Update Dockerfile

Update start-build.sh
Create action.yaml
2021-07-11 11:32:11 +02:00 · 2021-07-10 16:16:32 +02:00 · 2021-07-10 09:29:39 +02:00 · 2021-07-10 09:27:09 +02:00 · 2021-07-10 08:03:41 +02:00 · 2021-07-10 07:40:35 +02:00
11 changed files with 420 additions and 14 deletions
--- a/images/bromite-build/Dockerfile
+++ b/images/bromite-build/Dockerfile
@@ -1,8 +1,6 @@
-ARG VERSION
+ARG BROMITE_SHA

-FROM uazo/bromite:$VERSION
-ARG VERSION
-ENV VERSION=$VERSION
+FROM uazo/bromite:$BROMITE_SHA

 USER lg

@@ -20,5 +18,3 @@ RUN sudo chmod +x ./start-build.sh \
    && \
    ./pre-start.sh

-CMD ./start-build.sh
-
--- a/images/bromite-build/action.yaml
+++ b/images/bromite-build/action.yaml
@@ -0,0 +1,32 @@
+name: 'Prepare Bromite Builder Image'
+description: 'Check and build Bromite builder image by sha'
+
+inputs:
+  sha:
+    description: 'Bromite sha ref'
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Checking image for "${{ inputs.sha }}"
+      shell: bash
+      run: |
+        BROMITE_SHA="${{ inputs.sha }}"
+        
+        IS_PRESENT=$(docker manifest inspect uazo/bromite-build:$BROMITE_SHA > /dev/null ; echo $?)
+        if [ $IS_PRESENT -ne "0" ]; then
+          echo "Image not found"
+          
+          mkdir bromite-source
+          pushd bromite-source/
+          git clone https://github.com/uazo/bromite-buildtools
+          
+          cd bromite-buildtools/images/bromite-build/
+          DOCKER_BUILDKIT=1 docker build -t uazo/bromite-build:$BROMITE_SHA --progress plain \
+            --no-cache \
+            --build-arg BROMITE_SHA=$BROMITE_SHA \
+            .
+          
+          popd
+        fi
--- a/images/bromite-build/start-build.sh
+++ b/images/bromite-build/start-build.sh
@@ -7,7 +7,7 @@ WORKSPACE=/home/lg/working_dir

 PATH=$WORKSPACE/chromium/src/third_party/llvm-build/Release+Asserts/bin:$WORKSPACE/depot_tools/:/usr/local/go/bin:$WORKSPACE/mtool/bin:$PATH

-export GOMA_SERVER_HOST=127.0.0.1
+export GOMA_SERVER_HOST=$SERVER_HOST_GOMA
 export GOMA_SERVER_PORT=5050
 export GOMA_USE_SSL=false
 export GOMA_HTTP_AUTHORIZATION_FILE=$WORKSPACE/.debug_auth_file
--- a/images/bromite-source/Dockerfile
+++ b/images/bromite-source/Dockerfile
@@ -1,16 +1,22 @@
 ARG VERSION

 FROM uazo/chromium:$VERSION
-ARG VERSION
-ENV VERSION=$VERSION
+
+ARG BROMITE_SHA
+ENV BROMITE_SHA=$BROMITE_SHA

 USER lg

 COPY apply-bromite-patches.sh .

-RUN sudo chmod +x ./apply-bromite-patches.sh \
-    && \
-    git clone https://github.com/bromite/bromite \
-    && \
-    ./apply-bromite-patches.sh
+RUN sudo chmod +x ./apply-bromite-patches.sh && \
+    mkdir bromite && \
+    cd bromite && \
+    git init && \
+    git remote add origin https://github.com/uazo/bromite && \
+    git fetch origin $BROMITE_SHA && \
+    git reset --hard FETCH_HEAD && \
+    cd ..
+
+RUN ./apply-bromite-patches.sh

