test on ci.yml
This commit is contained in:
parent
7510dbb77c
commit
3e23338255
1 changed files with 26 additions and 41 deletions
|
|
@ -1,54 +1,39 @@
|
||||||
name: CI/CD Pipeline with Direct Podman Access
|
name: Podman Rootless Demo
|
||||||
|
on: [push, pull_request]
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches: [main]
|
|
||||||
pull_request:
|
|
||||||
branches: [main]
|
|
||||||
|
|
||||||
env:
|
|
||||||
REGISTRY: ${{ secrets.REGISTRY_HOST }}
|
|
||||||
APP_NAME: ${{ secrets.APP_NAME }}
|
|
||||||
IMAGE_TAG: ${{ github.sha }}
|
|
||||||
RUN_ID: ${{ github.run_id }}
|
|
||||||
RUST_IMG_DIGEST: ${{ secrets.RUST_IMG_DIGEST }}
|
|
||||||
NODE_IMG_DIGEST: ${{ secrets.NODE_IMG_DIGEST }}
|
|
||||||
POSTGRES_IMG_DIGEST: ${{ secrets.POSTGRES_IMG_DIGEST }}
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
test-backend:
|
test-backend:
|
||||||
runs-on: [ci]
|
runs-on: [ci]
|
||||||
container:
|
|
||||||
image: git.gcdo.org/devteam/sharenet/ci-node-podman@sha256:eb0d942bd9a8cc69c63eb9ccf3877703898d676d0268cf379defdcda7e55f37f
|
# Point all steps at the host's rootless Podman socket
|
||||||
|
env:
|
||||||
|
# Point the client at the mounted socket
|
||||||
|
CONTAINER_HOST: unix:///run/user/1001/podman/podman.sock
|
||||||
|
# Make sure podman looks in the correct runtime dir hierarchy
|
||||||
|
XDG_RUNTIME_DIR: /tmp
|
||||||
|
RUN_ID: ${{ github.run_id }}
|
||||||
|
POSTGRES_IMG_DIGEST: ${{ secrets.POSTGRES_IMG_DIGEST }}
|
||||||
|
RUST_IMG_DIGEST: ${{ secrets.RUST_IMG_DIGEST }}
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- name: Checkout code
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
- name: Verify podman socket
|
|
||||||
|
- name: Verify socket visibility
|
||||||
run: |
|
run: |
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
echo "DOCKER_HOST=${DOCKER_HOST:-}"
|
id -u; id -g
|
||||||
: "${DOCKER_HOST:=unix:///var/run/docker.sock}"
|
ls -ld /run/user/1001/podman
|
||||||
export DOCKER_HOST CONTAINER_HOST="${CONTAINER_HOST:-$DOCKER_HOST}"
|
ls -l /run/user/1001/podman/podman.sock
|
||||||
|
test -S /run/user/1001/podman/podman.sock
|
||||||
|
|
||||||
mkdir -p "${XDG_RUNTIME_DIR:-/tmp/xdg-run}" "${XDG_CONFIG_HOME:-/tmp/.config}"
|
- name: Use host rootless Podman
|
||||||
|
|
||||||
sock="${DOCKER_HOST#unix://}"
|
|
||||||
echo "Using socket: $sock"
|
|
||||||
test -S "$sock" || { echo "missing $sock"; ls -l "$(dirname "$sock")"; exit 1; }
|
|
||||||
# Prefer the remote-only binary and pass the URL explicitly
|
|
||||||
(if command -v podman-remote >/dev/null; then
|
|
||||||
podman-remote --url="$DOCKER_HOST" info
|
|
||||||
else
|
|
||||||
podman --remote --url="$DOCKER_HOST" info
|
|
||||||
fi) | sed -n '1,80p'
|
|
||||||
|
|
||||||
- name: Verify pinned digests
|
|
||||||
run: |
|
run: |
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
for v in RUST_IMG_DIGEST NODE_IMG_DIGEST POSTGRES_IMG_DIGEST; do
|
podman --remote info --format '{{.Host.RemoteSocket.Path}} (remote={{.Host.RemoteSocket.Exists}})'
|
||||||
[ -n "${!v}" ] || { echo "Missing $v"; exit 1; }
|
podman --remote version
|
||||||
echo "${!v}" | grep -Eq '^.+@sha256:[0-9a-f]{64}$' || { echo "$v must be a digest ref"; exit 1; }
|
podman --remote run --rm alpine:3.20 echo "Hello from host rootless Podman!"
|
||||||
done
|
|
||||||
|
|
||||||
- name: Create internal network
|
- name: Create internal network
|
||||||
run: podman --remote network create --internal integ-${{ env.RUN_ID }}
|
run: podman --remote network create --internal integ-${{ env.RUN_ID }}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue