mirror of https://github.com/rusefi/rusefi-ci.git
Merge pull request #5 from chuckwagoncomputing/docker
Docker-in-Docker etc.
This commit is contained in:
commit
7a49cd54ea
36
Dockerfile
36
Dockerfile
|
@ -1,6 +1,6 @@
|
|||
FROM ubuntu:22.04 AS builder
|
||||
|
||||
ARG RUNNER_VERSION="2.301.1"
|
||||
ARG RUNNER_VERSION="2.312.0"
|
||||
|
||||
WORKDIR /build
|
||||
|
||||
|
@ -22,16 +22,20 @@ RUN apt-get update &&\
|
|||
FROM ubuntu:22.04 AS actions-runer
|
||||
|
||||
COPY --from=builder /opt /opt
|
||||
COPY --from=builder /tmp/rusefi-provide_gcc /tmp/rusefi-provide_gcc
|
||||
COPY --from=builder /tmp/rusefi-provide_gcc12 /tmp/rusefi-provide_gcc12
|
||||
|
||||
ENV JAVA_HOME /usr/lib/jvm/temurin-11-jdk-amd64/
|
||||
|
||||
RUN useradd -m -g sudo docker &&\
|
||||
ARG GID=1000
|
||||
|
||||
RUN groupadd docker -g $GID &&\
|
||||
useradd -m -g docker -G sudo docker &&\
|
||||
apt-get update -y &&\
|
||||
apt-get install -y wget gpg &&\
|
||||
apt-get install -y wget gpg software-properties-common &&\
|
||||
wget -O key.gpg https://packages.adoptium.net/artifactory/api/gpg/key/public &&\
|
||||
gpg --dearmor -o /usr/share/keyrings/adoptium.gpg key.gpg &&\
|
||||
echo "deb [signed-by=/usr/share/keyrings/adoptium.gpg] https://packages.adoptium.net/artifactory/deb $(awk -F= '/^VERSION_CODENAME/{print$2}' /etc/os-release) main" >/etc/apt/sources.list.d/adoptium.list &&\
|
||||
add-apt-repository --yes ppa:kicad/kicad-7.0-releases &&\
|
||||
apt-get update -y &&\
|
||||
DEBIAN_FRONTEND=noninteractive /opt/actions-runner/bin/installdependencies.sh && \
|
||||
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
|
||||
|
@ -41,6 +45,7 @@ RUN useradd -m -g sudo docker &&\
|
|||
git \
|
||||
gcc \
|
||||
make \
|
||||
cmake \
|
||||
openjdk-8-jdk-headless \
|
||||
ant \
|
||||
mtools \
|
||||
|
@ -69,17 +74,38 @@ RUN useradd -m -g sudo docker &&\
|
|||
scour \
|
||||
librsvg2-bin \
|
||||
temurin-11-jdk \
|
||||
uidmap \
|
||||
supervisor \
|
||||
iproute2 \
|
||||
openssh-client \
|
||||
kicad \
|
||||
&& apt-get autoremove -y && apt-get clean -y &&\
|
||||
echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers &&\
|
||||
echo 'APT::Get::Assume-Yes "true";' >/etc/apt/apt.conf.d/90forceyes &&\
|
||||
chown -R docker /opt &&\
|
||||
chown -R docker /tmp/rusefi-provide_gcc &&\
|
||||
chown -R docker /tmp/rusefi-provide_gcc12 &&\
|
||||
update-alternatives --set java /usr/lib/jvm/temurin-11-jdk-amd64/bin/java
|
||||
|
||||
# Install Docker CLI
|
||||
RUN curl -fsSL https://get.docker.com -o- | sh && \
|
||||
rm -rf /var/lib/apt/lists/* && \
|
||||
apt-get clean
|
||||
|
||||
# Install Docker-Compose
|
||||
RUN curl -L -o /usr/local/bin/docker-compose \
|
||||
"https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m)" && \
|
||||
chmod +x /usr/local/bin/docker-compose
|
||||
|
||||
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
|
||||
RUN chmod 644 /etc/supervisor/conf.d/supervisord.conf
|
||||
|
||||
WORKDIR /opt
|
||||
|
||||
USER docker
|
||||
|
||||
RUN dockerd-rootless-setuptool.sh install
|
||||
|
||||
VOLUME /opt/actions-runner
|
||||
|
||||
ENTRYPOINT ["./start.sh"]
|
||||
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
|
||||
|
|
56
README.md
56
README.md
|
@ -4,18 +4,21 @@ This dockerfile will automatically download and configure the github actions sel
|
|||
|
||||
To run, first build the image with:
|
||||
|
||||
`docker build -t rusefi-ci .`
|
||||
`docker build --build-arg GID=$(getent group docker | cut -d ':' -f 3) -t rusefi-ci .`
|
||||
|
||||
Then run the newly built image.
|
||||
|
||||
```bash
|
||||
docker run --detach \
|
||||
docker run --detach --privileged \
|
||||
-e RUNNER_NAME=test-runner2 \
|
||||
-e RUNNER_LABELS=ubuntu-latest \
|
||||
-e GITHUB_ACCESS_TOKEN=<Personal Access Token> \
|
||||
-e RUNNER_REPOSITORY_URL=https://github.com/ZHoob2004/rusefi \
|
||||
-e RUNNER_REPOSITORY_URL=https://github.com/<github user>/rusefi \
|
||||
rusefi-ci
|
||||
```
|
||||
Replace `<github user>` with your own username if you are running on your own fork.
|
||||
If you are running an organization-level runner, you will need to replace `RUNNER_REPOSITORY_URL` with `RUNNER_ORGANIZATION_URL`.
