chore: update readme
This commit is contained in:
parent
f48bbcb62c
commit
c9af03a8d0
SSH key fingerprint:
SHA256:1LWgQT3QPHIT29plS8jjXc3S1FcE/4oGvsx3Efxs6Uc
5 changed files with 9 additions and 66 deletions
18
README.org
18
README.org
|
|
@ -21,9 +21,10 @@
|
|||
|
||||
** Available Images
|
||||
|
||||
| Container | Channel | Image |
|
||||
|-------------------------------------------+---------------------+------------------------------------------------|
|
||||
|[[https://code.252.no/https:/pkgs/container/forgejo-runner-stable][forgejo-runner-stable]] | stable | code.252.no/https:/forgejo-runner-stable |
|
||||
| Container | Status | |
|
||||
|-----------------------------------------------------------------------------------------------+-------- +-----------------------------------------|
|
||||
| [[https://code.252.no/tommy/-/packages/container/flakes-action/latest][flakes-action-latest]] | 🚧 | code.252.no/https:/flakes-action-latest |
|
||||
| [[https://code.252.no/tommy/-/packages/container/kaniko/v24.10.01][kaniko-v24.10.01]] | 🚧 | code.252.no/https:/flakes-action-latest |
|
||||
|
||||
|
||||
** Container Rules
|
||||
|
|
@ -41,8 +42,7 @@ Containers in this project should be useful in Kubernetes. They will be:
|
|||
|
||||
Additionally I may in the future support:
|
||||
|
||||
- [[https://www.docker.com/blog/multi-arch-build-and-images-the-simple-way/][multiple architecture]]. For now containers are
|
||||
generated for amd64
|
||||
- [[https://www.docker.com/blog/multi-arch-build-and-images-the-simple-way/][multiple architecture]]. For now containers are generated for amd64
|
||||
|
||||
|
||||
** Tag immutability
|
||||
|
|
@ -57,8 +57,8 @@ The schema used is: =YYYY.MM.Minor@sha256:digest=. This is not as pretty, but fu
|
|||
|
||||
| Container | Immutable |
|
||||
|------------------------------------------------------------------------+-----------|
|
||||
| =code.252.no/tommy/containers/forgejo-runner:v24.10.1= | ❌ |
|
||||
| =code.252.no/tommy/containers/forgejo-runner:v24.10.1@sha256:1234...= | ✅ |
|
||||
| =code.252.no/tommy/containers/flakes-action:v24.10.1= | ❌ |
|
||||
| =code.252.no/tommy/containers/flakes-action:v24.10.1@sha256:1234...= | ✅ |
|
||||
|
||||
|
||||
|
||||
|
|
@ -68,7 +68,7 @@ In Kubernetes we assume that you have pod-security.kubernetes.io/enforce set to
|
|||
[[https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted][restricted]]. There may be
|
||||
some exceptions to this if the container actually requires more privileges.
|
||||
|
||||
E.g. for the =forgejo-runner=, which runs as user ID =1000=, this means that the following settings should be
|
||||
E.g. for the =flakes-action=, which runs as user ID =1000=, this means that the following settings should be
|
||||
used for the pod (all containers in a pod):
|
||||
|
||||
#+begin_src yaml
|
||||
|
|
@ -85,7 +85,7 @@ For a container this means:
|
|||
spec:
|
||||
[...]
|
||||
containers:
|
||||
- name: forgejo-runner
|
||||
- name: flakes-action
|
||||
[...]
|
||||
securityContext:
|
||||
runAsUser: 1001
|
||||
|
|
|
|||
|
|
@ -1,43 +0,0 @@
|
|||
FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/tonistiigi/xx AS xx
|
||||
FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.21-alpine3.19 as build-env
|
||||
|
||||
LABEL maintainer="tommy@252.no"
|
||||
LABEL org.opencontainers.image.title="Forgejo Runner"
|
||||
LABEL org.opencontainers.image.description="Forgejo Runner for Kubernetes with minimal privileges"
|
||||
LABEL org.opencontainers.image.url="https://code.252.no/tommy/containers/forgejo-runner"
|
||||
LABEL org.opencontainers.image.source="https://code.252.no/tommy/containers"
|
||||
LABEL org.opencontainers.image.vendor="https://code.252.no/tommy"
|
||||
LABEL org.opencontainers.image.authors="tommy@252.no"
|
||||
|
||||
#
|
||||
# Transparently cross compile for the target platform
|
||||
#
|
||||
COPY --from=xx / /
|
||||
ARG TARGETPLATFORM
|
||||
RUN apk --no-cache add clang lld
|
||||
RUN xx-apk --no-cache add gcc musl-dev
|
||||
RUN xx-go --wrap
|
||||
|
||||
# Do not remove `git` here, it is required for getting runner version when executing `make build`
|
||||
RUN apk add --no-cache build-base git
|
||||
|
||||
COPY . /srv
|
||||
WORKDIR /srv
|
||||
|
||||
RUN make clean && make build
|
||||
|
||||
FROM code.forgejo.org/oci/alpine:3.19
|
||||
ARG RELEASE_VERSION
|
||||
RUN apk add --no-cache git bash
|
||||
|
||||
COPY --from=build-env /srv/forgejo-runner /bin/forgejo-runner
|
||||
|
||||
ENV HOME=/data
|
||||
|
||||
USER 1000:1000
|
||||
|
||||
WORKDIR /data
|
||||
|
||||
VOLUME ["/data"]
|
||||
|
||||
CMD ["/bin/forgejo-runner"]
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
version=$(curl -sX GET "https://api.github.com/repos/actions/runner/releases/latest" | jq --raw-output '.tag_name')
|
||||
version="${version#*v}"
|
||||
version="${version#*release-}"
|
||||
printf "%s" "${version}"
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
app: forgejo-runner
|
||||
version: 24.10.01
|
||||
channels:
|
||||
- name: stable
|
||||
platforms: ["linux/amd64"]
|
||||
stable: false
|
||||
tests:
|
||||
enabled: true
|
||||
type: cli
|
||||
Loading…
Reference in a new issue