From f58a2d44f779ae77f4b028e3228c0fa8000dbda7 Mon Sep 17 00:00:00 2001 From: Matthew McKinnon Date: Sun, 31 Aug 2025 19:16:31 +1000 Subject: [PATCH] chore: clean image --- .gitea/workflows/build.yml | 26 ++++++++++----- Dockerfile | 68 ++++++++++++++++++++++++-------------- 2 files changed, 61 insertions(+), 33 deletions(-) diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index ebfa50d..00c9ba6 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -2,9 +2,11 @@ name: Build Docker Image on: push: - # Only build on tags (like v1.0.0) - tags: - - "v*" + branches: + - master + # Renovate will push updates as commits + paths: + - "Dockerfile" jobs: build-docker: @@ -13,7 +15,7 @@ jobs: image: catthehacker/ubuntu:act-latest steps: - # 1. Checkout the repo + # 1. Checkout repository - name: Checkout repository uses: actions/checkout@v5 with: @@ -23,7 +25,7 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - # 3. Log in to your registry + # 3. Login to your registry - name: Login to Docker registry uses: docker/login-action@v3 with: @@ -31,12 +33,18 @@ jobs: username: ${{ secrets.REGISTRY_USERNAME }} password: ${{ secrets.REGISTRY_TOKEN }} - # 4. Build and push Docker image + # 4. Define timestamp tag + - name: Set Docker image tags + id: docker_tags + run: | + TIMESTAMP=$(date +'%Y.%m.%d-%H%M%S') + echo "tags=git.comprofix.com/mmckinnon/debian-latest:latest,git.comprofix.com/mmckinnon/debian-latest:$TIMESTAMP" >> $GITHUB_ENV + + # 5. Build & push Docker image - name: Build and push Docker image uses: docker/build-push-action@v6 with: + context: . file: ./Dockerfile push: true - tags: | - git.comprofix.com/mmckinnon/debian-runner:latest - git.comprofix.com/mmckinnon/debian-runner:${{ github.ref_name }} + tags: ${{ env.tags }} diff --git a/Dockerfile b/Dockerfile index 4f903d7..88a64ef 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,48 +1,68 @@ -############################## +# ========================= # Stage 1: Builder -############################## -FROM debian:trixie-slim AS builder +# ========================= +FROM debian:trixie-slim@sha256:c85a2732e97694ea77237c61304b3bb410e0e961dd6ee945997a06c788c545bb AS builder -ENV DEBIAN_FRONTEND=noninteractive +ENV DEBIAN_FRONTEND=noninteractive \ + LANG=C.UTF-8 # Install build dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ - build-essential \ curl \ + git \ + bash \ + openssh-client \ ca-certificates \ + procps \ + iproute2 \ + netcat-traditional \ + unzip \ + iputils-ping \ python3 \ python3-venv \ - python3-pip \ + build-essential \ + zlib1g-dev \ + libffi-dev \ + libssl-dev \ ruby-full \ - nodejs \ - git \ - && rm -rf /var/lib/apt/lists/* + && rm -rf /var/lib/apt/lists/* -# Create a Python virtual environment (example usage) -RUN python3 -m venv /opt/venv +# Install Node.js 22 +RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \ + && apt-get install -y nodejs \ + && npm install -g npm \ + && rm -rf /var/lib/apt/lists/* -############################## -# Stage 2: Runtime -############################## -FROM debian:trixie-slim +# Create Python virtual environment for Ansible +RUN python3 -m venv /opt/venv \ + && /opt/venv/bin/pip install --no-cache-dir --upgrade pip ansible -ENV DEBIAN_FRONTEND=noninteractive +# ========================= +# Stage 2: Final runtime image +# ========================= +FROM debian:trixie-slim@sha256:c85a2732e97694ea77237c61304b3bb410e0e961dd6ee945997a06c788c545bb -# Install only runtime dependencies +ENV DEBIAN_FRONTEND=noninteractive \ + LANG=C.UTF-8 \ + PATH=/opt/venv/bin:$PATH + +# Install runtime dependencies only RUN apt-get update && apt-get install -y --no-install-recommends \ + bash \ + openssh-client \ ca-certificates \ + iputils-ping \ python3 \ + python3-venv \ ruby-full \ nodejs \ - git \ - && rm -rf /var/lib/apt/lists/* + && rm -rf /var/lib/apt/lists/* -# Copy built tools from builder +# Copy built Python venv from builder COPY --from=builder /opt/venv /opt/venv -# Set Python virtual environment path -ENV PATH="/opt/venv/bin:$PATH" - +# Set working directory WORKDIR /workspace -CMD ["bash"] +# Default shell +SHELL ["/bin/bash", "-c"]