shithub runner image
flake.nix builds the default S41d runner container image:
nix build ./deploy/runner-images#runnerImage
docker load < result
The image tag is ghcr.io/tenseleyflow/shithub/runner-nix:1.0, matching
internal/runner/config's default. flake.lock pins nixpkgs so the
image input set is reviewable and repeatable. The image intentionally
contains only the baseline tools needed for v1 run: steps and checkout
plumbing:
bash, coreutils, git, curl, CA certificates, gnupg, gcc, gnumake,
archive tools, OpenSSH, and shithub-shallow-checkout.
Publishing is handled by .github/workflows/runner-image.yml. That
workflow is manual because the GHCR namespace may differ between the
upstream project and self-hosted forks. Leave the image input blank to
publish under the current repository's GHCR namespace, or override it
with ghcr.io/tenseleyflow/shithub/runner-nix for the upstream package.
View source
| 1 | # shithub runner image |
| 2 | |
| 3 | `flake.nix` builds the default S41d runner container image: |
| 4 | |
| 5 | ```sh |
| 6 | nix build ./deploy/runner-images#runnerImage |
| 7 | docker load < result |
| 8 | ``` |
| 9 | |
| 10 | The image tag is `ghcr.io/tenseleyflow/shithub/runner-nix:1.0`, matching |
| 11 | `internal/runner/config`'s default. `flake.lock` pins nixpkgs so the |
| 12 | image input set is reviewable and repeatable. The image intentionally |
| 13 | contains only the baseline tools needed for v1 `run:` steps and checkout |
| 14 | plumbing: |
| 15 | `bash`, coreutils, git, curl, CA certificates, gnupg, gcc, gnumake, |
| 16 | archive tools, OpenSSH, and `shithub-shallow-checkout`. |
| 17 | |
| 18 | Publishing is handled by `.github/workflows/runner-image.yml`. That |
| 19 | workflow is manual because the GHCR namespace may differ between the |
| 20 | upstream project and self-hosted forks. Leave the image input blank to |
| 21 | publish under the current repository's GHCR namespace, or override it |
| 22 | with `ghcr.io/tenseleyflow/shithub/runner-nix` for the upstream package. |