ipng/gitea-debian-runner
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: image building

Browse Source 
refactor image building, add more variants
This commit is contained in:
hackercat
2021-04-21 10:07:46 +00:00
parent d0defb200a
commit 7818b929c6
14 changed files with 606 additions and 280 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/linters/.dockerfilelintrc
+104
View File
@@ -0,0 +1,104 @@
---
###########################
###########################
## Dockerfile Lint rules ##
###########################
###########################
#################################
# Default is 'on' for all rules #
# You can disable as needed. #
#################################
# Additional Info can be found at:
# https://github.com/replicatedhq/dockerfilelint
# Set the rules
rules:
# All commands in a Dockerfile require at least 1 argument
required_params: on
# For clarity and readability, all instructions in
# a Dockerfile should be uppercase
uppercase_commands: on
# The first instruction in a Dockerfile must specify
# the base image using a FROM
from_first: on
# This line is not a valid Dockerfile line
invalid_line: on
# Use of sudo is not allowed in a Dockerfile
sudo_usage: off
# Consider using a `--no-install-recommends` when `apt-get`
# installing packages
apt-get_missing_param: on
# Consider using a `--no-install-recommends` when `apt-get`
# installing packages
apt-get_recommends: on
# Use of `apt-get upgrade` is not allowed in a Dockerfile
apt-get-upgrade: on
# Use of `apt-get dist-upgrade` is not allowed in a Dockerfile
apt-get-dist-upgrade: on
# All instances of `apt-get update` should have the `apt-get install`
# commands on the same line to reduce image size
apt-get-update_require_install: on
# Consider using a `--no-cache` (supported in alpine linux >= 3.3) or
# `--update` followed by the command `rm -rf /var/cache/apk/*`
# when `apk` adding packages. This will result in a smaller image size
apkadd-missing_nocache_or_updaterm: on
# Consider using a `--virtual` or `-t` switch to group multiple packages
# for easy cleanup. This will help ensure future authors will continue
# to clean up build dependencies and other temporary packages
apkadd-missing-virtual: off
# Exposing ports should only be valid port numbers
invalid_port: on
# Only valid commands are allowed in a Dockerfile
invalid_command: on
# Expose Only Container Port
expose_host_port: on
# Using LABEL should be in key=value format
label_invalid: on
# Base images should specify a tag to use
missing_tag: on
# Base images should not use the latest tag
latest_tag: on
# This command has extra arguments and will be ignored
extra_args: on
# This command requires additional arguments
missing_args: on
# All files referenced in an ADD command should
# be part of the Docker build context
add_src_invalid: on
# When adding multiple files, the destination should be a directory
add_dest_invalid: on
# Using a WORKDIR parameter that has spaces should be escaped
invalid_workdir: on
# The arguments to this command are invalid
invalid_format: on
# Use of apt-get update should be paired with
# rm -rf /var/lib/apt/lists/* in the same layer
apt-get_missing_rm: on
# This INSTRUCTION is deprecated as of Docker 1.13
deprecated_in_1.13: on
.github/linters/.hadolint.yml
+12
View File
@@ -0,0 +1,12 @@
ignored:
- SC2086
- SC2059
- DL3004
- DL3002
- DL3008
- DL3018
- DL3003
trustedRegistries:
- docker.io
- ghcr.io
- quay.io
.github/workflows/build-alpine.yml
+112
View File
@@ -0,0 +1,112 @@
name: Build alpine images
on:
schedule:
- cron: 0 12 */7 * *
push:
paths:
- '.github/workflows/build-alpine.yml'
- 'linux/alpine/act/**'
pull_request:
paths:
- '.github/workflows/build-alpine.yml'
- 'linux/alpine/act/**'
workflow_dispatch:
jobs:
build:
name: Build
runs-on: ubuntu-latest
if: ${{ ( github.actor == github.repository_owner && github.event_name != 'pull_request' ) || ( github.actor != github.repository_owner ) }}
steps:
- name: Login to GitHub Container Registry
id: ghcr
if: ${{ github.actor == github.repository_owner }}
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Quay
id: quay
if: ${{ github.actor == github.repository_owner }}
uses: docker/login-action@v1
with:
registry: quay.io
username: ${{ secrets.QUAY_USER }}
password: ${{ secrets.QUAY_TOKEN }}
- name: Login to Docker Hub
id: dckr
if: ${{ github.actor == github.repository_owner }}
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Print date in UTC format
id: print-date
run: echo "::set-output name=date::$(date +%Y%m%d)"
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- uses: actions/checkout@v2
- name: Build and push ${{ github.repository_owner }}/alpine:act-${{ steps.print-date.outputs.date }}
id: act
uses: docker/build-push-action@v2
env:
GHCR_TAG: ghcr.io/${{ github.repository_owner }}/alpine:act
QUAY_TAG: quay.io/${{ github.repository_owner }}/alpine:act
DCKR_TAG: docker.io/${{ github.repository_owner }}/alpine:act
with:
context: .
