runners
/
docker-gitea-act-runner
mirror of https://github.com/vegardit/docker-gitea-act-runner.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

initial import

This commit is contained in:
sebthom 2023-03-22 00:02:54 +01:00
parent c8f0805af9
commit fd83c3ffe7
15 changed files with 878 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.dockerignore Normal file
View File

@ -0,0 +1,6 @@
*.md
*.txt
.github/
.shared/.*
.shared/*.md
.shared/*.txt

18
.editorconfig Normal file
View File

@ -0,0 +1,18 @@
# EditorConfig is awesome: https://EditorConfig.org
# top-most EditorConfig file
root = true
[*]
charset = utf-8
end_of_line = lf
insert_final_newline = true
trim_trailing_whitespace = true
indent_style = space
indent_size = 3
[*.{bat,cmd}]
end_of_line = crlf
[*.{yml,yaml}]
indent_size = 2

132
.gitattributes vendored Normal file
View File

@ -0,0 +1,132 @@
# inspired by
# - https://github.com/alexkaratarakis/gitattributes/blob/master/Java.gitattributes
# - https://github.com/alexkaratarakis/gitattributes/blob/master/Common.gitattributes
# Handle line endings automatically for files detected as text
# and leave all files detected as binary untouched.
* text=auto
#
# The above will handle all files with names NOT matching patterns defined below
#
# Git files
.gitattributes text eol=lf
**/.gitattributes text eol=lf
.gitignore text eol=lf
**/.gitignore text eol=lf
# Documents
*.doc binary diff=astextplain
*.docx binary diff=astextplain
*.dot binary diff=astextplain
*.pdf binary diff=astextplain
*.ppt binary diff=astextplain
*.pptx binary diff=astextplain
*.rtf binary diff=astextplain
*.vsd binary diff=astextplain
*.vsdx binary diff=astextplain
*.odt binary diff=odf
*.ods binary diff=odf
*.odp binary diff=odf
*.adoc text
*.csv text
*.md text diff=markdown
*.txt text
# Config/Serialisation
.editorconfig text
**/.editorconfig text
*.ini text
*.properties text
*.json text
*.toml text
*.xml text
*.yaml text
*.yml text
# Scripts
*.bat text eol=crlf
*.cmd text eol=crlf
*.ps1 text eol=crlf
*.bash text eol=lf
*.fish text eol=lf
*.sh text eol=lf
*.zsh text eol=lf
*.lua text
*.php text
*.python text
*.sql text
**/Dockerfile text eol=lf
# Archives
*.7z binary
*.gz binary
*.tar binary
*.tar.gz binary
*.tgz binary
*.xz binary
*.zip binary
# Native binaries
*.dll binary
*.dylib binary
*.exe binary
*.so binary
# Images
*.eps binary
*.gif binary
*.ico binary
*.jpg binary
*.jpeg binary
*.png binary
*.svg text
*.svgz binary
*.tif binary
*.tiff binary
# Fonts
*.eot binary
*.otf binary
*.ttf binary
*.woff binary
# Java
*.gradle text diff=java
*.gradle.kts text diff=java
*.java text diff=java
*.class binary
*.ear binary
*.jceks binary
*.jks binary
*.jar binary
*.pak binary
*.war binary
*.jsp text
*.jspf text
*.jspx text
*.tld text
*.tag text
*.tagx text
# Web
*.css text diff=css
*.htm text diff=html
*.html text diff=html
*.js text
# https://git-scm.com/docs/gitattributes#_export_ignore
.gitattributes export-ignore
.gitignore export-ignore
.gitkeep export-ignore

16
.github/dependabot.yml vendored Normal file
View File

@ -0,0 +1,16 @@
# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
version: 2
updates:
- package-ecosystem: github-actions
directory: /
schedule:
interval: weekly
day: monday
time: "09:00"
commit-message:
prefix: fix
prefix-development: chore
include: scope
labels:
- gha
- dependencies

24
.github/stale.yml vendored Normal file
View File

@ -0,0 +1,24 @@
# Configuration for probot-stale - https://github.com/probot/stale
# Number of days of inactivity before an issue becomes stale
daysUntilStale: 60
# Number of days of inactivity before a stale issue is closed
daysUntilClose: 7
# Issues with these labels will never be considered stale
exemptLabels:
- pinned
- security
# Label to use when marking an issue as stale
staleLabel: wontfix
# Comment to post when marking an issue as stale. Set to `false` to disable
markComment: >
This issue has been automatically marked as stale because it has not had
recent activity. It will be closed in 7 days if no further activity occurs.
Thank you for your contributions.
# Comment to post when closing a stale issue. Set to `false` to disable
closeComment: false

95
.github/workflows/build.yml vendored Normal file
View File

@ -0,0 +1,95 @@
# SPDX-FileCopyrightText: © Vegard IT GmbH (https://vegardit.com)
# SPDX-FileContributor: Sebastian Thomschke
# SPDX-License-Identifier: Apache-2.0
# SPDX-ArtifactOfProjectHomePage: https://github.com/vegardit/docker-gitea-act-runner
#
# https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions
name: Build
on:
push:
branches:
- '**'
tags-ignore:
- '**'
paths-ignore:
- '**/*.md'
- '.github/*.yml'
schedule:
# https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows
- cron: '0 17 * * 3'
pull_request:
workflow_dispatch:
# https://github.blog/changelog/2020-07-06-github-actions-manual-triggers-with-workflow_dispatch/
env:
DOCKER_IMAGE_REPO: vegardit/gitea-act-runner
DOCKER_IMAGE_TAG: latest
TRIVY_CACHE_DIR: ~/.trivy/cache
defaults:
run:
shell: bash
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Git Checkout
uses: actions/checkout@v3 #https://github.com/actions/checkout
- name: Cache trivy cache
uses: actions/cache@v3
if: env.ACT != 'true' # https://github.com/nektos/act#skipping-steps
with:
path: ${{ env.TRIVY_CACHE_DIR }}
# https://github.com/actions/cache/issues/342#issuecomment-673371329
key: ${{ runner.os }}-trivy-${{ github.run_id }}
restore-keys: |
${{ runner.os }}-trivy-
- name: Configure fast APT repository mirror
uses: vegardit/fast-apt-mirror.sh@v1
- name: Install dos2unix
run: sudo apt-get install --no-install-recommends -y dos2unix
- name: Build ${{ env.DOCKER_IMAGE_REPO }}:${{ env.DOCKER_IMAGE_TAG }}
env:
DOCKER_REGISTRY: docker.io
DOCKER_REGISTRY_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }}
DOCKER_REGISTRY_TOKEN: ${{ secrets.DOCKER_HUB_TOKEN }}
TRIVY_GITHUB_TOKEN: ${{ github.token }}
run: |
if [[ $GITHUB_REF_NAME == "main" && $ACT != "true" ]]; then
export DOCKER_PUSH=1
echo "$DOCKER_REGISTRY_TOKEN" | docker login -u="$DOCKER_REGISTRY_USERNAME" "$DOCKER_REGISTRY" --password-stdin
fi
bash build-image.sh
- name: Publish Docker image to GH registry
if: ${{ github.ref_name == 'main' && !env.ACT }} # https://github.com/nektos/act#skipping-steps
run: |
set -eux
echo "${{ github.token }}" | docker login https://ghcr.io -u ${{ github.actor }} --password-stdin
docker image tag $DOCKER_IMAGE_REPO ghcr.io/$DOCKER_IMAGE_REPO
docker push ghcr.io/$DOCKER_IMAGE_REPO
- name: Delete untagged images
uses: actions/github-script@v6
if: ${{ github.ref_name == 'main' && !env.ACT }} # https://github.com/nektos/act#skipping-steps
with:
github-token: ${{ secrets.GHA_DELETE_PACKAGES }}
script: |
const imageName = /[^/]*$/.exec(process.env.DOCKER_IMAGE_REPO)[0]
const basePath = `/orgs/${{ github.repository_owner }}/packages/container/${imageName}/versions`
for (version of (await github.request(`GET ${basePath}`, { per_page: 100 })).data) {
if (version.metadata.container.tags.length == 0) {
console.log(`deleting ${version.name}...`)
const delResponse = await github.request(`DELETE ${basePath}/${version.id}`)
console.log(`status: ${delResponse.status}`)
}
}

