From 825dc38b6c242e51183be40c46bb5565b54341f4 Mon Sep 17 00:00:00 2001 From: michaeljguarino Date: Thu, 1 Aug 2024 12:11:38 -0400 Subject: [PATCH] Add an example custom image (#248) It's basically just the harness base + the aws cli in a full ubuntu container to ensure awscli doesn't bork. Will serve as good working documentation of how to build your own custom stack --- .github/workflows/publish-harness.yaml | 55 ++++++++++++++++++++++++++ dockerfiles/harness/custom.Dockerfile | 26 ++++++++++++ 2 files changed, 81 insertions(+) create mode 100644 dockerfiles/harness/custom.Dockerfile diff --git a/.github/workflows/publish-harness.yaml b/.github/workflows/publish-harness.yaml index 6fadd5bc..6c0c1fc5 100644 --- a/.github/workflows/publish-harness.yaml +++ b/.github/workflows/publish-harness.yaml @@ -253,3 +253,58 @@ jobs: PYTHON_VERSION=${{ matrix.versions.python }} HARNESS_BASE_IMAGE_REPO=ghcr.io/pluralsh/stackrun-harness-base HARNESS_BASE_IMAGE_TAG=${{ needs.publish-harness-base.outputs.version }} + + publish-harness-custom: + name: Build and push harness custom container + runs-on: ubuntu-20.04 + needs: [publish-harness-base] + permissions: + contents: write + discussions: write + pull-requests: write + packages: write + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ghcr.io/pluralsh/harness + docker.io/pluralsh/harness + tags: | + type=semver,pattern={{version}},suffix=-custom,priority=1000 + type=sha,suffix=-custom,priority=800 + type=ref,event=pr,suffix=-custom,priority=600 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Login to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Login to Docker + uses: docker/login-action@v3 + with: + username: mjgpluralsh + password: ${{ secrets.DOCKER_ACCESS_TOKEN }} + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: "." + file: "./dockerfiles/harness/custom.Dockerfile" + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + platforms: linux/amd64,linux/arm64 + cache-from: type=gha + cache-to: type=gha,mode=max + build-args: | + HARNESS_BASE_IMAGE_REPO=ghcr.io/pluralsh/stackrun-harness-base + HARNESS_BASE_IMAGE_TAG=${{ needs.publish-harness-base.outputs.version }} \ No newline at end of file diff --git a/dockerfiles/harness/custom.Dockerfile b/dockerfiles/harness/custom.Dockerfile new file mode 100644 index 00000000..a3c306d4 --- /dev/null +++ b/dockerfiles/harness/custom.Dockerfile @@ -0,0 +1,26 @@ +ARG HARNESS_BASE_IMAGE_TAG=latest +ARG HARNESS_BASE_IMAGE_REPO=ghcr.io/pluralsh/stackrun-harness-base +ARG HARNESS_BASE_IMAGE=$HARNESS_BASE_IMAGE_REPO:$HARNESS_BASE_IMAGE_TAG + +FROM $HARNESS_BASE_IMAGE as harness + +FROM debian:12-slim + +COPY --from=harness /harness /usr/local/bin/harness + +# Change ownership of the harness binary to UID/GID 65532 +RUN addgroup --gid 65532 nonroot && \ + adduser --uid 65532 --gid 65532 --home /home/nonroot nonroot && \ + chown -R 65532:65532 /usr/local/bin/harness + +RUN apt-get -y update && apt-get -y install curl unzip && \ + curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && \ + unzip awscliv2.zip && \ + ./aws/install + +# Switch to the non-root user +USER 65532:65532 + +WORKDIR /plural + +ENTRYPOINT ["harness", "--working-dir=/plural"]