push: ${{ github.event_name != 'pull_request' && github.event_name != 'push' }}
file: ./linux/alpine/act/base/Dockerfile
platforms: linux/amd64,linux/arm64,linux/arm/v7
tags: |
${{ env.GHCR_TAG }}
${{ env.GHCR_TAG }}-${{ steps.print-date.outputs.date }}
${{ env.QUAY_TAG }}
${{ env.QUAY_TAG }}-${{ steps.print-date.outputs.date }}
${{ env.DCKR_TAG }}
${{ env.DCKR_TAG }}-${{ steps.print-date.outputs.date }}
build-args: |
BASEIMAGE=node
TAG=lts-alpine3.13
DISTRIB_RELEASE=${{ steps.release.outputs.RELEASE }}
BUILD_TAG_VERSION=${{ steps.print-date.outputs.date }}
BUILD_TAG=act
BUILD_REF=${{ github.sha }}
- name: Build and push ${{ github.repository_owner }}/alpine:runner-${{ steps.print-date.outputs.date }}
id: runner
uses: docker/build-push-action@v2
if: ${{ github.event_name != 'pull_request' && github.event_name != 'push' }}
env:
GHCR_TAG: ghcr.io/${{ github.repository_owner }}/alpine:runner
QUAY_TAG: quay.io/${{ github.repository_owner }}/alpine:runner
DCKR_TAG: docker.io/${{ github.repository_owner }}/alpine:runner
with:
context: .
push: ${{ github.event_name != 'pull_request' && github.event_name != 'push' }}
file: ./linux/alpine/act/runner/Dockerfile
platforms: linux/amd64,linux/arm64,linux/arm/v7
tags: |
${{ env.GHCR_TAG }}
${{ env.GHCR_TAG }}-${{ steps.print-date.outputs.date }}
${{ env.QUAY_TAG }}
${{ env.QUAY_TAG }}-${{ steps.print-date.outputs.date }}
${{ env.DCKR_TAG }}
${{ env.DCKR_TAG }}-${{ steps.print-date.outputs.date }}
build-args: |
BASEIMAGE=catthehacker/alpine
TAG=act-${{ steps.print-date.outputs.date }}
BUILD_TAG_VERSION=${{ steps.print-date.outputs.date }}
BUILD_TAG=runner
BUILD_REF=${{ github.sha }}
.github/workflows/build-images.yml
-100
View File
@@ -1,100 +0,0 @@
name: Build Docker image
on:
schedule:
- cron: 0 12 */7 * *
push:
paths:
- '.github/workflows/build-images.yml'
- 'linux/**'
pull_request:
paths:
- '.github/workflows/build-images.yml'
- 'linux/**'
workflow_dispatch:
env:
NODE: '12'
jobs:
build:
name: Build
runs-on: ubuntu-20.04
if: ${{ github.actor == github.repository_owner && github.event_name != 'pull_request' }}
strategy:
fail-fast: true
max-parallel: 4
matrix:
DISTRIB_ID: [ubuntu]
DISTRIB_RELEASE: [latest, 20.04, 18.04, 16.04]
IMAGE_TYPE: [act, runner]
steps:
- name: Login to GitHub Container Registry
id: ghcr
if: ${{ github.actor == github.repository_owner }}
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Quay
id: quay
if: ${{ github.actor == github.repository_owner }}
uses: docker/login-action@v1
with:
registry: quay.io
username: ${{ secrets.QUAY_USER }}
password: ${{ secrets.QUAY_TOKEN }}
- name: Login to Docker Hub
id: dckr
if: ${{ github.actor == github.repository_owner }}
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Print date in UTC format
id: print-date
run: echo "::set-output name=date::$(date +%Y%m%d)"
- name: Set Ubuntu version to RELEASE
id: release
run: |
if [ "latest" = "${{ matrix.DISTRIB_RELEASE }}" ]; then
echo "::set-output name=RELEASE::20.04"
else
echo "::set-output name=RELEASE::${{ matrix.DISTRIB_RELEASE }}"
fi
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- uses: actions/checkout@v2
- name: Build and push ${{ github.repository_owner }}/${{ matrix.DISTRIB_ID }}:${{ matrix.IMAGE_TYPE }}-${{ matrix.DISTRIB_RELEASE }}-${{ steps.print-date.outputs.date }}
id: docker_build
uses: docker/build-push-action@v2
with:
context: .
push: ${{ github.event_name != 'pull_request' && github.event_name != 'push' }}
file: ./linux/${{ matrix.DISTRIB_ID }}/${{ matrix.IMAGE_TYPE }}/Dockerfile
platforms: linux/amd64,linux/arm64
tags: |
ghcr.io/${{ github.repository_owner }}/${{ matrix.DISTRIB_ID }}:${{ matrix.IMAGE_TYPE }}-${{ matrix.DISTRIB_RELEASE }}
ghcr.io/${{ github.repository_owner }}/${{ matrix.DISTRIB_ID }}:${{ matrix.IMAGE_TYPE }}-${{ matrix.DISTRIB_RELEASE }}-${{ steps.print-date.outputs.date }}
