Adding on the nss-tools package for certutil

.github/workflows/build.yml

@@ -21,20 +21,27 @@ env:
 
 jobs:
   build-and-push:
-    runs-on: [ self-hosted, medium, build ]
+    runs-on: jamesjonesconsulting-arch-gha-set
+    # runs-on: [ self-hosted, medium, build ]
     timeout-minutes: 720
     container:
       image: nexus.jamesjonesconsulting.com:5444/podman/stable:latest
       # image: quay.io/podman/stable:latest
-      options: --userns=keep-id --group-add keep-groups --privileged --user root
-      credentials:
-        username: ${{ secrets.HOME_NEXUS_DOCKER_USER }}
-        password: ${{ secrets.HOME_NEXUS_DOCKER_PASSWORD }}
+      # options: '--user root'
+      options: >-
+        --user root:root
+      # --privileged
+      # --group-add keep-groups
+      # --userns=keep-id
+      # credentials:
+      #   username: ${{ secrets.HOME_NEXUS_DOCKER_USER }}
+      #   password: ${{ secrets.HOME_NEXUS_DOCKER_PASSWORD }}
     strategy:
       fail-fast: false
       max-parallel: 2
       matrix:
-        registry: [ 'ghcr.io', 'nexus.jamesjonesconsulting.com:5443' ]
+        # registry: [ 'ghcr.io', 'nexus.jamesjonesconsulting.com:5443' ]
+        registry: [ 'ghcr.io' ]
         include:
           - registry: ghcr.io
             user: GITHUB_DOCKER_USER
@@ -42,12 +49,12 @@ jobs:
             registry_proxy: $NEXUS_PROXY_REGISTRY
             proxy_user: NEXUS_DOCKER_USER
             proxy_password: HOME_NEXUS_DOCKER_PASSWORD
-          - registry: nexus.jamesjonesconsulting.com:5443
-            user: NEXUS_DOCKER_USER
-            password: HOME_NEXUS_DOCKER_PASSWORD
-            registry_proxy: $NEXUS_PROXY_REGISTRY
-            proxy_user: NEXUS_DOCKER_USER
-            proxy_password: HOME_NEXUS_DOCKER_PASSWORD
+          # - registry: nexus.jamesjonesconsulting.com:5443
+          #   user: NEXUS_DOCKER_USER
+          #   password: HOME_NEXUS_DOCKER_PASSWORD
+          #   registry_proxy: $NEXUS_PROXY_REGISTRY
+          #   proxy_user: NEXUS_DOCKER_USER
+          #   proxy_password: HOME_NEXUS_DOCKER_PASSWORD
     steps:
       # Downloads a copy of the code in your repository before running CI tests
       - name: Check out repository code
@@ -61,12 +68,12 @@ jobs:
           login-server: ${{ matrix.registry }}
           username: ${{ env[matrix.user] }}
           password: ${{ secrets[matrix.password] }}
-      - name: Docker Login
-        uses: azure/docker-login@v1
-        with:
-          login-server: ${{ matrix.registry_proxy }}
-          username: ${{ env[matrix.proxy_user] }}
-          password: ${{ secrets[matrix.proxy_password] }}
+      # - name: Docker Login
+      #   uses: azure/docker-login@v1
+      #   with:
+      #     login-server: ${{ matrix.registry_proxy }}
+      #     username: ${{ env[matrix.proxy_user] }}
+      #     password: ${{ secrets[matrix.proxy_password] }}
       # This requires docker buildx which podman doesn't support
       # - name: Extract metadata (tags, labels) for Docker
       #   id: meta
@@ -88,7 +95,8 @@ jobs:
           else
             VERSION=$(echo "${GITHUB_REF_NAME}" | sed 's|/|-|g')
           fi
-          podman build . --file Dockerfile --tag "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" --build-arg ARTIFACTORY=${{ matrix.registry_proxy }}
+          podman build . --userns-gid-map-group=1001 --userns-uid-map-user=1001 --file Dockerfile \
+            --tag "${{ matrix.registry }}/$IMAGE_NAME:$VERSION" --build-arg ARTIFACTORY=${{ matrix.registry_proxy }}
           if [[ "$GITHUB_REF" =~ ^refs/pull.* ]]; then
             echo "Pull requests do not get published. Only for testing"
           else