From 2960637f0cd47c6d9bb221edc40d4523ffe875ae Mon Sep 17 00:00:00 2001 From: Gerard Braad Date: Sun, 12 Jan 2025 04:12:21 +0000 Subject: [PATCH] Update and automate build --- .devcontainer/devcontainer.json | 24 ++++++++------ .github/workflows/build-containers.yml | 32 +++++++++++++++++++ .github/workflows/tailscale-ssh.yml | 32 +++++++++++++++++++ .../{Dockerfile-base => Containerfile-base} | 20 ++++++++---- containers/Containerfile-dotfiles | 10 ++++++ containers/Containerfile-systemd | 14 ++++++++ ...ckerfile-toolbox => Containerfile-toolbox} | 6 +++- containers/Dockerfile-dotfiles | 6 ---- containers/Dockerfile-systemd | 11 ------- 9 files changed, 122 insertions(+), 33 deletions(-) create mode 100644 .github/workflows/build-containers.yml create mode 100644 .github/workflows/tailscale-ssh.yml rename containers/{Dockerfile-base => Containerfile-base} (59%) create mode 100644 containers/Containerfile-dotfiles create mode 100644 containers/Containerfile-systemd rename containers/{Dockerfile-toolbox => Containerfile-toolbox} (77%) delete mode 100644 containers/Dockerfile-dotfiles delete mode 100644 containers/Dockerfile-systemd diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 08f0d1e..02b1b6a 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,12 +1,18 @@ { "name": "Debian developer environment", - //"dockerFile": "Dockerfile", - "image": "ghcr.io/gbraad-devenv/debian/base:bookworm", - "context": "..", - "runArgs": [ "--cap-add=NET_ADMIN", "--cap-add=NET_RAW", "--device=/dev/net/tun" ], + "image": "ghcr.io/gbraad-devenv/debian/dotfiles:bookworm", + + "runArgs": [ "--cap-add=NET_ADMIN", "--cap-add=NET_RAW", "--device=/dev/net/tun", "--device=/dev/fuse" ], "postStartCommand": "github/install.sh", - "extensions": [ - "ms-vscode.Theme-TomorrowKit", - "ritwickdey.LiveServer" - ] -} + + "customizations": { + "vscode": { + "extensions": [ + "ms-vscode.Theme-TomorrowKit", + "ritwickdey.LiveServer", + "ms-toolsai.jupyter", + "ms-python.python" + ] + } + } +} \ No newline at end of file diff --git a/.github/workflows/build-containers.yml b/.github/workflows/build-containers.yml new file mode 100644 index 0000000..fee7a29 --- /dev/null +++ b/.github/workflows/build-containers.yml @@ -0,0 +1,32 @@ +name: build containers +run-name: building containers +on: + schedule: + - cron: "0 0 1 * *" + workflow_dispatch: +jobs: + build: + permissions: + contents: read + packages: write + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + os: + - ubuntu-24.04 + steps: + - name: Check out repository code + uses: actions/checkout@v4 + - name: Run podman build - base + run: podman build -t ghcr.io/gbraad-devenv/debian/base:bookworm -f containers/Containerfile-base . + - name: Run podman build - dotfiles + run: podman build -t ghcr.io/gbraad-devenv/debian/dotfiles:bookworm -f containers/Containerfile-dotfiles . + - name: Run podman build - systemd + run: podman build -t ghcr.io/gbraad-devenv/debian/systemd:bookworm -f containers/Containerfile-systemd . + - name: Push image to ghcr.io - base + run: podman push --creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} ghcr.io/gbraad-devenv/debian/base:bookworm + - name: Push image to ghcr.io - dotfiles + run: podman push --creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} ghcr.io/gbraad-devenv/debian/dotfiles:bookworm + - name: Push image to ghcr.io - systemd + run: podman push --creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} ghcr.io/gbraad-devenv/debian/systemd:bookworm diff --git a/.github/workflows/tailscale-ssh.yml b/.github/workflows/tailscale-ssh.yml new file mode 100644 index 0000000..b3a6019 --- /dev/null +++ b/.github/workflows/tailscale-ssh.yml @@ -0,0 +1,32 @@ +name: tailscale-ssh +on: + workflow_dispatch: + +jobs: + code-test: + runs-on: ubuntu-24.04 + + steps: + - name: Remove unwanted stuff + uses: gbraad-devenv/remove-unwanted@v1 + - name: Run system container with `podman` + run: | + podman run -d --name code --hostname code-${HOSTNAME} --systemd=always --cap-add=NET_RAW --cap-add=NET_ADMIN --cap-add=SYS_ADMIN --device=/dev/net/tun --device=/dev/fuse ghcr.io/gbraad-devenv/debian/systemd:bookworm + - name: Tailscale setup (root) + run: | + until podman exec code tailscale up --auth-key ${TAILSCALE_AUTHKEY} --ssh + do + sleep 0.1 + done + podman exec code chmod 640 /etc/shadow + env: + TAILSCALE_AUTHKEY: ${{ secrets.TAILSCALE_AUTHKEY}} + - name: Hang around + run: | + until podman exec code systemctl is-active --quiet tailscaled + do + sleep 1 + done + IP=`podman exec code tailscale ip -4` + echo "Use the following command to connect \`tailscale ssh gbraad@${IP}\`" + sleep infinity \ No newline at end of file diff --git a/containers/Dockerfile-base b/containers/Containerfile-base similarity index 59% rename from containers/Dockerfile-base rename to containers/Containerfile-base index c76d023..2d30a0b 100644 --- a/containers/Dockerfile-base +++ b/containers/Containerfile-base @@ -1,4 +1,9 @@ -FROM debian:bookworm +ARG BASE_IMAGE="debian" +ARG BASE_VERSION="bookworm" + +FROM ${BASE_IMAGE}:${BASE_VERSION} AS base + +LABEL org.opencontainers.image.source = "https://github.com/gbraad-devenv/debian" USER root @@ -15,9 +20,11 @@ RUN apt-get update \ tmux \ powerline \ zssh \ + wget \ && rm -rf /var/lib/apt/lists/* -RUN curl -sSL https://raw.githubusercontent.com/gbraad/dotfiles/master/install.sh | sh +RUN git clone https://github.com/gbraad/dotfiles ~/.dotfiles \ + && ~/.dotfiles/install.sh RUN curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null \ && curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list \ @@ -29,15 +36,16 @@ RUN curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.noarmor.gpg | s COPY scripts/tailscaled /etc/init.d/tailscaled RUN mkdir -p /var/run/tailscale /var/cache/tailscale /var/lib/tailscale -RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \ - && sudo chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \ - && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null \ +RUN sudo mkdir -p -m 755 /etc/apt/keyrings \ + && out=$(mktemp) && wget -nv -O$out https://cli.github.com/packages/githubcli-archive-keyring.gpg \ + && cat $out | sudo tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null \ + && sudo chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg \ + && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null \ && sudo apt update \ && sudo apt install -y \ gh \ && rm -rf /var/lib/apt/lists/* - # Add user with the expected ID (automated setup does not work atm) RUN useradd -l -u 1000 -G sudo -md /home/gbraad -s /usr/bin/zsh -p gbraad gbraad \ && sed -i.bkp -e '/Defaults\tuse_pty/d' -e 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL/g' /etc/sudoers diff --git a/containers/Containerfile-dotfiles b/containers/Containerfile-dotfiles new file mode 100644 index 0000000..5109d10 --- /dev/null +++ b/containers/Containerfile-dotfiles @@ -0,0 +1,10 @@ +ARG BASE_VERSION="bookworm" + +FROM ghcr.io/gbraad-devenv/debian/base:${BASE_VERSION} + +LABEL org.opencontainers.image.source = "https://github.com/gbraad-devenv/debian" + +RUN git clone https://github.com/gbraad/dotfiles ~/.dotfiles \ + && ~/.dotfiles/install.sh + +ENTRYPOINT [ "/bin/zsh" ] diff --git a/containers/Containerfile-systemd b/containers/Containerfile-systemd new file mode 100644 index 0000000..af99d3c --- /dev/null +++ b/containers/Containerfile-systemd @@ -0,0 +1,14 @@ +ARG BASE_VERSION="bookworm" + +FROM ghcr.io/gbraad-devenv/debian/dotfiles:${BASE_VERSION} + +LABEL org.opencontainers.image.source = "https://github.com/gbraad-devenv/debian" + +USER root + +RUN apt-get update \ + && apt-get install -y \ + systemd \ + && rm -rf /var/lib/apt/lists/* + +ENTRYPOINT ["/sbin/init"] diff --git a/containers/Dockerfile-toolbox b/containers/Containerfile-toolbox similarity index 77% rename from containers/Dockerfile-toolbox rename to containers/Containerfile-toolbox index 84ad071..33bb963 100644 --- a/containers/Dockerfile-toolbox +++ b/containers/Containerfile-toolbox @@ -1,4 +1,8 @@ -FROM ghcr.io/gbraad-devenv/debian/base:bookworm +ARG BASE_VERSION="bookworm" + +FROM ghcr.io/gbraad-devenv/debian/base:${BASE_VERSION} + +LABEL org.opencontainers.image.source = "https://github.com/gbraad-devenv/debian" USER root diff --git a/containers/Dockerfile-dotfiles b/containers/Dockerfile-dotfiles deleted file mode 100644 index 327c580..0000000 --- a/containers/Dockerfile-dotfiles +++ /dev/null @@ -1,6 +0,0 @@ -FROM ghcr.io/gbraad-devenv/debian/base:bookworm - -RUN git clone https://github.com/gbraad/dotfiles ~/.dotfiles \ - && ~/.dotfiles/install.sh - -ENTRYPOINT [ "/bin/zsh" ] diff --git a/containers/Dockerfile-systemd b/containers/Dockerfile-systemd deleted file mode 100644 index ee0349b..0000000 --- a/containers/Dockerfile-systemd +++ /dev/null @@ -1,11 +0,0 @@ -FROM ghcr.io/gbraad-devenv/debian/dotfiles:bookworm - -USER root - -RUN apt-get update \ - && apt-get install -y \ - systemd \ - && rm -rf /var/lib/apt/lists/* - -ENTRYPOINT ["/sbin/init"] -CMD ["/sbin/init"]