From 8c950af4a4330f6dd4718d4e7ca5b60ff077dc39 Mon Sep 17 00:00:00 2001 From: Steve Degosserie <723552+stiiifff@users.noreply.github.com> Date: Fri, 10 Oct 2025 22:57:34 +0200 Subject: [PATCH] =?UTF-8?q?fix:=20=F0=9F=94=A7=20Add=20Podman=20support=20?= =?UTF-8?q?to=20srtool=20runtime=20build=20script=20(#222)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Summary - Adds support for both Docker and Podman container engines in `build-runtime-srtool.sh` via `IS_PODMAN` environment variable - Uses `--userns=keep-id` for Podman (proper user namespace handling) and `--user $(id -u):$(id -g)` for Docker - Sets `IS_PODMAN=true` in `task-publish-runtime.yml` workflow to enable Podman by default ## Changes **`operator/scripts/build-runtime-srtool.sh`:** - Added conditional logic to detect `IS_PODMAN` env var - Dynamically selects between `podman` and `docker` as container engine - Sets appropriate user/namespace flags based on container engine **`.github/workflows/task-publish-runtime.yml`:** - Added `IS_PODMAN: true` environment variable to the srtool build step - Updated comment to use generic "container user" instead of "docker user" Co-authored-by: Claude --- .github/workflows/task-publish-runtime.yml | 3 ++- operator/scripts/build-runtime-srtool.sh | 15 ++++++++++++--- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/.github/workflows/task-publish-runtime.yml b/.github/workflows/task-publish-runtime.yml index e65ddc3c..7a8cc76c 100644 --- a/.github/workflows/task-publish-runtime.yml +++ b/.github/workflows/task-publish-runtime.yml @@ -81,8 +81,9 @@ jobs: GH_WORKFLOW_MATRIX_SRTOOL_IMAGE_TAG: ${{ matrix.srtool_image_tag }} RUNTIME_BUILD_OPTS: "--features=on-chain-release-build" RUNTIME_BUILD_PROFILE: "production" + IS_PODMAN: true run: | - # Ensure we have permissions to write to the runtime folder target for the docker user + # Ensure we have permissions to write to the runtime folder target for the container user mkdir -p operator/runtime/${GH_WORKFLOW_MATRIX_CHAIN}/target chmod uog+rwX operator/runtime/${GH_WORKFLOW_MATRIX_CHAIN}/target diff --git a/operator/scripts/build-runtime-srtool.sh b/operator/scripts/build-runtime-srtool.sh index 8f2d9331..437647ca 100755 --- a/operator/scripts/build-runtime-srtool.sh +++ b/operator/scripts/build-runtime-srtool.sh @@ -6,11 +6,20 @@ # self-hosted runner uses user `maintenance` to match srtool `builder` user 1001 # $(~/srtool/uid-gid-mapping.sh 1001 | xargs) is used to map the user and group -# Docker command to generate JSON blob of the runtime -CMD="docker run \ +# Determine whether to use Podman or Docker +if [ "${IS_PODMAN}" = "true" ]; then + CONTAINER_ENGINE="podman" + USER_FLAG="--userns=keep-id" +else + CONTAINER_ENGINE="docker" + USER_FLAG="--user $(id -u):$(id -g)" +fi + +# Container command to generate JSON blob of the runtime +CMD="${CONTAINER_ENGINE} run \ -i \ --rm \ - --user $(id -u):$(id -g) \ + ${USER_FLAG} \ -e CARGO_NET_GIT_FETCH_WITH_CLI=true \ -e PACKAGE=datahaven-${GH_WORKFLOW_MATRIX_CHAIN}-runtime \ -e RUNTIME_DIR=operator/runtime/${GH_WORKFLOW_MATRIX_CHAIN} \