bastian/deploy_home
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a30ff9b1653b07f98b96681de107af79ba3e702b
deploy_home/ansible/roles/gitea-actions/templates/Containerfile.ci
T
Bastian de Byl a30ff9b165 gitea-actions: add ARM/Python CI deps and SSH bind-mount for submodule clones 
- Containerfile.ci: add python3-yaml + python3-jinja2 and the
  gcc-arm-none-eabi / binutils / libnewlib toolchain for embedded builds
- bind-mount the runner's SSH key + known_hosts read-only into each job
  container at /root/.ssh so submodule clones over
  ssh://git@git.skudak.com:2222 succeed; staged as a dedicated
  container_file_t-labelled ci-ssh copy (tasks/user.yml) and allowlisted
  via valid_volumes (config.yaml.j2)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-14 10:19:45 -04:00

36 lines
1.7 KiB
Docker
Raw Blame History

# Default Gitea Actions job image (managed by ansible: roles/gitea-actions).
# Covers Go/web/node jobs plus `docker build` (talks to the mounted rootless
# podman socket). Go toolchains are provided per-job by actions/setup-go.
FROM node:20-bookworm-slim
ARG DOCKER_CLI_VERSION=27.3.1
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates curl git openssh-client make build-essential \
python3 python3-pip python3-yaml python3-jinja2 jq zip unzip \
gcc-arm-none-eabi binutils-arm-none-eabi libnewlib-arm-none-eabi \
&& rm -rf /var/lib/apt/lists/*
# Static docker client (no daemon) for jobs that run `docker build` against the
# mounted podman socket (/var/run/docker.sock).
RUN curl -fsSL "https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_CLI_VERSION}.tgz" \
| tar -xz -C /tmp \
&& install -m0755 /tmp/docker/docker /usr/local/bin/docker \
&& rm -rf /tmp/docker
# AWS CLI v2 — several workflows upload artifacts / deploy Lambda.
RUN curl -fsSL "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o /tmp/awscliv2.zip \
&& unzip -q /tmp/awscliv2.zip -d /tmp \
&& /tmp/aws/install \
&& rm -rf /tmp/aws /tmp/awscliv2.zip
# Terraform via tfenv — workflows can pin a version with a .terraform-version
# file (or TFENV_TERRAFORM_VERSION); the image ships "latest" as the default.
ENV TFENV_ROOT=/opt/tfenv
ARG TFENV_TERRAFORM_VERSION=latest
RUN git clone --depth=1 https://github.com/tfutils/tfenv.git "${TFENV_ROOT}" \
&& ln -s "${TFENV_ROOT}/bin/tfenv" /usr/local/bin/tfenv \
&& ln -s "${TFENV_ROOT}/bin/terraform" /usr/local/bin/terraform \
&& tfenv install "${TFENV_TERRAFORM_VERSION}" \
&& tfenv use "${TFENV_TERRAFORM_VERSION}"
Reference in New Issue View Git Blame Copy Permalink