Compare commits
2 Commits
c9460b8ebc
...
fd0c07e954
| Author | SHA1 | Date | |
|---|---|---|---|
| fd0c07e954 | |||
| d3f5e93ad8 |
60
Containerfile
Normal file
60
Containerfile
Normal file
@ -0,0 +1,60 @@
|
||||
# ───────────────────
|
||||
# Stage 1: Base Image
|
||||
# ───────────────────
|
||||
FROM archlinux:base-devel-20250511.0.348143 as base
|
||||
|
||||
ARG DEV_USER=devuser
|
||||
ARG DEV_UID=1001
|
||||
ARG DEV_GID=1001
|
||||
|
||||
# Install all necessary packages and clean up cache
|
||||
RUN pacman -Sy --noconfirm && \
|
||||
pacman -S --noconfirm --needed \
|
||||
base-devel neovim git git-lfs fish tmux \
|
||||
nodejs python podman fzf fd ripgrep jdk-openjdk fisher yazi less \
|
||||
lazygit luarocks python-pynvim npm bash-completion tree-sitter-cli kitty-terminfo \
|
||||
lua51 openssh && \
|
||||
pacman -Scc --noconfirm && \
|
||||
rm -rf /var/cache/pacman/pkg/*
|
||||
|
||||
# Create user/groups as per your script, with -l to avoid system user quirks
|
||||
RUN groupadd -g $DEV_GID $DEV_USER && \
|
||||
groupadd -g 1002 secproc && \
|
||||
useradd -l -ms /bin/fish -G secproc -u $DEV_UID -g $DEV_GID $DEV_USER
|
||||
|
||||
# ────────────────────────
|
||||
# Stage 2: Workspace Image
|
||||
# ────────────────────────
|
||||
FROM base as workspace
|
||||
|
||||
ARG DEV_USER=devuser
|
||||
ARG DEV_UID=1001
|
||||
ARG DEV_GID=1001
|
||||
ARG DEV_HOME=/home/$DEV_USER
|
||||
|
||||
# Use ADD for extracting archives
|
||||
ADD home.tar.gz $DEV_HOME
|
||||
|
||||
# Prepare .ssh and known_hosts, and fix permissions only if dirs exist
|
||||
RUN mkdir -p $DEV_HOME/.ssh && \
|
||||
ssh-keyscan -p 2222 10.88.0.1 >> $DEV_HOME/.ssh/known_hosts && \
|
||||
ssh-keyscan -p 22 github.com >> $DEV_HOME/.ssh/known_hosts && \
|
||||
for d in $DEV_HOME/.local \
|
||||
$DEV_HOME/.config/fish/completions \
|
||||
$DEV_HOME/.config/fish/functions \
|
||||
$DEV_HOME/.config/fish/fish_variables \
|
||||
$DEV_HOME/.ssh; do \
|
||||
if [ -e "$d" ]; then chown -R $DEV_USER:$DEV_USER "$d"; fi; \
|
||||
done && \
|
||||
for d in $DEV_HOME/.local \
|
||||
$DEV_HOME/.config \
|
||||
$DEV_HOME/.config/fish \
|
||||
$DEV_HOME/.config/tmux; do \
|
||||
if [ -e "$d" ]; then chown $DEV_USER:$DEV_USER "$d"; fi; \
|
||||
done
|
||||
|
||||
WORKDIR /app
|
||||
ENV CONTAINER_HOST=unix:///run/podman/podman.sock
|
||||
USER $DEV_USER
|
||||
|
||||
CMD ["/home/devuser/start.sh"]
|
||||
@ -5,14 +5,14 @@ pallav:
|
||||
build:
|
||||
- base
|
||||
- workspace
|
||||
- all
|
||||
update:
|
||||
- base
|
||||
- workspace
|
||||
- access
|
||||
- ssh_router
|
||||
- gitops_router
|
||||
- home_tar
|
||||
- gitconfig
|
||||
- containerfile
|
||||
clean:
|
||||
status:
|
||||
remove:
|
||||
|
||||
@ -1,24 +0,0 @@
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
BASE_IMG_NAME="analytics-backend-base"
|
||||
DEV_USER=devuser
|
||||
DEV_UID=1001
|
||||
DEV_GID=1001
|
||||
|
||||
ctr=$(buildah from archlinux)
|
||||
|
||||
buildah run "$ctr" -- bash -c "
|
||||
pacman -Sy --noconfirm && \
|
||||
pacman -S --noconfirm --needed base-devel neovim git git-lfs fish tmux \
|
||||
nodejs python podman fzf fd ripgrep jdk-openjdk fisher yazi less buildah \
|
||||
lazygit luarocks python-pynvim npm bash-completion tree-sitter-cli kitty-terminfo \
|
||||
lua51 openssh && \
|
||||
pacman -Scc --noconfirm && \
|
||||
groupadd -g $DEV_GID $DEV_USER && \
|
||||
groupadd -g 1002 secproc && \
|
||||
useradd -ms /bin/fish -G secproc -u $DEV_UID -g $DEV_GID $DEV_USER
|
||||
"
|
||||
|
||||
buildah commit "$ctr" $BASE_IMG_NAME
|
||||
echo "✅ $BASE_IMG_NAME built."
