softprops.tngl.sh / hello-render
hello world render app
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

workaround for buildah

Signed-off-by: softprops <d.tangren@gmail.com>

softprops 73aac1b2 eab17c22

+29 -54
+29 -54
.tangled/workflows/deploy.yml
··· 3 3 # Note: multi-arch builds are not supported on Tangled's managed spindle. 4 4 # This builds a single-arch image for the spindle's native architecture. 5 5 # 6 - # Builds the Go binary directly in the pipeline, then assembles a minimal 7 - # OCI image with buildah. Uses storage.conf and containers.conf to avoid 6 + # Uses crane (go-containerregistry) instead of buildah to avoid 8 7 # CLONE_NEWUSER (user namespace) operations which are blocked in the 9 - # spindle container environment. 8 + # spindle container environment. crane builds and pushes OCI images 9 + # using only HTTP registry API calls. 10 10 # 11 11 # Requires the DOCKER_APP_PASSWORD secret to be configured in the 12 12 # repository settings on tangled.org. ··· 18 18 19 19 dependencies: 20 20 nixpkgs: 21 - - buildah 21 + - go-containerregistry 22 22 - go 23 23 24 24 environment: ··· 28 28 CGO_ENABLED: "0" 29 29 30 30 steps: 31 - - name: Setup environment 32 - command: | 33 - set -e 34 - echo "root:x:0:0:root:/root:/sbin/nologin" >> /etc/passwd 35 - 36 - # Configure containers/storage to use vfs and skip user namespaces 37 - mkdir -p /etc/containers 38 - cat > /etc/containers/storage.conf <<'CONF' 39 - [storage] 40 - driver = "vfs" 41 - runroot = "/tmp/containers-run" 42 - graphroot = "/tmp/containers-storage" 43 - CONF 44 - 45 - cat > /etc/containers/containers.conf <<'CONF' 46 - [containers] 47 - default_capabilities = [] 48 - [engine] 49 - cgroup_manager = "cgroupfs" 50 - CONF 51 - 52 - # Ensure storage directories exist 53 - mkdir -p /tmp/containers-run /tmp/containers-storage 54 - 55 31 - name: Build Go binary 56 32 command: | 57 33 set -e 58 34 go build -ldflags="-s -w" -o app . 59 35 60 - - name: Build image 36 + - name: Build and push image 61 37 command: | 62 38 set -e 39 + FULL="${IMAGE_REGISTRY}/${IMAGE_USER}/${IMAGE_NAME}" 63 40 64 - # Create a minimal "scratch" container 65 - CTR=$(buildah --storage-driver vfs from scratch) 41 + # Authenticate crane with the registry 42 + echo "${DOCKER_APP_PASSWORD}" | crane auth login \ 43 + "${IMAGE_REGISTRY}" \ 44 + -u "${IMAGE_USER}" \ 45 + --password-stdin 66 46 67 - # Copy the pre-built binary and CA certs into the image 68 - buildah --storage-driver vfs copy "$CTR" ./app /app 69 - buildah --storage-driver vfs copy "$CTR" /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt 47 + # Prepare the filesystem layer 48 + mkdir -p staging/etc/ssl/certs 49 + cp ./app staging/app 50 + cp /etc/ssl/certs/ca-certificates.crt staging/etc/ssl/certs/ca-certificates.crt 51 + tar -cf layer.tar -C staging . 70 52 71 - # Configure the image 72 - buildah --storage-driver vfs config --port 3000 "$CTR" 73 - buildah --storage-driver vfs config --entrypoint '["/app"]' "$CTR" 53 + # Build from scratch base, append layer, set config, and push 54 + IMG=$(crane append \ 55 + -f layer.tar \ 56 + -t "${FULL}:${TANGLED_REF_NAME}" \ 57 + --oci-empty-base) 74 58 75 - # Commit the image 76 - buildah --storage-driver vfs commit "$CTR" "${IMAGE_NAME}:latest" 59 + crane mutate "$IMG" \ 60 + --entrypoint /app \ 61 + --exposed-ports 3000 \ 62 + -t "${FULL}:${TANGLED_REF_NAME}" 77 63 78 - - name: Push image 79 - command: | 80 - set -e 81 - FULL="${IMAGE_REGISTRY}/${IMAGE_USER}/${IMAGE_NAME}" 82 - 83 - echo "${DOCKER_APP_PASSWORD}" | buildah --storage-driver vfs login \ 84 - -u "${IMAGE_USER}" \ 85 - --password-stdin \ 86 - "${IMAGE_REGISTRY}" 87 - 88 - buildah --storage-driver vfs tag "${IMAGE_NAME}:latest" "${FULL}:${TANGLED_REF_NAME}" 89 - buildah --storage-driver vfs tag "${IMAGE_NAME}:latest" "${FULL}:latest" 90 - 91 - buildah --storage-driver vfs push "${FULL}:${TANGLED_REF_NAME}" 92 - buildah --storage-driver vfs push "${FULL}:latest" 64 + crane mutate "$IMG" \ 65 + --entrypoint /app \ 66 + --exposed-ports 3000 \ 67 + -t "${FULL}:latest"