diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 439da02..574f4ca 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -21,20 +21,27 @@ env: jobs: build-and-push: - runs-on: [ self-hosted, medium, build ] + runs-on: jamesjonesconsulting-arch-gha-set + # runs-on: [ self-hosted, medium, build ] timeout-minutes: 720 container: image: nexus.jamesjonesconsulting.com:5444/podman/stable:latest # image: quay.io/podman/stable:latest - options: --userns=keep-id --group-add keep-groups --privileged --user root - credentials: - username: ${{ secrets.HOME_NEXUS_DOCKER_USER }} - password: ${{ secrets.HOME_NEXUS_DOCKER_PASSWORD }} + # options: '--user root' + options: >- + --user root:root + # --privileged + # --group-add keep-groups + # --userns=keep-id + # credentials: + # username: ${{ secrets.HOME_NEXUS_DOCKER_USER }} + # password: ${{ secrets.HOME_NEXUS_DOCKER_PASSWORD }} strategy: fail-fast: false max-parallel: 2 matrix: - registry: [ 'ghcr.io', 'nexus.jamesjonesconsulting.com:5443' ] + # registry: [ 'ghcr.io', 'nexus.jamesjonesconsulting.com:5443' ] + registry: [ 'ghcr.io' ] include: - registry: ghcr.io user: GITHUB_DOCKER_USER @@ -42,12 +49,12 @@ jobs: registry_proxy: $NEXUS_PROXY_REGISTRY proxy_user: NEXUS_DOCKER_USER proxy_password: HOME_NEXUS_DOCKER_PASSWORD - - registry: nexus.jamesjonesconsulting.com:5443 - user: NEXUS_DOCKER_USER - password: HOME_NEXUS_DOCKER_PASSWORD - registry_proxy: $NEXUS_PROXY_REGISTRY - proxy_user: NEXUS_DOCKER_USER - proxy_password: HOME_NEXUS_DOCKER_PASSWORD + # - registry: nexus.jamesjonesconsulting.com:5443 + # user: NEXUS_DOCKER_USER + # password: HOME_NEXUS_DOCKER_PASSWORD + # registry_proxy: $NEXUS_PROXY_REGISTRY + # proxy_user: NEXUS_DOCKER_USER + # proxy_password: HOME_NEXUS_DOCKER_PASSWORD steps: # Downloads a copy of the code in your repository before running CI tests - name: Check out repository code @@ -61,12 +68,12 @@ jobs: login-server: ${{ matrix.registry }} username: ${{ env[matrix.user] }} password: ${{ secrets[matrix.password] }} - - name: Docker Login - uses: azure/docker-login@v1 - with: - login-server: ${{ matrix.registry_proxy }} - username: ${{ env[matrix.proxy_user] }} - password: ${{ secrets[matrix.proxy_password] }} + # - name: Docker Login + # uses: azure/docker-login@v1 + # with: + # login-server: ${{ matrix.registry_proxy }} + # username: ${{ env[matrix.proxy_user] }} + # password: ${{ secrets[matrix.proxy_password] }} # This requires docker buildx which podman doesn't support # - name: Extract metadata (tags, labels) for Docker # id: meta @@ -88,7 +95,8 @@ jobs: else VERSION=$(echo "${GITHUB_REF_NAME}" | sed 's|/|-|g') fi - podman build . --file Dockerfile --tag "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" --build-arg ARTIFACTORY=${{ matrix.registry_proxy }} + podman build . --userns-gid-map-group=1001 --userns-uid-map-user=1001 --file Dockerfile \ + --tag "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" --build-arg ARTIFACTORY=${{ matrix.registry_proxy }} if [[ "$GITHUB_REF" =~ ^refs/pull.* ]]; then echo "Pull requests do not get published. Only for testing" else diff --git a/Dockerfile b/Dockerfile index 1475582..1548915 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,7 @@ RUN dnf install -y --nogpgcheck \ # docker-compose - broken dependencies in F38 so removing RUN dnf install -y podman-docker buildah skopeo \ util-linux ansible-core openssh-clients krb5-devel krb5-libs krb5-workstation git jq wget curl unzip coreutils \ - samba-client samba-common cifs-utils helm doctl gnupg2 pinentry expect gh awscli glab yq \ + nss-tools samba-client samba-common cifs-utils helm doctl gnupg2 pinentry expect gh awscli glab yq \ python3-jsonpatch python3-requests-oauthlib python3-kubernetes python3-pyyaml python3-pip \ && curl -k -s -o - \ https://nexus.jamesjonesconsulting.com/repository/package-config/dist/proxy/rpmfusion/rpmfusion-setup-proxy-repos.sh |\