ver4a/oci-builder
1
0
Fork 0
Code Activity Actions

Refactor environment variables

Browse source
This commit is contained in:
ver4a 2025-04-17 01:45:23 +02:00
parent 8181b54767
commit 31ac3096dc
1 changed files with 6 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

14
Dockerfile
View file

@ -1,23 +1,21 @@
FROM quay.io/fedora/fedora-minimal:42 FROM quay.io/fedora/fedora-minimal:42
ARG RUNNER_VERSION=6.3.1 ARG RUNNER_VERSION=6.3.1
ARG GITHUB_RUN_ID ARG GITHUB_RUN_ID
ENV BUILDAH_ISOLATION=chroot
ENV HOME=/builder
ENV REGISTRY_AUTH_FILE=/builder/.config/containers/auth.json
RUN echo ${GITHUB_RUN_ID} > /.github_run_id RUN echo ${GITHUB_RUN_ID} > /.github_run_id
RUN dnf5 -y --setopt install_weak_deps=false install podman buildah skopeo vim setpriv git nodejs22 diffutils RUN dnf5 -y --setopt install_weak_deps=false install podman buildah skopeo vim setpriv git nodejs22 diffutils
ENV BUILDAH_ISOLATION=chroot
RUN curl -sfL https://code.forgejo.org/forgejo/runner/releases/download/v${RUNNER_VERSION}/forgejo-runner-${RUNNER_VERSION}-linux-amd64 -o /usr/local/bin/forgejo-runner RUN curl -sfL https://code.forgejo.org/forgejo/runner/releases/download/v${RUNNER_VERSION}/forgejo-runner-${RUNNER_VERSION}-linux-amd64 -o /usr/local/bin/forgejo-runner
RUN chmod +x /usr/local/bin/forgejo-runner RUN chmod +x /usr/local/bin/forgejo-runner
RUN echo "nobody:65536:65536" > /etc/subuid && echo "nobody:65536:65536" > /etc/subgid RUN echo "nobody:65536:65536" > /etc/subuid && echo "nobody:65536:65536" > /etc/subgid
ENV HOME=/builder
ENV REGISTRY_AUTH_FILE=/builder/.config/containers/auth.json
# This is a workaround for https://github.com/containers/podman/issues/23818, apart from that it serves absolutely no purpose. I also don't know why it looks there, given HOME is elsewhere, but it doesn't seem to cause any issues. # This is a workaround for https://github.com/containers/podman/issues/23818, apart from that it serves absolutely no purpose. I also don't know why it looks there, given HOME is elsewhere, but it doesn't seem to cause any issues.
RUN mkdir /.config && chown 65534:65534 /.config RUN mkdir /.config && chown 65534:65534 /.config
@ -26,8 +24,6 @@ RUN mkdir /builder /builder/.config && chown -R 65534:65534 /builder
# This works around https://github.com/redhat-actions/podman-login/pull/43, until this PR is merged at least # This works around https://github.com/redhat-actions/podman-login/pull/43, until this PR is merged at least
RUN mkdir /builder/.docker && chown -R 65534:65534 /builder/.docker RUN mkdir /builder/.docker && chown -R 65534:65534 /builder/.docker
WORKDIR /builder
RUN setcap cap_setuid=ep /usr/bin/newuidmap cap_setgid=ep /usr/bin/newgidmap RUN setcap cap_setuid=ep /usr/bin/newuidmap cap_setgid=ep /usr/bin/newgidmap
RUN find / -mindepth 1 -path /proc -prune -or -path /sys -prune -or -path /dev -prune -or -type f -perm /6000 -exec sh -c "chmod ug-s '{}' && echo \"Removed setuid/setgid bit(s) from '{}'\"" \; RUN find / -mindepth 1 -path /proc -prune -or -path /sys -prune -or -path /dev -prune -or -type f -perm /6000 -exec sh -c "chmod ug-s '{}' && echo \"Removed setuid/setgid bit(s) from '{}'\"" \;
@ -42,4 +38,6 @@ RUN chmod +x /entrypoint.sh
USER 65534:65534 USER 65534:65534
WORKDIR /builder
CMD ["/entrypoint.sh"] CMD ["/entrypoint.sh"]