test on ci.yml
This commit is contained in:
parent
7510dbb77c
commit
3e23338255
1 changed files with 26 additions and 41 deletions
|
|
@ -1,54 +1,39 @@
|
|||
name: CI/CD Pipeline with Direct Podman Access
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [main]
|
||||
pull_request:
|
||||
branches: [main]
|
||||
|
||||
env:
|
||||
REGISTRY: ${{ secrets.REGISTRY_HOST }}
|
||||
APP_NAME: ${{ secrets.APP_NAME }}
|
||||
IMAGE_TAG: ${{ github.sha }}
|
||||
RUN_ID: ${{ github.run_id }}
|
||||
RUST_IMG_DIGEST: ${{ secrets.RUST_IMG_DIGEST }}
|
||||
NODE_IMG_DIGEST: ${{ secrets.NODE_IMG_DIGEST }}
|
||||
POSTGRES_IMG_DIGEST: ${{ secrets.POSTGRES_IMG_DIGEST }}
|
||||
name: Podman Rootless Demo
|
||||
on: [push, pull_request]
|
||||
|
||||
jobs:
|
||||
test-backend:
|
||||
runs-on: [ci]
|
||||
container:
|
||||
image: git.gcdo.org/devteam/sharenet/ci-node-podman@sha256:eb0d942bd9a8cc69c63eb9ccf3877703898d676d0268cf379defdcda7e55f37f
|
||||
|
||||
# Point all steps at the host's rootless Podman socket
|
||||
env:
|
||||
# Point the client at the mounted socket
|
||||
CONTAINER_HOST: unix:///run/user/1001/podman/podman.sock
|
||||
# Make sure podman looks in the correct runtime dir hierarchy
|
||||
XDG_RUNTIME_DIR: /tmp
|
||||
RUN_ID: ${{ github.run_id }}
|
||||
POSTGRES_IMG_DIGEST: ${{ secrets.POSTGRES_IMG_DIGEST }}
|
||||
RUST_IMG_DIGEST: ${{ secrets.RUST_IMG_DIGEST }}
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Verify podman socket
|
||||
|
||||
- name: Verify socket visibility
|
||||
run: |
|
||||
set -euo pipefail
|
||||
echo "DOCKER_HOST=${DOCKER_HOST:-}"
|
||||
: "${DOCKER_HOST:=unix:///var/run/docker.sock}"
|
||||
export DOCKER_HOST CONTAINER_HOST="${CONTAINER_HOST:-$DOCKER_HOST}"
|
||||
id -u; id -g
|
||||
ls -ld /run/user/1001/podman
|
||||
ls -l /run/user/1001/podman/podman.sock
|
||||
test -S /run/user/1001/podman/podman.sock
|
||||
|
||||
mkdir -p "${XDG_RUNTIME_DIR:-/tmp/xdg-run}" "${XDG_CONFIG_HOME:-/tmp/.config}"
|
||||
|
||||
sock="${DOCKER_HOST#unix://}"
|
||||
echo "Using socket: $sock"
|
||||
test -S "$sock" || { echo "missing $sock"; ls -l "$(dirname "$sock")"; exit 1; }
|
||||
# Prefer the remote-only binary and pass the URL explicitly
|
||||
(if command -v podman-remote >/dev/null; then
|
||||
podman-remote --url="$DOCKER_HOST" info
|
||||
else
|
||||
podman --remote --url="$DOCKER_HOST" info
|
||||
fi) | sed -n '1,80p'
|
||||
|
||||
- name: Verify pinned digests
|
||||
- name: Use host rootless Podman
|
||||
run: |
|
||||
set -euo pipefail
|
||||
for v in RUST_IMG_DIGEST NODE_IMG_DIGEST POSTGRES_IMG_DIGEST; do
|
||||
[ -n "${!v}" ] || { echo "Missing $v"; exit 1; }
|
||||
echo "${!v}" | grep -Eq '^.+@sha256:[0-9a-f]{64}$' || { echo "$v must be a digest ref"; exit 1; }
|
||||
done
|
||||
podman --remote info --format '{{.Host.RemoteSocket.Path}} (remote={{.Host.RemoteSocket.Exists}})'
|
||||
podman --remote version
|
||||
podman --remote run --rm alpine:3.20 echo "Hello from host rootless Podman!"
|
||||
|
||||
- name: Create internal network
|
||||
run: podman --remote network create --internal integ-${{ env.RUN_ID }}
|
||||
|
|
@ -86,4 +71,4 @@ jobs:
|
|||
if: always()
|
||||
run: |
|
||||
podman --remote rm -f test-postgres-${{ env.RUN_ID }} 2>/dev/null || true
|
||||
podman --remote network rm integ-${{ env.RUN_ID }} 2>/dev/null || true
|
||||
podman --remote network rm integ-${{ env.RUN_ID }} 2>/dev/null || true
|
||||
Loading…
Add table
Reference in a new issue