Streamline image build (no tls, use podman) (#10)

Related to gardenlinux/glvd#106 and gardenlinux/glvd#103
gardenlinux · Sep 16, 2024 · fcbcece · fcbcece
1 parent ab5c2f6
commit fcbcece
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 64 deletions.
diff --git a/.github/workflows/build-postgres-container.yml b/.github/workflows/build-postgres-container.yml
@@ -5,7 +5,7 @@ on:
   pull_request:
   push:
     branches:
-    - main
+      - main
 
 permissions:
   # Checkout repository
@@ -15,45 +15,56 @@ permissions:
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
+
+    env:
+      IMAGE_NAME: ghcr.io/gardenlinux/glvd-postgres
+      IMAGE_TAG: latest
 
     steps:
-    - name: Checkout repo
-      uses: actions/checkout@v4
-
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
-      with:
-        platforms: linux/amd64,linux/arm64
-
-    - name: Docker meta
-      id: meta
-      if: ${{ github.event_name != 'pull_request' }}
-      uses: docker/metadata-action@v5
-      with:
-        images: |
-          ghcr.io/${{ github.repository }}
-        tags: |
-          type=edge
-          type=ref,event=pr
-          type=semver,pattern={{version}}
-          type=semver,pattern={{major}}.{{minor}}
-          type=semver,pattern={{major}}
-
-    - name: Login to GitHub Container Registry
-      if: ${{ github.event_name != 'pull_request' }}
-      uses: docker/login-action@v3
-      with:
-        registry: ghcr.io
-        username: ${{ github.actor }}
-        password: ${{ secrets.GITHUB_TOKEN }}
-
-    - name: Build and push image
-      if: ${{ github.event_name != 'pull_request' }}
-      uses: docker/build-push-action@v6
-      with:
-        platforms: linux/amd64,linux/arm64
-        file: Containerfile
-        push: true
-        tags: ${{ steps.meta.outputs.tags }}
-        labels: ${{ steps.meta.outputs.labels }}
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - name: Install qemu dependency for multi-arch build
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y qemu-user-static
+
+      - name: Build Image
+        id: build_image
+        uses: redhat-actions/buildah-build@v2
+        with:
+          image: ${{ env.IMAGE_NAME }}
+          tags: ${{ env.IMAGE_TAG }}
+          platforms: linux/amd64, linux/arm64
+          containerfiles: |
+            ./Containerfile
+
+      - name: Echo Outputs
+        run: |
+          echo "Image: ${{ steps.build_image.outputs.image }}"
+          echo "Tags: ${{ steps.build_image.outputs.tags }}"
+          echo "Tagged Image: ${{ steps.build_image.outputs.image-with-tag }}"
+
+      - name: Check images created
+        run: buildah images | grep '${{ env.IMAGE_NAME }}'
+
+      - name: Check manifest
+        run: |
+          set -x
+          buildah manifest inspect ${{ steps.build_image.outputs.image }}:${{ env.IMAGE_TAG }}
+
+      - name: Push To ghcr.io
+        id: push-to-ghcr
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: redhat-actions/push-to-registry@v2
+        with:
+          image: ${{ steps.build_image.outputs.image }}
+          tags: ${{ steps.build_image.outputs.tags }}
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Print image url
+        if: ${{ github.event_name != 'pull_request' }}
+        run: echo "Image pushed to ${{ steps.push-to-ghcr.outputs.registry-paths }}"
diff --git a/Containerfile b/Containerfile
@@ -4,5 +4,4 @@ FROM $base
 RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends postgresql-15-debversion && \
     echo 'CREATE EXTENSION debversion' > /docker-entrypoint-initdb.d/create-extension.sql
 
-ADD create-certificate.sh /docker-entrypoint-initdb.d
 ADD postgresql.conf /etc/postgresql/
diff --git a/create-certificate.sh b/create-certificate.sh
diff --git a/postgresql.conf b/postgresql.conf
@@ -102,16 +102,17 @@ listen_addresses = '*'
 
 # - SSL -
 
-ssl = on
-ssl_ca_file = ''
-ssl_cert_file = '/var/lib/postgresql/data/pgdata/server.crt'
-ssl_crl_file = ''
-ssl_crl_dir = ''
-ssl_key_file = '/var/lib/postgresql/data/pgdata/server.key'
-ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
-ssl_prefer_server_ciphers = on
-ssl_ecdh_curve = 'prime256v1'
-ssl_min_protocol_version = 'TLSv1.2'
+#FIXME(fwilhe): disable for now, see https://github.com/gardenlinux/glvd/issues/106
+# ssl = on
+# ssl_ca_file = ''
+# ssl_cert_file = '/var/lib/postgresql/data/pgdata/server.crt'
+# ssl_crl_file = ''
+# ssl_crl_dir = ''
+# ssl_key_file = '/var/lib/postgresql/data/pgdata/server.key'
+# ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
+# ssl_prefer_server_ciphers = on
+# ssl_ecdh_curve = 'prime256v1'
+# ssl_min_protocol_version = 'TLSv1.2'
 #ssl_max_protocol_version = ''
 #ssl_dh_params_file = ''
 #ssl_passphrase_command = ''