From fd83c3ffe718fe135e5afe3572171f9e9f33a51e Mon Sep 17 00:00:00 2001 From: sebthom Date: Wed, 22 Mar 2023 00:02:54 +0100 Subject: [PATCH] initial import --- .dockerignore | 6 ++ .editorconfig | 18 ++++ .gitattributes | 132 +++++++++++++++++++++++++++++ .github/dependabot.yml | 16 ++++ .github/stale.yml | 24 ++++++ .github/workflows/build.yml | 95 +++++++++++++++++++++ .gitignore | 37 ++++++++ CODE_OF_CONDUCT.md | 128 ++++++++++++++++++++++++++++ CONTRIBUTING.md | 25 ++++++ LICENSE => LICENSE.txt | 0 README.md | 61 +++++++++++++- build-image.sh | 61 ++++++++++++++ image/Dockerfile | 162 ++++++++++++++++++++++++++++++++++++ image/run.sh | 68 +++++++++++++++ image/run_runner.sh | 46 ++++++++++ 15 files changed, 878 insertions(+), 1 deletion(-) create mode 100644 .dockerignore create mode 100644 .editorconfig create mode 100644 .gitattributes create mode 100644 .github/dependabot.yml create mode 100644 .github/stale.yml create mode 100644 .github/workflows/build.yml create mode 100644 .gitignore create mode 100644 CODE_OF_CONDUCT.md create mode 100644 CONTRIBUTING.md rename LICENSE => LICENSE.txt (100%) create mode 100644 build-image.sh create mode 100644 image/Dockerfile create mode 100644 image/run.sh create mode 100644 image/run_runner.sh diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..faa03b7 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,6 @@ +*.md +*.txt +.github/ +.shared/.* +.shared/*.md +.shared/*.txt diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..6423822 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,18 @@ +# EditorConfig is awesome: https://EditorConfig.org + +# top-most EditorConfig file +root = true + +[*] +charset = utf-8 +end_of_line = lf +insert_final_newline = true +trim_trailing_whitespace = true +indent_style = space +indent_size = 3 + +[*.{bat,cmd}] +end_of_line = crlf + +[*.{yml,yaml}] +indent_size = 2 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..dd24784 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,132 @@ +# inspired by +# - https://github.com/alexkaratarakis/gitattributes/blob/master/Java.gitattributes +# - https://github.com/alexkaratarakis/gitattributes/blob/master/Common.gitattributes + +# Handle line endings automatically for files detected as text +# and leave all files detected as binary untouched. +* text=auto + +# +# The above will handle all files with names NOT matching patterns defined below +# + +# Git files +.gitattributes text eol=lf +**/.gitattributes text eol=lf +.gitignore text eol=lf +**/.gitignore text eol=lf + + +# Documents +*.doc binary diff=astextplain +*.docx binary diff=astextplain +*.dot binary diff=astextplain +*.pdf binary diff=astextplain +*.ppt binary diff=astextplain +*.pptx binary diff=astextplain +*.rtf binary diff=astextplain +*.vsd binary diff=astextplain +*.vsdx binary diff=astextplain +*.odt binary diff=odf +*.ods binary diff=odf +*.odp binary diff=odf +*.adoc text +*.csv text +*.md text diff=markdown +*.txt text + + +# Config/Serialisation +.editorconfig text +**/.editorconfig text +*.ini text +*.properties text +*.json text +*.toml text +*.xml text +*.yaml text +*.yml text + + +# Scripts +*.bat text eol=crlf +*.cmd text eol=crlf +*.ps1 text eol=crlf +*.bash text eol=lf +*.fish text eol=lf +*.sh text eol=lf +*.zsh text eol=lf +*.lua text +*.php text +*.python text +*.sql text +**/Dockerfile text eol=lf + + +# Archives +*.7z binary +*.gz binary +*.tar binary +*.tar.gz binary +*.tgz binary +*.xz binary +*.zip binary + + +# Native binaries +*.dll binary +*.dylib binary +*.exe binary +*.so binary + + +# Images +*.eps binary +*.gif binary +*.ico binary +*.jpg binary +*.jpeg binary +*.png binary +*.svg text +*.svgz binary +*.tif binary +*.tiff binary + + +# Fonts +*.eot binary +*.otf binary +*.ttf binary +*.woff binary + + +# Java +*.gradle text diff=java +*.gradle.kts text diff=java +*.java text diff=java +*.class binary +*.ear binary +*.jceks binary +*.jks binary +*.jar binary +*.pak binary +*.war binary +*.jsp text +*.jspf text +*.jspx text +*.tld text +*.tag text +*.tagx text + + +# Web +*.css text diff=css +*.htm text diff=html +*.html text diff=html +*.js text + + +# https://git-scm.com/docs/gitattributes#_export_ignore +.gitattributes export-ignore +.gitignore export-ignore +.gitkeep export-ignore diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..7135646 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,16 @@ +# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates +version: 2 +updates: + - package-ecosystem: github-actions + directory: / + schedule: + interval: weekly + day: monday + time: "09:00" + commit-message: + prefix: fix + prefix-development: chore + include: scope + labels: + - gha + - dependencies diff --git a/.github/stale.yml b/.github/stale.yml new file mode 100644 index 0000000..e7df9f1 --- /dev/null +++ b/.github/stale.yml @@ -0,0 +1,24 @@ +# Configuration for probot-stale - https://github.com/probot/stale + +# Number of days of inactivity before an issue becomes stale +daysUntilStale: 60 + +# Number of days of inactivity before a stale issue is closed +daysUntilClose: 7 + +# Issues with these labels will never be considered stale +exemptLabels: + - pinned + - security + +# Label to use when marking an issue as stale +staleLabel: wontfix + +# Comment to post when marking an issue as stale. Set to `false` to disable +markComment: > + This issue has been automatically marked as stale because it has not had + recent activity. It will be closed in 7 days if no further activity occurs. + Thank you for your contributions. + +# Comment to post when closing a stale issue. Set to `false` to disable +closeComment: false diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..42584bd --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,95 @@ +# SPDX-FileCopyrightText: © Vegard IT GmbH (https://vegardit.com) +# SPDX-FileContributor: Sebastian Thomschke +# SPDX-License-Identifier: Apache-2.0 +# SPDX-ArtifactOfProjectHomePage: https://github.com/vegardit/docker-gitea-act-runner +# +# https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions +name: Build + +on: + push: + branches: + - '**' + tags-ignore: + - '**' + paths-ignore: + - '**/*.md' + - '.github/*.yml' + schedule: + # https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows + - cron: '0 17 * * 3' + pull_request: + workflow_dispatch: + # https://github.blog/changelog/2020-07-06-github-actions-manual-triggers-with-workflow_dispatch/ + +env: + DOCKER_IMAGE_REPO: vegardit/gitea-act-runner + DOCKER_IMAGE_TAG: latest + TRIVY_CACHE_DIR: ~/.trivy/cache + +defaults: + run: + shell: bash + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Git Checkout + uses: actions/checkout@v3 #https://github.com/actions/checkout + + - name: Cache trivy cache + uses: actions/cache@v3 + if: env.ACT != 'true' # https://github.com/nektos/act#skipping-steps + with: + path: ${{ env.TRIVY_CACHE_DIR }} + # https://github.com/actions/cache/issues/342#issuecomment-673371329 + key: ${{ runner.os }}-trivy-${{ github.run_id }} + restore-keys: | + ${{ runner.os }}-trivy- + + - name: Configure fast APT repository mirror + uses: vegardit/fast-apt-mirror.sh@v1 + + - name: Install dos2unix + run: sudo apt-get install --no-install-recommends -y dos2unix + + - name: Build ${{ env.DOCKER_IMAGE_REPO }}:${{ env.DOCKER_IMAGE_TAG }} + env: + DOCKER_REGISTRY: docker.io + DOCKER_REGISTRY_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }} + DOCKER_REGISTRY_TOKEN: ${{ secrets.DOCKER_HUB_TOKEN }} + TRIVY_GITHUB_TOKEN: ${{ github.token }} + run: | + if [[ $GITHUB_REF_NAME == "main" && $ACT != "true" ]]; then + export DOCKER_PUSH=1 + echo "$DOCKER_REGISTRY_TOKEN" | docker login -u="$DOCKER_REGISTRY_USERNAME" "$DOCKER_REGISTRY" --password-stdin + fi + bash