Add an example custom image

It's basically just the harness base + the aws cli in a full ubuntu container to ensure awscli doesn't bork. Will serve as good working documentation of how to build your own custom stack
pluralsh · Jul 28, 2024 · ad628a6 · ad628a6
1 parent f092adf
commit ad628a6
Show file tree

Hide file tree

Showing 2 changed files with 82 additions and 0 deletions.
diff --git a/.github/workflows/publish-harness.yaml b/.github/workflows/publish-harness.yaml
@@ -253,3 +253,58 @@ jobs:
             PYTHON_VERSION=${{ matrix.versions.python }}
             HARNESS_BASE_IMAGE_REPO=ghcr.io/pluralsh/stackrun-harness-base
             HARNESS_BASE_IMAGE_TAG=${{ needs.publish-harness-base.outputs.version }}
+
+  publish-harness-custom:
+    name: Build and push harness custom container
+    runs-on: ubuntu-20.04
+    needs: [publish-harness-base]
+    permissions:
+      contents: write
+      discussions: write
+      pull-requests: write
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/pluralsh/harness
+            docker.io/pluralsh/harness
+          tags: |
+            type=semver,pattern={{version}},suffix=-custom-${{ version }},priority=1000
+            type=sha,suffix=-custom-${{ version }},priority=800
+            type=ref,event=pr,suffix=-custom-${{ version }},priority=600
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Login to Docker
+        uses: docker/login-action@v3
+        with:
+          username: mjgpluralsh
+          password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: "."
+          file: "./dockerfiles/harness/custom.Dockerfile"
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          build-args: |
+            HARNESS_BASE_IMAGE_REPO=ghcr.io/pluralsh/stackrun-harness-base
+            HARNESS_BASE_IMAGE_TAG=${{ needs.publish-harness-base.outputs.version }}
diff --git a/dockerfiles/harness/custom.Dockerfile b/dockerfiles/harness/custom.Dockerfile
@@ -0,0 +1,27 @@
+ARG HARNESS_BASE_IMAGE_TAG=latest
+ARG HARNESS_BASE_IMAGE_REPO=ghcr.io/pluralsh/stackrun-harness-base
+ARG HARNESS_BASE_IMAGE=$HARNESS_BASE_IMAGE_REPO:$HARNESS_BASE_IMAGE_TAG
+
+FROM $HARNESS_BASE_IMAGE as harness
+
+FROM debian:12-slim
+
+COPY --from=harness /harness /usr/local/bin/harness
+
+# Change ownership of the harness binary to UID/GID 65532
+RUN chown -R 65532:65532 /usr/local/bin/harness
+RUN apt-get -y update && apt-get -y install curl unzip
+
+# Install build dependencies, Ansible, and openssh-client
+RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && \
+        unzip awscliv2.zip && \
+        ./aws/install
+
+RUN addgroup --gid 65532 nonroot
+
+# Switch to the non-root user
+USER 65532:65532
+
+WORKDIR /plural
+
+ENTRYPOINT ["/harness", "--working-dir=/plural"]