# podman-in-docker

A cleaned-up fork of https://github.com/JamesJonesConsulting/podman-dind-like that seems to be defunct.

This is a dind-like container using podman based on `quay.io/podman/stable` with podman.sock service running. Meant to
be used with gitea runner as dind replacement to avoid docker --rm race conditions, as `act_runner` does not properly
wait for docker operations to complete and those are async. Podman does not seem to have that issue

# Kernel pre-requisites

For this to work you need to make sure that you have the following enabled in the kernel
- `CONFIG_NF_TABLES_INET` (needs `CONFIG_IPv6`)
- `CONFIG_NFT_FIB_INET` (needs `CONFIG_NFT_FIB_IPV4` and `CONFIG_NFT_FIB_IPV6`)

and your host kernel is a decently new one. So if you are still on the time-proven debian from 2002 with kernel 2.6.* it might be a good idea to upgrade. Tested on 6.18.7. YMMV

# Runner config

That's the config for act_runner

```yaml
log:
    level: info
cache:
    enabled: true # Optional, needed for action/cache
    dir: /data/.cache # This has to be mounted into a persistent storage
container:
    # That's defaults
    network: "bridge"
    require_docker: true
    docker_timeout: 300s
    privileged: true # Needed for docker-in-podman-in-docker aka buildkit aka docker buildx
    options: "--volume=/var/run/docker.sock:/var/run/docker.sock" # for any docker command to work
    valid_volumes:
        - /var/run/docker.sock
```

# DinD config

Using Gitea's Helm chart for the runner https://gitea.com/gitea/helm-actions/

> [!NOTE]
> You need the >v0.0.2 release which, at the time of writing this, does not exist. So use the tarball URL as your helm chart directly.

`values.yaml`:
```yaml
enabled: true
statefulset:
    persistence:
        size: 1Gi # that's the data-act-runner volume from the config above
    actRunner:
        config: <config from the above>
        extraVolumeMounts:
            - name: data-act-runner # this is for the cache: true in the config
              subPath: runner-cache
              mountPath: /root/.cache
    dind:
        repository: <this docker image>
        tag: latest
        extraVolumeMounts:
            - name: data-act-runner # caches the downloaded images and is required for the native overlayfs to work
              subPath: containers
              mountPath: /var/lib/containers
existingSecret: <secret with registration token>
existingSecretKey: <token key in secret>
giteaRootURL: <your gitea url>
```

> [!NOTE]
> You either need to mount `/var/lib/containers` as shown or you need `fuse` working. The `fuse` option is not tested