Extend official actions/runner image (#123)

* Extend official actions/runner image * Align with official Dockerfile * Fix Renovate * Update DOCKER_VERSION
quipper · Sep 26, 2023 · 44cb882 · 44cb882
1 parent 0fa92e5
commit 44cb882
Show file tree

Hide file tree

Showing 6 changed files with 106 additions and 47 deletions.
diff --git a/.github/renovate.json5 b/.github/renovate.json5
@@ -12,7 +12,7 @@
   "regexManagers": [
     {
       "description": "Update actions/runner version",
-      "fileMatch": ["^Dockerfile$"],
+      "fileMatch": ["^Dockerfile"],
       "matchStrings": ["RUNNER_VERSION=(?<currentValue>.*?)\\s"],
       "depNameTemplate": "actions/runner",
       "datasourceTemplate": "github-releases",

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -7,6 +7,7 @@ on:
       - .github/workflows/reusable--build-and-test.yaml
       - .github/workflows/reusable--e2e-test.yaml
       - Dockerfile
+      - Dockerfile.*
       - entrypoint.sh
       - e2e-test/**
   push:
@@ -15,6 +16,7 @@ on:
       - .github/workflows/reusable--build-and-test.yaml
       - .github/workflows/reusable--e2e-test.yaml
       - Dockerfile
+      - Dockerfile.*
       - entrypoint.sh
       - e2e-test/**
     branches:
@@ -47,8 +49,6 @@ jobs:
     with:
       context: ${{ inputs.context }}
       tags: ${{ inputs.tags }}
-      build-args: |
-        BASE_IMAGE_OS=focal
-        ImageOS=ubuntu20
+      file: Dockerfile.ubuntu20
       flavor: suffix=-ubuntu20
       runner-name: runner-ubuntu20-${{ github.run_id }}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -8,6 +8,7 @@ on:
       - .github/workflows/reusable--build-and-test.yaml
       - .github/workflows/reusable--e2e-test.yaml
       - Dockerfile
+      - Dockerfile.*
       - hack/**
   push:
     branches:
@@ -18,6 +19,7 @@ on:
       - .github/workflows/reusable--build-and-test.yaml
       - .github/workflows/reusable--e2e-test.yaml
       - Dockerfile
+      - Dockerfile.*
       - hack/**
 
 jobs:

diff --git a/.github/workflows/reusable--build-and-test.yaml b/.github/workflows/reusable--build-and-test.yaml
@@ -7,6 +7,10 @@ on:
         type: string
         required: false
         description: context passed to docker/build-push-action
+      file:
+        type: string
+        required: false
+        description: file passed to docker/build-push-action
       build-args:
         type: string
         required: false
@@ -59,6 +63,7 @@ jobs:
         id: build
         with:
           context: ${{ inputs.context }}
+          file: ${{ inputs.file }}
           push: true
           tags: ${{ steps.metadata.outputs.tags }}
           labels: ${{ steps.metadata.outputs.labels }}

diff --git a/Dockerfile b/Dockerfile
@@ -1,15 +1,10 @@
-ARG BASE_IMAGE_OS=jammy
-FROM mcr.microsoft.com/dotnet/runtime-deps:6.0-${BASE_IMAGE_OS}
-
-ARG TARGETARCH
 ARG RUNNER_VERSION=2.309.0
-ARG RUNNER_CONTAINER_HOOKS_VERSION=0.3.1
-ARG DOCKER_VERSION=20.10.23
 
-ENV DEBIAN_FRONTEND=noninteractive
-RUN apt-get update -y \
-    && apt-get install -y --no-install-recommends \
-        sudo \
+# extends https://github.com/actions/runner/blob/main/images/Dockerfile
+FROM ghcr.io/actions/actions-runner:${RUNNER_VERSION}
+
+RUN sudo apt-get update -y \
+    && sudo apt-get install -y --no-install-recommends \
         # packages in actions-runner-controller/runner-22.04
         curl \
         git \
@@ -35,47 +30,23 @@ RUN apt-get update -y \
 
 # keep /var/lib/apt/lists to reduce time of apt-get update in a job
 
-# set up the runner environment,
-# based on https://github.com/actions/runner/blob/v2.304.0/images/Dockerfile
-RUN adduser --disabled-password --gecos "" --uid 1001 runner \
-    && groupadd docker --gid 123 \
-    && usermod -aG sudo runner \
-    && usermod -aG docker runner \
-    && echo "%sudo   ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers \
-    && echo "Defaults env_keep += \"DEBIAN_FRONTEND\"" >> /etc/sudoers
-
-WORKDIR /home/runner
-RUN RUNNER_ARCH=x64 \
-    && if [ "$TARGETARCH" = "arm64" ]; then RUNNER_ARCH=arm64 ; fi \
-    && curl -f -L -o runner.tar.gz https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-${RUNNER_ARCH}-${RUNNER_VERSION}.tar.gz \
-    && tar xzf ./runner.tar.gz \
-    && rm runner.tar.gz
-
-RUN curl -f -L -o runner-container-hooks.zip https://github.com/actions/runner-container-hooks/releases/download/v${RUNNER_CONTAINER_HOOKS_VERSION}/actions-runner-hooks-k8s-${RUNNER_CONTAINER_HOOKS_VERSION}.zip \
-    && unzip ./runner-container-hooks.zip -d ./k8s \
-    && rm runner-container-hooks.zip
-
-RUN DOCKER_ARCH=x86_64 \
-    && if [ "$TARGETARCH" = "arm64" ]; then DOCKER_ARCH=aarch64 ; fi \
-    && curl -fLo docker.tgz https://download.docker.com/linux/static/stable/${DOCKER_ARCH}/docker-${DOCKER_VERSION}.tgz \
-    && tar zxvf docker.tgz \
-    && rm -rf docker.tgz \
-    && install -o root -g root -m 755 docker/* /usr/bin/ \
-    && rm -rf docker
-
 # some setup actions store cache into /opt/hostedtoolcache
-RUN mkdir /opt/hostedtoolcache \
-    && chown runner:docker /opt/hostedtoolcache
+RUN sudo mkdir /opt/hostedtoolcache \
+    && sudo chown runner:docker /opt/hostedtoolcache
 
