runners
/
docker-gitea-act-runner
mirror of https://github.com/vegardit/docker-gitea-act-runner.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

improve docker builds

This commit is contained in:
sebthom 2024-03-12 19:55:04 +01:00
parent 71f701497e
commit a3e0f26ee4
3 changed files with 32 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.github/workflows/build.yml vendored
View File

@ -36,7 +36,7 @@ defaults:
shell: bash shell: bash
env: env:
DOCKER_IMAGE_REPO: vegardit/gitea-act-runner DOCKER_IMAGE_REPO: ${{ github.repository_owner }}/gitea-act-runner
TRIVY_CACHE_DIR: ~/.trivy/cache TRIVY_CACHE_DIR: ~/.trivy/cache
jobs: jobs:
@ -96,19 +96,29 @@ jobs:
- name: Install dos2unix - name: Install dos2unix
run: sudo apt-get install --no-install-recommends -y dos2unix run: sudo apt-get install --no-install-recommends -y dos2unix
- name: "Determine if docker images shall be published"
run: |
# ACT -> https://nektosact.com/usage/index.html#skipping-steps
if [[ $GITHUB_REF_NAME == 'main' && $GITHUB_EVENT_NAME != 'pull_request' && -n $ACT ]]; then
echo "DOCKER_PUSH_GHCR=true" > "$GITHUB_ENV"
if [[ -n "${{ secrets.DOCKER_HUB_USERNAME }}" ]]; then
echo "DOCKER_PUSH=true" > "$GITHUB_ENV"
fi
fi
- name: Install regclient - name: Install regclient
if: ${{ github.ref_name == 'main' && github.event_name != 'pull_request' && !env.ACT }} # https://github.com/nektos/act#skipping-steps if: ${{ env.DOCKER_PUSH_GHCR }}
uses: iarekylew00t/regctl-installer@v1 uses: iarekylew00t/regctl-installer@v1
- name: Login to docker.io - name: Login to docker.io
if: ${{ github.ref_name == 'main' && github.event_name != 'pull_request' && !env.ACT }} # https://github.com/nektos/act#skipping-steps if: ${{ env.DOCKER_PUSH }}
uses: docker/login-action@v3 uses: docker/login-action@v3
with: with:
username: ${{ secrets.DOCKER_HUB_USERNAME }} username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_TOKEN }} password: ${{ secrets.DOCKER_HUB_TOKEN }}
- name: Login to ghcr.io - name: Login to ghcr.io
if: ${{ github.ref_name == 'main' && github.event_name != 'pull_request' && !env.ACT }} # https://github.com/nektos/act#skipping-steps if: ${{ env.DOCKER_PUSH_GHCR }}
uses: docker/login-action@v3 uses: docker/login-action@v3
with: with:
registry: ghcr.io registry: ghcr.io
@ -119,19 +129,18 @@ jobs:
env: env:
DOCKER_IMAGE_TAG_PREFIX: ${{ matrix.DOCKER_IMAGE_TAG_PREFIX }} DOCKER_IMAGE_TAG_PREFIX: ${{ matrix.DOCKER_IMAGE_TAG_PREFIX }}
DOCKER_IMAGE_FLAVOR: ${{ matrix.DOCKER_IMAGE_FLAVOR }} DOCKER_IMAGE_FLAVOR: ${{ matrix.DOCKER_IMAGE_FLAVOR }}
DOCKER_PUSH: ${{ github.ref_name == 'main' && github.event_name != 'pull_request' && !env.ACT }}
TRIVY_GITHUB_TOKEN: ${{ github.token }} TRIVY_GITHUB_TOKEN: ${{ github.token }}
run: | run: |
if [[ -n "${{ inputs.VERSION }}" ]]; then if [[ -n "${{ inputs.VERSION }}" ]]; then
export GITEA_ACT_RUNNER_VERSION="${{ inputs.VERSION }}" export GITEA_ACT_RUNNER_VERSION="${{ inputs.VERSION }}"
else: else
export GITEA_ACT_RUNNER_VERSION="${{ matrix.GITEA_ACT_RUNNER_VERSION }}" export GITEA_ACT_RUNNER_VERSION="${{ matrix.GITEA_ACT_RUNNER_VERSION }}"
fi fi
bash build-image.sh bash build-image.sh
- name: Delete untagged images - name: Delete untagged images
uses: actions/github-script@v7 uses: actions/github-script@v7
if: ${{ github.ref_name == 'main' && github.event_name != 'pull_request' && !env.ACT }} # https://github.com/nektos/act#skipping-steps if: ${{ env.DOCKER_PUSH_GHCR }}
continue-on-error: true continue-on-error: true
with: with:
github-token: ${{ secrets.GHA_DELETE_PACKAGES }} github-token: ${{ secrets.GHA_DELETE_PACKAGES }}

