From fcb356d992b3193c81e8cb1c1dae64d6cf26c833 Mon Sep 17 00:00:00 2001
From: Foat Akhmadeev <foat@fmga.ru>
Date: Wed, 18 Dec 2024 15:47:22 +0300
Subject: [PATCH] podman rootless build

---
 action.yml     | 16 +++++-----------
 scripts/run.sh | 17 ++++++++++++++---
 2 files changed, 19 insertions(+), 14 deletions(-)

diff --git a/action.yml b/action.yml
index db6a8ff..3cb22c7 100644
--- a/action.yml
+++ b/action.yml
@@ -40,12 +40,6 @@ inputs:
     description: Whether to push the image after building.
     default: 'false'
     required: false
-  shared_path:
-    description: |
-      Path to container shared folder for different cache files on the host filesystem.
-      Useful for self-hosted runners.
-    default: '/tmp/shared'
-    required: false
   security:
     description: Security flags that are used for an intermediate container. New line separated.
     default: '--network=host'
@@ -55,16 +49,16 @@ runs:
   using: composite
   steps:
     - name: Run container steps
-      uses: frozen-tapestry/docker-run-action@v5p
+      uses: frozen-tapestry/docker-run-action@0c2c7831e29d4389f7521909b92e8097d1eecc88
       with:
         image: quay.io/podman/stable:latest
         mount_ws: true
         options: |
           ${{ inputs.security }}
-          -v=${{ inputs.shared_path }}/auth:/etc/containers/auth
-          -v=${{ inputs.shared_path }}/storage:/var/lib/containers/storage
-          -v=${{ github.action_path }}/scripts:/scripts
-          -e=REGISTRY_AUTH_FILE=/etc/containers/auth/auth.json
+          -v=${{ env.CACHE_SHARED_PATH }}/podman-auth:/home/podman/auth:rw
+          -v=${{ env.CACHE_SHARED_PATH }}/podman-storage:/home/podman/.local/share/containers/storage:rw
+          -v=${{ github.action_path }}/scripts:/scripts:ro
+          -e=REGISTRY_AUTH_FILE=/home/podman/auth/auth.json
           -e=REGISTRY=${{ inputs.login_registry }}
           -e=USERNAME=${{ inputs.login_username }}
           -e=PASSWORD=${{ inputs.login_password }}
diff --git a/scripts/run.sh b/scripts/run.sh
index 56a7fae..680a003 100755
--- a/scripts/run.sh
+++ b/scripts/run.sh
@@ -8,9 +8,17 @@ PASSWORD=${PASSWORD:-}
 DOCKERFILE=${DOCKERFILE:-}
 PUSH=${PUSH:-}
 
+PODMAN_USER="podman"
+
+chown $PODMAN_USER:$PODMAN_USER /home/$PODMAN_USER/auth
+chown $PODMAN_USER:$PODMAN_USER /home/$PODMAN_USER/.local/share/containers/storage
+
 ### LOGIN
 if [[ -n "$REGISTRY" && -n "$USERNAME" && -n "$PASSWORD" ]]; then
-  podman login --storage-driver=overlay "$REGISTRY" -u "$USERNAME" -p "$PASSWORD"
+  sudo -u $PODMAN_USER podman login \
+    --storage-driver=overlay \
+    --authfile="$REGISTRY_AUTH_FILE" \
+    "$REGISTRY" -u "$USERNAME" -p "$PASSWORD"
 fi
 
 generate_args() {
@@ -42,8 +50,9 @@ if [[ -n "$DOCKERFILE" ]]; then
   EXTRA_ARGS=$(generate_args "$ACTION_EXTRA_ARGS" "")
   echo "Extra args: $EXTRA_ARGS"
 
-  podman build --platform="linux/amd64" \
+  sudo -u $PODMAN_USER podman build --platform="linux/amd64" \
     --storage-driver=overlay \
+    --authfile="$REGISTRY_AUTH_FILE" \
     --pull=true \
     --label image.created="$CREATED" \
     --label image.revision="$REVISION" \
@@ -60,5 +69,7 @@ if [[ -n "$PUSH" && "$PUSH" == "true" ]]; then
   TAGS=$(generate_args "$ACTION_TAGS" "")
   echo "Tags: $TAGS"
 
-  podman push --storage-driver=overlay $TAGS
+  sudo -u $PODMAN_USER podman push \
+    --storage-driver=overlay \
+    --authfile="$REGISTRY_AUTH_FILE" $TAGS
 fi
\ No newline at end of file