devteam/sharenet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use prebuilt Node+podman CI image in workflow
Some checks failed
CI/CD Pipeline with Secure Ephemeral PiP / test-backend (push) Failing after 34s
Details
CI/CD Pipeline with Secure Ephemeral PiP / test-frontend (push) Has been skipped
Details
CI/CD Pipeline with Secure Ephemeral PiP / build-backend (push) Has been skipped
Details
CI/CD Pipeline with Secure Ephemeral PiP / build-frontend (push) Has been skipped
Details
CI/CD Pipeline with Secure Ephemeral PiP / deploy-prod (push) Has been skipped
Details

Browse source
This commit is contained in:
continuist 2025-09-12 15:19:37 -04:00
parent 0c6362b1e3
commit b4f92559b4
1 changed files with 21 additions and 70 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

91
.forgejo/workflows/ci.yml
View file

@ -23,33 +23,23 @@ env:
RUST_IMG_DIGEST: ${{ secrets.RUST_IMG_DIGEST }} # e.g., docker.io/library/rust@sha256:... RUST_IMG_DIGEST: ${{ secrets.RUST_IMG_DIGEST }} # e.g., docker.io/library/rust@sha256:...
NODE_IMG_DIGEST: ${{ secrets.NODE_IMG_DIGEST }} # e.g., docker.io/library/node@sha256:... NODE_IMG_DIGEST: ${{ secrets.NODE_IMG_DIGEST }} # e.g., docker.io/library/node@sha256:...
POSTGRES_IMG_DIGEST: ${{ secrets.POSTGRES_IMG_DIGEST }} # e.g., docker.io/library/postgres@sha256:... POSTGRES_IMG_DIGEST: ${{ secrets.POSTGRES_IMG_DIGEST }} # e.g., docker.io/library/postgres@sha256:...
PODMAN_CLIENT_IMG_DIGEST: quay.io/podman/stable:latest PODMAN_CLIENT_IMG_DIGEST: git.gcdo.org/devteam/sharenet/ci-node-podman@sha256:bf88e3a80ee7ba0ab9e2d73335a820d63bf0e62a0293414b4e09ab4fd63e6134
jobs: jobs:
test-backend: test-backend:
runs-on: [ci] runs-on: [ci]
container: container:
image: ghcr.io/catthehacker/ubuntu:act-22.04 image: git.gcdo.org/devteam/sharenet/ci-node-podman@sha256:bf88e3a80ee7ba0ab9e2d73335a820d63bf0e62a0293414b4e09ab4fd63e6134
# you can keep these, but the host-level volumes stanza already mounts the socket:
options: >- options: >-
-v /run/user/999/podman:/run/user/999/podman:rw -v /run/user/999/podman:/run/user/999/podman:rw
-e XDG_RUNTIME_DIR=/run/user/999 -e XDG_RUNTIME_DIR=/run/user/999
env:
CONTAINER_HOST: unix:///run/user/999/podman/podman.sock
steps: steps:
- name: Install Podman client
env: { DEBIAN_FRONTEND: noninteractive }
run: |
apt-get update
apt-get install -y --no-install-recommends podman jq
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- run: |
- name: Verify runner wiring to Podman node -v
run: |
podman --version podman --version
test -S "/run/user/999/podman/podman.sock" || { echo "Missing socket /run/user/999/podman/podman.sock"; exit 1; } test -S /run/user/999/podman/podman.sock
# Optional: sanity poke of the service via PiP later
- name: Network/DNS sanity from job container - name: Network/DNS sanity from job container
run: | run: |
@ -147,26 +137,16 @@ jobs:
needs: test-backend needs: test-backend
container: container:
image: ghcr.io/catthehacker/ubuntu:act-22.04 image: git.gcdo.org/devteam/sharenet/ci-node-podman@sha256:bf88e3a80ee7ba0ab9e2d73335a820d63bf0e62a0293414b4e09ab4fd63e6134
# you can keep these, but the host-level volumes stanza already mounts the socket:
options: >- options: >-
-v /run/user/999/podman:/run/user/999/podman:rw -v /run/user/999/podman:/run/user/999/podman:rw
-e XDG_RUNTIME_DIR=/run/user/999 -e XDG_RUNTIME_DIR=/run/user/999
env:
CONTAINER_HOST: unix:///run/user/999/podman/podman.sock
steps: steps:
- name: Install Podman client
env: { DEBIAN_FRONTEND: noninteractive }
run: |
apt-get update
apt-get install -y --no-install-recommends podman jq
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- run: |
- name: Verify runner wiring to Podman node -v
run: |
podman --version podman --version
test -S "/run/user/999/podman/podman.sock" || { echo "Missing socket /run/user/999/podman/podman.sock"; exit 1; } test -S /run/user/999/podman/podman.sock
