create docker tag with exact runner version
This commit is contained in:
sebthom
parent
dfc5a30aff
commit
fccc482c5d
|
|
@ -20,6 +20,11 @@ on:
|
|||
- cron: '0 17 * * 3'
|
||||
pull_request:
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
VERSION:
|
||||
type: string
|
||||
default: latest
|
||||
description: Version of the Gitea Act Runner, see https://dl.gitea.com/act_runner/
|
||||
# https://github.blog/changelog/2020-07-06-github-actions-manual-triggers-with-workflow_dispatch/
|
||||
|
||||
defaults:
|
||||
|
|
@ -38,12 +43,13 @@ jobs:
|
|||
matrix:
|
||||
include:
|
||||
- DOCKER_IMAGE_FLAVOR: dood
|
||||
DOCKER_IMAGE_TAG: latest
|
||||
DOCKER_IMAGE_TAG_PREFIX: ""
|
||||
- DOCKER_IMAGE_FLAVOR: dind
|
||||
DOCKER_IMAGE_TAG: dind-latest
|
||||
DOCKER_IMAGE_TAG_PREFIX: dind-
|
||||
- DOCKER_IMAGE_FLAVOR: dind-rootless
|
||||
DOCKER_IMAGE_TAG: dind-rootless-latest
|
||||
DOCKER_IMAGE_TAG_PREFIX: dind-rootless-
|
||||
fail-fast: true
|
||||
|
||||
steps:
|
||||
- name: Show environment variables
|
||||
run: env | sort
|
||||
|
|
@ -72,28 +78,36 @@ jobs:
|
|||
- name: Install dos2unix
|
||||
run: sudo apt-get install --no-install-recommends -y dos2unix
|
||||
|
||||
- name: Install regclient
|
||||
if: ${{ github.ref_name == 'main' && github.event_name != 'pull_request' && !env.ACT }} # https://github.com/nektos/act#skipping-steps
|
||||
uses: iarekylew00t/regctl-installer@v1
|
||||
|
||||
- name: Login to docker.io
|
||||
if: ${{ github.ref_name == 'main' && github.event_name != 'pull_request' && !env.ACT }} # https://github.com/nektos/act#skipping-steps
|
||||
run: |
|
||||
docker login docker.io -u "${{ secrets.DOCKER_HUB_USERNAME }}" -p "${{ secrets.DOCKER_HUB_TOKEN }}"
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_HUB_TOKEN }}
|
||||
|
||||
- name: Login to ghcr.io
|
||||
if: ${{ github.ref_name == 'main' && github.event_name != 'pull_request' && !env.ACT }} # https://github.com/nektos/act#skipping-steps
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ github.token }}
|
||||
|
||||
- name: Build ${{ env.DOCKER_IMAGE_REPO }}:${{ env.DOCKER_IMAGE_TAG }}
|
||||
env:
|
||||
DOCKER_IMAGE_TAG: ${{ matrix.DOCKER_IMAGE_TAG }}
|
||||
DOCKER_IMAGE_TAG_PREFIX: ${{ matrix.DOCKER_IMAGE_TAG_PREFIX }}
|
||||
DOCKER_IMAGE_FLAVOR: ${{ matrix.DOCKER_IMAGE_FLAVOR }}
|
||||
DOCKER_PUSH: ${{ github.ref_name == 'main' && github.event_name != 'pull_request' && !env.ACT }}
|
||||
TRIVY_GITHUB_TOKEN: ${{ github.token }}
|
||||
run: bash build-image.sh
|
||||
|
||||
- name: Publish Docker image to GH registry
|
||||
if: ${{ github.ref_name == 'main' && github.event_name != 'pull_request' && !env.ACT }} # https://github.com/nektos/act#skipping-steps
|
||||
uses: truemark/skopeo-copy-action@v1 # https://github.com/truemark/skopeo-copy-action
|
||||
with:
|
||||
src-image: "docker://docker.io/${{ env.DOCKER_IMAGE_REPO }}:${{ matrix.DOCKER_IMAGE_TAG }}"
|
||||
dest-image: "docker://ghcr.io/${{ env.DOCKER_IMAGE_REPO }}:${{ matrix.DOCKER_IMAGE_TAG }}"
|
||||
dest-username: "${{ github.actor }}"
|
||||
dest-password: "${{ github.token }}"
|
||||
multi-arch: "all"
|
||||
run: |
|
||||
if [[ -n "${{ inputs.VERSION }}" ]]; then
|
||||
export GITEA_ACT_RUNNER_VERSION="${{ inputs.VERSION }}"
|
||||
fi
|
||||
bash build-image.sh
|
||||
|
||||
- name: Delete untagged images
|
||||
uses: actions/github-script@v6
|
||||
|
|
|
|||
|
|
@ -5,17 +5,44 @@
|
|||
# SPDX-License-Identifier: Apache-2.0
|
||||
# SPDX-ArtifactOfProjectHomePage: https://github.com/vegardit/docker-gitea-act-runner
|
||||
|
||||
function curl() {
|
||||
command curl -sSfL --connect-timeout 10 --max-time 30 --retry 3 --retry-all-errors "$@"
|
||||
}
|
||||
|
||||
shared_lib="$(dirname $0)/.shared"
|
||||
[ -e "$shared_lib" ] || curl -sSf https://raw.githubusercontent.com/vegardit/docker-shared/v1/download.sh?_=$(date +%s) | bash -s v1 "$shared_lib" || exit 1
|
||||
[ -e "$shared_lib" ] || curl https://raw.githubusercontent.com/vegardit/docker-shared/v1/download.sh?_=$(date +%s) | bash -s v1 "$shared_lib" || exit 1
|
||||
source "$shared_lib/lib/build-image-init.sh"
|
||||
|
||||
|
||||
#################################################
|
||||
# check prereqs
|
||||
#################################################
|
||||
|
||||
if [[ "${DOCKER_PUSH:-}" == "true" ]]; then
|
||||
if ! hash regctl &>/dev/null; then
|
||||
log ERROR "regctl (aka regclient) command line tool is misssing!"
