├── entrypoint.sh
├── scripts
    ├── docker-build-arm64.sh
    └── docker-buildx-push.sh
├── README.md
├── NOTES.md
└── Dockerfile


/entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | if [ "RUN_DOCKERD" = "true" ]; then
4 |   sudo /usr/bin/dockerd &
5 | fi
6 | 
7 | exec "$@"
8 | 


--------------------------------------------------------------------------------
/scripts/docker-build-arm64.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/env bash
 2 | 
 3 | if [ -z "$RUNNER_IMAGE" ]; then
 4 |   echo "RUNNER_IMAGE is not set. Please set it to the name of the image to be built and pushed."
 5 |   echo "Do also make sure that you have logged in to the registry. Head to https://hub.docker.com/settings/security?generateToken=true to generate a token for docker-login."
 6 |   exit 1
 7 | fi
 8 | 
 9 | set -evx
10 | 
11 | docker build --platform linux/arm64,linux/amd64 -t ${RUNNER_IMAGE} \
12 |   --push -f Dockerfile .
13 | 


--------------------------------------------------------------------------------
/scripts/docker-buildx-push.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/env bash
 2 | 
 3 | if [ -z "$RUNNER_IMAGE" ]; then
 4 |   echo "RUNNER_IMAGE is not set. Please set it to the name of the image to be built and pushed."
 5 |   echo "Do also make sure that you have logged in to the registry. Head to https://hub.docker.com/settings/security?generateToken=true to generate a token for docker-login."
 6 |   exit 1
 7 | fi
 8 | 
 9 | set -evx
10 | 
11 | # We explicitly say `buildx build` because
12 | # docker buildx --platform or docker build --platform doesn't work as we might have expected
13 | 
14 | docker buildx build --platform linux/arm64,linux/amd64 -t ${RUNNER_IMAGE} \
15 |   --push -f Dockerfile .
16 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # runner-images
 2 | 
 3 | This is an ongoing effort to provide a set of Docker images for GitHub Actions self-hosted runners.
 4 | 
 5 | It's maintained and driven by the community so that
 6 | we can try to go beyond the bandwidth of GitHub Actions team. The Actions team focus more on the core ARC and Actions. We, the community, focus more on our own use-cases and runner images needed for those.
 7 | 
 8 | This project was inspired by and started as a fork of [quipper/actions-runner](https://github.com/quipper/actions-runner). Much appreciation to the folks Quipper for sharing their awesome work!
 9 | 
10 | ## Features
11 | 
12 | - We fork and occasionally rebase onto [actions/runner official Dockerfile](https://github.com/actions/runner/blob/main/images/Dockerfile) for both compatibility and more features.
13 | - We DON'T provide `latest` only because we'd love to NOT break your production environments when we introduce backward-incompatible changes to the images.
14 | - Single `Dockerfile` for multiple use-cases and runner modes.
15 | 
16 | ## Usage
17 | 
18 | - You can specify "RUN_DOCKERD=true" to start a dind daemon within the runner container.
19 | 


--------------------------------------------------------------------------------
/NOTES.md:
--------------------------------------------------------------------------------
 1 | # Implementation notes
 2 | 
 3 | ## setup-ruby
 4 | 
 5 | It turns out `setup-ruby` is not supposed to install Ruby on self-hosted runners.
 6 | 
 7 | When we tried bundling the tool cache for a Ruby version like:
 8 | 
 9 | ```
10 | RUN export PATH=$PATH:/home/runner/externals/node20/bin ; export NODE_PATH=/home/runner/externals/node20/lib/node_modules ; \
11 |     npm install -g https://github.com/ruby/setup-ruby && env "INPUT_RUBY-VERSION=3.2.2" node <<EOF && npm uninstall -g setup-ruby
12 | const sr = require('setup-ruby/dist')
13 | 
14 | sr.run()
15 | EOF
16 | ```
17 | 
18 | It ended up with:
19 | 
20 | ```
21 | #0 53.56 ::debug::isExplicit: 3.2.2
22 | #0 53.57 ::debug::explicit? true
23 | #0 53.57 ::debug::checking cache: /opt/hostedtoolcache/Ruby/3.2.2/arm64
24 | #0 53.57 ::debug::not found
25 | #0 53.57 ::error::The current runner (ubuntu-20.04-arm64) was detected as self-hosted because the platform does not match a GitHub-hosted runner image (or that image is deprecated and no longer supported).%0AIn such a case, you should install Ruby in the $RUNNER_TOOL_CACHE yourself, for example using https://github.com/rbenv/ruby-build%0AYou can take inspiration from this workflow for more details: https://github.com/ruby/ruby-builder/blob/master/.github/workflows/build.yml%0A$ ruby-build 3.2.2 /opt/hostedtoolcache/Ruby/3.2.2/arm64%0AOnce that completes successfully, mark it as complete with:%0A$ touch /opt/hostedtoolcache/Ruby/3.2.2/arm64.complete%0AIt is your responsibility to ensure installing Ruby like that is not done in parallel.%0A
26 | ```
27 | 
28 | Apparently, it's working as intended; [you need to install Ruby beforehand to make setup-ruby work](https://github.com/ruby/setup-ruby/issues/242#issuecomment-1453730769).
29 | 


