diff options
| author | Ivan Gabaldon <igabaldon@inetol.net> | 2025-10-22 14:38:59 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-10-22 14:38:59 +0200 |
| commit | 16293132e35621f9e32491b2b129fa0758e1932f (patch) | |
| tree | 9112d8961b7c78c00d9f4b5a6b82b8687ffe9131 | |
| parent | f70120b0b99354785c5d5c9fda91565ad32ec31f (diff) | |
[mod] ci: use custom static podman (#5354)
We only need updated podman on `build`. `test` and `release` can use image
provided container engine binaries.
| -rw-r--r-- | .github/workflows/container.yml | 41 | ||||
| -rw-r--r-- | container/builder.dockerfile | 3 | ||||
| -rw-r--r-- | container/dist.dockerfile | 2 | ||||
| -rw-r--r-- | utils/lib_sxng_container.sh | 1 |
4 files changed, 40 insertions, 7 deletions
diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index e49c1cada..59c08a125 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -33,12 +33,15 @@ jobs: matrix: include: - arch: amd64 + march: amd64 os: ubuntu-24.04 emulation: false - arch: arm64 + march: arm64 os: ubuntu-24.04-arm emulation: false - arch: armv7 + march: arm64 os: ubuntu-24.04-arm emulation: true @@ -50,6 +53,30 @@ jobs: git_url: ${{ steps.build.outputs.git_url }} steps: + # yamllint disable rule:line-length + - name: Setup podman + env: + PODMAN_VERSION: "v5.6.2" + run: | + # dpkg man-db trigger is very slow on GHA runners + # https://github.com/actions/runner-images/issues/10977 + # https://github.com/actions/runner/issues/4030 + sudo rm -f /var/lib/man-db/auto-update + + sudo apt-get purge -y podman runc crun conmon + + curl -fsSLO "https://github.com/mgoltzsche/podman-static/releases/download/${{ env.PODMAN_VERSION }}/podman-linux-${{ matrix.march }}.tar.gz" + curl -fsSLO "https://github.com/mgoltzsche/podman-static/releases/download/${{ env.PODMAN_VERSION }}/podman-linux-${{ matrix.march }}.tar.gz.asc" + gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 0CCF102C4F95D89E583FF1D4F8B5AF50344BB503 + gpg --batch --verify "podman-linux-${{ matrix.march }}.tar.gz.asc" "podman-linux-${{ matrix.march }}.tar.gz" + + tar -xzf "podman-linux-${{ matrix.march }}.tar.gz" + sudo cp -rfv ./podman-linux-${{ matrix.march }}/etc/. /etc/ + sudo cp -rfv ./podman-linux-${{ matrix.march }}/usr/. /usr/ + + sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 + # yamllint enable rule:line-length + - name: Setup Python uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: @@ -68,12 +95,18 @@ jobs: restore-keys: "python-${{ env.PYTHON_VERSION }}-${{ runner.arch }}-" path: "./local/" - - name: Setup cache container uv + - name: Get date + id: date + run: echo "date=$(date +'%Y%m%d')" >>$GITHUB_OUTPUT + + - name: Setup cache container uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: - key: "container-uv-${{ matrix.arch }}-${{ hashFiles('./requirements*.txt') }}" - restore-keys: "container-uv-${{ matrix.arch }}-" - path: "/var/tmp/buildah-cache-1001/uv/" + key: "container-${{ matrix.arch }}-${{ steps.date.outputs.date }}-${{ hashFiles('./requirements*.txt') }}" + restore-keys: | + "container-${{ matrix.arch }}-${{ steps.date.outputs.date }}-" + "container-${{ matrix.arch }}-" + path: "/var/tmp/buildah-cache-*/*" - if: ${{ matrix.emulation }} name: Setup QEMU diff --git a/container/builder.dockerfile b/container/builder.dockerfile index 9a2d46170..eced10428 100644 --- a/container/builder.dockerfile +++ b/container/builder.dockerfile @@ -19,8 +19,7 @@ RUN --mount=type=cache,id=uv,target=/root/.cache/uv set -eux -o pipefail; \ find ./.venv/lib/python*/site-packages/*.dist-info/ -type f -name "RECORD" -exec sort -t, -k1,1 -o {} {} \;; \ find ./.venv/ -exec touch -h --date="@$TIMESTAMP_VENV" {} + -# use "--exclude=./searx/version_frozen.py" when actions/runner-images updates to Podman 5.0+ -COPY ./searx/ ./searx/ +COPY --exclude=./searx/version_frozen.py ./searx/ ./searx/ ARG TIMESTAMP_SETTINGS="0" diff --git a/container/dist.dockerfile b/container/dist.dockerfile index 10ad0d88f..f2d4b0fee 100644 --- a/container/dist.dockerfile +++ b/container/dist.dockerfile @@ -7,7 +7,7 @@ FROM ghcr.io/searxng/base:searxng AS dist COPY --chown=977:977 --from=builder /usr/local/searxng/.venv/ ./.venv/ COPY --chown=977:977 --from=builder /usr/local/searxng/searx/ ./searx/ COPY --chown=977:977 ./container/ ./ -#COPY --chown=977:977 ./searx/version_frozen.py ./searx/ +COPY --chown=977:977 ./searx/version_frozen.py ./searx/ ARG CREATED="0001-01-01T00:00:00Z" ARG VERSION="unknown" diff --git a/utils/lib_sxng_container.sh b/utils/lib_sxng_container.sh index eee218c06..50c1c7ef1 100644 --- a/utils/lib_sxng_container.sh +++ b/utils/lib_sxng_container.sh @@ -37,6 +37,7 @@ container.build() { fi fi info_msg "Selected engine: $container_engine" + "$container_engine" version # Setup arch specific case $parch in |