From 343d066701109dfd2c35b2210e259bdb08842b91 Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Wed, 11 Feb 2026 17:23:37 -0800 Subject: [PATCH] Simplify runner image and workflows (Dagger Phase 3) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Remove Node.js, Docker CLI, buildx, skopeo, gnupg, lsb-release, and xz-utils from the job execution image — all build tools now live inside Dagger containers. Add tzdata (for TZ env var support) and flyctl. Remove "Ensure Dagger CLI" bootstrap steps from both workflows and the "Install flyctl" step from build-blumeops. Set TZ=America/Los_Angeles in the runner configmap so all job containers inherit it. Co-Authored-By: Claude Opus 4.6 --- .forgejo/workflows/build-blumeops.yaml | 18 ------------ .forgejo/workflows/build-container.yaml | 12 -------- .../manifests/forgejo-runner/configmap.yaml | 3 +- containers/forgejo-runner/Dockerfile | 28 ++++++------------- .../dagger-phase3-runner.feature.md | 1 + docs/how-to/plans/adopt-dagger-ci.md | 3 +- 6 files changed, 13 insertions(+), 52 deletions(-) create mode 100644 docs/changelog.d/dagger-phase3-runner.feature.md diff --git a/.forgejo/workflows/build-blumeops.yaml b/.forgejo/workflows/build-blumeops.yaml index 7bfa577..754f52a 100644 --- a/.forgejo/workflows/build-blumeops.yaml +++ b/.forgejo/workflows/build-blumeops.yaml @@ -37,8 +37,6 @@ on: jobs: build: runs-on: k8s - env: - TZ: America/Los_Angeles steps: - name: Resolve version id: version @@ -110,17 +108,6 @@ jobs: with: fetch-depth: 0 - - name: Ensure Dagger CLI - run: | - # Bootstrap: install dagger if not already in the runner image. - # Remove once all runners include dagger (Phase 3). - if ! command -v dagger &>/dev/null; then - echo "Dagger not found, installing..." - curl -fsSL https://dl.dagger.io/dagger/install.sh | DAGGER_VERSION=0.19.11 sh - mv ./bin/dagger /usr/local/bin/dagger && rmdir ./bin - fi - dagger version - - name: Build docs run: | VERSION="${{ steps.version.outputs.version }}" @@ -306,11 +293,6 @@ jobs: echo "Docs app synced successfully!" - - name: Install flyctl - run: | - curl -L https://fly.io/install.sh | sh - echo "/root/.fly/bin" >> "$GITHUB_PATH" - - name: Purge Fly.io proxy cache env: FLY_API_TOKEN: ${{ secrets.FLY_DEPLOY_TOKEN }} diff --git a/.forgejo/workflows/build-container.yaml b/.forgejo/workflows/build-container.yaml index 8973c9f..98231cf 100644 --- a/.forgejo/workflows/build-container.yaml +++ b/.forgejo/workflows/build-container.yaml @@ -68,18 +68,6 @@ jobs: echo "" echo "Skipping build." - - name: Ensure Dagger CLI - if: steps.check.outputs.exists == 'true' - run: | - # Bootstrap: install dagger if not already in the runner image. - # Remove once all runners include dagger (Phase 3). - if ! command -v dagger &>/dev/null; then - echo "Dagger not found, installing..." - curl -fsSL https://dl.dagger.io/dagger/install.sh | DAGGER_VERSION=0.19.11 sh - mv ./bin/dagger /usr/local/bin/dagger && rmdir ./bin - fi - dagger version - - name: Publish if: steps.check.outputs.exists == 'true' run: | diff --git a/argocd/manifests/forgejo-runner/configmap.yaml b/argocd/manifests/forgejo-runner/configmap.yaml index dd3c3ef..9ca43bf 100644 --- a/argocd/manifests/forgejo-runner/configmap.yaml +++ b/argocd/manifests/forgejo-runner/configmap.yaml @@ -12,9 +12,10 @@ data: file: /data/.runner capacity: 2 timeout: 3h - # Set DOCKER_HOST in job containers so they can run docker commands + # Env vars injected into all job containers envs: DOCKER_HOST: tcp://127.0.0.1:2375 + TZ: America/Los_Angeles container: # Use our custom job execution image with Node.js + Docker CLI diff --git a/containers/forgejo-runner/Dockerfile