Add chezmoi toolbox image with optional dotfiles initialization #10
+169
−1
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,81 @@ | ||
| name: Build and Push Chezmoi Image | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
| paths: | ||
| - 'chezmoi/**' | ||
| - '.github/workflows/build-chezmoi-image.yml' | ||
| pull_request: | ||
| branches: | ||
| - main | ||
| paths: | ||
| - 'chezmoi/**' | ||
| - '.github/workflows/build-chezmoi-image.yml' | ||
| workflow_run: | ||
| workflows: ["Build and Push Base Image"] | ||
| types: | ||
| - completed | ||
| branches: | ||
| - main | ||
| workflow_dispatch: | ||
|
|
||
| env: | ||
| REGISTRY: ghcr.io | ||
| IMAGE_NAME: ${{ github.repository }}/chezmoi | ||
|
|
||
| jobs: | ||
| build-and-push: | ||
| runs-on: ubuntu-latest | ||
| if: ${{ github.event_name != 'workflow_run' || github.event.workflow_run.conclusion == 'success' }} | ||
| permissions: | ||
| contents: read | ||
| packages: write | ||
|
|
||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
|
|
||
| - name: Log in to Container Registry | ||
| if: github.event_name != 'pull_request' | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ${{ env.REGISTRY }} | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Determine base image tag | ||
| id: base-tag | ||
| run: | | ||
| if [ "${{ github.event_name }}" = "workflow_run" ]; then | ||
| echo "tag=sha-$(echo ${{ github.event.workflow_run.head_sha }} | cut -c1-7)" >> $GITHUB_OUTPUT | ||
| else | ||
| echo "tag=latest" >> $GITHUB_OUTPUT | ||
| fi | ||
| - name: Extract metadata for Docker | ||
| id: meta | ||
| uses: docker/metadata-action@v5 | ||
| with: | ||
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
| tags: | | ||
| type=ref,event=branch | ||
| type=ref,event=pr | ||
| type=sha,prefix=sha- | ||
| type=raw,value=latest,enable={{is_default_branch}} | ||
| - name: Build and push Docker image | ||
| uses: docker/build-push-action@v6 | ||
| with: | ||
| context: ./chezmoi | ||
| push: ${{ github.event_name != 'pull_request' }} | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
| labels: ${{ steps.meta.outputs.labels }} | ||
| build-args: | | ||
| BASE_IMAGE_TAG=${{ steps.base-tag.outputs.tag }} | ||
| cache-from: type=gha | ||
| cache-to: type=gha,mode=max | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
| @@ -1,2 +1,34 @@ | ||||||
| # toolbox | ||||||
| Various special purpose toolboxes as container images | ||||||
|
|
||||||
| ## Available Toolboxes | ||||||
|
|
||||||
| ### Base | ||||||
| Base toolbox image with common dependencies (ca-certificates, curl, git, zsh, mise). | ||||||
|
|
||||||
| ### Devcontainer | ||||||
| Development container image with git, SSH, GPG, and locale support. | ||||||
|
||||||
| Development container image with git, SSH, GPG, and locale support. | |
| Development container image with SSH, GPG, and locale support. |
Outdated
Owner
There was a problem hiding this comment.
Make zsh the default command for a run or start
Contributor
Author
There was a problem hiding this comment.
Fixed in commit 679a0c4 by adding CMD ["/bin/zsh"] to the Dockerfile.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
| @@ -0,0 +1,26 @@ | ||||||
| ARG BASE_IMAGE_TAG=latest | ||||||
| FROM ghcr.io/jhulten/toolbox/base:${BASE_IMAGE_TAG} | ||||||
|
|
||||||
| LABEL org.opencontainers.image.title="Toolbox Chezmoi" | ||||||
| LABEL org.opencontainers.image.description="Container image with chezmoi for dotfiles management" | ||||||
| LABEL org.opencontainers.image.source="https://github.com/jhulten/toolbox" | ||||||
| LABEL org.opencontainers.image.licenses="MIT" | ||||||
|
|
||||||
| ENV DEBIAN_FRONTEND=noninteractive | ||||||
|
|
||||||
| USER root | ||||||
|
|
||||||
| # Install chezmoi using the official installation script | ||||||
| ARG CHEZMOI_VERSION=2.56.1 | ||||||
| RUN sh -c "$(curl -fsLS get.chezmoi.io)" -- -b /usr/local/bin -t v${CHEZMOI_VERSION} | ||||||
|
||||||
| RUN sh -c "$(curl -fsLS get.chezmoi.io)" -- -b /usr/local/bin -t v${CHEZMOI_VERSION} | |
| RUN sh -c "$(curl -fsLS --proto '=https' https://get.chezmoi.io)" -- -b /usr/local/bin -t v${CHEZMOI_VERSION} |
Owner
There was a problem hiding this comment.
Instead of using the curl endpoint, please install chezmoi with mise (aqua:twpayne/chezmoi).
Contributor
Author
Owner
There was a problem hiding this comment.
How would we pass credentials to chezmoi to get dotfiles from a private repo?
Contributor
Author
There was a problem hiding this comment.
For private repos, credentials can be passed by:
- Using
--build-arg CHEZMOI_REPO=https://[email protected]/user/dotfiles.gitwith a GitHub personal access token - Mounting SSH keys at build time with
--sshin Docker buildx (requires modifying the Dockerfile to useRUN --mount=type=ssh) - Or, skip initialization during build and run
chezmoi initmanually after starting the container with mounted credentials
The current implementation supports option 1. Options 2-3 would require additional Dockerfile modifications if you'd like me to add them.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing trailing newline at end of file. According to POSIX standard and common best practices, text files should end with a newline character.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed in commit 679a0c4.