Skip to content

Commit

Permalink
build-LXD.sh: Use sudo for invoking incus/lxc commands if necessary
Browse files Browse the repository at this point in the history 
Signed-off-by: Tobias K <[email protected]>
  • Loading branch information
@theCalcaholic
theCalcaholic committed May 5, 2024
1 parent 53af5f5 commit 401f9a2
Show file tree
Hide file tree
Showing 2 changed files with 38 additions and 22 deletions.
24 changes: 17 additions & 7 deletions .github/workflows/build-lxd.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ jobs:
RUNNER_LABEL="ubuntu-20.04-arm64"
else
LXC_CMD="incus"
RUNNER_LABEL="ubuntu-20.04"
RUNNER_LABEL="ubuntu-latest"
fi
echo "runner_label=$RUNNER_LABEL" | tee -a $GITHUB_OUTPUT
Expand Down Expand Up @@ -73,16 +73,26 @@ jobs:
continue-on-error: true
with:
lxd_version: latest/stable
- name: Fix LXD
run: |
sudo iptables -I DOCKER-USER -i lxdbr0 -j ACCEPT
sudo iptables -I DOCKER-USER -o lxdbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
sudo iptables -I DOCKER-USER -i incusbr0 -j ACCEPT
sudo iptables -I DOCKER-USER -o incusbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# - name: Setup incus
# run: |
# curl https://pkgs.zabbly.com/get/incus-stable | sudo sh -x
# sudo nft flush ruleset
# sudo incus admin init --auto
# - name: Fix LXD
# run: |
# sudo iptables -I DOCKER-USER -i lxdbr0 -j ACCEPT
# sudo iptables -I DOCKER-USER -o lxdbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# sudo iptables -I DOCKER-USER -i incusbr0 -j ACCEPT
# sudo iptables -I DOCKER-USER -o incusbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- name: Build LXD image
env:
USE_INCUS: "${{ needs.determine-runner.outputs.lxc_cmd == 'incus' && 'yes' || 'no' }}"
run: |
echo 'subuid:'
sudo cat /etc/subuid
echo 'subgid:'
sudo cat /etc/subgid
echo '-'
BRANCH="$VERSION" ./build/build-LXD.sh
- name: Pack LXD image
id: pack-lxd
Expand Down
36 changes: 21 additions & 15 deletions build/build-LXD.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,11 +33,13 @@ prepare_dirs # tmp cache output

debian_version="$(. etc/library.sh > /dev/null 2>&1; echo "${RELEASE%%-security}")"

LXC_CMD=lxc
[[ "$USE_INCUS" == "yes" ]] && LXC_CMD=incus
LXC_CMD=(lxc)
[[ "$USE_INCUS" == "yes" ]] && LXC_CMD=(incus)

$LXC_CMD delete -f ncp 2>/dev/null || true
LXC_CREATE=($LXC_CMD init -p default)
"${LXC_CMD[@]}" info || LXC_CMD=(sudo "${LXC_CMD[0]}")

"${LXC_CMD[@]}" delete -f ncp 2>/dev/null || true
LXC_CREATE=("${LXC_CMD[@]}" init -p default)
[[ -n "$LXD_EXTRA_PROFILE" ]] && LXC_CREATE+=(-p "$LXD_EXTRA_PROFILE")
if [[ -n "$LXD_ARCH" ]] && [[ "$LXD_ARCH" != "x86" ]]
then
Expand All @@ -64,19 +66,23 @@ LXC_CREATE+=(ncp)
set -x
EXEC_ARGS=()
[[ -z "$BRANCH" ]] || EXEC_ARGS+=(--env "BRANCH=${BRANCH}")
systemd-run --user --scope -p "Delegate=yes" $LXC_CMD start ncp -q || \
sudo systemd-run --scope -p "Delegate=yes" $LXC_CMD start ncp -q
$LXC_CMD config device add ncp buildcode disk source="$(pwd)" path=/build
$LXC_CMD exec ncp "${EXEC_ARGS[@]}" -- bash -c 'while [ "$(systemctl is-system-running 2>/dev/null)" != "running" ] && [ "$(systemctl is-system-running 2>/dev/null)" != "degraded" ]; do :; done'
$LXC_CMD exec ncp "${EXEC_ARGS[@]}" -- bash -c 'CODE_DIR=/build DBG=x bash /build/install.sh'
$LXC_CMD exec ncp "${EXEC_ARGS[@]}" -- bash -c 'source /build/etc/library.sh; run_app_unsafe /build/post-inst.sh'
$LXC_CMD exec ncp "${EXEC_ARGS[@]}" -- bash -c "echo '$(basename "$IMG")' > /usr/local/etc/ncp-baseimage"
$LXC_CMD stop ncp
$LXC_CMD config device remove ncp buildcode
$LXC_CMD publish -q ncp -f --alias ncp/"${version}"
systemd-run --user --scope -p "Delegate=yes" "${LXC_CMD[@]}" start ncp -q || \
sudo systemd-run --scope -p "Delegate=yes" "${LXC_CMD[@]}" start ncp -q || {
rc=$?
"${LXC_CMD[@]}" info --show-log ncp
exit $rc
}
"${LXC_CMD[@]}" config device add ncp buildcode disk source="$(pwd)" path=/build
"${LXC_CMD[@]}" exec ncp "${EXEC_ARGS[@]}" -- bash -c 'while [ "$(systemctl is-system-running 2>/dev/null)" != "running" ] && [ "$(systemctl is-system-running 2>/dev/null)" != "degraded" ]; do :; done'
"${LXC_CMD[@]}" exec ncp "${EXEC_ARGS[@]}" -- bash -c 'CODE_DIR=/build DBG=x bash /build/install.sh'
"${LXC_CMD[@]}" exec ncp "${EXEC_ARGS[@]}" -- bash -c 'source /build/etc/library.sh; run_app_unsafe /build/post-inst.sh'
"${LXC_CMD[@]}" exec ncp "${EXEC_ARGS[@]}" -- bash -c "echo '$(basename "$IMG")' > /usr/local/etc/ncp-baseimage"
"${LXC_CMD[@]}" stop ncp
"${LXC_CMD[@]}" config device remove ncp buildcode
"${LXC_CMD[@]}" publish -q ncp -f --alias ncp/"${version}"

## pack
[[ " $* " =~ .*" --pack ".* ]] && $LXC_CMD image export -q ncp/"${version}" "$TAR"
[[ " $* " =~ .*" --pack ".* ]] && "${LXC_CMD[@]}" image export -q ncp/"${version}" "$TAR"

exit 0

Expand Down

0 comments on commit 401f9a2

Please sign in to comment.