#!/usr/bin/env bash # # SPDX-FileCopyrightText: © Vegard IT GmbH (https://vegardit.com) # SPDX-FileContributor: Sebastian Thomschke # SPDX-License-Identifier: Apache-2.0 # SPDX-ArtifactOfProjectHomePage: https://github.com/vegardit/docker-gitea-act-runner # shellcheck disable=SC1091 # Not following: /opt/bash-init.sh was not specified as input source /opt/bash-init.sh ################################################################# # print header ################################################################# if [[ ${1:-} == "" ]]; then cat <<'EOF' _____ _ _ _ _____ / ____(_) | /\ | | | __ \ | | __ _| |_ ___ __ _ / \ ___| |_ | |__) | _ _ __ _ __ ___ _ __ | | |_ | | __/ _ \/ _` | / /\ \ / __| __| | _ / | | | '_ \| '_ \ / _ \ '__| | |__| | | || __/ (_| | / ____ \ (__| |_ | | \ \ |_| | | | | | | | __/ | \_____|_|\__\___|\__,_| /_/ \_\___|\__| |_| \_\__,_|_| |_|_| |_|\___|_| EOF cat /opt/build_info echo log INFO "$(act_runner --version)" log INFO "Timezone: $(date +"%Z %z")" log INFO "Hostname: $(hostname -f)" log INFO "IP Addresses: " awk '/32 host/ { if(uniq[ip]++ && ip != "127.0.0.1") print " - " ip } {ip=$2}' /proc/net/fib_trie log INFO "Config environment variables: " env | grep '^GITEA_\|^ACT_' | sort | sed 's/TOKEN=.*/TOKEN=******/g' | sed -e 's/^/ - /' fi ################################################################# # start docker daemon (if installed = DinD) ################################################################# if [[ -f /usr/bin/dockerd-rootless.sh ]]; then export DOCKER_MODE=dind-rootless log INFO "Starting Docker engine (rootless)..." # Detect whether this container allows RootlessKit to start. # Rootless BuildKit/Rootless Docker need seccomp & apparmor unconfined # (or --privileged) and often systempaths=unconfined for /proc masks. # See: BuildKit rootless docs. (seccomp/appamor/systempaths rationale) if [[ -r /proc/$$/status ]]; then seccomp=$(awk '/^Seccomp:/{print $2}' /proc/$$/status 2>/dev/null) fi if [[ -r /proc/$$/attr/current ]]; then apparmor=$(< /proc/$$/attr/current) fi # Seccomp: 0 == unconfined; 2 == filtered by default profile if [[ "${seccomp:-}" != "0" || "${apparmor:-}" != "unconfined" ]]; then log WARN "Rootless Docker/BuildKit may be blocked by container sandbox (seccomp=${seccomp:-unknown} apparmor=${apparmor:-unknown})." log WARN "Run with: --security-opt seccomp=unconfined --security-opt apparmor=unconfined" log WARN "Optionally add: --security-opt systempaths=unconfined (to relax /proc masking)." log WARN "Compose: security_opt: ['seccomp:unconfined','apparmor:unconfined','systempaths=unconfined']" fi export DOCKER_HOST=unix://$HOME/.docker/run/docker.sock if [[ ! -f "$HOME/.config/docker/daemon.json" ]]; then # workaround for "Not using native diff for overlay2, this may cause degraded performance for building images: running in a user namespace storage-driver=overlay2" mkdir -p "$HOME/.config/docker" echo '{"storage-driver":"fuse-overlayfs"}' > "$HOME/.config/docker/daemon.json" fi export container=docker # from dind-hack export XDG_RUNTIME_DIR=$HOME/.docker/run mkdir -p "$XDG_RUNTIME_DIR" rm -f "$XDG_RUNTIME_DIR/docker.pid" "$XDG_RUNTIME_DIR/docker/containerd/containerd.pid" /usr/bin/dockerd-rootless.sh -p "$HOME/.docker/run/docker.pid" > "$HOME/.docker/docker.log" 2>&1 & export DOCKER_PID=$! while ! docker stats --no-stream &>/dev/null; do log INFO "Waiting for Docker engine to start..." sleep 2 tail -n 1 "$HOME/.docker/docker.log" done echo "===========================================================" docker info echo "===========================================================" elif [[ -f /usr/bin/dockerd ]]; then export DOCKER_MODE=dind log INFO "Starting Docker engine..." sudo rm -f /var/run/docker.pid /run/docker/containerd/containerd.pid sudo /usr/local/bin/dind-hack true sudo service docker start while ! docker stats --no-stream &>/dev/null; do log INFO "Waiting for Docker engine to start..." sleep 2 tail -n 1 /var/log/docker.log done # shellcheck disable=SC2155 # Declare and assign separately to avoid masking return values export DOCKER_PID=$(