WIP

.gitea/workflows/build.yaml

@@ -0,0 +1,105 @@
+name: Build containers
+on:
+  workflow_dispatch:
+  push:
+    branches: ["main"]
+    paths: ["containers/**", ".gitea/workflows/build.yaml"]
+  pull_request:
+    branches: ["main"]
+    paths: ["containers/**", ".gitea/workflows/build.yaml"]
+
+jobs:
+  changes:
+    runs-on: job-v2
+    outputs:
+      any_change: ${{ steps.filter.outputs.workflow == 'true' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'}}
+      base: ${{ steps.filter.outputs.base == 'true' }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: https://github.com/dorny/paths-filter@v3
+        id: filter
+        with:
+          filters: |
+            workflow: ['.gitea/workflows/build.yaml']
+            base: ['containers/base/**']
+
+  base-image:
+    needs: [changes]
+    if: ${{ needs.changes.outputs.base == 'true' || needs.changes.outputs.any_change == 'true' }}
+    runs-on: job-v2
+    steps:
+      - uses: actions/checkout@v4
+      - name: Log in
+        uses: redhat-actions/podman-login@v1
+        with:
+          registry: git.plabble.org
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
+      - name: Build
+        id: build
+        uses: job79/buildah-build@65b3793a1370c1ccd74a5c0d090d70eb9637a4ef
+        with:
+          image: maurice/base
+          tags: ${{ github.ref_name }}
+          context: ./containers/base
+          containerfiles: ./containers/base/Containerfile
+      - name: Push
+        uses: redhat-actions/push-to-registry@v2
+        with:
+          image: ${{ steps.build.outputs.image }}
+          tags: ${{ steps.build.outputs.tags }}
+          registry: git.plabble.org
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
+          extra-args: |
+            --compression-format=zstd
+            --compression-level=12
+
+  # dependent-images:
+  #   needs: [changes, base-image]
+  #   if: always() && needs.changes.result == 'success' && (needs.base-image.result == 'success' || needs.base-image.result == 'skipped')
+  #   runs-on: job-v2
+  #   strategy:
+  #     fail-fast: false
+  #     matrix:
+  #       container: [rust, dotnet, go]
+  #   steps:
+  #     - name: Check if build needed
+  #       id: check
+  #       run: |
+  #         if [[ "${{ matrix.container }}" == "go" && "${{ needs.changes.outputs.go }}" == "true" ]]; then echo "run=true" >> $GITHUB_OUTPUT; fi
+  #         if [[ "${{ matrix.container }}" == "rust" && "${{ needs.changes.outputs.rust }}" == "true" ]]; then echo "run=true" >> $GITHUB_OUTPUT; fi
+  #         if [[ "${{ matrix.container }}" == "dotnet" && "${{ needs.changes.outputs.dotnet }}" == "true" ]]; then echo "run=true" >> $GITHUB_OUTPUT; fi
+  #         if [[ "${{ needs.changes.outputs.any_change }}" == "true" ]]; then echo "run=true" >> $GITHUB_OUTPUT; fi
+  #     - name: Clone repo
+  #       if: steps.check.outputs.run == 'true'
+  #       uses: actions/checkout@v4
+  #     - name: Log in
+  #       if: steps.check.outputs.run == 'true'
+  #       uses: redhat-actions/podman-login@v1
+  #       with:
+  #         registry: git.plabble.org
+  #         username: ${{ secrets.REGISTRY_USERNAME }}
+  #         password: ${{ secrets.REGISTRY_TOKEN }}
+  #     - name: Build
+  #       id: build
+  #       if: steps.check.outputs.run == 'true'
+  #       uses: job79/buildah-build@65b3793a1370c1ccd74a5c0d090d70eb9637a4ef
+  #       with:
+  #         image: maurice/${{ matrix.container }}
+  #         tags: ${{ github.ref_name }}
+  #         context: ./containers/${{ matrix.container }}
+  #         containerfiles: ./containers/${{ matrix.container }}/Containerfile
+  #         build-args: TAG=${{ github.ref_name }}
+  #     - name: Push
+  #       if: steps.check.outputs.run == 'true'
+  #       uses: redhat-actions/push-to-registry@v2
+  #       with:
+  #         image: ${{ steps.build.outputs.image }}
+  #         tags: ${{ steps.build.outputs.tags }}
+  #         registry: git.plabble.org
+  #         username: ${{ secrets.REGISTRY_USERNAME }}
+  #         password: ${{ secrets.REGISTRY_TOKEN }}
+  #         extra-args: |
+  #           --compression-format=zstd
+  #           --compression-level=12

