diff --git a/.forgejo/workflows/build-fedora-40.yml b/.forgejo/workflows/build-fedora-40.yml index 5c87319..2bf1e64 100644 --- a/.forgejo/workflows/build-fedora-40.yml +++ b/.forgejo/workflows/build-fedora-40.yml @@ -21,26 +21,20 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 + - name: Setup Bun + uses: oven-sh/setup-bun@v2 + with: + bun-version-file: 'package.json' - name: Fulfill Package Manager Cache run: dnf makecache -y --releasever 40 - name: Sign in to Image Index run: buildah login code.lightstands.xyz --username ${{ env.GITHUB_ACTOR }} --password ${{ secrets.PUBLICATION_TOKEN }} - name: Build Minimal Images - run: | - cd fedora-40-minimal && \ - buildah manifest create code.lightstands.xyz/standcoded/fedora-minimal:40 && \ - buildah build --arch aarch64 \ - --pid=host --ipc=host --network=host --userns=host --uts=host -v /var/cache/dnf:/var/cache/dnf \ - --manifest code.lightstands.xyz/standcoded/fedora-minimal:40 . + run: DNF_CACHE_PATH=/var/cache/dnf bun shared/build-image.ts code.lightstands.xyz/standcoded/fedora-minimal:40 fedora-40-minimal aarch64 - name: Push Minimal Images run: buildah manifest push code.lightstands.xyz/standcoded/fedora-minimal:40 --all - name: Build Complete Images - run: | - cd fedora-40 && \ - buildah manifest create code.lightstands.xyz/standcoded/fedora:40 && \ - buildah build --arch aarch64 \ - --pid=host --ipc=host --network=host --userns=host --uts=host -v /var/cache/dnf:/var/cache/dnf \ - --manifest code.lightstands.xyz/standcoded/fedora:40 . + run: DNF_CACHE_PATH=/var/cache/dnf bun shared/build-image.ts code.lightstands.xyz/standcoded/fedora:40 fedora-40 aarch64 - name: Push Complete Images run: buildah manifest push code.lightstands.xyz/standcoded/fedora:40 --all diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9b1ee42 --- /dev/null +++ b/.gitignore @@ -0,0 +1,175 @@ +# Based on https://raw.githubusercontent.com/github/gitignore/main/Node.gitignore + +# Logs + +logs +_.log +npm-debug.log_ +yarn-debug.log* +yarn-error.log* +lerna-debug.log* +.pnpm-debug.log* + +# Caches + +.cache + +# Diagnostic reports (https://nodejs.org/api/report.html) + +report.[0-9]_.[0-9]_.[0-9]_.[0-9]_.json + +# Runtime data + +pids +_.pid +_.seed +*.pid.lock + +# Directory for instrumented libs generated by jscoverage/JSCover + +lib-cov + +# Coverage directory used by tools like istanbul + +coverage +*.lcov + +# nyc test coverage + +.nyc_output + +# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) + +.grunt + +# Bower dependency directory (https://bower.io/) + +bower_components + +# node-waf configuration + +.lock-wscript + +# Compiled binary addons (https://nodejs.org/api/addons.html) + +build/Release + +# Dependency directories + +node_modules/ +jspm_packages/ + +# Snowpack dependency directory (https://snowpack.dev/) + +web_modules/ + +# TypeScript cache + +*.tsbuildinfo + +# Optional npm cache directory + +.npm + +# Optional eslint cache + +.eslintcache + +# Optional stylelint cache + +.stylelintcache + +# Microbundle cache + +.rpt2_cache/ +.rts2_cache_cjs/ +.rts2_cache_es/ +.rts2_cache_umd/ + +# Optional REPL history + +.node_repl_history + +# Output of 'npm pack' + +*.tgz + +# Yarn Integrity file + +.yarn-integrity + +# dotenv environment variable files + +.env +.env.development.local +.env.test.local +.env.production.local +.env.local + +# parcel-bundler cache (https://parceljs.org/) + +.parcel-cache + +# Next.js build output + +.next +out + +# Nuxt.js build / generate output + +.nuxt +dist + +# Gatsby files + +# Comment in the public line in if your project uses Gatsby and not Next.js + +# https://nextjs.org/blog/next-9-1#public-directory-support + +# public + +# vuepress build output + +.vuepress/dist + +# vuepress v2.x temp and cache directory + +.temp + +# Docusaurus cache and generated files + +.docusaurus + +# Serverless directories + +.serverless/ + +# FuseBox cache + +.fusebox/ + +# DynamoDB Local files + +.dynamodb/ + +# TernJS port file + +.tern-port + +# Stores VSCode versions used for testing VSCode extensions + +.vscode-test + +# yarn v2 + +.yarn/cache +.yarn/unplugged +.yarn/build-state.yml +.yarn/install-state.gz +.pnp.