Podman deployment

[ThomasConrad]

Instead of building on the supermicro server every time, it would be very easy to use the free runner to build a docker imag, post it to our free packages space on github and use rootless podman on the server for deployment. Any immediate issues here @eKristensen ?

[eKristensen]

As long as the building process is still simple for the full time the system is expected to survive, it is fine. For me it seems more involved that pulling changes and rebuilding, but maybe that is just me.

With regards to making changes easier: I do not think there will be many changes after you are done with the system... In which case a binary that runs on the server might be easier to deal with than podman.

If deployment is fully automated then this repo need to be sufficiently protected as it would be a way to install malicious code on the server without anyone noticing, especially if this GitHub repo is forgotten for some reason.

No strong opinion against it since it is rootless podman :)

[eKristensen]

Also I think it would be a great idea to have some tests that run before a new image i built :)

[ThomasConrad]

We're now building docker images to or packages 7b5865fb093216e442f5d31c6bce33648b3b1dfc.

Next step would be some watcher on the local system to update and rerun when there is a new package. Any recommendations. I usually use docker-compose with watchtower, but I have some experience with minikube and helm charts for this as well.

[eKristensen]

podman auto-update

[eKristensen]

https://www.redhat.com/sysadmin/podman-auto-updates-rollbacks

[ThomasConrad]

This is now implemented :D 40c0647533fb9425ac0dab240fba8ea911fef018