.gitea/workflows/fedora.yaml

@@ -1,68 +0,0 @@
-name: Build container
-on:
-  workflow_dispatch:  # This makes the workflow manually triggered
-  push:
-    branches: ["main"]
-    paths:
-      - "containers/fedora/**"
-      - "containers/dotnet/**"
-      - "containers/rust/**"
-      - "containers/php/**"
-      - ".gitea/workflows/fedora.yaml"
-  pull_request:
-    branches: ["main"]
-    
-jobs:
-  fedora-build:
-    runs-on: job-latest
-    steps:
-      - name: Clone repo
-        uses: actions/checkout@v4
-      - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      - name: Login to Registry
-        uses: docker/login-action@v3
-        with:
-          registry: git.plabble.org
-          username: ${{ secrets.REGISTRY_USERNAME }}
-          password: ${{ secrets.REGISTRY_TOKEN }}
-
-      - name: Build and push Fedora container
-        uses: docker/build-push-action@v5
-        with:
-          context: ./containers/fedora
-          file: ./containers/fedora/Containerfile
-          push: true
-          tags: git.plabble.org/maurice/fedora:${{ github.ref_name }}
-          build-args: TAG=${{ github.ref_name }}
-          outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true
-      
-      # - name: Build and push Rust container
-      #   uses: docker/build-push-action@v5
-      #   with:
-      #     context: ./containers/rust
-      #     file: ./containers/rust/Containerfile
-      #     push: true
-      #     tags: git.plabble.org/maurice/rust:${{ github.ref_name }}
-      #     build-args: TAG=${{ github.ref_name }}
-      #     outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true
-      
-      - name: Build and push PHP container
-        uses: docker/build-push-action@v5
-        with:
-          context: ./containers/php
-          file: ./containers/php/Containerfile
-          push: true
-          tags: git.plabble.org/maurice/php:${{ github.ref_name }}
-          build-args: TAG=${{ github.ref_name }}
-          outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true
-      
-      # - name: Build and push C# container
-      #   uses: docker/build-push-action@v5
-      #   with:
-      #     context: ./containers/dotnet
-      #     file: ./containers/dotnet/Containerfile
-      #     push: true
-      #     tags: git.plabble.org/maurice/dotnet:${{ github.ref_name }}
-      #     build-args: TAG=${{ github.ref_name }}
-      #     outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true

.gitea/workflows/other.yaml

@@ -1,48 +1,40 @@
 name: Build optional dev containers
 on:
-  workflow_dispatch:  # This makes the workflow manually triggered
+  workflow_dispatch:
 
 jobs:
   fedora-build:
-    runs-on: job-latest
+    runs-on: job-v2
+    strategy:
+      max-parallel: 1
+      matrix:
+        container: [rider]
     steps:
       - name: Clone repo
         uses: actions/checkout@v4
-      - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      - name: Login to Registry
-        uses: docker/login-action@v3
+      - name: Log in
+        uses: redhat-actions/podman-login@v1
         with:
           registry: git.plabble.org
           username: ${{ secrets.REGISTRY_USERNAME }}
           password: ${{ secrets.REGISTRY_TOKEN }}
-
-      - name: Build and push Rider container
-        uses: docker/build-push-action@v5
+      - name: Build ${{ matrix.container }} container
+        id: build_image
+        uses: job79/buildah-build@65b3793a1370c1ccd74a5c0d090d70eb9637a4ef
         with:
-          context: ./containers/rider
-          file: ./containers/rider/Containerfile
-          push: true
-          tags: git.plabble.org/maurice/rider:${{ github.ref_name }}
+          image: maurice/${{ matrix.container }}
+          tags: ${{ github.ref_name }}
+          context: ./containers/${{ matrix.container }}
+          containerfiles: ./containers/${{ matrix.container }}/Containerfile
           build-args: TAG=${{ github.ref_name }}
-          outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true
-
-      - name: Build and push Android Studio container
-        uses: docker/build-push-action@v5
+      - name: Push ${{ matrix.container }} container
+        uses: redhat-actions/push-to-registry@v2
         with:
-          context: ./containers/android
-          file: ./containers/android/Containerfile
-          push: true
-          tags: git.plabble.org/maurice/android:${{ github.ref_name }}
-          build-args: TAG=${{ github.ref_name }}
-          outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true
-
-      - name: Build and push Flutter container
-        uses: docker/build-push-action@v5
-        with:
-          context: ./containers/flutter
-          file: ./containers/flutter/Containerfile
-          push: true
-          tags: git.plabble.org/maurice/flutter:${{ github.ref_name }}
-          build-args: TAG=${{ github.ref_name }}
-          outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true
+          image: ${{ steps.build_image.outputs.image }}
+          tags: ${{ steps.build_image.outputs.tags }}
+          registry: git.plabble.org
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
+          extra-args: |
+            --compression-format=zstd
+            --compression-level=12

build.sh

@@ -0,0 +1,5 @@
+#!/bin/sh
+cd containers/base
+podman build -t git.plabble.org/maurice/base:main .
+cd ../rider
+podman build -t git.plabble.org/maurice/rider:main .

