forked from actions-runner-controller/runner-images
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
197 lines (171 loc) · 8.21 KB
/
Dockerfile
File metadata and controls
197 lines (171 loc) · 8.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
FROM mcr.microsoft.com/dotnet/runtime-deps:6.0-focal
LABEL org.opencontainers.image.source="https://github.com/actions-runner-controller/runner-images"
ARG TARGETOS
ARG TARGETARCH
ARG RUNNER_VERSION=2.310.2
ARG RUNNER_CONTAINER_HOOKS_VERSION=0.3.2
ARG DOCKER_VERSION=23.0.6
ARG NODE_VERSION=18.18.2
ARG RUBY_VERSION=3.2.2
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update -y \
&& apt-get install -y --no-install-recommends \
sudo \
# packages in actions-runner-controller/runner-22.04
curl \
git \
jq \
unzip \
zip \
# packages in actions-runner-controller/runner-20.04
build-essential \
locales \
tzdata \
# ruby/setup-ruby dependencies
# https://github.com/ruby/setup-ruby#using-self-hosted-runners
libyaml-dev \
# dockerd dependencies
tini \
iptables \
gnupg
# KEEP LESS PACKAGES:
# We'd like to keep this image small for maintanability and security.
# See also,
# https://github.com/actions/actions-runner-controller/pull/2050
# https://github.com/actions/actions-runner-controller/blob/master/runner/actions-runner.ubuntu-22.04.dockerfile
# keep /var/lib/apt/lists to reduce time of apt-get update in a job
# set up the runner environment,
# based on https://github.com/actions/runner/blob/v2.309.0/images/Dockerfile
RUN adduser --disabled-password --gecos "" --uid 1001 runner \
&& groupadd docker --gid 123 \
&& usermod -aG sudo runner \
&& usermod -aG docker runner \
&& echo "%sudo ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers \
&& echo "Defaults env_keep += \"DEBIAN_FRONTEND\"" >> /etc/sudoers
WORKDIR /home/runner
RUN export RUNNER_ARCH=${TARGETARCH} \
&& if [ "$RUNNER_ARCH" = "amd64" ]; then export RUNNER_ARCH=x64 ; fi \
&& curl -f -L -o runner.tar.gz https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-${TARGETOS}-${RUNNER_ARCH}-${RUNNER_VERSION}.tar.gz \
&& tar xzf ./runner.tar.gz \
&& rm runner.tar.gz
RUN curl -f -L -o runner-container-hooks.zip https://github.com/actions/runner-container-hooks/releases/download/v${RUNNER_CONTAINER_HOOKS_VERSION}/actions-runner-hooks-k8s-${RUNNER_CONTAINER_HOOKS_VERSION}.zip \
&& unzip ./runner-container-hooks.zip -d ./k8s \
&& rm runner-container-hooks.zip
RUN export RUNNER_ARCH=${TARGETARCH} \
&& if [ "$RUNNER_ARCH" = "amd64" ]; then export DOCKER_ARCH=x86_64 ; fi \
&& if [ "$RUNNER_ARCH" = "arm64" ]; then export DOCKER_ARCH=aarch64 ; fi \
&& curl -fLo docker.tgz https://download.docker.com/${TARGETOS}/static/stable/${DOCKER_ARCH}/docker-${DOCKER_VERSION}.tgz \