* + +# IntelliJ based IDEs +.idea + +# Finder (MacOS) folder config +.DS_Store diff --git a/.prettierrc b/.prettierrc new file mode 100644 index 0000000..e69de29 diff --git a/bun.lockb b/bun.lockb new file mode 100755 index 0000000..e110007 Binary files /dev/null and b/bun.lockb differ diff --git a/fedora-40-minimal/Containerfile b/fedora-40-minimal/Containerfile index cc6bbc2..0b85597 100644 --- a/fedora-40-minimal/Containerfile +++ b/fedora-40-minimal/Containerfile @@ -1,61 +1,12 @@ FROM fedora:40 -RUN dnf update -y --setopt install_weak_deps=False - -RUN dnf install -y --setopt install_weak_deps=False git git-lfs git-ftp fuse-overlayfs - -RUN dnf install -y --setopt install_weak_deps=False nodejs nodejs-npm python3-devel python3-pip pipx - -RUN dnf install -y --setopt install_weak_deps=False perl perl-CPAN ruby rubygems - -RUN dnf install -y --setopt install_weak_deps=False clang gcc - -RUN dnf install -y --setopt install_weak_deps=False coreutils bash aria2 jq yq zstd brotli sqlite - -RUN dnf install -y --setopt install_weak_deps=False buildah podman --exclude container-selinux +RUN sh /imgbuild/fedora/instpkgs-minimal.sh # We don't clean up dnf cache since user may want to install packages for their use ADD containers.conf /etc/containers/ -# Copy & modify the defaults to provide reference if runtime changes needed. -# Changes here are required for running with fuse-overlay storage inside container. -RUN sed -e 's|^#mount_program|mount_program|g' \ - -e '/additionalimage.*/a "/var/lib/shared",' \ - -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \ - /usr/share/containers/storage.conf \ - > /etc/containers/storage.conf && \ - chmod 644 /etc/containers/storage.conf && \ - chmod 644 /etc/containers/containers.conf - -RUN mkdir -p /var/lib/shared/overlay-images \ - /var/lib/shared/overlay-layers \ - /var/lib/shared/vfs-images \ - /var/lib/shared/vfs-layers && \ - touch /var/lib/shared/overlay-images/images.lock && \ - touch /var/lib/shared/overlay-layers/layers.lock && \ - touch /var/lib/shared/vfs-images/images.lock && \ - touch /var/lib/shared/vfs-layers/layers.lock - -# Define uid/gid ranges for our user https://github.com/containers/buildah/issues/3053 -RUN useradd action && \ - echo -e "action:1:999\action:1001:64535" > /etc/subuid && \ - echo -e "action:1:999\action:1001:64535" > /etc/subgid && \ - mkdir -p /home/action/.local/share/containers && \ - mkdir -p /home/action/.config/containers && \ - chown -R action:action /home/action - -# See: https://github.com/containers/buildah/issues/4669 -# Copy & modify the config for the `action` user and remove the global -# `runroot` and `graphroot` which current `actuib` user cannot access, -# in such case storage will choose a runroot in `/var/tmp`. -RUN sed -e 's|^#mount_program|mount_program|g' \ - -e 's|^graphroot|#graphroot|g' \ - -e 's|^runroot|#runroot|g' \ - /etc/containers/storage.conf \ - > /home/action/.config/containers/storage.conf && \ - chown action:action /home/action/.config/containers/storage.conf - +RUN sh /imgbuild/configure-nested-container.sh VOLUME /var/lib/containers VOLUME /home/action/.local/share/containers diff --git a/package.json b/package.json new file mode 100644 index 0000000..42d98da --- /dev/null +++ b/package.json @@ -0,0 +1,12 @@ +{ + "name": "runner-images", + "private": "true", + "type": "module", + "devDependencies": { + "@types/bun": "latest" + }, + "peerDependencies": { + "typescript": "^5.0.0" + }, + "packageManager": "bun@1.1.36" +} \ No newline at end of file diff --git a/shared/build-image.ts b/shared/build-image.ts new file mode 100644 index 0000000..6e134d3 --- /dev/null +++ b/shared/build-image.ts @@ -0,0 +1,17 @@ +#!