forked from actions/actions-runner-controller
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: dind-rootless 22.04 runner (actions#2033)
* feat: dind-rootless 22.04 runner * runner: Bring back packages needed by rootlesskit * e2e: Update E2E buildvars with ubuntu 22.04 dockerfiles * feat: use new uid for runner user * e2e: Make it possible to inject ubuntu version via envvar for actiosn-runner-dind image * doc: Use fsGroup=1001 for IRSA on Ubuntu 22.04 runner Co-authored-by: toast-gear <toast-gear@users.noreply.github.com> Co-authored-by: Yusuke Kuoka <ykuoka@gmail.com>
- Loading branch information
1 parent
775dc60
commit a8417ec
Showing
4 changed files
with
140 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
125 changes: 125 additions & 0 deletions
125
runner/actions-runner-dind-rootless.ubuntu-22.04.dockerfile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,125 @@ | ||
FROM ubuntu:22.04 | ||
|
||
ARG TARGETPLATFORM | ||
ARG RUNNER_VERSION=2.299.1 | ||
ARG RUNNER_CONTAINER_HOOKS_VERSION=0.1.3 | ||
# Docker and Docker Compose arguments | ||
ENV CHANNEL=stable | ||
ARG DOCKER_COMPOSE_VERSION=v2.12.2 | ||
ARG DUMB_INIT_VERSION=1.2.5 | ||
ARG RUNNER_USER_UID=1001 | ||
|
||
# Other arguments | ||
ARG DEBUG=false | ||
|
||
RUN test -n "$TARGETPLATFORM" || (echo "TARGETPLATFORM must be set" && false) | ||
|
||
ENV DEBIAN_FRONTEND=noninteractive | ||
RUN apt-get update -y \ | ||
&& apt-get install -y software-properties-common \ | ||
&& add-apt-repository -y ppa:git-core/ppa \ | ||
&& apt-get update -y \ | ||
&& apt-get install -y --no-install-recommends \ | ||
curl \ | ||
ca-certificates \ | ||
git \ | ||
git-lfs \ | ||
iproute2 \ | ||
iptables \ | ||
jq \ | ||
supervisor \ | ||
sudo \ | ||
uidmap \ | ||
unzip \ | ||
zip \ | ||
&& rm -rf /var/lib/apt/lists/* | ||
|
||
# Runner user | ||
RUN adduser --disabled-password --gecos "" --uid $RUNNER_USER_UID runner | ||
|
||
ENV HOME=/home/runner | ||
|
||
# Set-up subuid and subgid so that "--userns-remap=default" works | ||
RUN set -eux; \ | ||
addgroup --system dockremap; \ | ||
adduser --system --ingroup dockremap dockremap; \ | ||
echo 'dockremap:165536:65536' >> /etc/subuid; \ | ||
echo 'dockremap:165536:65536' >> /etc/subgid | ||
|
||
RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \ | ||
&& if [ "$ARCH" = "arm64" ]; then export ARCH=aarch64 ; fi \ | ||
&& if [ "$ARCH" = "amd64" ] || [ "$ARCH" = "i386" ]; then export ARCH=x86_64 ; fi \ | ||
&& curl -fLo /usr/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v${DUMB_INIT_VERSION}/dumb-init_${DUMB_INIT_VERSION}_${ARCH} \ | ||
&& chmod +x /usr/bin/dumb-init | ||
|
||
ENV RUNNER_ASSETS_DIR=/runnertmp | ||
RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \ | ||
&& if [ "$ARCH" = "amd64" ] || [ "$ARCH" = "x86_64" ] || [ "$ARCH" = "i386" ]; then export ARCH=x64 ; fi \ | ||
&& mkdir -p "$RUNNER_ASSETS_DIR" \ | ||
&& cd "$RUNNER_ASSETS_DIR" \ | ||
&& curl -fLo runner.tar.gz https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-${ARCH}-${RUNNER_VERSION}.tar.gz \ | ||
