- Improve the build of the image by introducing `build.sh`.
It can be used with `podman` or `buildah` and
also provides a way of building a `dev` or `prod`
image for development purposes by
`build.sh [dev|prod]`.
- CI runs this script as well with `buildah`.
Signed-off-by: Gabriel Nützi <gnuetzi@gmail.com>
When the `Containerfile` `ADD` instruction runs against files from a git
repository, it's easily possible the permissions will be incorrect
inside the container. Because systemd configuration and units are
rather important, update the setup script to ensure they're always set
correctly.
Signed-off-by: Chris Evich <cevich@redhat.com>
For whatever reason the `docker`/`linux` tags do not appear in the list
of public runners. Update to values actually present, guessing at their
meaning.
Signed-off-by: Chris Evich <cevich@redhat.com>
- The setup script has been broken up into function calls
to improve readability and further maintenance.
Also its beneficial for other derivations with different
base OS.
Signed-off-by: Gabriel Nützi <gnuetzi@gmail.com>
When FIPS is available on the host system, we should download the FIPS
binary for `gitlab-runner` by default. Users who do not want the FIPS
binary for some reason can use the non-FIPS binary by setting the
`ENABLE_FIPS` build-arg to `false`.
as default container tag name for uploading, because branch names can
includes characters that aren't valid for tags (such as '/').
Signed-off-by: Andreas Hartmann <hartan@7x.de>
from user slices and set the default task limit to infinity. Previously,
the task limit on the `user-*.slice` units was 675, which can become a
problem in CI jobs that fork a lot, causing spurious CI failures.
Signed-off-by: Andreas Hartmann <hartan@7x.de>
to make it plain where each file belongs in the containers file system
and to simplify the `ADD` directives in the Containerfile.
Signed-off-by: Andreas Hartmann <hartan@7x.de>
For normal operations, the `runner` user's `.gitlab-runner` directory
has a symlink for (read-only) `config.toml` ->
`/var/run/secrets/config.toml`. However, for during registration
attempts to write to this volume-mounted file result in a
`PANIC: write: permission denied` error. Fix this by running the
registration as (namespaced) `root` user, and using the default config.
file location of `/etc/gitlab-runner`.
Signed-off-by: Chris Evich <cevich@redhat.com>
The README did not make it clear enough that a blank `config.toml` file
needs to be pre-created before runner registration. Otherwise the
`register` *runlabel* will silently fail to bind-mount the file into the
proper location inside the container.
While we're at it, also add a small example of why it may be a good idea
to edit the `config.toml` file before commiting it as a secret.
Signed-off-by: Chris Evich <cevich@redhat.com>
