD }}
strategy:
fail-fast: false
max-parallel: 2
matrix:
# registry: [ 'ghcr.io', 'nexus.jamesjonesconsulting.com:5443' ]
registry: [ 'ghcr.io' ]
include:
- registry: ghcr.io
user: GITHUB_DOCKER_USER
password: GITHUB_TOKEN
registry_proxy: $NEXUS_PROXY_REGISTRY
proxy_user: NEXUS_DOCKER_USER
proxy_password: HOME_NEXUS_DOCKER_PASSWORD
# - registry: nexus.jamesjonesconsulting.com:5443
# user: NEXUS_DOCKER_USER
# password: HOME_NEXUS_DOCKER_PASSWORD
# registry_proxy: $NEXUS_PROXY_REGISTRY
# proxy_user: NEXUS_DOCKER_USER
# proxy_password: HOME_NEXUS_DOCKER_PASSWORD
steps:
# Downloads a copy of the code in your repository before running CI tests
- name: Check out repository code
uses: actions/checkout@v3
- name: Add on podman-docker for step compatibility
run: |
dnf install -y podman-docker
- name: Docker Login
uses: azure/docker-login@v1
with:
login-server: ${{ matrix.registry }}
username: ${{ env[matrix.user] }}
password: ${{ secrets[matrix.password] }}
# - name: Docker Login
# uses: azure/docker-login@v1
# with:
# login-server: ${{ matrix.registry_proxy }}
# username: ${{ env[matrix.proxy_user] }}
# password: ${{ secrets[matrix.proxy_password] }}
# This requires docker buildx which podman doesn't support
# - name: Extract metadata (tags, labels) for Docker
# id: meta
# uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
# with:
# images: ${{ matrix.registry }}/${{ env.IMAGE_NAME }}
# - name: Build and push Docker images
# uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
# with:
# context: .
# push: true
# tags: ${{ steps.meta.outputs.tags }}
# labels: ${{ steps.meta.outputs.labels }}
- name: Build the Docker image
run: |
IMAGE_NAME=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')
if [[ "$GITHUB_REF" =~ ^refs/tags.* ]]; then
VERSION=$GITHUB_REF_NAME
else
VERSION=$(echo "${GITHUB_REF_NAME}" | sed 's|/|-|g')
fi
podman build . --userns-gid-map-group=1001 --userns-uid-map-user=1001 --file Dockerfile \
--tag "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" --build-arg ARTIFACTORY=${{ matrix.registry_proxy }}
if [[ "$GITHUB_REF" =~ ^refs/pull.* ]]; then
echo "Pull requests do not get published. Only for testing"
else
podman push "${{ matrix.registry }}/$IMAGE_NAME:$VERSION"
if [[ "$GITHUB_REF" =~ ^refs/tags.* ]]; then
podman tag "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" "${{ matrix.registry }}/$IMAGE_NAME:latest"
podman push "${{ matrix.registry }}/$IMAGE_NAME:latest"
fi
fi