# Optional: sanity poke of the service via PiP later
- name: Verify pinned digests provided - name: Verify pinned digests provided
run: | run: |
@ -216,26 +196,16 @@ jobs:
needs: test-frontend needs: test-frontend
container: container:
image: ghcr.io/catthehacker/ubuntu:act-22.04 image: git.gcdo.org/devteam/sharenet/ci-node-podman@sha256:bf88e3a80ee7ba0ab9e2d73335a820d63bf0e62a0293414b4e09ab4fd63e6134
# you can keep these, but the host-level volumes stanza already mounts the socket:
options: >- options: >-
-v /run/user/999/podman:/run/user/999/podman:rw -v /run/user/999/podman:/run/user/999/podman:rw
-e XDG_RUNTIME_DIR=/run/user/999 -e XDG_RUNTIME_DIR=/run/user/999
env:
CONTAINER_HOST: unix:///run/user/999/podman/podman.sock
steps: steps:
- name: Install Podman client
env: { DEBIAN_FRONTEND: noninteractive }
run: |
apt-get update
apt-get install -y --no-install-recommends podman jq
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- run: |
- name: Verify runner wiring to Podman node -v
run: |
podman --version podman --version
test -S "/run/user/999/podman/podman.sock" || { echo "Missing socket /run/user/999/podman/podman.sock"; exit 1; } test -S /run/user/999/podman/podman.sock
# Optional: sanity poke of the service via PiP later
- name: Setup ephemeral PiP container - name: Setup ephemeral PiP container
env: env:
@ -294,26 +264,16 @@ jobs:
needs: test-frontend needs: test-frontend
container: container:
image: ghcr.io/catthehacker/ubuntu:act-22.04 image: git.gcdo.org/devteam/sharenet/ci-node-podman@sha256:bf88e3a80ee7ba0ab9e2d73335a820d63bf0e62a0293414b4e09ab4fd63e6134
# you can keep these, but the host-level volumes stanza already mounts the socket:
options: >- options: >-
-v /run/user/999/podman:/run/user/999/podman:rw -v /run/user/999/podman:/run/user/999/podman:rw
-e XDG_RUNTIME_DIR=/run/user/999 -e XDG_RUNTIME_DIR=/run/user/999
env:
CONTAINER_HOST: unix:///run/user/999/podman/podman.sock
steps: steps:
- name: Install Podman client
env: { DEBIAN_FRONTEND: noninteractive }
run: |
apt-get update
apt-get install -y --no-install-recommends podman jq
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- run: |
- name: Verify runner wiring to Podman node -v
run: |
podman --version podman --version
test -S "/run/user/999/podman/podman.sock" || { echo "Missing socket /run/user/999/podman/podman.sock"; exit 1; } test -S /run/user/999/podman/podman.sock
# Optional: sanity poke of the service via PiP later
- name: Setup ephemeral PiP container - name: Setup ephemeral PiP container
env: env:
@ -373,25 +333,16 @@ jobs:
if: success() if: success()
container: container:
image: ghcr.io/catthehacker/ubuntu:act-22.04 image: git.gcdo.org/devteam/sharenet/ci-node-podman@sha256:bf88e3a80ee7ba0ab9e2d73335a820d63bf0e62a0293414b4e09ab4fd63e6134
# you can keep these, but the host-level volumes stanza already mounts the socket:
options: >- options: >-
-v /run/user/999/podman:/run/user/999/podman:rw -v /run/user/999/podman:/run/user/999/podman:rw
-e XDG_RUNTIME_DIR=/run/user/999 -e XDG_RUNTIME_DIR=/run/user/999
env:
CONTAINER_HOST: unix:///run/user/999/podman/podman.sock
steps: steps:
- name: Install Podman client
env: { DEBIAN_FRONTEND: noninteractive }
run: |
apt-get update
apt-get install -y --no-install-recommends podman jq
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- run: |
- name: Verify Podman in job container node -v
run: |
podman --version podman --version
podman info --log-level=error >/dev/null test -S /run/user/999/podman/podman.sock
# Your prod-pod.yml uses ${REGISTRY_HOST}, but the workflow defines REGISTRY. # Your prod-pod.yml uses ${REGISTRY_HOST}, but the workflow defines REGISTRY.
# Export a one-off alias so templating resolves. # Export a one-off alias so templating resolves.