From 0163f7ca667675dd58fb3134b9aa5ac5e4088816 Mon Sep 17 00:00:00 2001 From: Jonathan Chancey Date: Sun, 10 Mar 2024 16:02:43 -0700 Subject: [PATCH 1/5] add action and helper scritp --- .github/scripts/prepare | 7 +++++++ .github/workflows/docker-build.yml | 23 +++++++++++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 .github/scripts/prepare create mode 100644 .github/workflows/docker-build.yml diff --git a/.github/scripts/prepare b/.github/scripts/prepare new file mode 100644 index 0000000..d2de6bc --- /dev/null +++ b/.github/scripts/prepare @@ -0,0 +1,7 @@ +#!/bin/sh +# perform minimal preparation and run ansible +echo placeholder > $VAULT_SECRET +chmod 600 $VAULT_SECRET +export DOTFILES_USER=$USER +echo "$USER ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/$DOTFILES_USER > /dev/null +ansible-playbook main.yml diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml new file mode 100644 index 0000000..ec57308 --- /dev/null +++ b/.github/workflows/docker-build.yml @@ -0,0 +1,23 @@ +name: Docker Build Test + +on: + push: + branches: + - main + pull_request: + branches: + - main + +jobs: + build-and-run: + runs-on: ubuntu-latest + + steps: + - name: Check out code + uses: actions/checkout@v2 + + - name: Build Docker image + run: docker build -t dotfiles . + + - name: Run Docker container + run: docker run --rm dotfiles .github/scripts/prepare From f7a4cbf0ecf13fb526a97f31179e171ed6f5c02a Mon Sep 17 00:00:00 2001 From: Jonathan Chancey Date: Sun, 10 Mar 2024 16:07:54 -0700 Subject: [PATCH 2/5] update whitespace --- .github/workflows/docker-build.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index ec57308..482985b 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -11,13 +11,10 @@ on: jobs: build-and-run: runs-on: ubuntu-latest - steps: - name: Check out code uses: actions/checkout@v2 - - name: Build Docker image run: docker build -t dotfiles . - - name: Run Docker container run: docker run --rm dotfiles .github/scripts/prepare From 4e4a1ea0b32ccb338eaceea5af725ad99c8c72e2 Mon Sep 17 00:00:00 2001 From: Jonathan Chancey Date: Sun, 10 Mar 2024 16:11:54 -0700 Subject: [PATCH 3/5] update prepare script --- .github/scripts/prepare | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/scripts/prepare b/.github/scripts/prepare index d2de6bc..61b76d3 100644 --- a/.github/scripts/prepare +++ b/.github/scripts/prepare @@ -1,7 +1,5 @@ #!/bin/sh # perform minimal preparation and run ansible -echo placeholder > $VAULT_SECRET -chmod 600 $VAULT_SECRET export DOTFILES_USER=$USER echo "$USER ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/$DOTFILES_USER > /dev/null -ansible-playbook main.yml +ansible-playbook $(git rev-parse --show-toplevel)/main.yml From 9c89b25bc36947bb640a4d42e2a93347e31160d8 Mon Sep 17 00:00:00 2001 From: Jonathan Chancey Date: Sun, 10 Mar 2024 16:13:59 -0700 Subject: [PATCH 4/5] update dockerfile --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index fa71a39..3d82a4f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -41,5 +41,6 @@ RUN echo /.dockerenv RUN git config --global --add safe.directory '*' # RUN git checkout eerie-fog RUN chmod +x dotfiles.sh +RUN chmod +x .github/scripts/prepare CMD $HOME/git/dotfiles/dotfiles.sh From 613ab04fa5055dd46b58815d5708b6c4c8ff9a05 Mon Sep 17 00:00:00 2001 From: Jonathan Chancey Date: Sun, 10 Mar 2024 16:23:01 -0700 Subject: [PATCH 5/5] give ansible-user sudo --- Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Dockerfile b/Dockerfile index 3d82a4f..32543bb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,6 +36,10 @@ COPY . $HOME/git/dotfiles WORKDIR $HOME/git/dotfiles USER root RUN chown -R ansible-user:ansible-user $HOME + +# add ansible user to sudoers file for pipelines +RUN echo "ansible-user ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/ansible-user > /dev/null + USER ansible-user RUN echo /.dockerenv RUN git config --global --add safe.directory '*'