23
build-image.sh
View File

@ -76,8 +76,8 @@ docker buildx build "$project_root" \
--build-arg GIT_REPO_URL="$(git config --get remote.origin.url)" \ --build-arg GIT_REPO_URL="$(git config --get remote.origin.url)" \
--build-arg GITEA_ACT_RUNNER_VERSION="$gitea_act_runner_effective_version" \ --build-arg GITEA_ACT_RUNNER_VERSION="$gitea_act_runner_effective_version" \
--build-arg FLAVOR=$DOCKER_IMAGE_FLAVOR \ --build-arg FLAVOR=$DOCKER_IMAGE_FLAVOR \
$(if [[ "${ACT:-}" == "true" ]]; then \ $(if [[ "${ACT:-}" == "true" || "${DOCKER_PUSH:-}" != "true" ]]; then \
echo -n "--output type=docker"; \ echo -n "--load --output type=docker"; \
else \ else \
echo -n "--platform linux/amd64,linux/arm64,linux/arm/v7"; \ echo -n "--platform linux/amd64,linux/arm64,linux/arm/v7"; \
fi) \ fi) \
@ -88,16 +88,16 @@ docker buildx build "$project_root" \
docker buildx stop docker buildx stop
set +x set +x
if [[ "${DOCKER_PUSH:-}" == "true" ]]; then
docker image pull $image_name
fi
################################################# #################################################
# push image to ghcr.io # push image to ghcr.io
################################################# #################################################
if [[ "${DOCKER_PUSH:-}" == "true" ]]; then if [[ "${DOCKER_PUSH_GHCR:-}" == "true" ]]; then
set -x; (set -x; regctl image copy $image_name ghcr.io/$image_name)
docker image pull $image_name (set -x; regctl image copy $image_name2 ghcr.io/$image_name2)
regctl image copy $image_name ghcr.io/$image_name
regctl image copy $image_name2 ghcr.io/$image_name2
set +x
fi fi
@ -106,15 +106,14 @@ fi
################################################# #################################################
echo echo
log INFO "Testing docker image [$image_name]..." log INFO "Testing docker image [$image_name]..."
set -x (set -x; docker run --rm $image_name act_runner --version)
docker run --rm $image_name act_runner --version
set +x
echo echo
################################################# #################################################
# perform security audit # perform security audit
################################################# #################################################
if [[ "${DOCKER_AUDIT_IMAGE:-1}" == 1 ]]; then # TODO see https://gitea.com/gitea/act_runner/issues/513
if [[ "${DOCKER_AUDIT_IMAGE:-1}" == 1 && "$GITEA_ACT_RUNNER_VERSION" == "nightly" ]]; then
bash "$shared_lib/cmd/audit-image.sh" $image_name bash "$shared_lib/cmd/audit-image.sh" $image_name
fi fi

6
image/Dockerfile
View File

@ -79,7 +79,11 @@ RUN --mount=type=bind,source=.shared,target=/mnt/shared <<EOF
amd64|arm64) ;; amd64|arm64) ;;
*) echo "Unsupported arch: $arch"; exit 1;; *) echo "Unsupported arch: $arch"; exit 1;;
esac esac
act_runner_download_url=https://gitea.com/gitea/act_runner/releases/download/v${GITEA_ACT_RUNNER_VERSION}/act_runner-${GITEA_ACT_RUNNER_VERSION}-linux-${arch} if [[ $GITEA_ACT_RUNNER_VERSION == "nightly" ]]; then
act_runner_download_url=https://dl.gitea.com/act_runner/nightly/act_runner-${GITEA_ACT_RUNNER_VERSION}-linux-${arch}
else
act_runner_download_url=https://gitea.com/gitea/act_runner/releases/download/v${GITEA_ACT_RUNNER_VERSION}/act_runner-${GITEA_ACT_RUNNER_VERSION}-linux-${arch}
fi
echo "Downloading [$act_runner_download_url]..." echo "Downloading [$act_runner_download_url]..."
curl "$act_runner_download_url" -o /usr/local/bin/act_runner curl "$act_runner_download_url" -o /usr/local/bin/act_runner
chmod 755 /usr/local/bin/act_runner chmod 755 /usr/local/bin/act_runner