diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index f26d3e4..ebfa50d 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -1,23 +1,42 @@ -on: push +name: Build Docker Image + +on: + push: + # Only build on tags (like v1.0.0) + tags: + - "v*" + jobs: build-docker: runs-on: ubuntu-latest container: image: catthehacker/ubuntu:act-latest + steps: + # 1. Checkout the repo + - name: Checkout repository + uses: actions/checkout@v5 + with: + fetch-depth: 0 + + # 2. Set up Docker Buildx - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Login to DockerHub + # 3. Log in to your registry + - name: Login to Docker registry uses: docker/login-action@v3 with: registry: git.comprofix.com username: ${{ secrets.REGISTRY_USERNAME }} password: ${{ secrets.REGISTRY_TOKEN }} - - name: Build and push + # 4. Build and push Docker image + - name: Build and push Docker image uses: docker/build-push-action@v6 with: file: ./Dockerfile push: true - tags: git.comprofix.com/mmckinnon/debian-runner:latest + tags: | + git.comprofix.com/mmckinnon/debian-runner:latest + git.comprofix.com/mmckinnon/debian-runner:${{ github.ref_name }} diff --git a/Dockerfile b/Dockerfile index c5da0be..f976ca5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,41 +1,55 @@ -# Base image -FROM debian:trixie-slim +# ============================== +# Stage 1: Builder +# ============================== +FROM debian:trixie-slim@sha256:c85a2732e97694ea77237c61304b3bb410e0e961dd6ee945997a06c788c545bb AS builder -# Set environment variables (DEBIAN_FRONTEND and LANG) +# Set environment variables for noninteractive install ENV DEBIAN_FRONTEND=noninteractive \ LANG=C.UTF-8 -# Install system dependencies +# Install build and runtime dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ - curl \ - git \ - bash \ - openssh-client \ - python3 \ - python3-venv \ - build-essential \ - zlib1g-dev \ - libffi-dev \ - libssl-dev \ - ruby-full \ - ca-certificates \ + python3 python3-venv build-essential \ + curl git bash openssh-client \ + ruby-full zlib1g-dev libffi-dev libssl-dev ca-certificates \ && rm -rf /var/lib/apt/lists/* -# Install Node.js 22 +# Install Node.js 22 (latest patch for 22.x) RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \ && apt-get install -y nodejs \ && npm install -g npm \ && rm -rf /var/lib/apt/lists/* -# Install Jekyll and Bundler +# Install Ruby gems: Jekyll and Bundler RUN gem install bundler jekyll # Create Python virtual environment for Ansible RUN python3 -m venv /opt/venv \ - && /opt/venv/bin/pip install --no-cache-dir --upgrade pip ansible + && /opt/venv/bin/pip install --no-cache-dir --upgrade pip ansible==8.* -# Update PATH globally for all shells/steps -ENV PATH=/usr/local/bundle/bin:/opt/venv/bin:$PATH +# ============================== +# Stage 2: Runtime +# ============================== +FROM debian:trixie-slim@sha256:c85a2732e97694ea77237c61304b3bb410e0e961dd6ee945997a06c788c545bb + +# Set environment variables +ENV DEBIAN_FRONTEND=noninteractive \ + LANG=C.UTF-8 \ + PATH=/usr/local/bundle/bin:/opt/venv/bin:$PATH + +# Install minimal runtime dependencies +RUN apt-get update && apt-get install -y --no-install-recommends \ + python3 python3-venv \ + curl git bash openssh-client \ + ruby-full ca-certificates \ + nodejs \ + && rm -rf /var/lib/apt/lists/* + +# Copy built tools from builder +COPY --from=builder /opt/venv /opt/venv +COPY --from=builder /usr/local/bundle /usr/local/bundle +COPY --from=builder /usr/lib/node_modules /usr/lib/node_modules +COPY --from=builder /usr/bin/node /usr/bin/node # Create workspace WORKDIR /workspace @@ -43,3 +57,5 @@ WORKDIR /workspace # Default shell SHELL ["/bin/bash", "-c"] +# Expose environment for scripts +ENV PATH="/opt/venv/bin:/usr/local/bundle/bin:$PATH"