fix: add missing build type behavior

- Add argument to container file.

Signed-off-by: Gabriel Nützi <gnuetzi@gmail.com>

Containerfile

@@ -20,6 +20,10 @@ ADD /root/ /root/
 ADD /etc/ /etc/
 ADD /home/ /home/
 
+# The build type: either `dev` or `prod`
+# In `dev` mode: the package manager will not be deleted.
+ARG BUILD_TYPE=prod
+
 # Allow image-builders to choose another version besides "latest" should
 # an incompatible change be introduced.
 ARG RUNNER_VERSION=latest
@@ -35,9 +39,11 @@ ARG TARGETARCH=amd64
 ARG PRUNE_INTERVAL=daily  # see systemd.timer for allowable values
 
 # All-in-one packaging/image-setup script to keep things simple.
-RUN PRUNE_INTERVAL=${PRUNE_INTERVAL} \
-    RUNNER_VERSION=${RUNNER_VERSION} \
-    bash /root/setup.sh
+RUN \
+ PRUNE_INTERVAL=${PRUNE_INTERVAL} \
+ RUNNER_VERSION=${RUNNER_VERSION} \
+ BUILD_TYPE=${BUILD_TYPE} \
+ bash /root/setup.sh
 
 VOLUME /cache /home/podman/.local/share/containers
 ENTRYPOINT /lib/systemd/systemd

root/setup.sh

@@ -33,6 +33,10 @@ function check_vars() {
       die "Env. variable '$varname' must be non-empty."
     fi
   done
+
+  if [[ ! "$BUILD_TYPE" =~ dev|prod ]]; then
+    die "Build type must be 'dev' or 'prod': '$BUILD_TYPE'."
+  fi
 }
 
 function main() {
@@ -51,6 +55,10 @@ function main() {
   finalize_ownership
 }
 
+function is_release() {
+  [ "$BUILD_TYPE" = "prod" ] || return 1
+}
+
 function install_packages() {
   readarray xpackages < <(grep -vE '^(# )+' </root/xpackages.txt)
   local exclude_args=()
@@ -76,18 +84,16 @@ function install_packages() {
     --setopt=tsflags=noscripts install \
     "https://gitlab-runner-downloads.s3.amazonaws.com/$RUNNER_VERSION/rpm/${PACKAGE_FILE}"
 
-
-# Allow removing dnf, sudo, etc. packages.  Also don't start unnecessary or broken
-# systemd services, like anything kernel related or login gettys.
-rm -rf \
-  /etc/dnf/protected.d/* \
-  /etc/systemd/system/getty.target.wants/* \
-  /etc/systemd/system/multi-user.target.wants/* \
-  /etc/systemd/system/sysinit.target.wants/* \
-  /etc/systemd/system/timers.target.wants/* \
-  /lib/systemd/system/graphical.target.wants/* \
-  /lib/systemd/system/multi-user.target.wants/{getty.target,systemd-ask-password-wall.path} \
-  /lib/systemd/system/sys-kernel*.mount
+  # Also don't start unnecessary or broken
+  # systemd services, like anything kernel related or login gettys.
+  rm -rf \
+    /etc/systemd/system/getty.target.wants/* \
+    /etc/systemd/system/multi-user.target.wants/* \
+    /etc/systemd/system/sysinit.target.wants/* \
+    /etc/systemd/system/timers.target.wants/* \
+    /lib/systemd/system/graphical.target.wants/* \
+    /lib/systemd/system/multi-user.target.wants/{getty.target,systemd-ask-password-wall.path} \
+    /lib/systemd/system/sys-kernel*.mount
 
   # Allow removing dnf, sudo, etc. packages.
   rm -rf \
@@ -96,13 +102,16 @@ rm -rf \
   # This makes the image smaller and reduces the attack-surface.
   dnf remove -y "${xpackages[@]}"
 
-  # Wipe out the DNF cache, then remove it entirely, again to make the image smaller.
-  "${dnf[@]}" clean all
-  rm -rf /var/cache/dnf /var/log/dnf* /var/log/yum.*
-  rpm -e dnf
+  if is_release; then
+    # Wipe out the DNF cache, then remove it entirely, again to make the image smaller.
+    "${dnf[@]}" clean all
+    rm -rf /var/cache/dnf /var/log/dnf* /var/log/yum.*
+    rpm -e dnf
+  fi
 
-  # Workaround base-image failing to confer capabilties properly on
-  # /usr/bin/new{u,g}idmap to `cap_set{u,g}id=ep` in new image layers.
+  # Workaround https://bugzilla.redhat.com/show_bug.cgi?id=1995337
+  # Base-image failing to confer capabilities properly on
+  # /usr/bin/new{u,g}idmap to `cap_set{u,g}id=ep` in new image layers
   rpm --setcaps shadow-utils
 }