From 405652dcdac29e663aa0d2afe5315fd0752b056c Mon Sep 17 00:00:00 2001 From: "Ryan (hackercat)" Date: Mon, 14 Jun 2021 22:30:46 +0000 Subject: [PATCH] fix(workflows): update `actions/setup-go` to v2 (#14) --- .github/workflows/build-alpine.yml | 12 +- .github/workflows/build-ubuntu.yml | 209 +++++++++++++++++------------ .gitignore | 2 - LICENCE | 21 +++ LICENSE | 1 + README.md | 9 +- build.sh | 19 +++ linux/alpine/act/Dockerfile | 1 + linux/ubuntu/act/Dockerfile | 84 ++++++------ linux/ubuntu/js/Dockerfile | 33 +++-- linux/ubuntu/runner/Dockerfile | 34 +++-- linux/ubuntu/rust/Dockerfile | 29 ++-- 12 files changed, 282 insertions(+), 172 deletions(-) create mode 100644 LICENCE create mode 120000 LICENSE create mode 100755 build.sh diff --git a/.github/workflows/build-alpine.yml b/.github/workflows/build-alpine.yml index 1c26434..597e9ad 100644 --- a/.github/workflows/build-alpine.yml +++ b/.github/workflows/build-alpine.yml @@ -21,7 +21,7 @@ env: PLATFORMS: linux/amd64,linux/arm64,linux/arm/v7 jobs: - build: + build-alpine: runs-on: ubuntu-latest environment: Images steps: @@ -81,7 +81,7 @@ jobs: quay.io/${{ env.SLUG }}:${{ env.TAG }} docker.io/${{ env.SLUG }}:${{ env.TAG }} build-args: | - IMAGEOS=${{ env.IMAGE }} + DISTRO=${{ env.IMAGE }} BUILD_TAG_VERSION=${{ steps.print-tag.outputs.tag }} BUILD_TAG=act BUILD_REF=${{ github.sha }} @@ -101,13 +101,13 @@ jobs: docker.io/${{ env.SLUG }}:${{ env.TAG }} build-args: | IMAGE=ghcr.io/${{ env.SLUG }} - IMAGEOS=${{ env.IMAGE }} + DISTRO=${{ env.IMAGE }} TAG=act-${{ steps.print-tag.outputs.tag }} BUILD_TAG_VERSION=${{ steps.print-tag.outputs.tag }} BUILD_TAG=runner BUILD_REF=${{ github.sha }} - - uses: actions/setup-go@v1 + - uses: actions/setup-go@v2 with: go-version: 1.16 @@ -139,7 +139,7 @@ jobs: quay.io/${{ env.SLUG }}:${{ env.TAG }} docker.io/${{ env.SLUG }}:${{ env.TAG }} build-args: | - IMAGEOS=${{ env.IMAGE }} + DISTRO=${{ env.IMAGE }} BUILD_TAG_VERSION=${{ steps.print-tag.outputs.tag }} BUILD_TAG=${{ env.TAG }} BUILD_REF=${{ github.sha }} @@ -159,7 +159,7 @@ jobs: docker.io/${{ env.SLUG }}:${{ env.TAG }} build-args: | IMAGE=ghcr.io/${{ env.SLUG }} - IMAGEOS=${{ env.IMAGE }} + DISTRO=${{ env.IMAGE }} TAG=act-${{ steps.print-tag.outputs.tag }} BUILD_TAG_VERSION=${{ steps.print-tag.outputs.tag }} BUILD_TAG=${{ env.TAG }} diff --git a/.github/workflows/build-ubuntu.yml b/.github/workflows/build-ubuntu.yml index af68d6b..7ade64b 100644 --- a/.github/workflows/build-ubuntu.yml +++ b/.github/workflows/build-ubuntu.yml @@ -18,13 +18,21 @@ on: env: SLUG: ${{ github.repository_owner }}/ubuntu IMAGE: ubuntu - PLATFORMS: linux/amd64,linux/arm64 + PLATFORMS: linux/amd64 NODE: '12' + BUILD_REF: ${{ github.sha }} + SKIP_TEST: true + +defaults: + run: + shell: sh jobs: - build: + build-base: runs-on: ubuntu-latest environment: Images + env: + PLATFORMS: linux/amd64,linux/arm64 strategy: fail-fast: true max-parallel: 4 @@ -55,24 +63,21 @@ jobs: password: ${{ secrets.DOCKER_TOKEN }} - name: Print tag - id: print-tag - shell: sh run: | if ${{ github.event_name == 'pull_request' }} && ${{ !env.ACT }} ; then - echo "::set-output name=tag::PR-${{ github.event.number }}" + echo "PART_TAG=PR-${{ github.event.number }}" >> $GITHUB_ENV elif ${{ !env.ACT }} ; then - echo "::set-output name=tag::$(date +%Y%m%d)" + echo "PART_TAG=$(date +%Y%m%d)" >> $GITHUB_ENV else - echo "::set-output name=tag::dev" + echo "PART_TAG=dev" >> $GITHUB_ENV fi - name: Set Ubuntu version to RELEASE - id: print-release run: | if [ "latest" = "${{ matrix.TAG }}" ]; then - echo "::set-output name=RELEASE::$(lsb_release -rs)" + echo "RELEASE_TAG=$(lsb_release -rs)" >> $GITHUB_ENV else - echo "::set-output name=RELEASE::${{ matrix.TAG }}" + echo "RELEASE_TAG=${{ matrix.TAG }}" >> $GITHUB_ENV fi - name: Set up QEMU @@ -84,101 +89,133 @@ jobs: - uses: actions/checkout@v2 - name: Build and push ${{ env.SLUG }}:${{ env.TAG }} - uses: docker/build-push-action@v2 + run: ./build.sh env: - TAG: act-${{ matrix.TAG }}-${{ steps.print-tag.outputs.tag }} - with: - context: . - push: true - file: ./linux/${{ env.IMAGE }}/act/Dockerfile - platforms: ${{ env.PLATFORMS }} - tags: | - ghcr.io/${{ env.SLUG }}:${{ env.TAG }} - quay.io/${{ env.SLUG }}:${{ env.TAG }} - docker.io/${{ env.SLUG }}:${{ env.TAG }} - build-args: | - IMAGEOS=${{ env.IMAGE }} - NODE_VERSION=${{ env.NODE }} - BUILD_TAG_VERSION=${{ steps.print-tag.outputs.tag }} - BUILD_TAG=act-${{ matrix.TAG }} - BUILD_REF=${{ github.sha }} + TAG: act-${{ matrix.TAG }}-${{ env.PART_TAG }} + TYPE: act + FROM_IMAGE: buildpack-deps + FROM_TAG: ${{ env.RELEASE_TAG }} + DISTRO: ${{ env.IMAGE }} + BUILD_TAG_VERSION: ${{ env.PART_TAG }} + BUILD_TAG: act-${{ matrix.TAG }} - name: Build and push ${{ env.SLUG }}:${{ env.TAG }} - uses: docker/build-push-action@v2 + run: ./build.sh env: - TAG: runner-${{ matrix.TAG }}-${{ steps.print-tag.outputs.tag }} - with: - context: . - push: true - file: ./linux/${{ env.IMAGE }}/runner/Dockerfile - platforms: ${{ env.PLATFORMS }} - tags: | - ghcr.io/${{ env.SLUG }}:${{ env.TAG }} - quay.io/${{ env.SLUG }}:${{ env.TAG }} - docker.io/${{ env.SLUG }}:${{ env.TAG }} - build-args: | - IMAGE=ghcr.io/${{ env.SLUG }} - IMAGEOS=${{ env.IMAGE }} - TAG=act-${{ matrix.TAG }}-${{ steps.print-tag.outputs.tag }} - BUILD_TAG_VERSION=${{ steps.print-tag.outputs.tag }} - BUILD_TAG=runner - BUILD_REF=${{ github.sha }} + TAG: runner-${{ matrix.TAG }}-${{ env.PART_TAG }} + TYPE: runner + DISTRO: ${{ env.IMAGE }} + FROM_IMAGE: ghcr.io/${{ env.SLUG }} + FROM_TAG: act-${{ matrix.TAG }}-${{ env.PART_TAG }} + BUILD_TAG_VERSION: ${{ env.PART_TAG }} + BUILD_TAG: runner-${{ matrix.TAG }} - - uses: actions/setup-go@v1 + - uses: actions/setup-go@v2 with: go-version: 1.16 - uses: actions/checkout@v2 with: - ref: cat/fix/change-image - repository: catthehacker/act-fork + repository: nektos/act path: act - - env: - ACT_TEST_IMAGE: ghcr.io/${{ env.SLUG }}:act-${{ matrix.TAG }}-${{ steps.print-tag.outputs.tag }} - ACT_REPOSITORY: catthehacker/act-fork - ACT_OWNER: catthehacker + - if: ${{ !env.SKIP_TEST }} + env: + ACT_TEST_IMAGE: ghcr.io/${{ env.SLUG }}:act-${{ matrix.TAG }}-${{ env.PART_TAG }} run: | cd act/ go test ./... - name: Build and push ${{ env.SLUG }}:${{ env.TAG }} - uses: docker/build-push-action@v2 + if: ${{ ( github.event_name != 'pull_request' && !env.ACT ) }} + run: ./build.sh env: - TAG: act - with: - context: . - push: ${{ ( github.event_name != 'pull_request' && !env.ACT ) }} - file: ./linux/${{ env.IMAGE }}/act/Dockerfile - platforms: ${{ env.PLATFORMS }} - tags: | - ghcr.io/${{ env.SLUG }}:${{ env.TAG }} - quay.io/${{ env.SLUG }}:${{ env.TAG }} - docker.io/${{ env.SLUG }}:${{ env.TAG }} - build-args: | - NODE_VERSION=${{ env.NODE }} - IMAGEOS=${{ env.IMAGE }} - BUILD_TAG_VERSION=${{ steps.print-tag.outputs.tag }} - BUILD_TAG=act-${{ matrix.TAG }} - BUILD_REF=${{ github.sha }} + TAG: act-${{ matrix.TAG }} + TYPE: act + FROM_IMAGE: buildpack-deps + FROM_TAG: ${{ env.RELEASE_TAG }} + DISTRO: ${{ env.IMAGE }} + BUILD_TAG_VERSION: ${{ env.PART_TAG }} + BUILD_TAG: act-${{ matrix.TAG }} - name: Build and push ${{ env.SLUG }}:${{ env.TAG }} - uses: docker/build-push-action@v2 + if: ${{ ( github.event_name != 'pull_request' && !env.ACT ) }} + run: ./build.sh + shell: sh env: - TAG: runner + TAG: runner-${{ matrix.TAG }} + TYPE: runner + DISTRO: ${{ env.IMAGE }} + FROM_IMAGE: ghcr.io/${{ env.SLUG }} + FROM_TAG: act-${{ matrix.TAG }} + BUILD_TAG_VERSION: ${{ env.PART_TAG }} + BUILD_TAG: runner-${{ matrix.TAG }} + build-flavours: + runs-on: ubuntu-latest + needs: [build-base] + strategy: + fail-fast: true + max-parallel: 4 + matrix: + TAG: [latest, 20.04, 18.04, 16.04] + TYPE: [js, rust] + steps: + - name: Login to GitHub Container Registry + id: ghcr + uses: docker/login-action@v1 with: - context: . - push: ${{ ( github.event_name != 'pull_request' && !env.ACT ) }} - file: ./linux/${{ env.IMAGE }}/runner/Dockerfile - platforms: ${{ env.PLATFORMS }} - tags: | - ghcr.io/${{ env.SLUG }}:${{ env.TAG }} - quay.io/${{ env.SLUG }}:${{ env.TAG }} - docker.io/${{ env.SLUG }}:${{ env.TAG }} - build-args: | - IMAGE=ghcr.io/${{ env.SLUG }} - IMAGEOS=${{ env.IMAGE }} - TAG=act-${{ matrix.TAG }}-${{ steps.print-tag.outputs.tag }} - BUILD_TAG_VERSION=${{ steps.print-tag.outputs.tag }} - BUILD_TAG=runner-${{ matrix.TAG }} - BUILD_REF=${{ github.sha }} + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Login to Quay + id: quay + uses: docker/login-action@v1 + with: + registry: quay.io + username: ${{ secrets.QUAY_USER }} + password: ${{ secrets.QUAY_TOKEN }} + + - name: Login to Docker Hub + id: dckr + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_USER }} + password: ${{ secrets.DOCKER_TOKEN }} + + - name: Print tag + run: | + if ${{ github.event_name == 'pull_request' }} && ${{ !env.ACT }} ; then + echo "PART_TAG=PR-${{ github.event.number }}" >> $GITHUB_ENV + elif ${{ !env.ACT }} ; then + echo "PART_TAG=$(date +%Y%m%d)" >> $GITHUB_ENV + else + echo "PART_TAG=dev" >> $GITHUB_ENV + fi + + - name: Set Ubuntu version to RELEASE + run: | + if [ "latest" = "${{ matrix.TAG }}" ]; then + echo "RELEASE_TAG=$(lsb_release -rs)" >> $GITHUB_ENV + else + echo "RELEASE_TAG=${{ matrix.TAG }}" >> $GITHUB_ENV + fi + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - uses: actions/checkout@v2 + + - name: Build and push ${{ env.SLUG }}:${{ env.TAG }} + run: ./build.sh + env: + TAG: ${{ matrix.TYPE }}-${{ matrix.TAG }}-${{ env.PART_TAG }} + TYPE: ${{ matrix.TYPE }} + FROM_IMAGE: ghcr.io/${{ env.SLUG }} + FROM_TAG: act-${{ matrix.TAG }} + DISTRO: ${{ env.IMAGE }} + BUILD_TAG_VERSION: ${{ env.PART_TAG }} + BUILD_TAG: ${{ matrix.TYPE }}-${{ matrix.TAG }} diff --git a/.gitignore b/.gitignore index cc5cac7..5303835 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,3 @@ -build.ps1 - # custom stuff .secrets .env diff --git a/LICENCE b/LICENCE new file mode 100644 index 0000000..1f340dd --- /dev/null +++ b/LICENCE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2021 catthehacker + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/LICENSE b/LICENSE new file mode 120000 index 0000000..97ea633 --- /dev/null +++ b/LICENSE @@ -0,0 +1 @@ +LICENCE \ No newline at end of file diff --git a/README.md b/README.md index 2e64b91..7cdab6e 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,10 @@ # Docker images -[![Build Docker image](https://github.com/CatTheHacker/docker-images/workflows/Build%20Docker%20image/badge.svg)](https://github.com/CatTheHacker/docker-images/actions?query=workflow%3A%22Build+Docker+image%22) -[![GitHub Super-Linter](https://github.com/catthehacker/docker_images/workflows/Lint%20Code%20Base/badge.svg)](https://github.com/marketplace/actions/super-linter) +[![Scheduled build (Ubuntu)](https://github.com/catthehacker/docker_images/actions/workflows/build-ubuntu.yml/badge.svg?event=schedule)](https://github.com/catthehacker/docker_images/actions/workflows/build-ubuntu.yml) +[![On-demand build (Ubuntu)](https://github.com/catthehacker/docker_images/actions/workflows/build-ubuntu.yml/badge.svg?event=workflow_dispatch)](https://github.com/catthehacker/docker_images/actions/workflows/build-ubuntu.yml) +[![Scheduled build (Alpine)](https://github.com/catthehacker/docker_images/actions/workflows/build-alpine.yml/badge.svg?event=schedule)](https://github.com/catthehacker/docker_images/actions/workflows/build-alpine.yml) +[![On-demand build (Alpine)](https://github.com/catthehacker/docker_images/actions/workflows/build-alpine.yml/badge.svg?event=workflow_dispatch)](https://github.com/catthehacker/docker_images/actions/workflows/build-alpine.yml) +[![Linter](https://github.com/catthehacker/docker_images/actions/workflows/lint.yml/badge.svg)](https://github.com/catthehacker/docker_images/actions/workflows/lint.yml) ## When updates will be applied to images @@ -36,5 +39,7 @@ - `catthehacker/alpine:act` - `catthehacker/alpine:runner` +## Repository contains parts of [`actions/virtual-environments`][actions/virtual-environments] which is licenced under ["MIT License"](https://github.com/actions/virtual-environments/blob/main/LICENSE) + [actions/virtual-environments]: https://github.com/actions/virtual-environments [catthehacker/runner-image]: https://github.com/catthehacker/virtual-environments diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..214bd25 --- /dev/null +++ b/build.sh @@ -0,0 +1,19 @@ +#!/bin/sh + +docker buildx build \ + --pull \ + --push \ + --progress=plain \ + --tag="ghcr.io/${SLUG}:${TAG}" \ + --tag="quay.io/${SLUG}:${TAG}" \ + --tag="docker.io/${SLUG}:${TAG}" \ + --build-arg="NODE_VERSION=${NODE}" \ + --build-arg="DISTRO=${DISTRO}" \ + --build-arg="BUILD_TAG_VERSION=${BUILD_TAG_VERSION}" \ + --build-arg="BUILD_TAG=${BUILD_TAG}" \ + --build-arg="BUILD_REF=${BUILD_REF}" \ + --build-arg="FROM_IMAGE=${FROM_IMAGE}" \ + --build-arg="FROM_TAG=${FROM_TAG}" \ + --file="./linux/${IMAGE}/${TYPE}/Dockerfile" \ + --platform="${PLATFORMS}" \ + . diff --git a/linux/alpine/act/Dockerfile b/linux/alpine/act/Dockerfile index 808f5ad..e0d98d7 100644 --- a/linux/alpine/act/Dockerfile +++ b/linux/alpine/act/Dockerfile @@ -17,6 +17,7 @@ SHELL [ "/bin/ash", "-l", "-o", "pipefail", "-c" ] RUN set -euxo pipefail \ && printf "\n\n\tšŸ‹\t Build started \tšŸ‹\t\n\n" \ && printf "\n\n\tšŸ‹\t Adding environment variables \tšŸ‹\t\n\n" \ + && sed 's|"||g' -i /etc/environment \ && echo "USER=$(whoami)" | tee -a /etc/environment \ && echo "RUNNER_USER=$(whoami)" | tee -a /etc/environment \ && echo "IMAGE_OS=${IMAGE}" | tee -a /etc/environment \ diff --git a/linux/ubuntu/act/Dockerfile b/linux/ubuntu/act/Dockerfile index 2ffaf08..a7e33b2 100644 --- a/linux/ubuntu/act/Dockerfile +++ b/linux/ubuntu/act/Dockerfile @@ -1,18 +1,20 @@ -ARG IMAGE=buildpack-deps -ARG TAG=20.04 -FROM ${IMAGE}:${TAG} +ARG FROM_IMAGE=buildpack-deps +ARG FROM_TAG=20.04 +FROM ${FROM_IMAGE}:${FROM_TAG} # > automatic buildx ARGs ARG TARGETARCH -ARG TARGETVARIANT # > ARGs before FROM are not accessible -ARG IMAGE=buildpack-deps -ARG TAG=20.04 +ARG FROM_IMAGE=buildpack-deps +ARG FROM_TAG=20.04 # > NodeJS version ARG NODE_VERSION=12 +# > Distro +ARG DISTRO=ubuntu + # > Force apt to not be interactive/not ask ARG DEBIAN_FRONTEND=noninteractive @@ -20,53 +22,55 @@ SHELL [ "/bin/bash", "--noprofile", "--norc", "-e", "-o", "pipefail", "-c" ] # > setup environment required for GitHub Actions RUN set -Eeuxo pipefail \ - && printf "\n\n\tšŸ‹\t Build started \tšŸ‹\t\n\n" \ + && printf "\n\n\tšŸ‹ Build started šŸ‹\t\n\n" \ + && sed 's|"||g' -i /etc/environment \ && echo "USER=$(whoami)" | tee -a /etc/environment \ && echo "RUNNER_USER=$(whoami)" | tee -a /etc/environment \ - && ImageOS=ubuntu$(echo ${TAG} | cut -d'.' -f 1) \ + && ImageOS=ubuntu$(echo ${FROM_TAG} | cut -d'.' -f 1) \ && echo "IMAGE_OS=$ImageOS" | tee -a /etc/environment \ && echo "ImageOS=$ImageOS" | tee -a /etc/environment \ - && echo "LSB_RELEASE=${TAG}" | tee -a /etc/environment \ + && echo "LSB_RELEASE=${FROM_TAG}" | tee -a /etc/environment \ && AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache \ && echo "AGENT_TOOLSDIRECTORY=$AGENT_TOOLSDIRECTORY" | tee -a /etc/environment \ && echo "RUN_TOOL_CACHE=$AGENT_TOOLSDIRECTORY" | tee -a /etc/environment \ && echo "DEPLOYMENT_BASEPATH=/opt/runner" | tee -a /etc/environment \ && echo ". /etc/environment" | tee -a /etc/profile \ - && mkdir -p $AGENT_TOOLSDIRECTORY \ - && chown 1000:1000 $AGENT_TOOLSDIRECTORY \ - && chmod 0777 $AGENT_TOOLSDIRECTORY \ - && mkdir -p /github \ - && chown 1000:1000 /github \ - && chmod 0777 /github \ - && printf "\n\n\tšŸ‹\t Installing packages \tšŸ‹\t\n\n" \ + && mkdir -m 0777 -p $AGENT_TOOLSDIRECTORY \ + && chown -R 1001:1000 $AGENT_TOOLSDIRECTORY \ + && mkdir -m 0777 -p /github \ + && chown -R 1001:1000 /github \ + && printf "\n\n\tšŸ‹ Installing packages šŸ‹\t\n\n" \ && apt-get -yq update \ - && apt-get -yq install --no-install-recommends ssh lsb-release gawk jq curl git wget sudo gnupg-agent ca-certificates software-properties-common apt-transport-https libyaml-0-2 zstd unzip xz-utils "$(apt-cache search libicu | grep -E 'libicu[[:digit:]]+ -' | cut -d \" \" -f 1)" \ + && apt-get -yq install --no-install-recommends ssh lsb-release gawk jq curl git wget sudo gnupg-agent ca-certificates software-properties-common apt-transport-https libyaml-0-2 zstd unzip xz-utils \ && ln -s $(which python3) /usr/local/bin/python \ - && [[ "${TAG}" == "16.04" ]] && printf 'git-lfs not available for Xenial' || apt-get -yq install --no-install-recommends git-lfs \ - && printf "\n\n\tšŸ‹\t Updated apt lists and upgraded packages \tšŸ‹\t\n\n" \ - && printf "\n\n\tšŸ‹\t Creating ~/.ssh and adding 'github.com' \tšŸ‹\t\n\n" \ - && mkdir -p ~/.ssh \ - && chmod 700 ~/.ssh \ + && [[ "${FROM_TAG}" == "16.04" ]] && printf 'git-lfs not available for Xenial' || apt-get -yq install --no-install-recommends git-lfs \ + && printf "\n\n\tšŸ‹ Updated apt lists and upgraded packages šŸ‹\t\n\n" \ + && printf "\n\n\tšŸ‹ Creating ~/.ssh and adding 'github.com' šŸ‹\t\n\n" \ + && mkdir -m 0700 -p ~/.ssh \ && ssh-keyscan github.com | tee ~/.ssh/known_hosts \ - && printf "\n\n\tšŸ‹\t Installed base utils\nInstalling docker \tšŸ‹\t\n\n" \ - && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - \ - && add-apt-repository "deb https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \ + && printf "\n\n\tšŸ‹ Installed base utils šŸ‹\t\n\n" \ + && printf "\n\n\tšŸ‹ Installing docker cli šŸ‹\t\n\n" \ + && curl -sSL https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add - \ + && sudo apt-add-repository https://packages.microsoft.com/ubuntu/${FROM_TAG}/prod \ && apt-get -yq update \ - && apt-get -yq install --no-install-recommends docker-ce-cli \ - && printf "\n\n\tšŸ‹\t Installed $(docker -v)\n \tšŸ‹\t\n\n" \ - && printf "\n\n\tšŸ‹\t Installing Node.JS \tšŸ‹\t\n\n" \ - && curl -sSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ - && DISTRO="$(lsb_release -s -c)" \ - && echo "deb https://deb.nodesource.com/node_${NODE_VERSION}.x $DISTRO main" | tee /etc/apt/sources.list.d/nodesource.list \ - && echo "deb-src https://deb.nodesource.com/node_${NODE_VERSION}.x $DISTRO main" | tee -a /etc/apt/sources.list.d/nodesource.list \ - && apt-get -yq update \ - && apt-get -yq install --no-install-recommends nodejs="${NODE_VERSION}*" \ - && printf "\n\n\tšŸ‹\t Installed Node.JS $(node -v) \tšŸ‹\t\n\n" \ - && dpkg-query -f '${binary:Package}\n' -W \ - && printf "\n\n\tšŸ‹\t Cleaning image \tšŸ‹\t\n\n" \ + && apt-get -yq install --no-install-recommends moby-cli moby-buildx \ + && printf "\n\n\tšŸ‹ Installed moby-cli šŸ‹\t\n\n" \ + && docker version \ + && printf "\n\n\tšŸ‹ Installed moby-buildx šŸ‹\t\n\n" \ + && docker buildx version \ + && printf "\n\n\tšŸ‹ Installing Node.JS šŸ‹\t\n\n" \ + && ver=$(curl https://nodejs.org/download/release/index.json | jq "[.[] | select(.version|test(\"^v${NODE_VERSION}\"))][0].version" -r) \ + && node_path=$AGENT_TOOLSDIRECTORY/node/$(echo $ver | sed 's/v//g')/x64 \ + && mkdir -v -m 0777 -p $node_path \ + && curl "https://nodejs.org/download/release/latest-v${NODE_VERSION}.x/node-${ver}-linux-x64.tar.xz" | tar -Jxf - --strip-components=1 -C $node_path \ + && sed "s|PATH=|PATH=${node_path}/bin:|g" -i /etc/environment \ + && export PATH="${node_path}/bin:$PATH" \ + && printf "\n\n\tšŸ‹ Installed Node.JS $(node -v) šŸ‹\t\n\n" \ + && printf "\n\n\tšŸ‹ Installed NPM $(npm -v) šŸ‹\t\n\n" \ + && printf "\n\n\tšŸ‹ Cleaning image šŸ‹\t\n\n" \ && apt-get clean \ && rm -rf /var/cache/* /var/log/* /var/lib/apt/lists/* /tmp/* || echo 'Failed to delete directories' \ - && printf "\n\n\tšŸ‹\t Cleaned up image \tšŸ‹\t\n\n" + && printf "\n\n\tšŸ‹ Cleaned up image šŸ‹\t\n\n" ARG BUILD_TAG_VERSION="dev" ARG BUILD_TAG="act" @@ -74,10 +78,10 @@ ARG BUILD_REF="master" LABEL org.opencontainers.image.vendor="catthehacker" LABEL org.opencontainers.image.authors="me@hackerc.at" -LABEL org.opencontainers.image.url="https://github.com/catthehacker/docker_images/tree/${BUILD_REF}/linux/${IMAGE}/${BUILD_TAG}/" +LABEL org.opencontainers.image.url="https://github.com/catthehacker/docker_images/tree/${BUILD_REF}/linux/${DISTRO}/${BUILD_TAG}/" LABEL org.opencontainers.image.source="https://github.com/catthehacker/docker_images" LABEL org.opencontainers.image.version=${BUILD_TAG_VERSION} -LABEL org.opencontainers.image.title=${BUILD_TAG}-${TARGETARCH}-${TARGETVARIANT} +LABEL org.opencontainers.image.title=${BUILD_TAG}-${TARGETARCH} LABEL org.opencontainers.image.revision=${BUILD_REF} USER root diff --git a/linux/ubuntu/js/Dockerfile b/linux/ubuntu/js/Dockerfile index ec9b769..b4fe1a1 100644 --- a/linux/ubuntu/js/Dockerfile +++ b/linux/ubuntu/js/Dockerfile @@ -1,32 +1,41 @@ -ARG IMAGE=ghcr.io/catthehacker/ubuntu -ARG TAG=act-latest -FROM ${IMAGE}:${TAG} +ARG FROM_IMAGE=ghcr.io/catthehacker/ubuntu +ARG FROM_TAG=act-latest +FROM ${FROM_IMAGE}:${FROM_TAG} ARG TARGETARCH ARG TARGETVARIANT SHELL [ "/bin/bash", "--noprofile", "--norc", "-e", "-o", "pipefail", "-c" ] + RUN set -Eeuxo pipefail \ - && printf "\n\n\tšŸ‹\t Installing JS tools \tšŸ‹\t\n\n" \ - && printf "\n\n\tšŸ‹\t Installed NPM $(npm -v) \tšŸ‹\t\n\n" \ + && printf "\n\n\tšŸ‹ Installing JS tools šŸ‹\t\n\n" \ + && printf "\n\n\tšŸ‹ Installed NPM $(npm -v) šŸ‹\t\n\n" \ && npm install -g npm \ && npm install -g pnpm \ && npm install -g yarn \ - && printf "\n\n\tšŸ‹\t Installed NPM $(npm -v) \tšŸ‹\t\n\n" \ - && printf "\n\n\tšŸ‹\t Installed PNPM $(pnpm -v) \tšŸ‹\t\n\n" \ - && printf "\n\n\tšŸ‹\t Installed YARN $(yarn -v) \tšŸ‹\t\n\n" \ + && printf "\n\n\tšŸ‹ Installed NPM $(npm -v) šŸ‹\t\n\n" \ + && printf "\n\n\tšŸ‹ Installed PNPM $(pnpm -v) šŸ‹\t\n\n" \ + && printf "\n\n\tšŸ‹ Installed YARN $(yarn -v) šŸ‹\t\n\n" \ && npm install -g grunt gulp n parcel-bundler typescript newman vercel webpack webpack-cli lerna \ && npm install -g --unsafe-perm netlify-cli \ - && printf "\n\n\tšŸ‹\t Cleaning image \tšŸ‹\t\n\n" \ + && printf "\n\n\tšŸ‹ Installing NVM tools šŸ‹\t\n\n" \ + && VERSION=$(curl -s https://api.github.com/repos/nvm-sh/nvm/releases/latest | jq -r '.tag_name') \ + && curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/$VERSION/install.sh | bash \ + && export NVM_DIR=$HOME/.nvm \ + && echo 'NVM_DIR=$HOME/.nvm' | tee -a /etc/environment \ + && echo '[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm' | tee -a /etc/skel/.bash_profile \ + && [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" \ + && printf "\n\n\tšŸ‹ Installed NVM $(nvm --version) šŸ‹\t\n\n" \ + && printf "\n\n\tšŸ‹ Cleaning image šŸ‹\t\n\n" \ && apt-get clean \ && rm -rf /var/cache/* /var/log/* /var/lib/apt/lists/* /tmp/* || echo 'Failed to delete directories' \ - && printf "\n\n\tšŸ‹\t Cleaned up image \tšŸ‹\t\n\n" + && printf "\n\n\tšŸ‹ Cleaned up image šŸ‹\t\n\n" ARG BUILD_TAG_VERSION="dev" -ARG BUILD_TAG="rust" +ARG BUILD_TAG="js" ARG BUILD_REF="master" LABEL org.opencontainers.image.url="https://github.com/catthehacker/docker_images/tree/${BUILD_REF}/linux/${ImageOS}/${BUILD_TAG}/" LABEL org.opencontainers.image.version=${BUILD_TAG_VERSION} -LABEL org.opencontainers.image.title=${BUILD_TAG}-${TARGETARCH}-${TARGETVARIANT} +LABEL org.opencontainers.image.title=${BUILD_TAG}-${TARGETARCH} LABEL org.opencontainers.image.revision=${BUILD_REF} diff --git a/linux/ubuntu/runner/Dockerfile b/linux/ubuntu/runner/Dockerfile index 9302fb3..bb3c851 100644 --- a/linux/ubuntu/runner/Dockerfile +++ b/linux/ubuntu/runner/Dockerfile @@ -1,13 +1,13 @@ -ARG IMAGE=ghcr.io/catthehacker/ubuntu -ARG TAG=act-latest -FROM ${IMAGE}:${TAG} +ARG FROM_IMAGE=ghcr.io/catthehacker/ubuntu +ARG FROM_TAG=act-latest +FROM ${FROM_IMAGE}:${FROM_TAG} ARG TARGETARCH ARG TARGETVARIANT # > ARGs before FROM are not accessible -ARG IMAGE=catthehacker/ubuntu -ARG TAG=act-latest +ARG FROM_IMAGE=catthehacker/ubuntu +ARG FROM_TAG=act-latest # > non-root user ARG RUNNER=runner @@ -16,22 +16,28 @@ SHELL [ "/bin/bash", "--noprofile", "--norc", "-e", "-o", "pipefail", "-c" ] # > Create non-root user RUN set -Eeuxo pipefail \ - && printf "\n\n\tšŸ‹\t Creating non-root user \tšŸ‹\t\n\n" \ - && groupadd -g 1000 ${RUNNER} \ - && useradd -u 1000 -g ${RUNNER} -G sudo -m -s /bin/bash ${RUNNER} \ + && printf "\n\n\tšŸ‹ Creating runner users šŸ‹\t\n\n" \ + && groupadd -g 1001 ${RUNNER} \ + && groupadd -g 1000 ${RUNNER}admin \ + && useradd -u 1001 -g ${RUNNER} -G sudo -m -s /bin/bash ${RUNNER} \ + && useradd -u 1000 -g ${RUNNER}admin -G sudo -m -s /bin/bash ${RUNNER}admin \ && echo "${RUNNER} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \ - && printf "\n\n\tšŸ‹\t Runner user: $(su - ${RUNNER} -c id) \tšŸ‹\t\n\n" \ - && printf "\n\n\tšŸ‹\t Created non-root user $(grep ${RUNNER} /etc/passwd) \tšŸ‹\t\n\n" \ + && echo "${RUNNER}admin ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \ + && printf "\n\n\tšŸ‹ Runner user: $(su - ${RUNNER} -c id) šŸ‹\t\n\n" \ + && printf "\n\n\tšŸ‹ Runner admin: $(su - ${RUNNER}admin -c id) šŸ‹\t\n\n" \ + && printf "\n\n\tšŸ‹ Created non-root user $(grep ${RUNNER} /etc/passwd) šŸ‹\t\n\n" \ + && printf "\n\n\tšŸ‹ Created non-root admin $(grep ${RUNNER}admin /etc/passwd) šŸ‹\t\n\n" \ && sed -i /etc/environment -e "s/USER=root/USER=${RUNNER}/g" \ && echo "RUNNER_TEMP=/home/${RUNNER}/work/_temp" | tee -a /etc/environment \ && mkdir -p "/home/${RUNNER}/work/_temp" \ && chown -R ${RUNNER}:${RUNNER} "/home/${RUNNER}/work" \ - && mkdir -p "/home/${RUNNER}/.ssh" \ - && chmod 700 "/home/${RUNNER}/.ssh" \ + && mkdir -m 0700 -p "/home/${RUNNER}/.ssh" \ && ssh-keyscan github.com | tee "/home/${RUNNER}/.ssh/known_hosts" \ && chmod 644 "/home/${RUNNER}/.ssh/known_hosts" \ && chown -R ${RUNNER}:${RUNNER} "/home/${RUNNER}/.ssh" \ - && printf "\n\n\tšŸ‹\t Finished building \tšŸ‹\t\n\n" + && . /etc/environment \ + && chown -R ${RUNNER}:${RUNNER}admin $AGENT_TOOLSDIRECTORY \ + && printf "\n\n\tšŸ‹ Finished building šŸ‹\t\n\n" ARG BUILD_TAG_VERSION="dev" ARG BUILD_TAG="runner" @@ -39,7 +45,7 @@ ARG BUILD_REF="master" LABEL org.opencontainers.image.url="https://github.com/catthehacker/docker_images/tree/${BUILD_REF}/linux/${ImageOS}/${BUILD_TAG}/" LABEL org.opencontainers.image.version=${BUILD_TAG_VERSION} -LABEL org.opencontainers.image.title=${BUILD_TAG}-${TARGETARCH}-${TARGETVARIANT} +LABEL org.opencontainers.image.title=${BUILD_TAG}-${TARGETARCH} LABEL org.opencontainers.image.revision=${BUILD_REF} USER ${RUNNER} diff --git a/linux/ubuntu/rust/Dockerfile b/linux/ubuntu/rust/Dockerfile index 2b0dde2..2013317 100644 --- a/linux/ubuntu/rust/Dockerfile +++ b/linux/ubuntu/rust/Dockerfile @@ -1,38 +1,47 @@ -ARG IMAGE=ghcr.io/catthehacker/ubuntu -ARG TAG=act-latest -FROM ${IMAGE}:${TAG} +ARG FROM_IMAGE=ghcr.io/catthehacker/ubuntu +ARG FROM_TAG=act-latest +FROM ${FROM_IMAGE}:${FROM_TAG} ARG TARGETARCH ARG TARGETVARIANT +ARG DISTRO=ubuntu + ARG RUSTUP_HOME=/usr/share/rust/.rustup ARG CARGO_HOME=/usr/share/rust/.cargo SHELL [ "/bin/bash", "--noprofile", "--norc", "-e", "-o", "pipefail", "-c" ] + RUN set -Eeuxo pipefail \ - && printf "Installing dependencies\n" \ + && printf "\n\n\tšŸ‹ Installing dependencies šŸ‹\t\n\n" \ && apt-get -yq update \ && apt-get -yq install build-essential llvm \ - && printf "Installing Rust\n" \ + && printf "\n\n\tšŸ‹ Installing Rust šŸ‹\t\n\n" \ && curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain=stable --profile=minimal \ && source ${CARGO_HOME}/env \ && rustup component add rustfmt clippy \ && cargo install --locked bindgen cbindgen cargo-audit cargo-outdated \ && chmod -R 777 $(dirname ${RUSTUP_HOME}) \ && rm -rf ${CARGO_HOME}/registry/* \ - && sed "s|PATH=\"|PATH=\"${CARGO_HOME}/bin:|g" -i /etc/environment \ - && sed 's|"||g' -i /etc/environment \ + && sed "s|PATH=|PATH=${CARGO_HOME}/bin:|g" -i /etc/environment \ && cd /root \ && ln -sf ${CARGO_HOME} .cargo \ && ln -sf ${RUSTUP_HOME} .rustup \ && echo "RUSTUP_HOME=${RUSTUP_HOME}" | tee -a /etc/environment \ - && echo "CARGO_HOME=${CARGO_HOME}" | tee -a /etc/environment + && echo "CARGO_HOME=${CARGO_HOME}" | tee -a /etc/environment \ + && printf "\n\n\tšŸ‹ Installed RUSTUP $(rustup -V) šŸ‹\t\n\n" \ + && printf "\n\n\tšŸ‹ Installed CARGO $(cargo -V) šŸ‹\t\n\n" \ + && printf "\n\n\tšŸ‹ Installed RUSTC $(rustc -V) šŸ‹\t\n\n" \ + && printf "\n\n\tšŸ‹ Cleaning image šŸ‹\t\n\n" \ + && apt-get clean \ + && rm -rf /var/cache/* /var/log/* /var/lib/apt/lists/* /tmp/* || echo 'Failed to delete directories' \ + && printf "\n\n\tšŸ‹ Cleaned up image šŸ‹\t\n\n" ARG BUILD_TAG_VERSION="dev" ARG BUILD_TAG="rust" ARG BUILD_REF="master" -LABEL org.opencontainers.image.url="https://github.com/catthehacker/docker_images/tree/${BUILD_REF}/linux/${ImageOS}/${BUILD_TAG}/" +LABEL org.opencontainers.image.url="https://github.com/catthehacker/docker_images/tree/${BUILD_REF}/linux/${DISTRO}/${BUILD_TAG}/" LABEL org.opencontainers.image.version=${BUILD_TAG_VERSION} -LABEL org.opencontainers.image.title=${BUILD_TAG}-${TARGETARCH}-${TARGETVARIANT} +LABEL org.opencontainers.image.title=${BUILD_TAG}-${TARGETARCH} LABEL org.opencontainers.image.revision=${BUILD_REF}