blumeops/containers/runner-job-image/Dockerfile

# Forgejo Actions Job Execution Image
#
# This image is used as the job execution environment for Forgejo Actions.
# The host runner daemon creates containers from this image to run workflow steps.
#
# Build logic (container images, docs site) runs inside Dagger containers,
# so this image only needs: git, Docker CLI, Dagger CLI, ArgoCD CLI, uv, yq, and basic tools.
#
# Usage: Configure runner with label like:
#   docker:docker://registry.ops.eblu.me/blumeops/runner-job-image:latest

ARG CONTAINER_APP_VERSION=0.20.1

FROM debian:bookworm-slim

ARG TARGETARCH
ARG CONTAINER_APP_VERSION
ARG DAGGER_VERSION=${CONTAINER_APP_VERSION}

LABEL org.opencontainers.image.title="Runner Job Image"
LABEL org.opencontainers.image.description="Forgejo Actions job execution environment"
LABEL org.opencontainers.image.version="${CONTAINER_APP_VERSION}"
LABEL org.opencontainers.image.source="https://forge.eblu.me/eblume/blumeops"
LABEL org.opencontainers.image.vendor="blumeops"

# Install base dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates \
    curl \
    git \
    gnupg \
    jq \
    tzdata \
    && rm -rf /var/lib/apt/lists/*

# Install Node.js (required by actions/checkout and other JavaScript Actions)
RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
    && apt-get install -y --no-install-recommends nodejs \
    && rm -rf /var/lib/apt/lists/* \
    && node --version

# Install Docker CLI (Dagger shells out to `docker` to provision its engine)
RUN install -m 0755 -d /etc/apt/keyrings \
    && curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc \
    && chmod a+r /etc/apt/keyrings/docker.asc \
    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian bookworm stable" > /etc/apt/sources.list.d/docker.list \
    && apt-get update \
    && apt-get install -y --no-install-recommends docker-ce-cli \
    && rm -rf /var/lib/apt/lists/*

# Install uv (Python package runner for towncrier)
RUN curl -LsSf https://astral.sh/uv/install.sh | sh \
    && mv /root/.local/bin/uv /usr/local/bin/uv \
    && mv /root/.local/bin/uvx /usr/local/bin/uvx

# Install argocd CLI (for syncing apps from workflows)
RUN ARCH="${TARGETARCH:-$(dpkg --print-architecture)}" \
    && curl -fsSL -o /usr/local/bin/argocd \
    "https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-${ARCH}" \
    && chmod +x /usr/local/bin/argocd \
    && argocd version --client

# Install Dagger CLI (for running Dagger CI pipelines)
RUN ARCH="${TARGETARCH:-$(dpkg --print-architecture)}" \
    && curl -fsSL -o /tmp/dagger.tar.gz \
    "https://dl.dagger.io/dagger/releases/${DAGGER_VERSION}/dagger_v${DAGGER_VERSION}_linux_${ARCH}.tar.gz" \
    && tar -xzf /tmp/dagger.tar.gz -C /usr/local/bin dagger \
    && rm /tmp/dagger.tar.gz \
    && dagger version

# Install yq (for editing YAML files in workflows)
RUN ARCH="${TARGETARCH:-$(dpkg --print-architecture)}" \
    && curl -fsSL -o /usr/local/bin/yq \
    "https://github.com/mikefarah/yq/releases/latest/download/yq_linux_${ARCH}" \
    && chmod +x /usr/local/bin/yq \
    && yq --version

# Install flyctl (for Fly.io cache purge after docs deploy)
RUN curl -L https://fly.io/install.sh | sh \
    && mv /root/.fly/bin/flyctl /usr/local/bin/fly \
    && rm -rf /root/.fly

# Default to bash
CMD ["/bin/bash"]