Add code image and actions

gbraad-devenv · Jan 12, 2025 · 82b3e52 · 82b3e52
1 parent 2960637
commit 82b3e52
Show file tree

Hide file tree

Showing 10 changed files with 143 additions and 8 deletions.
diff --git a/.github/workflows/build-container-code.yml b/.github/workflows/build-container-code.yml
@@ -0,0 +1,24 @@
+name: build container - code cli
+run-name: building container - code cli
+on:
+  schedule:
+    - cron: "0 0 1 * *"
+  workflow_dispatch:
+jobs:
+  build:
+    permissions:
+      contents: read
+      packages: write
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - ubuntu-24.04
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+      - name: Run podman build - code-cli
+        run: podman build -t ghcr.io/gbraad-devenv/debian/code-cli:bookworm -f containers/Containerfile-code-cli .
+      - name: Push image to ghcr.io - code-cli
+        run: podman push --creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} ghcr.io/gbraad-devenv/debian/code-cli:bookworm
diff --git a/.github/workflows/tailscale-code-tunnel.yml b/.github/workflows/tailscale-code-tunnel.yml
@@ -0,0 +1,35 @@
+name: tailscale-code-tunnel
+on:
+  workflow_dispatch:
+
+jobs:
+  code-test:
+    runs-on: ubuntu-24.04
+
+    steps:
+      - name: Remove unwanted stuff
+        uses: gbraad-devenv/remove-unwanted@v1
+      - name: Run system container with `podman`
+        run: |
+          podman run -d --name code --hostname code-${HOSTNAME} --systemd=always --cap-add=NET_RAW --cap-add=NET_ADMIN --cap-add=SYS_ADMIN --device=/dev/net/tun --device=/dev/fuse ghcr.io/gbraad-devenv/debian/code-cli:bookworm
+      - name: Tailscale setup (root)
+        run: |
+          until podman exec code tailscale up --auth-key ${TAILSCALE_AUTHKEY} --ssh
+          do
+              sleep 0.1
+          done
+          podman exec code chmod 640 /etc/shadow
+        env:
+          TAILSCALE_AUTHKEY: ${{ secrets.TAILSCALE_AUTHKEY}}
+      - name: Start `code tunnel` as `gbraad`
+        run: |
+          podman exec code su - gbraad -c "code tunnel user login --provider github"
+          podman exec code systemctl enable --now code-tunnel@gbraad
+      - name: Hang around
+        run: |
+          until podman exec code systemctl is-active --quiet code-tunnel@gbraad
+          do
+               sleep 1
+          done
+          echo "Connect to tunnel: code-${HOSTNAME}"
+          sleep infinity
diff --git a/.github/workflows/tailscale-code.yml b/.github/workflows/tailscale-code.yml
@@ -0,0 +1,35 @@
+name: tailscale-code
+on:
+  workflow_dispatch:
+
+jobs:
+  code-test:
+    runs-on: ubuntu-24.04
+
+    steps:
+      - name: Remove unwanted stuff
+        uses: gbraad-devenv/remove-unwanted@v1
+      - name: Run system container with `podman`
+        run: |
+          podman run -d --name code --hostname code-${HOSTNAME} --systemd=always --cap-add=NET_RAW --cap-add=NET_ADMIN --cap-add=SYS_ADMIN --device=/dev/net/tun --device=/dev/fuse ghcr.io/gbraad-devenv/debian/code-cli:bookworm
+      - name: Tailscale setup (root)
+        run: |
+          until podman exec code tailscale up --auth-key ${TAILSCALE_AUTHKEY} --ssh
+          do
+              sleep 0.1
+          done
+          podman exec code chmod 640 /etc/shadow
+        env:
+          TAILSCALE_AUTHKEY: ${{ secrets.TAILSCALE_AUTHKEY}}
+      - name: Start `code serve-web` as `gbraad`
+        run: |
+          podman exec code systemctl enable --now code-serveweb@gbraad
+      - name: Hang around
+        run: |
+          until podman exec code systemctl is-active --quiet code-serveweb@gbraad
+          do
+               sleep 1
+          done
+          IP=`podman exec code tailscale ip -4`
+          echo "Open in your web browser: http://${IP}:8000"
+          sleep infinity
diff --git a/.github/workflows/tailscale-ssh.yml b/.github/workflows/tailscale-ssh.yml
@@ -11,7 +11,7 @@ jobs:
         uses: gbraad-devenv/remove-unwanted@v1
       - name: Run system container with `podman`
         run: |
-          podman run -d --name code --hostname code-${HOSTNAME} --systemd=always --cap-add=NET_RAW --cap-add=NET_ADMIN --cap-add=SYS_ADMIN --device=/dev/net/tun --device=/dev/fuse ghcr.io/gbraad-devenv/debian/systemd:bookworm
+          podman run -d --name code --hostname code-${HOSTNAME} --systemd=always --cap-add=NET_RAW --cap-add=NET_ADMIN --cap-add=SYS_ADMIN --device=/dev/net/tun --device=/dev/fuse ghcr.io/gbraad-devenv/debian/code-cli:bookworm
       - name: Tailscale setup (root)
         run: |
           until podman exec code tailscale up --auth-key ${TAILSCALE_AUTHKEY} --ssh

