homelab/image-forgejo-runner
0
0
Fork 0
Code Issues 1 Pull requests 1 Packages 1 Activity Actions
image-forgejo-runner/Dockerfile

161 lines
5.8 KiB
Docker
Raw Permalink Blame History

# git.auengun.net/homelab/image-forgejo-runner
# Copyright (C) 2024 GregoryDosh
ARG FORGEJO_RUNNER_VERSION=act-latest@sha256:f4c13d572df31fd0dece337ec91553036d078f1dcf7db142682509091a456a59
FROM ghcr.io/catthehacker/ubuntu:$FORGEJO_RUNNER_VERSION
RUN apt update && \
apt install -y libpam0g-dev
##########
# Golang #
##########
# renovate: datasource=golang-version depName=golang-version
ENV GOLANG_VERSION=1.25.3
LABEL net.auengun.golang.version=${GOLANG_VERSION}
RUN curl https://go.dev/dl/go${GOLANG_VERSION}.linux-amd64.tar.gz -s -L -o go${GOLANG_VERSION}.linux-amd64.tar.gz && \
rm -rf /usr/local/go && tar -C /usr/local -xzf go${GOLANG_VERSION}.linux-amd64.tar.gz && \
rm go${GOLANG_VERSION}.linux-amd64.tar.gz
ENV PATH=$PATH:/usr/local/go/bin
#############################
# Setup Env for Homelab PKI #
#############################
# renovate: datasource=github-releases depName=smallstep/cli
ENV STEP_VERSION=v0.28.7
LABEL net.auengun.step.version=${STEP_VERSION}
ADD https://spm-ca.pages.dev/assets/spm-root.crt /usr/local/share/ca-certificates/spm-cert.crt
RUN update-ca-certificates && \
cp /usr/local/share/ca-certificates/spm-cert.crt /spm-root.crt && \
chmod 644 /spm-root.crt && \
mkdir ./step && \
export STEP_URL="https://github.com/smallstep/cli/releases/download/${STEP_VERSION}/step_linux_${STEP_VERSION##v}_amd64.tar.gz" && \
curl -s "$STEP_URL" -L -o - | tar xvz --strip-components=1 -C ./step && \
cp ./step/bin/step /usr/local/bin && \
rm -rf ./step
# Git
RUN git config --system http."https://git.auengun.net/".sslCAInfo /spm-root.crt && \
git config --system --add safe.directory '/workspace'
# Node
ENV NODE_EXTRA_CA_CERTS=/spm-root.crt
# Python
RUN rm -rf /root/.cache/pip && \
pip config set global.cert /etc/ssl/certs/ca-certificates.crt
ENV REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
ENV PIP_ROOT_USER_ACTION=ignore
# OpenSSL
ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
#################################
# Infisical for Homelab Secrets #
#################################
# renovate: datasource=github-releases depName=gh-infisical-cli packageName=infisical/infisical
ENV INFISICAL_VERSION=v0.41.90
ENV INFISICAL_API_URL=https://infisical.auengun.net/api
ENV INFISICAL_DISABLE_UPDATE_CHECK=true
LABEL net.auengun.infisical.version=${INFISICAL_VERSION}
RUN export INFISICAL_URL="https://github.com/infisical/infisical/releases/download/infisical-cli/${INFISICAL_VERSION}/infisical_${INFISICAL_VERSION##v}_linux_amd64.deb" && \
curl -s "$INFISICAL_URL" -L -o ./infisical_linux_amd64.deb && \
apt install -f -y ./infisical_linux_amd64.deb && \
rm -rf ./infisical_linux_amd64.deb
##########################################
# Poetry for Common Homelab Dependencies #
##########################################
# renovate: datasource=github-releases depName=python-poetry/poetry
ENV POETRY_VERSION=2.2.1
LABEL net.auengun.poetry.version=${POETRY_VERSION}
RUN python3 -m pip install poetry==${POETRY_VERSION}
###########
# Ansible #
###########
# renovate: datasource=pypi depName=ansible
ENV ANSIBLE_VERSION=10.7.0
LABEL net.auengun.ansible.version=${ANSIBLE_VERSION}
RUN python3 -m pip install ansible==${ANSIBLE_VERSION}
############
# OpenTofu #
############
# renovate: datasource=github-releases depName=opentofu/opentofu
ENV OPENTOFU_VERSION=v1.10.6
ENV TOFU_ENABLE_STATIC_SENSITIVE=1
LABEL net.auengun.opentofu.version=${OPENTOFU_VERSION}
RUN export OPENTOFU_URL="https://github.com/opentofu/opentofu/releases/download/${OPENTOFU_VERSION}/tofu_${OPENTOFU_VERSION##v}_amd64.deb" && \
curl -s "$OPENTOFU_URL" -L -o ./opentofu_amd64.deb && \
apt install -f -y ./opentofu_amd64.deb && \
rm -rf ./opentofu_amd64.deb
#########
# Grype #
#########
# renovate: datasource=github-releases depName=anchore/grype
ENV GRYPE_VERSION=v0.103.0
LABEL net.auengun.grype.version=${GRYPE_VERSION}
RUN export GRYPE_URL="https://github.com/anchore/grype/releases/download/${GRYPE_VERSION}/grype_${GRYPE_VERSION##v}_linux_amd64.deb" && \
curl -s "$GRYPE_URL" -L -o ./grype_linux_amd64.deb && \
apt install -f -y ./grype_linux_amd64.deb && \
rm -rf ./grype_linux_amd64.deb
#########
# Syft #
#########
# renovate: datasource=github-releases depName=anchore/syft
ENV SYFT_VERSION=v1.37.0
LABEL net.auengun.syft.version=${SYFT_VERSION}
RUN export SYFT_URL="https://github.com/anchore/syft/releases/download/${SYFT_VERSION}/syft_${SYFT_VERSION##v}_linux_amd64.deb" && \
curl -s "$SYFT_URL" -L -o ./syft_linux_amd64.deb && \
apt install -f -y ./syft_linux_amd64.deb && \
rm -rf ./syft_linux_amd64.deb
#########
# REUSE #
#########
# renovate: datasource=pypi depName=reuse
ENV REUSE_VERSION=6.2.0
LABEL net.auengun.reuse.version=${REUSE_VERSION}
RUN python3 -m pip install reuse==${REUSE_VERSION}
##########################
# commit-and-tag-version #
##########################
# renovate: datasource=npm depName=commit-and-tag-version
ENV COMMIT_AND_TAG_VERSION_VERSION=12.6.0
LABEL net.auengun.commit-and-tag-version.version=${COMMIT_AND_TAG_VERSION_VERSION}
RUN npm i --global "commit-and-tag-version@${COMMIT_AND_TAG_VERSION_VERSION}"
##############################
# For QMK / Crossbuild Stuff #
##############################
RUN apt install -y apt-utils gcc-mingw-w64-x86-64 g++-mingw-w64-x86-64 libasound2-dev
###################
# Single-user Nix #
###################
RUN curl -L https://nixos.org/nix/install | sh -s -- --daemon
###########################
# SSH Timeout and CA Cert #
###########################
RUN cat <<EOF >> /etc/ssh/ssh_config.d/default-timeout
ServerAliveCountMax 3
ServerAliveInterval 15
EOF
RUN cat <<EOF >> /etc/ssh/ssh_known_hosts
@cert-authority * ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAwv6FShAz9+pvPsfFSI6XIiPxXx6UOzw67JfSZbSF92yQ6toqfPPXrpSn+FmbCw0iFgnG3+X3zhTbUHqG708Y0=
EOF
Reference in a new issue View git blame Copy permalink