quay.io/${{ github.repository_owner }}/${{ matrix.DISTRIB_ID }}:${{ matrix.IMAGE_TYPE }}-${{ matrix.DISTRIB_RELEASE }}
quay.io/${{ github.repository_owner }}/${{ matrix.DISTRIB_ID }}:${{ matrix.IMAGE_TYPE }}-${{ matrix.DISTRIB_RELEASE }}-${{ steps.print-date.outputs.date }}
docker.io/${{ github.repository_owner }}/${{ matrix.DISTRIB_ID }}:${{ matrix.IMAGE_TYPE }}-${{ matrix.DISTRIB_RELEASE }}
docker.io/${{ github.repository_owner }}/${{ matrix.DISTRIB_ID }}:${{ matrix.IMAGE_TYPE }}-${{ matrix.DISTRIB_RELEASE }}-${{ steps.print-date.outputs.date }}
build-args: |
DISTRIB_ID=${{ matrix.DISTRIB_ID }}
DISTRIB_RELEASE=${{ steps.release.outputs.RELEASE }}
NODE_VERSION=${{ env.NODE }}
BUILD_TAG_VERSION=${{ steps.print-date.outputs.date }}
BUILD_TAG=${{ matrix.IMAGE_TYPE }}
BUILD_REF=${{ github.sha }}
.github/workflows/build-ubuntu.yml
+130
View File
@@ -0,0 +1,130 @@
name: Build ubuntu images
on:
schedule:
- cron: 0 12 */7 * *
push:
paths:
- '.github/workflows/build-ubuntu.yml'
- 'linux/ubuntu/**'
pull_request:
paths:
- '.github/workflows/build-ubuntu.yml'
- 'linux/ubuntu/**'
workflow_dispatch:
env:
NODE: '12'
jobs:
build:
name: Build
runs-on: ubuntu-latest
if: ${{ github.actor == github.repository_owner && github.event_name != 'pull_request' }}
strategy:
fail-fast: true
max-parallel: 4
matrix:
BASEIMAGE: [ubuntu]
TAG: [latest, 20.04, 18.04, 16.04]
IMAGE_TYPE: [act]
steps:
- name: Login to GitHub Container Registry
id: ghcr
if: ${{ github.actor == github.repository_owner }}
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Quay
id: quay
if: ${{ github.actor == github.repository_owner }}
uses: docker/login-action@v1
with:
registry: quay.io
username: ${{ secrets.QUAY_USER }}
password: ${{ secrets.QUAY_TOKEN }}
- name: Login to Docker Hub
id: dckr
if: ${{ github.actor == github.repository_owner }}
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Print date in UTC format
id: print-date
run: echo "::set-output name=date::$(date +%Y%m%d)"
- name: Set Ubuntu version to RELEASE
id: release
run: |
if [ "latest" = "${{ matrix.TAG }}" ]; then
echo "::set-output name=RELEASE::$(lsb_release -rs)"
else
echo "::set-output name=RELEASE::${{ matrix.TAG }}"
fi
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- uses: actions/checkout@v2
- name: Build and push ${{ github.repository_owner }}/${{ matrix.BASEIMAGE }}:act-${{ matrix.TAG }}-${{ steps.print-date.outputs.date }}
id: act
uses: docker/build-push-action@v2
env:
GHCR_TAG: ghcr.io/${{ github.repository_owner }}/${{ matrix.BASEIMAGE }}:act-${{ matrix.TAG }}
QUAY_TAG: quay.io/${{ github.repository_owner }}/${{ matrix.BASEIMAGE }}:act-${{ matrix.TAG }}
DCKR_TAG: docker.io/${{ github.repository_owner }}/${{ matrix.BASEIMAGE }}:act-${{ matrix.TAG }}
with:
context: .
push: ${{ github.event_name != 'pull_request' && github.event_name != 'push' }}
file: ./linux/${{ matrix.BASEIMAGE }}/act/Dockerfile
platforms: linux/amd64,linux/arm64
tags: |
${{ env.GHCR_TAG }}
${{ env.GHCR_TAG }}-${{ steps.print-date.outputs.date }}
${{ env.QUAY_TAG }}
${{ env.QUAY_TAG }}-${{ steps.print-date.outputs.date }}
${{ env.DCKR_TAG }}
${{ env.DCKR_TAG }}-${{ steps.print-date.outputs.date }}
build-args: |
BASEIMAGE=buildpack-deps
TAG=${{ steps.release.outputs.RELEASE }}
NODE_VERSION=${{ env.NODE }}
BUILD_TAG_VERSION=${{ steps.print-date.outputs.date }}
BUILD_TAG=act
BUILD_REF=${{ github.sha }}
- name: Build and push ${{ github.repository_owner }}/${{ matrix.BASEIMAGE }}:runner-${{ matrix.TAG }}-${{ steps.print-date.outputs.date }}
id: runner
uses: docker/build-push-action@v2
env:
GHCR_TAG: ghcr.io/${{ github.repository_owner }}/${{ matrix.BASEIMAGE }}:runner-${{ matrix.TAG }}
QUAY_TAG: quay.io/${{ github.repository_owner }}/${{ matrix.BASEIMAGE }}:runner-${{ matrix.TAG }}
DCKR_TAG: docker.io/${{ github.repository_owner }}/${{ matrix.BASEIMAGE }}:runner-${{ matrix.TAG }}
with:
context: .
