xcp-ng · glehmann · Aug 1, 2025 · Jul 24, 2025 · Jul 24, 2025 · Jul 25, 2025
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -0,0 +1,83 @@
+name: Build and Push Docker Image to GHCR
+
+on: push
+
+permissions:
+  contents: read # Required to checkout the repo code
+  packages: write # Required to push packages to GHCR
+
+jobs:
+  xcp-ng-build-env-82:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/setup-buildx-action@v3
+        with:
+          driver: docker-container
+      - uses: docker/login-action@v3
+        if: github.ref == 'refs/heads/master'
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }} # Uses the GitHub user/org name that triggered the workflow
+          password: ${{ secrets.GITHUB_TOKEN }} # Automatically provided by GitHub
+      - uses: docker/build-push-action@v5 # Using v5 for latest features
+        with:
+          context: .
+          file: ./Dockerfile-8.x
+          push: ${{ github.ref == 'refs/heads/master' }}
+          tags: ghcr.io/${{ github.repository }}:8.2
+          cache-from: type=gha,scope=${{ github.ref_name }}-82 # Cache layers to speed up builds
+          cache-to: type=gha,mode=max,scope=${{ github.ref_name }}-82 # Store layers in cache for future builds
+          build-args: |
+            XCP_NG_BRANCH=8.2
+          platforms: |
+            linux/amd64
+
+  xcp-ng-build-env-83:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/setup-buildx-action@v3
+        with:
+          driver: docker-container
+      - uses: docker/login-action@v3
+        if: github.ref == 'refs/heads/master'
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }} # Uses the GitHub user/org name that triggered the workflow
+          password: ${{ secrets.GITHUB_TOKEN }} # Automatically provided by GitHub
+      - uses: docker/build-push-action@v5 # Using v5 for latest features
+        with:
+          context: .
+          file: ./Dockerfile-8.x
+          push: ${{ github.ref == 'refs/heads/master' }}
+          tags: ghcr.io/${{ github.repository }}:8.3
+          cache-from: type=gha,scope=${{ github.ref_name }}-83 # Cache layers to speed up builds
+          cache-to: type=gha,mode=max,scope=${{ github.ref_name }}-83 # Store layers in cache for future builds
+          platforms: |
+            linux/amd64
+
+  # TODO: uncomment once we have a public xcp-ng 9.0 repository
+  # xcp-ng-build-env-90:
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - uses: actions/checkout@v4
+  #     - uses: docker/setup-buildx-action@v3
+  #       with:
+  #         driver: docker-container
+  #     - uses: docker/login-action@v3
+  #       if: github.ref == 'refs/heads/master'
+  #       with:
+  #         registry: ghcr.io
+  #         username: ${{ github.actor }} # Uses the GitHub user/org name that triggered the workflow
+  #         password: ${{ secrets.GITHUB_TOKEN }} # Automatically provided by GitHub
+  #     - uses: docker/build-push-action@v5 # Using v5 for latest features
+  #       with:
+  #         context: .
+  #         file: ./Dockerfile-9.x
+  #         platforms: |
+  #           linux/amd64/v2
+  #         push: ${{ github.ref == 'refs/heads/master' }}
+  #         tags: ghcr.io/${{ github.repository }}:9.0
+  #         cache-from: type=gha,scope=${{ github.ref_name }}-90 # Cache layers to speed up builds
+  #         cache-to: type=gha,mode=max,scope=${{ github.ref_name }}-90 # Store layers in cache for future builds
diff --git a/Dockerfile-7.x b/Dockerfile-7.x
diff --git a/Dockerfile-8.x b/Dockerfile-8.x
@@ -2,38 +2,32 @@ ARG     CENTOS_VERSION=7.5.1804
 
 FROM    centos:${CENTOS_VERSION}
 
-ARG     CUSTOM_BUILDER_UID=""
-ARG     CUSTOM_BUILDER_GID=""
-
 # Remove all repositories
 RUN     rm /etc/yum.repos.d/*
 