37
.gitignore vendored Normal file
View File

@ -0,0 +1,37 @@
# Local work folder that is not checked in
_LOCAL/
.shared
# Eclipse
.apt_generated/
.checkstyle
.classpath
.factorypath
.project
.settings/
bin/
**/.*.md.html
# IntelliJ
.idea
*.iml
*.ipr
*.iws
# NetBeans
nb-configuration.xml
# Visual Studio Code
.vscode
# OSX
.DS_Store
# Vim
*.swo
*.swp
# patch
*.orig
*.rej

128
CODE_OF_CONDUCT.md Normal file
View File

@ -0,0 +1,128 @@
# Contributor Covenant Code of Conduct
## Our Pledge
We as members, contributors, and leaders pledge to make participation in our
community a harassment-free experience for everyone, regardless of age, body
size, visible or invisible disability, ethnicity, sex characteristics, gender
identity and expression, level of experience, education, socio-economic status,
nationality, personal appearance, race, religion, or sexual identity
and orientation.
We pledge to act and interact in ways that contribute to an open, welcoming,
diverse, inclusive, and healthy community.
## Our Standards
Examples of behavior that contributes to a positive environment for our
community include:
* Demonstrating empathy and kindness toward other people
* Being respectful of differing opinions, viewpoints, and experiences
* Giving and gracefully accepting constructive feedback
* Accepting responsibility and apologizing to those affected by our mistakes,
and learning from the experience
* Focusing on what is best not just for us as individuals, but for the
overall community
Examples of unacceptable behavior include:
* The use of sexualized language or imagery, and sexual attention or
advances of any kind
* Trolling, insulting or derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or email
address, without their explicit permission
* Other conduct which could reasonably be considered inappropriate in a
professional setting
## Enforcement Responsibilities
Community leaders are responsible for clarifying and enforcing our standards of
acceptable behavior and will take appropriate and fair corrective action in
response to any behavior that they deem inappropriate, threatening, offensive,
or harmful.
Community leaders have the right and responsibility to remove, edit, or reject
comments, commits, code, wiki edits, issues, and other contributions that are
not aligned to this Code of Conduct, and will communicate reasons for moderation
decisions when appropriate.
## Scope
This Code of Conduct applies within all community spaces, and also applies when
an individual is officially representing the community in public spaces.
Examples of representing our community include using an official e-mail address,
posting via an official social media account, or acting as an appointed
representative at an online or offline event.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported to the community leaders responsible for enforcement at
https://vegardit.com/about/legal/.
All complaints will be reviewed and investigated promptly and fairly.
All community leaders are obligated to respect the privacy and security of the
reporter of any incident.
## Enforcement Guidelines
Community leaders will follow these Community Impact Guidelines in determining
the consequences for any action they deem in violation of this Code of Conduct:
### 1. Correction
**Community Impact**: Use of inappropriate language or other behavior deemed
unprofessional or unwelcome in the community.
**Consequence**: A private, written warning from community leaders, providing
clarity around the nature of the violation and an explanation of why the
behavior was inappropriate. A public apology may be requested.
### 2. Warning
**Community Impact**: A violation through a single incident or series
of actions.
**Consequence**: A warning with consequences for continued behavior. No
interaction with the people involved, including unsolicited interaction with
those enforcing the Code of Conduct, for a specified period of time. This
includes avoiding interactions in community spaces as well as external channels
like social media. Violating these terms may lead to a temporary or
permanent ban.
### 3. Temporary Ban
**Community Impact**: A serious violation of community standards, including
sustained inappropriate behavior.
**Consequence**: A temporary ban from any sort of interaction or public
communication with the community for a specified period of time. No public or
private interaction with the people involved, including unsolicited interaction
with those enforcing the Code of Conduct, is allowed during this period.
Violating these terms may lead to a permanent ban.
### 4. Permanent Ban
**Community Impact**: Demonstrating a pattern of violation of community
standards, including sustained inappropriate behavior, harassment of an
individual, or aggression toward or disparagement of classes of individuals.
**Consequence**: A permanent ban from any sort of public interaction within
the community.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
version 2.0, available at
https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
Community Impact Guidelines were inspired by [Mozilla's code of conduct
enforcement ladder](https://github.com/mozilla/diversity).
[homepage]: https://www.contributor-covenant.org
For answers to common questions about this code of conduct, see the FAQ at
https://www.contributor-covenant.org/faq. Translations are available at
https://www.contributor-covenant.org/translations.