|
||||
|
||||
|
||||
Add `--restart=unless-stopped` in order to have the container survive reboots
|
||||
|
||||
|
@ -40,7 +43,48 @@ The following environment variables allows you to control the configuration para
|
|||
|
||||
In order to link your runner to your repository/organization, you need to provide a token. There is two way of passing the token :
|
||||
|
||||
* via `GITHUB_ACCESS_TOKEN` (recommended), containing a [Personnal Access Token](https://github.com/settings/tokens). This token will be used to dynamically fetch a new runner token, as runner tokens are valid for a short period of time.
|
||||
* For a single-repository runner, your PAT should have `repo` scopes.
|
||||
* For an organization runner, your PAT should have `admin:org` scopes.
|
||||
* via `GITHUB_ACCESS_TOKEN` (recommended), containing a [fine-grained Personnal Access Token](https://github.com/settings/tokens). This token will be used to dynamically fetch a new runner token, as runner tokens are valid for a short period of time.
|
||||
* For a single-repository runner, select the repository under "Only select repositories", then under "Repository Permissions" set "Administration" to read-write.
|
||||
* For an organization runner, select the repository and set "Organization self hosted runners"to read-write.
|
||||
* via `RUNNER_TOKEN`. This token is displayed in the Actions settings page of your organization/repository, when opening the "Add Runner" page.
|
||||
|
||||
## Helper Functions
|
||||
|
||||
If you stop and start workes often, you may find it useful to have a function for starting workers. I have added the below functions to my .bashrc:
|
||||
|
||||
```bash
|
||||
ghatoken ()
|
||||
{
|
||||
echo -n "Paste token:"
|
||||
read TOKEN
|
||||
KEY=$(echo "$TOKEN" | openssl enc -aes-256-cbc -a -pbkdf2 | tr -d '\n')
|
||||
perl -pi -e 's#(?<=TOKEN=\$\(echo\s").*?(?="\s\|)#'"$KEY"'#' $(realpath ~/.bashrc)
|
||||
bash
|
||||
}
|
||||
|
||||
gha ()
|
||||
{
|
||||
if ! TOKEN=$(echo "" | openssl enc -aes-256-cbc -a -d -pbkdf2 ); then echo "Error encoding token"; return 1; fi
|
||||
NAME="runner-$1"
|
||||
IMAGE_HASH=$(docker image inspect rusefi-ci --format "{{.Id}}" 2>/dev/null)
|
||||
if CONTAINER_HASH=$(docker container inspect $NAME --format "{{.Image}}" 2>/dev/null) && [ "$IMAGE_HASH" = "$CONTAINER_HASH" ]; then
|
||||
docker start -i "$NAME"
|
||||
else
|
||||
if docker container inspect "$NAME" >/dev/null 2>/dev/null; then
|
||||
docker rm "$NAME"
|
||||
fi
|
||||
docker run -it --privileged -e RUNNER_NAME="$NAME" -e RUNNER_LABELS=ubuntu-latest -e GITHUB_ACCESS_TOKEN="$TOKEN" -e RUNNER_REPOSITORY_URL=https://github.com/<github user>/rusefi --name $NAME rusefi-ci
|
||||
fi
|
||||
}
|
||||
```
|
||||
|
||||
Replace `<github user>` with your own username if you are running on your own fork.
|
||||
If you are running an organization-level runner, you will need to replace `RUNNER_REPOSITORY_URL` with `RUNNER_ORGANIZATION_URL`.
|
||||
|
||||
Once the functions are in your .bashrc, and you have sourced your .bashrc, by opening a new shell or by running `. ~/.bashrc`,
|
||||
run `ghatoken`, paste in your PAT, and enter a password. This password will be used every time you start a runner.
|
||||
|
||||
After you have run `ghatoken`, you can now start runners with `gha <id>`. I use sequential ids, e.g. `gha 1`, `gha 2`, etc,
|
||||
but you may name them however you like.
|
||||
|
||||
Note that these helper functions start the runner in interactive mode. If you prefer, you can remove the `-i` in `docker start -i` and replace the `-it` in `docker run -it` with `--detach`.
|
||||
|
|
14
start.sh
14
start.sh
|
@ -1,5 +1,17 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [[ "$@" == "bash" ]]; then
|
||||
exec $@
|
||||
fi
|
||||
|
||||
ulimit -n 1024
|
||||
|
||||
export XDG_RUNTIME_DIR=$HOME/.docker/run
|
||||
export DOCKER_HOST=unix:///home/docker/.docker/run/docker.sock
|
||||
rm -rf $XDG_RUNTIME_DIR
|
||||
mkdir -p $XDG_RUNTIME_DIR
|
||||
PATH=/usr/bin:/sbin:/usr/sbin:$PATH dockerd-rootless.sh >/opt/docker.log 2>/opt/docker.log &
|
||||
|
||||
cd /opt/actions-runner
|
||||
|
||||
if [[ -z $RUNNER_NAME ]]; then
|
||||
|
@ -70,4 +82,4 @@ else
|
|||
--unattended
|
||||
fi
|
||||
|
||||
./run.sh & wait $!
|
||||
exec "$@"
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
[supervisord]
|
||||
user=docker
|
||||
nodaemon=true
|
||||
logfile=/dev/fd/1
|
||||
logfile_maxbytes=0
|
||||
loglevel=error
|
||||
|
||||
[program:runner]
|
||||
directory=/opt/actions-runner
|
||||
command=/opt/actions-runner/bin/runsvc.sh
|
||||
stdout_logfile=/dev/fd/1
|
||||
stdout_logfile_maxbytes=0
|
||||
redirect_stderr=true
|
Loading…
Reference in New Issue