From 882180815c63f5603025cb1600438a5219b13748 Mon Sep 17 00:00:00 2001
From: Gerard Braad <me@gbraad.nl>
Date: Sun, 12 Jan 2025 05:51:17 +0000
Subject: [PATCH] Add code image and actions

---
 .github/workflows/build-container-code.yml  | 24 ++++++++++++++
 .github/workflows/tailscale-code-tunnel.yml | 35 +++++++++++++++++++++
 .github/workflows/tailscale-code.yml        | 34 ++++++++++++++++++++
 .github/workflows/tailscale-ssh.yml         |  3 +-
 assets/code-serveweb@.service               | 11 +++++++
 assets/code-tunnel@.service                 | 11 +++++++
 {scripts => assets}/tailscaled              |  0
 containers/Containerfile-base               | 11 +++++--
 containers/Containerfile-code-cli           | 17 ++++++++++
 containers/Containerfile-systemd            |  6 ++--
 10 files changed, 143 insertions(+), 9 deletions(-)
 create mode 100644 .github/workflows/build-container-code.yml
 create mode 100644 .github/workflows/tailscale-code-tunnel.yml
 create mode 100644 .github/workflows/tailscale-code.yml
 create mode 100644 assets/code-serveweb@.service
 create mode 100644 assets/code-tunnel@.service
 rename {scripts => assets}/tailscaled (100%)
 create mode 100644 containers/Containerfile-code-cli

diff --git a/.github/workflows/build-container-code.yml b/.github/workflows/build-container-code.yml
new file mode 100644
index 0000000..35bbdda
--- /dev/null
+++ b/.github/workflows/build-container-code.yml
@@ -0,0 +1,24 @@
+name: build container - code cli
+run-name: building container - code cli
+on:
+  schedule:
+    - cron: "0 0 1 * *"
+  workflow_dispatch:
+jobs:
+  build:
+    permissions:
+      contents: read
+      packages: write
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - ubuntu-24.04
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+      - name: Run podman build - code-cli
+        run: podman build -t ghcr.io/gbraad-devenv/debian/code-cli:bookworm -f containers/Containerfile-code-cli .
+      - name: Push image to ghcr.io - code-cli
+        run: podman push --creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} ghcr.io/gbraad-devenv/debian/code-cli:bookworm
diff --git a/.github/workflows/tailscale-code-tunnel.yml b/.github/workflows/tailscale-code-tunnel.yml
new file mode 100644
index 0000000..5e656a2
--- /dev/null
+++ b/.github/workflows/tailscale-code-tunnel.yml
@@ -0,0 +1,35 @@
+name: tailscale-code-tunnel
+on:
+  workflow_dispatch:
+
+jobs:
+  code-test:
+    runs-on: ubuntu-24.04
+    
+    steps:
+      - name: Remove unwanted stuff
+        uses: gbraad-devenv/remove-unwanted@v1
+      - name: Run system container with `podman`
+        run: |
+          podman run -d --name code --hostname code-${HOSTNAME} --systemd=always --cap-add=NET_RAW --cap-add=NET_ADMIN --cap-add=SYS_ADMIN --device=/dev/net/tun --device=/dev/fuse ghcr.io/gbraad-devenv/debian/code-cli:bookworm
+      - name: Tailscale setup (root)
+        run: |
+          until podman exec code tailscale up --auth-key ${TAILSCALE_AUTHKEY} --ssh
+          do
+              sleep 0.1
+          done
+        env:
+          TAILSCALE_AUTHKEY: ${{ secrets.TAILSCALE_AUTHKEY}}
+      - name: Start `code tunnel` as `gbraad`
+        run: |
+          podman exec code su - gbraad -c "code tunnel user login --provider github"
+          podman exec code systemctl enable --now code-tunnel@gbraad
+      - name: Hang around
+        run: |
+          until podman exec code systemctl is-active --quiet code-tunnel@gbraad
+          do
+               sleep 1
+          done
+          echo "Open in a browser: https://vscode.dev/tunnel/code-${HOSTNAME}"
+          echo "or connect to tunnel: code-${HOSTNAME} using VS Code"
+          sleep infinity
\ No newline at end of file
diff --git a/.github/workflows/tailscale-code.yml b/.github/workflows/tailscale-code.yml
new file mode 100644
index 0000000..c96b36f
--- /dev/null
+++ b/.github/workflows/tailscale-code.yml
@@ -0,0 +1,34 @@
+name: tailscale-code
+on:
+  workflow_dispatch:
+
+jobs:
+  code-test:
+    runs-on: ubuntu-24.04
+    
+    steps:
+      - name: Remove unwanted stuff
+        uses: gbraad-devenv/remove-unwanted@v1
+      - name: Run system container with `podman`
+        run: |
+          podman run -d --name code --hostname code-${HOSTNAME} --systemd=always --cap-add=NET_RAW --cap-add=NET_ADMIN --cap-add=SYS_ADMIN --device=/dev/net/tun --device=/dev/fuse ghcr.io/gbraad-devenv/debian/code-cli:bookworm
+      - name: Tailscale setup (root)
+        run: |
+          until podman exec code tailscale up --auth-key ${TAILSCALE_AUTHKEY} --ssh
+          do
+              sleep 0.1
+          done
+        env:
+          TAILSCALE_AUTHKEY: ${{ secrets.TAILSCALE_AUTHKEY}}
+      - name: Start `code serve-web` as `gbraad`
+        run: |
+          podman exec code systemctl enable --now code-serveweb@gbraad
+      - name: Hang around
+        run: |
+          until podman exec code systemctl is-active --quiet code-serveweb@gbraad
+          do
+               sleep 1
+          done
+          IP=`podman exec code tailscale ip -4`
+          echo "Open in your web browser: http://${IP}:8000"
+          sleep infinity
\ No newline at end of file
diff --git a/.github/workflows/tailscale-ssh.yml b/.github/workflows/tailscale-ssh.yml
index b3a6019..300080c 100644
--- a/.github/workflows/tailscale-ssh.yml
+++ b/.github/workflows/tailscale-ssh.yml
@@ -11,14 +11,13 @@ jobs:
         uses: gbraad-devenv/remove-unwanted@v1
       - name: Run system container with `podman`
         run: |
-          podman run -d --name code --hostname code-${HOSTNAME} --systemd=always --cap-add=NET_RAW --cap-add=NET_ADMIN --cap-add=SYS_ADMIN --device=/dev/net/tun --device=/dev/fuse ghcr.io/gbraad-devenv/debian/systemd:bookworm
+          podman run -d --name code --hostname code-${HOSTNAME} --systemd=always --cap-add=NET_RAW --cap-add=NET_ADMIN --cap-add=SYS_ADMIN --device=/dev/net/tun --device=/dev/fuse ghcr.io/gbraad-devenv/debian/code-cli:bookworm
       - name: Tailscale setup (root)
         run: |
           until podman exec code tailscale up --auth-key ${TAILSCALE_AUTHKEY} --ssh
           do
               sleep 0.1
           done
-          podman exec code chmod 640 /etc/shadow
         env:
           TAILSCALE_AUTHKEY: ${{ secrets.TAILSCALE_AUTHKEY}}
       - name: Hang around
diff --git a/assets/code-serveweb@.service b/assets/code-serveweb@.service
new file mode 100644
index 0000000..fcd1a62
--- /dev/null
+++ b/assets/code-serveweb@.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Code Serve Web Service
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/code serve-web --without-connection-token --host 0.0.0.0
+Restart=always
+User=%i
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file
diff --git a/assets/code-tunnel@.service b/assets/code-tunnel@.service
new file mode 100644
index 0000000..f117446
--- /dev/null
+++ b/assets/code-tunnel@.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Code Tunnel Service
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/code tunnel --accept-server-license-terms --name %H
+Restart=always
+User=%i
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file
diff --git a/scripts/tailscaled b/assets/tailscaled
similarity index 100%
rename from scripts/tailscaled
rename to assets/tailscaled
diff --git a/containers/Containerfile-base b/containers/Containerfile-base
index 2d30a0b..2684b0d 100644
--- a/containers/Containerfile-base
+++ b/containers/Containerfile-base
@@ -7,6 +7,11 @@ LABEL org.opencontainers.image.source = "https://github.com/gbraad-devenv/debian
 
