gitea/act_runner
61
106
Fork 79
Code Issues 136 Pull Requests 9 Actions Releases 21 Activity

implement act_runner rootless image #208

Merged
wolfogre merged 6 commits from :feat/rootless-runner into main 2023-06-12 06:35:29 +00:00
Conversation 3 Commits 6 Files Changed 8 +120 -1
ccureau commented 2023-05-22 15:35:38 +00:00
Contributor
Copy Link

This PR creates a rootless Docker image that runs both dockerd and act_runner using supervisord. It has been tested locally for a few days and seems stable.

This PR creates a rootless Docker image that runs both `dockerd` and `act_runner` using `supervisord`. It has been tested locally for a few days and seems stable.
ccureau added 1 commit 2023-05-22 15:35:39 +00:00
implement rootless image
All checks were successful
checks / check and test (pull_request) Successful in 2m32s
Details
3452b8cdec
ccureau changed title from WIP: implement rootless image to WIP: implement act_runner rootless image 2023-05-22 16:03:02 +00:00
ccureau added 1 commit 2023-05-22 17:04:02 +00:00
Merge branch 'main' into feat/rootless-runner
All checks were successful
checks / check and test (pull_request) Successful in 1m46s
Details
99bdb39673
ccureau changed title from WIP: implement act_runner rootless image to implement act_runner rootless image 2023-05-23 15:50:10 +00:00
wolfogre reviewed 2023-06-05 06:58:30 +00:00
Dockerfile.rootless
@ -0,0 +11,4 @@
USER root
RUN apk add --no-cache \
git=2.40.1-r0 bash=5.2.15-r3 supervisor=4.2.5-r2 \
&& rm -rf /var/cache/apk/*
wolfogre commented 2023-06-05 06:57:51 +00:00
Owner
Copy Link

Just a question, do we need rm -rf /var/cache/apk/* when there's --no-cache?

Just a question, do we need `rm -rf /var/cache/apk/*` when there's `--no-cache`?
ccureau commented 2023-06-05 14:17:33 +00:00
Author
Contributor
Copy Link

Nope. I'll remove it. This was in in the original Dockerfile, so I left it as is.

Nope. I'll remove it. This was in in the original Dockerfile, so I left it as is.
ccureau marked this conversation as resolved
Dockerfile.rootless
@ -0,0 +14,4 @@
&& rm -rf /var/cache/apk/*
COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner
COPY /scripts/supervisord.conf /etc/supervisord.conf
wolfogre commented 2023-06-05 06:56:21 +00:00
Owner
Copy Link

Why is the source file an absolute path? I mean maybe people want to build on their local env.

Why is the source file an absolute path? I mean maybe people want to build on their local env.
ccureau commented 2023-06-05 14:19:25 +00:00
Author
Contributor
Copy Link

I was going back and forth with this one too. It makes sense to build it once and then copy the image into the container image, but at the same time the way it is now sets up for completely clean builds each time without a dependency on golang being installed. Six of one, half dozen of the other.

What do you think?

I was going back and forth with this one too. It makes sense to build it once and then copy the image into the container image, but at the same time the way it is now sets up for completely clean builds each time without a dependency on golang being installed. Six of one, half dozen of the other. What do you think?
wolfogre commented 2023-06-09 03:00:15 +00:00
Owner
Copy Link

How about

COPY --from=builder /opt/src/act_runner/act_runner/scripts/supervisord.conf /etc/supervisord.conf
COPY --from=builder /opt/src/act_runner/act_runner/scripts/run.sh /opt/act/run.sh

The files exist in the builder too, right?

How about ```dockerfile COPY --from=builder /opt/src/act_runner/act_runner/scripts/supervisord.conf /etc/supervisord.conf COPY --from=builder /opt/src/act_runner/act_runner/scripts/run.sh /opt/act/run.sh ``` The files exist in the builder too, right?
ccureau commented 2023-06-10 12:35:34 +00:00
Author
Contributor
Copy Link

They do, but if the builder doesn't change, there's a chance that older files can make it into the newer image.

They do, but if the builder doesn't change, there's a chance that older files can make it into the newer image.
scripts/run.sh Outdated
@ -0,0 +44,4 @@
# Prevent reading the token from the act_runner process
unset GITEA_RUNNER_REGISTRATION_TOKEN
# wait for docker daemon
wolfogre commented 2023-06-05 06:52:27 +00:00
Owner
Copy Link

This file is also used by

Dockerfile Line 16 in e3271d8469
COPY run.sh /opt/act/run.sh

Maybe we should update the path in Dockerfile as well, and add an additional environment variable to determine whether to wait for the docker daemon.

