Update and automate build

gbraad-devenv · Jan 12, 2025 · 2960637 · 2960637
1 parent e2c3013
commit 2960637
Show file tree

Hide file tree

Showing 9 changed files with 122 additions and 33 deletions.
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -1,12 +1,18 @@
 {
     "name": "Debian developer environment",
-    //"dockerFile": "Dockerfile",
-    "image": "ghcr.io/gbraad-devenv/debian/base:bookworm",
-    "context": "..",
-    "runArgs": [ "--cap-add=NET_ADMIN", "--cap-add=NET_RAW", "--device=/dev/net/tun" ],
+    "image": "ghcr.io/gbraad-devenv/debian/dotfiles:bookworm",
+
+    "runArgs": [ "--cap-add=NET_ADMIN", "--cap-add=NET_RAW", "--device=/dev/net/tun", "--device=/dev/fuse" ],
     "postStartCommand": "github/install.sh",
-    "extensions": [
-         "ms-vscode.Theme-TomorrowKit",
-         "ritwickdey.LiveServer"
-    ]
-}
+
+    "customizations": {
+        "vscode": {
+            "extensions": [
+                "ms-vscode.Theme-TomorrowKit",
+                "ritwickdey.LiveServer",
+                "ms-toolsai.jupyter",
+                "ms-python.python"
+            ]
+        }
+    }
+}
diff --git a/.github/workflows/build-containers.yml b/.github/workflows/build-containers.yml
@@ -0,0 +1,32 @@
+name: build containers
+run-name: building containers
+on:
+  schedule:
+    - cron: "0 0 1 * *"
+  workflow_dispatch:
+jobs:
+  build:
+    permissions:
+      contents: read
+      packages: write
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - ubuntu-24.04
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+      - name: Run podman build - base
+        run: podman build -t ghcr.io/gbraad-devenv/debian/base:bookworm -f containers/Containerfile-base .
+      - name: Run podman build - dotfiles
+        run: podman build -t ghcr.io/gbraad-devenv/debian/dotfiles:bookworm -f containers/Containerfile-dotfiles .
+      - name: Run podman build - systemd
+        run: podman build -t ghcr.io/gbraad-devenv/debian/systemd:bookworm -f containers/Containerfile-systemd .
+      - name: Push image to ghcr.io - base
+        run: podman push --creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} ghcr.io/gbraad-devenv/debian/base:bookworm
+      - name: Push image to ghcr.io - dotfiles
+        run: podman push --creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} ghcr.io/gbraad-devenv/debian/dotfiles:bookworm
+      - name: Push image to ghcr.io - systemd
+        run: podman push --creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} ghcr.io/gbraad-devenv/debian/systemd:bookworm
diff --git a/.github/workflows/tailscale-ssh.yml b/.github/workflows/tailscale-ssh.yml
@@ -0,0 +1,32 @@
+name: tailscale-ssh
+on:
+  workflow_dispatch:
+
+jobs:
+  code-test:
+    runs-on: ubuntu-24.04
+
+    steps:
+      - name: Remove unwanted stuff
+        uses: gbraad-devenv/remove-unwanted@v1
+      - name: Run system container with `podman`
+        run: |
+          podman run -d --name code --hostname code-${HOSTNAME} --systemd=always --cap-add=NET_RAW --cap-add=NET_ADMIN --cap-add=SYS_ADMIN --device=/dev/net/tun --device=/dev/fuse ghcr.io/gbraad-devenv/debian/systemd:bookworm
+      - name: Tailscale setup (root)
+        run: |
+          until podman exec code tailscale up --auth-key ${TAILSCALE_AUTHKEY} --ssh
+          do
+              sleep 0.1
+          done
+          podman exec code chmod 640 /etc/shadow
+        env:
+          TAILSCALE_AUTHKEY: ${{ secrets.TAILSCALE_AUTHKEY}}
+      - name: Hang around
+        run: |
+          until podman exec code systemctl is-active --quiet tailscaled
+          do
+               sleep 1
+          done
+          IP=`podman exec code tailscale ip -4`
+          echo "Use the following command to connect \`tailscale ssh gbraad@${IP}\`"
+          sleep infinity
diff --git a/containers/Dockerfile-base → containers/Containerfile-base b/containers/Dockerfile-base → containers/Containerfile-base
@@ -1,4 +1,9 @@
-FROM debian:bookworm
+ARG BASE_IMAGE="debian"
+ARG BASE_VERSION="bookworm"
+
+FROM ${BASE_IMAGE}:${BASE_VERSION} AS base
+
+LABEL org.opencontainers.image.source = "https://github.com/gbraad-devenv/debian"
 