/usr/bin/env bun +const $ = Bun.$; + +const sharedDir = import.meta.dir; +const tag = process.argv[2]; +const dirName = process.argv[3]; +const arches = process.argv[4].split(","); +const pathToDnfCache = process.env["DNF_CACHE_PATH"]; + +await $`buildah manifest create ${tag}`; +for (const arch of arches) { + await $`buildah build --arch ${arch} \ + --pid=host --ipc=host --network=host --userns=host \ + --uts=host ${pathToDnfCache ? `-v /var/cache/dnf:/var/cache/dnf` : ""} \ + --manifest code.lightstands.xyz/standcoded/${tag} \ + --volume ${sharedDir}:/imgbuild:z ${dirName}`; +} diff --git a/shared/configure-nested-container.sh b/shared/configure-nested-container.sh new file mode 100644 index 0000000..f6e7a2a --- /dev/null +++ b/shared/configure-nested-container.sh @@ -0,0 +1,39 @@ +#!/bin/sh + +# Copy & modify the defaults to provide reference if runtime changes needed. +# Changes here are required for running with fuse-overlay storage inside container. +sed -e 's|^#mount_program|mount_program|g' \ + -e '/additionalimage.*/a "/var/lib/shared",' \ + -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \ + /usr/share/containers/storage.conf \ + > /etc/containers/storage.conf && \ + chmod 644 /etc/containers/storage.conf && \ + chmod 644 /etc/containers/containers.conf + +mkdir -p /var/lib/shared/overlay-images \ + /var/lib/shared/overlay-layers \ + /var/lib/shared/vfs-images \ + /var/lib/shared/vfs-layers && \ + touch /var/lib/shared/overlay-images/images.lock && \ + touch /var/lib/shared/overlay-layers/layers.lock && \ + touch /var/lib/shared/vfs-images/images.lock && \ + touch /var/lib/shared/vfs-layers/layers.lock + +# Define uid/gid ranges for our user https://github.com/containers/buildah/issues/3053 +useradd action && \ + echo -e "action:1:999\action:1001:64535" > /etc/subuid && \ + echo -e "action:1:999\action:1001:64535" > /etc/subgid && \ + mkdir -p /home/action/.local/share/containers && \ + mkdir -p /home/action/.config/containers && \ + chown -R action:action /home/action + +# See: https://github.com/containers/buildah/issues/4669 +# Copy & modify the config for the `action` user and remove the global +# `runroot` and `graphroot` which current `actuib` user cannot access, +# in such case storage will choose a runroot in `/var/tmp`. +sed -e 's|^#mount_program|mount_program|g' \ + -e 's|^graphroot|#graphroot|g' \ + -e 's|^runroot|#runroot|g' \ + /etc/containers/storage.conf \ + > /home/action/.config/containers/storage.conf && \ + chown action:action /home/action/.config/containers/storage.conf \ No newline at end of file diff --git a/shared/fedora/instpkgs-minimal.sh b/shared/fedora/instpkgs-minimal.sh new file mode 100644 index 0000000..989c429 --- /dev/null +++ b/shared/fedora/instpkgs-minimal.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env sh + +dnf update -y --setopt install_weak_deps=False && \ +dnf install -y --setopt install_weak_deps=False git git-lfs git-ftp fuse-overlayfs \ + nodejs nodejs-npm python3-devel python3-pip pipx \ + perl perl-CPAN ruby rubygems \ + clang gcc \ + coreutils bash aria2 jq yq zstd brotli sqlite \ + buildah podman \ + --exclude container-selinux diff --git a/tsconfig.json b/tsconfig.json new file mode 100644 index 0000000..3064c7a --- /dev/null +++ b/tsconfig.json @@ -0,0 +1,29 @@ +{ + "compilerOptions": { + // Enable latest features + "lib": ["ESNext", "DOM"], + "target": "ESNext", + "module": "ESNext", + "moduleDetection": "force", + "allowJs": true, + + // Bundler mode + "moduleResolution": "bundler", + "allowImportingTsExtensions": true, + "verbatimModuleSyntax": true, + "noEmit": true, + + // Best practices + "strict": true, + "skipLibCheck": true, + "noFallthroughCasesInSwitch": true, + + // Some stricter flags (disabled by default) + "noUnusedLocals": false, + "noUnusedParameters": false, + "noPropertyAccessFromIndexSignature": false + }, + "include": [ + "./**/**.ts", "./**/**.js" + ] +}