mirror of
https://gitea.com/gitea/act_runner.git
synced 2024-11-14 14:32:46 +01:00
Support basic
, dind
and dind-rootless
as multiple kinds of images (#619)
- `basic`: Only the runner process in the container; users need to mount the Docker socket to it. - `dind`: A Docker daemon will be started in the container with the root user. - `dind-rootless`: A Docker daemon will be started in the container with a rootless user. Use s6 instead of supervisord to start processes. Reviewed-on: https://gitea.com/gitea/act_runner/pulls/619 Reviewed-by: Zettat123 <zettat123@noreply.gitea.com> Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Jason Song <i@wolfogre.com> Co-committed-by: Jason Song <i@wolfogre.com>
This commit is contained in:
parent
b5f901b2d9
commit
9712481bed
@ -66,6 +66,7 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
context: .
|
context: .
|
||||||
file: ./Dockerfile
|
file: ./Dockerfile
|
||||||
|
target: basic
|
||||||
platforms: |
|
platforms: |
|
||||||
linux/amd64
|
linux/amd64
|
||||||
linux/arm64
|
linux/arm64
|
||||||
@ -73,13 +74,25 @@ jobs:
|
|||||||
tags: |
|
tags: |
|
||||||
${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}
|
${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}
|
||||||
|
|
||||||
- name: Build and push dind-rootless
|
- name: Build and push dind
|
||||||
uses: docker/build-push-action@v5
|
uses: docker/build-push-action@v5
|
||||||
env:
|
|
||||||
ACTIONS_RUNTIME_TOKEN: "" # See https://gitea.com/gitea/act_runner/issues/119
|
|
||||||
with:
|
with:
|
||||||
context: .
|
context: .
|
||||||
file: ./Dockerfile.rootless
|
file: ./Dockerfile
|
||||||
|
target: dind
|
||||||
|
platforms: |
|
||||||
|
linux/amd64
|
||||||
|
linux/arm64
|
||||||
|
push: true
|
||||||
|
tags: |
|
||||||
|
${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}-dind
|
||||||
|
|
||||||
|
- name: Build and push dind-rootless
|
||||||
|
uses: docker/build-push-action@v5
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
file: ./Dockerfile
|
||||||
|
target: dind-rootless
|
||||||
platforms: |
|
platforms: |
|
||||||
linux/amd64
|
linux/amd64
|
||||||
linux/arm64
|
linux/arm64
|
||||||
|
@ -73,6 +73,7 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
context: .
|
context: .
|
||||||
file: ./Dockerfile
|
file: ./Dockerfile
|
||||||
|
target: basic
|
||||||
platforms: |
|
platforms: |
|
||||||
linux/amd64
|
linux/amd64
|
||||||
linux/arm64
|
linux/arm64
|
||||||
@ -81,13 +82,26 @@ jobs:
|
|||||||
${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}
|
${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}
|
||||||
${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}
|
${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}
|
||||||
|
|
||||||
- name: Build and push dind-rootless
|
- name: Build and push dind
|
||||||
uses: docker/build-push-action@v5
|
uses: docker/build-push-action@v5
|
||||||
env:
|
|
||||||
ACTIONS_RUNTIME_TOKEN: "" # See https://gitea.com/gitea/act_runner/issues/119
|
|
||||||
with:
|
with:
|
||||||
context: .
|
context: .
|
||||||
file: ./Dockerfile.rootless
|
file: ./Dockerfile
|
||||||
|
target: dind
|
||||||
|
platforms: |
|
||||||
|
linux/amd64
|
||||||
|
linux/arm64
|
||||||
|
push: true
|
||||||
|
tags: |
|
||||||
|
${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}-dind
|
||||||
|
${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}-dind
|
||||||
|
|
||||||
|
- name: Build and push dind-rootless
|
||||||
|
uses: docker/build-push-action@v5
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
file: ./Dockerfile
|
||||||
|
target: dind-rootless
|
||||||
platforms: |
|
platforms: |
|
||||||
linux/amd64
|
linux/amd64
|
||||||
linux/arm64
|
linux/arm64
|
||||||
|
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,4 +1,4 @@
|
|||||||
act_runner
|
/act_runner
|
||||||
.env
|
.env
|
||||||
.runner
|
.runner
|
||||||
coverage.txt
|
coverage.txt
|
||||||
|
46
Dockerfile
46
Dockerfile
@ -1,16 +1,54 @@
|
|||||||
FROM golang:1.23-alpine AS builder
|
FROM golang:1.23-alpine AS builder
|
||||||
|
|
||||||
# Do not remove `git` here, it is required for getting runner version when executing `make build`
|
# Do not remove `git` here, it is required for getting runner version when executing `make build`
|
||||||
RUN apk add --no-cache make git
|
RUN apk add --no-cache make git
|
||||||
|
|
||||||
|
ARG GOPROXY
|
||||||
|