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
  1 | FROM mcr.microsoft.com/dotnet/runtime-deps:6.0-focal
  2 | 
  3 | LABEL org.opencontainers.image.source="https://github.com/actions-runner-controller/runner-images"
  4 | 
  5 | ARG TARGETOS
  6 | ARG TARGETARCH
  7 | ARG RUNNER_VERSION=2.310.2
  8 | ARG RUNNER_CONTAINER_HOOKS_VERSION=0.3.2
  9 | ARG DOCKER_VERSION=23.0.6
 10 | 
 11 | ENV DEBIAN_FRONTEND=noninteractive
 12 | RUN apt-get update -y \
 13 |     && apt-get install -y --no-install-recommends \
 14 |         sudo \
 15 |         # packages in actions-runner-controller/runner-22.04
 16 |         curl \
 17 |         git \
 18 |         jq \
 19 |         unzip \
 20 |         zip \
 21 |         # packages in actions-runner-controller/runner-20.04
 22 |         build-essential \
 23 |         locales \
 24 |         tzdata \
 25 |         # ruby/setup-ruby dependencies
 26 |         # https://github.com/ruby/setup-ruby#using-self-hosted-runners
 27 |         libyaml-dev \
 28 |         # dockerd dependencies
 29 |         tini \
 30 |         iptables
 31 | 
 32 | # KEEP LESS PACKAGES:
 33 | # We'd like to keep this image small for maintanability and security.
 34 | # See also,
 35 | # https://github.com/actions/actions-runner-controller/pull/2050
 36 | # https://github.com/actions/actions-runner-controller/blob/master/runner/actions-runner.ubuntu-22.04.dockerfile
 37 | 
 38 | # keep /var/lib/apt/lists to reduce time of apt-get update in a job
 39 | 
 40 | # set up the runner environment,
 41 | # based on https://github.com/actions/runner/blob/v2.309.0/images/Dockerfile
 42 | RUN adduser --disabled-password --gecos "" --uid 1001 runner \
 43 |     && groupadd docker --gid 123 \
 44 |     && usermod -aG sudo runner \
 45 |     && usermod -aG docker runner \
 46 |     && echo "%sudo   ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers \
 47 |     && echo "Defaults env_keep += \"DEBIAN_FRONTEND\"" >> /etc/sudoers
 48 | 
 49 | WORKDIR /home/runner
 50 | RUN export RUNNER_ARCH=${TARGETARCH} \
 51 |     && if [ "$RUNNER_ARCH" = "amd64" ]; then export RUNNER_ARCH=x64 ; fi \
 52 |     && curl -f -L -o runner.tar.gz https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-${TARGETOS}-${RUNNER_ARCH}-${RUNNER_VERSION}.tar.gz \
 53 |     && tar xzf ./runner.tar.gz \
 54 |     && rm runner.tar.gz
 55 | 
 56 | RUN curl -f -L -o runner-container-hooks.zip https://github.com/actions/runner-container-hooks/releases/download/v${RUNNER_CONTAINER_HOOKS_VERSION}/actions-runner-hooks-k8s-${RUNNER_CONTAINER_HOOKS_VERSION}.zip \
 57 |     && unzip ./runner-container-hooks.zip -d ./k8s \
 58 |     && rm runner-container-hooks.zip
 59 | 
 60 | RUN export RUNNER_ARCH=${TARGETARCH} \
 61 |     && if [ "$RUNNER_ARCH" = "amd64" ]; then export DOCKER_ARCH=x86_64 ; fi \
 62 |     && if [ "$RUNNER_ARCH" = "arm64" ]; then export DOCKER_ARCH=aarch64 ; fi \
 63 |     && curl -fLo docker.tgz https://download.docker.com/${TARGETOS}/static/stable/${DOCKER_ARCH}/docker-${DOCKER_VERSION}.tgz \
 64 |     && tar zxvf docker.tgz \
 65 |     && rm -rf docker.tgz \
 66 |     && install -o root -g root -m 755 docker/* /usr/bin/ \
 67 |     && rm -rf docker
 68 | 
 69 | # some setup actions store cache into /opt/hostedtoolcache
 70 | ENV RUNNER_TOOL_CACHE /opt/hostedtoolcache
 71 | 
 72 | RUN mkdir /opt/hostedtoolcache \
 73 |     && chown runner:docker /opt/hostedtoolcache
 74 | 
 75 | # We pre-install nodejs to reduce time of setup-node and improve its reliability.
 76 | ENV NODE_VERSION 18.18.2
 77 | 
 78 | RUN if [ "${TARGETARCH}" = "amd64" ]; then export NODE_ARCH=x64 ; else export NODE_ARCH=${TARGETARCH} ; fi; \
 79 |     mkdir -p /opt/hostedtoolcache/node/${NODE_VERSION}/${NODE_ARCH} && \
 80 |     curl -s -L https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-${NODE_ARCH}.tar.gz \
 81 |     | tar xvzf - --strip-components=1 -C /opt/hostedtoolcache/node/${NODE_VERSION}/${NODE_ARCH} \
 82 |     && touch /opt/hostedtoolcache/node/${NODE_VERSION}/${NODE_ARCH}.complete \
