Merge pull request #5 from chuckwagoncomputing/docker

Docker-in-Docker etc.

Dockerfile

@@ -1,6 +1,6 @@
 FROM ubuntu:22.04 AS builder
 
-ARG RUNNER_VERSION="2.301.1"
+ARG RUNNER_VERSION="2.312.0"
 
 WORKDIR /build
 
@@ -22,16 +22,20 @@ RUN apt-get update &&\
 FROM ubuntu:22.04 AS actions-runer
 
 COPY --from=builder /opt /opt
-COPY --from=builder /tmp/rusefi-provide_gcc /tmp/rusefi-provide_gcc
+COPY --from=builder /tmp/rusefi-provide_gcc12 /tmp/rusefi-provide_gcc12
 
 ENV JAVA_HOME /usr/lib/jvm/temurin-11-jdk-amd64/
 
-RUN useradd -m -g sudo docker &&\
+ARG GID=1000
+
+RUN groupadd docker -g $GID &&\
+    useradd -m -g docker -G sudo docker &&\
     apt-get update -y &&\
-    apt-get install -y wget gpg &&\
+    apt-get install -y wget gpg software-properties-common &&\
     wget -O key.gpg https://packages.adoptium.net/artifactory/api/gpg/key/public &&\
     gpg --dearmor -o /usr/share/keyrings/adoptium.gpg key.gpg &&\
     echo "deb [signed-by=/usr/share/keyrings/adoptium.gpg] https://packages.adoptium.net/artifactory/deb $(awk -F= '/^VERSION_CODENAME/{print$2}' /etc/os-release) main" >/etc/apt/sources.list.d/adoptium.list &&\
+    add-apt-repository --yes ppa:kicad/kicad-7.0-releases &&\
     apt-get update -y &&\
     DEBIAN_FRONTEND=noninteractive /opt/actions-runner/bin/installdependencies.sh && \
     DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
@@ -41,6 +45,7 @@ RUN useradd -m -g sudo docker &&\
     git \
     gcc \
     make \
+    cmake \
     openjdk-8-jdk-headless \
     ant \
     mtools \
@@ -69,17 +74,38 @@ RUN useradd -m -g sudo docker &&\
     scour \
     librsvg2-bin \
     temurin-11-jdk \
+    uidmap \
+    supervisor \
+    iproute2 \
+    openssh-client \
+    kicad \
     && apt-get autoremove -y && apt-get clean -y &&\
     echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers &&\
     echo 'APT::Get::Assume-Yes "true";' >/etc/apt/apt.conf.d/90forceyes &&\
     chown -R docker /opt &&\
-    chown -R docker /tmp/rusefi-provide_gcc &&\
+    chown -R docker /tmp/rusefi-provide_gcc12 &&\
     update-alternatives --set java /usr/lib/jvm/temurin-11-jdk-amd64/bin/java
 
+# Install Docker CLI
+RUN curl -fsSL https://get.docker.com -o- | sh && \
+    rm -rf /var/lib/apt/lists/* && \
+    apt-get clean
+
+# Install Docker-Compose
+RUN curl -L -o /usr/local/bin/docker-compose \
+    "https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m)" && \
+    chmod +x /usr/local/bin/docker-compose
+
+COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+RUN chmod 644 /etc/supervisor/conf.d/supervisord.conf
+
 WORKDIR /opt
 
 USER docker
 
+RUN dockerd-rootless-setuptool.sh install
+
 VOLUME /opt/actions-runner
 
 ENTRYPOINT ["./start.sh"]
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]

README.md

@@ -4,18 +4,21 @@ This dockerfile will automatically download and configure the github actions sel
 
 To run, first build the image with:
 
-`docker build -t rusefi-ci .`
+`docker build --build-arg GID=$(getent group docker | cut -d ':' -f 3) -t rusefi-ci .`
 
 Then run the newly built image.
 
 ```bash
-docker run --detach \
+docker run --detach --privileged \
     -e RUNNER_NAME=test-runner2 \
     -e RUNNER_LABELS=ubuntu-latest \
     -e GITHUB_ACCESS_TOKEN=<Personal Access Token> \
-    -e RUNNER_REPOSITORY_URL=https://github.com/ZHoob2004/rusefi \
+    -e RUNNER_REPOSITORY_URL=https://github.com/<github user>/rusefi \
     rusefi-ci
 ```
+Replace `<github user>` with your own username if you are running on your own fork.
+If you are running an organization-level runner, you will need to replace `RUNNER_REPOSITORY_URL` with `RUNNER_ORGANIZATION_URL`.
+
 
 Add `--restart=unless-stopped` in order to have the container survive reboots
 
@@ -40,7 +43,48 @@ The following environment variables allows you to control the configuration para
 
 In order to link your runner to your repository/organization, you need to provide a token. There is two way of passing the token :
 
-* via `GITHUB_ACCESS_TOKEN` (recommended), containing a [Personnal Access Token](https://github.com/settings/tokens). This token will be used to dynamically fetch a new runner token, as runner tokens are valid for a short period of time.
-  * For a single-repository runner, your PAT should have `repo` scopes.
-  * For an organization runner, your PAT should have `admin:org` scopes.
+* via `GITHUB_ACCESS_TOKEN` (recommended), containing a [fine-grained Personnal Access Token](https://github.com/settings/tokens). This token will be used to dynamically fetch a new runner token, as runner tokens are valid for a short period of time.
+  * For a single-repository runner, select the repository under "Only select repositories", then under "Repository Permissions" set "Administration" to read-write.
+  * For an organization runner, select the repository and set "Organization self hosted runners"to read-write.
 * via `RUNNER_TOKEN`. This token is displayed in the Actions settings page of your organization/repository, when opening the "Add Runner" page.
+
+## Helper Functions
+
+If you stop and start workes often, you may find it useful to have a function for starting workers. I have added the below functions to my .bashrc:
+
+```bash
+ghatoken ()
+{
+ echo -n "Paste token:"
+ read TOKEN
+ KEY=$(echo "$TOKEN" | openssl enc -aes-256-cbc -a -pbkdf2 | tr -d '\n')
+ perl -pi -e 's#(?<=TOKEN=\$\(echo\s").*?(?="\s\|)#'"$KEY"'#' $(realpath ~/.bashrc)
+ bash
+}
+
+gha ()
+{
+  if ! TOKEN=$(echo "" | openssl enc -aes-256-cbc -a -d -pbkdf2 ); then echo "Error encoding token"; return 1; fi
+  NAME="runner-$1"
+  IMAGE_HASH=$(docker image inspect rusefi-ci --format "{{.Id}}" 2>/dev/null)
+  if CONTAINER_HASH=$(docker container inspect $NAME --format "{{.Image}}" 2>/dev/null) && [ "$IMAGE_HASH" = "$CONTAINER_HASH" ]; then
+    docker start -i "$NAME"
+  else
+    if docker container inspect "$NAME" >/dev/null 2>/dev/null; then
+      docker rm "$NAME"
+    fi
+    docker run -it --privileged -e RUNNER_NAME="$NAME" -e RUNNER_LABELS=ubuntu-latest -e GITHUB_ACCESS_TOKEN="$TOKEN" -e RUNNER_REPOSITORY_URL=https://github.com/<github user>/rusefi --name $NAME rusefi-ci
+  fi
+}
+```
+
+Replace `<github user>` with your own username if you are running on your own fork.
+If you are running an organization-level runner, you will need to replace `RUNNER_REPOSITORY_URL` with `RUNNER_ORGANIZATION_URL`.
+
+Once the functions are in your .bashrc, and you have sourced your .bashrc, by opening a new shell or by running `. ~/.bashrc`,
+run `ghatoken`, paste in your PAT, and enter a password. This password will be used every time you start a runner.
+
+After you have run `ghatoken`, you can now start runners with `gha <id>`. I use sequential ids, e.g. `gha 1`, `gha 2`, etc,
+but you may name them however you like.
+
+Note that these helper functions start the runner in interactive mode. If you prefer, you can remove the `-i` in `docker start -i` and replace the `-it` in `docker run -it` with `--detach`.

start.sh

@@ -1,5 +1,17 @@
 #!/bin/bash
 
+if [[ "$@" == "bash" ]]; then
+    exec $@
+fi
+
+ulimit -n 1024
+
+export XDG_RUNTIME_DIR=$HOME/.docker/run
+export DOCKER_HOST=unix:///home/docker/.docker/run/docker.sock
+rm -rf $XDG_RUNTIME_DIR
+mkdir -p $XDG_RUNTIME_DIR
+PATH=/usr/bin:/sbin:/usr/sbin:$PATH dockerd-rootless.sh >/opt/docker.log 2>/opt/docker.log &
+
 cd /opt/actions-runner
 
 if [[ -z $RUNNER_NAME ]]; then
@@ -70,4 +82,4 @@ else
         --unattended
 fi
 
-./run.sh & wait $!
+exec "$@"

supervisord.conf

@@ -0,0 +1,13 @@
+[supervisord]
+user=docker
+nodaemon=true
+logfile=/dev/fd/1
+logfile_maxbytes=0
+loglevel=error
+
+[program:runner]
+directory=/opt/actions-runner
+command=/opt/actions-runner/bin/runsvc.sh
+stdout_logfile=/dev/fd/1
+stdout_logfile_maxbytes=0
+redirect_stderr=true