ci(yay): fix missing user (#2730)

* cleanup arch build

* don't doubleptade

* fix pacman-git build

* fix final issues with some sandbox kernels

* use quay because docker is out of steam

* remove docker hub

* -si on testing

.devcontainer/Dockerfile

@@ -1,23 +1,41 @@
-# Use the jguer/yay-builder image as a parent image with archlinux
+FROM quay.io/gmanka/archlinuxarm:base-devel
-FROM docker.io/jguer/yay-builder
+LABEL maintainer="Jguer,docker@jguer.space"
 
-# Install extra packages (pacman-contrib and fish)
+ENV GO111MODULE=on
-RUN sudo pacman -Syu --noconfirm pacman-contrib fish git-delta openssh bat go github-cli
+WORKDIR /app
+
+COPY go.mod .
+
+# asciidoc, doxygen, meson needed for pacman-git
+RUN set -eux; \
+    pacman-key --init; \
+    pacman -Syu --noconfirm --needed pacman-contrib fish git-delta openssh bat go github-cli archlinux-keyring pacman go git gcc make base-devel sudo asciidoc doxygen meson; \
+    sed -i 's/^#DisableSandboxFilesystem/DisableSandboxFilesystem/' /etc/pacman.conf; \
+    sed -i 's/^#DisableSandboxSyscalls/DisableSandboxSyscalls/' /etc/pacman.conf; \
+    curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v2.7.2; \
+    go mod download; \
+    rm -rf /var/lib/pacman/sync/* /var/cache/pacman/* /tmp/* /var/tmp/*; \
+    rm -rf /usr/share/man/* /usr/share/doc/* || true; \
+    yes | pacman -Scc >/dev/null 2>&1 || true
+
+
+# Create a non-root user first
+RUN useradd -m -s /bin/bash docker
 
 # Set passwordless sudo for the docker user
 RUN echo "docker ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/docker
 
-# Create a non-root user and switch to it
+# Switch to the docker user
 USER docker
 
 # Install xgotext
 RUN go install github.com/leonelquinteros/gotext/cli/xgotext@latest
 
 # Add /app/bin to the PATH
-ENV PATH="/app/bin:/home/docker/go/bin:PATH"
+ENV PATH="/app/bin:/home/docker/go/bin:$PATH"
 
 # Set the working directory
 WORKDIR /workspace
 
 # Command to run when starting the container
-CMD ["bash"]
+CMD ["fish"]

.devcontainer/devcontainer.json

@@ -4,6 +4,7 @@
 		"context": "..",
 		"dockerfile": "../.devcontainer/Dockerfile"
 	},
+	"overrideCommand": true,
 	"customizations": {
 		"vscode": {
 			"extensions": [

.github/workflows/builder-image.yml

@@ -31,12 +31,6 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
@@ -49,7 +43,6 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: |
-            ${{ env.REGISTRY_IMAGE }}
             ghcr.io/${{ env.REGISTRY_IMAGE }}
           tags: |
             type=raw,value=latest
@@ -63,7 +56,7 @@ jobs:
           file: ci.Dockerfile
           platforms: ${{ matrix.platform }}
           labels: ${{ steps.meta.outputs.labels }}
-          outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true
+          outputs: type=image,name=ghcr.io/${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true
 
       - name: Export digest
         run: |
@@ -93,12 +86,6 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
@@ -111,7 +98,6 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: |
-            ${{ env.REGISTRY_IMAGE }}
             ghcr.io/${{ env.REGISTRY_IMAGE }}
           tags: |
             type=raw,value=latest
@@ -121,23 +107,17 @@ jobs:
         env:
           DOCKER_CLI_EXPERIMENTAL: enabled
         run: |
-          # Extract Docker Hub tags
-          DH_TAGS=$(echo '${{ steps.meta.outputs.tags }}' | grep -v "^ghcr.io" | xargs -I {} echo "-t {}")
-          
           # Extract GitHub Container Registry tags
-          GHCR_TAGS=$(echo '${{ steps.meta.outputs.tags }}' | grep "^ghcr.io" | xargs -I {} echo "-t {}")
+          GHCR_TAGS=$(echo '${{ steps.meta.outputs.tags }}' | xargs -I {} echo "-t {}")
           
           # Create a manifest list using the image digests from /tmp/digests/*
           DIGESTS=$(for file in /tmp/digests/*; do
-            echo -n "${{ env.REGISTRY_IMAGE }}@$(cat $file) "
+            echo -n "ghcr.io/${{ env.REGISTRY_IMAGE }}@$(cat $file) "
           done)
           
-          # Create the manifest list for Docker Hub
-          docker buildx imagetools create $DH_TAGS $DIGESTS
-          
           # Create the manifest list for GitHub Container Registry
           docker buildx imagetools create $GHCR_TAGS $DIGESTS
 
       - name: Inspect image
         run: |
-          docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:latest
+          docker buildx imagetools inspect ghcr.io/${{ env.REGISTRY_IMAGE }}:latest

.github/workflows/testing-git.yml

@@ -33,7 +33,7 @@ jobs:
           useradd github
           echo 'github ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
           chmod -R 777 pacman-git
-          su github -c 'cd pacman-git; yes | makepkg -i --nocheck'
+          su github -c 'cd pacman-git; yes | makepkg -si --nocheck'
       - name: Run Build and Tests with pacman-git
         run: |
           make test

Dockerfile

@@ -7,8 +7,6 @@ ARG ARCH
 
 WORKDIR /app
 
-RUN pacman -Syyu --overwrite=* --noconfirm
-
 COPY . .
 
 RUN make release VERSION=${VERSION} PREFIX=${PREFIX} ARCH=${ARCH}

ci.Dockerfile

@@ -1,4 +1,4 @@
-FROM docker.io/gmanka/archlinuxarm:base-devel
+FROM quay.io/gmanka/archlinuxarm:base-devel
 LABEL maintainer="Jguer,docker@jguer.space"
 
 ENV GO111MODULE=on
@@ -6,12 +6,13 @@ WORKDIR /app
 
 COPY go.mod .
 
-ARG EXTRA_PKGS=""
+# asciidoc, doxygen, meson needed for pacman-git
 RUN set -eux; \
     pacman-key --init; \
-    pacman -Syu --noconfirm --needed archlinux-keyring pacman go git gcc make base-devel sudo; \
+    pacman -Syu --noconfirm --needed archlinux-keyring pacman go git gcc make base-devel sudo asciidoc doxygen meson; \
-    if [ -n "${EXTRA_PKGS}" ]; then pacman -S --noconfirm --needed ${EXTRA_PKGS}; fi; \
+    sed -i 's/^#DisableSandboxFilesystem/DisableSandboxFilesystem/' /etc/pacman.conf; \
-    curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v2.4.0; \
+    sed -i 's/^#DisableSandboxSyscalls/DisableSandboxSyscalls/' /etc/pacman.conf; \
+    curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v2.7.2; \
     go mod download; \
     rm -rf /var/lib/pacman/sync/* /var/cache/pacman/* /tmp/* /var/tmp/*; \
     rm -rf /usr/share/man/* /usr/share/doc/* || true; \