[librsvg-oci-images/alatiera/user-images] ci: build images with user namespaces

[Jordan Petridis <jpetridis src gnome org>]

commit 158dcf0f98dfc5ebe4f26d80d485dc99eb94be91
Author: Jordan Petridis <jpetridis gnome org>
Date:   Fri Jun 5 13:49:15 2020 +0300

    ci: build images with user namespaces
    
    The CI runners can no longer run priviledged namespaces due to
    security concenrs.
    
    Adapted the Opensuse image since its the only one we are using atm
    but the rest need to be fixed in the future as well.

 .gitlab-ci.yml      | 10 ++++++----
 fedora/latest       |  5 -----
 opensuse/cleanup.sh |  8 --------
 opensuse/prepare.sh |  9 ---------
 opensuse/tumbleweed | 24 +++++++++++++++++++++---
 5 files changed, 27 insertions(+), 29 deletions(-)
---
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 61329d9..61f22eb 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,4 +1,4 @@
-image: 'registry.fedoraproject.org/fedora:30'
+image: 'registry.fedoraproject.org/fedora:32'
 
 stages:
   - distro
@@ -6,7 +6,9 @@ stages:
 
 # Buildah can't use 'overlay' driver when running inside docker
 variables:
-  STORAGE_DRIVER: 'vfs'
+  STORAGE_DRIVER: vfs
+  BUILDAH_FORMAT: docker
+  BUILDAH_ISOLATION: chroot
 
 # Expects $IMAGE which should be the name+tag of the registry image.
 # Expects $DOCKERFILE variable which should be the path to the dockerfile
@@ -14,13 +16,13 @@ variables:
 .base:
   script:
     - dnf install -y buildah podman
-    - buildah login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+    - buildah login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
 
     # Newer versions of podman/buildah try to set overlayfs mount options when
     # using the vfs driver, and this causes errors.
     - sed -i '/^mountopt =.*/d' /etc/containers/storage.conf
 
-    - podman build --cgroup-manager=cgroupfs --format=docker --pull -f ${DOCKERFILE} -t ${IMAGE} 
${CONTEXT_DIR}
+    - podman build --pull -f ${DOCKERFILE} -t ${IMAGE} ${CONTEXT_DIR}
     - |
       if [ "$CI_COMMIT_REF_NAME" = "master" ]; then
           podman push ${IMAGE}
diff --git a/fedora/latest b/fedora/latest
index 9b0d9dd..31bdd58 100644
--- a/fedora/latest
+++ b/fedora/latest
@@ -2,10 +2,5 @@ FROM registry.fedoraproject.org/fedora:30
 
 COPY prepare.sh cleanup.sh /root/
 
-# cargo-vendor deps
-RUN dnf install -y openssl-devel libssh2-devel libgit2-devel cmake xz
-
 RUN /usr/bin/sh /root/prepare.sh && \
     /usr/bin/sh /root/cleanup.sh
-
-RUN cargo install cargo-vendor
diff --git a/opensuse/tumbleweed b/opensuse/tumbleweed
index 8963449..dbdaba2 100644
--- a/opensuse/tumbleweed
+++ b/opensuse/tumbleweed
@@ -1,6 +1,24 @@
 FROM opensuse/tumbleweed
 
-COPY prepare.sh cleanup.sh /root/
+ENV SHELL=/bin/bash
 
-RUN /usr/bin/sh /root/prepare.sh && \
-    /usr/bin/sh /root/cleanup.sh
+RUN zypper update -y && \
+    zypper install -y gcc rust cargo rustfmt gdb rust-gdb rr make vala \
+    automake autoconf libtool gettext itstool git \
+    gtk-doc gobject-introspection-devel gtk3-devel \
+    libxml2-devel libcroco-devel cairo-devel \
+    pango-devel gdk-pixbuf-devel ccache gettext-tools xz \
+    sudo shadow system-group-wheel && \
+    zypper clean -a
+
+# Enable sudo for wheel users
+RUN sed -i -e 's/# %wheel/%wheel/' -e '0,/%wheel/{s/%wheel/# %wheel/}' \
+    /etc/sudoers
+
+ENV HOST_USER_ID 5555
+RUN useradd -u $HOST_USER_ID -G wheel -ms /bin/bash user
+
+USER user
+WORKDIR /home/user
+
+ENV LANG C.UTF-8