forgejo/lxc-helpers
13
2
Fork 2
Code Issues 8 Pull requests 3 Actions Activity

Running snapd inside a nested LXC container #24

New issue
Open
opened 2024-04-30 15:30:49 +00:00 by earl-warren · 0 comments
earl-warren commented 2024-04-30 15:30:49 +00:00
Owner
Copy link

That does not work:

on:
  pull_request:
  schedule:
    - cron: '@daily'

jobs:
  test:
    runs-on: lxc-bookworm
    steps:
      - name: Setup
        run: |
          export DEBIAN_FRONTEND=noninteractive ; apt-get -qq update ; apt-get install -y -qq snapd libsquashfuse0 squashfuse fuse >& /dev/null
          systemctl start snapd
          systemctl --no-pager status snapd                    
      - name: Confirm snap environment
        run: |
          snap version
          sleep 5
          # This is a workaround for bug https://pad.lv/1712808
          snap install snapd || true
          snap install snapd 
          snap install core22
          # Now we need to work around snapd not liking $HOME being anything but /home
          # we are somewhwere under /srv, so snapd will be most unhappy
          # lp bug https://pad.lv/1620771
          # also https://forum.snapcraft.io/t/how-can-i-use-snap-when-i-dont-use-home-user/3352/2
          echo "@{HOMEDIRS}+="$HOME > /etc/apparmor.d/tunables/home.d/my-homes
          rm -f /var/cache/apparmor/snap.*
          apparmor_parser -r /var/lib/snapd/apparmor/profiles/*
          echo "mount options=(rw rbind) "$HOME" -> /tmp/snap.rootfs_*/home/," > /var/lib/snapd/apparmor/snap-confine/my-homes
          cat /var/lib/snapd/apparmor/snap-confine/my-homes
          apparmor_parser -r /etc/apparmor.d/*snap-confine*                    
      - name: Setup build environment
        if: ${{ secrets.LP_BUILD_SECRET != '' && secrets.SNAPCRAFT_STORE_CREDENTIALS != ''  }}
        run: |
          # LP_BUILD_SECRET holds the launchpad credentials needed to trigger remote builds in the build farm
          mkdir -p ~/.local/share/snapcraft
          echo -e "${{ secrets.LP_BUILD_SECRET }}" > ~/.local/share/snapcraft/launchpad-credentials
          # SNAPCRAFT_STORE_CREDENTIALS needs to be set, in order to upload to the snap store
          export SNAPCRAFT_STORE_CREDENTIALS="${{ secrets.SNAPCRAFT_STORE_CREDENTIALS }}"                        
      - name: Install snapcraft
        run: |
          # Install the snapcraft snap, which is classic, from the stable channel
          snap install snapcraft --classic --channel=stable                    
      - name: Install review-tools
        run: |
          # Install the snap review tools so we can check the snaps are sane, prior to uploading
          snap install review-tools --channel=stable                    
      - name: Build in launchpad
        run: |
          # Upload the source to launchpad build service to build for all supported architectures
          # This can take a long time if there's a queue of packages 
          snapcraft remote-build --launchpad-accept-public-upload                    
      - name: Review builds
        run: |
          # Only upload if it passes local review
          for s in *.snap; do
            if ! snap-review $s; then
              # If we fail review, delete the snap, as others may pass and can be uploaded
              rm $s
            fi
          done                    
      - name: Upload builds
        run: |
          for s in *.snap; do
            # Upload to the snap store, and release to the candidate channel
            snapcraft push $s --release=candidate
          done                    
      - name: Confirm uploads
        run: |
          # Display the channel map from the store, showing all releases across all channels
          snapcraft status forgejo
That does not work: ```yaml on: pull_request: schedule: - cron: '@daily' jobs: test: runs-on: lxc-bookworm steps: - name: Setup run: | export DEBIAN_FRONTEND=noninteractive ; apt-get -qq update ; apt-get install -y -qq snapd libsquashfuse0 squashfuse fuse >& /dev/null systemctl start snapd systemctl --no-pager status snapd - name: Confirm snap environment run: | snap version sleep 5 # This is a workaround for bug https://pad.lv/1712808 snap install snapd || true snap install snapd snap install core22 # Now we need to work around snapd not liking $HOME being anything but /home # we are somewhwere under /srv, so snapd will be most unhappy # lp bug https://pad.lv/1620771 # also https://forum.snapcraft.io/t/how-can-i-use-snap-when-i-dont-use-home-user/3352/2 echo "@{HOMEDIRS}+="$HOME > /etc/apparmor.d/tunables/home.d/my-homes rm -f /var/cache/apparmor/snap.* apparmor_parser -r /var/lib/snapd/apparmor/profiles/* echo "mount options=(rw rbind) "$HOME" -> /tmp/snap.rootfs_*/home/," > /var/lib/snapd/apparmor/snap-confine/my-homes cat /var/lib/snapd/apparmor/snap-confine/my-homes apparmor_parser -r /etc/apparmor.d/*snap-confine* - name: Setup build environment if: ${{ secrets.LP_BUILD_SECRET != '' && secrets.SNAPCRAFT_STORE_CREDENTIALS != '' }} run: | # LP_BUILD_SECRET holds the launchpad credentials needed to trigger remote builds in the build farm mkdir -p ~/.local/share/snapcraft echo -e "${{ secrets.LP_BUILD_SECRET }}" > ~/.local/share/snapcraft/launchpad-credentials # SNAPCRAFT_STORE_CREDENTIALS needs to be set, in order to upload to the snap store export SNAPCRAFT_STORE_CREDENTIALS="${{ secrets.SNAPCRAFT_STORE_CREDENTIALS }}" - name: Install snapcraft run: | # Install the snapcraft snap, which is classic, from the stable channel snap install snapcraft --classic --channel=stable - name: Install review-tools run: | # Install the snap review tools so we can check the snaps are sane, prior to uploading snap install review-tools --channel=stable - name: Build in launchpad run: | # Upload the source to launchpad build service to build for all supported architectures # This can take a long time if there's a queue of packages snapcraft remote-build --launchpad-accept-public-upload - name: Review builds run: | # Only upload if it passes local review for s in *.snap; do if ! snap-review $s; then # If we fail review, delete the snap, as others may pass and can be uploaded rm $s fi done - name: Upload builds run: | for s in *.snap; do # Upload to the snap store, and release to the candidate channel snapcraft push $s --release=candidate done - name: Confirm uploads run: | # Display the channel map from the store, showing all releases across all channels snapcraft status forgejo ```
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
No results found.
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Reference: forgejo/lxc-helpers#24
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?