softprops.tngl.sh / hello-render
hello world render app
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

workaround for buildah

Signed-off-by: softprops <d.tangren@gmail.com>

softprops eab17c22 8951e015

+36 -17
+36 -17
.tangled/workflows/deploy.yml
··· 3 3 # Note: multi-arch builds are not supported on Tangled's managed spindle. 4 4 # This builds a single-arch image for the spindle's native architecture. 5 5 # 6 - # Builds the Go binary directly in the pipeline (avoiding Dockerfile RUN 7 - # instructions, which require CLONE_NEWUSER inside the spindle container), 8 - # then assembles a minimal OCI image with buildah. 6 + # Builds the Go binary directly in the pipeline, then assembles a minimal 7 + # OCI image with buildah. Uses storage.conf and containers.conf to avoid 8 + # CLONE_NEWUSER (user namespace) operations which are blocked in the 9 + # spindle container environment. 9 10 # 10 11 # Requires the DOCKER_APP_PASSWORD secret to be configured in the 11 12 # repository settings on tangled.org. ··· 21 22 - go 22 23 23 24 environment: 24 - BUILDAH_ISOLATION: chroot 25 - STORAGE_DRIVER: vfs 26 25 IMAGE_REGISTRY: atcr.io 27 26 IMAGE_USER: softprops.bsky.social 28 27 IMAGE_NAME: hello-render 29 28 CGO_ENABLED: "0" 30 29 31 30 steps: 32 - - name: Ensure passwd entry for UID 0 31 + - name: Setup environment 33 32 command: | 33 + set -e 34 34 echo "root:x:0:0:root:/root:/sbin/nologin" >> /etc/passwd 35 35 36 + # Configure containers/storage to use vfs and skip user namespaces 37 + mkdir -p /etc/containers 38 + cat > /etc/containers/storage.conf <<'CONF' 39 + [storage] 40 + driver = "vfs" 41 + runroot = "/tmp/containers-run" 42 + graphroot = "/tmp/containers-storage" 43 + CONF 44 + 45 + cat > /etc/containers/containers.conf <<'CONF' 46 + [containers] 47 + default_capabilities = [] 48 + [engine] 49 + cgroup_manager = "cgroupfs" 50 + CONF 51 + 52 + # Ensure storage directories exist 53 + mkdir -p /tmp/containers-run /tmp/containers-storage 54 + 36 55 - name: Build Go binary 37 56 command: | 38 57 set -e ··· 43 62 set -e 44 63 45 64 # Create a minimal "scratch" container 46 - CTR=$(buildah from scratch) 65 + CTR=$(buildah --storage-driver vfs from scratch) 47 66 48 67 # Copy the pre-built binary and CA certs into the image 49 - buildah copy "$CTR" ./app /app 50 - buildah copy "$CTR" /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt 68 + buildah --storage-driver vfs copy "$CTR" ./app /app 69 + buildah --storage-driver vfs copy "$CTR" /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt 51 70 52 71 # Configure the image 53 - buildah config --port 3000 "$CTR" 54 - buildah config --entrypoint '["/app"]' "$CTR" 72 + buildah --storage-driver vfs config --port 3000 "$CTR" 73 + buildah --storage-driver vfs config --entrypoint '["/app"]' "$CTR" 55 74 56 75 # Commit the image 57 - buildah commit "$CTR" "${IMAGE_NAME}:latest" 76 + buildah --storage-driver vfs commit "$CTR" "${IMAGE_NAME}:latest" 58 77 59 78 - name: Push image 60 79 command: | 61 80 set -e 62 81 FULL="${IMAGE_REGISTRY}/${IMAGE_USER}/${IMAGE_NAME}" 63 82 64 - echo "${DOCKER_APP_PASSWORD}" | buildah login \ 83 + echo "${DOCKER_APP_PASSWORD}" | buildah --storage-driver vfs login \ 65 84 -u "${IMAGE_USER}" \ 66 85 --password-stdin \ 67 86 "${IMAGE_REGISTRY}" 68 87 69 - buildah tag "${IMAGE_NAME}:latest" "${FULL}:${TANGLED_REF_NAME}" 70 - buildah tag "${IMAGE_NAME}:latest" "${FULL}:latest" 88 + buildah --storage-driver vfs tag "${IMAGE_NAME}:latest" "${FULL}:${TANGLED_REF_NAME}" 89 + buildah --storage-driver vfs tag "${IMAGE_NAME}:latest" "${FULL}:latest" 71 90 72 - buildah push "${FULL}:${TANGLED_REF_NAME}" 73 - buildah push "${FULL}:latest" 91 + buildah --storage-driver vfs push "${FULL}:${TANGLED_REF_NAME}" 92 + buildah --storage-driver vfs push "${FULL}:latest"