 83 |     && chown -R runner:docker /opt/hostedtoolcache/node && \
 84 |     ${RUNNER_TOOL_CACHE}/node/${NODE_VERSION}/${NODE_ARCH}/bin/node --version
 85 | 
 86 | RUN export PATH=$PATH:/home/runner/externals/node20/bin ; export NODE_PATH=/home/runner/externals/node20/lib/node_modules ; \
 87 |     npm install -g @actions/tool-cache && node <<EOF && npm uninstall -g @actions/tool-cache
 88 | const tc = require('@actions/tool-cache');
 89 | const allNodeVersions = tc.findAllVersions('node');
 90 | const expected = ['${NODE_VERSION}'];
 91 | if (expected[0] == '') {
 92 |   console.log('Invalid NODE_VERSION: ' + expected[0]);
 93 |   process.on("exit", function() {
 94 |       process.exit(1);
 95 |   });
 96 | } else if (allNodeVersions.length != expected.length) {
 97 |   console.log('Expected versions of node available: ' + expected);
 98 |   console.log('Actual versions of node available: ' + allNodeVersions);
 99 |   process.on("exit", function() {
100 |     process.exit(1);
101 |   });
102 | } else if (allNodeVersions[0] != expected[0]) {
103 |   console.log('Expected versions of node available: ' + expected);
104 |   console.log('Actual versions of node available: ' + allNodeVersions);
105 |   process.on("exit", function() {
106 |     process.exit(1);
107 |   });
108 | } else {
109 |   console.log('Versions of node available: ' + allNodeVersions);
110 | }
111 | EOF
112 | 
113 | ENV RUBY_VERSION 3.2.2
114 | RUN if [ "${TARGETARCH}" = "amd64" ]; then export RUBY_ARCH=x64 ; else export RUBY_ARCH=${TARGETARCH} ; fi; \
115 |     git clone https://github.com/rbenv/ruby-build.git && \
116 |     ./ruby-build/install.sh && \
117 |     apt-get install -y --no-install-recommends zlib1g-dev libssl-dev && \
118 |     RUBY_CONFIGURE_OPTS="--enable-shared --disable-install-doc" ruby-build --verbose ${RUBY_VERSION} ${RUNNER_TOOL_CACHE}/Ruby/${RUBY_VERSION}/${RUBY_ARCH} && \
119 |     ${RUNNER_TOOL_CACHE}/Ruby/${RUBY_VERSION}/${RUBY_ARCH}/bin/ruby --version
120 | 
121 | RUN if [ "${TARGETARCH}" = "amd64" ]; then export RUBY_ARCH=x64 ; else export RUBY_ARCH=${TARGETARCH} ; fi; \
122 |     touch ${RUNNER_TOOL_CACHE}/Ruby/${RUBY_VERSION}/${RUBY_ARCH}.complete && \
123 |     chown -R runner:docker /opt/hostedtoolcache/Ruby
124 | 
125 | RUN export PATH=$PATH:/home/runner/externals/node20/bin ; export NODE_PATH=/home/runner/externals/node20/lib/node_modules ; \
126 |     ls -lah ${RUNNER_TOOL_CACHE}/Ruby/${RUBY_VERSION} && npm install -g @actions/tool-cache && node <<EOF && npm uninstall -g @actions/tool-cache
127 | const tc = require('@actions/tool-cache');
128 | const allRubyVersions = tc.findAllVersions('Ruby');
129 | const expected = ['${RUBY_VERSION}'];
130 | if (expected[0] == '') {
131 |   console.log('Invalid RUBY_VERSION: ' + expected[0]);
132 |   process.on("exit", function() {
133 |       process.exit(1);
134 |   });
135 | } else if (allRubyVersions.length != expected.length) {
136 |   console.log('Expected versions of ruby available: ' + expected);
137 |   console.log('Actual versions of ruby available: ' + allRubyVersions);
138 |   process.on("exit", function() {
139 |     process.exit(1);
140 |   });
141 | } else if (allRubyVersions[0] != expected[0]) {
142 |   console.log('Expected versions of ruby available: ' + expected);
143 |   console.log('Actual versions of ruby available: ' + allRubyVersions);
144 |   process.on("exit", function() {
145 |     process.exit(1);
146 |   });
147 | } else {
148 |   console.log('Versions of ruby available: ' + allRubyVersions);
149 | }
150 | EOF
151 | 
152 | COPY entrypoint.sh /
153 | 
154 | VOLUME /var/lib/docker
155 | 
156 | # some setup actions depend on ImageOS variable
157 | # https://github.com/actions/runner-images/issues/345
158 | ENV ImageOS=ubuntu20
159 | 
160 | USER runner
161 | ENTRYPOINT ["/usr/bin/tini", "--", "/entrypoint.sh"]
162 | CMD ["/home/runner/run.sh"]
163 | 


--------------------------------------------------------------------------------