pub/ci-builder
1
0
Fork 0
Code Issues 1 Pull requests Releases Packages 1 Activity Actions
No description
23 commits 1 branch 0 tags 120 KiB
Find a file
Exact
Mooo[bot] a85511762f
Some checks failed
Build and Push Image / build-and-push (push) Failing after 33s
Details
ci(github-action): update action actions/checkout (1af3b93 → 8e8c483)
2025-12-03 01:00:21 +00:00
.claude fix: use Go yq instead of Python yq 2025-11-22 19:23:10 +01:00
.forgejo/workflows ci(github-action): update action actions/checkout (1af3b93 → 8e8c483) 2025-12-03 01:00:21 +00:00
ci feat: add DOCKER_HOST for DinD runner compatibility 2025-11-22 21:30:36 +01:00
.gitignore first commit 2025-11-02 18:11:16 +01:00
build.sh first commit 2025-11-02 18:11:16 +01:00
Dockerfile feat: add DOCKER_HOST for DinD runner compatibility 2025-11-22 21:30:36 +01:00
flake.nix first commit 2025-11-02 18:11:16 +01:00
metadata.yaml first commit 2025-11-02 18:11:16 +01:00
README.md first commit 2025-11-02 18:10:37 +01:00
renovate.json Add renovate.json 2025-11-03 01:00:37 +00:00

README.md

CI Builder Container Image

A GitHub Actions-compatible CI/CD builder image designed for use with Kata Containers and VFS storage driver.

Purpose

This image provides a compatible alternative to ghcr.io/catthehacker/ubuntu:act-latest that works reliably in Kata VM environments with VFS storage driver. It avoids file capability issues (security.capability xattr) that can cause problems with virtiofs in Kata containers.

Base Image

  • Ubuntu 24.04 LTS
  • Inspired by catthehacker/docker_images ubuntu:act-latest
  • Optimized for Kata Containers + VFS compatibility

Included Tools

Build Tools

  • build-essential (gcc, g++, make)
  • cmake, pkg-config, autoconf, automake, libtool
  • git, curl, wget, jq, yq

Language Runtimes

  • Node.js: v22.x LTS
  • Bun: Latest (preferred over npm/pnpm per user config)
  • Python: 3.x with pip and venv
  • Go: 1.24.0
  • Rust: Latest stable with cargo

Container Tools

  • Docker CLI with buildx and compose plugins
  • kubectl (latest stable)
  • Helm 3

Other Tools

  • GitHub CLI (gh)
  • openssh-client
  • sudo, netcat
  • Archive utilities (zip, tar, gzip, etc.)

Key Differences from catthehacker/ubuntu:act-latest

  1. No File Capabilities: Avoids setcap or any file capability configurations that cause xattr issues with VFS
  2. Kata/VFS Compatible: Tested and designed for Kata container + VFS storage driver environments
  3. Optimized Toolchain: Includes Bun (preferred) and modern Go 1.24
  4. Runner User: Includes a runner user (similar to GitHub Actions) with sudo access

Usage

In Forgejo Runners

labels:
  - "ci-builder:docker://code.252.no/pub/ci-builder:latest"

In GitHub Actions / Forgejo Actions

jobs:
  build:
    runs-on: ci-builder
    steps:
      - uses: actions/checkout@v4
      - name: Build
        run: |
          bun install
          bun run build

Local Testing

docker run -it --rm code.252.no/pub/ci-builder:latest

Building

Using Docker

./build.sh

With Nix

nix build .#image
./result | docker load

Push to Registry

PUSH=true ./build.sh

Versioning

Version is defined in ci/metadata.yaml:

appVersion: v1.0.0

Images are tagged with both version and latest:

  • code.252.no/pub/ci-builder:v1.0.0
  • code.252.no/pub/ci-builder:latest

Architecture Notes

Why No File Capabilities?

Kata Containers use virtiofs to share filesystems between host and guest VM. The virtiofs implementation has limitations with extended attributes (xattr), particularly security.capability. Some Docker images (like ubuntu:act-latest) set file capabilities that cause issues:

Error: failed to set extended attribute: operation not supported

This image avoids all file capability settings to ensure compatibility with VFS storage driver in Kata environments.

VFS Storage Driver

The Docker daemon in Kata VMs auto-detects and uses the VFS storage driver. While less efficient than overlay2, VFS is simple and works reliably in virtualized environments where overlay2 may have filesystem compatibility issues.

References