build-image.sh + + - name: Publish Docker image to GH registry + if: ${{ github.ref_name == 'main' && !env.ACT }} # https://github.com/nektos/act#skipping-steps + run: | + set -eux + + echo "${{ github.token }}" | docker login https://ghcr.io -u ${{ github.actor }} --password-stdin + + docker image tag $DOCKER_IMAGE_REPO ghcr.io/$DOCKER_IMAGE_REPO + docker push ghcr.io/$DOCKER_IMAGE_REPO + + - name: Delete untagged images + uses: actions/github-script@v6 + if: ${{ github.ref_name == 'main' && !env.ACT }} # https://github.com/nektos/act#skipping-steps + with: + github-token: ${{ secrets.GHA_DELETE_PACKAGES }} + script: | + const imageName = /[^/]*$/.exec(process.env.DOCKER_IMAGE_REPO)[0] + const basePath = `/orgs/${{ github.repository_owner }}/packages/container/${imageName}/versions` + for (version of (await github.request(`GET ${basePath}`, { per_page: 100 })).data) { + if (version.metadata.container.tags.length == 0) { + console.log(`deleting ${version.name}...`) + const delResponse = await github.request(`DELETE ${basePath}/${version.id}`) + console.log(`status: ${delResponse.status}`) + } + } diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ef47666 --- /dev/null +++ b/.gitignore @@ -0,0 +1,37 @@ +# Local work folder that is not checked in +_LOCAL/ + +.shared + +# Eclipse +.apt_generated/ +.checkstyle +.classpath +.factorypath +.project +.settings/ +bin/ +**/.*.md.html + +# IntelliJ +.idea +*.iml +*.ipr +*.iws + +# NetBeans +nb-configuration.xml + +# Visual Studio Code +.vscode + +# OSX +.DS_Store + +# Vim +*.swo +*.swp + +# patch +*.orig +*.rej diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..b24457b --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,128 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, religion, or sexual identity +and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our +community include: + +* Demonstrating empathy and kindness toward other people +* Being respectful of differing opinions, viewpoints, and experiences +* Giving and gracefully accepting constructive feedback +* Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +* Focusing on what is best not just for us as individuals, but for the + overall community + +Examples of unacceptable behavior include: + +* The use of sexualized language or imagery, and sexual attention or + advances of any kind +* Trolling, insulting or derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or email + address, without their explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official e-mail address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the community leaders responsible for enforcement at +https://vegardit.com/about/legal/. +All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series +of actions. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or +permanent ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within +the community. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.0, available at +https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. + +Community Impact Guidelines were inspired by [Mozilla's code of conduct +enforcement ladder](https://github.com/mozilla/diversity). + +[homepage]: https://www.contributor-covenant.org + +For answers to common questions about this code of conduct, see the FAQ at +https://www.contributor-covenant.org/faq. Translations are available at +https://www.contributor-covenant.org/translations. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..0572657 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,25 @@ +# Contributing + +Thanks for your interest in contributing to this project! + +We want to make contributing as easy and transparent as possible. + + +## Code of Conduct + +Our code of conduct is described in [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md). + + +## Issues + +We use GitHub issues to track bugs and feature requests. Please ensure your description is clear and has sufficient instructions to be able to reproduce the issue. + + +## Pull Requests + +Before you make a substantial pull request, please file an issue and make sure someone from the team agrees that there is a problem or room for improvement. + + +## License + +By contributing your code, you agree to license your contribution under the [Apache License 2.0](LICENSE.txt). diff --git a/LICENSE b/LICENSE.txt similarity index 100% rename from LICENSE rename to LICENSE.txt diff --git a/README.md b/README.md index 4bdd5e5..6ea4bc1 100644 --- a/README.md +++ b/README.md @@ -1 +1,60 @@ -# docker-gitea-act-runner \ No newline at end of file +# vegardit/gitea-act-runner + +[![Build Status](https://github.com/vegardit/docker-gitea-act-runner/workflows/Build/badge.svg "GitHub Actions")](https://github.com/vegardit/docker-gitea-act-runner/actions?query=workflow%3ABuild) +[![License](https://img.shields.io/github/license/vegardit/docker-gitea-act-runner.svg?label=license)](#license) +[![Docker Pulls](https://img.shields.io/docker/pulls/vegardit/gitea-act-runner.svg)](https://hub.docker.com/r/vegardit/gitea-act-runner) +[![Docker Stars](https://img.shields.io/docker/stars/vegardit/gitea-act-runner.svg)](https://hub.docker.com/r/vegardit/gitea-act-runner) +[![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-v2.0%20adopted-ff69b4.svg)](CODE_OF_CONDUCT.md) + +1. [What is it?](#what-is-it) +1. [License](#license) + + +## What is it? + +`debian:stable-slim` based Docker image containing [Gitea](https://gitea.com)'s [act_runner](https://gitea.com/gitea/act_runner/) + + +## Usage + +Example `docker-compose.yml`: + +```yaml +version: '3.8' # https://docs.docker.com/compose/compose-file/compose-versioning/ + +services: + + gitea_act_runner: + image: vegardit/gitea-act-runner:latest + #image: ghcr.io/vegardit/gitea-act-runner:latest + volumes: + - /var/run/docker.sock:/var/run/docker.sock:rw + - /my/path/to/data/dir:/data:rw # the config file is located at /data/.runner and needs to survive container restarts + environment: + TZ: "Europe/Berlin" + # config parameters for initial runner registration: + GITEA_INSTANCE_URL: 'https://gitea.example.com' # required + GITEA_INSTANCE_INSECURE: '0' # optional, default is 0 + GITEA_RUNNER_REGISTRATION_TOKEN_FILE: 'path/to/file' # only required on first container start + # or: GITEA_RUNNER_REGISTRATION_TOKEN: '' + GITEA_RUNNER_NAME: '' # optional, defaults to the container's hostname + GITEA_RUNNER_LABELS: '' # optional + GITEA_RUNNER_UID: 1200 # optional, default is 1000 + GITEA_RUNNER_GID: 1200 # optional, default is 1000 + deploy: + restart_policy: + condition: on-failure + delay: 5s +``` + + +## License + +All files in this repository are released under the [Apache License 2.0](LICENSE.txt). + +Individual files contain the following tag instead of the full license text: +``` +SPDX-License-Identifier: Apache-2.0 +``` + +This enables machine processing of license information based on the SPDX License Identifiers that are available here: https://spdx.org/licenses/. diff --git a/build-image.sh b/build-image.sh new file mode 100644 index 0000000..fd6b944 --- /dev/null +++ b/build-image.sh @@ -0,0 +1,61 @@ +#!/usr/bin/env bash +# +# SPDX-FileCopyrightText: © Vegard IT GmbH (https://vegardit.com) +# SPDX-FileContributor: Sebastian Thomschke +# SPDX-License-Identifier: Apache-2.0 +# SPDX-ArtifactOfProjectHomePage: https://github.com/vegardit/docker-gitea-act-runner +# + +shared_lib="$(dirname $0)/.shared" +[ -e "$shared_lib" ] || curl -sSf https://raw.githubusercontent.com/vegardit/docker-shared/v1/download.sh?