-
Notifications
You must be signed in to change notification settings - Fork 19
Expand file tree
/
Copy pathrootless-ubuntu-numbat.Dockerfile
More file actions
158 lines (130 loc) · 5.13 KB
/
rootless-ubuntu-numbat.Dockerfile
File metadata and controls
158 lines (130 loc) · 5.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
FROM ubuntu:24.04 AS build
# GitHub runner arguments
ARG RUNNER_VERSION=2.333.0
ARG RUNNER_CONTAINER_HOOKS_VERSION=0.8.1
# Docker and Compose arguments
ARG DOCKER_VERSION=29.3.0
ARG COMPOSE_VERSION=v5.1.1
# Dumb-init version
ARG DUMB_INIT_VERSION=1.2.5
# Other arguments, expose TARGETPLATFORM for multi-arch builds
ARG DEBUG=false
ARG TARGETPLATFORM
# Set environment variables needed at build or run
ENV DEBIAN_FRONTEND=noninteractive
ENV RUNNER_MANUALLY_TRAP_SIG=1
ENV ACTIONS_RUNNER_PRINT_LOG_TO_STDOUT=1
# Copy in environment variables not needed at build
COPY images/.env /.env
# Shell setup
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
# Install base software
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
apt-transport-https \
apt-utils \
ca-certificates \
curl \
gcc \
git \
iproute2 \
iptables \
jq \
libyaml-dev \
locales \
lsb-release \
openssl \
pigz \
pkg-config \
software-properties-common \
tar \
time \
tzdata \
uidmap \
unzip \
wget \
xz-utils \
zip \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Delete the existing user at 1000
RUN deluser --remove-home ubuntu || true
# Runner user
RUN adduser --disabled-password --gecos "" --uid 1000 runner
# Make and set the working directory
RUN mkdir -p /home/runner \
&& chown -R $USERNAME:$GID /home/runner
WORKDIR /home/runner
# Install GitHub CLI
COPY images/software/gh-cli.sh /gh-cli.sh
RUN bash /gh-cli.sh && rm /gh-cli.sh
# Install kubectl
COPY images/software/kubectl.sh /kubectl.sh
RUN bash /kubectl.sh && rm /kubectl.sh
# Install Docker
RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
&& echo "ARCH: $ARCH" \
&& if [ "$ARCH" = "arm64" ]; then export DOCKER_ARCH=aarch64 ; fi \
&& if [ "$ARCH" = "amd64" ]; then export DOCKER_ARCH=x86_64 ; fi \
&& curl -fLo docker.tgz https://download.docker.com/linux/static/stable/${DOCKER_ARCH}/docker-${DOCKER_VERSION}.tgz \
&& tar zxvf docker.tgz \
&& rm -rf docker.tgz
RUN install -o root -g root -m 755 docker/* /usr/bin/ && rm -rf docker
# Runner download supports amd64 as x64
RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
&& echo "ARCH: $ARCH" \
&& if [ "$ARCH" = "amd64" ]; then export ARCH=x64 ; fi \
&& curl -L -o runner.tar.gz https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-${ARCH}-${RUNNER_VERSION}.tar.gz \
&& tar xzf ./runner.tar.gz \
&& rm runner.tar.gz \
&& ./bin/installdependencies.sh \
&& apt-get autoclean \
&& rm -rf /var/lib/apt/lists/*
# Install container hooks
RUN curl -f -L -o runner-container-hooks.zip https://github.com/actions/runner-container-hooks/releases/download/v${RUNNER_CONTAINER_HOOKS_VERSION}/actions-runner-hooks-k8s-${RUNNER_CONTAINER_HOOKS_VERSION}.zip \
&& unzip ./runner-container-hooks.zip -d ./k8s \
&& rm runner-container-hooks.zip
# Install dumb-init, arch command on OS X reports "i386" for Intel CPUs regardless of bitness
RUN ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
&& export ARCH \
&& if [ "$ARCH" = "arm64" ]; then export ARCH=aarch64 ; fi \
&& if [ "$ARCH" = "amd64" ] || [ "$ARCH" = "i386" ]; then export ARCH=x86_64 ; fi \
&& curl -f -L -o /usr/local/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v${DUMB_INIT_VERSION}/dumb-init_${DUMB_INIT_VERSION}_${ARCH} \
&& chmod +x /usr/local/bin/dumb-init
# Make the rootless runner directory and externals directory executable
RUN mkdir -p /run/user/1001 \
&& chown runner:runner /run/user/1001 \
&& chmod a+x /run/user/1001 \
&& mkdir -p /home/runner/externals \
&& chown runner:runner /home/runner/externals \
&& chmod a+x /home/runner/externals
# Docker-compose installation
RUN ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
&& export ARCH \
&& if [ "$ARCH" = "arm64" ]; then export ARCH=aarch64 ; fi \
&& if [ "$ARCH" = "amd64" ]; then export ARCH=x86_64 ; fi \
&& curl --create-dirs -L "https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}/docker-compose-Linux-${ARCH}" -o /home/runner/bin/docker-compose ; \
chmod +x /home/runner/bin/docker-compose
# Squash it!
FROM scratch AS final
# Label all the things!!
LABEL org.opencontainers.image.source="https://github.com/some-natalie/kubernoodles"
LABEL org.opencontainers.image.path="images/rootless-ubuntu-numbat.Dockerfile"
LABEL org.opencontainers.image.title="rootless-ubuntu-numbat"
LABEL org.opencontainers.image.description="An Ubuntu Numbat (24.04 LTS) based runner image for GitHub Actions, rootless"
LABEL org.opencontainers.image.authors="Natalie Somersall (@some-natalie)"
LABEL org.opencontainers.image.licenses="MIT"
LABEL org.opencontainers.image.documentation="https://github.com/some-natalie/kubernoodles/README.md"
# Set environment variables needed at build or run
ENV DEBIAN_FRONTEND=noninteractive
ENV RUNNER_MANUALLY_TRAP_SIG=1
ENV ACTIONS_RUNNER_PRINT_LOG_TO_STDOUT=1
# Add the Python "User Script Directory" to the PATH
ENV HOME=/home/runner
ENV PATH="${PATH}:${HOME}/.local/bin:/home/runner/bin"
ENV ImageOS=ubuntu24
# No group definition, as that makes it harder to run docker.
USER runner
# Squashing time ...
COPY --from=build / /
ENTRYPOINT ["/usr/local/bin/dumb-init", "--"]