push: ${{ github.event_name != 'pull_request' && github.event_name != 'push' }}
file: ./linux/${{ matrix.BASEIMAGE }}/runner/Dockerfile
platforms: linux/amd64,linux/arm64
tags: |
${{ env.GHCR_TAG }}
${{ env.GHCR_TAG }}-${{ steps.print-date.outputs.date }}
${{ env.QUAY_TAG }}
${{ env.QUAY_TAG }}-${{ steps.print-date.outputs.date }}
${{ env.DCKR_TAG }}
${{ env.DCKR_TAG }}-${{ steps.print-date.outputs.date }}
build-args: |
BASEIMAGE=catthehacker/ubuntu
TAG=act-${{ matrix.TAG }}
BUILD_TAG_VERSION=${{ steps.print-date.outputs.date }}
BUILD_TAG=${{ matrix.IMAGE_TYPE }}
BUILD_REF=${{ github.sha }}
.github/workflows/lint.yml
+22
View File
@@ -0,0 +1,22 @@
name: Lint Code Base
on:
push:
pull_request:
workflow_dispatch:
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Lint
uses: github/super-linter@v3
env:
VALIDATE_ALL_CODEBASE: ${{ github.event_name != 'pull_request' }}
DEFAULT_BRANCH: master
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
.gitignore
+1
View File
@@ -0,0 +1 @@
build.ps1
README.md
+11 -24
View File
@@ -1,6 +1,7 @@
# Docker images
[![Build Docker image](https://github.com/CatTheHacker/docker-images/workflows/Build%20Docker%20image/badge.svg)](https://github.com/CatTheHacker/docker-images/actions?query=workflow%3A%22Build+Docker+image%22)
[![GitHub Super-Linter](https://github.com/catthehacker/docker_images/workflows/Lint%20Code%20Base/badge.svg)](https://github.com/marketplace/actions/super-linter)
## When updates will be applied to images
@@ -15,38 +16,24 @@
## Images available
- [virtual-environments](github.com/catthehacker/virtual-environments) - GitHub Actions runner image containing all possible tools (image is extremely big, 20GB compressed, ~60GB extracted)
- `quay.io/catthehacker/virtual-environments:ubuntu-20.04` - this image is updated manually due to amount of changes in [github.com/actions/virtual-environments](github.com/actions/virtual-environments)
- [virtual-environments][catthehacker/runner-image] - GitHub Actions runner image containing all possible tools (image is extremely big, 20GB compressed, ~60GB extracted)
- `catthehacker/ubuntu:full-20.04` - this image is updated manually due to amount of changes in [actions/virtual-environments][actions/virtual-environments]
- more to come...
- `\linux\ubuntu\runner\Dockerfile` - used as base image for [github.com/catthehacker/act](https://github.com/catthehacker/act)
- ghcr.io (GitHub Container Registry)
- `ghcr.io/catthehacker/ubuntu:runner-16.04`
- `ghcr.io/catthehacker/ubuntu:runner-18.04`
- `ghcr.io/catthehacker/ubuntu:runner-20.04`
- `ghcr.io/catthehacker/ubuntu:runner-latest`
- quay.io (RedHat Container Registry)
- `quay.io/catthehacker/ubuntu:runner-16.04`
- `quay.io/catthehacker/ubuntu:runner-18.04`
- `quay.io/catthehacker/ubuntu:runner-20.04`
- `quay.io/catthehacker/ubuntu:runner-latest`
- [`/linux/ubuntu/runner/`](./linux/ubuntu/runner/) - `catthehacker/ubuntu:act-*` but with `runner` as user instead of `root`
- docker.io (DockerHub)
- `catthehacker/ubuntu:runner-16.04`
- `catthehacker/ubuntu:runner-18.04`
- `catthehacker/ubuntu:runner-20.04`
- `catthehacker/ubuntu:runner-latest`
- `\linux\ubuntu\act\Dockerfile` - image used in [github.com/nektos/act](https://github.com/nektos/act) as medium size image retaining compatibility with most actions while maintaining small size
- ghcr.io (GitHub Container Registry)
- `ghcr.io/catthehacker/ubuntu:act-16.04`
- `ghcr.io/catthehacker/ubuntu:act-18.04`
- `ghcr.io/catthehacker/ubuntu:act-20.04`
- `ghcr.io/catthehacker/ubuntu:act-latest`
- quay.io (RedHat Container Registry)
- `quay.io/catthehacker/ubuntu:act-16.04`
- `quay.io/catthehacker/ubuntu:act-18.04`
- `quay.io/catthehacker/ubuntu:act-20.04`
- `quay.io/catthehacker/ubuntu:act-latest`
- [`/linux/ubuntu/act/`](./linux/ubuntu/act/) - image used in [github.com/nektos/act](https://github.com/nektos/act) as medium size image retaining compatibility with most actions while maintaining small size
- docker.io (DockerHub)
- `catthehacker/ubuntu:act-16.04`
- `catthehacker/ubuntu:act-18.04`
- `catthehacker/ubuntu:act-20.04`
- `catthehacker/ubuntu:act-latest`
- [`/linux/alpine/act/`](./linux/alpine/act/) - Alpine base image for `act`
- docker.io (DockerHub)
- `catthehacker/alpine:act`