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
#################################################
|
||||
# specify target docker registry/repo
|
||||
#################################################
|
||||
docker_registry=${DOCKER_REGISTRY:-docker.io}
|
||||
gitea_act_runner_version=${GITEA_ACT_RUNNER_VERSION:-latest}
|
||||
image_repo=${DOCKER_IMAGE_REPO:-vegardit/gitea-act-runner}
|
||||
image_name=$image_repo:${DOCKER_IMAGE_TAG:-latest}
|
||||
|
||||
|
||||
#################################################
|
||||
# resolve gitea act runner version
|
||||
#################################################
|
||||
case $gitea_act_runner_version in
|
||||
latest) gitea_act_runner_effective_version=$(curl https://gitea.com/gitea/act_runner/releases.rss | grep -oP "releases/tag/v\K\d\.\d\.\d" | head -n 1)
|
||||
;;
|
||||
*) gitea_act_runner_effective_version=$gitea_act_runner_version
|
||||
;;
|
||||
esac
|
||||
image_name=$image_repo:${DOCKER_IMAGE_TAG_PREFIX:-}$gitea_act_runner_version
|
||||
image_name2=$image_repo:${DOCKER_IMAGE_TAG_PREFIX:-}$gitea_act_runner_effective_version
|
||||
|
||||
|
||||
#################################################
|
||||
|
|
@ -27,6 +54,7 @@ if [[ $OSTYPE == "cygwin" || $OSTYPE == "msys" ]]; then
|
|||
fi
|
||||
|
||||
# https://github.com/docker/buildx/#building-multi-platform-images
|
||||
set -x
|
||||
docker run --privileged --rm tonistiigi/binfmt --install all
|
||||
export DOCKER_CLI_EXPERIMENTAL=enabled # prevents "docker: 'buildx' is not a docker command."
|
||||
docker buildx create --use # prevents: error: multiple platforms feature is currently not supported for docker driver. Please switch to a different driver (eg. "docker buildx create --use")
|
||||
|
|
@ -42,6 +70,7 @@ docker buildx build "$project_root" \
|
|||
--build-arg GIT_COMMIT_DATE="$(date -d @$(git log -1 --format='%at') --utc +'%Y-%m-%d %H:%M:%S UTC')" \
|
||||
--build-arg GIT_COMMIT_HASH="$(git rev-parse --short HEAD)" \
|
||||
--build-arg GIT_REPO_URL="$(git config --get remote.origin.url)" \
|
||||
--build-arg GITEA_ACT_RUNNER_VERSION="$gitea_act_runner_effective_version" \
|
||||
--build-arg FLAVOR=$DOCKER_IMAGE_FLAVOR \
|
||||
$(if [[ "${ACT:-}" == "true" ]]; then \
|
||||
echo -n "--output type=docker"; \
|
||||
|
|
@ -49,11 +78,22 @@ docker buildx build "$project_root" \
|
|||
echo -n "--platform linux/amd64,linux/arm64,linux/arm/v7"; \
|
||||
fi) \
|
||||
-t $image_name \
|
||||
-t $image_name2 \
|
||||
$(if [[ "${DOCKER_PUSH:-}" == "true" ]]; then echo -n "--push"; fi) \
|
||||
"$@"
|
||||
docker buildx stop
|
||||
set +x
|
||||
|
||||
|
||||
#################################################
|
||||
# push image to ghcr.io
|
||||
#################################################
|
||||
if [[ "${DOCKER_PUSH:-}" == "true" ]]; then
|
||||
set -x;
|
||||
docker image pull $image_name
|
||||
regctl image copy $image_name ghcr.io/$image_name
|
||||
regctl image copy $image_name2 ghcr.io/$image_name2
|
||||
set +x
|
||||
fi
|
||||
|
||||
|
||||
|
|
@ -62,7 +102,9 @@ fi
|
|||
#################################################
|
||||
echo
|
||||
log INFO "Testing docker image [$image_name]..."