 # Add only the specific CentOS 7.5 repositories, because that's what XS used for the majority of packages
 ARG     CENTOS_VERSION
 COPY    files/CentOS-Vault.repo.in /etc/yum.repos.d/CentOS-Vault-7.5.repo
-RUN     sed -e "s/@CENTOS_VERSION@/${CENTOS_VERSION}/g" -i /etc/yum.repos.d/CentOS-Vault-7.5.repo
+RUN     sed -i -e "s/@CENTOS_VERSION@/${CENTOS_VERSION}/g" /etc/yum.repos.d/CentOS-Vault-7.5.repo
 
 # Add our repositories
 # Repository file depends on the target version of XCP-ng, and is pre-processed by build.sh
 ARG     XCP_NG_BRANCH=8.3
 COPY    files/xcp-ng.repo.8.x.in /etc/yum.repos.d/xcp-ng.repo
-RUN     sed -e "s/@XCP_NG_BRANCH@/${XCP_NG_BRANCH}/g" -i /etc/yum.repos.d/xcp-ng.repo
+RUN     sed -i -e "s/@XCP_NG_BRANCH@/${XCP_NG_BRANCH}/g" /etc/yum.repos.d/xcp-ng.repo
 
 # Install GPG key
 RUN     curl -sSf https://xcp-ng.org/RPM-GPG-KEY-xcpng -o /etc/pki/rpm-gpg/RPM-GPG-KEY-xcpng
 
-# Fix invalid rpmdb checksum error with overlayfs, see https://github.com/docker/docker/issues/10180
-# (still needed?)
-RUN     yum install -y yum-plugin-ovl
-
-# Use priorities so that packages from our repositories are preferred over those from CentOS repositories
-RUN     yum install -y yum-plugin-priorities
-
 # Update
-RUN     yum update -y
-
-# Common build requirements
-RUN     yum install -y \
+RUN     yum update -y \
+        # Fix invalid rpmdb checksum error with overlayfs, see https://github.com/docker/docker/issues/10180
+        # (still needed?)
+        && yum install -y yum-plugin-ovl \
+        # Use priorities so that packages from our repositories are preferred over those from CentOS repositories
+        && yum install -y yum-plugin-priorities \
+        # Common build requirements
+        && yum install -y \
             gcc \
             gcc-c++ \
             git \
@@ -44,37 +38,30 @@ RUN     yum install -y \
             sudo \
             yum-utils \
             epel-release \
-            epel-rpm-macros
-
-# Niceties
-RUN     yum install -y \
+            epel-rpm-macros \
+        # Niceties
+        && yum install -y \
             vim \
             wget \
-            which
-
-# clean package cache to avoid download errors
-RUN     yum clean all
+            which \
+        # clean package cache to avoid download errors
+        && yum clean all
 
 # OCaml in XS may be older than in CentOS
 RUN     sed -i "/gpgkey/a exclude=ocaml*" /etc/yum.repos.d/Cent* /etc/yum.repos.d/epel*
 
-# Set up the builder user
-RUN     bash -c ' \
-            OPTS=(); \
-            if [ -n "${CUSTOM_BUILDER_UID}" ]; then \
-                OPTS+=("-u" "${CUSTOM_BUILDER_UID}"); \
-            fi; \
-            if [ -n "${CUSTOM_BUILDER_GID}" ]; then \
-                OPTS+=("-g" "${CUSTOM_BUILDER_GID}"); \
-                if ! getent group "${CUSTOM_BUILDER_GID}" >/dev/null; then \
-                    groupadd -g "${CUSTOM_BUILDER_GID}" builder; \
-                fi; \
-            fi; \
-            useradd "${OPTS[@]}" builder; \
-        ' \
+# create the builder user
+RUN     groupadd -g 1000 builder \
+        && useradd -u 1000 -g 1000 builder \
         && echo "builder:builder" | chpasswd \
         && echo "builder ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers
 
 RUN     mkdir -p /usr/local/bin
+RUN     curl -fsSL "https://github.com/tianon/gosu/releases/download/1.17/gosu-amd64" -o /usr/local/bin/gosu \
+        && chmod +x /usr/local/bin/gosu
 COPY    files/init-container.sh /usr/local/bin/init-container.sh
-COPY    files/rpmmacros /home/builder/.rpmmacros
+COPY    files/entrypoint.sh /usr/local/bin/entrypoint.sh
+COPY    --chown=builder:builder files/rpmmacros /home/builder/.rpmmacros
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+CMD ["bash"]
diff --git a/Dockerfile-9.x b/Dockerfile-9.x
@@ -1,8 +1,5 @@
 FROM    ghcr.io/almalinux/10-base:10.0
 
