ratigorsk/podman-in-docker
2
0
Fork 0
Code Actions Packages Activity

cleanup & fix the workflow
Some checks failed
Build-and-publish podman-in-docker / build-and-push (push) Failing after 14s
Details

Browse Source
This commit is contained in:
Пётр Полежаев
2026-02-07 19:08:03 +03:00
parent 54b551a29b
commit ebce06004b
7 changed files with 45 additions and 267 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
.gitea/workflows/build.yml Normal file
View File

@@ -0,0 +1,37 @@
name: Build-and-publish podman-in-docker
on:
push:
branches:
- 'main'
tags:
- 'v*'
pull_request:
jobs:
build-and-push:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Construct image metadata from commit
id: meta
uses: docker/metadata-action@v5
with:
images: git.ratigorsk-12.ru/ratigorsk/podman-in-docker
- name: Docker Login
uses: docker/login-action@v3
with:
registry: git.ratigorsk-12.ru
username: ${{vars.CONTAINER_REGISTRY_USER}}
password: ${{secrets.CONTAINER_REGISTRY_PASSWORD}}
- name: Build and push
uses: docker/build-push-action@v6
with:
context: .
push: ${{github.event_name != 'pull_request'}}
tags: ${{steps.meta.outputs.tags}}
labels: ${{steps.meta.outputs.labels}}

108
.github/workflows/build.yml vendored
View File

@@ -1,108 +0,0 @@
name: Build podman-dind-like
on:
push:
branches:
- 'release/**'
- 'feature/**'
- develop
tags:
- '*'
pull_request:
branches:
- main
- 'release/**'
- develop
env:
GITHUB_DOCKER_USER: ${{ github.actor }}
NEXUS_DOCKER_USER: ${{ secrets.HOME_NEXUS_DOCKER_USER }}
NEXUS_PROXY_REGISTRY: nexus.jamesjonesconsulting.com:5444
jobs:
build-and-push:
runs-on: jamesjonesconsulting-arch-gha-set
# runs-on: [ self-hosted, medium, build ]
timeout-minutes: 720
container:
image: nexus.jamesjonesconsulting.com:5444/podman/stable:latest
# image: quay.io/podman/stable:latest
# options: '--user root'
options: >-
--user root:root
# --privileged
# --group-add keep-groups
# --userns=keep-id
# credentials:
# username: ${{ secrets.HOME_NEXUS_DOCKER_USER }}
# password: ${{ secrets.HOME_NEXUS_DOCKER_PASSWORD }}
strategy:
fail-fast: false
max-parallel: 2
matrix:
# registry: [ 'ghcr.io', 'nexus.jamesjonesconsulting.com:5443' ]
registry: [ 'ghcr.io' ]
include:
- registry: ghcr.io
user: GITHUB_DOCKER_USER
password: GITHUB_TOKEN
registry_proxy: $NEXUS_PROXY_REGISTRY
proxy_user: NEXUS_DOCKER_USER
proxy_password: HOME_NEXUS_DOCKER_PASSWORD
# - registry: nexus.jamesjonesconsulting.com:5443
# user: NEXUS_DOCKER_USER
# password: HOME_NEXUS_DOCKER_PASSWORD
# registry_proxy: $NEXUS_PROXY_REGISTRY
# proxy_user: NEXUS_DOCKER_USER
# proxy_password: HOME_NEXUS_DOCKER_PASSWORD
steps:
# Downloads a copy of the code in your repository before running CI tests
- name: Check out repository code
uses: actions/checkout@v3
- name: Add on podman-docker for step compatibility
run: |
dnf install -y podman-docker
- name: Docker Login
uses: azure/docker-login@v1
with:
login-server: ${{ matrix.registry }}
username: ${{ env[matrix.user] }}
password: ${{ secrets[matrix.password] }}
# - name: Docker Login
# uses: azure/docker-login@v1
# with:
# login-server: ${{ matrix.registry_proxy }}
# username: ${{ env[matrix.proxy_user] }}
# password: ${{ secrets[matrix.proxy_password] }}
# This requires docker buildx which podman doesn't support
# - name: Extract metadata (tags, labels) for Docker
# id: meta
# uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
# with:
# images: ${{ matrix.registry }}/${{ env.IMAGE_NAME }}
# - name: Build and push Docker images
# uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
# with:
# context: .
# push: true
# tags: ${{ steps.meta.outputs.tags }}
# labels: ${{ steps.meta.outputs.labels }}
- name: Build the Docker image
run: |
IMAGE_NAME=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')
if [[ "$GITHUB_REF" =~ ^refs/tags.* ]]; then
VERSION=$GITHUB_REF_NAME
else
VERSION=$(echo "${GITHUB_REF_NAME}" | sed 's|/|-|g')
fi
podman build . --userns-gid-map-group=1001 --userns-uid-map-user=1001 --file Dockerfile \
--tag "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" --build-arg ARTIFACTORY=${{ matrix.registry_proxy }}
if [[ "$GITHUB_REF" =~ ^refs/pull.* ]]; then
echo "Pull requests do not get published. Only for testing"
else
podman push "${{ matrix.registry }}/$IMAGE_NAME:$VERSION"
if [[ "$GITHUB_REF" =~ ^refs/tags.* ]]; then
podman tag "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" "${{ matrix.registry }}/$IMAGE_NAME:latest"
podman push "${{ matrix.registry }}/$IMAGE_NAME:latest"
fi
fi