25
CONTRIBUTING.md Normal file
View File

@ -0,0 +1,25 @@
# Contributing
Thanks for your interest in contributing to this project!
We want to make contributing as easy and transparent as possible.
## Code of Conduct
Our code of conduct is described in [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md).
## Issues
We use GitHub issues to track bugs and feature requests. Please ensure your description is clear and has sufficient instructions to be able to reproduce the issue.
## Pull Requests
Before you make a substantial pull request, please file an issue and make sure someone from the team agrees that there is a problem or room for improvement.
## License
By contributing your code, you agree to license your contribution under the [Apache License 2.0](LICENSE.txt).

0
LICENSE → LICENSE.txt
View File

61
README.md
View File

@ -1 +1,60 @@
# docker-gitea-act-runner
# vegardit/gitea-act-runner <a href="https://github.com/vegardit/docker-gitea-act-runner/" title="GitHub Repo"><img height="30" src="https://raw.githubusercontent.com/simple-icons/simple-icons/develop/icons/github.svg?sanitize=true"></a>
[![Build Status](https://github.com/vegardit/docker-gitea-act-runner/workflows/Build/badge.svg "GitHub Actions")](https://github.com/vegardit/docker-gitea-act-runner/actions?query=workflow%3ABuild)
[![License](https://img.shields.io/github/license/vegardit/docker-gitea-act-runner.svg?label=license)](#license)
[![Docker Pulls](https://img.shields.io/docker/pulls/vegardit/gitea-act-runner.svg)](https://hub.docker.com/r/vegardit/gitea-act-runner)
[![Docker Stars](https://img.shields.io/docker/stars/vegardit/gitea-act-runner.svg)](https://hub.docker.com/r/vegardit/gitea-act-runner)
[![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-v2.0%20adopted-ff69b4.svg)](CODE_OF_CONDUCT.md)
1. [What is it?](#what-is-it)
1. [License](#license)
## <a name="what-is-it"></a>What is it?
`debian:stable-slim` based Docker image containing [Gitea](https://gitea.com)'s [act_runner](https://gitea.com/gitea/act_runner/)
## Usage
Example `docker-compose.yml`:
```yaml
version: '3.8' # https://docs.docker.com/compose/compose-file/compose-versioning/
services:
gitea_act_runner:
image: vegardit/gitea-act-runner:latest
#image: ghcr.io/vegardit/gitea-act-runner:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock:rw
- /my/path/to/data/dir:/data:rw # the config file is located at /data/.runner and needs to survive container restarts
environment:
TZ: "Europe/Berlin"
# config parameters for initial runner registration:
GITEA_INSTANCE_URL: 'https://gitea.example.com' # required
GITEA_INSTANCE_INSECURE: '0' # optional, default is 0
GITEA_RUNNER_REGISTRATION_TOKEN_FILE: 'path/to/file' # only required on first container start
# or: GITEA_RUNNER_REGISTRATION_TOKEN: '<INSERT_TOKEN_HERE>'
GITEA_RUNNER_NAME: '' # optional, defaults to the container's hostname
GITEA_RUNNER_LABELS: '' # optional
GITEA_RUNNER_UID: 1200 # optional, default is 1000
GITEA_RUNNER_GID: 1200 # optional, default is 1000
deploy:
restart_policy:
condition: on-failure
delay: 5s
```
## <a name="license"></a>License
All files in this repository are released under the [Apache License 2.0](LICENSE.txt).
Individual files contain the following tag instead of the full license text:
```
SPDX-License-Identifier: Apache-2.0
```
This enables machine processing of license information based on the SPDX License Identifiers that are available here: https://spdx.org/licenses/.