[actions/virtual-environments]: https://github.com/actions/virtual-environments
[catthehacker/runner-image]: https://github.com/catthehacker/runner-image
linux/alpine/act/base/Dockerfile
+65
View File
@@ -0,0 +1,65 @@
ARG BASEIMAGE=node
ARG TAG=lts-alpine3.13
FROM ${BASEIMAGE}:${TAG}
ARG TARGETARCH
ARG TARGETVARIANT
# > ARGs before FROM are not accessible
ARG BASEIMAGE=alpine
ARG TAG=3.13
ARG AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache
ARG IMAGE_TYPE=act
ENV ImageOS=alpine
SHELL [ "/bin/ash", "-o", "pipefail", "-l", "-c" ]
# > setup environment required for GitHub Actions, install dependencies/packages
RUN set -euxo pipefail \
&& printf "Build started\nAdding environment variables\n\n" \
&& echo "USER=$(whoami)" | tee -a /etc/environment \
&& echo "RUNNER_USER=$(whoami)" | tee -a /etc/environment \
&& echo "IMAGE_OS=${ImageOS}" | tee -a /etc/environment \
&& echo "ImageOS=${ImageOS}" | tee -a /etc/environment \
#&& echo "LSB_RELEASE=${DISTRIB_RELEASE}" | tee -a /etc/environment \
&& echo "AGENT_TOOLSDIRECTORY=${AGENT_TOOLSDIRECTORY}" | tee -a /etc/environment \
&& echo "RUN_TOOL_CACHE=${AGENT_TOOLSDIRECTORY}" | tee -a /etc/environment \
&& echo "DEPLOYMENT_BASEPATH=/opt/runner" | tee -a /etc/environment \
&& echo ". /etc/environment" | tee -a /etc/profile \
&& printf "Creating tool cache directory and '/github'\n\n" \
&& mkdir -p ${AGENT_TOOLSDIRECTORY} \
&& chown 1000:1000 ${AGENT_TOOLSDIRECTORY} \
&& chmod 0777 ${AGENT_TOOLSDIRECTORY} \
&& mkdir -p /github \
&& chown 1000:1000 /github \
&& chmod 0777 /github \
&& printf "Installing packages\n\n" \
&& apk --no-cache add openssh-client gawk jq curl git wget sudo gnupg ca-certificates yaml zstd zip unzip xz icu build-base python3 \
&& printf "Creating ~/.ssh and adding 'github.com'\n\n" \
&& mkdir -p ~/.ssh \
&& chmod 700 ~/.ssh \
&& ssh-keyscan github.com | tee ~/.ssh/known_hosts \
&& printf "Installed base utils\nInstalling docker\n" \
&& apk --no-cache add docker-cli \
&& printf "Cleaning image\n" \
&& apk clean cache \
&& rm -rf /var/cache/* /var/log/* /tmp/* || echo 'Failed to delete directories' \
&& printf "Cleaned up image\n"
ARG BUILD_TAG_VERSION="master"
ARG BUILD_TAG=${IMAGE_TYPE}
ARG BUILD_REF="master"
LABEL org.opencontainers.image.vendor="catthehacker"
LABEL org.opencontainers.image.authors="me@hackerc.at"
LABEL org.opencontainers.image.url="https://github.com/catthehacker/docker_images/tree/${BUILD_REF}/linux/${ImageOS}/${BUILD_TAG}/"
LABEL org.opencontainers.image.source="https://github.com/catthehacker/docker_images.git"
LABEL org.opencontainers.image.version=${BUILD_TAG_VERSION}
LABEL org.opencontainers.image.title=${BUILD_TAG}-${TARGETARCH}-${TARGETVARIANT}
LABEL org.opencontainers.image.revision=${BUILD_REF}
SHELL [ "/bin/ash", "-l", "-c" ]
# > Force bash with environment
ENTRYPOINT [ "/bin/ash", "-l", "-c" ]
linux/alpine/act/go/Dockerfile
+21
View File
@@ -0,0 +1,21 @@
ARG BASEIMAGE=catthehacker/alpine
ARG TAG=act
FROM ${BASEIMAGE}:${TAG}
SHELL [ "/bin/ash", "-o", "pipefail", "-l", "-c" ]
RUN set -Eeuxo pipefail \
&& printf "Installing Go(lang)\n" \
&& sudo apk add --no-cache go
ARG BUILD_TAG_VERSION="master"
ARG BUILD_TAG="go"
ARG BUILD_REF="master"
LABEL org.opencontainers.image.vendor="catthehacker"
LABEL org.opencontainers.image.authors="me@hackerc.at"
LABEL org.opencontainers.image.url="https://github.com/catthehacker/docker_images/tree/${BUILD_REF}/linux/${ImageOS}/${BUILD_TAG}/"
LABEL org.opencontainers.image.source="https://github.com/catthehacker/docker_images.git"
LABEL org.opencontainers.image.version=${BUILD_TAG_VERSION}
LABEL org.opencontainers.image.title=${BUILD_TAG}-${TARGETARCH}-${TARGETVARIANT}
LABEL org.opencontainers.image.revision=${BUILD_REF}
linux/alpine/act/runner/Dockerfile
+38
View File
@@ -0,0 +1,38 @@
ARG BASEIMAGE=catthehacker/alpine
ARG TAG=act
FROM ${BASEIMAGE}:${TAG}
SHELL [ "/bin/ash", "-o", "pipefail", "-l", "-c" ]
# > Create non-root user
RUN set -Eeuxo pipefail \
&& printf "Creating non-root user\n" \
&& addgroup -S ${RUNNER_USER} -g 1000 && adduser -S ${RUNNER_USER} -u 1000 -G ${RUNNER_USER} -s /usr/bin/fish \
&& sed -i /etc/sudoers -re 's/^%sudo.*/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/g' \
&& sed -i /etc/sudoers -re 's/^root.*/root ALL=(ALL:ALL) NOPASSWD: ALL/g' \
&& sed -i /etc/sudoers -re 's/^#includedir.*/## **Removed the include directive** ##"/g' \
&& echo "${RUNNER_USER} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \
&& printf "Runner user: $(su - ${RUNNER_USER} -c id)\n" \
&& printf "Created non-root user $(grep ${RUNNER_USER} /etc/passwd)\n" \
&& echo "USER=${RUNNER_USER}" | tee -a /etc/environment \
&& echo "RUNNER_USER=${RUNNER_USER}" | tee -a /etc/environment \
&& echo "RUNNER_TEMP=/home/${RUNNER_USER}/work/_temp" | tee -a /etc/environment \
&& mkdir -p "/home/${RUNNER_USER}/work/_temp" \
&& chown -R ${RUNNER_USER}:${RUNNER_USER} "/home/${RUNNER_USER}/work" \
&& mkdir -p "/home/${RUNNER_USER}/.ssh" \
&& chmod 700 "/home/${RUNNER_USER}/.ssh" \
&& ssh-keyscan github.com | tee "/home/${RUNNER_USER}/.ssh/known_hosts" \
&& chmod 644 "/home/${RUNNER_USER}/.ssh/known_hosts" \
&& chown -R ${RUNNER_USER}:${RUNNER_USER} "/home/${RUNNER_USER}/.ssh"
ARG BUILD_TAG_VERSION="master"
ARG BUILD_TAG="runner"
ARG BUILD_REF="master"
LABEL org.opencontainers.image.vendor="catthehacker"
LABEL org.opencontainers.image.authors="me@hackerc.at"
LABEL org.opencontainers.image.url="https://github.com/catthehacker/docker_images/tree/${BUILD_REF}/linux/${ImageOS}/${BUILD_TAG}/"
LABEL org.opencontainers.image.source="https://github.com/catthehacker/docker_images.git"
LABEL org.opencontainers.image.version=${BUILD_TAG_VERSION}
LABEL org.opencontainers.image.title=${BUILD_TAG}-${TARGETARCH}-${TARGETVARIANT}
LABEL org.opencontainers.image.revision=${BUILD_REF}
linux/alpine/act/rust/Dockerfile
+21
View File
@@ -0,0 +1,21 @@
ARG BASEIMAGE=catthehacker/alpine
ARG TAG=act
FROM ${BASEIMAGE}:${TAG}
SHELL [ "/bin/ash", "-o", "pipefail", "-l", "-c" ]
RUN set -Eeuxo pipefail \
&& printf "Installing Rust\n" \
&& curl https://sh.rustup.rs -sSf | sh -s -- -y
ARG BUILD_TAG_VERSION="master"
ARG BUILD_TAG="rust"
ARG BUILD_REF="master"
LABEL org.opencontainers.image.vendor="catthehacker"
LABEL org.opencontainers.image.authors="me@hackerc.at"
LABEL org.opencontainers.image.url="https://github.com/catthehacker/docker_images/tree/${BUILD_REF}/linux/${ImageOS}/${BUILD_TAG}/"
LABEL org.opencontainers.image.source="https://github.com/catthehacker/docker_images.git"
LABEL org.opencontainers.image.version=${BUILD_TAG_VERSION}
LABEL org.opencontainers.image.title=${BUILD_TAG}-${TARGETARCH}-${TARGETVARIANT}
LABEL org.opencontainers.image.revision=${BUILD_REF}
linux/ubuntu/act/Dockerfile
+18 -35
View File
@@ -1,10 +1,10 @@
ARG DISTRIB_ID=ubuntu
ARG DISTRIB_RELEASE=20.04
FROM ${DISTRIB_ID}:${DISTRIB_RELEASE}
ARG BASEIMAGE=buildpack-deps
ARG TAG=20.04
FROM ${BASEIMAGE}:${TAG}
# > ARGs before FROM are not accessible
ARG DISTRIB_ID=ubuntu
ARG DISTRIB_RELEASE=20.04
ARG BASEIMAGE=buildpack-deps
ARG TAG=20.04
# > Node version
ARG NODE_VERSION=12
@@ -12,17 +12,17 @@ ARG NODE_VERSION=12
# > Force apt to not be interactive/not ask
ARG DEBIAN_FRONTEND=noninteractive
SHELL [ "/bin/bash", "-c" ]
SHELL [ "/bin/bash", "--login", "-o", "pipefail", "-c" ]
# > setup environment required for GitHub Actions
RUN set -Eeuxo pipefail \
&& printf "Build started\n" \
&& echo "USER=$(whoami)" | tee -a /etc/environment \
&& echo "RUNNER_USER=$(whoami)" | tee -a /etc/environment \
&& ImageOS=${DISTRIB_ID}$(echo ${DISTRIB_RELEASE} | cut -d'.' -f 1) \
&& ImageOS=ubuntu$(echo ${TAG} | cut -d'.' -f 1) \
&& echo "IMAGE_OS=$ImageOS" | tee -a /etc/environment \
&& echo "ImageOS=$ImageOS" | tee -a /etc/environment \
&& echo "LSB_RELEASE=${DISTRIB_RELEASE}" | tee -a /etc/environment \
&& echo "LSB_RELEASE=${TAG}" | tee -a /etc/environment \
&& AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache \
&& echo "AGENT_TOOLSDIRECTORY=$AGENT_TOOLSDIRECTORY" | tee -a /etc/environment \
&& echo "RUN_TOOL_CACHE=$AGENT_TOOLSDIRECTORY" | tee -a /etc/environment \
@@ -33,44 +33,32 @@ RUN set -Eeuxo pipefail \
&& chmod 0777 $AGENT_TOOLSDIRECTORY \
&& mkdir -p /github \
&& chown 1000:1000 /github \
&& chmod 0777 /github
# > Install deps
RUN set -Eeuxo pipefail \
&& apt -yq update \
&& chmod 0777 /github \
&& printf "Installing packages\n\n" \
&& apt-get -yq update \
&& printf "Updated apt lists and upgraded packages\n\n" \
&& apt -yq install --no-install-recommends ssh lsb-release gawk jq curl git wget sudo gnupg-agent ca-certificates software-properties-common apt-transport-https libyaml-0-2 zstd unzip xz-utils $(apt-cache search libicu | grep -E 'libicu[[:digit:]]+ -' | cut -d " " -f 1) \
&& apt-get -yq install --no-install-recommends ssh lsb-release gawk jq curl git wget sudo gnupg-agent ca-certificates software-properties-common apt-transport-https libyaml-0-2 zstd unzip xz-utils "$(apt-cache search libicu | grep -E 'libicu[[:digit:]]+ -' | cut -d \" \" -f 1)" \
&& printf "Creating ~/.ssh and adding 'github.com'\n\n" \
&& mkdir -p ~/.ssh \
&& chmod 700 ~/.ssh \
&& ssh-keyscan github.com | tee ~/.ssh/known_hosts \
&& printf "Installed base utils\nInstalling docker\n" \
&& curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - \
&& add-apt-repository "deb https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \
&& apt -yq update \
&& apt -yq install docker-ce-cli \
&& printf "Cleaning image\n" \
&& apt-get clean \
&& rm -rf /var/cache/* \
&& rm -rf /var/log/* \
&& rm -rf /var/lib/apt/lists/* \
&& rm -rf /tmp/* \
&& printf "Cleaned up image\n"
# > Install Node.JS
RUN set -Eeuxo pipefail \
&& apt-get -yq update \
&& apt-get -yq install --no-install-recommends docker-ce-cli \
&& printf "Installing Node.JS\n" \
&& curl -sSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \
&& DISTRO="$(lsb_release -s -c)" \
&& echo "deb https://deb.nodesource.com/node_${NODE_VERSION}.x $DISTRO main" | tee /etc/apt/sources.list.d/nodesource.list \
&& echo "deb-src https://deb.nodesource.com/node_${NODE_VERSION}.x $DISTRO main" | tee -a /etc/apt/sources.list.d/nodesource.list \
&& apt -yq update \
&& apt -yq install --no-install-recommends nodejs="${NODE_VERSION}*" \
&& apt-get -yq update \
&& apt-get -yq install --no-install-recommends nodejs="${NODE_VERSION}*" \
&& printf "Installed Node.JS $(node -v)\n" \
&& dpkg-query -f '${binary:Package}\n' -W \
&& printf "Cleaning image\n" \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* \
&& rm -rf /tmp/* \
&& rm -rf /var/cache/* /var/log/* /var/lib/apt/lists/* /tmp/* || echo 'Failed to delete directories' \
&& printf "Cleaned up image\n"
ARG BUILD_TAG_VERSION="master"
@@ -86,8 +74,3 @@ LABEL org.opencontainers.image.title=${BUILD_TAG}
LABEL org.opencontainers.image.revision=${BUILD_REF}
USER root
SHELL [ "/bin/bash", "--login", "-c" ]
# > Force bash with environment
ENTRYPOINT [ "/bin/bash", "--login", "-c" ]
linux/ubuntu/runner/Dockerfile
+23 -93
View File
@@ -1,99 +1,36 @@
ARG DISTRIB_ID=ubuntu
ARG DISTRIB_RELEASE=20.04
FROM ${DISTRIB_ID}:${DISTRIB_RELEASE}
ARG BASEIMAGE=catthehacker/ubuntu
ARG TAG=act-latest
FROM ${BASEIMAGE}:${TAG}
# > ARGs before FROM are not accessible
ARG DISTRIB_ID=ubuntu
ARG DISTRIB_RELEASE=20.04
ARG BASEIMAGE=catthehacker/ubuntu
ARG TAG=act-latest
# > non-root user
ARG RUNNER_USER=runner
ARG RUNNER=runner
# > Node version
ARG NODE_VERSION=12
# > Force apt to not be interactive/not ask
ARG DEBIAN_FRONTEND=noninteractive
SHELL [ "/bin/bash", "-c" ]
# > setup environment required for GitHub Actions
RUN set -Eeuxo pipefail \
&& printf "Build started\n" \
&& ImageOS=${DISTRIB_ID}$(echo ${DISTRIB_RELEASE} | cut -d'.' -f 1) \
&& echo "IMAGE_OS=$ImageOS" | tee -a /etc/environment \
&& echo "ImageOS=$ImageOS" | tee -a /etc/environment \
&& echo "LSB_RELEASE=${DISTRIB_RELEASE}" | tee -a /etc/environment \
&& AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache \
&& echo "AGENT_TOOLSDIRECTORY=$AGENT_TOOLSDIRECTORY" | tee -a /etc/environment \
&& echo "RUN_TOOL_CACHE=$AGENT_TOOLSDIRECTORY" | tee -a /etc/environment \
&& echo "DEPLOYMENT_BASEPATH=/opt/runner" | tee -a /etc/environment \
&& echo ". /etc/environment" | tee -a /etc/profile \
&& mkdir -p $AGENT_TOOLSDIRECTORY \
&& chown 1000:1000 $AGENT_TOOLSDIRECTORY \
&& chmod 0777 $AGENT_TOOLSDIRECTORY \
&& mkdir -p /github \
&& chown 1000:1000 /github \
&& chmod 0777 /github \
&& echo "RUNNER_USER=${RUNNER_USER}" | tee -a /etc/environment \
&& echo "RUNNER_TEMP=/home/${RUNNER_USER}/work/_temp" | tee -a /etc/environment
# > Install deps
RUN set -Eeuxo pipefail \
&& apt -yq update \
&& printf "Updated apt lists and upgraded packages\n\n" \
&& apt -yq install --no-install-recommends ssh lsb-release gawk jq curl git wget sudo gnupg-agent ca-certificates software-properties-common apt-transport-https libyaml-0-2 zstd unzip xz-utils $(apt-cache search libicu | grep -E 'libicu[[:digit:]]+ -' | cut -d " " -f 1) \