|
||||
@ -1,32 +0,0 @@
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
BASE_IMG_NAME="analytics-backend-base"
|
||||
IMG_NAME="analytics-backend-workspace"
|
||||
DEV_USER=devuser
|
||||
DEV_HOME=/home/$DEV_USER
|
||||
|
||||
ctr=$(buildah from "$BASE_IMG_NAME")
|
||||
|
||||
buildah add "$ctr" home.tar.gz $DEV_HOME
|
||||
|
||||
# shellcheck disable=SC2016
|
||||
buildah run "$ctr" -- fish -c '
|
||||
set -gx HOME '"$DEV_HOME"';
|
||||
ssh-keyscan -p 2222 10.88.0.1 >> $HOME/.ssh/known_hosts;
|
||||
ssh-keyscan -p 22 github.com >> $HOME/.ssh/known_hosts;
|
||||
chown -R '"$DEV_USER"':'"$DEV_USER"' $HOME/.local $HOME/.config/fish/completions \
|
||||
$HOME/.config/fish/functions $HOME/.config/fish/fish_variables $HOME/.ssh;
|
||||
chown '"$DEV_USER"':'"$DEV_USER"' $HOME/.config $HOME/.config/fish \
|
||||
$HOME/.config/tmux;
|
||||
'
|
||||
|
||||
buildah config \
|
||||
--user $DEV_USER \
|
||||
--workingdir /app \
|
||||
--env CONTAINER_HOST=unix:///run/podman/podman.sock \
|
||||
--cmd "[\"$DEV_HOME/start.sh\"]" \
|
||||
"$ctr"
|
||||
|
||||
buildah commit "$ctr" $IMG_NAME
|
||||
echo "✅ $IMG_NAME built from $BASE_IMG_NAME."
|
||||
@ -210,15 +210,15 @@ validate_command "$cmd" "${args[@]}"
|
||||
case "$cmd" in
|
||||
build)
|
||||
case "${args[0]}" in
|
||||
base) run build-base.sh ;;
|
||||
workspace) run build-workspace.sh ;;
|
||||
base) podman build --target base -t analytics-backend-base . ;;
|
||||
workspace) podman build --target base -t analytics-backend-base . ;;
|
||||
all) podman build -t analytics-backend-workspace . ;;
|
||||
*) log ERROR "build: invalid arg '${args[0]}'" ;;
|
||||
esac
|
||||
;;
|
||||
update)
|
||||
case "${args[0]}" in
|
||||
base) update build-base.sh .local/bin 500 ;;
|
||||
workspace) update build-workspace.sh .local/bin 500 ;;
|
||||
containerfile) update Containerfile . 500 ;;
|
||||
access) update access.yml . 400 ;;
|
||||
ssh_router) update ssh_router.sh .local/bin 500 ;;
|
||||
gitops_router) update gitops_router.sh .local/bin 500 ;;
|
||||
|
||||
Reference in New Issue
Block a user