containers/android/Containerfile

@@ -1,9 +1,11 @@
-FROM git.plabble.org/maurice/dotnet:main
-ARG studio_version="2025.1.4.8"
+FROM git.plabble.org/maurice/base:main
+ARG studio_version="2025.3.2.6"
 ARG download_uri="https://redirector.gvt1.com/edgedl/android/studio/ide-zips/${studio_version}/android-studio-${studio_version}-linux.tar.gz"
 
 USER root
-RUN dnf -y install libXext libXrender libXtst libX11 freetype freetype-devel mesa-libGLU
+# === setup GUI ===
+RUN --mount=type=cache,id=dnf-cache,target=/var/cache/libdnf5 \
+  dnf -y --setopt=keepcache=1 install libXext libXrender libXtst libX11 freetype freetype-devel mesa-libGLU
 USER user
 
 RUN curl -Lo /tmp/studio.tar.gz "${download_uri}" && \

containers/base/Containerfile

@@ -0,0 +1,53 @@
+FROM quay.io/fedora/fedora:43
+
+# === install system packages ===
+RUN --mount=type=cache,id=dnf-cache,target=/var/cache/libdnf5 \
+  dnf update -y && \
+  dnf -y --setopt=keepcache=1 install \
+    procps ping bash-completion glibc-langpack-en openssl-devel \
+    host-spawn dbus-launch \
+    git pnpm helix zip rsync \
+    dotnet-sdk-10.0
+    
+# === setup user ===
+RUN useradd -ms /bin/bash user && \
+  usermod -aG wheel user && sed -i '/NOPASSWD/s/^#//g' /etc/sudoers && \
+  mkdir -p /run/user/1000 && chown user:user /run/user/1000
+
+# === Add host entry for podman ===
+RUN ln -s /usr/local/bin/host /usr/local/bin/podman
+
+# === root language servers ===
+COPY install-roslyn.sh /tmp/install-roslyn.sh
+RUN chmod +x /tmp/install-roslyn.sh && /tmp/install-roslyn.sh && rm /tmp/omnisharp.tar.gz && rm /tmp/install-roslyn.sh
+# RUN go install golang.org/x/tools/gopls@latest
+
+USER user
+WORKDIR /home/user
+RUN mkdir .config .local .cache
+
+COPY --chown=user:user config/bashrc .bashrc
+COPY --chown=user:user config/git .config/git/config
+COPY --chown=user:user config/helix/ .config/helix/
+COPY config/bin /usr/local/bin
+
+# === Setup PNPM & install language servers, tools ===
+RUN /bin/bash -c ". /home/user/.bashrc && pnpm setup && . /home/user/.bashrc && pnpm i -g deno bash-language-server vscode-langservers-extracted dockerfile-language-server-nodejs \
+    typescript typescript-language-server"
+
+RUN dotnet tool install --global dotnet-ef && \
+  echo 'export PATH="$PATH:/home/user/.dotnet/tools:/home/user/.cargo/env"' >> /home/user/.bashrc
+
+# === Rust, WASM toolchain ===
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+RUN . /home/user/.bashrc && rustup component add rust-analyzer && \
+  curl https://drager.github.io/wasm-pack/installer/init.sh -sSf | sh && \
+  cargo install cargo-generate && \
+  cargo install cargo-expand
+
+# === Cleanup build dependencies ===
+USER root
+RUN dnf remove -y openssl-devel && dnf clean all && rm -rf /home/user/.cargo
+USER user
+
+VOLUME /home/user

containers/base/install-roslyn.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-version="v1.39.15-beta.60"
+version="v1.39.15"
 arch="linux-x64"
 link="https://github.com/OmniSharp/omnisharp-roslyn/releases/download/$version/omnisharp-$arch-net6.0.tar.gz"
 

containers/dotnet/Containerfile

@@ -1,10 +0,0 @@
-FROM git.plabble.org/maurice/fedora:main
-
-USER root
-RUN dnf -y install dotnet-sdk-9.0
-
-COPY install-roslyn.sh /tmp/install-roslyn.sh
-RUN chmod +x /tmp/install-roslyn.sh && /tmp/install-roslyn.sh
-
-USER user
-RUN dotnet tool install --global dotnet-ef

