public/pipglr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update docs and Containerfile to match

Browse Source 
Fully tested README.md instructions end-to-end on F36.

Signed-off-by: Chris Evich <cevich@redhat.com>
This commit is contained in:
Chris Evich
2022-11-22 14:49:25 -05:00
parent 3d6603945d
commit df8f46eb2d
2 changed files with 62 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
Containerfile
View File

@@ -97,6 +97,7 @@ RUN sed -i -r \
chmod +x /usr/local/bin/gitlab-runner-wrapper && \
chmod +x /usr/local/bin/podman-in-podman-maintenance && \
chown -R podman:podman /home/podman && \
chmod u+s /usr/bin/new{uid,gid}map && \
rm -f /home/podman/.bash* && \
echo DOCKER_HOST="unix:///tmp/podman-run-1000/podman/podman.sock" > /etc/profile.d/podman.sh
@@ -113,7 +114,8 @@ RUN mkdir -p .local/share/containers/storage
# Gitlab-runner configuration options. Default to unprivileged (nested)
# runner. Privileged is required to permit nested container image building.
ARG RUNNER_NAME="qontainers-pipglr"
ARG PRIVILEGED_RUNNER="false"
# Running inner-podman privileged is necessary at the time of this commit.
ARG PRIVILEGED_RUNNER="true"
# Tags allow pinning jobs to specific runners, comma-separated list of
# tags to add to runner (no spaces!)
ARG RUNNER_TAGS="podman-in-podman"
@@ -132,15 +134,16 @@ ENV REGISTER_NON_INTERACTIVE="true" \
DOCKER_HOST="unix:///tmp/podman-run-1000/podman/podman.sock" \
DOCKER_DEVICES="/dev/fuse" \
DOCKER_IMAGE="registry.fedoraproject.org/fedora-minimal:latest" \
DOCKER_CACHE_DIR="/home/podman/.cache/gitlab-runner" \
DOCKER_CACHE_DIR="/cache" \
DOCKER_VOLUMES="/cache" \
DOCKER_NETWORK_MODE="host" \
DOCKER_PRIVILEGED="$PRIVILEGED_RUNNER"
# Not a real build-arg. Simply here to save lots of typing.
ARG _pm="--systemd=true --device=/dev/fuse --security-opt label=disable --user podman --volume pipglr-podman-root:/home/podman/.local/share/containers/storage:Z --volume pipglr-runner-config:/home/podman/.gitlab-runner:Z -e PODMAN_RUNNER_DEBUG -e LOG_LEVEL"
ARG _pm="--systemd=true --device=/dev/fuse --security-opt label=disable --user podman --volume pipglr-podman-root:/home/podman/.local/share/containers/storage --volume pipglr-config:/home/podman/.gitlab-runner -v pipglr-podman-cache:/cache -e PODMAN_RUNNER_DEBUG -e LOG_LEVEL"
# These labels simply make it easier to register and execute the runner.
# Define them last so they are absent should a image-build failure occur.
LABEL register="podman run -it --rm $_pm --secret REGISTRATION_TOKEN,type=env \$IMAGE register"
# Note: Privileged mode is required to permit building container images with inner-podman
LABEL run="podman run -d --rm --privileged --name gitlab-runner $_pm \$IMAGE run"
LABEL run="podman run -d --privileged --name pipglr $_pm \$IMAGE run"