--- a/images/bromite-source/action.yaml
+++ b/images/bromite-source/action.yaml
@@ -0,0 +1,39 @@
+name: 'Prepare Bromite Source Image'
+description: 'Check and build Bromite sources image by version'
+
+inputs:
+  version:
+    description: 'Chromium Version (example 91.0.4472.146)'
+    required: true
+
+  sha:
+    description: 'Bromite sha ref'
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Checking image for "${{ inputs.sha }}"
+      shell: bash
+      run: |
+        BROMITE_SHA="${{ inputs.sha }}"
+        VERSION="${{ inputs.version }}"
+        
+        IS_PRESENT=$(docker manifest inspect uazo/bromite:$BROMITE_SHA > /dev/null ; echo $?)
+        if [ $IS_PRESENT -ne "0" ]; then
+          echo "Image not found"
+          
+          mkdir bromite-source
+          pushd bromite-source/
+
+          git clone https://github.com/uazo/bromite-buildtools
+          
+          cd bromite-buildtools/images/bromite-source/
+          DOCKER_BUILDKIT=1 docker build -t uazo/bromite:$BROMITE_SHA --progress plain \
+            --no-cache \
+            --build-arg BROMITE_SHA=$BROMITE_SHA \
+            --build-arg VERSION=$VERSION \
+            .
+          
+          popd
+        fi
--- a/images/build-deps/action.yaml
+++ b/images/build-deps/action.yaml
@@ -0,0 +1,29 @@
+name: 'Prepare Build Deps Image'
+description: 'Check and build build deps image by version'
+
+inputs:
+  version:
+    description: 'Chromium Version (example 91.0.4472.146)'
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Checking image for "${{ inputs.version }}"
+      shell: bash
+      run: |
+        VERSION="${{ inputs.version }}"
+        IS_PRESENT=$(docker manifest inspect uazo/build-deps:$VERSION > /dev/null ; echo $?)
+        if [ $IS_PRESENT -ne "0" ]; then
+          echo "Image not found"
+          
+          mkdir build-repo
+          pushd build-repo/
+          
+          git clone https://github.com/uazo/bromite-buildtools
+          cd bromite-buildtools/images/build-deps/
+          docker build -t uazo/build-deps:$VERSION --progress plain --build-arg .
+
+          popd
+          rm -rf build-repo
+        fi
--- a/images/chr-source/action.yaml
+++ b/images/chr-source/action.yaml
@@ -0,0 +1,29 @@
+name: 'Prepare Chromium Sources Image'
+description: 'Check and build chromium source image by version'
+
+inputs:
+  version:
+    description: 'Chromium Version (example 91.0.4472.146)'
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Checking image for "${{ inputs.version }}"
+      shell: bash
+      run: |
+        VERSION="${{ inputs.version }}"
+        IS_PRESENT=$(docker manifest inspect uazo/chromium:$VERSION > /dev/null ; echo $?)
+        if [ $IS_PRESENT -ne "0" ]; then
+          echo "Image not found"
+          
+          mkdir chr-source
+          pushd chr-sourced/
+          
+          git clone https://github.com/uazo/bromite-buildtools
+          cd bromite-buildtools/images/chr-source/
+          docker build -t uazo/chromium:$VERSION --progress plain --build-arg VERSION=$VERSION .
+
+          popd
+          rm -rf chr-source
+        fi
--- a/images/github-runner/Dockerfile
+++ b/images/github-runner/Dockerfile
@@ -0,0 +1,110 @@
+#FROM nestybox/ubuntu-focal-systemd-docker
+FROM ubuntu:20.04
+
+RUN set -xe && \
+    echo '#!/bin/sh' > /usr/sbin/policy-rc.d && \
+    echo 'exit 101' >> /usr/sbin/policy-rc.d && \
+    chmod +x /usr/sbin/policy-rc.d && \
+    dpkg-divert --local --rename --add /sbin/initctl && \
+    cp -a /usr/sbin/policy-rc.d /sbin/initctl && \
+    sed -i 's/^exit.*/exit 0/' /sbin/initctl && \
+    echo 'force-unsafe-io' > /etc/dpkg/dpkg.cfg.d/docker-apt-speedup && \