67
.gitlab-ci.yml
View File

@@ -1,67 +0,0 @@
stages:
- dind-build
.base:
# See https://gitlab.com/gitlab-org/cluster-integration/cluster-applications/
variables:
DOCKER_AUTH_CONFIG: ${HOME_NEXUS_DOCKER_AUTH_CONFIG}
image: "$HOME_NEXUS_DOCKER_REGISTRY_PROXY/podman/stable:latest"
timeout: 3h 30m
parallel:
matrix:
- REGISTRY_USER: $CI_REGISTRY_USER
REGISTRY_PASSWORD: $CI_REGISTRY_PASSWORD
REGISTRY: $CI_REGISTRY
REGISTRY_IMAGE: $CI_REGISTRY_IMAGE
- REGISTRY_USER: $HOME_NEXUS_DOCKER_USER
REGISTRY_PASSWORD: $HOME_NEXUS_DOCKER_PASSWORD
REGISTRY: $HOME_NEXUS_DOCKER_REGISTRY
REGISTRY_IMAGE: $HOME_NEXUS_DOCKER_REGISTRY/$CI_PROJECT_PATH
.shared_resources:
script: &build_push
- podman login -u "$REGISTRY_USER" -p "$REGISTRY_PASSWORD" $REGISTRY
- export REGISTRY_IMAGE_LOWER=$(echo "$REGISTRY_IMAGE" | tr '[:upper:]' '[:lower:]')
- podman build --squash --pull -t "$REGISTRY_IMAGE_LOWER:$IMAGE_TAG" --build-arg ARTIFACTORY=$HOME_NEXUS_DOCKER_REGISTRY_PROXY .
- podman push "$REGISTRY_IMAGE_LOWER:$IMAGE_TAG"
before_script: &before_auth
- podman login -u "$HOME_NEXUS_DOCKER_USER" -p "$HOME_NEXUS_DOCKER_PASSWORD" $HOME_NEXUS_DOCKER_REGISTRY_PROXY
build:prereleases:
stage: dind-build
extends: .base
tags:
- build
- medium
before_script:
- *before_auth
script:
- export IMAGE_TAG=$(echo -en $CI_COMMIT_REF_NAME | sed 's|/|-|g')
- *build_push
only:
refs:
- branches
variables:
- '($CI_PROJECT_URL =~ /gitlab\.jamesjonesconsulting\.com/ && $REGISTRY_USER == "$HOME_NEXUS_DOCKER_USER") || $CI_PROJECT_URL !~ /gitlab\.jamesjonesconsulting\.com/'
except:
refs:
- main
build:releases:
extends: .base
stage: dind-build
tags:
- build
- medium
before_script:
- *before_auth
script:
- export IMAGE_TAG=$CI_COMMIT_TAG
- *build_push
- podman tag "$REGISTRY_IMAGE_LOWER:$IMAGE_TAG" "$REGISTRY_IMAGE_LOWER:latest"
- podman push "$REGISTRY_IMAGE_LOWER:latest"
only:
refs:
- tags
variables:
- '($CI_PROJECT_URL =~ /gitlab\.jamesjonesconsulting\.com/ && $REGISTRY_USER == "$HOME_NEXUS_DOCKER_USER") || $CI_PROJECT_URL !~ /gitlab\.jamesjonesconsulting\.com/'

