containerforge/apps/actions-runner/Dockerfile at 2f9dec71d0410aa447fba78eef344065877aa766 · trueforge-org/containerforge · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103


FROM ghcr.io/trueforge-org/devcontainer:3.0.2@sha256:2966b5d6c491186e0b843a447bc1963e460f9cbc66dcf530d8deea5316a72658

USER root

ENV RUNNER_MANUALLY_TRAP_SIG=1 \
    ACTIONS_RUNNER_PRINT_LOG_TO_STDOUT=1 \
    ACTIONS_RUNNER_CONTAINER_HOOKS=/home/runner/k8s/index.js \
    ImageOS=ubuntu22 \
    HOMEBREW_NO_ANALYTICS=1 \
    HOMEBREW_NO_ENV_HINTS=1 \
    HOMEBREW_NO_INSTALL_CLEANUP=1 \
    RUNNER_ALLOW_RUNASROOT="1" \
    GOPATH="/tmp/go"


# ---------------------------
# Step 1: Create runner user early
# ---------------------------
RUN groupadd docker --gid 123 \
    && usermod -aG sudo apps \
    && usermod -aG docker apps \
    && echo "%sudo   ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers \
    && echo "Defaults env_keep += \"DEBIAN_FRONTEND\"" >> /etc/sudoers \
    mkdir -p /home/runner /config /config/helm /go /config/go /tmp/go \
    chown -R apps:docker /home/runner /config /config/helm /go /tmp/go /config/go \
    chmod -R 777 /home/runner /config /config/helm /go /tmp/go /config/go

WORKDIR /home/runner

ARG TARGETOS=linux
ARG VERSION
ARG RUNNER_CONTAINER_HOOKS_VERSION
ARG DOCKER_VERSION
ARG BUILDX_VERSION

# Architecture mappings
ARG TARGETARCH
ARG RUNNER_ARCH=${TARGETARCH/arm64/arm64}
ARG RUNNER_ARCH=${TARGETARCH/amd64/x64}
ARG DOCKER_ARCH=${TARGETARCH/arm64/aarch64}
ARG DOCKER_ARCH=${TARGETARCH/amd64/x86_64}

# ---------------------------
# Step 2: Install dependencies, Docker, and add keyrings/repositories
# ---------------------------
RUN set -eux; \
    mkdir -p -m 755 /etc/apt/keyrings; \
    \
    # GitHub CLI key
    out=$(mktemp); \
    wget -nv -O$out https://cli.github.com/packages/githubcli-archive-keyring.gpg; \
    cat $out | tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null; \
    chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg; \
    echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \
      | tee /etc/apt/sources.list.d/github-cli.list > /dev/null; \
    \
    # Docker official repo
    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg; \
    echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \
      | tee /etc/apt/sources.list.d/docker.list > /dev/null; \
    \
    # Git PPA
    add-apt-repository -y ppa:git-core/ppa; \
    \
    apt-get update -y; \
    \
    # Install packages
    apt-get install -y --no-install-recommends --no-install-suggests \
        gcc \
        docker-ce \
        docker-ce-cli \
        containerd.io \
        docker-buildx-plugin; \
    # yq
    cp /tools/bin/go-yq /usr/local/bin/yq; \
    chmod +x /usr/local/bin/yq; \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*


# ---------------------------
# Step 3: Download and extract GitHub Actions runner
# ---------------------------
RUN curl -fsSL -o runner.tar.gz "https://github.com/actions/runner/releases/download/v${VERSION}/actions-runner-${TARGETOS}-${RUNNER_ARCH}-${VERSION}.tar.gz" \
    && tar xzf runner.tar.gz && rm runner.tar.gz \
    && chown -R apps:docker /home/runner

# ---------------------------
# Step 4: Download and extract container hooks
# ---------------------------
RUN curl -fsSL -o runner-container-hooks.zip "https://github.com/actions/runner-container-hooks/releases/download/v${RUNNER_CONTAINER_HOOKS_VERSION}/actions-runner-hooks-k8s-${RUNNER_CONTAINER_HOOKS_VERSION}.zip" \
    && unzip runner-container-hooks.zip -d ./k8s \
    && rm runner-container-hooks.zip \
    && chown -R apps:docker /home/runner/k8s


# Modify runner binary to retain custom ACTIONS_RESULTS_URL
# ref: https://gha-cache-server.falcondev.io/getting-started
RUN sed -i 's/\x41\x00\x43\x00\x54\x00\x49\x00\x4F\x00\x4E\x00\x53\x00\x5F\x00\x52\x00\x45\x00\x53\x00\x55\x00\x4C\x00\x54\x00\x53\x00\x5F\x00\x55\x00\x52\x00\x4C\x00/\x41\x00\x43\x00\x54\x00\x49\x00\x4F\x00\x4E\x00\x53\x00\x5F\x00\x52\x00\x45\x00\x53\x00\x55\x00\x4C\x00\x54\x00\x53\x00\x5F\x00\x4F\x00\x52\x00\x4C\x00/g' /home/runner/bin/Runner.Worker.dll

USER apps
COPY --chmod=0755 . /