From 44516e2a0a567957c892b8710bf52cb2914d4154 Mon Sep 17 00:00:00 2001 From: James Jones Date: Sat, 25 Jan 2025 17:53:08 -0500 Subject: [PATCH 01/14] Switching to OKD hosted runners that have Nexus credentials already --- .github/workflows/build.yml | 39 ++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 439da02..065f03c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -21,20 +21,23 @@ env: jobs: build-and-push: - runs-on: [ self-hosted, medium, build ] + runs-on: jamesjonesconsulting-arch-gha-set + # runs-on: [ self-hosted, medium, build ] timeout-minutes: 720 container: image: nexus.jamesjonesconsulting.com:5444/podman/stable:latest # image: quay.io/podman/stable:latest - options: --userns=keep-id --group-add keep-groups --privileged --user root - credentials: - username: ${{ secrets.HOME_NEXUS_DOCKER_USER }} - password: ${{ secrets.HOME_NEXUS_DOCKER_PASSWORD }} + options: '--user root' + # options: --userns=keep-id --group-add keep-groups --privileged --user root + # credentials: + # username: ${{ secrets.HOME_NEXUS_DOCKER_USER }} + # password: ${{ secrets.HOME_NEXUS_DOCKER_PASSWORD }} strategy: fail-fast: false max-parallel: 2 matrix: - registry: [ 'ghcr.io', 'nexus.jamesjonesconsulting.com:5443' ] + # registry: [ 'ghcr.io', 'nexus.jamesjonesconsulting.com:5443' ] + registry: [ 'ghcr.io' ] include: - registry: ghcr.io user: GITHUB_DOCKER_USER @@ -42,12 +45,12 @@ jobs: registry_proxy: $NEXUS_PROXY_REGISTRY proxy_user: NEXUS_DOCKER_USER proxy_password: HOME_NEXUS_DOCKER_PASSWORD - - registry: nexus.jamesjonesconsulting.com:5443 - user: NEXUS_DOCKER_USER - password: HOME_NEXUS_DOCKER_PASSWORD - registry_proxy: $NEXUS_PROXY_REGISTRY - proxy_user: NEXUS_DOCKER_USER - proxy_password: HOME_NEXUS_DOCKER_PASSWORD + # - registry: nexus.jamesjonesconsulting.com:5443 + # user: NEXUS_DOCKER_USER + # password: HOME_NEXUS_DOCKER_PASSWORD + # registry_proxy: $NEXUS_PROXY_REGISTRY + # proxy_user: NEXUS_DOCKER_USER + # proxy_password: HOME_NEXUS_DOCKER_PASSWORD steps: # Downloads a copy of the code in your repository before running CI tests - name: Check out repository code @@ -61,12 +64,12 @@ jobs: login-server: ${{ matrix.registry }} username: ${{ env[matrix.user] }} password: ${{ secrets[matrix.password] }} - - name: Docker Login - uses: azure/docker-login@v1 - with: - login-server: ${{ matrix.registry_proxy }} - username: ${{ env[matrix.proxy_user] }} - password: ${{ secrets[matrix.proxy_password] }} + # - name: Docker Login + # uses: azure/docker-login@v1 + # with: + # login-server: ${{ matrix.registry_proxy }} + # username: ${{ env[matrix.proxy_user] }} + # password: ${{ secrets[matrix.proxy_password] }} # This requires docker buildx which podman doesn't support # - name: Extract metadata (tags, labels) for Docker # id: meta From 4e6b65e6107bcfa61d73819fd4b0add8b3d7fd1b Mon Sep 17 00:00:00 2001 From: James Jones Date: Sat, 25 Jan 2025 17:55:11 -0500 Subject: [PATCH 02/14] Switching to OKD hosted runners that have Nexus credentials already --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 065f03c..0669f79 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -27,8 +27,8 @@ jobs: container: image: nexus.jamesjonesconsulting.com:5444/podman/stable:latest # image: quay.io/podman/stable:latest - options: '--user root' - # options: --userns=keep-id --group-add keep-groups --privileged --user root + # options: '--user root' + options: --userns=keep-id --group-add keep-groups --privileged --user root # credentials: # username: ${{ secrets.HOME_NEXUS_DOCKER_USER }} # password: ${{ secrets.HOME_NEXUS_DOCKER_PASSWORD }} From 181a62cb8c0e8518d62426b08f91a7765b244258 Mon Sep 17 00:00:00 2001 From: James Jones Date: Sat, 25 Jan 2025 17:59:29 -0500 Subject: [PATCH 03/14] Switching to OKD hosted runners that have Nexus credentials already --- .github/workflows/build.