67
.gitlab-ci.yml
View File

@@ -1,67 +0,0 @@
stages:
- dind-build
.base:
# See https://gitlab.com/gitlab-org/cluster-integration/cluster-applications/
variables:
DOCKER_AUTH_CONFIG: ${HOME_NEXUS_DOCKER_AUTH_CONFIG}
image: "$HOME_NEXUS_DOCKER_REGISTRY_PROXY/podman/stable:latest"
timeout: 3h 30m
parallel:
matrix:
- REGISTRY_USER: $CI_REGISTRY_USER
REGISTRY_PASSWORD: $CI_REGISTRY_PASSWORD
REGISTRY: $CI_REGISTRY
REGISTRY_IMAGE: $CI_REGISTRY_IMAGE
- REGISTRY_USER: $HOME_NEXUS_DOCKER_USER
REGISTRY_PASSWORD: $HOME_NEXUS_DOCKER_PASSWORD
REGISTRY: $HOME_NEXUS_DOCKER_REGISTRY
REGISTRY_IMAGE: $HOME_NEXUS_DOCKER_REGISTRY/$CI_PROJECT_PATH
.shared_resources:
script: &build_push
- podman login -u "$REGISTRY_USER" -p "$REGISTRY_PASSWORD" $REGISTRY
- export REGISTRY_IMAGE_LOWER=$(echo "$REGISTRY_IMAGE" | tr '[:upper:]' '[:lower:]')
- podman build --squash --pull -t "$REGISTRY_IMAGE_LOWER:$IMAGE_TAG" --build-arg ARTIFACTORY=$HOME_NEXUS_DOCKER_REGISTRY_PROXY .
- podman push "$REGISTRY_IMAGE_LOWER:$IMAGE_TAG"
before_script: &before_auth
- podman login -u "$HOME_NEXUS_DOCKER_USER" -p "$HOME_NEXUS_DOCKER_PASSWORD" $HOME_NEXUS_DOCKER_REGISTRY_PROXY
build:prereleases:
stage: dind-build
extends: .base
tags:
- build
- medium
before_script:
- *before_auth
script:
- export IMAGE_TAG=$(echo -en $CI_COMMIT_REF_NAME | sed 's|/|-|g')
- *build_push
only:
refs:
- branches
variables:
- '($CI_PROJECT_URL =~ /gitlab\.jamesjonesconsulting\.com/ && $REGISTRY_USER == "$HOME_NEXUS_DOCKER_USER") || $CI_PROJECT_URL !~ /gitlab\.jamesjonesconsulting\.com/'
except:
refs:
- main
build:releases:
extends: .base
stage: dind-build
tags:
- build
- medium
before_script:
- *before_auth
script:
- export IMAGE_TAG=$CI_COMMIT_TAG
- *build_push
- podman tag "$REGISTRY_IMAGE_LOWER:$IMAGE_TAG" "$REGISTRY_IMAGE_LOWER:latest"
- podman push "$REGISTRY_IMAGE_LOWER:latest"
only:
refs:
- tags
variables:
- '($CI_PROJECT_URL =~ /gitlab\.jamesjonesconsulting\.com/ && $REGISTRY_USER == "$HOME_NEXUS_DOCKER_USER") || $CI_PROJECT_URL !~ /gitlab\.jamesjonesconsulting\.com/'

76
Dockerfile
View File

@@ -1,76 +1,8 @@
ARG ARTIFACTORY FROM podman/stable:latest
FROM ${ARTIFACTORY}/podman/stable:latest
ENV SONAR_SCANNER_VERSION=5.0.1.3006 RUN dnf install -y \
ENV SONAR_SCANNER_HOME=/opt/sonar-scanner podman-docker \
podman-compose \
RUN echo ipv4 >> ~/.curlrc && \
echo "inet4_only = on" >> ~/.wgetrc
RUN dnf install -y --nogpgcheck \
https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \
https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm && \
dnf config-manager setopt fedora-cisco-openh264.enabled=1 -y
# Adding on the docker alias, docker-compose and other useful stuff including the Azure CLI and RPM build tools along with FPM
# docker-compose - broken dependencies in F38 so removing
RUN dnf install -y podman-docker buildah skopeo \
util-linux ansible-core openssh-clients krb5-devel krb5-libs krb5-workstation git jq wget curl unzip coreutils \
nss-tools samba-client samba-common cifs-utils helm doctl gnupg2 pinentry expect gh awscli glab yq \
python3-jsonpatch python3-requests-oauthlib python3-kubernetes python3-pyyaml python3-pip \
&& curl -k -s -o - \
https://nexus.jamesjonesconsulting.com/repository/package-config/dist/proxy/rpmfusion/rpmfusion-setup-proxy-repos.sh |\
bash \
&& rpm --import https://packages.microsoft.com/keys/microsoft.asc \
&& dnf install -y https://packages.microsoft.com/config/rhel/9.0/packages-microsoft-prod.rpm \
&& curl -k -s -o - \
https://nexus.jamesjonesconsulting.com/repository/package-config/dist/proxy/microsoft/microsoft-setup-yum-proxy-repos.sh |\
bash \
&& dnf install -y azure-cli \
&& dnf install -y rpm-build rpm-sign rubygems ruby-devel gcc gcc-c++ make libffi-devel \
&& dnf install -y ansible-collection* \
&& dnf install -y cpanminus perl-Mojolicious perl-Test-Mojo perl-Test-Harness perl-Perl-Critic perl-Carton \
&& dnf install -y \
$(curl -k -sS -X 'GET' 'https://nexus.jamesjonesconsulting.com/service/rest/v1/search/assets?sort=version&direction=desc&repository=yum-hosted-arch&yum.architecture=noarch&yum.name=jamesjonesconsulting-repos' |\
jq '.items[] | .downloadUrl' -r | head -n1) \
&& dnf install -y okd-client okd-client-helm-plugin operator-sdk \
&& dnf install -y sonar-scanner-cli-${SONAR_SCANNER_VERSION} \
&& dnf clean all \ && dnf clean all \
&& rm -rf /var/cache/yum \ && rm -rf /var/cache/yum \
&& curl --silent \
--location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | \
tar xz -C /tmp \
&& mv /tmp/eksctl /usr/bin \
&& touch /etc/containers/nodocker && touch /etc/containers/nodocker
ENV PATH=$SONAR_SCANNER_HOME/bin:$PATH
# Adding some Ansible Key and Timeout setting as well as accepting ssh-rsa
ENV ANSIBLE_HOST_KEY_CHECKING=False \
ANSIBLE_TIMEOUT=120 \
GPG_TTY=/dev/console
COPY ssh_ansible.conf /etc/ssh/ssh_config.d/99-ansible.conf
RUN chown root:root /etc/ssh/ssh_config.d/99-ansible.conf && chmod 644 /etc/ssh/ssh_config.d/99-ansible.conf
# Ensuring the fpm tool is installed to build distro packages such as RPM and DEB
COPY rpm-sign-expect /usr/bin
RUN curl -k -s -o - \
https://nexus.jamesjonesconsulting.com/repository/package-config/rubygems/rubygems-repos.sh |\
bash
RUN gem install ffi \
&& gem install fpm \
&& chmod +x /usr/bin/rpm-sign-expect
# Setting up Pypi to use proxy
RUN curl -k -s -o - \
https://nexus.jamesjonesconsulting.com/repository/package-config/pypi/python3-pypi-repos.sh |\
bash \
&& mv ~/.config/pip/pip.conf /etc/pip.conf \
&& chmod 644 /etc/pip.conf \
&& rm -Rf ~/.config/pip
ENV PIP_CONFIG_FILE=/etc/pip.conf
# Adding on the CPAN mirror settings for Carton and cpanminus
ENV PERL_CPANM_OPT="--mirror https://nexus.jamesjonesconsulting.com/repository/cpan-proxy/" \
PERL_CARTON_MIRROR=https://nexus.jamesjonesconsulting.com/repository/cpan-proxy/

8
README.md
View File

@@ -1,7 +1,7 @@
# podman-in-docker # podman-in-docker
A fork of https://github.com/JamesJonesConsulting/podman-dind-like that seemed defunct A cleaned-up fork of https://github.com/JamesJonesConsulting/podman-dind-like that seems to be defunct.
This is a dind-like container using podman based on `quay.io/podman/stable` with podman.sock service running This is a dind-like container using podman based on `quay.io/podman/stable` with podman.sock service running. Meant to
be used with gitea runner as dind replacement to avoid docker --rm race conditions, as `act_runner` does not properly
Meant to be used with gitea runner as dind replacement to avoid docker --rm race conditions (as act_runner does not properly wait for docker operations to complete and those are async) wait for docker operations to complete and those are async. Podman does not seem to have that issue

13
rpm-sign-expect
View File

@@ -1,13 +0,0 @@
#!/usr/bin/expect -f
set rpm [lindex $argv 0]
set passphrase [lindex $argv 1]
set email [lindex $argv 2]
set name [lindex $argv 3]
### rpm-sign-expect -- Sign RPMs by sending passphrase and other elements
spawn rpm --define {"_gpg_name $name <$email>"} --addsign $rpm
expect -exact "Enter pass phrase: "
send -- "$passphrase\r"
expect eof

3
ssh_ansible.conf
View File

@@ -1,3 +0,0 @@
StrictHostKeyChecking no
PubkeyAcceptedKeyTypes +ssh-rsa
HostKeyAlgorithms +ssh-rsa