_=$(date +%s) | bash -s v1 "$shared_lib" || exit 1 +source "$shared_lib/lib/build-image-init.sh" + + +################################################# +# specify target docker registry/repo +################################################# +docker_registry=${DOCKER_REGISTRY:-docker.io} +image_repo=${DOCKER_REPO:-vegardit/gitea-act-runner} +image_name=$image_repo:${DOCKER_IMAGE_TAG:-latest} + + +################################################# +# build the image +################################################# +echo "Building docker image [$image_name]..." +if [[ $OSTYPE == "cygwin" || $OSTYPE == "msys" ]]; then + project_root=$(cygpath -w "$project_root") +fi + +DOCKER_BUILDKIT=1 docker build "$project_root" \ + --file "image/Dockerfile" \ + --progress=plain \ + --pull \ + --build-arg INSTALL_SUPPORT_TOOLS=${INSTALL_SUPPORT_TOOLS:-0} \ + `# using the current date as value for BASE_LAYER_CACHE_KEY, i.e. the base layer cache (that holds system packages with security updates) will be invalidate once per day` \ + --build-arg BASE_LAYER_CACHE_KEY=$base_layer_cache_key \ + --build-arg BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \ + --build-arg GIT_BRANCH="${GIT_BRANCH:-$(git rev-parse --abbrev-ref HEAD)}" \ + --build-arg GIT_COMMIT_DATE="$(date -d @$(git log -1 --format='%at') --utc +'%Y-%m-%d %H:%M:%S UTC')" \ + --build-arg GIT_COMMIT_HASH="$(git rev-parse --short HEAD)" \ + --build-arg GIT_REPO_URL="$(git config --get remote.origin.url)" \ + -t $image_name \ + "$@" + + +################################################# +# perform security audit +################################################# +if [[ "${DOCKER_AUDIT_IMAGE:-1}" == 1 ]]; then + bash "$shared_lib/cmd/audit-image.sh" $image_name +fi + + +################################################# +# push image with tags to remote docker image registry +################################################# +if [[ "${DOCKER_PUSH:-0}" == "1" ]]; then + docker image tag $image_name $docker_registry/$image_name + + docker push $docker_registry/$image_name +fi diff --git a/image/Dockerfile b/image/Dockerfile new file mode 100644 index 0000000..bc3f200 --- /dev/null +++ b/image/Dockerfile @@ -0,0 +1,162 @@ +#syntax=docker/dockerfile:1.4 +# see https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/syntax.md +# see https://docs.docker.com/engine/reference/builder/#syntax +# +# SPDX-FileCopyrightText: © Vegard IT GmbH (https://vegardit.com) +# SPDX-FileContributor: Sebastian Thomschke +# SPDX-License-Identifier: Apache-2.0 +# SPDX-ArtifactOfProjectHomePage: https://github.com/vegardit/docker-gitea-act-runner +# +# https://hub.docker.com/_/debian?tab=tags&name=stable-slim + +###################### +# runtime image base +###################### +FROM debian:stable-slim as runtime-base-image + +LABEL maintainer="Vegard IT GmbH (vegardit.com)" + +USER root + +SHELL ["/bin/bash", "-c"] + +ARG BASE_LAYER_CACHE_KEY +ARG DEBIAN_FRONTEND=noninteractive +ARG LC_ALL=C + +RUN --mount=type=bind,source=.shared,target=/mnt/shared <> /etc/sudoers + + /mnt/shared/cmd/debian-cleanup.sh + +EOF + + +###################### +# build image +###################### + +# https://hub.docker.com/_/python?tab=tags&name=3-slim +FROM debian:stable-slim AS build-image + +USER root + +SHELL ["/bin/bash", "-c"] + +ARG BASE_LAYER_CACHE_KEY +ARG DEBIAN_FRONTEND=noninteractive +ARG LC_ALL=C +ARG INSTALL_SUPPORT_TOOLS=0 + +ARG ACT_RUNNER_DOWNLOAD_URL=https://dl.gitea.com/act_runner/main/act_runner-main-linux-amd64 +ARG UPX_COMPRESS=true + +RUN --mount=type=bind,source=.shared,target=/mnt/shared </opt/build_info + cat /opt/build_info + +EOF + +COPY image/*.sh /opt/ +COPY .shared/lib/bash-init.sh /opt/bash-init.sh + +USER act + +VOLUME [ "/data" ] + +ENTRYPOINT ["/usr/bin/tini", "--"] + +CMD ["/bin/bash", "/opt/run.sh"] diff --git a/image/run.sh b/image/run.sh new file mode 100644 index 0000000..40d1818 --- /dev/null +++ b/image/run.sh @@ -0,0 +1,68 @@ +#!