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0669f79..4cc6262 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -28,7 +28,10 @@ jobs: image: nexus.jamesjonesconsulting.com:5444/podman/stable:latest # image: quay.io/podman/stable:latest # options: '--user root' - options: --userns=keep-id --group-add keep-groups --privileged --user root + options: >- + --userns=keep-id + --group-add keep-groups + --privileged --user root # credentials: # username: ${{ secrets.HOME_NEXUS_DOCKER_USER }} # password: ${{ secrets.HOME_NEXUS_DOCKER_PASSWORD }} From 95c387cb7028b5a70cd17f49340985e793328cfe Mon Sep 17 00:00:00 2001 From: James Jones Date: Sat, 25 Jan 2025 18:01:40 -0500 Subject: [PATCH 04/14] Switching to OKD hosted runners that have Nexus credentials already --- .github/workflows/build.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4cc6262..c7ba0ed 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -29,9 +29,10 @@ jobs: # image: quay.io/podman/stable:latest # options: '--user root' options: >- - --userns=keep-id --group-add keep-groups - --privileged --user root + --privileged + --user root + # --userns=keep-id # credentials: # username: ${{ secrets.HOME_NEXUS_DOCKER_USER }} # password: ${{ secrets.HOME_NEXUS_DOCKER_PASSWORD }} From 96efb8119a43404000f7c662154126c547a8dca0 Mon Sep 17 00:00:00 2001 From: James Jones Date: Sat, 25 Jan 2025 18:08:39 -0500 Subject: [PATCH 05/14] Switching to OKD hosted runners that have Nexus credentials already --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c7ba0ed..313926a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -29,9 +29,9 @@ jobs: # image: quay.io/podman/stable:latest # options: '--user root' options: >- - --group-add keep-groups --privileged --user root + # --group-add keep-groups # --userns=keep-id # credentials: # username: ${{ secrets.HOME_NEXUS_DOCKER_USER }} From 89c969f5b3fb5c92d85a32ce03c4e38c0f3f44c7 Mon Sep 17 00:00:00 2001 From: James Jones Date: Sat, 25 Jan 2025 18:20:40 -0500 Subject: [PATCH 06/14] Switching to OKD hosted runners that have Nexus credentials already --- .github/workflows/build.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 313926a..a51e337 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -29,8 +29,9 @@ jobs: # image: quay.io/podman/stable:latest # options: '--user root' options: >- - --privileged --user root + --group root + # --privileged # --group-add keep-groups # --userns=keep-id # credentials: From adfef2c41f576a306f43424ba2ba3d36aac07a7b Mon Sep 17 00:00:00 2001 From: James Jones Date: Sat, 25 Jan 2025 18:23:31 -0500 Subject: [PATCH 07/14] Switching to OKD hosted runners that have Nexus credentials already --- .github/workflows/build.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a51e337..f5ecab4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -29,8 +29,7 @@ jobs: # image: quay.io/podman/stable:latest # options: '--user root' options: >- - --user root - --group root + --user root:root # --privileged # --group-add keep-groups # --userns=keep-id From 77263b89b9d5cad0e8fd2fe2875e56951a7b3734 Mon Sep 17 00:00:00 2001 From: James Jones Date: Sat, 25 Jan 2025 18:33:22 -0500 Subject: [PATCH 08/14] Switching to OKD hosted runners that have Nexus credentials already --- .github/workflows/build.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f5ecab4..6bec704 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -95,7 +95,8 @@ jobs: else VERSION=$(echo "${GITHUB_REF_NAME}" | sed 's|/|-|g') fi - podman build . --file Dockerfile --tag "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" --build-arg ARTIFACTORY=${{ matrix.registry_proxy }} + podman build . --userns=keep-id --group-add keep-groups --file Dockerfile \ + --tag "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" --build-arg ARTIFACTORY=${{ matrix.registry_proxy }} if [[ "$GITHUB_REF" =~ ^refs/pull.* ]]; then echo "Pull requests do not get published. Only for testing" else From 197b792b95fff8d28dc44c6c2383796538df099a Mon Sep 17 00:00:00 2001 From: James Jones Date: Sat, 25 Jan 2025 18:42:15 -0500 Subject: [PATCH 09/14] Switching to OKD hosted runners that have Nexus credentials already --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 6bec704..59ab491 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -95,7 +95,7 @@ jobs: else VERSION=$(echo "${GITHUB_REF_NAME}" | sed 's|/|-|g') fi - podman build . --userns=keep-id --group-add keep-groups --file Dockerfile \ + podman build . --userns=keep-id --file Dockerfile \ --tag "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" --build-arg ARTIFACTORY=${{ matrix.registry_proxy }} if [[ "$GITHUB_REF" =~ ^refs/pull.