eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions

Simplify runner image and workflows (Dagger Phase 3)

Browse source 
Remove Node.js, Docker CLI, buildx, skopeo, gnupg, lsb-release, and
xz-utils from the job execution image — all build tools now live inside
Dagger containers. Add tzdata (for TZ env var support) and flyctl.

Remove "Ensure Dagger CLI" bootstrap steps from both workflows and the
"Install flyctl" step from build-blumeops. Set TZ=America/Los_Angeles
in the runner configmap so all job containers inherit it.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Erich Blume 2026-02-11 17:23:37 -08:00
commit 343d066701
6 changed files with 13 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

18
.forgejo/workflows/build-blumeops.yaml
View file

@ -37,8 +37,6 @@ on:
jobs:
build:
runs-on: k8s
env:
TZ: America/Los_Angeles
steps:
- name: Resolve version
id: version
@ -110,17 +108,6 @@ jobs:
with:
fetch-depth: 0
- name: Ensure Dagger CLI
run: |
# Bootstrap: install dagger if not already in the runner image.
# Remove once all runners include dagger (Phase 3).
if ! command -v dagger &>/dev/null; then
echo "Dagger not found, installing..."
curl -fsSL https://dl.dagger.io/dagger/install.sh | DAGGER_VERSION=0.19.11 sh
mv ./bin/dagger /usr/local/bin/dagger && rmdir ./bin
fi
dagger version
- name: Build docs
run: |
VERSION="${{ steps.version.outputs.version }}"
@ -306,11 +293,6 @@ jobs:
echo "Docs app synced successfully!"
- name: Install flyctl
run: |
curl -L https://fly.io/install.sh | sh
echo "/root/.fly/bin" >> "$GITHUB_PATH"
- name: Purge Fly.io proxy cache
env:
FLY_API_TOKEN: ${{ secrets.FLY_DEPLOY_TOKEN }}

12
.forgejo/workflows/build-container.yaml
View file

@ -68,18 +68,6 @@ jobs:
echo ""
echo "Skipping build."
- name: Ensure Dagger CLI
if: steps.check.outputs.exists == 'true'
run: |
# Bootstrap: install dagger if not already in the runner image.
# Remove once all runners include dagger (Phase 3).
if ! command -v dagger &>/dev/null; then
echo "Dagger not found, installing..."
curl -fsSL https://dl.dagger.io/dagger/install.sh | DAGGER_VERSION=0.19.11 sh
mv ./bin/dagger /usr/local/bin/dagger && rmdir ./bin
fi
dagger version
- name: Publish
if: steps.check.outputs.exists == 'true'
run: |

3
argocd/manifests/forgejo-runner/configmap.yaml
View file

@ -12,9 +12,10 @@ data:
file: /data/.runner
capacity: 2
timeout: 3h
# Set DOCKER_HOST in job containers so they can run docker commands
# Env vars injected into all job containers
envs:
DOCKER_HOST: tcp://127.0.0.1:2375
TZ: America/Los_Angeles
container:
# Use our custom job execution image with Node.js + Docker CLI

28
containers/forgejo-runner/Dockerfile
View file

@ -3,7 +3,8 @@
# This image is used as the job execution environment for Forgejo Actions.
# The host runner daemon creates containers from this image to run workflow steps.
#
# Includes: Node.js (for GitHub Actions), Docker CLI, git, and common CI tools.
# Build logic (container images, docs site) runs inside Dagger containers,
# so this image only needs: git, Dagger CLI, ArgoCD CLI, uv, and basic tools.
#
# Usage: Configure runner with label like:
# docker:docker://registry.ops.eblu.me/blumeops/forgejo-runner:latest
@ -18,24 +19,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
curl \
git \
jq \
gnupg \
lsb-release \
xz-utils \
&& rm -rf /var/lib/apt/lists/*
# Install Node.js 24.x LTS (required for actions/checkout@v4 and Quartz builds)
RUN curl -fsSL https://deb.nodesource.com/setup_24.x | bash - \
&& apt-get install -y --no-install-recommends nodejs \
&& rm -rf /var/lib/apt/lists/*
# Install Docker CLI (for container builds - daemon accessed via socket mount)
# and skopeo (for pushing images to zot registry - Docker 27 manifest compat issues)
RUN install -m 0755 -d /etc/apt/keyrings \
&& curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc \
&& chmod a+r /etc/apt/keyrings/docker.asc \
&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list \
&& apt-get update \
&& apt-get install -y --no-install-recommends docker-ce-cli docker-buildx-plugin skopeo \
tzdata \
&& rm -rf /var/lib/apt/lists/*
# Install uv (Python package runner for towncrier)
@ -44,7 +28,6 @@ RUN curl -LsSf https://astral.sh/uv/install.sh | sh \
&& mv /root/.local/bin/uvx /usr/local/bin/uvx
# Install argocd CLI (for syncing apps from workflows)
# Use dpkg --print-architecture as fallback since TARGETARCH may be empty in single-platform builds
RUN ARCH="${TARGETARCH:-$(dpkg --print-architecture)}" \
&& curl -fsSL -o /usr/local/bin/argocd \
"https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-${ARCH}" \
@ -60,5 +43,10 @@ RUN ARCH="${TARGETARCH:-$(dpkg --print-architecture)}" \
&& rm /tmp/dagger.tar.gz \
&& dagger version
# Install flyctl (for Fly.io cache purge after docs deploy)
RUN curl -L https://fly.io/install.sh | sh \
&& mv /root/.fly/bin/flyctl /usr/local/bin/fly \
&& rm -rf /root/.fly
# Default to bash
CMD ["/bin/bash"]

1
docs/changelog.d/dagger-phase3-runner.feature.md Normal file
View file

@ -0,0 +1 @@
Simplify Forgejo runner image (Dagger Phase 3): remove Node.js, Docker CLI, buildx, skopeo, gnupg, lsb-release, and xz-utils. Add tzdata and flyctl. All build tools now live inside Dagger containers.

3
docs/how-to/plans/adopt-dagger-ci.md
View file

@ -10,7 +10,7 @@ tags:
# Plan: Adopt Dagger as CI/CD Build Engine
> **Status:** Phase 2 implemented
> **Status:** Phase 3 implemented
## Background
@ -509,6 +509,7 @@ BuildKit caches aggressively, making repeated builds fast. Since the Forgejo run
- [ ] Simplified runner image builds and runs
- [ ] Dagger engine starts inside the runner's DinD environment
- [ ] All existing workflows pass with the simplified runner
- [ ] TZ=America/Los_Angeles works in job containers (tzdata installed)
## How-To Articles to Write