61
build-image.sh Normal file
View File

@ -0,0 +1,61 @@
#!/usr/bin/env bash
#
# SPDX-FileCopyrightText: © Vegard IT GmbH (https://vegardit.com)
# SPDX-FileContributor: Sebastian Thomschke
# SPDX-License-Identifier: Apache-2.0
# SPDX-ArtifactOfProjectHomePage: https://github.com/vegardit/docker-gitea-act-runner
#
shared_lib="$(dirname $0)/.shared"
[ -e "$shared_lib" ] || curl -sSf https://raw.githubusercontent.com/vegardit/docker-shared/v1/download.sh?_=$(date +%s) | bash -s v1 "$shared_lib" || exit 1
source "$shared_lib/lib/build-image-init.sh"
#################################################
# specify target docker registry/repo
#################################################
docker_registry=${DOCKER_REGISTRY:-docker.io}
image_repo=${DOCKER_REPO:-vegardit/gitea-act-runner}
image_name=$image_repo:${DOCKER_IMAGE_TAG:-latest}
#################################################
# build the image
#################################################
echo "Building docker image [$image_name]..."
if [[ $OSTYPE == "cygwin" || $OSTYPE == "msys" ]]; then
project_root=$(cygpath -w "$project_root")
fi
DOCKER_BUILDKIT=1 docker build "$project_root" \
--file "image/Dockerfile" \
--progress=plain \
--pull \
--build-arg INSTALL_SUPPORT_TOOLS=${INSTALL_SUPPORT_TOOLS:-0} \
`# using the current date as value for BASE_LAYER_CACHE_KEY, i.e. the base layer cache (that holds system packages with security updates) will be invalidate once per day` \
--build-arg BASE_LAYER_CACHE_KEY=$base_layer_cache_key \
--build-arg BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
--build-arg GIT_BRANCH="${GIT_BRANCH:-$(git rev-parse --abbrev-ref HEAD)}" \
--build-arg GIT_COMMIT_DATE="$(date -d @$(git log -1 --format='%at') --utc +'%Y-%m-%d %H:%M:%S UTC')" \
--build-arg GIT_COMMIT_HASH="$(git rev-parse --short HEAD)" \
--build-arg GIT_REPO_URL="$(git config --get remote.origin.url)" \
-t $image_name \
"$@"
#################################################
# perform security audit
#################################################
if [[ "${DOCKER_AUDIT_IMAGE:-1}" == 1 ]]; then
bash "$shared_lib/cmd/audit-image.sh" $image_name
fi
#################################################
# push image with tags to remote docker image registry
#################################################
if [[ "${DOCKER_PUSH:-0}" == "1" ]]; then
docker image tag $image_name $docker_registry/$image_name
docker push $docker_registry/$image_name
fi

