Support basic, dind and dind-rootless as multiple kinds of images (#619)

- `basic`: Only the runner process in the container; users need to mount the Docker socket to it.
- `dind`: A Docker daemon will be started in the container with the root user.
- `dind-rootless`: A Docker daemon will be started in the container with a rootless user.

Use s6 instead of supervisord to start processes.

Reviewed-on: https://gitea.com/gitea/act_runner/pulls/619
Reviewed-by: Zettat123 <zettat123@noreply.gitea.com>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-committed-by: Jason Song <i@wolfogre.com>
This commit is contained in:
Jason Song 2024-11-06 03:15:51 +00:00 committed by Jason Song
parent b5f901b2d9
commit 9712481bed
11 changed files with 92 additions and 63 deletions

View File

@ -66,6 +66,7 @@ jobs:
with: with:
context: . context: .
file: ./Dockerfile file: ./Dockerfile
target: basic
platforms: | platforms: |
linux/amd64 linux/amd64
linux/arm64 linux/arm64
@ -73,13 +74,25 @@ jobs:
tags: | tags: |
${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }} ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}
- name: Build and push dind-rootless - name: Build and push dind
uses: docker/build-push-action@v5 uses: docker/build-push-action@v5
env:
ACTIONS_RUNTIME_TOKEN: "" # See https://gitea.com/gitea/act_runner/issues/119
with: with:
context: . context: .
file: ./Dockerfile.rootless file: ./Dockerfile
target: dind
platforms: |
linux/amd64
linux/arm64
push: true
tags: |
${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}-dind
- name: Build and push dind-rootless
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
target: dind-rootless
platforms: | platforms: |
linux/amd64 linux/amd64
linux/arm64 linux/arm64

View File

@ -73,6 +73,7 @@ jobs:
with: with:
context: . context: .
file: ./Dockerfile file: ./Dockerfile
target: basic
platforms: | platforms: |
linux/amd64 linux/amd64
linux/arm64 linux/arm64
@ -81,13 +82,26 @@ jobs:
${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }} ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}
${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }} ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}
- name: Build and push dind-rootless - name: Build and push dind
uses: docker/build-push-action@v5 uses: docker/build-push-action@v5
env:
ACTIONS_RUNTIME_TOKEN: "" # See https://gitea.com/gitea/act_runner/issues/119
with: with:
context: . context: .
file: ./Dockerfile.rootless file: ./Dockerfile
target: dind
platforms: |
linux/amd64
linux/arm64
push: true
tags: |
${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}-dind
${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}-dind
- name: Build and push dind-rootless
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
target: dind-rootless
platforms: | platforms: |
linux/amd64 linux/amd64
linux/arm64 linux/arm64

2
.gitignore vendored
View File

@ -1,4 +1,4 @@
act_runner /act_runner
.env .env
.runner .runner
coverage.txt coverage.txt

View File

@ -1,16 +1,54 @@
FROM golang:1.23-alpine AS builder FROM golang:1.23-alpine AS builder
# Do not remove `git` here, it is required for getting runner version when executing `make build` # Do not remove `git` here, it is required for getting runner version when executing `make build`
RUN apk add --no-cache make git RUN apk add --no-cache make git
ARG GOPROXY
ENV GOPROXY=${GOPROXY:-}
COPY . /opt/src/act_runner COPY . /opt/src/act_runner
WORKDIR /opt/src/act_runner WORKDIR /opt/src/act_runner
RUN make clean && make build RUN make clean && make build
FROM alpine FROM docker:dind AS dind
RUN apk add --no-cache git bash tini
RUN apk add --no-cache s6 bash git
COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner
COPY scripts/run.sh /opt/act/run.sh COPY scripts/run.sh /usr/local/bin/run.sh
COPY scripts/s6 /etc/s6
ENTRYPOINT ["/sbin/tini","--","/opt/act/run.sh"] VOLUME /data
ENTRYPOINT ["s6-svscan","/etc/s6"]
FROM docker:dind-rootless AS dind-rootless
USER root
RUN apk add --no-cache s6 bash git
COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner
COPY scripts/run.sh /usr/local/bin/run.sh
COPY scripts/s6 /etc/s6
VOLUME /data
RUN mkdir -p /data && chown -R rootless:rootless /etc/s6 /data
ENV DOCKER_HOST=unix:///run/user/1000/docker.sock
USER rootless
ENTRYPOINT ["s6-svscan","/etc/s6"]
FROM alpine AS basic
RUN apk add --no-cache tini bash git
COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner
COPY scripts/run.sh /usr/local/bin/run.sh
VOLUME /var/run/docker.sock
VOLUME /data
ENTRYPOINT ["/sbin/tini","--","run.sh"]

View File

@ -1,24 +0,0 @@
FROM golang:1.23-alpine AS builder
# Do not remove `git` here, it is required for getting runner version when executing `make build`
RUN apk add --no-cache make git
COPY . /opt/src/act_runner
WORKDIR /opt/src/act_runner
RUN make clean && make build
FROM docker:dind-rootless
USER root
RUN apk add --no-cache \
git bash supervisor
COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner
COPY /scripts/supervisord.conf /etc/supervisord.conf
COPY /scripts/run.sh /opt/act/run.sh
COPY /scripts/rootless.sh /opt/act/rootless.sh
RUN mkdir /data \
&& chown rootless:rootless /data
USER rootless
ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]

View File

@ -1,9 +0,0 @@
#!/usr/bin/env bash
# wait for docker daemon
while ! nc -z localhost 2376 </dev/null; do
echo 'waiting for docker daemon...'
sleep 5
done
. /opt/act/run.sh

4
scripts/s6/act_runner/finish Executable file
View File

@ -0,0 +1,4 @@
#!/usr/bin/env bash
exec s6-svscanctl -t /etc/s6

3
scripts/s6/act_runner/run Executable file
View File

@ -0,0 +1,3 @@
#!/usr/bin/env bash
exec run.sh

4
scripts/s6/docker/finish Executable file
View File

@ -0,0 +1,4 @@
#!/usr/bin/env bash
exec s6-svscanctl -t /etc/s6

3
scripts/s6/docker/run Executable file
View File

@ -0,0 +1,3 @@
#!/usr/bin/env bash
exec dockerd-entrypoint.sh

View File

@ -1,17 +0,0 @@
[supervisord]
nodaemon=true
logfile=/dev/null
logfile_maxbytes=0
[program:dockerd]
command=/usr/local/bin/dockerd-entrypoint.sh
[program:act_runner]
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0
redirect_stderr=true
command=/opt/act/rootless.sh
[eventlistener:processes]
command=bash -c "echo READY && read line && kill -SIGQUIT $PPID"
events=PROCESS_STATE_STOPPED,PROCESS_STATE_EXITED,PROCESS_STATE_FATAL