* ]]; then echo "Pull requests do not get published. Only for testing" From 62a7fba1064a6c2b02a56bb7b08a99588de19454 Mon Sep 17 00:00:00 2001 From: James Jones Date: Sat, 25 Jan 2025 19:06:33 -0500 Subject: [PATCH 10/14] Switching to OKD hosted runners that have Nexus credentials already --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 59ab491..36223b5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -95,7 +95,7 @@ jobs: else VERSION=$(echo "${GITHUB_REF_NAME}" | sed 's|/|-|g') fi - podman build . --userns=keep-id --file Dockerfile \ + podman build . --privileged --file Dockerfile \ --tag "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" --build-arg ARTIFACTORY=${{ matrix.registry_proxy }} if [[ "$GITHUB_REF" =~ ^refs/pull.* ]]; then echo "Pull requests do not get published. Only for testing" From 84e4bcfaf0f041aca9faa60bda1c644be857ee9a Mon Sep 17 00:00:00 2001 From: James Jones Date: Sat, 25 Jan 2025 19:14:19 -0500 Subject: [PATCH 11/14] Switching to OKD hosted runners that have Nexus credentials already --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 36223b5..574f4ca 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -95,7 +95,7 @@ jobs: else VERSION=$(echo "${GITHUB_REF_NAME}" | sed 's|/|-|g') fi - podman build . --privileged --file Dockerfile \ + podman build . --userns-gid-map-group=1001 --userns-uid-map-user=1001 --file Dockerfile \ --tag "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" --build-arg ARTIFACTORY=${{ matrix.registry_proxy }} if [[ "$GITHUB_REF" =~ ^refs/pull.* ]]; then echo "Pull requests do not get published. Only for testing" From 2ae69d924ef5038e87b474097be70757fa9a2856 Mon Sep 17 00:00:00 2001 From: James Jones Date: Sat, 1 Feb 2025 08:22:06 -0500 Subject: [PATCH 12/14] Adding nss-tools package to handle certutil --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 1475582..1548915 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,7 @@ RUN dnf install -y --nogpgcheck \ # docker-compose - broken dependencies in F38 so removing RUN dnf install -y podman-docker buildah skopeo \ util-linux ansible-core openssh-clients krb5-devel krb5-libs krb5-workstation git jq wget curl unzip coreutils \ - samba-client samba-common cifs-utils helm doctl gnupg2 pinentry expect gh awscli glab yq \ + nss-tools samba-client samba-common cifs-utils helm doctl gnupg2 pinentry expect gh awscli glab yq \ python3-jsonpatch python3-requests-oauthlib python3-kubernetes python3-pyyaml python3-pip \ && curl -k -s -o - \ https://nexus.jamesjonesconsulting.com/repository/package-config/dist/proxy/rpmfusion/rpmfusion-setup-proxy-repos.sh |\ From 0ee1141761fb2251dca7b79cc89ee7c05d8cc9df Mon Sep 17 00:00:00 2001 From: James Jones Date: Sat, 7 Jun 2025 11:50:46 -0400 Subject: [PATCH 13/14] Adding on additional cli utils --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 1548915..0a5053b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -33,7 +33,7 @@ RUN dnf install -y podman-docker buildah skopeo \ && dnf install -y \ $(curl -k -sS -X 'GET' 'https://nexus.jamesjonesconsulting.com/service/rest/v1/search/assets?sort=version&direction=desc&repository=yum-hosted-arch&yum.architecture=noarch&yum.name=jamesjonesconsulting-repos' |\ jq '.items[] | .downloadUrl' -r | head -n1) \ - && dnf install -y okd-client \ + && dnf install -y okd-client okd-client-helm-plugin operator-sdk \ && dnf install -y sonar-scanner-cli-${SONAR_SCANNER_VERSION} \ && dnf clean all \ && rm -rf /var/cache/yum \ From 38294cd6fea72ee81d6838c4a957aba8568ccb1f Mon Sep 17 00:00:00 2001 From: James Jones Date: Sat, 7 Jun 2025 11:54:36 -0400 Subject: [PATCH 14/14] Getting the new image ready --- Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 0a5053b..fbf70fc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -37,7 +37,9 @@ RUN dnf install -y podman-docker buildah skopeo \ && dnf install -y sonar-scanner-cli-${SONAR_SCANNER_VERSION} \ && dnf clean all \ && rm -rf /var/cache/yum \ - && curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp \ + && curl --silent \ + --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | \ + tar xz -C /tmp \ && mv /tmp/eksctl /usr/bin \ && touch /etc/containers/nodocker