+    echo 'DPkg::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' > /etc/apt/apt.conf.d/docker-clean && \
+    echo 'APT::Update::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' >> /etc/apt/apt.conf.d/docker-clean && \
+    echo 'Dir::Cache::pkgcache ""; Dir::Cache::srcpkgcache "";' >> /etc/apt/apt.conf.d/docker-clean && \
+    echo 'Acquire::Languages "none";' > /etc/apt/apt.conf.d/docker-no-languages && \
+    echo 'Acquire::GzipIndexes "true"; Acquire::CompressionTypes::Order:: "gz";' > /etc/apt/apt.conf.d/docker-gzip-indexes && \
+    echo 'Apt::AutoRemove::SuggestsImportant "false";' > /etc/apt/apt.conf.d/docker-autoremove-suggests
+
+RUN mkdir -p /run/systemd && echo 'docker' > /run/systemd/container
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+      systemd systemd-sysv libsystemd0 ca-certificates dbus \
+      iptables iproute2 kmod locales sudo udev && \
+    echo "ReadKMsg=no" >> /etc/systemd/journald.conf && \
+    apt-get clean -y && \
+    rm -rf /var/cache/debconf/* /var/lib/apt/lists/* /var/log/* /tmp/* /var/tmp/* \
+           /usr/share/doc/* /usr/share/man/* /usr/share/local/* && \
+    useradd --create-home --shell /bin/bash admin && \
+    echo "admin:admin" | chpasswd && \
+    adduser admin sudo
+
+STOPSIGNAL SIGRTMIN+3
+
+RUN apt-get update && \
+    apt-get install --no-install-recommends -y apt-transport-https ca-certificates \
+      curl gnupg-agent software-properties-common && \
+    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - && \
+    apt-key fingerprint 0EBFCD88 && \
+    add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" && \
+    apt-get update && apt-get install --no-install-recommends -y docker-ce docker-ce-cli containerd.io=1.4.4-1 && \
+    apt-get clean -y && \
+    rm -rf /var/cache/debconf/* /var/lib/apt/lists/* /var/log/* /tmp/* /var/tmp/* \
+           /usr/share/doc/* /usr/share/man/* /usr/share/local/* && \
+    usermod -a -G docker admin
+
+RUN apt-get update && apt-get install --no-install-recommends -y openssh-server && \
+    mkdir /home/admin/.ssh && \
+    chown admin:admin /home/admin/.ssh
+
+EXPOSE 22
+
+# Extra deps for GHA Runner
+ENV DEBIAN_FRONTEND=noninteractive
+RUN apt-get update \
+    && apt-get install -y \
+    curl \
+    jq \
+    sudo \
+    unzip \
+    wget \
+    zip \
+    git \
+    && rm -rf /var/lib/apt/list/*
+
+# Add and config runner user as sudo
+# Remove default admin user
+# https://github.com/nestybox/dockerfiles/blob/master/ubuntu-focal-systemd/Dockerfile
+RUN useradd -m runner \
+    && usermod -aG sudo runner \
+    && usermod -aG docker runner \
+    && echo "%sudo   ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers \
+    && userdel -r admin
+
+# Build args
+ARG TARGETPLATFORM=amd64
+ARG RUNNER_VERSION=2.301.0
+WORKDIR /runner
+
+# Runner download supports amd64 as x64
+RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
+    && if [ "$ARCH" = "amd64" ]; then export ARCH=x64 ; fi \
+    && curl -Ls -o runner.tar.gz https://github.com/uazo/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-${ARCH}-${RUNNER_VERSION}.tar.gz \
+    && tar xzf ./runner.tar.gz \
+    && rm runner.tar.gz \
+    && ./bin/installdependencies.sh \
+    && rm -rf /var/lib/apt/lists/*
+
+# Dumb Init
+RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
+    && curl -Ls  -o /usr/local/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.2/dumb-init_1.2.2_${ARCH} \
+    && chmod +x /usr/local/bin/dumb-init
+
+#AWS client
+#RUN curl -Ls "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o awscliv2.zip \
+# && unzip awscliv2.zip \
+# && ./aws/install \
+# && rm -rf awscliv2.zip
+
+COPY startup.sh /usr/local/bin/
+
+# Add patched scripts from GHA runner (svc.sh and RunnerService.js)
