/
Dockerfile
63 lines (51 loc) · 3.11 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
ARG BASE_IMAGE="public.ecr.aws/lts/ubuntu:20.04"
FROM $BASE_IMAGE
# setup user
RUN addgroup runner && adduser --system --disabled-password --home /home/runner --ingroup runner runner
# add dependencies and sudo
ARG EXTRA_PACKAGES=""
RUN apt-get update && apt-get upgrade -y && apt-get install -y curl sudo jq bash zip unzip iptables software-properties-common ca-certificates $EXTRA_PACKAGES && \
usermod -aG sudo runner && \
echo "%sudo ALL=(ALL:ALL) NOPASSWD: ALL" > /etc/sudoers.d/runner
# install extra certificates
COPY extra_certs/. /tmp/certs/
RUN if [ -f /tmp/certs/certs.pem ]; then cp /tmp/certs/certs.pem /usr/local/share/ca-certificates/github-enterprise-server.crt; update-ca-certificates; else echo no self-signed certificates; fi
# add latest git
RUN add-apt-repository ppa:git-core/ppa && apt update && apt-get install -y git
# add awscli
RUN curl -fsSL "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip" -o awscliv2.zip && \
unzip -q awscliv2.zip && ./aws/install && rm -rf awscliv2.zip aws
# add ghcli
RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg && \
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null && \
apt update && \
apt install -y gh
# setup working directory
WORKDIR /home/runner
# add runner without github's api which is rate limited
ARG RUNNER_VERSION=latest
RUN if [ "$RUNNER_VERSION" = "latest" ]; then RUNNER_VERSION=`curl -w "%{redirect_url}" -fsS https://github.com/actions/runner/releases/latest | grep -oE "[^/v]+$"`; fi && \
curl -fsSLO "https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz" && \
tar xzf "actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz" && \
rm actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz && \
./bin/installdependencies.sh
# docker-in-docker
ARG DOCKER_CHANNEL="stable"
ARG DIND_COMMIT="42b1175eda071c0e9121e1d64345928384a93df1"
ARG DOCKER_VERSION="20.10.16"
ARG DOCKER_COMPOSE_VERSION="2.5.1"
RUN curl -fsSL "https://download.docker.com/linux/static/${DOCKER_CHANNEL}/aarch64/docker-${DOCKER_VERSION}.tgz" -o docker.tgz && \
tar --strip-components 1 -C /usr/local/bin/ -xzf docker.tgz && \
rm docker.tgz && \
# set up subuid/subgid so that "--userns-remap=default" works out-of-the-box
addgroup dockremap && \
useradd -g dockremap dockremap && \
echo 'dockremap:165536:65536' >> /etc/subuid && \
echo 'dockremap:165536:65536' >> /etc/subgid && \
curl -fsSL "https://raw.githubusercontent.com/docker/docker/${DIND_COMMIT}/hack/dind" -o /usr/local/bin/dind && \
curl -fsSL https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-linux-aarch64 -o /usr/local/bin/docker-compose && \
chmod +x /usr/local/bin/dind /usr/local/bin/docker-compose && \
addgroup docker && usermod -aG docker runner
VOLUME /var/lib/docker
# configure runner
USER runner