diff --git a/.github/workflows/reusable-build-image.yaml b/.github/workflows/reusable-build-image.yaml index bb292ac..86126b1 100644 --- a/.github/workflows/reusable-build-image.yaml +++ b/.github/workflows/reusable-build-image.yaml @@ -38,12 +38,15 @@ jobs: - name: Build and push Docker image uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6 with: - context: . - file: ./docker/Dockerfile + context: ./docker provenance: false # Build for both amd64 and arm64 platforms: "linux/amd64,linux/arm64" push: ${{ inputs.push }} tags: ${{ inputs.tags }} + cache-from: type=gha + cache-to: type=gha,mode=max + secrets: | + github_token=${{ secrets.GITHUB_TOKEN }} env: DOCKER_BUILD_SUMMARY: false diff --git a/docker/Brewfile b/docker/Brewfile index 6ae9b28..d95b026 100644 --- a/docker/Brewfile +++ b/docker/Brewfile @@ -1,3 +1,2 @@ brew 'mise' -brew 'vim' cask 'claude-code' diff --git a/docker/Dockerfile b/docker/Dockerfile index 277df3b..16cffc3 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -11,22 +11,17 @@ RUN apt-get update && \ procps \ curl \ file \ - git \ - sudo && \ + git && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* -# setup sudo user -ARG SUDO_USER_UID=1001 -ARG SUDO_USER_GID=$SUDO_USER_UID -ARG SUDO_USERNAME=sudo-user -RUN echo "Defaults:sudo-user !env_reset" > /etc/sudoers && \ - echo "sudo-user ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers && \ - groupadd --gid ${SUDO_USER_GID} ${SUDO_USERNAME} && \ - useradd -s /bin/bash --uid ${SUDO_USER_UID} --gid ${SUDO_USER_GID} -G sudo -m ${SUDO_USERNAME} -USER ${SUDO_USERNAME} - -# install brew +# create linuxbrew user for Homebrew installation +RUN useradd -m -s /bin/bash linuxbrew && \ + mkdir -p /home/linuxbrew/.linuxbrew && \ + chown -R linuxbrew:linuxbrew /home/linuxbrew + +# install brew as linuxbrew user +USER linuxbrew ARG NONINTERACTIVE=1 RUN /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/09792a0a1565f62eb8c90f1578a992968c85468c/install.sh)" @@ -45,6 +40,7 @@ RUN apt-get update && \ ssh-client \ procps \ gnupg \ + vim \ zsh && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* @@ -71,19 +67,30 @@ ENV MISE_CONFIG_DIR="/mise" ENV MISE_CACHE_DIR="/mise/cache" ENV MISE_INSTALL_PATH="/usr/local/bin/mise" +RUN mkdir -p /home/linuxbrew && \ + chown -R ${USER_UID}:${USER_GID} /home/linuxbrew + USER ${USERNAME} # setup brew -COPY --from=install-brew /home/linuxbrew/.linuxbrew /home/linuxbrew/.linuxbrew -COPY Brewfile ${HOME_DIR}/Brewfile +COPY --from=install-brew --chown=${USER_UID}:${USER_GID} /home/linuxbrew/.linuxbrew /home/linuxbrew/.linuxbrew + +# install mise +RUN eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv) && \ + brew install mise + +# install claude-code +RUN eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv) && \ + brew install --cask claude-code + +# cleanup brew RUN eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv) && \ - brew bundle --file=${HOME_DIR}/Brewfile && \ brew cleanup -s && \ - rm -rf $(brew --cache) && \ - rm -rf ${HOME_DIR}/Brewfile + rm -rf $(brew --cache) # install baseline tools from /mise/config.toml -RUN eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv) && \ +RUN --mount=type=secret,id=github_token,env=GITHUB_TOKEN \ + eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv) && \ mise install --yes ARG PNPM_HOME="${HOME_DIR}/.local/share/pnpm" diff --git a/scripts/post-create.sh b/scripts/post-create.sh index 1e046cf..3c7c533 100755 --- a/scripts/post-create.sh +++ b/scripts/post-create.sh @@ -2,6 +2,7 @@ # remove ssh program settings for host env git config --global --unset gpg.ssh.program || true +git config --global --add safe.directory /workspace # install project-specific tools from workspace mise.toml mise install --yes