&& tar zxvf docker.tgz \
&& rm -rf docker.tgz \
&& install -o root -g root -m 755 docker/* /usr/bin/ \
&& rm -rf docker
# some setup actions store cache into /opt/hostedtoolcache
ENV RUNNER_TOOL_CACHE /opt/hostedtoolcache
RUN mkdir /opt/hostedtoolcache \
&& chown runner:docker /opt/hostedtoolcache
# We pre-install nodejs to reduce time of setup-node and improve its reliability.
# NODE_VERSION can be overridden via build arg
RUN if [ "${TARGETARCH}" = "amd64" ]; then export NODE_ARCH=x64 ; else export NODE_ARCH=${TARGETARCH} ; fi; \
mkdir -p /opt/hostedtoolcache/node/${NODE_VERSION}/${NODE_ARCH} && \
curl -s -L https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-${NODE_ARCH}.tar.gz \
| tar xvzf - --strip-components=1 -C /opt/hostedtoolcache/node/${NODE_VERSION}/${NODE_ARCH} \
&& touch /opt/hostedtoolcache/node/${NODE_VERSION}/${NODE_ARCH}.complete \
&& chown -R runner:docker /opt/hostedtoolcache/node && \
${RUNNER_TOOL_CACHE}/node/${NODE_VERSION}/${NODE_ARCH}/bin/node --version
RUN export PATH=$PATH:/home/runner/externals/node20/bin ; export NODE_PATH=/home/runner/externals/node20/lib/node_modules ; \
npm install -g @actions/tool-cache && node <<EOF && npm uninstall -g @actions/tool-cache
const tc = require('@actions/tool-cache');
const allNodeVersions = tc.findAllVersions('node');
const expected = ['${NODE_VERSION}'];
if (expected[0] == '') {
console.log('Invalid NODE_VERSION: ' + expected[0]);
process.on("exit", function() {
process.exit(1);
});
} else if (allNodeVersions.length != expected.length) {
console.log('Expected versions of node available: ' + expected);
console.log('Actual versions of node available: ' + allNodeVersions);
process.on("exit", function() {
process.exit(1);
});
} else if (allNodeVersions[0] != expected[0]) {
console.log('Expected versions of node available: ' + expected);
console.log('Actual versions of node available: ' + allNodeVersions);
process.on("exit", function() {
process.exit(1);
});
} else {
console.log('Versions of node available: ' + allNodeVersions);
}
EOF
# RUBY_VERSION can be overridden via build arg
RUN if [ "${TARGETARCH}" = "amd64" ]; then export RUBY_ARCH=x64 ; else export RUBY_ARCH=${TARGETARCH} ; fi; \
git clone https://github.com/rbenv/ruby-build.git && \
./ruby-build/install.sh && \
apt-get install -y --no-install-recommends zlib1g-dev libssl-dev && \
RUBY_CONFIGURE_OPTS="--enable-shared --disable-install-doc" ruby-build --verbose ${RUBY_VERSION} ${RUNNER_TOOL_CACHE}/Ruby/${RUBY_VERSION}/${RUBY_ARCH} && \
${RUNNER_TOOL_CACHE}/Ruby/${RUBY_VERSION}/${RUBY_ARCH}/bin/ruby --version
RUN if [ "${TARGETARCH}" = "amd64" ]; then export RUBY_ARCH=x64 ; else export RUBY_ARCH=${TARGETARCH} ; fi; \
touch ${RUNNER_TOOL_CACHE}/Ruby/${RUBY_VERSION}/${RUBY_ARCH}.complete && \
chown -R runner:docker /opt/hostedtoolcache/Ruby
RUN export PATH=$PATH:/home/runner/externals/node20/bin ; export NODE_PATH=/home/runner/externals/node20/lib/node_modules ; \
ls -lah ${RUNNER_TOOL_CACHE}/Ruby/${RUBY_VERSION} && npm install -g @actions/tool-cache && node <<EOF && npm uninstall -g @actions/tool-cache
const tc = require('@actions/tool-cache');
const allRubyVersions = tc.findAllVersions('Ruby');
const expected = ['${RUBY_VERSION}'];
if (expected[0] == '') {
console.log('Invalid RUBY_VERSION: ' + expected[0]);
process.on("exit", function() {
process.exit(1);
});
} else if (allRubyVersions.length != expected.length) {
console.log('Expected versions of ruby available: ' + expected);
console.log('Actual versions of ruby available: ' + allRubyVersions);
process.on("exit", function() {
process.exit(1);
});
} else if (allRubyVersions[0] != expected[0]) {
console.log('Expected versions of ruby available: ' + expected);
console.log('Actual versions of ruby available: ' + allRubyVersions);
process.on("exit", function() {
process.exit(1);
});
} else {
console.log('Versions of ruby available: ' + allRubyVersions);
}
EOF
RUN apt-get update && apt-get install -y \
git curl wget unzip jq python3 python3-pip build-essential \
clang cmake \
openjdk-17-jdk maven gradle ant \
ripgrep
# Install GitHub CLI
RUN type -p curl >/dev/null || apt-get install curl -y && \
curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | \
dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg && \
echo "deb [arch=$(dpkg --print-architecture) \
signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] \
https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null && \
apt update && apt install gh -y
# AWS CLI (v2)
RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "/tmp/awscliv2.zip" && \
unzip /tmp/awscliv2.zip -d /tmp && \
/tmp/aws/install
# Google Cloud CLI
RUN echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] \
http://packages.cloud.google.com/apt cloud-sdk main" | \
tee -a /etc/apt/sources.list.d/google-cloud-sdk.list && \
apt-get install apt-transport-https ca-certificates -y && \
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | \
apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - && \
apt-get update && apt-get install google-cloud-sdk -y
# Azure CLI
RUN curl -sL https://aka.ms/InstallAzureCLIDeb | bash
COPY entrypoint.sh /
VOLUME /var/lib/docker
# some setup actions depend on ImageOS variable
# https://github.com/actions/runner-images/issues/345
ENV ImageOS=ubuntu20
USER runner
ENTRYPOINT ["/usr/bin/tini", "--", "/entrypoint.sh"]
CMD ["/home/runner/run.sh"]