76
Dockerfile
View File

@@ -1,76 +1,8 @@
ARG ARTIFACTORY
FROM ${ARTIFACTORY}/podman/stable:latest
FROM podman/stable:latest
ENV SONAR_SCANNER_VERSION=5.0.1.3006
ENV SONAR_SCANNER_HOME=/opt/sonar-scanner
RUN echo ipv4 >> ~/.curlrc && \
echo "inet4_only = on" >> ~/.wgetrc
RUN dnf install -y --nogpgcheck \
https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \
https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm && \
dnf config-manager setopt fedora-cisco-openh264.enabled=1 -y
# Adding on the docker alias, docker-compose and other useful stuff including the Azure CLI and RPM build tools along with FPM
# docker-compose - broken dependencies in F38 so removing
RUN dnf install -y podman-docker buildah skopeo \
util-linux ansible-core openssh-clients krb5-devel krb5-libs krb5-workstation git jq wget curl unzip coreutils \
nss-tools samba-client samba-common cifs-utils helm doctl gnupg2 pinentry expect gh awscli glab yq \
python3-jsonpatch python3-requests-oauthlib python3-kubernetes python3-pyyaml python3-pip \
&& curl -k -s -o - \
https://nexus.jamesjonesconsulting.com/repository/package-config/dist/proxy/rpmfusion/rpmfusion-setup-proxy-repos.sh |\
bash \
&& rpm --import https://packages.microsoft.com/keys/microsoft.asc \
&& dnf install -y https://packages.microsoft.com/config/rhel/9.0/packages-microsoft-prod.rpm \
&& curl -k -s -o - \
https://nexus.jamesjonesconsulting.com/repository/package-config/dist/proxy/microsoft/microsoft-setup-yum-proxy-repos.sh |\
bash \
&& dnf install -y azure-cli \
&& dnf install -y rpm-build rpm-sign rubygems ruby-devel gcc gcc-c++ make libffi-devel \
&& dnf install -y ansible-collection* \
&& dnf install -y cpanminus perl-Mojolicious perl-Test-Mojo perl-Test-Harness perl-Perl-Critic perl-Carton \
&& dnf install -y \
$(curl -k -sS -X 'GET' 'https://nexus.jamesjonesconsulting.com/service/rest/v1/search/assets?sort=version&direction=desc&repository=yum-hosted-arch&yum.architecture=noarch&yum.name=jamesjonesconsulting-repos' |\
jq '.items[] | .downloadUrl' -r | head -n1) \
&& dnf install -y okd-client okd-client-helm-plugin operator-sdk \
&& dnf install -y sonar-scanner-cli-${SONAR_SCANNER_VERSION} \
RUN dnf install -y \
podman-docker \
podman-compose \
&& dnf clean all \
&& rm -rf /var/cache/yum \
&& curl --silent \
--location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | \
tar xz -C /tmp \
&& mv /tmp/eksctl /usr/bin \
&& touch /etc/containers/nodocker
ENV PATH=$SONAR_SCANNER_HOME/bin:$PATH
# Adding some Ansible Key and Timeout setting as well as accepting ssh-rsa
ENV ANSIBLE_HOST_KEY_CHECKING=False \
ANSIBLE_TIMEOUT=120 \
GPG_TTY=/dev/console
COPY ssh_ansible.conf /etc/ssh/ssh_config.d/99-ansible.conf
RUN chown root:root /etc/ssh/ssh_config.d/99-ansible.conf && chmod 644 /etc/ssh/ssh_config.d/99-ansible.conf
# Ensuring the fpm tool is installed to build distro packages such as RPM and DEB
COPY rpm-sign-expect /usr/bin
RUN curl -k -s -o - \
https://nexus.jamesjonesconsulting.com/repository/package-config/rubygems/rubygems-repos.sh |\
bash
RUN gem install ffi \
&& gem install fpm \
&& chmod +x /usr/bin/rpm-sign-expect
# Setting up Pypi to use proxy
RUN curl -k -s -o - \
https://nexus.jamesjonesconsulting.com/repository/package-config/pypi/python3-pypi-repos.sh |\
bash \
&& mv ~/.config/pip/pip.conf /etc/pip.conf \
&& chmod 644 /etc/pip.conf \
&& rm -Rf ~/.config/pip
ENV PIP_CONFIG_FILE=/etc/pip.conf
# Adding on the CPAN mirror settings for Carton and cpanminus
ENV PERL_CPANM_OPT="--mirror https://nexus.jamesjonesconsulting.com/repository/cpan-proxy/" \
PERL_CARTON_MIRROR=https://nexus.jamesjonesconsulting.com/repository/cpan-proxy/

8
README.md
View File

@@ -1,7 +1,7 @@
# podman-in-docker
A fork of https://github.com/JamesJonesConsulting/podman-dind-like that seemed defunct
A cleaned-up fork of https://github.com/JamesJonesConsulting/podman-dind-like that seems to be defunct.
This is a dind-like container using podman based on `quay.io/podman/stable` with podman.sock service running
Meant to be used with gitea runner as dind replacement to avoid docker --rm race conditions (as act_runner does not properly wait for docker operations to complete and those are async)
This is a dind-like container using podman based on `quay.io/podman/stable` with podman.sock service running. Meant to
be used with gitea runner as dind replacement to avoid docker --rm race conditions, as `act_runner` does not properly
wait for docker operations to complete and those are async. Podman does not seem to have that issue

13
rpm-sign-expect
View File

@@ -1,13 +0,0 @@
#!/usr/bin/expect -f
set rpm [lindex $argv 0]
set passphrase [lindex $argv 1]
set email [lindex $argv 2]
set name [lindex $argv 3]
### rpm-sign-expect -- Sign RPMs by sending passphrase and other elements
spawn rpm --define {"_gpg_name $name <$email>"} --addsign $rpm
expect -exact "Enter pass phrase: "
send -- "$passphrase\r"
expect eof

3
ssh_ansible.conf
View File

@@ -1,3 +0,0 @@
StrictHostKeyChecking no
PubkeyAcceptedKeyTypes +ssh-rsa
HostKeyAlgorithms +ssh-rsa