implement act_runner rootless image #208
No reviewers
Labels
No Label
kind
bug
kind
build
kind/compatible
kind
dependencies
kind
docs
kind
enhancement
kind
feature
kind
help wanted
kind
proposal
kind
refactor
related
act
related
environment
related
exec
related
gitea
related
workflow
reviewed
confirmed
reviewed
duplicate
reviewed
invalid
reviewed
needs feedback
reviewed
wontfix
reviewed
workaround
No Milestone
No Assignees
4 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: gitea/act_runner#208
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch ":feat/rootless-runner"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR creates a rootless Docker image that runs both
dockerd
andact_runner
usingsupervisord
. It has been tested locally for a few days and seems stable.WIP: implement rootless imageto WIP: implement act_runner rootless imageWIP: implement act_runner rootless imageto implement act_runner rootless image@ -0,0 +11,4 @@
USER root
RUN apk add --no-cache \
git=2.40.1-r0 bash=5.2.15-r3 supervisor=4.2.5-r2 \
&& rm -rf /var/cache/apk/*
Just a question, do we need
rm -rf /var/cache/apk/*
when there's--no-cache
?Nope. I'll remove it. This was in in the original Dockerfile, so I left it as is.
@ -0,0 +14,4 @@
&& rm -rf /var/cache/apk/*
COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner
COPY /scripts/supervisord.conf /etc/supervisord.conf
Why is the source file an absolute path? I mean maybe people want to build on their local env.
I was going back and forth with this one too. It makes sense to build it once and then copy the image into the container image, but at the same time the way it is now sets up for completely clean builds each time without a dependency on golang being installed. Six of one, half dozen of the other.
What do you think?
How about
The files exist in the builder too, right?
They do, but if the builder doesn't change, there's a chance that older files can make it into the newer image.
@ -0,0 +44,4 @@
# Prevent reading the token from the act_runner process
unset GITEA_RUNNER_REGISTRATION_TOKEN
# wait for docker daemon
This file is also used by
Maybe we should update the path in
Dockerfile
as well, and add an additional environment variable to determine whether to wait for the docker daemon.thanks for the PR! I've made a few minor comments :)
@ -0,0 +1,24 @@
FROM golang:1.20-alpine3.17 as builder
please target alpine 3.18
@ -0,0 +1,24 @@
FROM golang:1.20-alpine3.17 as builder
# Do not remove `git` here, it is required for getting runner version when executing `make build`
RUN apk add --no-cache make=4.3-r1 git=2.38.5-r0
no need to target specific versions of packages
hadolint-action asks for it, see #190 (comment)
until we get renovate up and running, I think we should skip hardcoding then.
I see, so should we remove
hadolint-action
?Yes. maybe we should remove the
hadolint-action
#234
@ccureau Could you please follow #234? I know I pushed a little hard, but I really want merge this PR. 😂
You didn't push hard at all! I've just been busy as we had a RIF at work. I'll get it done today.
@wolfogre That should take care of all of the suggestions above!