.forgejo/workflows/ci.yml

@@ -14,7 +14,6 @@ jobs:
       RUN_ID: ${{ github.run_id }}
       POSTGRES_IMG_DIGEST: ${{ secrets.POSTGRES_IMG_DIGEST }}
       RUST_IMG_DIGEST: ${{ secrets.RUST_IMG_DIGEST }}
-      PREBUILT_BACKEND_TEST_IMAGE: ${{ secrets.REGISTRY_HOST }}/${{ github.repository }}/sharenet-test-rust
 
     steps:
       - name: Checkout code
@@ -36,41 +35,9 @@ jobs:
           podman --remote version
           podman --remote run --rm alpine:3.20 echo "Hello from host rootless Podman!"
 
-      - name: Login to container registry with PAT
-        run: |
-          echo "${{ secrets.REGISTRY_TOKEN }}" | podman --remote login \
-            -u "${{ secrets.REGISTRY_USERNAME }}" \
-            --password-stdin \
-            "${{ secrets.REGISTRY_HOST }}"
-
       - name: Create network
         run: podman --remote network create integ-${{ env.RUN_ID }}
 
-      - name: Check if dependencies changed
-        id: check-deps
-        run: |
-          # Get hash of Cargo.toml and Cargo.lock
-          DEPS_HASH=$(sha256sum Cargo.toml Cargo.lock | sha256sum | cut -d' ' -f1)
-          echo "deps_hash=$DEPS_HASH" >> $GITHUB_OUTPUT
-          
-          # Check if image exists with this hash tag
-          if podman --remote manifest inspect "$PREBUILT_BACKEND_TEST_IMAGE:$DEPS_HASH" >/dev/null 2>&1; then
-            echo "rebuild_needed=false" >> $GITHUB_OUTPUT
-          else
-            echo "rebuild_needed=true" >> $GITHUB_OUTPUT
-          fi
-
-      - name: Build optimized Rust test image (if needed)
-        if: steps.check-deps.outputs.rebuild_needed == 'true'
-        run: |
-          podman --remote build \
-            -f backend/Dockerfile.test-rust \
-            -t "$PREBUILT_BACKEND_TEST_IMAGE:${{ steps.check-deps.outputs.deps_hash }}" \
-            -t "$PREBUILT_BACKEND_TEST_IMAGE:latest"
-          
-          podman --remote push "$PREBUILT_BACKEND_TEST_IMAGE:${{ steps.check-deps.outputs.deps_hash }}"
-          podman --remote push "$PREBUILT_BACKEND_TEST_IMAGE:latest"
-
       - name: Start PostgreSQL
         run: |  
           podman --remote run -d \
@@ -96,7 +63,7 @@ jobs:
             -v /home/ci-service/.cache:/c \
             alpine:3.20 sh -lc 'mkdir -p /c/cargo'
 
-      - name: Run backend tests with cached dependencies
+      - name: Run backend tests (tar-pipe, no bind mount of source)
         run: |
           set -euo pipefail
           set -o pipefail
@@ -106,12 +73,11 @@ jobs:
             -e CARGO_HOME=/cargo \
             -e DATABASE_URL=postgres://postgres:password@test-postgres-${{ env.RUN_ID }}:5432/sharenet_test \
             -v /home/ci-service/.cache/cargo:/cargo \
-            "$PREBUILT_BACKEND_TEST_IMAGE:${{ steps.check-deps.outputs.deps_hash }}" \
+            "$RUST_IMG_DIGEST" \
             sh -euxc '
               mkdir -p /workspace
               tar -x -C /workspace
               cd /workspace/backend
-              cargo chef cook --release --recipe-path /app/recipe.json
               cargo test --lib -- --test-threads=1
             '
 

.forgejo/workflows/podman-demo.yml

@@ -0,0 +1,39 @@
+name: Podman Rootless Demo
+on: [push, pull_request]
+
+jobs:
+  test-rootless:
+    runs-on: [ci]
+
+    # Point all steps at the host's rootless Podman socket
+    env:
+      # Point the client at the mounted socket
+      CONTAINER_HOST: unix:///run/user/1001/podman/podman.sock
+      # Make sure podman looks in the correct runtime dir hierarchy
+      XDG_RUNTIME_DIR: /tmp
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+
+      - name: Verify socket visibility
+        run: |
+          set -euo pipefail
+          id -u; id -g
+          ls -ld /run/user/1001/podman
+          ls -l  /run/user/1001/podman/podman.sock
+          test -S /run/user/1001/podman/podman.sock
+
+      - name: Use host rootless Podman
+        run: |
+          set -euo pipefail
+          podman --remote info --format '{{.Host.RemoteSocket.Path}} (remote={{.Host.RemoteSocket.Exists}})'
+          podman --remote version
+          podman --remote run --rm alpine:3.20 echo "Hello from host rootless Podman!"
+
+      - name: Build and run a container
+        run: |
+          set -euo pipefail
+          podman --remote build -t test-image .
+          podman --remote run --rm test-image

backend/Dockerfile.test-rust

@@ -1,31 +1,16 @@
-# planner: produce recipe.json
+# Rust testing environment for CI/CD
-FROM rust:1.89-slim AS planner
+ARG REGISTRY_HOST=localhost
-WORKDIR /app
+ARG OWNER_REPO=owner/repo
-RUN apt-get update && apt-get install -y --no-install-recommends pkg-config libssl-dev ca-certificates postgresql-client curl && rm -rf /var/lib/apt/lists/*
+FROM ${REGISTRY_HOST}/${OWNER_REPO}/rust:1.75-slim
-RUN cargo install --locked cargo-chef
-COPY . .
-RUN cargo chef prepare --recipe-path recipe.json
 
-# deps: compile only external crates
+# Install additional tools needed for testing
-FROM rust:1.89-slim AS deps
+RUN apt-get update && apt-get install -y \
-WORKDIR /app
+    postgresql-client \
-RUN apt-get update && apt-get install -y --no-install-recommends pkg-config libssl-dev ca-certificates postgresql-client curl && rm -rf /var/lib/apt/lists/*
+    curl \
-RUN cargo install --locked cargo-chef
+    && rm -rf /var/lib/apt/lists/*
-ENV CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse
-COPY --from=planner /app/recipe.json recipe.json
-RUN cargo chef cook --release --recipe-path recipe.json
 
-# builder: compile local workspace crates using cached deps
+# Set working directory
-FROM rust:1.89-slim AS builder
-WORKDIR /app
-COPY --from=deps /usr/local/cargo /usr/local/cargo
-COPY --from=deps /usr/local/rustup /usr/local/rustup
-COPY --from=deps /app/target /app/target
-COPY . .
-RUN cargo build --release --locked
-
-# runtime: minimal test environment
-FROM rust:1.89-slim AS runtime
-RUN apt-get update && apt-get install -y --no-install-recommends postgresql-client curl && rm -rf /var/lib/apt/lists/*
 WORKDIR /workspace/backend
-CMD ["sleep", "infinity"]
+
+# Keep container running for testing
+CMD ["sleep", "infinity"] 

local-test-pod.yaml

@@ -17,7 +17,7 @@ spec:
     - containerPort: 5432
 
   - name: backend
-    image: localhost/sharenet-test-rust:latest
+    image: rust:1.89-slim
     workingDir: /app/backend
     env:
     - name: DATABASE_URL