/usr/bin/env bash +# +# SPDX-FileCopyrightText: © Vegard IT GmbH (https://vegardit.com) +# SPDX-FileContributor: Sebastian Thomschke +# SPDX-License-Identifier: Apache-2.0 +# SPDX-ArtifactOfProjectHomePage: https://github.com/vegardit/docker-gitea-act-runner +# + +source /opt/bash-init.sh + +################################################# +# print header +################################################# +cat <<'EOF' + _____ _ _ _ _____ + / ____(_) | /\ | | | __ \ + | | __ _| |_ ___ __ _ / \ ___| |_ | |__) | _ _ __ _ __ ___ _ __ + | | |_ | | __/ _ \/ _` | / /\ \ / __| __| | _ / | | | '_ \| '_ \ / _ \ '__| + | |__| | | || __/ (_| | / ____ \ (__| |_ | | \ \ |_| | | | | | | | __/ | + \_____|_|\__\___|\__,_| /_/ \_\___|\__| |_| \_\__,_|_| |_|_| |_|\___|_| +EOF + +cat /opt/build_info +echo + +log INFO "Timezone is $(date +"%Z %z")" +log INFO "Hostname: $(hostname -f)" +log INFO "IP Addresses: " +awk '/32 host/ { if(uniq[ip]++ && ip != "127.0.0.1") print " - " ip } {ip=$2}' /proc/net/fib_trie + + +################################################################# +# Adjust UID/GID and file permissions based on env var config +################################################################# +if [ -n "${GITEA_RUNNER_UID:-}" ]; then + effective_uid=$(id -u act) + if [ "$GITEA_RUNNER_UID" != "$effective_uid" ]; then + log INFO "Changing UID of user [act] from $effective_uid to $GITEA_RUNNER_UID..." + sudo usermod -o -u "$GITEA_RUNNER_UID" act + fi +fi +if [ -n "${GITEA_RUNNER_GID:-}" ]; then + effective_gid=$(id -g act) + if [ "$GITEA_RUNNER_GID" != "$effective_gid" ]; then + log INFO "Changing GID of user [act] from $effective_gid to $GITEA_RUNNER_GID..." + sudo usermod -o -u "$GITEA_RUNNER_GID" act + fi +fi +sudo chown -R act:act /data + +docker_group=$(stat -c '%G' /var/run/docker.sock) +if [[ $docker_group == "UNKNOWN" ]]; then + docker_gid=$(stat -c '%g' /var/run/docker.sock) + docker_group="docker$docker_gid" + log INFO "Creating group [$docker_group]..." + sudo addgroup --gid $docker_gid $docker_group +fi + +if ! id -nG act | grep -qw "$docker_group"; then + log INFO "Adding user [act] to group [$docker_group]..." + sudo usermod -aG $docker_group act +fi + + +################################################################# +# Launch the runner with adjusted UID/GID +################################################################# +exec sudo -u act -g act -E bash /opt/run_runner.sh \ No newline at end of file diff --git a/image/run_runner.sh b/image/run_runner.sh new file mode 100644 index 0000000..297a30b --- /dev/null +++ b/image/run_runner.sh @@ -0,0 +1,46 @@ +#!/usr/bin/env bash +# +# SPDX-FileCopyrightText: © Vegard IT GmbH (https://vegardit.com) +# SPDX-FileContributor: Sebastian Thomschke +# SPDX-License-Identifier: Apache-2.0 +# SPDX-ArtifactOfProjectHomePage: https://github.com/vegardit/docker-gitea-act-runner +# +source /opt/bash-init.sh + +log INFO "Effective user: $(id)" + +cd /data + +################################################# +# load custom init script if specified +################################################# +if [[ -f $INIT_SH_FILE ]]; then + log INFO "Loading [$INIT_SH_FILE]..." + source "$INIT_SH_FILE" +fi + + +################################################# +# register act runner if required +################################################# +if [[ ! -s .runner ]]; then + if [[ ${GITEA_INSTANCE_INSECURE:-} == '1' ]]; then + insecure_flag=--insecure + fi + if [[ -z ${GITEA_RUNNER_REGISTRATION_TOKEN:-} ]]; then + read -r GITEA_RUNNER_REGISTRATION_TOKEN < "$GITEA_RUNNER_REGISTRATION_TOKEN_FILE" + fi + /opt/act/runner register \ + --instance "${GITEA_INSTANCE_URL}" \ + --token "${GITEA_RUNNER_REGISTRATION_TOKEN}" \ + --name "${GITEA_RUNNER_NAME}" \ + --labels "${GITEA_RUNNER_LABELS}" \ + $( [[ ${GITEA_INSTANCE_INSECURE:-} == '1' ]] && echo "--insecure" || true) \ + --no-interactive +fi + + +################################################# +# run the act runner +################################################# +exec /opt/act/runner daemon