This file is also used by https://gitea.com/gitea/act_runner/src/commit/e3271d8469b605cc1a380b6e1e835aff6178170a/Dockerfile#L16 Maybe we should update the path in `Dockerfile` as well, and add an additional environment variable to determine whether to wait for the docker daemon.
👍 1
ccureau marked this conversation as resolved
wolfogre added the
kind
build
 label 2023-06-05 06:58:39 +00:00
techknowlogick reviewed 2023-06-05 14:49:18 +00:00
techknowlogick left a comment
Owner
Copy Link

thanks for the PR! I've made a few minor comments :)

thanks for the PR! I've made a few minor comments :)
Dockerfile.rootless Outdated
@ -0,0 +1,24 @@
FROM golang:1.20-alpine3.17 as builder
techknowlogick commented 2023-06-05 14:48:32 +00:00
Owner
Copy Link

please target alpine 3.18

please target alpine 3.18
👍 1
ccureau marked this conversation as resolved
Dockerfile.rootless Outdated
@ -0,0 +1,24 @@
FROM golang:1.20-alpine3.17 as builder
# Do not remove `git` here, it is required for getting runner version when executing `make build`
RUN apk add --no-cache make=4.3-r1 git=2.38.5-r0
techknowlogick commented 2023-06-05 14:48:23 +00:00
Owner
Copy Link

no need to target specific versions of packages

no need to target specific versions of packages
👍 1
wolfogre commented 2023-06-06 03:25:05 +00:00
Owner
Copy Link

hadolint-action asks for it, see #190 (comment)

hadolint-action asks for it, see https://gitea.com/gitea/act_runner/pulls/190#issuecomment-740325
techknowlogick commented 2023-06-06 03:29:45 +00:00
Owner
Copy Link

until we get renovate up and running, I think we should skip hardcoding then.

until we get renovate up and running, I think we should skip hardcoding then.
wolfogre commented 2023-06-06 04:14:39 +00:00
Owner
Copy Link

I see, so should we remove hadolint-action?

I see, so should we remove `hadolint-action`?
appleboy commented 2023-06-06 23:13:07 +00:00
Member
Copy Link

Yes. maybe we should remove the hadolint-action

Yes. maybe we should remove the `hadolint-action`
wolfogre commented 2023-06-08 04:11:20 +00:00
Owner
Copy Link

#234

#234
wolfogre marked this conversation as resolved
wolfogre added 1 commit 2023-06-09 02:54:46 +00:00
Merge branch 'main' into feat/rootless-runner
All checks were successful
checks / check and test (pull_request) Successful in 1m6s
Details
e95566afca
wolfogre commented 2023-06-09 03:03:41 +00:00
Owner
Copy Link

@ccureau Could you please follow #234? I know I pushed a little hard, but I really want merge this PR. 😂

@ccureau Could you please follow #234? I know I pushed a little hard, but I really want merge this PR. 😂
ccureau commented 2023-06-09 14:08:00 +00:00
Author
Contributor
Copy Link

@ccureau Could you please follow #234? I know I pushed a little hard, but I really want merge this PR. 😂

You didn't push hard at all! I've just been busy as we had a RIF at work. I'll get it done today.

> @ccureau Could you please follow #234? I know I pushed a little hard, but I really want merge this PR. 😂 You didn't push hard at all! I've just been busy as we had a RIF at work. I'll get it done today.
ccureau added 1 commit 2023-06-10 12:12:01 +00:00
additional comments
All checks were successful
checks / check and test (pull_request) Successful in 58s
Details
b8f9e7fc75
ccureau added 1 commit 2023-06-10 12:16:11 +00:00
Additional documentation
All checks were successful
checks / check and test (pull_request) Successful in 53s
Details
55e7f13aee
ccureau commented 2023-06-10 12:16:33 +00:00
Author
Contributor
Copy Link

@wolfogre That should take care of all of the suggestions above!

@wolfogre That should take care of all of the suggestions above!
ccureau added 1 commit 2023-06-10 12:36:28 +00:00
Merge branch 'main' into feat/rootless-runner
All checks were successful
checks / check and test (pull_request) Successful in 53s
Details
ec067f8a44
wolfogre approved these changes 2023-06-12 06:34:43 +00:00
wolfogre merged commit 341d49a24d into main 2023-06-12 06:35:29 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
wolfogre
Labels
Clear labels   
kind
bug
Something is not working

  
kind
build

  
kind/compatible
  
kind
dependencies

  
kind
docs

  
kind
enhancement
New feature

  
kind
feature

  
kind
help wanted
Need some help

  
kind
proposal

  
kind
refactor

  
related
act
Related to act.

  
related
environment
Related to the environment.

  
related
exec

  
related
gitea
Related to Gitea.

  
related
workflow
Related to the workflow file or actions scripts.

  
reviewed
confirmed
confirmed issue

  
reviewed
duplicate
This issue or pull request already exists

  
reviewed
invalid
Something is wrong

  
reviewed
needs feedback

  
reviewed
wontfix
This won't be fixed

  
reviewed
workaround

No Label
kind
bug
kind
build
kind/compatible
kind
dependencies
kind
docs
kind
enhancement
kind
feature
kind
help wanted
kind
proposal
kind
refactor
related
act
related
environment
related
exec
related
gitea
related
workflow
reviewed
confirmed
reviewed
duplicate
reviewed
invalid
reviewed
needs feedback
reviewed
wontfix
reviewed
workaround
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
4 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: gitea/act_runner#208
No description provided.
Delete Branch ":feat/rootless-runner"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?