b/containers/forgejo-runner/Dockerfile index 2694dec..be569ed 100644 --- a/containers/forgejo-runner/Dockerfile +++ b/containers/forgejo-runner/Dockerfile @@ -3,7 +3,8 @@ # This image is used as the job execution environment for Forgejo Actions. # The host runner daemon creates containers from this image to run workflow steps. # -# Includes: Node.js (for GitHub Actions), Docker CLI, git, and common CI tools. +# Build logic (container images, docs site) runs inside Dagger containers, +# so this image only needs: git, Dagger CLI, ArgoCD CLI, uv, and basic tools. # # Usage: Configure runner with label like: # docker:docker://registry.ops.eblu.me/blumeops/forgejo-runner:latest @@ -18,24 +19,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ curl \ git \ jq \ - gnupg \ - lsb-release \ - xz-utils \ - && rm -rf /var/lib/apt/lists/* - -# Install Node.js 24.x LTS (required for actions/checkout@v4 and Quartz builds) -RUN curl -fsSL https://deb.nodesource.com/setup_24.x | bash - \ - && apt-get install -y --no-install-recommends nodejs \ - && rm -rf /var/lib/apt/lists/* - -# Install Docker CLI (for container builds - daemon accessed via socket mount) -# and skopeo (for pushing images to zot registry - Docker 27 manifest compat issues) -RUN install -m 0755 -d /etc/apt/keyrings \ - && curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc \ - && chmod a+r /etc/apt/keyrings/docker.asc \ - && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list \ - && apt-get update \ - && apt-get install -y --no-install-recommends docker-ce-cli docker-buildx-plugin skopeo \ + tzdata \ && rm -rf /var/lib/apt/lists/* # Install uv (Python package runner for towncrier) @@ -44,7 +28,6 @@ RUN curl -LsSf https://astral.sh/uv/install.sh | sh \ && mv /root/.local/bin/uvx /usr/local/bin/uvx # Install argocd CLI (for syncing apps from workflows) -# Use dpkg --print-architecture as fallback since TARGETARCH may be empty in single-platform builds RUN ARCH="${TARGETARCH:-$(dpkg --print-architecture)}" \ && curl -fsSL -o /usr/local/bin/argocd \ "https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-${ARCH}" \ @@ -60,5 +43,10 @@ RUN ARCH="${TARGETARCH:-$(dpkg --print-architecture)}" \ && rm /tmp/dagger.tar.gz \ && dagger version +# Install flyctl (for Fly.io cache purge after docs deploy) +RUN curl -L https://fly.io/install.sh | sh \ + && mv /root/.fly/bin/flyctl /usr/local/bin/fly \ + && rm -rf /root/.fly + # Default to bash CMD ["/bin/bash"] diff --git a/docs/changelog.d/dagger-phase3-runner.feature.md b/docs/changelog.d/dagger-phase3-runner.feature.md new file mode 100644 index 0000000..d145b7b --- /dev/null +++ b/docs/changelog.d/dagger-phase3-runner.feature.md @@ -0,0 +1 @@ +Simplify Forgejo runner image (Dagger Phase 3): remove Node.js, Docker CLI, buildx, skopeo, gnupg, lsb-release, and xz-utils. Add tzdata and flyctl. All build tools now live inside Dagger containers. diff --git a/docs/how-to/plans/adopt-dagger-ci.md b/docs/how-to/plans/adopt-dagger-ci.md index 2b3b617..ef4db55 100644 --- a/docs/how-to/plans/adopt-dagger-ci.md +++ b/docs/how-to/plans/adopt-dagger-ci.md @@ -10,7 +10,7 @@ tags: # Plan: Adopt Dagger as CI/CD Build Engine -> **Status:** Phase 2 implemented +> **Status:** Phase 3 implemented ## Background @@ -509,6 +509,7 @@ BuildKit caches aggressively, making repeated builds fast. Since the Forgejo run - [ ] Simplified runner image builds and runs - [ ] Dagger engine starts inside the runner's DinD environment - [ ] All existing workflows pass with the simplified runner +- [ ] TZ=America/Los_Angeles works in job containers (tzdata installed) ## How-To Articles to Write