diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 862ff6d..b4360b7 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -112,3 +112,41 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + + build-gentoo: + name: Gentoo Docker Image + runs-on: ubuntu-latest + + permissions: + contents: read + packages: read + + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + # super-linter needs the full git history to get the + # list of files that changed across commits + fetch-depth: 0 + + - name: Log in to Docker Hub + uses: docker/login-action@v3.1.0 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_ACCESS_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5.5.1 + with: + images: dotfiles + tags: gentoo + + - name: Build and push Docker image + uses: docker/build-push-action@v5.3.0 + with: + context: . + file: ./Dockerfile.gentoo + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/Dockerfile.gentoo b/Dockerfile.gentoo new file mode 100644 index 0000000..f890a98 --- /dev/null +++ b/Dockerfile.gentoo @@ -0,0 +1,34 @@ +FROM gentoo/stage3:amd64-openrc + +# This is a very up-to-date image, so we aren't going to lock package versions. +# hadolint ignore=DL3041 +RUN emerge --verbose --noreplace \ + net-misc/curl \ + dev-vcs/git \ + app-admin/sudo \ + sys-apps/coreutils && \ + emerge --verbose --depclean + +RUN useradd -m max && \ + echo "max ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers +USER max +ENV USER=max + +# NOTE: This is dangerous because it will include decrypted secrets in the image! +#RUN mkdir -p /home/max/src/miscellaneous +#COPY --chown=max . /home/max/src/miscellaneous/ + +RUN mkdir -p /home/max/src && \ + git clone https://github.com/Maxattax97/miscellaneous.git /home/max/src/miscellaneous + +# Overwrite the install script with the latest one in the repository. +COPY --chown=max install.sh /home/max/src/miscellaneous/install.sh + +WORKDIR /home/max/src/miscellaneous +RUN /bin/sh -o pipefail -c "yes | \ + AUTOMATED=1 /home/max/src/miscellaneous/install.sh && \ + emerge --verbose --depclean" + +WORKDIR /home/max +ENTRYPOINT ["/bin/zsh"] +HEALTHCHECK NONE