ENV GOPROXY=${GOPROXY:-}
|
||||||
|
|
||||||
COPY . /opt/src/act_runner
|
COPY . /opt/src/act_runner
|
||||||
WORKDIR /opt/src/act_runner
|
WORKDIR /opt/src/act_runner
|
||||||
|
|
||||||
RUN make clean && make build
|
RUN make clean && make build
|
||||||
|
|
||||||
FROM alpine
|
FROM docker:dind AS dind
|
||||||
RUN apk add --no-cache git bash tini
|
|
||||||
|
RUN apk add --no-cache s6 bash git
|
||||||
|
|
||||||
COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner
|
COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner
|
||||||
COPY scripts/run.sh /opt/act/run.sh
|
COPY scripts/run.sh /usr/local/bin/run.sh
|
||||||
|
COPY scripts/s6 /etc/s6
|
||||||
|
|
||||||
ENTRYPOINT ["/sbin/tini","--","/opt/act/run.sh"]
|
VOLUME /data
|
||||||
|
|
||||||
|
ENTRYPOINT ["s6-svscan","/etc/s6"]
|
||||||
|
|
||||||
|
FROM docker:dind-rootless AS dind-rootless
|
||||||
|
|
||||||
|
USER root
|
||||||
|
RUN apk add --no-cache s6 bash git
|
||||||
|
|
||||||
|
COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner
|
||||||
|
COPY scripts/run.sh /usr/local/bin/run.sh
|
||||||
|
COPY scripts/s6 /etc/s6
|
||||||
|
|
||||||
|
VOLUME /data
|
||||||
|
|
||||||
|
RUN mkdir -p /data && chown -R rootless:rootless /etc/s6 /data
|
||||||
|
|
||||||
|
ENV DOCKER_HOST=unix:///run/user/1000/docker.sock
|
||||||
|
|
||||||
|
USER rootless
|
||||||
|
ENTRYPOINT ["s6-svscan","/etc/s6"]
|
||||||
|
|
||||||
|
FROM alpine AS basic
|
||||||
|
RUN apk add --no-cache tini bash git
|
||||||
|
|
||||||
|
COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner
|
||||||
|
COPY scripts/run.sh /usr/local/bin/run.sh
|
||||||
|
|
||||||
|
VOLUME /var/run/docker.sock
|
||||||
|
|
||||||
|
VOLUME /data
|
||||||
|
|
||||||
|
ENTRYPOINT ["/sbin/tini","--","run.sh"]
|
||||||
|
@ -1,24 +0,0 @@
|
|||||||
FROM golang:1.23-alpine AS builder
|
|
||||||
# Do not remove `git` here, it is required for getting runner version when executing `make build`
|
|
||||||
RUN apk add --no-cache make git
|
|
||||||
|
|
||||||
COPY . /opt/src/act_runner
|
|
||||||
WORKDIR /opt/src/act_runner
|
|
||||||
|
|
||||||
RUN make clean && make build
|
|
||||||
|
|
||||||
FROM docker:dind-rootless
|
|
||||||
USER root
|
|
||||||
RUN apk add --no-cache \
|
|
||||||
git bash supervisor
|
|
||||||
|
|
||||||
COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner
|
|
||||||
COPY /scripts/supervisord.conf /etc/supervisord.conf
|
|
||||||
COPY /scripts/run.sh /opt/act/run.sh
|
|
||||||
COPY /scripts/rootless.sh /opt/act/rootless.sh
|
|
||||||
|
|
||||||
RUN mkdir /data \
|
|
||||||
&& chown rootless:rootless /data
|
|
||||||
|
|
||||||
USER rootless
|
|
||||||
ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
|
|
@ -1,9 +0,0 @@
|
|||||||
#!/usr/bin/env bash
|
|
||||||
|
|
||||||
# wait for docker daemon
|
|
||||||
while ! nc -z localhost 2376 </dev/null; do
|
|
||||||
echo 'waiting for docker daemon...'
|
|
||||||
sleep 5
|
|
||||||
done
|
|
||||||
|
|
||||||
. /opt/act/run.sh
|
|
4
scripts/s6/act_runner/finish
Executable file
4
scripts/s6/act_runner/finish
Executable file
@ -0,0 +1,4 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
exec s6-svscanctl -t /etc/s6
|
||||||
|
|
3
scripts/s6/act_runner/run
Executable file
3
scripts/s6/act_runner/run
Executable file
@ -0,0 +1,3 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
exec run.sh
|
4
scripts/s6/docker/finish
Executable file
4
scripts/s6/docker/finish
Executable file
@ -0,0 +1,4 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
exec s6-svscanctl -t /etc/s6
|
||||||
|
|
3
scripts/s6/docker/run
Executable file
3
scripts/s6/docker/run
Executable file
@ -0,0 +1,3 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
exec dockerd-entrypoint.sh
|
@ -1,17 +0,0 @@
|
|||||||
[supervisord]
|
|
||||||
nodaemon=true
|
|
||||||
logfile=/dev/null
|
|
||||||
logfile_maxbytes=0
|
|
||||||
|
|
||||||
[program:dockerd]
|
|
||||||
command=/usr/local/bin/dockerd-entrypoint.sh
|
|
||||||
|
|
||||||
[program:act_runner]
|
|
||||||
stdout_logfile=/dev/fd/1
|
|
||||||
stdout_logfile_maxbytes=0
|
|
||||||
redirect_stderr=true
|
|
||||||
command=/opt/act/rootless.sh
|
|
||||||
|
|
||||||
[eventlistener:processes]
|
|
||||||
command=bash -c "echo READY && read line && kill -SIGQUIT $PPID"
|
|
||||||
events=PROCESS_STATE_STOPPED,PROCESS_STATE_EXITED,PROCESS_STATE_FATAL
|
|
Loading…
Reference in New Issue
Block a user