From 362b5ea9bab993f080fd64a616cbb7da8d20e788 Mon Sep 17 00:00:00 2001
From: Paul Pan <i@0x7f.app>
Date: Sat, 27 Jan 2024 19:11:26 +0800
Subject: [PATCH] chore: update docker scripts

---
 Runner.Dockerfile  | 16 ++++------------
 Server.Dockerfile  |  4 ++--
 build_image.sh     |  3 +--
 docker-compose.yml | 14 +++++---------
 4 files changed, 12 insertions(+), 25 deletions(-)

diff --git a/Runner.Dockerfile b/Runner.Dockerfile
index d592aef..385dd15 100644
--- a/Runner.Dockerfile
+++ b/Runner.Dockerfile
@@ -17,24 +17,16 @@ RUN --mount=type=cache,id=golang,target=/go/pkg make build
 
 
 # main image
-FROM quay.io/podman/stable
-
-# pkill
-RUN yum -y install jq procps-ng && yum -y clean all && rm -rf /var/cache
+FROM docker.io/library/alpine
 
 WORKDIR /app
-
-# prepare images
-COPY --from=builder /builder/resource/runner /app/resource/runner
-RUN bash -c "cd /app/resource/runner/scripts && ./prepare_images.sh save"
+RUN apk --no-cache add tzdata ca-certificates bash openrc \
+                   containerd nerdctl
 
 # sources
+COPY --from=builder /builder/resource/runner /app/resource/runner
 COPY --from=builder /builder/config.docker.yaml /app
 COPY --from=builder /builder/docker-entrypoint.sh /app
 COPY --from=builder /builder/woj /app
 
-# switch user
-RUN chown -R podman:podman /app
-USER podman
-
 ENTRYPOINT ["/app/docker-entrypoint.sh"]
diff --git a/Server.Dockerfile b/Server.Dockerfile
index f4625e5..ac36edc 100644
--- a/Server.Dockerfile
+++ b/Server.Dockerfile
@@ -1,7 +1,7 @@
 # Go builder
 FROM docker.io/library/golang:alpine AS go-builder
 
-ENV GOPROXY=https://goproxy.cn
+#ENV GOPROXY=https://goproxy.cn
 ENV CGO_ENABLED=0
 WORKDIR /builder
 
@@ -23,7 +23,7 @@ RUN find /app -type f -name "*.map" -delete
 FROM docker.io/library/alpine
 
 WORKDIR /app
-RUN apk --no-cache add tzdata ca-certificates libc6-compat bash
+RUN apk --no-cache add tzdata ca-certificates bash
 
 COPY --from=go-builder /builder/config.docker.yaml /app
 COPY --from=go-builder /builder/docker-entrypoint.sh /app
diff --git a/build_image.sh b/build_image.sh
index c85bb03..97d5b59 100755
--- a/build_image.sh
+++ b/build_image.sh
@@ -31,8 +31,7 @@ function build_server() {
 function build_runner() {
     log_info "[+] Building Runner"
     $DOCKER build \
-        --cap-add=sys_admin,mknod \
-        --device=/dev/fuse \
+        --cap-add=sys_admin \
         --security-opt label=disable \
         -t "git.0x7f.app/woj/woj-runner:latest" \
         -f Runner.Dockerfile . ||
diff --git a/docker-compose.yml b/docker-compose.yml
index 3c412e3..519e792 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
   server:
-    image: git.0x7f.app/woj/woj-server:1.2.2
+    image: git.0x7f.app/woj/woj-server:1.2.3-dev
     restart: unless-stopped
     healthcheck:
       test: [ "CMD", "wget", "-q", "-O", "/dev/null", "http://127.0.0.1:8000/health" ]
@@ -21,8 +21,6 @@ services:
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
     depends_on:
-      runner:
-        condition: service_started
       storage:
         condition: service_healthy
       cache:
@@ -33,16 +31,12 @@ services:
       - "8000:8000"
 
   runner:
-    image: git.0x7f.app/woj/woj-runner:1.2.2
+    image: git.0x7f.app/woj/woj-runner:1.2.3-dev
     restart: unless-stopped
     command: runner
-    security_opt:
-      - "label=disable"
+    privileged: true
     cap_add:
       - SYS_ADMIN
-      - MKNOD
-    devices:
-      - "/dev/fuse"
     environment:
       - REDIS_ADDRESS=cache
       - STORAGE_ENDPOINT=storage:9000
@@ -50,8 +44,10 @@ services:
       - STORAGE_SECRET_KEY=secret_key
       - STORAGE_BUCKET=woj
       - DEVELOPMENT=true
+      - START_CONTAINERD=true
     volumes:
       - runner:/app/resource/runner/user
+      - container:/var/lib/containerd
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
     depends_on: