From 7818b929c669d66f4a0c89d05b7acf7d4dd6371c Mon Sep 17 00:00:00 2001 From: hackercat Date: Wed, 21 Apr 2021 10:07:46 +0000 Subject: [PATCH] refactor: image building refactor image building, add more variants --- .github/linters/.dockerfilelintrc | 104 +++++++++++++++++++++++ .github/linters/.hadolint.yml | 12 +++ .github/workflows/build-alpine.yml | 112 +++++++++++++++++++++++++ .github/workflows/build-images.yml | 100 ---------------------- .github/workflows/build-ubuntu.yml | 130 +++++++++++++++++++++++++++++ .github/workflows/lint.yml | 22 +++++ .gitignore | 1 + README.md | 91 +++++++++----------- linux/alpine/act/base/Dockerfile | 65 +++++++++++++++ linux/alpine/act/go/Dockerfile | 21 +++++ linux/alpine/act/runner/Dockerfile | 38 +++++++++ linux/alpine/act/rust/Dockerfile | 21 +++++ linux/ubuntu/act/Dockerfile | 53 ++++-------- linux/ubuntu/runner/Dockerfile | 116 +++++-------------------- 14 files changed, 606 insertions(+), 280 deletions(-) create mode 100644 .github/linters/.dockerfilelintrc create mode 100644 .github/linters/.hadolint.yml create mode 100644 .github/workflows/build-alpine.yml delete mode 100644 .github/workflows/build-images.yml create mode 100644 .github/workflows/build-ubuntu.yml create mode 100644 .github/workflows/lint.yml create mode 100644 .gitignore create mode 100644 linux/alpine/act/base/Dockerfile create mode 100644 linux/alpine/act/go/Dockerfile create mode 100644 linux/alpine/act/runner/Dockerfile create mode 100644 linux/alpine/act/rust/Dockerfile diff --git a/.github/linters/.dockerfilelintrc b/.github/linters/.dockerfilelintrc new file mode 100644 index 0000000..f16dd52 --- /dev/null +++ b/.github/linters/.dockerfilelintrc @@ -0,0 +1,104 @@ +--- +########################### +########################### +## Dockerfile Lint rules ## +########################### +########################### + +################################# +# Default is 'on' for all rules # +# You can disable as needed. # +################################# +# Additional Info can be found at: +# https://github.com/replicatedhq/dockerfilelint + +# Set the rules +rules: + # All commands in a Dockerfile require at least 1 argument + required_params: on + + # For clarity and readability, all instructions in + # a Dockerfile should be uppercase + uppercase_commands: on + + # The first instruction in a Dockerfile must specify + # the base image using a FROM + from_first: on + + # This line is not a valid Dockerfile line + invalid_line: on + + # Use of sudo is not allowed in a Dockerfile + sudo_usage: off + + # Consider using a `--no-install-recommends` when `apt-get` + # installing packages + apt-get_missing_param: on + + # Consider using a `--no-install-recommends` when `apt-get` + # installing packages + apt-get_recommends: on + + # Use of `apt-get upgrade` is not allowed in a Dockerfile + apt-get-upgrade: on + + # Use of `apt-get dist-upgrade` is not allowed in a Dockerfile + apt-get-dist-upgrade: on + + # All instances of `apt-get update` should have the `apt-get install` + # commands on the same line to reduce image size + apt-get-update_require_install: on + + # Consider using a `--no-cache` (supported in alpine linux >= 3.3) or + # `--update` followed by the command `rm -rf /var/cache/apk/*` + # when `apk` adding packages. This will result in a smaller image size + apkadd-missing_nocache_or_updaterm: on + + # Consider using a `--virtual` or `-t` switch to group multiple packages + # for easy cleanup. This will help ensure future authors will continue + # to clean up build dependencies and other temporary packages + apkadd-missing-virtual: off + + # Exposing ports should only be valid port numbers + invalid_port: on + + # Only valid commands are allowed in a Dockerfile + invalid_command: on + + # Expose Only Container Port + expose_host_port: on + + # Using LABEL should be in key=value format + label_invalid: on + + # Base images should specify a tag to use + missing_tag: on + + # Base images should not use the latest tag + latest_tag: on + + # This command has extra arguments and will be ignored + extra_args: on + + # This command requires additional arguments + missing_args: on + + # All files referenced in an ADD command should + # be part of the Docker build context + add_src_invalid: on + + # When adding multiple files, the destination should be a directory + add_dest_invalid: on + + # Using a WORKDIR parameter that has spaces should be escaped + invalid_workdir: on + + # The arguments to this command are invalid + invalid_format: on + + # Use of apt-get update should be paired with + # rm -rf /var/lib/apt/lists/* in the same layer + apt-get_missing_rm: on + + # This INSTRUCTION is deprecated as of Docker 1.13 + deprecated_in_1.13: on diff --git a/.github/linters/.hadolint.yml b/.github/linters/.hadolint.yml new file mode 100644 index 0000000..afd3ddf --- /dev/null +++ b/.github/linters/.hadolint.yml @@ -0,0 +1,12 @@ +ignored: + - SC2086 + - SC2059 + - DL3004 + - DL3002 + - DL3008 + - DL3018 + - DL3003 +trustedRegistries: + - docker.io + - ghcr.io + - quay.io diff --git a/.github/workflows/build-alpine.yml b/.github/workflows/build-alpine.yml new file mode 100644 index 0000000..802a57f --- /dev/null +++ b/.github/workflows/build-alpine.yml @@ -0,0 +1,112 @@ +name: Build alpine images + +on: + schedule: + - cron: 0 12 */7 * * + push: + paths: + - '.github/workflows/build-alpine.yml' + - 'linux/alpine/act/**' + pull_request: + paths: + - '.github/workflows/build-alpine.yml' + - 'linux/alpine/act/**' + workflow_dispatch: + +jobs: + build: + name: Build + runs-on: ubuntu-latest + if: ${{ ( github.actor == github.repository_owner && github.event_name != 'pull_request' ) || ( github.actor != github.repository_owner ) }} + steps: + - name: Login to GitHub Container Registry + id: ghcr + if: ${{ github.actor == github.repository_owner }} + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Login to Quay + id: quay + if: ${{ github.actor == github.repository_owner }} + uses: docker/login-action@v1 + with: + registry: quay.io + username: ${{ secrets.QUAY_USER }} + password: ${{ secrets.QUAY_TOKEN }} + + - name: Login to Docker Hub + id: dckr + if: ${{ github.actor == github.repository_owner }} + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_USER }} + password: ${{ secrets.DOCKER_TOKEN }} + + - name: Print date in UTC format + id: print-date + run: echo "::set-output name=date::$(date +%Y%m%d)" + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - uses: actions/checkout@v2 + + - name: Build and push ${{ github.repository_owner }}/alpine:act-${{ steps.print-date.outputs.date }} + id: act + uses: docker/build-push-action@v2 + env: + GHCR_TAG: ghcr.io/${{ github.repository_owner }}/alpine:act + QUAY_TAG: quay.io/${{ github.repository_owner }}/alpine:act + DCKR_TAG: docker.io/${{ github.repository_owner }}/alpine:act + with: + context: . + push: ${{ github.event_name != 'pull_request' && github.event_name != 'push' }} + file: ./linux/alpine/act/base/Dockerfile + platforms: linux/amd64,linux/arm64,linux/arm/v7 + tags: | + ${{ env.GHCR_TAG }} + ${{ env.GHCR_TAG }}-${{ steps.print-date.outputs.date }} + ${{ env.QUAY_TAG }} + ${{ env.QUAY_TAG }}-${{ steps.print-date.outputs.date }} + ${{ env.DCKR_TAG }} + ${{ env.DCKR_TAG }}-${{ steps.print-date.outputs.date }} + build-args: | + BASEIMAGE=node + TAG=lts-alpine3.13 + DISTRIB_RELEASE=${{ steps.release.outputs.RELEASE }} + BUILD_TAG_VERSION=${{ steps.print-date.outputs.date }} + BUILD_TAG=act + BUILD_REF=${{ github.sha }} + + - name: Build and push ${{ github.repository_owner }}/alpine:runner-${{ steps.print-date.outputs.date }} + id: runner + uses: docker/build-push-action@v2 + if: ${{ github.event_name != 'pull_request' && github.event_name != 'push' }} + env: + GHCR_TAG: ghcr.io/${{ github.repository_owner }}/alpine:runner + QUAY_TAG: quay.io/${{ github.repository_owner }}/alpine:runner + DCKR_TAG: docker.io/${{ github.repository_owner }}/alpine:runner + with: + context: . + push: ${{ github.event_name != 'pull_request' && github.event_name != 'push' }} + file: ./linux/alpine/act/runner/Dockerfile + platforms: linux/amd64,linux/arm64,linux/arm/v7 + tags: | + ${{ env.GHCR_TAG }} + ${{ env.GHCR_TAG }}-${{ steps.print-date.outputs.date }} + ${{ env.QUAY_TAG }} + ${{ env.QUAY_TAG }}-${{ steps.print-date.outputs.date }} + ${{ env.DCKR_TAG }} + ${{ env.DCKR_TAG }}-${{ steps.print-date.outputs.date }} + build-args: | + BASEIMAGE=catthehacker/alpine + TAG=act-${{ steps.print-date.outputs.date }} + BUILD_TAG_VERSION=${{ steps.print-date.outputs.date }} + BUILD_TAG=runner + BUILD_REF=${{ github.sha }} diff --git a/.github/workflows/build-images.yml b/.github/workflows/build-images.yml deleted file mode 100644 index ebdd154..0000000 --- a/.github/workflows/build-images.yml +++ /dev/null @@ -1,100 +0,0 @@ -name: Build Docker image - -on: - schedule: - - cron: 0 12 */7 * * - push: - paths: - - '.github/workflows/build-images.yml' - - 'linux/**' - pull_request: - paths: - - '.github/workflows/build-images.yml' - - 'linux/**' - workflow_dispatch: - -env: - NODE: '12' - -jobs: - build: - name: Build - runs-on: ubuntu-20.04 - if: ${{ github.actor == github.repository_owner && github.event_name != 'pull_request' }} - strategy: - fail-fast: true - max-parallel: 4 - matrix: - DISTRIB_ID: [ubuntu] - DISTRIB_RELEASE: [latest, 20.04, 18.04, 16.04] - IMAGE_TYPE: [act, runner] - steps: - - name: Login to GitHub Container Registry - id: ghcr - if: ${{ github.actor == github.repository_owner }} - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Login to Quay - id: quay - if: ${{ github.actor == github.repository_owner }} - uses: docker/login-action@v1 - with: - registry: quay.io - username: ${{ secrets.QUAY_USER }} - password: ${{ secrets.QUAY_TOKEN }} - - - name: Login to Docker Hub - id: dckr - if: ${{ github.actor == github.repository_owner }} - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_USER }} - password: ${{ secrets.DOCKER_TOKEN }} - - - name: Print date in UTC format - id: print-date - run: echo "::set-output name=date::$(date +%Y%m%d)" - - - name: Set Ubuntu version to RELEASE - id: release - run: | - if [ "latest" = "${{ matrix.DISTRIB_RELEASE }}" ]; then - echo "::set-output name=RELEASE::20.04" - else - echo "::set-output name=RELEASE::${{ matrix.DISTRIB_RELEASE }}" - fi - - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - uses: actions/checkout@v2 - - - name: Build and push ${{ github.repository_owner }}/${{ matrix.DISTRIB_ID }}:${{ matrix.IMAGE_TYPE }}-${{ matrix.DISTRIB_RELEASE }}-${{ steps.print-date.outputs.date }} - id: docker_build - uses: docker/build-push-action@v2 - with: - context: . - push: ${{ github.event_name != 'pull_request' && github.event_name != 'push' }} - file: ./linux/${{ matrix.DISTRIB_ID }}/${{ matrix.IMAGE_TYPE }}/Dockerfile - platforms: linux/amd64,linux/arm64 - tags: | - ghcr.io/${{ github.repository_owner }}/${{ matrix.DISTRIB_ID }}:${{ matrix.IMAGE_TYPE }}-${{ matrix.DISTRIB_RELEASE }} - ghcr.io/${{ github.repository_owner }}/${{ matrix.DISTRIB_ID }}:${{ matrix.IMAGE_TYPE }}-${{ matrix.DISTRIB_RELEASE }}-${{ steps.print-date.outputs.date }} - quay.io/${{ github.repository_owner }}/${{ matrix.DISTRIB_ID }}:${{ matrix.IMAGE_TYPE }}-${{ matrix.DISTRIB_RELEASE }} - quay.io/${{ github.repository_owner }}/${{ matrix.DISTRIB_ID }}:${{ matrix.IMAGE_TYPE }}-${{ matrix.DISTRIB_RELEASE }}-${{ steps.print-date.outputs.date }} - docker.io/${{ github.repository_owner }}/${{ matrix.DISTRIB_ID }}:${{ matrix.IMAGE_TYPE }}-${{ matrix.DISTRIB_RELEASE }} - docker.io/${{ github.repository_owner }}/${{ matrix.DISTRIB_ID }}:${{ matrix.IMAGE_TYPE }}-${{ matrix.DISTRIB_RELEASE }}-${{ steps.print-date.outputs.date }} - build-args: | - DISTRIB_ID=${{ matrix.DISTRIB_ID }} - DISTRIB_RELEASE=${{ steps.release.outputs.RELEASE }} - NODE_VERSION=${{ env.NODE }} - BUILD_TAG_VERSION=${{ steps.print-date.outputs.date }} - BUILD_TAG=${{ matrix.IMAGE_TYPE }} - BUILD_REF=${{ github.sha }} diff --git a/.github/workflows/build-ubuntu.yml b/.github/workflows/build-ubuntu.yml new file mode 100644 index 0000000..f041db2 --- /dev/null +++ b/.github/workflows/build-ubuntu.yml @@ -0,0 +1,130 @@ +name: Build ubuntu images + +on: + schedule: + - cron: 0 12 */7 * * + push: + paths: + - '.github/workflows/build-ubuntu.yml' + - 'linux/ubuntu/**' + pull_request: + paths: + - '.github/workflows/build-ubuntu.yml' + - 'linux/ubuntu/**' + workflow_dispatch: + +env: + NODE: '12' + +jobs: + build: + name: Build + runs-on: ubuntu-latest + if: ${{ github.actor == github.repository_owner && github.event_name != 'pull_request' }} + strategy: + fail-fast: true + max-parallel: 4 + matrix: + BASEIMAGE: [ubuntu] + TAG: [latest, 20.04, 18.04, 16.04] + IMAGE_TYPE: [act] + steps: + - name: Login to GitHub Container Registry + id: ghcr + if: ${{ github.actor == github.repository_owner }} + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Login to Quay + id: quay + if: ${{ github.actor == github.repository_owner }} + uses: docker/login-action@v1 + with: + registry: quay.io + username: ${{ secrets.QUAY_USER }} + password: ${{ secrets.QUAY_TOKEN }} + + - name: Login to Docker Hub + id: dckr + if: ${{ github.actor == github.repository_owner }} + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_USER }} + password: ${{ secrets.DOCKER_TOKEN }} + + - name: Print date in UTC format + id: print-date + run: echo "::set-output name=date::$(date +%Y%m%d)" + + - name: Set Ubuntu version to RELEASE + id: release + run: | + if [ "latest" = "${{ matrix.TAG }}" ]; then + echo "::set-output name=RELEASE::$(lsb_release -rs)" + else + echo "::set-output name=RELEASE::${{ matrix.TAG }}" + fi + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - uses: actions/checkout@v2 + + - name: Build and push ${{ github.repository_owner }}/${{ matrix.BASEIMAGE }}:act-${{ matrix.TAG }}-${{ steps.print-date.outputs.date }} + id: act + uses: docker/build-push-action@v2 + env: + GHCR_TAG: ghcr.io/${{ github.repository_owner }}/${{ matrix.BASEIMAGE }}:act-${{ matrix.TAG }} + QUAY_TAG: quay.io/${{ github.repository_owner }}/${{ matrix.BASEIMAGE }}:act-${{ matrix.TAG }} + DCKR_TAG: docker.io/${{ github.repository_owner }}/${{ matrix.BASEIMAGE }}:act-${{ matrix.TAG }} + with: + context: . + push: ${{ github.event_name != 'pull_request' && github.event_name != 'push' }} + file: ./linux/${{ matrix.BASEIMAGE }}/act/Dockerfile + platforms: linux/amd64,linux/arm64 + tags: | + ${{ env.GHCR_TAG }} + ${{ env.GHCR_TAG }}-${{ steps.print-date.outputs.date }} + ${{ env.QUAY_TAG }} + ${{ env.QUAY_TAG }}-${{ steps.print-date.outputs.date }} + ${{ env.DCKR_TAG }} + ${{ env.DCKR_TAG }}-${{ steps.print-date.outputs.date }} + build-args: | + BASEIMAGE=buildpack-deps + TAG=${{ steps.release.outputs.RELEASE }} + NODE_VERSION=${{ env.NODE }} + BUILD_TAG_VERSION=${{ steps.print-date.outputs.date }} + BUILD_TAG=act + BUILD_REF=${{ github.sha }} + + - name: Build and push ${{ github.repository_owner }}/${{ matrix.BASEIMAGE }}:runner-${{ matrix.TAG }}-${{ steps.print-date.outputs.date }} + id: runner + uses: docker/build-push-action@v2 + env: + GHCR_TAG: ghcr.io/${{ github.repository_owner }}/${{ matrix.BASEIMAGE }}:runner-${{ matrix.TAG }} + QUAY_TAG: quay.io/${{ github.repository_owner }}/${{ matrix.BASEIMAGE }}:runner-${{ matrix.TAG }} + DCKR_TAG: docker.io/${{ github.repository_owner }}/${{ matrix.BASEIMAGE }}:runner-${{ matrix.TAG }} + with: + context: . + push: ${{ github.event_name != 'pull_request' && github.event_name != 'push' }} + file: ./linux/${{ matrix.BASEIMAGE }}/runner/Dockerfile + platforms: linux/amd64,linux/arm64 + tags: | + ${{ env.GHCR_TAG }} + ${{ env.GHCR_TAG }}-${{ steps.print-date.outputs.date }} + ${{ env.QUAY_TAG }} + ${{ env.QUAY_TAG }}-${{ steps.print-date.outputs.date }} + ${{ env.DCKR_TAG }} + ${{ env.DCKR_TAG }}-${{ steps.print-date.outputs.date }} + build-args: | + BASEIMAGE=catthehacker/ubuntu + TAG=act-${{ matrix.TAG }} + BUILD_TAG_VERSION=${{ steps.print-date.outputs.date }} + BUILD_TAG=${{ matrix.IMAGE_TYPE }} + BUILD_REF=${{ github.sha }} diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..9a3f5b2 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,22 @@ +name: Lint Code Base + +on: + push: + pull_request: + workflow_dispatch: + +jobs: + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Lint + uses: github/super-linter@v3 + env: + VALIDATE_ALL_CODEBASE: ${{ github.event_name != 'pull_request' }} + DEFAULT_BRANCH: master + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..0458d9d --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +build.ps1 diff --git a/README.md b/README.md index 2e6be22..959f681 100644 --- a/README.md +++ b/README.md @@ -1,52 +1,39 @@ -# Docker images - -[![Build Docker image](https://github.com/CatTheHacker/docker-images/workflows/Build%20Docker%20image/badge.svg)](https://github.com/CatTheHacker/docker-images/actions?query=workflow%3A%22Build+Docker+image%22) - -## When updates will be applied to images - -- A package that will be required for action(s) to work properly might be added/removed/changed -- Any maintainance that will be required due to: - - Docker Hub - - Quay - - GitHub Container Registry - - GitHub Actions - - Act -- Performance and/or disk space improvements - -## Images available - -- [virtual-environments](github.com/catthehacker/virtual-environments) - GitHub Actions runner image containing all possible tools (image is extremely big, 20GB compressed, ~60GB extracted) - - `quay.io/catthehacker/virtual-environments:ubuntu-20.04` - this image is updated manually due to amount of changes in [github.com/actions/virtual-environments](github.com/actions/virtual-environments) - - more to come... -- `\linux\ubuntu\runner\Dockerfile` - used as base image for [github.com/catthehacker/act](https://github.com/catthehacker/act) - - ghcr.io (GitHub Container Registry) - - `ghcr.io/catthehacker/ubuntu:runner-16.04` - - `ghcr.io/catthehacker/ubuntu:runner-18.04` - - `ghcr.io/catthehacker/ubuntu:runner-20.04` - - `ghcr.io/catthehacker/ubuntu:runner-latest` - - quay.io (RedHat Container Registry) - - `quay.io/catthehacker/ubuntu:runner-16.04` - - `quay.io/catthehacker/ubuntu:runner-18.04` - - `quay.io/catthehacker/ubuntu:runner-20.04` - - `quay.io/catthehacker/ubuntu:runner-latest` - - docker.io (DockerHub) - - `catthehacker/ubuntu:runner-16.04` - - `catthehacker/ubuntu:runner-18.04` - - `catthehacker/ubuntu:runner-20.04` - - `catthehacker/ubuntu:runner-latest` -- `\linux\ubuntu\act\Dockerfile` - image used in [github.com/nektos/act](https://github.com/nektos/act) as medium size image retaining compatibility with most actions while maintaining small size - - ghcr.io (GitHub Container Registry) - - `ghcr.io/catthehacker/ubuntu:act-16.04` - - `ghcr.io/catthehacker/ubuntu:act-18.04` - - `ghcr.io/catthehacker/ubuntu:act-20.04` - - `ghcr.io/catthehacker/ubuntu:act-latest` - - quay.io (RedHat Container Registry) - - `quay.io/catthehacker/ubuntu:act-16.04` - - `quay.io/catthehacker/ubuntu:act-18.04` - - `quay.io/catthehacker/ubuntu:act-20.04` - - `quay.io/catthehacker/ubuntu:act-latest` - - docker.io (DockerHub) - - `catthehacker/ubuntu:act-16.04` - - `catthehacker/ubuntu:act-18.04` - - `catthehacker/ubuntu:act-20.04` - - `catthehacker/ubuntu:act-latest` +# Docker images + +[![Build Docker image](https://github.com/CatTheHacker/docker-images/workflows/Build%20Docker%20image/badge.svg)](https://github.com/CatTheHacker/docker-images/actions?query=workflow%3A%22Build+Docker+image%22) +[![GitHub Super-Linter](https://github.com/catthehacker/docker_images/workflows/Lint%20Code%20Base/badge.svg)](https://github.com/marketplace/actions/super-linter) + +## When updates will be applied to images + +- A package that will be required for action(s) to work properly might be added/removed/changed +- Any maintainance that will be required due to: + - Docker Hub + - Quay + - GitHub Container Registry + - GitHub Actions + - Act +- Performance and/or disk space improvements + +## Images available + +- [virtual-environments][catthehacker/runner-image] - GitHub Actions runner image containing all possible tools (image is extremely big, 20GB compressed, ~60GB extracted) + - `catthehacker/ubuntu:full-20.04` - this image is updated manually due to amount of changes in [actions/virtual-environments][actions/virtual-environments] + - more to come... +- [`/linux/ubuntu/runner/`](./linux/ubuntu/runner/) - `catthehacker/ubuntu:act-*` but with `runner` as user instead of `root` + - docker.io (DockerHub) + - `catthehacker/ubuntu:runner-16.04` + - `catthehacker/ubuntu:runner-18.04` + - `catthehacker/ubuntu:runner-20.04` + - `catthehacker/ubuntu:runner-latest` +- [`/linux/ubuntu/act/`](./linux/ubuntu/act/) - image used in [github.com/nektos/act](https://github.com/nektos/act) as medium size image retaining compatibility with most actions while maintaining small size + - docker.io (DockerHub) + - `catthehacker/ubuntu:act-16.04` + - `catthehacker/ubuntu:act-18.04` + - `catthehacker/ubuntu:act-20.04` + - `catthehacker/ubuntu:act-latest` +- [`/linux/alpine/act/`](./linux/alpine/act/) - Alpine base image for `act` + - docker.io (DockerHub) + - `catthehacker/alpine:act` + +[actions/virtual-environments]: https://github.com/actions/virtual-environments +[catthehacker/runner-image]: https://github.com/catthehacker/runner-image diff --git a/linux/alpine/act/base/Dockerfile b/linux/alpine/act/base/Dockerfile new file mode 100644 index 0000000..b118282 --- /dev/null +++ b/linux/alpine/act/base/Dockerfile @@ -0,0 +1,65 @@ +ARG BASEIMAGE=node +ARG TAG=lts-alpine3.13 +FROM ${BASEIMAGE}:${TAG} + +ARG TARGETARCH +ARG TARGETVARIANT + +# > ARGs before FROM are not accessible +ARG BASEIMAGE=alpine +ARG TAG=3.13 +ARG AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache +ARG IMAGE_TYPE=act +ENV ImageOS=alpine + + +SHELL [ "/bin/ash", "-o", "pipefail", "-l", "-c" ] + +# > setup environment required for GitHub Actions, install dependencies/packages +RUN set -euxo pipefail \ + && printf "Build started\nAdding environment variables\n\n" \ + && echo "USER=$(whoami)" | tee -a /etc/environment \ + && echo "RUNNER_USER=$(whoami)" | tee -a /etc/environment \ + && echo "IMAGE_OS=${ImageOS}" | tee -a /etc/environment \ + && echo "ImageOS=${ImageOS}" | tee -a /etc/environment \ + #&& echo "LSB_RELEASE=${DISTRIB_RELEASE}" | tee -a /etc/environment \ + && echo "AGENT_TOOLSDIRECTORY=${AGENT_TOOLSDIRECTORY}" | tee -a /etc/environment \ + && echo "RUN_TOOL_CACHE=${AGENT_TOOLSDIRECTORY}" | tee -a /etc/environment \ + && echo "DEPLOYMENT_BASEPATH=/opt/runner" | tee -a /etc/environment \ + && echo ". /etc/environment" | tee -a /etc/profile \ + && printf "Creating tool cache directory and '/github'\n\n" \ + && mkdir -p ${AGENT_TOOLSDIRECTORY} \ + && chown 1000:1000 ${AGENT_TOOLSDIRECTORY} \ + && chmod 0777 ${AGENT_TOOLSDIRECTORY} \ + && mkdir -p /github \ + && chown 1000:1000 /github \ + && chmod 0777 /github \ + && printf "Installing packages\n\n" \ + && apk --no-cache add openssh-client gawk jq curl git wget sudo gnupg ca-certificates yaml zstd zip unzip xz icu build-base python3 \ + && printf "Creating ~/.ssh and adding 'github.com'\n\n" \ + && mkdir -p ~/.ssh \ + && chmod 700 ~/.ssh \ + && ssh-keyscan github.com | tee ~/.ssh/known_hosts \ + && printf "Installed base utils\nInstalling docker\n" \ + && apk --no-cache add docker-cli \ + && printf "Cleaning image\n" \ + && apk clean cache \ + && rm -rf /var/cache/* /var/log/* /tmp/* || echo 'Failed to delete directories' \ + && printf "Cleaned up image\n" + +ARG BUILD_TAG_VERSION="master" +ARG BUILD_TAG=${IMAGE_TYPE} +ARG BUILD_REF="master" + +LABEL org.opencontainers.image.vendor="catthehacker" +LABEL org.opencontainers.image.authors="me@hackerc.at" +LABEL org.opencontainers.image.url="https://github.com/catthehacker/docker_images/tree/${BUILD_REF}/linux/${ImageOS}/${BUILD_TAG}/" +LABEL org.opencontainers.image.source="https://github.com/catthehacker/docker_images.git" +LABEL org.opencontainers.image.version=${BUILD_TAG_VERSION} +LABEL org.opencontainers.image.title=${BUILD_TAG}-${TARGETARCH}-${TARGETVARIANT} +LABEL org.opencontainers.image.revision=${BUILD_REF} + +SHELL [ "/bin/ash", "-l", "-c" ] + +# > Force bash with environment +ENTRYPOINT [ "/bin/ash", "-l", "-c" ] diff --git a/linux/alpine/act/go/Dockerfile b/linux/alpine/act/go/Dockerfile new file mode 100644 index 0000000..281e364 --- /dev/null +++ b/linux/alpine/act/go/Dockerfile @@ -0,0 +1,21 @@ +ARG BASEIMAGE=catthehacker/alpine +ARG TAG=act +FROM ${BASEIMAGE}:${TAG} + +SHELL [ "/bin/ash", "-o", "pipefail", "-l", "-c" ] + +RUN set -Eeuxo pipefail \ + && printf "Installing Go(lang)\n" \ + && sudo apk add --no-cache go + +ARG BUILD_TAG_VERSION="master" +ARG BUILD_TAG="go" +ARG BUILD_REF="master" + +LABEL org.opencontainers.image.vendor="catthehacker" +LABEL org.opencontainers.image.authors="me@hackerc.at" +LABEL org.opencontainers.image.url="https://github.com/catthehacker/docker_images/tree/${BUILD_REF}/linux/${ImageOS}/${BUILD_TAG}/" +LABEL org.opencontainers.image.source="https://github.com/catthehacker/docker_images.git" +LABEL org.opencontainers.image.version=${BUILD_TAG_VERSION} +LABEL org.opencontainers.image.title=${BUILD_TAG}-${TARGETARCH}-${TARGETVARIANT} +LABEL org.opencontainers.image.revision=${BUILD_REF} diff --git a/linux/alpine/act/runner/Dockerfile b/linux/alpine/act/runner/Dockerfile new file mode 100644 index 0000000..9211a19 --- /dev/null +++ b/linux/alpine/act/runner/Dockerfile @@ -0,0 +1,38 @@ +ARG BASEIMAGE=catthehacker/alpine +ARG TAG=act +FROM ${BASEIMAGE}:${TAG} + +SHELL [ "/bin/ash", "-o", "pipefail", "-l", "-c" ] + +# > Create non-root user +RUN set -Eeuxo pipefail \ + && printf "Creating non-root user\n" \ + && addgroup -S ${RUNNER_USER} -g 1000 && adduser -S ${RUNNER_USER} -u 1000 -G ${RUNNER_USER} -s /usr/bin/fish \ + && sed -i /etc/sudoers -re 's/^%sudo.*/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/g' \ + && sed -i /etc/sudoers -re 's/^root.*/root ALL=(ALL:ALL) NOPASSWD: ALL/g' \ + && sed -i /etc/sudoers -re 's/^#includedir.*/## **Removed the include directive** ##"/g' \ + && echo "${RUNNER_USER} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \ + && printf "Runner user: $(su - ${RUNNER_USER} -c id)\n" \ + && printf "Created non-root user $(grep ${RUNNER_USER} /etc/passwd)\n" \ + && echo "USER=${RUNNER_USER}" | tee -a /etc/environment \ + && echo "RUNNER_USER=${RUNNER_USER}" | tee -a /etc/environment \ + && echo "RUNNER_TEMP=/home/${RUNNER_USER}/work/_temp" | tee -a /etc/environment \ + && mkdir -p "/home/${RUNNER_USER}/work/_temp" \ + && chown -R ${RUNNER_USER}:${RUNNER_USER} "/home/${RUNNER_USER}/work" \ + && mkdir -p "/home/${RUNNER_USER}/.ssh" \ + && chmod 700 "/home/${RUNNER_USER}/.ssh" \ + && ssh-keyscan github.com | tee "/home/${RUNNER_USER}/.ssh/known_hosts" \ + && chmod 644 "/home/${RUNNER_USER}/.ssh/known_hosts" \ + && chown -R ${RUNNER_USER}:${RUNNER_USER} "/home/${RUNNER_USER}/.ssh" + +ARG BUILD_TAG_VERSION="master" +ARG BUILD_TAG="runner" +ARG BUILD_REF="master" + +LABEL org.opencontainers.image.vendor="catthehacker" +LABEL org.opencontainers.image.authors="me@hackerc.at" +LABEL org.opencontainers.image.url="https://github.com/catthehacker/docker_images/tree/${BUILD_REF}/linux/${ImageOS}/${BUILD_TAG}/" +LABEL org.opencontainers.image.source="https://github.com/catthehacker/docker_images.git" +LABEL org.opencontainers.image.version=${BUILD_TAG_VERSION} +LABEL org.opencontainers.image.title=${BUILD_TAG}-${TARGETARCH}-${TARGETVARIANT} +LABEL org.opencontainers.image.revision=${BUILD_REF} diff --git a/linux/alpine/act/rust/Dockerfile b/linux/alpine/act/rust/Dockerfile new file mode 100644 index 0000000..5b362cd --- /dev/null +++ b/linux/alpine/act/rust/Dockerfile @@ -0,0 +1,21 @@ +ARG BASEIMAGE=catthehacker/alpine +ARG TAG=act +FROM ${BASEIMAGE}:${TAG} + +SHELL [ "/bin/ash", "-o", "pipefail", "-l", "-c" ] + +RUN set -Eeuxo pipefail \ + && printf "Installing Rust\n" \ + && curl https://sh.rustup.rs -sSf | sh -s -- -y + +ARG BUILD_TAG_VERSION="master" +ARG BUILD_TAG="rust" +ARG BUILD_REF="master" + +LABEL org.opencontainers.image.vendor="catthehacker" +LABEL org.opencontainers.image.authors="me@hackerc.at" +LABEL org.opencontainers.image.url="https://github.com/catthehacker/docker_images/tree/${BUILD_REF}/linux/${ImageOS}/${BUILD_TAG}/" +LABEL org.opencontainers.image.source="https://github.com/catthehacker/docker_images.git" +LABEL org.opencontainers.image.version=${BUILD_TAG_VERSION} +LABEL org.opencontainers.image.title=${BUILD_TAG}-${TARGETARCH}-${TARGETVARIANT} +LABEL org.opencontainers.image.revision=${BUILD_REF} diff --git a/linux/ubuntu/act/Dockerfile b/linux/ubuntu/act/Dockerfile index 6736671..785f5e8 100644 --- a/linux/ubuntu/act/Dockerfile +++ b/linux/ubuntu/act/Dockerfile @@ -1,10 +1,10 @@ -ARG DISTRIB_ID=ubuntu -ARG DISTRIB_RELEASE=20.04 -FROM ${DISTRIB_ID}:${DISTRIB_RELEASE} +ARG BASEIMAGE=buildpack-deps +ARG TAG=20.04 +FROM ${BASEIMAGE}:${TAG} # > ARGs before FROM are not accessible -ARG DISTRIB_ID=ubuntu -ARG DISTRIB_RELEASE=20.04 +ARG BASEIMAGE=buildpack-deps +ARG TAG=20.04 # > Node version ARG NODE_VERSION=12 @@ -12,17 +12,17 @@ ARG NODE_VERSION=12 # > Force apt to not be interactive/not ask ARG DEBIAN_FRONTEND=noninteractive -SHELL [ "/bin/bash", "-c" ] +SHELL [ "/bin/bash", "--login", "-o", "pipefail", "-c" ] # > setup environment required for GitHub Actions RUN set -Eeuxo pipefail \ && printf "Build started\n" \ && echo "USER=$(whoami)" | tee -a /etc/environment \ && echo "RUNNER_USER=$(whoami)" | tee -a /etc/environment \ - && ImageOS=${DISTRIB_ID}$(echo ${DISTRIB_RELEASE} | cut -d'.' -f 1) \ + && ImageOS=ubuntu$(echo ${TAG} | cut -d'.' -f 1) \ && echo "IMAGE_OS=$ImageOS" | tee -a /etc/environment \ && echo "ImageOS=$ImageOS" | tee -a /etc/environment \ - && echo "LSB_RELEASE=${DISTRIB_RELEASE}" | tee -a /etc/environment \ + && echo "LSB_RELEASE=${TAG}" | tee -a /etc/environment \ && AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache \ && echo "AGENT_TOOLSDIRECTORY=$AGENT_TOOLSDIRECTORY" | tee -a /etc/environment \ && echo "RUN_TOOL_CACHE=$AGENT_TOOLSDIRECTORY" | tee -a /etc/environment \ @@ -33,44 +33,32 @@ RUN set -Eeuxo pipefail \ && chmod 0777 $AGENT_TOOLSDIRECTORY \ && mkdir -p /github \ && chown 1000:1000 /github \ - && chmod 0777 /github - -# > Install deps -RUN set -Eeuxo pipefail \ - && apt -yq update \ + && chmod 0777 /github \ + && printf "Installing packages\n\n" \ + && apt-get -yq update \ && printf "Updated apt lists and upgraded packages\n\n" \ - && apt -yq install --no-install-recommends ssh lsb-release gawk jq curl git wget sudo gnupg-agent ca-certificates software-properties-common apt-transport-https libyaml-0-2 zstd unzip xz-utils $(apt-cache search libicu | grep -E 'libicu[[:digit:]]+ -' | cut -d " " -f 1) \ + && apt-get -yq install --no-install-recommends ssh lsb-release gawk jq curl git wget sudo gnupg-agent ca-certificates software-properties-common apt-transport-https libyaml-0-2 zstd unzip xz-utils "$(apt-cache search libicu | grep -E 'libicu[[:digit:]]+ -' | cut -d \" \" -f 1)" \ + && printf "Creating ~/.ssh and adding 'github.com'\n\n" \ && mkdir -p ~/.ssh \ && chmod 700 ~/.ssh \ && ssh-keyscan github.com | tee ~/.ssh/known_hosts \ && printf "Installed base utils\nInstalling docker\n" \ && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - \ && add-apt-repository "deb https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \ - && apt -yq update \ - && apt -yq install docker-ce-cli \ - && printf "Cleaning image\n" \ - && apt-get clean \ - && rm -rf /var/cache/* \ - && rm -rf /var/log/* \ - && rm -rf /var/lib/apt/lists/* \ - && rm -rf /tmp/* \ - && printf "Cleaned up image\n" - -# > Install Node.JS -RUN set -Eeuxo pipefail \ + && apt-get -yq update \ + && apt-get -yq install --no-install-recommends docker-ce-cli \ && printf "Installing Node.JS\n" \ && curl -sSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ && DISTRO="$(lsb_release -s -c)" \ && echo "deb https://deb.nodesource.com/node_${NODE_VERSION}.x $DISTRO main" | tee /etc/apt/sources.list.d/nodesource.list \ && echo "deb-src https://deb.nodesource.com/node_${NODE_VERSION}.x $DISTRO main" | tee -a /etc/apt/sources.list.d/nodesource.list \ - && apt -yq update \ - && apt -yq install --no-install-recommends nodejs="${NODE_VERSION}*" \ + && apt-get -yq update \ + && apt-get -yq install --no-install-recommends nodejs="${NODE_VERSION}*" \ && printf "Installed Node.JS $(node -v)\n" \ && dpkg-query -f '${binary:Package}\n' -W \ && printf "Cleaning image\n" \ && apt-get clean \ - && rm -rf /var/lib/apt/lists/* \ - && rm -rf /tmp/* \ + && rm -rf /var/cache/* /var/log/* /var/lib/apt/lists/* /tmp/* || echo 'Failed to delete directories' \ && printf "Cleaned up image\n" ARG BUILD_TAG_VERSION="master" @@ -86,8 +74,3 @@ LABEL org.opencontainers.image.title=${BUILD_TAG} LABEL org.opencontainers.image.revision=${BUILD_REF} USER root - -SHELL [ "/bin/bash", "--login", "-c" ] - -# > Force bash with environment -ENTRYPOINT [ "/bin/bash", "--login", "-c" ] diff --git a/linux/ubuntu/runner/Dockerfile b/linux/ubuntu/runner/Dockerfile index 77df296..3040efb 100644 --- a/linux/ubuntu/runner/Dockerfile +++ b/linux/ubuntu/runner/Dockerfile @@ -1,99 +1,36 @@ -ARG DISTRIB_ID=ubuntu -ARG DISTRIB_RELEASE=20.04 -FROM ${DISTRIB_ID}:${DISTRIB_RELEASE} +ARG BASEIMAGE=catthehacker/ubuntu +ARG TAG=act-latest +FROM ${BASEIMAGE}:${TAG} # > ARGs before FROM are not accessible -ARG DISTRIB_ID=ubuntu -ARG DISTRIB_RELEASE=20.04 +ARG BASEIMAGE=catthehacker/ubuntu +ARG TAG=act-latest # > non-root user -ARG RUNNER_USER=runner +ARG RUNNER=runner -# > Node version -ARG NODE_VERSION=12 - -# > Force apt to not be interactive/not ask -ARG DEBIAN_FRONTEND=noninteractive - -SHELL [ "/bin/bash", "-c" ] - -# > setup environment required for GitHub Actions -RUN set -Eeuxo pipefail \ - && printf "Build started\n" \ - && ImageOS=${DISTRIB_ID}$(echo ${DISTRIB_RELEASE} | cut -d'.' -f 1) \ - && echo "IMAGE_OS=$ImageOS" | tee -a /etc/environment \ - && echo "ImageOS=$ImageOS" | tee -a /etc/environment \ - && echo "LSB_RELEASE=${DISTRIB_RELEASE}" | tee -a /etc/environment \ - && AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache \ - && echo "AGENT_TOOLSDIRECTORY=$AGENT_TOOLSDIRECTORY" | tee -a /etc/environment \ - && echo "RUN_TOOL_CACHE=$AGENT_TOOLSDIRECTORY" | tee -a /etc/environment \ - && echo "DEPLOYMENT_BASEPATH=/opt/runner" | tee -a /etc/environment \ - && echo ". /etc/environment" | tee -a /etc/profile \ - && mkdir -p $AGENT_TOOLSDIRECTORY \ - && chown 1000:1000 $AGENT_TOOLSDIRECTORY \ - && chmod 0777 $AGENT_TOOLSDIRECTORY \ - && mkdir -p /github \ - && chown 1000:1000 /github \ - && chmod 0777 /github \ - && echo "RUNNER_USER=${RUNNER_USER}" | tee -a /etc/environment \ - && echo "RUNNER_TEMP=/home/${RUNNER_USER}/work/_temp" | tee -a /etc/environment - -# > Install deps -RUN set -Eeuxo pipefail \ - && apt -yq update \ - && printf "Updated apt lists and upgraded packages\n\n" \ - && apt -yq install --no-install-recommends ssh lsb-release gawk jq curl git wget sudo gnupg-agent ca-certificates software-properties-common apt-transport-https libyaml-0-2 zstd unzip xz-utils $(apt-cache search libicu | grep -E 'libicu[[:digit:]]+ -' | cut -d " " -f 1) \ - && printf "Installed base utils\nInstalling docker\n" \ - && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - \ - && add-apt-repository "deb https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \ - && apt -yq update \ - && apt -yq install docker-ce-cli \ - && printf "Cleaning image\n" \ - && apt-get clean \ - && rm -rf /var/cache/* \ - && rm -rf /var/log/* \ - && rm -rf /var/lib/apt/lists/* \ - && rm -rf /tmp/* \ - && printf "Cleaned up image\n" - -# > Install Node.JS -RUN set -Eeuxo pipefail \ - && printf "Installing Node.JS\n" \ - && curl -sSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ - && DISTRO="$(lsb_release -s -c)" \ - && echo "deb https://deb.nodesource.com/node_${NODE_VERSION}.x $DISTRO main" | tee /etc/apt/sources.list.d/nodesource.list \ - && echo "deb-src https://deb.nodesource.com/node_${NODE_VERSION}.x $DISTRO main" | tee -a /etc/apt/sources.list.d/nodesource.list \ - && apt -yq update \ - && apt -yq install --no-install-recommends nodejs="${NODE_VERSION}*" \ - && printf "Installed Node.JS $(node -v)\n" \ - && dpkg-query -f '${binary:Package}\n' -W \ - && printf "Cleaning image\n" \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* \ - && rm -rf /tmp/* \ - && printf "Cleaned up image\n" +SHELL [ "/bin/bash", "--login", "-o", "pipefail", "-c" ] # > Create non-root user RUN set -Eeuxo pipefail \ && printf "Creating non-root user\n" \ - && groupadd -g 1000 ${RUNNER_USER} \ - && useradd -u 1000 -g ${RUNNER_USER} -G sudo -m -s /bin/bash ${RUNNER_USER} \ + && groupadd -g 1000 ${RUNNER} \ + && useradd -u 1000 -g ${RUNNER} -G sudo -m -s /bin/bash ${RUNNER} \ && sed -i /etc/sudoers -re 's/^%sudo.*/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/g' \ && sed -i /etc/sudoers -re 's/^root.*/root ALL=(ALL:ALL) NOPASSWD: ALL/g' \ && sed -i /etc/sudoers -re 's/^#includedir.*/## **Removed the include directive** ##"/g' \ - && echo "${RUNNER_USER} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \ - && printf "Runner user: $(su - ${RUNNER_USER} -c id)\n" \ - && printf "Created non-root user $(grep ${RUNNER_USER} /etc/passwd)\n" \ - && echo "USER=${RUNNER_USER}" | tee -a /etc/environment \ - && echo "RUNNER_USER=${RUNNER_USER}" | tee -a /etc/environment \ - && echo "RUNNER_TEMP=/home/${RUNNER_USER}/work/_temp" | tee -a /etc/environment \ - && mkdir -p "/home/${RUNNER_USER}/work/_temp" \ - && chown -R ${RUNNER_USER}:${RUNNER_USER} "/home/${RUNNER_USER}/work" \ - && mkdir -p "/home/${RUNNER_USER}/.ssh" \ - && chmod 700 "/home/${RUNNER_USER}/.ssh" \ - && ssh-keyscan github.com | tee "/home/${RUNNER_USER}/.ssh/known_hosts" \ - && chmod 644 "/home/${RUNNER_USER}/.ssh/known_hosts" \ - && chown -R ${RUNNER_USER}:${RUNNER_USER} "/home/${RUNNER_USER}/.ssh" + && echo "${RUNNER} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \ + && printf "Runner user: $(su - ${RUNNER} -c id)\n" \ + && printf "Created non-root user $(grep ${RUNNER} /etc/passwd)\n" \ + && sed -i /etc/environment -e "s/USER=root/USER=${RUNNER}/g" \ + && echo "RUNNER_TEMP=/home/${RUNNER}/work/_temp" | tee -a /etc/environment \ + && mkdir -p "/home/${RUNNER}/work/_temp" \ + && chown -R ${RUNNER}:${RUNNER} "/home/${RUNNER}/work" \ + && mkdir -p "/home/${RUNNER}/.ssh" \ + && chmod 700 "/home/${RUNNER}/.ssh" \ + && ssh-keyscan github.com | tee "/home/${RUNNER}/.ssh/known_hosts" \ + && chmod 644 "/home/${RUNNER}/.ssh/known_hosts" \ + && chown -R ${RUNNER}:${RUNNER} "/home/${RUNNER}/.ssh" ARG BUILD_TAG_VERSION="master" ARG BUILD_TAG="runner" @@ -101,19 +38,12 @@ ARG BUILD_REF="master" LABEL org.opencontainers.image.vendor="catthehacker" LABEL org.opencontainers.image.authors="me@hackerc.at" -LABEL org.opencontainers.image.url="https://github.com/catthehacker/docker_images" +LABEL org.opencontainers.image.url="https://github.com/catthehacker/docker_images/linux/${BASEIMAGE}/${IMAGE_TYPE}" LABEL org.opencontainers.image.source="https://github.com/catthehacker/docker_images.git" LABEL org.opencontainers.image.version=${BUILD_TAG_VERSION} LABEL org.opencontainers.image.title=${BUILD_TAG} LABEL org.opencontainers.image.revision=${BUILD_REF} - -# > Don't run as root, generally not good idea -USER ${RUNNER_USER}:${RUNNER_USER} +USER ${RUNNER} WORKDIR /home/runner - -SHELL [ "/bin/bash", "--login", "-c" ] - -# > Force bash with environment -ENTRYPOINT [ "/bin/bash", "--login", "-c" ]