Giter Site home page Giter Site logo

rootless-builder's Introduction

Rootless builder

A simple container image for building containers using buildah, podman, Gitea/Github Actions.

Example pipline configuration

name: Build image using rootless builder
run-name: ${{ gitea.actor }} is testing 🚀
on:
  push:
    branches: [ main ]

jobs:
  build:
    name: Build and push image
    runs-on: ubuntu-latest
    container:
      image: docker.io/adathor/rootless-builder:latest
      options: --security-opt label=disabled --device /dev/fuse ## buildah needs fuse to work
    #   credentials: ## If pulling from a private registry
        # username: ${{ secrets.DOCKER_REGISTRY_USER }}
        # password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
    steps:
    - uses: actions/checkout@v2
    - name: Build Image
      id: build-image
      uses: redhat-actions/buildah-build@v2
      with:
        image: test
        tags: latest ${{ github.sha }}
        containerfiles: |
          ./Containerfile
    - name: Push To Dockerhub
      id: push-to-docker
      uses: redhat-actions/push-to-registry@v2
      with:
        image: ${{ steps.build-image.outputs.image }}
        tags: ${{ steps.build-image.outputs.tags }}
        registry: registry.adathor.com/dewhoops/test
        username: ${{ secrets.DOCKER_REGISTRY_USER }}
        password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}

Gitea runner

  1. Get a registration token from your Gitea instance
  2. Install podman and docker on the host, and enable podman.socket service for the user that will run the runner (systemctl --user enable --now podman.socket)
    • Could work without docker installed, just make a symlink from /usr/bin/podman to /usr/bin/docker
  3. Create a runner using the token:
podman run \
  --authfile=$HOME/.secret/auth.json \
  -v $PWD/config.yaml:/config.yaml:z \
  -v $PWD/data:/data:z \
  -v /run/user/1000/podman/podman.sock:/var/run/docker.sock \
  --security-opt label=disable \ ## If SELinux is enabled
  -e CONFIG_FILE=/config.yaml \
  -e GITEA_INSTANCE_URL=https://gitea.adathor.com \
  -e GITEA_RUNNER_REGISTRATION_TOKEN=SuperSecretSquirrel \
  -e GITEA_RUNNER_NAME=kazeshini \
  -e GITEA_RUNNER_LABELS="ubuntu-latest:docker://node:16-bullseye" \
  --name gitea-runner \
  -d docker.io/gitea/act_runner:latest

Since the Gitea and Github actions are interoperable follow the Github instructions for the runner deployment.

Podman quadlet

$HOME/.config/containers/systemd/gitea-runner.yml:

---
apiVersion: v1
kind: Pod
metadata:
  annotations:
    io.containers.autoupdate: "registry"
  labels:
    app: gitea-runner-pod
  name: gitea-runner-pod
spec:
  containers:
  - name: gitea-runner
    image: docker.io/gitea/act_runner:latest
    securityContext:
      seLinuxOptions:
        type: spc_t
    env:
    - name: GITEA_INSTANCE_URL
      value: https://gitea.adathor.com
    - name: GITEA_RUNNER_REGISTRATION_TOKEN
      valueFrom:
        secretKeyRef:
          name: gitea-runner-regtoken
          key: gitea-runner-token
    - name: GITEA_RUNNER_NAME
      value: vegas
    - name: GITEA_RUNNER_LABELS
      value: ubuntu-latest:docker://node:16-bullseye
    - name: CONFIG_FILE
      value: /config.yaml
    volumeMounts:
    - mountPath: /data
      name: home-podman_vol-gitea-data-host-0
    - mountPath: /var/run/docker.sock
      name: run-user-1000-podman-podman.sock-host-1
    - mountPath: /config.yaml
      name: home-podman_vol-gitea-config.yaml-host-2
  volumes:
  - hostPath:
      path: /home/podman_vol/gitea/data
      type: Directory
    name: home-podman_vol-gitea-data-host-0
  - hostPath:
      path: /run/user/1000/podman/podman.sock
      type: File
    name: run-user-1000-podman-podman.sock-host-1
  - hostPath:
      path: /home/podman_vol/gitea/config.yaml
      type: File
    name: home-podman_vol-gitea-config.yaml-host-2
---
apiVersion: v1
kind: Secret
metadata:
  name: gitea-runner-regtoken
data:
  gitea-runner-token: U3VwZXJTZWNyZXRTcXVpcnJlbA==

$HOME/.config/containers/systemd/gitea-runner.yml:

[Unit]
After=home-podman_vol.mount gitea.service

[Install]
WantedBy=default.target

[Kube]
Yaml=$HOME/.config/containers/systemd/gitea-runner.yml

[Service]
TimeoutStartSec=900
ExecStartPre=/usr/bin/sleep 5

rootless-builder's People

Contributors

apinter avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.