+COPY --chown=runner:runner patched/ ./patched/
+
+RUN chmod +x ./patched/runsvc.sh /usr/local/bin/startup.sh
+
+USER runner
+
+ENTRYPOINT ["/usr/local/bin/dumb-init", "--"]
+CMD ["startup.sh"]
--- a/images/github-runner/patched/RunnerService.js
+++ b/images/github-runner/patched/RunnerService.js
@@ -0,0 +1,91 @@
+#!/usr/bin/env node
+// Copyright (c) GitHub. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+var childProcess = require("child_process");
+var path = require("path")
+
+var supported = ['linux', 'darwin']
+
+if (supported.indexOf(process.platform) == -1) {
+    console.log('Unsupported platform: ' + process.platform);
+    console.log('Supported platforms are: ' + supported.toString());
+    process.exit(1);
+}
+
+var stopping = false;
+var listener = null;
+
+var runService = function() {
+    var listenerExePath = path.join(__dirname, '../bin/Runner.Listener');
+    var interactive = process.argv[2] === "interactive";
+
+    if(!stopping) {
+        try {
+            if (interactive) {
+                console.log('Starting Runner listener interactively');
+                listener = childProcess.spawn(listenerExePath, ['run'].concat(process.argv.slice(3)), { env: process.env });
+            } else {
+                console.log('Starting Runner listener with startup type: service');
+                listener = childProcess.spawn(listenerExePath, ['run', '--startuptype', 'service'].concat(process.argv.slice(2)), { env: process.env });
+            }
+
+            console.log('Started listener process');
+
+            listener.stdout.on('data', (data) => {
+                process.stdout.write(data.toString('utf8'));
+            });
+
+            listener.stderr.on('data', (data) => {
+                process.stdout.write(data.toString('utf8'));
+            });
+
+            listener.on('close', (code) => {
+                console.log(`Runner listener exited with error code ${code}`);
+
+                if (code === 0) {
+                    console.log('Runner listener exit with 0 return code, stop the service, no retry needed.');
+                    stopping = true;
+                } else if (code === 1) {
+                    console.log('Runner listener exit with terminated error, stop the service, no retry needed.');
+                    stopping = true;
+                } else if (code === 2) {
+                    console.log('Runner listener exit with retryable error, re-launch runner in 5 seconds.');
+                } else if (code === 3) {
+                    console.log('Runner listener exit because of updating, re-launch runner in 5 seconds.');
+                } else {
+                    console.log('Runner listener exit with undefined return code, re-launch runner in 5 seconds.');
+                }
+
+                if(!stopping) {
+                    setTimeout(runService, 5000);
+                }
+            });
+
+        } catch(ex) {
+            console.log(ex);
+        }
+    }
+}
+
+runService();
+console.log('Started running service');
+
+var gracefulShutdown = function(code) {
+    console.log('Shutting down runner listener');
+    stopping = true;
+    if (listener) {
+        console.log('Sending SIGINT to runner listener to stop');
+        listener.kill('SIGINT');
+
+        // TODO wait for 30 seconds and send a SIGKILL
+    }
+}
+
+process.on('SIGINT', () => {
+    gracefulShutdown(0);
+});
+
+process.on('SIGTERM', () => {
+    gracefulShutdown(0);
+});
--- a/images/github-runner/patched/runsvc.sh
+++ b/images/github-runner/patched/runsvc.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+# convert SIGTERM signal to SIGINT
+# for more info on how to propagate SIGTERM to a child process see: http://veithen.github.io/2014/11/16/sigterm-propagation.html