&& tar xzf ./runner.tar.gz \ | ||
&& rm runner.tar.gz \ | ||
&& ./bin/installdependencies.sh \ | ||
&& mv ./externals ./externalstmp \ | ||
# libyaml-dev is required for ruby/setup-ruby action. | ||
# It is installed after installdependencies.sh and before removing /var/lib/apt/lists | ||
# to avoid rerunning apt-update on its own. | ||
&& apt-get install -y libyaml-dev \ | ||
&& rm -rf /var/lib/apt/lists/* | ||
|
||
ENV RUNNER_TOOL_CACHE=/opt/hostedtoolcache | ||
RUN mkdir /opt/hostedtoolcache \ | ||
&& chgrp runner /opt/hostedtoolcache \ | ||
&& chmod g+rwx /opt/hostedtoolcache | ||
|
||
RUN cd "$RUNNER_ASSETS_DIR" \ | ||
&& curl -fLo runner-container-hooks.zip https://github.com/actions/runner-container-hooks/releases/download/v${RUNNER_CONTAINER_HOOKS_VERSION}/actions-runner-hooks-k8s-${RUNNER_CONTAINER_HOOKS_VERSION}.zip \ | ||
&& unzip ./runner-container-hooks.zip -d ./k8s \ | ||
&& rm -f runner-container-hooks.zip | ||
|
||
# Make the rootless runner directory executable | ||
RUN mkdir /run/user/1000 \ | ||
&& chown runner:runner /run/user/1000 \ | ||
&& chmod a+x /run/user/1000 | ||
|
||
# We place the scripts in `/usr/bin` so that users who extend this image can | ||
# override them with scripts of the same name placed in `/usr/local/bin`. | ||
COPY entrypoint-dind-rootless.sh startup.sh logger.sh graceful-stop.sh update-status /usr/bin/ | ||
RUN chmod +x /usr/bin/entrypoint-dind-rootless.sh /usr/bin/startup.sh | ||
|
||
# Copy the docker shim which propagates the docker MTU to underlying networks | ||
# to replace the docker binary in the PATH. | ||
COPY docker-shim.sh /usr/local/bin/docker | ||
|
||
# Configure hooks folder structure. | ||
COPY hooks /etc/arc/hooks/ | ||
|
||
# Add the Python "User Script Directory" to the PATH | ||
ENV PATH="${PATH}:${HOME}/.local/bin:/home/runner/bin" | ||
ENV ImageOS=ubuntu22 | ||
ENV DOCKER_HOST=unix:///run/user/1000/docker.sock | ||
ENV XDG_RUNTIME_DIR=/run/user/1000 | ||
|
||
RUN echo "PATH=${PATH}" > /etc/environment \ | ||
&& echo "ImageOS=${ImageOS}" >> /etc/environment \ | ||
&& echo "DOCKER_HOST=${DOCKER_HOST}" >> /etc/environment \ | ||
&& echo "XDG_RUNTIME_DIR=${XDG_RUNTIME_DIR}" >> /etc/environment | ||
|
||
# No group definition, as that makes it harder to run docker. | ||
USER runner | ||
|
||
# This will install docker under $HOME/bin according to the content of the script | ||
RUN export SKIP_IPTABLES=1 \ | ||
&& curl -fsSL https://get.docker.com/rootless | sh \ | ||
&& /home/runner/bin/docker -v | ||
|
||
RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \ | ||
&& if [ "$ARCH" = "arm64" ]; then export ARCH=aarch64 ; fi \ | ||
&& if [ "$ARCH" = "amd64" ] || [ "$ARCH" = "i386" ]; then export ARCH=x86_64 ; fi \ | ||
&& mkdir -p /home/runner/bin \ | ||
&& curl -fLo /home/runner/bin/docker-compose https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-Linux-${ARCH} \ | ||
&& chmod +x /home/runner/bin/docker-compose | ||
|
||
ENTRYPOINT ["/bin/bash", "-c"] | ||
CMD ["entrypoint-dind-rootless.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters