diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index b0f4c31b..eba038fe 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,23 +1,41 @@ -# Use the jguer/yay-builder image as a parent image with archlinux -FROM docker.io/jguer/yay-builder +FROM quay.io/gmanka/archlinuxarm:base-devel +LABEL maintainer="Jguer,docker@jguer.space" -# Install extra packages (pacman-contrib and fish) -RUN sudo pacman -Syu --noconfirm pacman-contrib fish git-delta openssh bat go github-cli +ENV GO111MODULE=on +WORKDIR /app + +COPY go.mod . + +# asciidoc, doxygen, meson needed for pacman-git +RUN set -eux; \ + pacman-key --init; \ + pacman -Syu --noconfirm --needed pacman-contrib fish git-delta openssh bat go github-cli archlinux-keyring pacman go git gcc make base-devel sudo asciidoc doxygen meson; \ + sed -i 's/^#DisableSandboxFilesystem/DisableSandboxFilesystem/' /etc/pacman.conf; \ + sed -i 's/^#DisableSandboxSyscalls/DisableSandboxSyscalls/' /etc/pacman.conf; \ + curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v2.7.2; \ + go mod download; \ + rm -rf /var/lib/pacman/sync/* /var/cache/pacman/* /tmp/* /var/tmp/*; \ + rm -rf /usr/share/man/* /usr/share/doc/* || true; \ + yes | pacman -Scc >/dev/null 2>&1 || true + + +# Create a non-root user first +RUN useradd -m -s /bin/bash docker # Set passwordless sudo for the docker user RUN echo "docker ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/docker -# Create a non-root user and switch to it +# Switch to the docker user USER docker # Install xgotext RUN go install github.com/leonelquinteros/gotext/cli/xgotext@latest # Add /app/bin to the PATH -ENV PATH="/app/bin:/home/docker/go/bin:PATH" +ENV PATH="/app/bin:/home/docker/go/bin:$PATH" # Set the working directory WORKDIR /workspace # Command to run when starting the container -CMD ["bash"] \ No newline at end of file +CMD ["fish"] \ No newline at end of file diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index a05a5624..69d37f61 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -4,6 +4,7 @@ "context": "..", "dockerfile": "../.devcontainer/Dockerfile" }, + "overrideCommand": true, "customizations": { "vscode": { "extensions": [ diff --git a/.github/workflows/builder-image.yml b/.github/workflows/builder-image.yml index 3ceb1d34..95a99702 100644 --- a/.github/workflows/builder-image.yml +++ b/.github/workflows/builder-image.yml @@ -31,12 +31,6 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: @@ -49,7 +43,6 @@ jobs: uses: docker/metadata-action@v5 with: images: | - ${{ env.REGISTRY_IMAGE }} ghcr.io/${{ env.REGISTRY_IMAGE }} tags: | type=raw,value=latest @@ -63,7 +56,7 @@ jobs: file: ci.Dockerfile platforms: ${{ matrix.platform }} labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true + outputs: type=image,name=ghcr.io/${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true - name: Export digest run: | @@ -93,12 +86,6 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: @@ -111,7 +98,6 @@ jobs: uses: docker/metadata-action@v5 with: images: | - ${{ env.REGISTRY_IMAGE }} ghcr.io/${{ env.REGISTRY_IMAGE }} tags: | type=raw,value=latest @@ -121,23 +107,17 @@ jobs: env: DOCKER_CLI_EXPERIMENTAL: enabled run: | - # Extract Docker Hub tags - DH_TAGS=$(echo '${{ steps.meta.outputs.tags }}' | grep -v "^ghcr.io" | xargs -I {} echo "-t {}") - # Extract GitHub Container Registry tags - GHCR_TAGS=$(echo '${{ steps.meta.outputs.tags }}' | grep "^ghcr.io" | xargs -I {} echo "-t {}") + GHCR_TAGS=$(echo '${{ steps.meta.outputs.tags }}' | xargs -I {} echo "-t {}") # Create a manifest list using the image digests from /tmp/digests/* DIGESTS=$(for file in /tmp/digests/*; do - echo -n "${{ env.REGISTRY_IMAGE }}@$(cat $file) " + echo -n "ghcr.io/${{ env.REGISTRY_IMAGE }}@$(cat $file) " done) - # Create the manifest list for Docker Hub - docker buildx imagetools create $DH_TAGS $DIGESTS - # Create the manifest list for GitHub Container Registry docker buildx imagetools create $GHCR_TAGS $DIGESTS - name: Inspect image run: | - docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:latest \ No newline at end of file + docker buildx imagetools inspect ghcr.io/${{ env.REGISTRY_IMAGE }}:latest \ No newline at end of file diff --git a/.github/workflows/testing-git.yml b/.github/workflows/testing-git.yml index a34dc232..2edcf098 100644 --- a/.github/workflows/testing-git.yml +++ b/.github/workflows/testing-git.yml @@ -33,7 +33,7 @@ jobs: useradd github echo 'github ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers chmod -R 777 pacman-git - su github -c 'cd pacman-git; yes | makepkg -i --nocheck' + su github -c 'cd pacman-git; yes | makepkg -si --nocheck' - name: Run Build and Tests with pacman-git run: | make test diff --git a/Dockerfile b/Dockerfile index 92b2c604..1e39b196 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,8 +7,6 @@ ARG ARCH WORKDIR /app -RUN pacman -Syyu --overwrite=* --noconfirm - COPY . . RUN make release VERSION=${VERSION} PREFIX=${PREFIX} ARCH=${ARCH} \ No newline at end of file diff --git a/ci.Dockerfile b/ci.Dockerfile index d9d74813..1b64380d 100644 --- a/ci.Dockerfile +++ b/ci.Dockerfile @@ -1,4 +1,4 @@ -FROM docker.io/gmanka/archlinuxarm:base-devel +FROM quay.io/gmanka/archlinuxarm:base-devel LABEL maintainer="Jguer,docker@jguer.space" ENV GO111MODULE=on @@ -6,12 +6,13 @@ WORKDIR /app COPY go.mod . -ARG EXTRA_PKGS="" +# asciidoc, doxygen, meson needed for pacman-git RUN set -eux; \ pacman-key --init; \ - pacman -Syu --noconfirm --needed archlinux-keyring pacman go git gcc make base-devel sudo; \ - if [ -n "${EXTRA_PKGS}" ]; then pacman -S --noconfirm --needed ${EXTRA_PKGS}; fi; \ - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v2.4.0; \ + pacman -Syu --noconfirm --needed archlinux-keyring pacman go git gcc make base-devel sudo asciidoc doxygen meson; \ + sed -i 's/^#DisableSandboxFilesystem/DisableSandboxFilesystem/' /etc/pacman.conf; \ + sed -i 's/^#DisableSandboxSyscalls/DisableSandboxSyscalls/' /etc/pacman.conf; \ + curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v2.7.2; \ go mod download; \ rm -rf /var/lib/pacman/sync/* /var/cache/pacman/* /tmp/* /var/tmp/*; \ rm -rf /usr/share/man/* /usr/share/doc/* || true; \