astra/container-action
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

strict mode

Browse source
This commit is contained in:
Foat Akhmadeev 2024-12-17 14:45:52 +03:00
parent 33cbbea332
commit 336a9290bb
3 changed files with 43 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

12
.github/workflows/verify.yml vendored
View file

@ -34,14 +34,12 @@ jobs:
login_registry: ghcr.io
login_username: ${{ github.actor }}
login_password: ${{ secrets.GITHUB_TOKEN }}
tags: |
ghcr.io/frozen-tapestry/podman-action-verify:latest
tags: ghcr.io/frozen-tapestry/podman-action-verify:latest
dockerfile: Dockerfile
build_args: |
MY_ENV_VAR=Test
MY_ENV_VAR2=Test2
security:
--security-opt seccomp=unconfined --security-opt apparmor=unconfined
build_args: MY_ENV_VAR=Test MY_ENV_VAR2=Test2
security: |
--security-opt=seccomp=unconfined
--security-opt=apparmor=unconfined
push: true
- name: Run Docker container and verify output
id: verify-output

56
action.yml
View file

@ -16,19 +16,22 @@ inputs:
required: false
tags:
description: |
Tag of the image (space-separated or newline-separated).
e.g. quay.io/podman/stable:latest
Tags for the image. Space-separated. e.g.
quay.io/podman/stable:latest quay.io/podman/stable:nightly
required: false
labels:
description: List of additional metadata for an image (space-separated or newline-separated).
description: |
List of additional metadata for an image. Space-separated.
required: false
build_args:
description: Optional build arguments (space-separated or newline-separated).
description: |
Optional build arguments. Space-separated. e.g.
MY_ENV_VAR=Test MY_ENV_VAR2=Test2
required: false
extra_args:
description: |
Extra args to be passed to podman bud.
Separate arguments by newline.
Extra args to be passed to podman. Space-separated. e.g.
-e=MY_ENV=Test -e=MY_ENV=Test2
required: false
dockerfile:
description: Path to the Dockerfile. If set, build step is performed.
@ -44,22 +47,13 @@ inputs:
default: '/tmp/shared'
required: false
security:
description: Security flags that are used for an intermediate container. Space separated.
description: Security flags that are used for an intermediate container. New line separated.
default: '--network=host'
required: false
runs:
using: composite
steps:
- name: Convert composite args
id: convert
shell: bash
run: |
echo tags=$(echo "${{ inputs.tags }}" | xargs echo -n | tr -s ' \n' '+') >> $GITHUB_OUTPUT
echo labels=$(echo "${{ inputs.labels }}" | xargs echo -n | tr -s ' \n' '+') >> $GITHUB_OUTPUT
echo build_args=$(echo "${{ inputs.build_args }}" | xargs echo -n | tr -s ' \n' '+') >> $GITHUB_OUTPUT
echo extra_args=$(echo "${{ inputs.extra_args }}" | xargs echo -n | tr -s ' \n' '+') >> $GITHUB_OUTPUT
- name: Run container steps
uses: frozen-tapestry/docker-run-action@v5p
with:
@ -67,19 +61,19 @@ runs:
mount_ws: true
options: |
${{ inputs.security }}
-v ${{ inputs.shared_path }}/auth:/etc/containers/auth
-v ${{ inputs.shared_path }}/storage:/var/lib/containers/storage
-v ${{ github.action_path }}/scripts:/scripts
-e REGISTRY_AUTH_FILE=/etc/containers/auth/auth.json
-e REGISTRY=${{ inputs.login_registry }}
-e USERNAME=${{ inputs.login_username }}
-e PASSWORD=${{ inputs.login_password }}
-e ACTION_TAGS=${{ steps.convert.outputs.tags }}
-e ACTION_LABELS=${{ steps.convert.outputs.labels }}
-e ACTION_BUILD_ARGS=${{ steps.convert.outputs.build_args }}
-e ACTION_EXTRA_ARGS=${{ steps.convert.outputs.extra_args }}
-e DOCKERFILE=${{ inputs.dockerfile }}
-e REVISION=${{ github.sha }}
-e SOURCE=${{ github.server_url }}/${{ github.repository }}
-e PUSH=${{ inputs.push }}
-v=${{ inputs.shared_path }}/auth:/etc/containers/auth
-v=${{ inputs.shared_path }}/storage:/var/lib/containers/storage
-v=${{ github.action_path }}/scripts:/scripts
-e=REGISTRY_AUTH_FILE=/etc/containers/auth/auth.json
-e=REGISTRY=${{ inputs.login_registry }}
-e=USERNAME=${{ inputs.login_username }}
-e=PASSWORD=${{ inputs.login_password }}
-e=ACTION_TAGS=${{ steps.convert.outputs.tags }}
-e=ACTION_LABELS=${{ steps.convert.outputs.labels }}
-e=ACTION_BUILD_ARGS=${{ steps.convert.outputs.build_args }}
-e=ACTION_EXTRA_ARGS=${{ steps.convert.outputs.extra_args }}
-e=DOCKERFILE=${{ inputs.dockerfile }}
-e=REVISION=${{ github.sha }}
-e=SOURCE=${{ github.server_url }}/${{ github.repository }}
-e=PUSH=${{ inputs.push }}
run: /bin/bash /scripts/run.sh

20
scripts/run.sh
View file

@ -1,10 +1,16 @@
#!/bin/bash
set -euo pipefail
IFS=$'\n\t '
IFS=$'\n\t'
REGISTRY=${REGISTRY:-}
USERNAME=${USERNAME:-}
PASSWORD=${PASSWORD:-}
DOCKERFILE=${DOCKERFILE:-}
PUSH=${PUSH:-}
### LOGIN
if [[ -n "$REGISTRY" && -n "$USERNAME" && -n "$PASSWORD" ]]; then
buildah login --storage-driver=overlay2 $REGISTRY -u $USERNAME -p $PASSWORD
buildah login --storage-driver=overlay2 "$REGISTRY" -u "$USERNAME" -p "$PASSWORD"
fi
generate_args() {
@ -12,8 +18,8 @@ generate_args() {
local prefix="$2"
local output=""
if [ -n "$input_args" ]; then
output="$(echo "$input_args" | tr -s '+' ' ' | sed "s/[^ ]* */$prefix &/g")"
if [[ -n "$input_args" ]]; then
output="$(echo "$input_args" | tr -s ' ' '\n' | sed "s/[^ ]* */$prefix&/g")"
fi
echo "$output"
@ -27,11 +33,11 @@ if [[ -n "$DOCKERFILE" ]]; then
echo "Main labels: $CREATED $REVISION $SOURCE"
TAGS=$(generate_args "$ACTION_TAGS" "-t")
TAGS=$(generate_args "$ACTION_TAGS" "-t=")
echo "Tags: $TAGS"
LABELS=$(generate_args "$ACTION_LABELS" "--label")
LABELS=$(generate_args "$ACTION_LABELS" "--label=")
echo "Labels: $LABELS"
BUILD_ARGS=$(generate_args "$ACTION_BUILD_ARGS" "--build-arg")
BUILD_ARGS=$(generate_args "$ACTION_BUILD_ARGS" "--build-arg=")
echo "Build args: $BUILD_ARGS"
EXTRA_ARGS=$(generate_args "$ACTION_EXTRA_ARGS" "")
echo "Extra args: $EXTRA_ARGS"