diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 8e2b9d6..0308c79 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -69,17 +69,24 @@ jobs: with: repository: voxpupuli/puppet-example + - name: Configure podman + run: | + systemctl start --user podman.socket + echo "DOCKER_HOST=unix:///run/user/$(id -u)/podman/podman.sock" >> "$GITHUB_ENV" + docker save ci/voxbox:${{ matrix.rubygem_puppet }} | podman load + - name: Test container run: | - docker run --rm -v $PWD:/repo:Z ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile -T - docker run --rm -v $PWD:/repo:Z ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile lint - docker run --rm -v $PWD:/repo:Z ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile metadata_lint - docker run --rm -v $PWD:/repo:Z ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile r10k:dependencies - docker run --rm -v $PWD:/repo:Z ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile r10k:syntax - docker run --rm -v $PWD:/repo:Z ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile rubocop - docker run --rm -v $PWD:/repo:Z ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile spec - docker run --rm -v $PWD:/repo:Z ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile strings:validate:reference - docker run --rm -v $PWD:/repo:Z ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile syntax + export PODMAN_OPTIONS="--rm -v $PWD:/repo:Z --userns=keep-id" + podman run $PODMAN_OPTIONS ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile -T + podman run $PODMAN_OPTIONS ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile lint + podman run $PODMAN_OPTIONS ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile metadata_lint + podman run $PODMAN_OPTIONS ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile r10k:dependencies + podman run $PODMAN_OPTIONS ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile r10k:syntax + podman run $PODMAN_OPTIONS ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile rubocop + podman run $PODMAN_OPTIONS ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile spec + podman run $PODMAN_OPTIONS ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile strings:validate:reference + podman run $PODMAN_OPTIONS ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile syntax tests: needs: diff --git a/Containerfile b/Containerfile index c3f56cc..c896809 100644 --- a/Containerfile +++ b/Containerfile @@ -89,15 +89,13 @@ LABEL org.label-schema.maintainer="Voxpupuli Team " \ org.label-schema.dockerfile="/Containerfile" RUN apk update \ - && apk upgrade \ - && apk add openssh-client \ - && apk add gpg \ - && apk add jq \ - && apk add yamllint \ - && apk add git \ - && apk add curl \ - && rm -rf /var/cache/apk/* \ - && rm -rf /usr/local/lib/ruby/gems + && apk upgrade --no-cache --prune \ + && apk add --no-cache openssh-client gpg jq yamllint git curl \ + && addgroup -g 1001 -S voxbox \ + && adduser -u 1001 -S -G voxbox voxbox \ + && rm -rf /usr/local/lib/ruby/gems \ + && mkdir /repo \ + && chown voxbox:voxbox /repo COPY --from=builder /usr/local/lib/ruby/gems /usr/local/lib/ruby/gems COPY --from=builder /usr/local/bundle /usr/local/bundle @@ -105,6 +103,7 @@ COPY Containerfile / COPY voxbox/Rakefile / WORKDIR /repo +USER voxbox ENTRYPOINT [ "rake" ] CMD [ "-f", "/Rakefile", "-T" ]