 USER root
 
+RUN apt-get update \
+    && apt-get install -y \
+        systemd \
+    && rm -rf /var/lib/apt/lists/*
+
 RUN apt-get update \
     && apt-get install -y \
         git \
@@ -31,10 +36,10 @@ RUN curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.noarmor.gpg | s
     && sudo apt-get update \
     && sudo apt-get install -y \
         tailscale \
-    && rm -rf /var/lib/apt/lists/*
+    && rm -rf /var/lib/apt/lists/* \
+    && mkdir -p /var/run/tailscale /var/cache/tailscale /var/lib/tailscale
 
-COPY scripts/tailscaled /etc/init.d/tailscaled
-RUN mkdir -p /var/run/tailscale /var/cache/tailscale /var/lib/tailscale
+COPY assets/tailscaled /etc/init.d/tailscaled
 
 RUN sudo mkdir -p -m 755 /etc/apt/keyrings \
     && out=$(mktemp) && wget -nv -O$out https://cli.github.com/packages/githubcli-archive-keyring.gpg \
diff --git a/containers/Containerfile-code-cli b/containers/Containerfile-code-cli
new file mode 100644
index 0000000..f2896f1
--- /dev/null
+++ b/containers/Containerfile-code-cli
@@ -0,0 +1,17 @@
+ARG BASE_VERSION="bookworm"
+
+FROM ghcr.io/gbraad-devenv/debian/systemd:${BASE_VERSION}
+
+LABEL org.opencontainers.image.source = "https://github.com/gbraad-devenv/debian"
+
+RUN cd /tmp \
+    && curl -fL https://code.visualstudio.com/sha/download?build=stable\&os=cli-alpine-x64 -o code-cli.tar.gz \
+    && tar zxvf code-cli.tar.gz \
+    && mv code /usr/bin/code \
+    && rm -f code-cli.tar.gz
+
+# systemd
+COPY assets/code-serveweb@.service /etc/systemd/system/
+COPY assets/code-tunnel@.service /etc/systemd/system/
+
+#ENTRYPOINT [ "/sbin/init" ]
\ No newline at end of file
diff --git a/containers/Containerfile-systemd b/containers/Containerfile-systemd
index af99d3c..cbb77bb 100644
--- a/containers/Containerfile-systemd
+++ b/containers/Containerfile-systemd
@@ -6,9 +6,7 @@ LABEL org.opencontainers.image.source = "https://github.com/gbraad-devenv/debian
 
 USER root
 
-RUN apt-get update \
-    && apt-get install -y \
-        systemd \
-    && rm -rf /var/lib/apt/lists/*
+# already 'enabled' by default
+#RUN systemctl enable tailscaled
 
 ENTRYPOINT ["/sbin/init"]