Merge pull request #5 from Frozen-Tapestry/develop

New release with permission fix
2025-02-28 16:42:45 +03:00 · 2025-02-28 16:42:45 +03:00 · 09c93ff653
commit 09c93ff653
parent cf79bbde67 25cafbfcad
4 changed files with 48 additions and 20 deletions
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@ -0,0 +1,3 @@
+### Base branch for this PR
+
+Please target the `develop` branch for this Pull Request.
--- a/README.md
+++ b/README.md
@ -46,13 +46,17 @@ jobs:
        uses: actions/checkout@v4

      - name: Use Podman Build and Push Action
-        uses: frozen-tapestry/podman-build-push-action@v1
+        uses: Frozen-Tapestry/container-action@v1
        with:
          login_registry: ghcr.io
          login_username: ${{ secrets.REGISTRY_USERNAME }}
          login_password: ${{ secrets.REGISTRY_PASSWORD }}
          tags: ghcr.io/your-namespace/your-image:latest
          dockerfile: path/to/Dockerfile
+          # Use those security flags if using GitHub Action. Keep the defaults, if using Gitea.
+          security: |
+            --security-opt=seccomp=unconfined
+            --security-opt=apparmor=unconfined
          push: true
 ```

--- a/RELEASES.md
+++ b/RELEASES.md
@ -2,4 +2,9 @@

 ### v1.0.0

- Initial release
+- Initial release
+
+### v1.1.0
+
+- Permission error fix
+- Readme updates
--- a/scripts/run.sh
+++ b/scripts/run.sh
@ -13,12 +13,23 @@ PODMAN_USER="podman"
 chown $PODMAN_USER:$PODMAN_USER /home/$PODMAN_USER/auth
 chown $PODMAN_USER:$PODMAN_USER /home/$PODMAN_USER/.local/share/containers/storage

+run_cmd() {
+    local build_cmd=("$@")
+    cmd=$(printf "%q\t" "${build_cmd[@]}")
+    echo "Running: $cmd"
+    su "$PODMAN_USER" -c "$cmd"
+}
+
 ### LOGIN
 if [[ -n "$REGISTRY" && -n "$USERNAME" && -n "$PASSWORD" ]]; then
-  sudo -u $PODMAN_USER podman login \
-    --storage-driver=overlay \
-    --authfile="$REGISTRY_AUTH_FILE" \
-    "$REGISTRY" -u "$USERNAME" -p "$PASSWORD"
+  build_cmd=(podman login
+    --storage-driver=overlay
+    --authfile="$REGISTRY_AUTH_FILE"
+    "$REGISTRY"
+    -username="$USERNAME"
+    --password="$PASSWORD"
+  )
+  run_cmd "${build_cmd[@]}"
 fi

 generate_args() {
@ -50,26 +61,31 @@ if [[ -n "$DOCKERFILE" ]]; then
  EXTRA_ARGS=$(generate_args "$ACTION_EXTRA_ARGS" "")
  echo "Extra args: $EXTRA_ARGS"

-  sudo -u $PODMAN_USER podman build --platform="linux/amd64" \
-    --storage-driver=overlay \
-    --authfile="$REGISTRY_AUTH_FILE" \
-    --pull=true \
-    --label image.created="$CREATED" \
-    --label image.revision="$REVISION" \
-    --label image.source="$SOURCE" \
-    $TAGS \
-    $LABELS \
-    $BUILD_ARGS \
-    $EXTRA_ARGS \
-    -f "$DOCKERFILE" \
+  build_cmd=(podman build
+    --platform="linux/amd64"
+    --storage-driver=overlay
+    --authfile="$REGISTRY_AUTH_FILE"
+    --pull=true
+    --label=image.created="$CREATED"
+    --label=image.revision="$REVISION"
+    --label=image.source="$SOURCE"
+    $TAGS
+    $LABELS
+    $BUILD_ARGS
+    $EXTRA_ARGS
+    --file="$DOCKERFILE"
    .
+  )
+  run_cmd "${build_cmd[@]}"
 fi

 if [[ -n "$PUSH" && "$PUSH" == "true" ]]; then
  TAGS=$(generate_args "$ACTION_TAGS" "")
  echo "Tags: $TAGS"

-  sudo -u $PODMAN_USER podman push \
-    --storage-driver=overlay \
+  build_cmd=(podman push
+    --storage-driver=overlay
    --authfile="$REGISTRY_AUTH_FILE" $TAGS
+  )
+  run_cmd "${build_cmd[@]}"
 fi