Support basic, dind and dind-rootless as multiple kinds of images (#619)

- `basic`: Only the runner process in the container; users need to mount the Docker socket to it. - `dind`: A Docker daemon will be started in the container with the root user. - `dind-rootless`: A Docker daemon will be started in the container with a rootless user. Use s6 instead of supervisord to start processes. Reviewed-on: https://gitea.com/gitea/act_runner/pulls/619 Reviewed-by: Zettat123 <zettat123@noreply.gitea.com> Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Jason Song <i@wolfogre.com> Co-committed-by: Jason Song <i@wolfogre.com>
2024-11-12 21:42:46 +01:00 · 2024-11-06 03:15:51 +00:00 · 2024-11-06 03:15:51 +00:00 · 9712481bed
commit 9712481bed
parent b5f901b2d9
11 changed files with 92 additions and 63 deletions
--- a/.gitea/workflows/release-nightly.yml
+++ b/.gitea/workflows/release-nightly.yml
@ -66,6 +66,7 @@ jobs:
        with:
          context: .
          file: ./Dockerfile
+          target: basic
          platforms: |
            linux/amd64
            linux/arm64
@ -73,13 +74,25 @@ jobs:
          tags: |
            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}

-      - name: Build and push dind-rootless
+      - name: Build and push dind
        uses: docker/build-push-action@v5
-        env:
-          ACTIONS_RUNTIME_TOKEN: "" # See https://gitea.com/gitea/act_runner/issues/119
        with:
          context: .
-          file: ./Dockerfile.rootless
+          file: ./Dockerfile
+          target: dind
+          platforms: |
+            linux/amd64
+            linux/arm64
+          push: true
+          tags: |
+            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}-dind
+
+      - name: Build and push dind-rootless
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          target: dind-rootless
          platforms: |
            linux/amd64
            linux/arm64
--- a/.gitea/workflows/release-tag.yml
+++ b/.gitea/workflows/release-tag.yml
@ -73,6 +73,7 @@ jobs:
        with:
          context: .
          file: ./Dockerfile
+          target: basic
          platforms: |
            linux/amd64
            linux/arm64
@ -81,13 +82,26 @@ jobs:
            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}
            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}

-      - name: Build and push dind-rootless
+      - name: Build and push dind
        uses: docker/build-push-action@v5
-        env:
-          ACTIONS_RUNTIME_TOKEN: "" # See https://gitea.com/gitea/act_runner/issues/119
        with:
          context: .
-          file: ./Dockerfile.rootless
+          file: ./Dockerfile
+          target: dind
+          platforms: |
+            linux/amd64
+            linux/arm64
+          push: true
+          tags: |
+            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}-dind
+            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}-dind
+
+      - name: Build and push dind-rootless
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          target: dind-rootless
          platforms: |
            linux/amd64
            linux/arm64
--- a/.gitignore
+++ b/.gitignore
@ -1,4 +1,4 @@
-act_runner
+/act_runner
 .env
 .runner
 coverage.txt
--- a/46
+++ b/46
@ -1,16 +1,54 @@
 FROM golang:1.23-alpine AS builder
+
 # Do not remove `git` here, it is required for getting runner version when executing `make build`
 RUN apk add --no-cache make git

+ARG GOPROXY
+ENV GOPROXY=${GOPROXY:-}
+
 COPY . /opt/src/act_runner
 WORKDIR /opt/src/act_runner

 RUN make clean && make build

-FROM alpine
-RUN apk add --no-cache git bash tini
+FROM docker:dind AS dind
+
+RUN apk add --no-cache s6 bash git

 COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner
-COPY scripts/run.sh /opt/act/run.sh
+COPY scripts/run.sh /usr/local/bin/run.sh
+COPY scripts/s6 /etc/s6

-ENTRYPOINT ["/sbin/tini","--","/opt/act/run.sh"]
+VOLUME /data
+
+ENTRYPOINT ["s6-svscan","/etc/s6"]
+
+FROM docker:dind-rootless AS dind-rootless
+
+USER root
+RUN apk add --no-cache s6 bash git
+
+COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner
+COPY scripts/run.sh /usr/local/bin/run.sh
+COPY scripts/s6 /etc/s6
+
+VOLUME /data
+
+RUN mkdir -p /data && chown -R rootless:rootless /etc/s6 /data
+
+ENV DOCKER_HOST=unix:///run/user/1000/docker.sock
+
+USER rootless
+ENTRYPOINT ["s6-svscan","/etc/s6"]
+
+FROM alpine AS basic
+RUN apk add --no-cache tini bash git
+
+COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner
+COPY scripts/run.sh /usr/local/bin/run.sh
+
+VOLUME /var/run/docker.sock
+
+VOLUME /data
+
+ENTRYPOINT ["/sbin/tini","--","run.sh"]
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@ -1,24 +0,0 @@
-FROM golang:1.23-alpine AS builder
-# Do not remove `git` here, it is required for getting runner version when executing `make build`
-RUN apk add --no-cache make git
-
-COPY . /opt/src/act_runner
-WORKDIR /opt/src/act_runner
-
-RUN make clean && make build
-
-FROM docker:dind-rootless
-USER root
-RUN apk add --no-cache \
-  git bash supervisor
-
-COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner
-COPY /scripts/supervisord.conf /etc/supervisord.conf
-COPY /scripts/run.sh /opt/act/run.sh
-COPY /scripts/rootless.sh /opt/act/rootless.sh
-
-RUN mkdir /data \
-    && chown rootless:rootless /data
-
-USER rootless
-ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
--- a/scripts/rootless.sh
+++ b/scripts/rootless.sh
@ -1,9 +0,0 @@
-#!/usr/bin/env bash
-
-# wait for docker daemon
-while ! nc -z localhost 2376 </dev/null; do
-  echo 'waiting for docker daemon...'
-  sleep 5
-done
-
-. /opt/act/run.sh
--- a/scripts/s6/act_runner/finish
+++ b/scripts/s6/act_runner/finish
@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+
+exec s6-svscanctl -t /etc/s6
+
--- a/scripts/s6/act_runner/run
+++ b/scripts/s6/act_runner/run
@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+exec run.sh
--- a/scripts/s6/docker/finish
+++ b/scripts/s6/docker/finish
@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+
+exec s6-svscanctl -t /etc/s6
+
--- a/scripts/s6/docker/run
+++ b/scripts/s6/docker/run
@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+exec dockerd-entrypoint.sh
--- a/scripts/supervisord.conf
+++ b/scripts/supervisord.conf
@ -1,17 +0,0 @@
-[supervisord]
-nodaemon=true
-logfile=/dev/null
-logfile_maxbytes=0
-
-[program:dockerd]
-command=/usr/local/bin/dockerd-entrypoint.sh
-
-[program:act_runner]
-stdout_logfile=/dev/fd/1
-stdout_logfile_maxbytes=0
-redirect_stderr=true
-command=/opt/act/rootless.sh
-
-[eventlistener:processes]
-command=bash -c "echo READY && read line && kill -SIGQUIT $PPID"
-events=PROCESS_STATE_STOPPED,PROCESS_STATE_EXITED,PROCESS_STATE_FATAL