Prefer systemd container rather than sudoer #45
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Container | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| branches: | |
| - main | |
| paths-ignore: | |
| - '**.md' | |
| - '.vscode/**' | |
| - '.git**' | |
| - '!.github/workflows/container.yml' | |
| pull_request: | |
| paths-ignore: | |
| - '**.md' | |
| - '.vscode/**' | |
| - '.git**' | |
| - '!.github/workflows/container.yml' | |
| workflow_dispatch: | |
| jobs: | |
| get-meta: | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 5 | |
| outputs: | |
| started_at: ${{ steps.timestamp.outputs.started_at }} | |
| steps: | |
| - name: Get started timestamp | |
| id: timestamp | |
| run: | | |
| # Do not use ":" delimiter as iso-8601/rfc-3339, it cannot be used in container tag | |
| echo "started_at=$(date --utc '+%Y%m%d-%H%M%S-%Z')" >> "$GITHUB_OUTPUT" | |
| build_and_push: | |
| needs: [get-meta] | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 60 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Build Image | |
| uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 #v2.13 | |
| with: | |
| image: systemd | |
| tags: latest ${{ github.sha }} ${{ needs.get-meta.outputs.started_at }} | |
| containerfiles: | | |
| containers/Containerfile | |
| oci: true | |
| - name: Logging podman version | |
| run: podman version | |
| - name: Run and commit Nix operations by the user while running the systemd | |
| run: | | |
| podman run --rm systemd & | |
| container_name="$(podman ps --sort=created --format {{.Names}} | tail -1)" | |
| podman exec --user=user -it "$container_name" /provisioner/needs_systemd.bash | |
| podman commit "$container_name" ran-nix-commands-by-user | |
| podman kill "$container_name" | |
| - name: Finalize the image | |
| id: build-image | |
| uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 #v2.13 | |
| with: | |
| image: home | |
| base-image: ran-nix-commands-by-user | |
| tags: latest ${{ github.sha }} ${{ needs.get-meta.outputs.started_at }} | |
| oci: true | |
| - name: Push To ghcr.io | |
| id: push-to-ghcr | |
| if: ${{ github.event_name != 'pull_request' }} | |
| uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c #v2.8 | |
| with: | |
| image: ${{ steps.build-image.outputs.image }} | |
| tags: ${{ steps.build-image.outputs.tags }} | |
| registry: ghcr.io/${{ github.repository_owner }} | |
| username: ${{ github.repository_owner }} | |
| password: ${{ github.token }} | |
| - name: Log pushed outputs | |
| if: ${{ github.event_name != 'pull_request' }} | |
| run: echo "${{ toJSON(steps.push-to-ghcr.outputs) }}" |