162
image/Dockerfile Normal file
View File

@ -0,0 +1,162 @@
#syntax=docker/dockerfile:1.4
# see https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/syntax.md
# see https://docs.docker.com/engine/reference/builder/#syntax
#
# SPDX-FileCopyrightText: © Vegard IT GmbH (https://vegardit.com)
# SPDX-FileContributor: Sebastian Thomschke
# SPDX-License-Identifier: Apache-2.0
# SPDX-ArtifactOfProjectHomePage: https://github.com/vegardit/docker-gitea-act-runner
#
# https://hub.docker.com/_/debian?tab=tags&name=stable-slim
######################
# runtime image base
######################
FROM debian:stable-slim as runtime-base-image
LABEL maintainer="Vegard IT GmbH (vegardit.com)"
USER root
SHELL ["/bin/bash", "-c"]
ARG BASE_LAYER_CACHE_KEY
ARG DEBIAN_FRONTEND=noninteractive
ARG LC_ALL=C
RUN --mount=type=bind,source=.shared,target=/mnt/shared <<EOF
set -euo pipefail
/mnt/shared/cmd/debian-install-os-updates.sh
/mnt/shared/cmd/debian-install-support-tools.sh
echo "#################################################"
echo "Installing ca-certificates, tini..."
echo "#################################################"
apt-get install --no-install-recommends -y ca-certificates sudo tini
echo "#################################################"
echo "Adding [act] user..."
echo "#################################################"
addgroup --gid 1000 act
adduser --uid 1000 --ingroup act --home /data --shell /bin/bash --disabled-password --gecos "" act
adduser act sudo
echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
/mnt/shared/cmd/debian-cleanup.sh
EOF
######################
# build image
######################
# https://hub.docker.com/_/python?tab=tags&name=3-slim
FROM debian:stable-slim AS build-image
USER root
SHELL ["/bin/bash", "-c"]
ARG BASE_LAYER_CACHE_KEY
ARG DEBIAN_FRONTEND=noninteractive
ARG LC_ALL=C
ARG INSTALL_SUPPORT_TOOLS=0
ARG ACT_RUNNER_DOWNLOAD_URL=https://dl.gitea.com/act_runner/main/act_runner-main-linux-amd64
ARG UPX_COMPRESS=true
RUN --mount=type=bind,source=.shared,target=/mnt/shared <<EOF
set -euo pipefail
/mnt/shared/cmd/debian-install-os-updates.sh
echo "#################################################"
echo "Installing tools..."
echo "#################################################"
apt-get install --no-install-recommends -y binutils ca-certificates curl xz-utils
if [[ $UPX_COMPRESS == "true" ]]; then
echo "#################################################"
echo "Downloading UPX..."
echo "#################################################"
mkdir /opt/upx
upx_download_url=$(curl -fsSL https://api.github.com/repos/upx/upx/releases/latest | grep browser_download_url | grep amd64_linux.tar.xz | cut "-d\"" -f4)
echo "Downloading [$upx_download_url]..."
curl -fL $upx_download_url | tar Jxv -C /opt/upx --strip-components=1
/opt/upx/upx --version
fi
echo "#################################################"
echo "Downloading Gitea act runner..."
echo "#################################################"
mkdir /opt/act
curl -fsSL $ACT_RUNNER_DOWNLOAD_URL -o /opt/act/runner
chmod 755 /opt/act/runner
ls -l /opt/act/runner
echo "Stripping..."
strip --strip-unneeded /opt/act/runner
ls -l /opt/act/runner
if [[ $UPX_COMPRESS == "true" ]]; then
/opt/upx/upx -9 /opt/act/runner
fi
/opt/act/runner --version
EOF
######################
# runtime image
######################
FROM runtime-base-image
COPY --from=build-image /opt/act/runner /opt/act/runner
ARG BUILD_DATE
ARG GIT_BRANCH
ARG GIT_COMMIT_HASH
ARG GIT_COMMIT_DATE
ARG GIT_REPO_URL
LABEL \
org.label-schema.schema-version="1.0" \
org.label-schema.build-date=$BUILD_DATE \
org.label-schema.vcs-ref=$GIT_COMMIT_HASH \
org.label-schema.vcs-url=$GIT_REPO_URL
# Default configuration: can be overridden at the docker command line
ENV \
INIT_SH_FILE='' \
#
GITEA_RUNNER_NAME='' \
GITEA_RUNNER_LABELS='' \
GITEA_INSTANCE_INSECURE=0 \
GITEA_RUNNER_UID=1000 \
GITEA_RUNNER_GID=1000
RUN <<EOF
set -euo pipefail
echo "#################################################"
echo "Writing build_info..."
echo "#################################################"
echo -e "
GIT_REPO: $GIT_REPO_URL
GIT_BRANCH: $GIT_BRANCH
GIT_COMMIT: $GIT_COMMIT_HASH @ $GIT_COMMIT_DATE
IMAGE_BUILD: $BUILD_DATE" >/opt/build_info
cat /opt/build_info
EOF
COPY image/*.sh /opt/
COPY .shared/lib/bash-init.sh /opt/bash-init.sh
USER act
VOLUME [ "/data" ]
ENTRYPOINT ["/usr/bin/tini", "--"]
CMD ["/bin/bash", "/opt/run.sh"]

