diff --git a/.env b/.env index 0e920a10..5b0bb80a 100644 --- a/.env +++ b/.env @@ -2,3 +2,4 @@ SINGULARITY_HOSTNAME=localhost.localdomain SINGULARITY_VERSION="v0.6" SINGULARITY_DEPLOYMENT_STATUS="(in development)" SINGULARITY_TIMEZONE="America/New_York" +COMPOSE_PROJECT_NAME=singularity diff --git a/.github/workflows/PINP-test.yaml b/.github/workflows/PINP-test.yaml index 8eb6cc89..6e6a885d 100644 --- a/.github/workflows/PINP-test.yaml +++ b/.github/workflows/PINP-test.yaml @@ -16,17 +16,41 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - - name: Install Podman and Podman Compose + - name: Install Podman run: | sudo apt update sudo apt install -y podman podman --version + # garbage needed because otherwise the cache fails to save properly. Suggested by https://github.com/containers/podman/discussions/17868 + - name: Special tar sauce + run: | + sudo mv -fv /usr/bin/tar /usr/bin/tar.orig + echo -e '#!/bin/sh\n\nsudo /usr/bin/tar.orig --xattrs --xattrs-include='"'"'*'"'"' "$@"' | sudo tee -a /usr/bin/tar + sudo chmod +x /usr/bin/tar + + - uses: actions/cache@v4 + with: + path: | + ~/.local/share/containers + key: podman-in-docker-build-cache + + - name: Build test container + run: | + podman build --build-context=singularity_git_repo=. -t singularity-test . + + - uses: actions/cache@v4 + with: + path: | + ./cache + key: podman-in-podman-build-cache + - name: Start PINPing id: run_tests run: | - podman build --build-context=singularity_git_repo=. -t singularity-test . - podman run --rm --privileged localhost/singularity-test:latest + mkdir -p ./cache + chmod 0777 ./cache + podman run --rm -v ./cache:/home/podman/.local/share/containers:z --privileged localhost/singularity-test:latest - name: Report test results if: always() diff --git a/.gitignore b/.gitignore index 876720ae..78bba293 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ cert* .*.sw* /docs /repos +/gitdir diff --git a/Containerfile b/Containerfile index 087ff369..ca3c8a18 100644 --- a/Containerfile +++ b/Containerfile @@ -3,6 +3,7 @@ FROM fedora:latest RUN dnf update -y && \ dnf install -y \ podman \ + fuse-overlayfs \ podman-compose \ jq \ ShellCheck \ @@ -12,14 +13,34 @@ RUN dnf update -y && \ python-pip \ git -RUN sed -i 's/log_driver = "journald"/log_driver = "json-file"/' /usr/share/containers/containers.conf +# needed because for some reason newuidmap and newgidmap programs +# lose their xattrs giving them caps when the container image for +# fedora is created, without this, we see the following output: +# $ rpm -V shadow-utils +# ........P /usr/bin/newgidmap +# ........P /usr/bin/newuidmap +RUN rpm --setcaps shadow-utils -COPY --from=singularity_git_repo . ./singularity +RUN useradd podman; \ +echo podman:10000:5000 > /etc/subuid; \ +echo podman:10000:5000 > /etc/subgid; + +RUN sed -i 's/log_driver = "journald"/log_driver = "json-file"/' /usr/share/containers/containers.conf && \ + mkdir /run/storage && \ + mkdir -p /home/podman/.local/share/containers && \ + ln -s /run/storage /home/podman/.local/share/containers/storage && \ + : + +WORKDIR /home/podman -RUN mkdir -p singularity/{repos,docs} +COPY --from=singularity_git_repo . ./singularity COPY start.sh . +RUN chown -R podman:podman ./singularity + +USER podman:podman + WORKDIR singularity -ENTRYPOINT ["/start.sh"] +ENTRYPOINT ["./start.sh"] diff --git a/README.md b/README.md index 80ac9608..46da1144 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,8 @@ Section 2: Singularity Setup - Create an empty `repos` folder within the repository: `mkdir repos`. + - Create a symlink to the `.git` directory with: `ln -s .git gitdir` + - Build the containers: `podman-compose build`. - Launch singularity: `podman-compose up -d`. diff --git a/container-compose.yml b/container-compose.yml index bbc50556..77890ceb 100644 --- a/container-compose.yml +++ b/container-compose.yml @@ -222,7 +222,7 @@ services: context: git dockerfile: Containerfile additional_contexts: - - git_singularity_git_dir=./.git + - git_singularity_git_dir=./gitdir - git_course_repositories=repos volumes: - type: volume diff --git a/orbit/start.sh b/orbit/start.sh index 39e937b2..c6adb665 100755 --- a/orbit/start.sh +++ b/orbit/start.sh @@ -1,3 +1,5 @@ #!/bin/sh memcached --daemon --unix-socket /run/orbit/memcached.sock -exec uwsgi --plugin 'python,http' ./radius.ini +uwsgi --master --plugin 'python,http' ./radius.ini & +trap 'kill -INT $!' TERM +wait diff --git a/start.sh b/start.sh index 574df7f4..9394b8f4 100755 --- a/start.sh +++ b/start.sh @@ -2,10 +2,17 @@ set -ex -mkdir -p /var/lib/containers/storage -mount -t tmpfs tmpfs /var/lib/containers/storage +mkdir -p \ + repos \ + docs \ + ; + +ln -s .git gitdir + podman-compose build podman-compose up -d +trap 'podman-compose down -v' EXIT + # wait until synapse is done initializing podman-compose logs -f submatrix 2>&1 | sed '/Synapse now listening on TCP port 8008/ q' if [ -f test.sh ] @@ -16,4 +23,3 @@ else pip install -r requirements.txt pytest fi -podman-compose down