&& printf "Installed base utils\nInstalling docker\n" \
&& curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - \
&& add-apt-repository "deb https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \
&& apt -yq update \
&& apt -yq install docker-ce-cli \
&& printf "Cleaning image\n" \
&& apt-get clean \
&& rm -rf /var/cache/* \
&& rm -rf /var/log/* \
&& rm -rf /var/lib/apt/lists/* \
&& rm -rf /tmp/* \
&& printf "Cleaned up image\n"
# > Install Node.JS
RUN set -Eeuxo pipefail \
&& printf "Installing Node.JS\n" \
&& curl -sSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \
&& DISTRO="$(lsb_release -s -c)" \
&& echo "deb https://deb.nodesource.com/node_${NODE_VERSION}.x $DISTRO main" | tee /etc/apt/sources.list.d/nodesource.list \
&& echo "deb-src https://deb.nodesource.com/node_${NODE_VERSION}.x $DISTRO main" | tee -a /etc/apt/sources.list.d/nodesource.list \
&& apt -yq update \
&& apt -yq install --no-install-recommends nodejs="${NODE_VERSION}*" \
&& printf "Installed Node.JS $(node -v)\n" \
&& dpkg-query -f '${binary:Package}\n' -W \
&& printf "Cleaning image\n" \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* \
&& rm -rf /tmp/* \
&& printf "Cleaned up image\n"
SHELL [ "/bin/bash", "--login", "-o", "pipefail", "-c" ]
# > Create non-root user
RUN set -Eeuxo pipefail \
&& printf "Creating non-root user\n" \
&& groupadd -g 1000 ${RUNNER_USER} \
&& useradd -u 1000 -g ${RUNNER_USER} -G sudo -m -s /bin/bash ${RUNNER_USER} \
&& groupadd -g 1000 ${RUNNER} \
&& useradd -u 1000 -g ${RUNNER} -G sudo -m -s /bin/bash ${RUNNER} \
&& sed -i /etc/sudoers -re 's/^%sudo.*/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/g' \
&& sed -i /etc/sudoers -re 's/^root.*/root ALL=(ALL:ALL) NOPASSWD: ALL/g' \
&& sed -i /etc/sudoers -re 's/^#includedir.*/## **Removed the include directive** ##"/g' \
&& echo "${RUNNER_USER} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \
&& printf "Runner user: $(su - ${RUNNER_USER} -c id)\n" \
&& printf "Created non-root user $(grep ${RUNNER_USER} /etc/passwd)\n" \
&& echo "USER=${RUNNER_USER}" | tee -a /etc/environment \
&& echo "RUNNER_USER=${RUNNER_USER}" | tee -a /etc/environment \
&& echo "RUNNER_TEMP=/home/${RUNNER_USER}/work/_temp" | tee -a /etc/environment \
&& mkdir -p "/home/${RUNNER_USER}/work/_temp" \
&& chown -R ${RUNNER_USER}:${RUNNER_USER} "/home/${RUNNER_USER}/work" \
&& mkdir -p "/home/${RUNNER_USER}/.ssh" \
&& chmod 700 "/home/${RUNNER_USER}/.ssh" \
&& ssh-keyscan github.com | tee "/home/${RUNNER_USER}/.ssh/known_hosts" \
&& chmod 644 "/home/${RUNNER_USER}/.ssh/known_hosts" \
&& chown -R ${RUNNER_USER}:${RUNNER_USER} "/home/${RUNNER_USER}/.ssh"
&& echo "${RUNNER} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \
&& printf "Runner user: $(su - ${RUNNER} -c id)\n" \
&& printf "Created non-root user $(grep ${RUNNER} /etc/passwd)\n" \
&& sed -i /etc/environment -e "s/USER=root/USER=${RUNNER}/g" \
&& echo "RUNNER_TEMP=/home/${RUNNER}/work/_temp" | tee -a /etc/environment \
&& mkdir -p "/home/${RUNNER}/work/_temp" \
&& chown -R ${RUNNER}:${RUNNER} "/home/${RUNNER}/work" \
&& mkdir -p "/home/${RUNNER}/.ssh" \
&& chmod 700 "/home/${RUNNER}/.ssh" \
&& ssh-keyscan github.com | tee "/home/${RUNNER}/.ssh/known_hosts" \
&& chmod 644 "/home/${RUNNER}/.ssh/known_hosts" \
&& chown -R ${RUNNER}:${RUNNER} "/home/${RUNNER}/.ssh"
ARG BUILD_TAG_VERSION="master"
ARG BUILD_TAG="runner"
@@ -101,19 +38,12 @@ ARG BUILD_REF="master"
LABEL org.opencontainers.image.vendor="catthehacker"
LABEL org.opencontainers.image.authors="me@hackerc.at"
LABEL org.opencontainers.image.url="https://github.com/catthehacker/docker_images"
LABEL org.opencontainers.image.url="https://github.com/catthehacker/docker_images/linux/${BASEIMAGE}/${IMAGE_TYPE}"
LABEL org.opencontainers.image.source="https://github.com/catthehacker/docker_images.git"
LABEL org.opencontainers.image.version=${BUILD_TAG_VERSION}
LABEL org.opencontainers.image.title=${BUILD_TAG}
LABEL org.opencontainers.image.revision=${BUILD_REF}
# > Don't run as root, generally not good idea
USER ${RUNNER_USER}:${RUNNER_USER}
USER ${RUNNER}
WORKDIR /home/runner
SHELL [ "/bin/bash", "--login", "-c" ]
# > Force bash with environment
ENTRYPOINT [ "/bin/bash", "--login", "-c" ]