SCALRCORE-34486 > Basic Repository Setup

.github/workflows/build.yaml

@@ -0,0 +1,62 @@
+name: Build Runner Image
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    types:
+      - labeled
+      - opened
+      - ready_for_review
+      - reopened
+      - synchronize
+
+jobs:
+  build:
+    name: Build and Test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Read Versions
+        id: versions
+        run: |
+          echo "kubectl=$(grep kubectl versions | cut -d= -f2)" | tee -a $GITHUB_OUTPUT
+          echo "gcloud=$(grep gcloud versions | cut -d= -f2)" | tee -a $GITHUB_OUTPUT
+          echo "aws_cli=$(grep aws_cli versions | cut -d= -f2)" | tee -a $GITHUB_OUTPUT
+          echo "azure_cli=$(grep azure_cli versions | cut -d= -f2)" | tee -a $GITHUB_OUTPUT
+          echo "scalr_cli=$(grep scalr_cli versions | cut -d= -f2)" | tee -a $GITHUB_OUTPUT
+
+      - name: Build Docker image
+        uses: docker/build-push-action@v6
+        with:
+          build-args: |
+            KUBECTL_VERSION=${{ steps.versions.outputs.kubectl }}
+            GCLOUD_VERSION=${{ steps.versions.outputs.gcloud }}
+            AWS_CLI_VERSION=${{ steps.versions.outputs.aws_cli }}
+            AZURE_CLI_VERSION=${{ steps.versions.outputs.azure_cli }}
+            SCALR_CLI_VERSION=${{ steps.versions.outputs.scalr_cli }}
+          cache-from: type=registry,ref=scalr/runner:buildcache
+          cache-to: type=registry,ref=scalr/runner:buildcache
+          load: true
+          tags: |
+            scalr/runner:sha-${{ github.sha }}
+
+      - name: Test Docker Image
+        run: |
+          docker run --rm scalr/runner:sha-${{ github.sha }} -xc 'gcloud version'
+          docker run --rm scalr/runner:sha-${{ github.sha }} -xc 'aws --version'
+          docker run --rm scalr/runner:sha-${{ github.sha }} -xc 'az --version'
+          docker run --rm scalr/runner:sha-${{ github.sha }} -xc 'kubectl version --client'
+          docker run --rm scalr/runner:sha-${{ github.sha }} -xc 'scalr -version'

.github/workflows/release.yaml

@@ -0,0 +1,90 @@
+name: Release Runner Image
+
+on:
+  push:
+    tags:
+      - '*.*.*'
+
+
+jobs:
+  build:
+    name: Build and Push
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Read Versions
+        id: versions
+        run: |
+          echo "kubectl=$(grep kubectl versions | cut -d= -f2)" | tee -a $GITHUB_OUTPUT
+          echo "gcloud=$(grep gcloud versions | cut -d= -f2)" | tee -a $GITHUB_OUTPUT
+          echo "aws_cli=$(grep aws_cli versions | cut -d= -f2)" | tee -a $GITHUB_OUTPUT
+          echo "azure_cli=$(grep azure_cli versions | cut -d= -f2)" | tee -a $GITHUB_OUTPUT
+          echo "scalr_cli=$(grep scalr_cli versions | cut -d= -f2)" | tee -a $GITHUB_OUTPUT
+
+      - name: Format Image Tag
+        id: image_tag
+        run: |
+          echo "tag=${GITHUB_REF#refs/tags/}" | tee -a $GITHUB_OUTPUT
+
+      - name: Build Docker image
+        uses: docker/build-push-action@v6
+        with:
+          build-args: |
+            KUBECTL_VERSION=${{ steps.versions.outputs.kubectl }}
+            GCLOUD_VERSION=${{ steps.versions.outputs.gcloud }}
+            AWS_CLI_VERSION=${{ steps.versions.outputs.aws_cli }}
+            AZURE_CLI_VERSION=${{ steps.versions.outputs.azure_cli }}
+            SCALR_CLI_VERSION=${{ steps.versions.outputs.scalr_cli }}
+          platforms: linux/amd64,linux/arm64
+          cache-from: type=registry,ref=scalr/runner:buildcache
+          cache-to: type=registry,ref=scalr/runner:buildcache
+          push: true
+          tags: |
+            scalr/runner:latest
+            scalr/runner:${{ steps.image_tag.outputs.tag }}
+
+  update_changelog:
+    name: Update Changelog
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: main
+
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.3'
+
+      - name: Install Changelog Generator
+        run: gem install github_changelog_generator
+
+      - name: Update CHANGELOG.md
+        env:
+          CHANGELOG_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          github_changelog_generator -u Scalr -p runner --output CHANGELOG.md
+          git add CHANGELOG.md
+          if [ ! -n "$(git status -s)" ]; then
+            echo "NOTHING TO COMMIT"
+          else
+            git config user.name "${GITHUB_ACTOR}"
+            git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
+            git commit -m "Update CHANGELOG.md"
+            git push --no-verify
+          fi

Dockerfile

@@ -0,0 +1,108 @@
+# Runner Image for the Scalr remote backend
+# --------------------------------------------
+#
+# Note: This is a PUBLIC image, it should not contain any sensitive data.
+
+FROM debian:bookworm-slim
+
+ARG TARGETARCH
+
+SHELL ["/bin/bash", "-o", "pipefail", "-euxc"]
+
+# Base Software
+RUN <<EOT
+  apt-get update -y
+  apt-get install -y --no-install-recommends \
+    wget curl ca-certificates \
+    git-core git-lfs openssh-client \
+    jq \
+    gnupg \
+    python3 python3-pip python3-setuptools python3-wheel \
+    zip unzip \
+    lsb-release
+  [ "${TARGETARCH}" = "amd64" ] && SESSION_MANAGER_ARCH="64bit" || SESSION_MANAGER_ARCH="arm64"
+  curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_${SESSION_MANAGER_ARCH}/session-manager-plugin.deb" -o "session-manager-plugin.deb"
+  dpkg -i session-manager-plugin.deb
+  rm session-manager-plugin.deb
+  # Cleanup
+  apt-get clean
+  apt-get autoremove -y
+  rm -rf /var/lib/apt/lists/*
+  find /usr -name __pycache__ -type d -exec rm -rf {} +
+EOT
+
+# Kubectl
+ARG KUBECTL_VERSION
+LABEL kubectl.version=${KUBECTL_VERSION}
+RUN <<EOT
+  curl -L -o /usr/local/bin/kubectl "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl"
+  chmod a+x /usr/local/bin/kubectl
+EOT
+
+# GCloud
+ARG GCLOUD_VERSION
+LABEL gcloud.version=${GCLOUD_VERSION}
+# Our terraform runs are running in terraform container, where home dir (HOME env var) is /tmp,
+# therefore all pip binaries are installing under /tmp/.local/bin
+ENV PATH=/usr/local/google-cloud-sdk/bin:/tmp/.local/bin:$PATH
+RUN <<EOT
+  [ "${TARGETARCH}" = "amd64" ] && GCLOUD_ARCH="x86_64" || GCLOUD_ARCH="arm"
+  curl -fsSL "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-${GCLOUD_VERSION}-linux-${GCLOUD_ARCH}.tar.gz" -o google-cloud-sdk.tar.gz
+  tar -C /usr/local -zxf google-cloud-sdk.tar.gz
+  rm -rf google-cloud-sdk.tar.gz
+  gcloud components install \
+    alpha beta \
+    gke-gcloud-auth-plugin
+  # Cleanup
+  rm -rf /usr/local/google-cloud-sdk/.install/.backup
+  find /usr/local/google-cloud-sdk -name __pycache__ -type d -exec rm -rf {} +
+EOT
+
+# AWS CLI
+ARG AWS_CLI_VERSION
+LABEL aws-cli.version=${AWS_CLI_VERSION}
+RUN <<EOT
+  [ "${TARGETARCH}" = "amd64" ] && AWS_CLI_ARCH="x86_64" || AWS_CLI_ARCH="aarch64"
+  curl -fsSL "https://awscli.amazonaws.com/awscli-exe-linux-${AWS_CLI_ARCH}-${AWS_CLI_VERSION}.zip" -o awscli.zip
+  unzip -q awscli.zip
+  ./aws/install
+  # Cleanup
+  rm -rf aws awscli.zip
+EOT
+
+# Azure CLI
+ARG AZURE_CLI_VERSION
+LABEL azure-cli.version=${AZURE_CLI_VERSION}
+RUN <<EOT
+  AZ_DIST=$(lsb_release -cs)
+  mkdir -p /etc/apt/keyrings
+  curl -sLS https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | tee /etc/apt/keyrings/microsoft.gpg > /dev/null
+  chmod go+r /etc/apt/keyrings/microsoft.gpg
+  echo "Types: deb
+URIs: https://packages.microsoft.com/repos/azure-cli/
+Suites: ${AZ_DIST}
+Components: main
+Architectures: $(dpkg --print-architecture)
+Signed-by: /etc/apt/keyrings/microsoft.gpg" | tee /etc/apt/sources.list.d/azure-cli.sources
+  apt-get update
+  apt-get install -y --no-install-recommends "azure-cli=${AZURE_CLI_VERSION}-1~${AZ_DIST}"
+  # Cleanup
+  apt-get clean
+  apt-get autoremove -y
+  rm -rf /var/lib/apt/lists/*
+  find /opt/az/lib/python* -regextype grep -regex ".*/tests\?" -exec rm -rf {} +
+  find /opt/az -name __pycache__ -type d -exec rm -rf {} +
+EOT
+
+# Scalr CLI
+ARG SCALR_CLI_VERSION
+LABEL scalr-cli.version=${SCALR_CLI_VERSION}
+RUN <<EOT
+  curl -fsSL "https://github.com/Scalr/scalr-cli/releases/download/v${SCALR_CLI_VERSION}/scalr-cli_${SCALR_CLI_VERSION}_linux_${TARGETARCH}.zip" -o scalr_cli.zip
+  unzip -q scalr_cli.zip
+  mv ./scalr /usr/local/bin/scalr
+  # Cleanup
+  rm -rf scalr_cli.zip
+EOT
+
+ENTRYPOINT ["/bin/bash"]

