diff --git a/.forgejo/workflows/ci.yml b/.forgejo/workflows/ci.yml index 3164fb2..21951b3 100644 --- a/.forgejo/workflows/ci.yml +++ b/.forgejo/workflows/ci.yml @@ -23,33 +23,23 @@ env: RUST_IMG_DIGEST: ${{ secrets.RUST_IMG_DIGEST }} # e.g., docker.io/library/rust@sha256:... NODE_IMG_DIGEST: ${{ secrets.NODE_IMG_DIGEST }} # e.g., docker.io/library/node@sha256:... POSTGRES_IMG_DIGEST: ${{ secrets.POSTGRES_IMG_DIGEST }} # e.g., docker.io/library/postgres@sha256:... - PODMAN_CLIENT_IMG_DIGEST: quay.io/podman/stable:latest + PODMAN_CLIENT_IMG_DIGEST: git.gcdo.org/devteam/sharenet/ci-node-podman@sha256:bf88e3a80ee7ba0ab9e2d73335a820d63bf0e62a0293414b4e09ab4fd63e6134 jobs: test-backend: runs-on: [ci] container: - image: ghcr.io/catthehacker/ubuntu:act-22.04 - # you can keep these, but the host-level volumes stanza already mounts the socket: + image: git.gcdo.org/devteam/sharenet/ci-node-podman@sha256:bf88e3a80ee7ba0ab9e2d73335a820d63bf0e62a0293414b4e09ab4fd63e6134 options: >- -v /run/user/999/podman:/run/user/999/podman:rw -e XDG_RUNTIME_DIR=/run/user/999 - env: - CONTAINER_HOST: unix:///run/user/999/podman/podman.sock steps: - - name: Install Podman client - env: { DEBIAN_FRONTEND: noninteractive } - run: | - apt-get update - apt-get install -y --no-install-recommends podman jq - uses: actions/checkout@v4 - - - name: Verify runner wiring to Podman - run: | + - run: | + node -v podman --version - test -S "/run/user/999/podman/podman.sock" || { echo "Missing socket /run/user/999/podman/podman.sock"; exit 1; } - # Optional: sanity poke of the service via PiP later + test -S /run/user/999/podman/podman.sock - name: Network/DNS sanity from job container run: | @@ -147,26 +137,16 @@ jobs: needs: test-backend container: - image: ghcr.io/catthehacker/ubuntu:act-22.04 - # you can keep these, but the host-level volumes stanza already mounts the socket: + image: git.gcdo.org/devteam/sharenet/ci-node-podman@sha256:bf88e3a80ee7ba0ab9e2d73335a820d63bf0e62a0293414b4e09ab4fd63e6134 options: >- -v /run/user/999/podman:/run/user/999/podman:rw -e XDG_RUNTIME_DIR=/run/user/999 - env: - CONTAINER_HOST: unix:///run/user/999/podman/podman.sock steps: - - name: Install Podman client - env: { DEBIAN_FRONTEND: noninteractive } - run: | - apt-get update - apt-get install -y --no-install-recommends podman jq - uses: actions/checkout@v4 - - - name: Verify runner wiring to Podman - run: | + - run: | + node -v podman --version - test -S "/run/user/999/podman/podman.sock" || { echo "Missing socket /run/user/999/podman/podman.sock"; exit 1; } - # Optional: sanity poke of the service via PiP later + test -S /run/user/999/podman/podman.sock - name: Verify pinned digests provided run: | @@ -216,26 +196,16 @@ jobs: needs: test-frontend container: - image: ghcr.io/catthehacker/ubuntu:act-22.04 - # you can keep these, but the host-level volumes stanza already mounts the socket: + image: git.gcdo.org/devteam/sharenet/ci-node-podman@sha256:bf88e3a80ee7ba0ab9e2d73335a820d63bf0e62a0293414b4e09ab4fd63e6134 options: >- -v /run/user/999/podman:/run/user/999/podman:rw -e XDG_RUNTIME_DIR=/run/user/999 - env: - CONTAINER_HOST: unix:///run/user/999/podman/podman.sock steps: - - name: Install Podman client - env: { DEBIAN_FRONTEND: noninteractive } - run: | - apt-get update - apt-get install -y --no-install-recommends podman jq - uses: actions/checkout@v4 - - - name: Verify runner wiring to Podman - run: | + - run: | + node -v podman --version - test -S "/run/user/999/podman/podman.sock" || { echo "Missing socket /run/user/999/podman/podman.sock"; exit 1; } - # Optional: sanity poke of the service via PiP later + test -S /run/user/999/podman/podman.sock - name: Setup ephemeral PiP container env: @@ -294,26 +264,16 @@ jobs: needs: test-frontend container: - image: ghcr.io/catthehacker/ubuntu:act-22.04 - # you can keep these, but the host-level volumes stanza already mounts the socket: + image: git.gcdo.org/devteam/sharenet/ci-node-podman@sha256:bf88e3a80ee7ba0ab9e2d73335a820d63bf0e62a0293414b4e09ab4fd63e6134 options: >- -v /run/user/999/podman:/run/user/999/podman:rw -e XDG_RUNTIME_DIR=/run/user/999 - env: - CONTAINER_HOST: unix:///run/user/999/podman/podman.sock steps: - - name: Install Podman client - env: { DEBIAN_FRONTEND: noninteractive } - run: | - apt-get update - apt-get install -y --no-install-recommends podman jq - uses: actions/checkout@v4 - - - name: Verify runner wiring to Podman - run: | + - run: | + node -v podman --version - test -S "/run/user/999/podman/podman.sock" || { echo "Missing socket /run/user/999/podman/podman.sock"; exit 1; } - # Optional: sanity poke of the service via PiP later + test -S /run/user/999/podman/podman.sock - name: Setup ephemeral PiP container env: @@ -373,25 +333,16 @@ jobs: if: success() container: - image: ghcr.io/catthehacker/ubuntu:act-22.04 - # you can keep these, but the host-level volumes stanza already mounts the socket: + image: git.gcdo.org/devteam/sharenet/ci-node-podman@sha256:bf88e3a80ee7ba0ab9e2d73335a820d63bf0e62a0293414b4e09ab4fd63e6134 options: >- -v /run/user/999/podman:/run/user/999/podman:rw -e XDG_RUNTIME_DIR=/run/user/999 - env: - CONTAINER_HOST: unix:///run/user/999/podman/podman.sock steps: - - name: Install Podman client - env: { DEBIAN_FRONTEND: noninteractive } - run: | - apt-get update - apt-get install -y --no-install-recommends podman jq - uses: actions/checkout@v4 - - - name: Verify Podman in job container - run: | + - run: | + node -v podman --version - podman info --log-level=error >/dev/null + test -S /run/user/999/podman/podman.sock # Your prod-pod.yml uses ${REGISTRY_HOST}, but the workflow defines REGISTRY. # Export a one-off alias so templating resolves.