 USER root
 
@@ -15,9 +20,11 @@ RUN apt-get update \
         tmux \
         powerline \
         zssh \
+        wget \
     && rm -rf /var/lib/apt/lists/*
 
-RUN curl -sSL https://raw.githubusercontent.com/gbraad/dotfiles/master/install.sh | sh
+RUN git clone https://github.com/gbraad/dotfiles ~/.dotfiles \
+    && ~/.dotfiles/install.sh
 
 RUN curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null \
     && curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list \
@@ -29,15 +36,16 @@ RUN curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.noarmor.gpg | s
 COPY scripts/tailscaled /etc/init.d/tailscaled
 RUN mkdir -p /var/run/tailscale /var/cache/tailscale /var/lib/tailscale
 
-RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \
-    && sudo chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \
-    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
+RUN sudo mkdir -p -m 755 /etc/apt/keyrings \
+    && out=$(mktemp) && wget -nv -O$out https://cli.github.com/packages/githubcli-archive-keyring.gpg \
+    && cat $out | sudo tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null \
+    && sudo chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg \
+    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
     && sudo apt update \
     && sudo apt install -y \
         gh \
     && rm -rf /var/lib/apt/lists/*
 
-
 # Add user with the expected ID (automated setup does not work atm)
 RUN useradd -l -u 1000 -G sudo -md /home/gbraad -s /usr/bin/zsh -p gbraad gbraad \
     && sed -i.bkp -e '/Defaults\tuse_pty/d' -e 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL/g' /etc/sudoers

diff --git a/containers/Containerfile-dotfiles b/containers/Containerfile-dotfiles
@@ -0,0 +1,10 @@
+ARG BASE_VERSION="bookworm"
+
+FROM ghcr.io/gbraad-devenv/debian/base:${BASE_VERSION}
+
+LABEL org.opencontainers.image.source = "https://github.com/gbraad-devenv/debian"
+
+RUN git clone https://github.com/gbraad/dotfiles ~/.dotfiles \
+    && ~/.dotfiles/install.sh
+
+ENTRYPOINT [ "/bin/zsh" ]
diff --git a/containers/Containerfile-systemd b/containers/Containerfile-systemd
@@ -0,0 +1,14 @@
+ARG BASE_VERSION="bookworm"
+
+FROM ghcr.io/gbraad-devenv/debian/dotfiles:${BASE_VERSION}
+
+LABEL org.opencontainers.image.source = "https://github.com/gbraad-devenv/debian"
+
+USER root
+
+RUN apt-get update \
+    && apt-get install -y \
+        systemd \
+    && rm -rf /var/lib/apt/lists/*
+
+ENTRYPOINT ["/sbin/init"]
diff --git a/containers/Dockerfile-toolbox → containers/Containerfile-toolbox b/containers/Dockerfile-toolbox → containers/Containerfile-toolbox
@@ -1,4 +1,8 @@
-FROM ghcr.io/gbraad-devenv/debian/base:bookworm
+ARG BASE_VERSION="bookworm"
+
+FROM ghcr.io/gbraad-devenv/debian/base:${BASE_VERSION}
+
+LABEL org.opencontainers.image.source = "https://github.com/gbraad-devenv/debian"
 
 USER root
 

diff --git a/containers/Dockerfile-dotfiles b/containers/Dockerfile-dotfiles
diff --git a/containers/Dockerfile-systemd b/containers/Dockerfile-systemd