+trap 'kill -INT $PID' TERM INT
+
+if [ -f ".path" ]; then
+    # configure
+    export PATH=`cat .path`
+    echo ".path=${PATH}"
+fi
+
+# insert anything to setup env when running as a service
+
+# run the host process which keep the listener alive
+./externals/node12/bin/node ./bin/RunnerService.js $* &
+PID=$!
+wait $PID
+trap - TERM INT
+wait $PID
--- a/images/github-runner/startup.sh
+++ b/images/github-runner/startup.sh
@@ -0,0 +1,54 @@
+#!/bin/bash
+
+echo "Starting supervisor (Docker)"
+sudo service docker start
+
+if [ -n "${GITHUB_REPOSITORY}" ]
+then
+  auth_url="https://api.github.com/repos/${GITHUB_OWNER}/${GITHUB_REPOSITORY}/actions/runners/registration-token"
+  registration_url="https://github.com/${GITHUB_OWNER}/${GITHUB_REPOSITORY}"
+else
+  auth_url="https://api.github.com/orgs/${GITHUB_OWNER}/actions/runners/registration-token"
+  registration_url="https://github.com/${GITHUB_OWNER}"
+fi
+
+generate_token() {
+  payload=$(curl -sX POST -H "Authorization: token ${GITHUB_PERSONAL_TOKEN}" "${auth_url}")
+  runner_token=$(echo "${payload}" | jq .token --raw-output)
+
+  if [ "${runner_token}" == "null" ]
+  then
+    echo "${payload}"
+    exit 1
+  fi
+
+  echo "${runner_token}"
+}
+
+remove_runner() {
+  ./config.sh remove --unattended --token "$(generate_token)"
+}
+
+service docker status
+runner_id=${RUNNER_NAME}_$(openssl rand -hex 6)
+echo "Registering runner ${runner_id}"
+
+./config.sh \
+  --name "${runner_id}" \
+  --labels "${RUNNER_LABELS}" \
+  --token "$(generate_token)" \
+  --url "${registration_url}" \
+  --allowedauthorslist "${ALLOWEDAUTHORSLIST}" \
+  --unattended \
+  --replace
+
+trap 'remove_runner; exit 130' SIGINT
+trap 'remove_runner; exit 143' SIGTERM
+
+for f in runsvc.sh RunnerService.js; do
+  mv bin/${f}{,.bak}
+  mv {patched,bin}/${f}
+done
+
+./bin/runsvc.sh --once "$*"
+remove_runner
Author	SHA1	Message	Date
uazo	077fb3e9c5	Update Dockerfile	2021-07-11 11:32:11 +02:00
uazo	f0c4aa2996	Update start-build.sh	2021-07-10 16:16:32 +02:00
uazo	b8448a875e	Create action.yaml	2021-07-10 09:29:39 +02:00
uazo	29fbc43b9e	Update Dockerfile	2021-07-10 09:27:09 +02:00
uazo	fe7a67ce52	Update Dockerfile	2021-07-10 08:03:41 +02:00
uazo	5411f6206e	Update Dockerfile	2021-07-10 07:40:35 +02:00
uazo	0a416e5dc5	Update action.yaml	2021-07-10 07:37:45 +02:00
uazo	1a170243be	Update Dockerfile	2021-07-10 07:35:43 +02:00
uazo	d3dd56d62a	Update action.yaml	2021-07-08 16:25:19 +02:00
uazo	419b047604	Update Dockerfile	2021-07-08 12:58:14 +02:00
uazo	83b742f4d8	Update apply-bromite-patches.sh	2021-07-08 12:51:53 +02:00
uazo	73a312f9f5	Update action.yaml	2021-07-08 11:26:42 +02:00
uazo	97b9ee7716	Update Dockerfile	2021-07-08 11:16:44 +02:00
uazo	5a04d49059	Update apply-bromite-patches.sh	2021-07-07 15:48:27 +02:00
uazo	ec97025e00	Update Dockerfile	2021-07-07 15:42:03 +02:00
uazo	dbbbc5e9a7	Update action.yaml	2021-07-07 15:34:13 +02:00
uazo	b4d7faa2a5	Update action.yaml	2021-07-07 15:26:28 +02:00
uazo	072fd782b6	Create action.yaml	2021-07-07 15:26:07 +02:00
uazo	5b561eef26	Update Dockerfile	2021-07-07 15:25:56 +02:00
uazo	8505561a95	Update action.yaml	2021-07-07 13:07:01 +02:00
uazo	ce8bbdc9ad	Create action.yaml	2021-07-07 13:05:03 +02:00
uazo	f0d7e38d26	Update action.yaml	2021-07-07 13:02:18 +02:00
uazo	20cff1ca4a	Update action.yaml	2021-07-07 12:57:37 +02:00
uazo	c937ac4150	Rename images/provide-chr-source.yaml to images/chr-source/action.yaml	2021-07-07 12:44:57 +02:00
uazo	877081a41b	Create provide-chr-source.yaml	2021-07-07 12:35:30 +02:00
uazo	fc5844e57e	Updated Dockerfile for runner	2021-07-07 10:02:41 +00:00
uazo	91c92a47c8	Initial dockerfile for github-runner	2021-07-05 15:48:55 +00:00