Merge branch 'feature/add-build-type-behavior' into 'main'
fix: add missing build type behavior See merge request qontainers/pipglr!50
This commit is contained in:
Chris Evich
@@ -20,6 +20,10 @@ ADD /root/ /root/
|
||||
ADD /etc/ /etc/
|
||||
ADD /home/ /home/
|
||||
|
||||
# The build type: either `dev` or `prod`
|
||||
# In `dev` mode: the package manager will not be deleted.
|
||||
ARG BUILD_TYPE=prod
|
||||
|
||||
# Allow image-builders to choose another version besides "latest" should
|
||||
# an incompatible change be introduced.
|
||||
ARG RUNNER_VERSION=latest
|
||||
@@ -35,8 +39,10 @@ ARG TARGETARCH=amd64
|
||||
ARG PRUNE_INTERVAL=daily # see systemd.timer for allowable values
|
||||
|
||||
# All-in-one packaging/image-setup script to keep things simple.
|
||||
RUN PRUNE_INTERVAL=${PRUNE_INTERVAL} \
|
||||
RUN \
|
||||
PRUNE_INTERVAL=${PRUNE_INTERVAL} \
|
||||
RUNNER_VERSION=${RUNNER_VERSION} \
|
||||
BUILD_TYPE=${BUILD_TYPE} \
|
||||
bash /root/setup.sh
|
||||
|
||||
VOLUME /cache /home/podman/.local/share/containers
|
||||
|
||||
@@ -33,6 +33,10 @@ function check_vars() {
|
||||
die "Env. variable '$varname' must be non-empty."
|
||||
fi
|
||||
done
|
||||
|
||||
if [[ ! "$BUILD_TYPE" =~ dev|prod ]]; then
|
||||
die "Build type must be 'dev' or 'prod': '$BUILD_TYPE'."
|
||||
fi
|
||||
}
|
||||
|
||||
function main() {
|
||||
@@ -51,6 +55,10 @@ function main() {
|
||||
finalize_ownership
|
||||
}
|
||||
|
||||
function is_release() {
|
||||
[ "$BUILD_TYPE" = "prod" ] || return 1
|
||||
}
|
||||
|
||||
function install_packages() {
|
||||
readarray xpackages < <(grep -vE '^(# )+' </root/xpackages.txt)
|
||||
local exclude_args=()
|
||||
@@ -76,11 +84,9 @@ function install_packages() {
|
||||
--setopt=tsflags=noscripts install \
|
||||
"https://gitlab-runner-downloads.s3.amazonaws.com/$RUNNER_VERSION/rpm/${PACKAGE_FILE}"
|
||||
|
||||
|
||||
# Allow removing dnf, sudo, etc. packages. Also don't start unnecessary or broken
|
||||
# systemd services, like anything kernel related or login gettys.
|
||||
rm -rf \
|
||||
/etc/dnf/protected.d/* \
|
||||
# Also don't start unnecessary or broken
|
||||
# systemd services, like anything kernel related or login gettys.
|
||||
rm -rf \
|
||||
/etc/systemd/system/getty.target.wants/* \
|
||||
/etc/systemd/system/multi-user.target.wants/* \
|
||||
/etc/systemd/system/sysinit.target.wants/* \
|
||||
@@ -96,13 +102,16 @@ rm -rf \
|
||||
# This makes the image smaller and reduces the attack-surface.
|
||||
dnf remove -y "${xpackages[@]}"
|
||||
|
||||
if is_release; then
|
||||
# Wipe out the DNF cache, then remove it entirely, again to make the image smaller.
|
||||
"${dnf[@]}" clean all
|
||||
rm -rf /var/cache/dnf /var/log/dnf* /var/log/yum.*
|
||||
rpm -e dnf
|
||||
fi
|
||||
|
||||
# Workaround base-image failing to confer capabilties properly on
|
||||
# /usr/bin/new{u,g}idmap to `cap_set{u,g}id=ep` in new image layers.
|
||||
# Workaround https://bugzilla.redhat.com/show_bug.cgi?id=1995337
|
||||
# Base-image failing to confer capabilities properly on
|
||||
# /usr/bin/new{u,g}idmap to `cap_set{u,g}id=ep` in new image layers
|
||||
rpm --setcaps shadow-utils
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user