68
image/run.sh Normal file
View File

@ -0,0 +1,68 @@
#!/usr/bin/env bash
#
# SPDX-FileCopyrightText: © Vegard IT GmbH (https://vegardit.com)
# SPDX-FileContributor: Sebastian Thomschke
# SPDX-License-Identifier: Apache-2.0
# SPDX-ArtifactOfProjectHomePage: https://github.com/vegardit/docker-gitea-act-runner
#
source /opt/bash-init.sh
#################################################
# print header
#################################################
cat <<'EOF'
_____ _ _ _ _____
/ ____(_) | /\ | | | __ \
| | __ _| |_ ___ __ _ / \ ___| |_ | |__) | _ _ __ _ __ ___ _ __
| | |_ | | __/ _ \/ _` | / /\ \ / __| __| | _ / | | | '_ \| '_ \ / _ \ '__|
| |__| | | || __/ (_| | / ____ \ (__| |_ | | \ \ |_| | | | | | | | __/ |
\_____|_|\__\___|\__,_| /_/ \_\___|\__| |_| \_\__,_|_| |_|_| |_|\___|_|
EOF
cat /opt/build_info
echo
log INFO "Timezone is $(date +"%Z %z")"
log INFO "Hostname: $(hostname -f)"
log INFO "IP Addresses: "
awk '/32 host/ { if(uniq[ip]++ && ip != "127.0.0.1") print " - " ip } {ip=$2}' /proc/net/fib_trie
#################################################################
# Adjust UID/GID and file permissions based on env var config
#################################################################
if [ -n "${GITEA_RUNNER_UID:-}" ]; then
effective_uid=$(id -u act)
if [ "$GITEA_RUNNER_UID" != "$effective_uid" ]; then
log INFO "Changing UID of user [act] from $effective_uid to $GITEA_RUNNER_UID..."
sudo usermod -o -u "$GITEA_RUNNER_UID" act
fi
fi
if [ -n "${GITEA_RUNNER_GID:-}" ]; then
effective_gid=$(id -g act)
if [ "$GITEA_RUNNER_GID" != "$effective_gid" ]; then
log INFO "Changing GID of user [act] from $effective_gid to $GITEA_RUNNER_GID..."
sudo usermod -o -u "$GITEA_RUNNER_GID" act
fi
fi
sudo chown -R act:act /data
docker_group=$(stat -c '%G' /var/run/docker.sock)
if [[ $docker_group == "UNKNOWN" ]]; then
docker_gid=$(stat -c '%g' /var/run/docker.sock)
docker_group="docker$docker_gid"
log INFO "Creating group [$docker_group]..."
sudo addgroup --gid $docker_gid $docker_group
fi
if ! id -nG act | grep -qw "$docker_group"; then
log INFO "Adding user [act] to group [$docker_group]..."
sudo usermod -aG $docker_group act
fi
#################################################################
# Launch the runner with adjusted UID/GID
#################################################################
exec sudo -u act -g act -E bash /opt/run_runner.sh

46
image/run_runner.sh Normal file
View File

@ -0,0 +1,46 @@
#!/usr/bin/env bash
#
# SPDX-FileCopyrightText: © Vegard IT GmbH (https://vegardit.com)
# SPDX-FileContributor: Sebastian Thomschke
# SPDX-License-Identifier: Apache-2.0
# SPDX-ArtifactOfProjectHomePage: https://github.com/vegardit/docker-gitea-act-runner
#
source /opt/bash-init.sh
log INFO "Effective user: $(id)"
cd /data
#################################################
# load custom init script if specified
#################################################
if [[ -f $INIT_SH_FILE ]]; then
log INFO "Loading [$INIT_SH_FILE]..."
source "$INIT_SH_FILE"
fi
#################################################
# register act runner if required
#################################################
if [[ ! -s .runner ]]; then
if [[ ${GITEA_INSTANCE_INSECURE:-} == '1' ]]; then
insecure_flag=--insecure
fi
if [[ -z ${GITEA_RUNNER_REGISTRATION_TOKEN:-} ]]; then
read -r GITEA_RUNNER_REGISTRATION_TOKEN < "$GITEA_RUNNER_REGISTRATION_TOKEN_FILE"
fi
/opt/act/runner register \
--instance "${GITEA_INSTANCE_URL}" \
--token "${GITEA_RUNNER_REGISTRATION_TOKEN}" \
--name "${GITEA_RUNNER_NAME}" \
--labels "${GITEA_RUNNER_LABELS}" \
$( [[ ${GITEA_INSTANCE_INSECURE:-} == '1' ]] && echo "--insecure" || true) \
--no-interactive
fi
#################################################
# run the act runner
#################################################
exec /opt/act/runner daemon