 COPY entrypoint.sh /
 
 VOLUME /var/lib/docker
 
 # some setup actions depend on ImageOS variable
 # https://github.com/actions/runner-images/issues/345
-ARG ImageOS=ubuntu22
-ENV ImageOS=${ImageOS}
+ENV ImageOS=ubuntu22
+
+# tini sends the signal to children
+ENV RUNNER_MANUALLY_TRAP_SIG=
+
+# disable the log by default, because it is too large
+ENV ACTIONS_RUNNER_PRINT_LOG_TO_STDOUT=
 
-USER runner
 ENTRYPOINT ["/usr/bin/tini", "--", "/entrypoint.sh"]
 CMD ["/home/runner/run.sh"]
diff --git a/Dockerfile.ubuntu20 b/Dockerfile.ubuntu20
@@ -0,0 +1,81 @@
+FROM mcr.microsoft.com/dotnet/runtime-deps:6.0-focal
+
+ARG TARGETOS
+ARG TARGETARCH
+ARG RUNNER_VERSION=2.309.0
+ARG RUNNER_CONTAINER_HOOKS_VERSION=0.3.2
+ARG DOCKER_VERSION=23.0.6
+
+ENV DEBIAN_FRONTEND=noninteractive
+RUN apt-get update -y \
+    && apt-get install -y --no-install-recommends \
+        sudo \
+        # packages in actions-runner-controller/runner-22.04
+        curl \
+        git \
+        jq \
+        unzip \
+        zip \
+        # packages in actions-runner-controller/runner-20.04
+        build-essential \
+        locales \
+        tzdata \
+        # ruby/setup-ruby dependencies
+        # https://github.com/ruby/setup-ruby#using-self-hosted-runners
+        libyaml-dev \
+        # dockerd dependencies
+        tini \
+        iptables
+
+# KEEP LESS PACKAGES:
+# We'd like to keep this image small for maintanability and security.
+# See also,
+# https://github.com/actions/actions-runner-controller/pull/2050
+# https://github.com/actions/actions-runner-controller/blob/master/runner/actions-runner.ubuntu-22.04.dockerfile
+
+# keep /var/lib/apt/lists to reduce time of apt-get update in a job
+
+# set up the runner environment,
+# based on https://github.com/actions/runner/blob/v2.309.0/images/Dockerfile
+RUN adduser --disabled-password --gecos "" --uid 1001 runner \
+    && groupadd docker --gid 123 \
+    && usermod -aG sudo runner \
+    && usermod -aG docker runner \
+    && echo "%sudo   ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers \
+    && echo "Defaults env_keep += \"DEBIAN_FRONTEND\"" >> /etc/sudoers
+
+WORKDIR /home/runner
+RUN export RUNNER_ARCH=${TARGETARCH} \
+    && if [ "$RUNNER_ARCH" = "amd64" ]; then export RUNNER_ARCH=x64 ; fi \
+    && curl -f -L -o runner.tar.gz https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-${TARGETOS}-${RUNNER_ARCH}-${RUNNER_VERSION}.tar.gz \
+    && tar xzf ./runner.tar.gz \
+    && rm runner.tar.gz
+
+RUN curl -f -L -o runner-container-hooks.zip https://github.com/actions/runner-container-hooks/releases/download/v${RUNNER_CONTAINER_HOOKS_VERSION}/actions-runner-hooks-k8s-${RUNNER_CONTAINER_HOOKS_VERSION}.zip \
+    && unzip ./runner-container-hooks.zip -d ./k8s \
+    && rm runner-container-hooks.zip
+
+RUN export RUNNER_ARCH=${TARGETARCH} \
+    && if [ "$RUNNER_ARCH" = "amd64" ]; then export DOCKER_ARCH=x86_64 ; fi \
+    && if [ "$RUNNER_ARCH" = "arm64" ]; then export DOCKER_ARCH=aarch64 ; fi \
+    && curl -fLo docker.tgz https://download.docker.com/${TARGETOS}/static/stable/${DOCKER_ARCH}/docker-${DOCKER_VERSION}.tgz \
+    && tar zxvf docker.tgz \
+    && rm -rf docker.tgz \
+    && install -o root -g root -m 755 docker/* /usr/bin/ \
+    && rm -rf docker
+
+# some setup actions store cache into /opt/hostedtoolcache
+RUN mkdir /opt/hostedtoolcache \
+    && chown runner:docker /opt/hostedtoolcache
+
+COPY entrypoint.sh /
+
+VOLUME /var/lib/docker
+
+# some setup actions depend on ImageOS variable
+# https://github.com/actions/runner-images/issues/345
+ENV ImageOS=ubuntu20
+
+USER runner
+ENTRYPOINT ["/usr/bin/tini", "--", "/entrypoint.sh"]
+CMD ["/home/runner/run.sh"]