diff --git a/assets/[email protected] b/assets/[email protected]
@@ -0,0 +1,11 @@
+[Unit]
+Description=Code Serve Web Service
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/code serve-web --without-connection-token --host 0.0.0.0
+Restart=always
+User=%i
+
+[Install]
+WantedBy=multi-user.target
diff --git a/assets/[email protected] b/assets/[email protected]
@@ -0,0 +1,11 @@
+[Unit]
+Description=Code Tunnel Service
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/code tunnel --accept-server-license-terms --name %H
+Restart=always
+User=%i
+
+[Install]
+WantedBy=multi-user.target
diff --git a/scripts/tailscaled → assets/tailscaled b/scripts/tailscaled → assets/tailscaled
diff --git a/containers/Containerfile-base b/containers/Containerfile-base
@@ -7,6 +7,11 @@ LABEL org.opencontainers.image.source = "https://github.com/gbraad-devenv/debian
 
 USER root
 
+RUN apt-get update \
+    && apt-get install -y \
+        systemd \
+    && rm -rf /var/lib/apt/lists/*
+
 RUN apt-get update \
     && apt-get install -y \
         git \
@@ -31,10 +36,10 @@ RUN curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.noarmor.gpg | s
     && sudo apt-get update \
     && sudo apt-get install -y \
         tailscale \
-    && rm -rf /var/lib/apt/lists/*
+    && rm -rf /var/lib/apt/lists/* \
+    && mkdir -p /var/run/tailscale /var/cache/tailscale /var/lib/tailscale
 
-COPY scripts/tailscaled /etc/init.d/tailscaled
-RUN mkdir -p /var/run/tailscale /var/cache/tailscale /var/lib/tailscale
+COPY assets/tailscaled /etc/init.d/tailscaled
 
 RUN sudo mkdir -p -m 755 /etc/apt/keyrings \
     && out=$(mktemp) && wget -nv -O$out https://cli.github.com/packages/githubcli-archive-keyring.gpg \

diff --git a/containers/Containerfile-code-cli b/containers/Containerfile-code-cli
@@ -0,0 +1,17 @@
+ARG BASE_VERSION="bookworm"
+
+FROM ghcr.io/gbraad-devenv/debian/systemd:${BASE_VERSION}
+
+LABEL org.opencontainers.image.source = "https://github.com/gbraad-devenv/debian"
+
+RUN cd /tmp \
+    && curl -fL https://code.visualstudio.com/sha/download?build=stable\&os=cli-alpine-x64 -o code-cli.tar.gz \
+    && tar zxvf code-cli.tar.gz \
+    && mv code /usr/bin/code \
+    && rm -f code-cli.tar.gz
+
+# systemd
+COPY assets/[email protected] /etc/systemd/system/
+COPY assets/[email protected] /etc/systemd/system/
+
+#ENTRYPOINT [ "/sbin/init" ]
diff --git a/containers/Containerfile-systemd b/containers/Containerfile-systemd
@@ -6,9 +6,6 @@ LABEL org.opencontainers.image.source = "https://github.com/gbraad-devenv/debian
 
 USER root
 
-RUN apt-get update \
-    && apt-get install -y \
-        systemd \
-    && rm -rf /var/lib/apt/lists/*
+RUN systemctl enable tailscaled
 
 ENTRYPOINT ["/sbin/init"]