|
||||
set -x
|
||||
docker run --rm $image_name act_runner --version
|
||||
set +x
|
||||
echo
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@ ARG BASE_LAYER_CACHE_KEY
|
|||
|
||||
# dood|dind|dind-rootless
|
||||
ARG FLAVOR
|
||||
ARG GITEA_ACT_RUNNER_VERSION
|
||||
|
||||
RUN --mount=type=bind,source=.shared,target=/mnt/shared <<EOF
|
||||
|
||||
|
|
@ -46,6 +47,10 @@ RUN --mount=type=bind,source=.shared,target=/mnt/shared <<EOF
|
|||
fi
|
||||
}
|
||||
|
||||
function curl() {
|
||||
command curl -sSfL --connect-timeout 10 --max-time 30 --retry 3 --retry-all-errors "$@"
|
||||
}
|
||||
|
||||
echo "#################################################"
|
||||
echo "Installing required packages..."
|
||||
echo "#################################################"
|
||||
|
|
@ -57,9 +62,9 @@ RUN --mount=type=bind,source=.shared,target=/mnt/shared <<EOF
|
|||
echo "#################################################"
|
||||
apt-get install --no-install-recommends -y xz-utils
|
||||
mkdir /opt/upx
|
||||
upx_download_url=$(curl -fsSL "https://api.github.com/repos/upx/upx/releases/latest" | grep browser_download_url | grep amd64_linux.tar.xz | cut "-d\"" -f4)
|
||||
upx_download_url=$(curl "https://api.github.com/repos/upx/upx/releases/latest" | grep browser_download_url | grep amd64_linux.tar.xz | cut "-d\"" -f4)
|
||||
echo "Downloading [$upx_download_url]..."
|
||||
curl -fsSL "$upx_download_url" | tar Jxv -C /opt/upx --strip-components=1
|
||||
curl "$upx_download_url" | tar Jxv -C /opt/upx --strip-components=1
|
||||
/opt/upx/upx --version
|
||||
fi
|
||||
|
||||
|
|
@ -74,9 +79,9 @@ RUN --mount=type=bind,source=.shared,target=/mnt/shared <<EOF
|
|||
amd64|arm64) ;;
|
||||
*) echo "Unsupported arch: $arch"; exit 1;;
|
||||
esac
|
||||
act_runner_download_url=$(curl -fsSL "https://gitea.com/gitea/act_runner/releases" | grep -oP "https://gitea.com/gitea/act_runner/releases/download/.*-linux-${arch}" | head -1)
|
||||
act_runner_download_url=https://gitea.com/gitea/act_runner/releases/download/v${GITEA_ACT_RUNNER_VERSION}/act_runner-${GITEA_ACT_RUNNER_VERSION}-linux-${arch}
|
||||
echo "Downloading [$act_runner_download_url]..."
|
||||
curl -fsSL "$act_runner_download_url" -o /usr/local/bin/act_runner
|
||||
curl "$act_runner_download_url" -o /usr/local/bin/act_runner
|
||||
chmod 755 /usr/local/bin/act_runner
|
||||
minimize /usr/local/bin/act_runner
|
||||
act_runner --version
|
||||
|
|
@ -97,7 +102,7 @@ RUN --mount=type=bind,source=.shared,target=/mnt/shared <<EOF
|
|||
# https://docs.docker.com/engine/install/debian/#install-using-the-repository
|
||||
apt-get install --no-install-recommends -y gnupg
|
||||
install -m 0755 -d /etc/apt/keyrings
|
||||
curl -fsSL "https://download.docker.com/linux/debian/gpg" | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
|
||||
curl "https://download.docker.com/linux/debian/gpg" | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
|
||||
chmod a+r /etc/apt/keyrings/docker.gpg
|
||||
echo \
|
||||
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
|
||||
|
|
@ -121,7 +126,7 @@ RUN --mount=type=bind,source=.shared,target=/mnt/shared <<EOF
|
|||
echo 'dockremap:165536:65536' | tee -a /etc/subuid
|
||||
echo 'dockremap:165536:65536' | tee -a /etc/subgid
|
||||
|
||||
curl -sSfL "https://raw.githubusercontent.com/moby/moby/v24.0.2/hack/dind" -o /usr/local/bin/dind-hack
|
||||
curl "https://raw.githubusercontent.com/moby/moby/v24.0.2/hack/dind" -o /usr/local/bin/dind-hack
|
||||
chmod +x /usr/local/bin/dind-hack
|
||||
|
||||
if [[ $FLAVOR == dind-rootless ]]; then
|
||||
|
|
|
|||
Loading…
Reference in New Issue