nevaforget/moonarch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
moonarch/ci/act-runner/Dockerfile
nevaforget 29550b8a14
All checks were successful
Update PKGBUILD version / update-pkgver (push) Successful in 2s
Details
fix: audit remediation — 6 fixes across quality, performance, security 
Q-01: Fix broken upower regex in moonarch-btnote (lookaheads never matched)
Q-02: Fix transform.sh paru repo section name ([moonarch] → [moonarch-pkgbuilds]),
      config path (~/.config → /etc), and partial sync (-Sy → -Syu)
Q-03: Add missing stasis package to aur.txt (idle management broken on fresh install)
S-01: Switch CI git clones from HTTP to HTTPS (MITM risk in Docker network)
S-02: Restrict CI builder sudo to /usr/bin/pacman only
P-01: Refactor moonarch-waybar-gpustat — remove while loop, use jq --arg style
2026-04-07 10:50:57 +02:00

11 lines
543 B
Docker
Raw Blame History

FROM archlinux:base-devel
RUN pacman -Sy --noconfirm git curl && pacman -Scc --noconfirm
RUN useradd -m builder && echo "builder ALL=(ALL) NOPASSWD: /usr/bin/pacman" >> /etc/sudoers
ADD https://gitea.com/gitea/act_runner/releases/download/v0.3.1/act_runner-0.3.1-linux-amd64 /usr/local/bin/act_runner
RUN chmod +x /usr/local/bin/act_runner
COPY --from=gitea/act_runner:latest /usr/local/bin/run.sh /usr/local/bin/run.sh
RUN mkdir -p /data && chown builder:builder /data
USER builder
ENV HOME=/home/builder
ENTRYPOINT ["/usr/local/bin/run.sh"]
Reference in New Issue View Git Blame Copy Permalink