diff --git a/images/github-runner/Dockerfile b/images/github-runner/Dockerfile index 3d090be..b49a957 100644 --- a/images/github-runner/Dockerfile +++ b/images/github-runner/Dockerfile @@ -1,4 +1,54 @@ -FROM nestybox/ubuntu-focal-docker +#FROM nestybox/ubuntu-focal-systemd-docker +FROM ubuntu:focal-20200423 + +RUN set -xe && \ + echo '#!/bin/sh' > /usr/sbin/policy-rc.d && \ + echo 'exit 101' >> /usr/sbin/policy-rc.d && \ + chmod +x /usr/sbin/policy-rc.d && \ + dpkg-divert --local --rename --add /sbin/initctl && \ + cp -a /usr/sbin/policy-rc.d /sbin/initctl && \ + sed -i 's/^exit.*/exit 0/' /sbin/initctl && \ + echo 'force-unsafe-io' > /etc/dpkg/dpkg.cfg.d/docker-apt-speedup && \ + echo 'DPkg::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' > /etc/apt/apt.conf.d/docker-clean && \ + echo 'APT::Update::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' >> /etc/apt/apt.conf.d/docker-clean && \ + echo 'Dir::Cache::pkgcache ""; Dir::Cache::srcpkgcache "";' >> /etc/apt/apt.conf.d/docker-clean && \ + echo 'Acquire::Languages "none";' > /etc/apt/apt.conf.d/docker-no-languages && \ + echo 'Acquire::GzipIndexes "true"; Acquire::CompressionTypes::Order:: "gz";' > /etc/apt/apt.conf.d/docker-gzip-indexes && \ + echo 'Apt::AutoRemove::SuggestsImportant "false";' > /etc/apt/apt.conf.d/docker-autoremove-suggests + +RUN mkdir -p /run/systemd && echo 'docker' > /run/systemd/container + +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + systemd systemd-sysv libsystemd0 ca-certificates dbus \ + iptables iproute2 kmod locales sudo udev && \ + echo "ReadKMsg=no" >> /etc/systemd/journald.conf && \ + apt-get clean -y && \ + rm -rf /var/cache/debconf/* /var/lib/apt/lists/* /var/log/* /tmp/* /var/tmp/* \ + /usr/share/doc/* /usr/share/man/* /usr/share/local/* && \ + useradd --create-home --shell /bin/bash admin && \ + echo "admin:admin" | chpasswd && \ + adduser admin sudo + +STOPSIGNAL SIGRTMIN+3 + +RUN apt-get update && \ + apt-get install --no-install-recommends -y apt-transport-https ca-certificates \ + curl gnupg-agent software-properties-common && \ + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - && \ + apt-key fingerprint 0EBFCD88 && \ + add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" && \ + apt-get update && apt-get install --no-install-recommends -y docker-ce docker-ce-cli containerd.io=1.4.4-1 && \ + apt-get clean -y && \ + rm -rf /var/cache/debconf/* /var/lib/apt/lists/* /var/log/* /tmp/* /var/tmp/* \ + /usr/share/doc/* /usr/share/man/* /usr/share/local/* && \ + usermod -a -G docker admin + +RUN apt-get update && apt-get install --no-install-recommends -y openssh-server && \ + mkdir /home/admin/.ssh && \ + chown admin:admin /home/admin/.ssh + +EXPOSE 22 # Extra deps for GHA Runner ENV DEBIAN_FRONTEND=noninteractive @@ -14,13 +64,16 @@ RUN apt-get update \ && rm -rf /var/lib/apt/list/* # Add and config runner user as sudo +# Remove default admin user +# https://github.com/nestybox/dockerfiles/blob/master/ubuntu-focal-systemd/Dockerfile RUN useradd -m runner \ && usermod -aG sudo runner \ && usermod -aG docker runner \ - && echo "%sudo ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers + && echo "%sudo ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers \ + && userdel -r admin # Build args -ARG TARGETPLATFORM=x64 +ARG TARGETPLATFORM=amd64 ARG RUNNER_VERSION=2.301.0 WORKDIR /runner @@ -34,18 +87,24 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \ && rm -rf /var/lib/apt/lists/* # Dumb Init -#RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \ -# && curl -Ls -o /usr/local/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.2/dumb-init_1.2.2_${ARCH} \ -# && chmod +x /usr/local/bin/dumb-init +RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \ + && curl -Ls -o /usr/local/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.2/dumb-init_1.2.2_${ARCH} \ + && chmod +x /usr/local/bin/dumb-init -COPY startup.sh . +#AWS client +#RUN curl -Ls "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o awscliv2.zip \ +# && unzip awscliv2.zip \ +# && ./aws/install \ +# && rm -rf awscliv2.zip + +COPY startup.sh /usr/local/bin/ # Add patched scripts from GHA runner (svc.sh and RunnerService.js) COPY --chown=runner:runner patched/ ./patched/ -RUN chmod +x ./patched/runsvc.sh ./startup.sh +RUN chmod +x ./patched/runsvc.sh /usr/local/bin/startup.sh USER runner -#ENTRYPOINT ["/usr/local/bin/dumb-init", "--"] -CMD ./startup.sh +ENTRYPOINT ["/usr/local/bin/dumb-init", "--"] +CMD ["startup.sh"] diff --git a/images/github-runner/startup.sh b/images/github-runner/startup.sh index 6969781..1fed1aa 100644 --- a/images/github-runner/startup.sh +++ b/images/github-runner/startup.sh @@ -1,4 +1,3 @@ - #!/bin/bash echo "Starting supervisor (Docker)"