containers/fedora/Containerfile

@@ -1,31 +0,0 @@
-FROM quay.io/fedora/fedora:43
-
-# === install system packages ===
-RUN dnf update -y && \
-  dnf copr enable -y atim/lazygit && \
-  dnf -y install procps ping bash-completion glibc-langpack-en \
-    host-spawn dbus-launch \
-    git pnpm helix zip 
-
-# === setup user ===
-RUN useradd -ms /bin/bash user && \
-  usermod -aG wheel user && sed -i '/NOPASSWD/s/^#//g' /etc/sudoers && \
-  mkdir -p /run/user/1000 && chown user:user /run/user/1000
-
-# === Add host entry for podman ===
-RUN ln -s /usr/local/bin/host /usr/local/bin/podman
-
-USER user
-WORKDIR /home/user
-RUN mkdir .config .local .cache
-
-COPY --chown=user:user config/bashrc .bashrc
-COPY --chown=user:user config/git .config/git/config
-COPY --chown=user:user config/helix/ .config/helix/
-COPY config/bin /usr/local/bin
-
-# === Setup PNPM & install language servers ===
-RUN /bin/bash -c "SHELL=/bin/bash pnpm setup && . /home/user/.bashrc && pnpm i -g deno bash-language-server vscode-langservers-extracted dockerfile-language-server-nodejs \
-    typescript typescript-language-server"
-
-VOLUME /home/user

containers/fedora/config.sh

@@ -1,2 +0,0 @@
-#!/bin/bash
-arg "-p 8080:8080"

containers/flutter/Containerfile

@@ -1,5 +1,5 @@
-FROM git.plabble.org/maurice/android:main
-ARG flutter_version="3.35.7-stable"
+FROM git.plabble.org/maurice/base:main
+ARG flutter_version="3.41.4-stable"
 ARG download_uri="https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_${flutter_version}.tar.xz"
 
 RUN mkdir /home/user/Flutter && \

containers/php/Containerfile

@@ -1,4 +0,0 @@
-FROM git.plabble.org/maurice/fedora:main
-ARG php_version="8.4"
-
-RUN /bin/bash -c "export TERM=xterm && $(curl -fsSL https://php.new/install/linux/${php_version})"

containers/php/config.sh

@@ -1,2 +0,0 @@
-#!/bin/bash
-arg "--cap-add=NET_BIND_SERVICE -p 80:80"

containers/rider/Containerfile

@@ -1,9 +1,12 @@
-FROM git.plabble.org/maurice/dotnet:main
-ARG rider_version="2025.2.4"
+FROM git.plabble.org/maurice/base:main
+ARG rider_version="2025.3.3"
 ARG download_uri="https://download.jetbrains.com/rider/JetBrains.Rider-${rider_version}.tar.gz"
 
 USER root
-RUN dnf -y install libXext libXrender libXtst libX11 freetype freetype-devel
+
+# === setup GUI ===
+RUN --mount=type=cache,id=dnf-cache,target=/var/cache/libdnf5 \
+  dnf -y --setopt=keepcache=1 install libXext libXrender libXtst libX11 freetype freetype-devel
 USER user
 
 RUN curl -Lo /tmp/rider.tar.gz "${download_uri}" && \

containers/rider/config.sh

@@ -1,3 +1,4 @@
 #!/bin/bash
-arg "-p 8080:8080"
-arg "-p 8081:8081"
+mkdir -p /tmp/joypet-sockets
+arg "-p 7777:7777"
+arg "-v /tmp/joypet-sockets:/var/run/joypet-sockets:Z"

containers/rust/Containerfile

@@ -1,4 +0,0 @@
-FROM git.plabble.org/maurice/fedora:main
-
-RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
-RUN . '/home/user/.cargo/env' && rustup component add rust-analyzer

devc.sh

@@ -16,7 +16,7 @@ default_args() {
   arg "--hostname $name"
 
   # Pull newer container image if available.
-  arg "--pull=newer"
+  # arg "--pull=newer"
 
   # Use keep-id so the container user matches the host user.
   arg "--userns=keep-id"
@@ -57,8 +57,8 @@ param_args() {
       arg "-v /run/user/$UID/bus:/tmp/bus"
       arg "-e HOST_HOME=$HOME" # Used to translate paths.
       ;;
-    -net) # Enable network dev-<container name>
-      arg "--network dev-$name"
+    -net) # Enable network 'dev-<container name>'' and 'devc'
+      arg "--network dev-$name --network devc"
       ;;
     -mnt) # Mount directory.
       shift
@@ -117,6 +117,7 @@ fi
 if [ "$(podman container inspect "$name" -f {{.State.Running}} 2>&1)" != 'true' ] || [[ $# -gt 0 ]]; then
   log "starting devcontainer..."
   podman network create --ignore "dev-$name"
+  podman network create --ignore "devc"
   podman container rm -f -t 0 "$name" 1>/dev/null
   podman run -td $(default_args) $(param_args $@) "$registry/$image"
 fi