chore(ci): custom self-hosted runner image with Android + Flatpak build deps preinstalled #227

Open
opened 2026-06-21 18:23:10 +00:00 by james · 0 comments
Owner

Context

#188 (PR #222) ships the Flatpak release via a tag-driven Forgejo workflow that installs Rust, webkit2gtk-4.1-dev, flatpak-builder, and the GNOME 48 Flatpak runtime on every run. Same situation on #187 (PR #207) for Android — every release pays the JDK 21 + Android SDK install tax.

Baking those deps into a custom self-hosted Forgejo Actions runner image trims ~5–10 min per release per platform and removes a class of "the build tooling drifted upstream" flakes.

Source

Follow-up flagged in #222.

Scope

  • Build a custom runner image (Dockerfile under .forgejo/runner-image/ or a separate repo if cleaner) on top of the existing js-24.04 runner base, preinstalled with:
    • Android lane: OpenJDK 21, Android cmdline-tools + the platform / build-tools versions the Tauri / Expo SDK 56 prebuild needs (pin from #207's workflow), gradle caches if practical.
    • Flatpak lane: rustup with a pinned toolchain matching apps/client/src-tauri/rust-toolchain.toml if present (else stable), webkit2gtk-4.1-dev + its transitive build deps (libsoup-3.0, libjavascriptcoregtk-4.1-dev, etc.), flatpak, flatpak-builder, and the GNOME Platform 48 SDK runtime + extensions preinstalled with flatpak install --user.
    • Shared: git-cliff, cosign, actionlint, gitleaks, jq — anything the existing workflows already install on every run.
  • Tag the image (e.g. forge.wynning.tech/james/carol-runner:YYYY-MM-DD) and document in docs/ci.md how to roll a new build when underlying deps refresh.
  • Swap release-android.yml and release-flatpak.yml to use the new image; drop the per-run install steps.
  • Renovate-style monitoring (or a simple manual cadence — your call) for refreshing the image when the upstream js-24.04 base updates.

Acceptance criteria

  • Custom runner image exists, is tagged, and is pulled by the Android + Flatpak release workflows.
  • release-android.yml and release-flatpak.yml no longer install JDK / Android SDK / Rust / webkit2gtk / flatpak-builder during the run.
  • Release wall-clock for both lanes drops by ~5 min vs. baseline.
  • docs/ci.md covers how to roll a new runner image when deps need refreshing.

Out of scope

  • Hosting the runner image on a public registry (Forgejo's own registry or a private mirror is fine).
  • Multi-arch runner images (today's runners are x86_64; iOS isn't shipped, ARM Linux isn't a target).
  • Building the universal client's web target inside the runner image — that step is fast and varies across runs.

Composes with

  • #187 — Android signed APK pipeline.
  • #188 — Linux Flatpak.
  • ADR-0014 — release pipeline.

Part of

#176

## Context [#188](https://forge.wynning.tech/james/carol/issues/188) (PR [#222](https://forge.wynning.tech/james/carol/pulls/222)) ships the Flatpak release via a tag-driven Forgejo workflow that installs Rust, `webkit2gtk-4.1-dev`, `flatpak-builder`, and the GNOME 48 Flatpak runtime on every run. Same situation on [#187](https://forge.wynning.tech/james/carol/issues/187) (PR [#207](https://forge.wynning.tech/james/carol/pulls/207)) for Android — every release pays the JDK 21 + Android SDK install tax. Baking those deps into a custom self-hosted Forgejo Actions runner image trims ~5–10 min per release per platform and removes a class of "the build tooling drifted upstream" flakes. ## Source Follow-up flagged in [#222](https://forge.wynning.tech/james/carol/pulls/222). ## Scope - Build a custom runner image (Dockerfile under `.forgejo/runner-image/` or a separate repo if cleaner) on top of the existing `js-24.04` runner base, preinstalled with: - **Android lane:** OpenJDK 21, Android `cmdline-tools` + the platform / build-tools versions the Tauri / Expo SDK 56 prebuild needs (pin from #207's workflow), `gradle` caches if practical. - **Flatpak lane:** rustup with a pinned toolchain matching `apps/client/src-tauri/rust-toolchain.toml` if present (else stable), `webkit2gtk-4.1-dev` + its transitive build deps (`libsoup-3.0`, `libjavascriptcoregtk-4.1-dev`, etc.), `flatpak`, `flatpak-builder`, and the GNOME Platform 48 SDK runtime + extensions preinstalled with `flatpak install --user`. - Shared: `git-cliff`, `cosign`, `actionlint`, `gitleaks`, `jq` — anything the existing workflows already install on every run. - Tag the image (e.g. `forge.wynning.tech/james/carol-runner:YYYY-MM-DD`) and document in `docs/ci.md` how to roll a new build when underlying deps refresh. - Swap `release-android.yml` and `release-flatpak.yml` to use the new image; drop the per-run install steps. - Renovate-style monitoring (or a simple manual cadence — your call) for refreshing the image when the upstream `js-24.04` base updates. ## Acceptance criteria - [ ] Custom runner image exists, is tagged, and is pulled by the Android + Flatpak release workflows. - [ ] `release-android.yml` and `release-flatpak.yml` no longer install JDK / Android SDK / Rust / webkit2gtk / flatpak-builder during the run. - [ ] Release wall-clock for both lanes drops by ~5 min vs. baseline. - [ ] `docs/ci.md` covers how to roll a new runner image when deps need refreshing. ## Out of scope - Hosting the runner image on a public registry (Forgejo's own registry or a private mirror is fine). - Multi-arch runner images (today's runners are x86_64; iOS isn't shipped, ARM Linux isn't a target). - Building the universal client's web target inside the runner image — that step is fast and varies across runs. ## Composes with - [#187](https://forge.wynning.tech/james/carol/issues/187) — Android signed APK pipeline. - [#188](https://forge.wynning.tech/james/carol/issues/188) — Linux Flatpak. - [ADR-0014](docs/adr/0014-release-pipeline.md) — release pipeline. ## Part of [#176](https://forge.wynning.tech/james/carol/issues/176)
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
james/carol#227
No description provided.