README.md

@@ -1,19 +1,32 @@
-# Runner image used in Scalr remote backend.
+# Runner Image used in Scalr Remote Backend.
 
 This is the Git repo of the official runner image.
 
-The image is based on the [`debian:bullseye-slim`](https://hub.docker.com/_/debian),
+The image is based on the [`debian:bookworm-slim`](https://hub.docker.com/_/debian),
 and contains the following software:
 
 * Archivators - zip, tar, gzip
 * Encryption - gnupg
-* Git (2.30.2) - core, LFS, ssh/http transports
+* Git (2.39.5) - core, LFS, ssh/http transports
 * HTTP clients - curl, wget, ca-certificates
 * JSON - jq
 * Python (3.11.2)
-* Cloud clients (latest versions):
+* Cloud clients (see [versions](./versions)):
   * AWS CLI
   * Azure CLI
   * GCloud - Stable, Alpha, and Beta components. Kubectl authenticator
 * Kubectl (latest version)
 * Scalr CLI
+
+## Runner Image Building
+
+```bash
+docker buildx build \
+  --build-arg KUBECTL_VERSION=v1.33.0 \
+  --build-arg GCLOUD_VERSION=519.0.0 \
+  --build-arg AWS_CLI_VERSION=2.27.1 \
+  --build-arg AZURE_CLI_VERSION=2.71.0 \
+  --build-arg SCALR_CLI_VERSION=0.17.0 \
+  --platform linux/amd64 \
+  -t runner:latest --load .
+```

versions

@@ -0,0 +1,5 @@
+kubectl=v1.33.0
+gcloud=519.0.0
+aws_cli=2.27.1
+azure_cli=2.71.0
+scalr_cli=0.17.0