74 lines
3.1 KiB
Bash
74 lines
3.1 KiB
Bash
#!/usr/bin/env bash
|
|
#
|
|
# SPDX-FileCopyrightText: © Vegard IT GmbH (https://vegardit.com)
|
|
# SPDX-FileContributor: Sebastian Thomschke
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
# SPDX-ArtifactOfProjectHomePage: https://github.com/vegardit/docker-gitea-act-runner
|
|
|
|
# shellcheck disable=SC1091 # Not following: /opt/bash-init.sh was not specified as input
|
|
source /opt/bash-init.sh
|
|
|
|
act_user=act
|
|
|
|
#################################################################
|
|
# Adjust UID/GID and file permissions based on env var config
|
|
#################################################################
|
|
if [[ -n ${GITEA_RUNNER_UID:-} ]]; then
|
|
effective_uid=$(id -u "$act_user")
|
|
if [ "$GITEA_RUNNER_UID" != "$effective_uid" ]; then
|
|
log INFO "Changing UID of user [$act_user] from $effective_uid to $GITEA_RUNNER_UID..."
|
|
|
|
# workaround for:
|
|
# usermod -o -u "$GITEA_RUNNER_UID" $act_user
|
|
# failing with "usermod: user act is currently used by process 1" because of /usr/bin/tini process
|
|
effective_gid=$(id -g "$act_user")
|
|
sed -i "s/^$act_user:x:$effective_uid:$effective_gid:/$act_user:x:$GITEA_RUNNER_UID:$effective_gid:/" /etc/passwd
|
|
|
|
act_home=$(eval echo "~$act_user")
|
|
chown "$GITEA_RUNNER_UID" "$act_home"
|
|
find "$act_home" -xdev -user "$effective_uid" -print0 | xargs -0 chown "$GITEA_RUNNER_UID"
|
|
fi
|
|
fi
|
|
|
|
if [[ -n ${GITEA_RUNNER_GID:-} ]]; then
|
|
effective_gid=$(id -g "$act_user")
|
|
if [ "$GITEA_RUNNER_GID" != "$effective_gid" ]; then
|
|
log INFO "Changing GID of user [$act_user] from $effective_gid to $GITEA_RUNNER_GID..."
|
|
groupmod -o -g "$GITEA_RUNNER_GID" $act_user
|
|
|
|
act_home=$(eval echo "~$act_user")
|
|
chown ":$GITEA_RUNNER_GID" "$act_home"
|
|
find "$act_home" -xdev -group "$effective_gid" -print0 | xargs -0 chgrp "$GITEA_RUNNER_GID"
|
|
fi
|
|
fi
|
|
|
|
|
|
#################################################################
|
|
# ensure act user has read/write access to docker socket in GITEA_RUNNER_JOB_CONTAINER_DOCKER_HOST
|
|
#################################################################
|
|
if [[ $DOCKER_MODE != "dind-rootless" ]]; then
|
|
if [[ $GITEA_RUNNER_JOB_CONTAINER_DOCKER_HOST == unix://* ]]; then
|
|
docker_sock=${GITEA_RUNNER_JOB_CONTAINER_DOCKER_HOST#unix://}
|
|
if runuser -u "$act_user" -- [ ! -r "$docker_sock" ] || runuser -u "$act_user" -- [ ! -w "$docker_sock" ]; then
|
|
docker_group=$(stat -c '%G' "$docker_sock")
|
|
if [[ $docker_group == "UNKNOWN" ]]; then
|
|
docker_gid=$(stat -c '%g' "$docker_sock")
|
|
docker_group="docker$docker_gid"
|
|
log INFO "Creating group [$docker_group]..."
|
|
addgroup --gid "$docker_gid" "$docker_group"
|
|
fi
|
|
|
|
if ! id -nG "$act_user" | grep -qw "$docker_group"; then
|
|
log INFO "Adding user [$act_user] to docker group [$(getent group "$docker_group")]..."
|
|
usermod -aG "$docker_group" "$act_user"
|
|
fi
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
|
|
#################################################################
|
|
# Launch the runner via act user with adjusted UID/GID/group membership
|
|
#################################################################
|
|
exec sudo -u "$act_user" -g "$act_user" -E bash /opt/run_runner.sh
|