softprops.tngl.sh / hello-render
hello world render app
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

workaround for buildah

Signed-off-by: softprops <d.tangren@gmail.com>

softprops 8951e015 27404bb5

+31 -11
+31 -11
.tangled/workflows/deploy.yml
··· 3 3 # Note: multi-arch builds are not supported on Tangled's managed spindle. 4 4 # This builds a single-arch image for the spindle's native architecture. 5 5 # 6 + # Builds the Go binary directly in the pipeline (avoiding Dockerfile RUN 7 + # instructions, which require CLONE_NEWUSER inside the spindle container), 8 + # then assembles a minimal OCI image with buildah. 9 + # 6 10 # Requires the DOCKER_APP_PASSWORD secret to be configured in the 7 11 # repository settings on tangled.org. 8 12 when: ··· 14 18 dependencies: 15 19 nixpkgs: 16 20 - buildah 21 + - go 17 22 18 23 environment: 19 24 BUILDAH_ISOLATION: chroot ··· 21 26 IMAGE_REGISTRY: atcr.io 22 27 IMAGE_USER: softprops.bsky.social 23 28 IMAGE_NAME: hello-render 24 - DOCKERFILE: ./Dockerfile 29 + CGO_ENABLED: "0" 25 30 26 31 steps: 27 32 - name: Ensure passwd entry for UID 0 28 33 command: | 29 34 echo "root:x:0:0:root:/root:/sbin/nologin" >> /etc/passwd 30 35 36 + - name: Build Go binary 37 + command: | 38 + set -e 39 + go build -ldflags="-s -w" -o app . 40 + 31 41 - name: Build image 32 42 command: | 33 43 set -e 34 - buildah --isolation chroot --storage-driver vfs bud \ 35 - --tag "${IMAGE_NAME}:latest" \ 36 - --file "${DOCKERFILE}" \ 37 - . 44 + 45 + # Create a minimal "scratch" container 46 + CTR=$(buildah from scratch) 47 + 48 + # Copy the pre-built binary and CA certs into the image 49 + buildah copy "$CTR" ./app /app 50 + buildah copy "$CTR" /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt 51 + 52 + # Configure the image 53 + buildah config --port 3000 "$CTR" 54 + buildah config --entrypoint '["/app"]' "$CTR" 55 + 56 + # Commit the image 57 + buildah commit "$CTR" "${IMAGE_NAME}:latest" 38 58 39 59 - name: Push image 40 60 command: | 41 61 set -e 42 62 FULL="${IMAGE_REGISTRY}/${IMAGE_USER}/${IMAGE_NAME}" 43 63 44 - buildah --storage-driver vfs login \ 64 + echo "${DOCKER_APP_PASSWORD}" | buildah login \ 45 65 -u "${IMAGE_USER}" \ 46 66 --password-stdin \ 47 - "${IMAGE_REGISTRY}" <<< "${DOCKER_APP_PASSWORD}" 67 + "${IMAGE_REGISTRY}" 48 68 49 - buildah --storage-driver vfs tag "${IMAGE_NAME}:latest" "${FULL}:${TANGLED_REF_NAME}" 50 - buildah --storage-driver vfs tag "${IMAGE_NAME}:latest" "${FULL}:latest" 69 + buildah tag "${IMAGE_NAME}:latest" "${FULL}:${TANGLED_REF_NAME}" 70 + buildah tag "${IMAGE_NAME}:latest" "${FULL}:latest" 51 71 52 - buildah --isolation chroot --storage-driver vfs push "${FULL}:${TANGLED_REF_NAME}" 53 - buildah --isolation chroot --storage-driver vfs push "${FULL}:latest" 72 + buildah push "${FULL}:${TANGLED_REF_NAME}" 73 + buildah push "${FULL}:latest"