-ARG     CUSTOM_BUILDER_UID=""
-ARG     CUSTOM_BUILDER_GID=""
-
 # Add our repositories
 # temporary bootstrap repository
 COPY    files/xcp-ng-8.99.repo /etc/yum.repos.d/xcp-ng.repo
@@ -13,10 +10,9 @@ COPY    files/Alma10-devel.repo /etc/yum.repos.d/
 RUN     curl -sSf https://xcp-ng.org/RPM-GPG-KEY-xcpng -o /etc/pki/rpm-gpg/RPM-GPG-KEY-xcpng
 
 # Update
-RUN     dnf update -y
-
-# Common build requirements
-RUN     dnf install -y \
+RUN     dnf update -y \
+        # Common build requirements
+        && dnf install -y \
             gcc \
             gcc-c++ \
             git \
@@ -26,54 +22,44 @@ RUN     dnf install -y \
             python3-rpm \
             sudo \
             dnf-plugins-core \
-            epel-release
-
-# EPEL: needs epel-release installed first
-RUN     dnf install -y \
+            epel-release \
+        # EPEL: needs epel-release installed first
+        && dnf install -y \
             epel-rpm-macros \
-            almalinux-git-utils
-
-# Niceties
-RUN     dnf install -y \
+            almalinux-git-utils \
+        # Niceties
+        && dnf install -y \
             bash-completion \
             vim \
             wget \
-            which
-
-# clean package cache to avoid download errors
-RUN     yum clean all
-
-# -release*, to be commented out to boostrap the build-env until it gets built
-# FIXME: isn't it already pulled as almalinux-release when available?
-RUN     dnf install -y \
+            which \
+        # -release*, to be commented out to boostrap the build-env until it gets built
+        # FIXME: isn't it already pulled as almalinux-release when available?
+        && dnf install -y \
             xcp-ng-release \
-            xcp-ng-release-presets
+            xcp-ng-release-presets \
+        # clean package cache to avoid download errors
+        && yum clean all
 
 # enable repositories commonly required to build
 RUN     dnf config-manager --enable crb
 
 # workaround sudo not working (e.g. in podman 4.9.3 in Ubuntu 24.04)
 RUN     chmod 0400 /etc/shadow
 
-# Set up the builder user
-RUN     bash -c ' \
-            OPTS=(); \
-            if [ -n "${CUSTOM_BUILDER_UID}" ]; then \
-                OPTS+=("-u" "${CUSTOM_BUILDER_UID}"); \
-            fi; \
-            if [ -n "${CUSTOM_BUILDER_GID}" ]; then \
-                OPTS+=("-g" "${CUSTOM_BUILDER_GID}"); \
-                if ! getent group "${CUSTOM_BUILDER_GID}" >/dev/null; then \
-                    groupadd -g "${CUSTOM_BUILDER_GID}" builder; \
-                fi; \
-            fi; \
-            useradd "${OPTS[@]}" builder; \
-        ' \
+# create the builder user
+RUN     groupadd -g 1000 builder \
+        && useradd -u 1000 -g 1000 builder \
         && echo "builder:builder" | chpasswd \
         && echo "builder ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers
 
 RUN     mkdir -p /usr/local/bin
+RUN     curl -fsSL "https://github.com/tianon/gosu/releases/download/1.17/gosu-amd64" -o /usr/local/bin/gosu \
+        && chmod +x /usr/local/bin/gosu
 COPY    files/init-container.sh /usr/local/bin/init-container.sh
-
+COPY    files/entrypoint.sh /usr/local/bin/entrypoint.sh
 # FIXME: check it we really need any of this
-# COPY    files/rpmmacros /home/builder/.rpmmacros
+# COPY    --chown=builder:builder files/rpmmacros /home/builder/.rpmmacros
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+CMD ["bash"]