Fix self-update failuers due to /runner/externals mount

Fixes #252
actions · Jan 13, 2021 · 81e2cf1 · 81e2cf1
1 parent f710a54
commit 81e2cf1
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 17 deletions.
diff --git a/controllers/runner_controller.go b/controllers/runner_controller.go
@@ -390,6 +390,9 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 	}
 
 	if !dockerdInRunner && dockerEnabled {
+		runnerVolumeName := "runner"
+		runnerVolumeMountPath := "/runner"
+
 		pod.Spec.Volumes = []corev1.Volume{
 			{
 				Name: "work",
@@ -398,7 +401,7 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 				},
 			},
 			{
-				Name: "externals",
+				Name: runnerVolumeName,
 				VolumeSource: corev1.VolumeSource{
 					EmptyDir: &corev1.EmptyDirVolumeSource{},
 				},
@@ -416,8 +419,8 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 				MountPath: workDir,
 			},
 			{
-				Name:      "externals",
-				MountPath: "/runner/externals",
+				Name:      runnerVolumeName,
+				MountPath: runnerVolumeMountPath,
 			},
 			{
 				Name:      "certs-client",
@@ -448,8 +451,8 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 					MountPath: workDir,
 				},
 				{
-					Name:      "externals",
-					MountPath: "/runner/externals",
+					Name:      runnerVolumeName,
+					MountPath: runnerVolumeMountPath,
 				},
 				{
 					Name:      "certs-client",

diff --git a/controllers/runnerreplicaset_controller.go b/controllers/runnerreplicaset_controller.go
@@ -52,7 +52,7 @@ type RunnerReplicaSetReconciler struct {
 
 func (r *RunnerReplicaSetReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
 	ctx := context.Background()
-	log := r.Log.WithValues("runner", req.NamespacedName)
+	log := r.Log.WithValues("runnerreplicaset", req.NamespacedName)
 
 	var rs v1alpha1.RunnerReplicaSet
 	if err := r.Get(ctx, req.NamespacedName, &rs); err != nil {

diff --git a/runner/Dockerfile b/runner/Dockerfile
@@ -4,6 +4,8 @@ ARG TARGETPLATFORM
 ARG RUNNER_VERSION=2.274.2
 ARG DOCKER_VERSION=19.03.12
 
+RUN test -n "$TARGETPLATFORM" || (echo "TARGETPLATFORM must be set" && false)
+
 ENV DEBIAN_FRONTEND=noninteractive
 RUN apt update -y \
   && apt install -y software-properties-common \
@@ -42,7 +44,8 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
   && chmod +x /usr/local/bin/dumb-init
 
 # Docker download supports arm64 as aarch64 & amd64 as x86_64
-RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
+RUN set -vx; \
+  export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
   && if [ "$ARCH" = "arm64" ]; then export ARCH=aarch64 ; fi \
   && if [ "$ARCH" = "amd64" ]; then export ARCH=x86_64 ; fi \
   && curl -L -o docker.tgz https://download.docker.com/linux/static/stable/${ARCH}/docker-${DOCKER_VERSION}.tgz \
@@ -55,15 +58,17 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
   && usermod -aG docker runner \
   && echo "%sudo   ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers
 
+ENV RUNNER_ASSETS_DIR=/runnertmp
+
 # Runner download supports amd64 as x64. Externalstmp is needed for making mount points work inside DinD.
 #
 # libyaml-dev is required for ruby/setup-ruby action.
 # It is installed after installdependencies.sh and before removing /var/lib/apt/lists
 # to avoid rerunning apt-update on its own.
 RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
   && if [ "$ARCH" = "amd64" ]; then export ARCH=x64 ; fi \
-  && mkdir -p /runner \
-  && cd /runner \
+  && mkdir -p "$RUNNER_ASSETS_DIR" \
+  && cd "$RUNNER_ASSETS_DIR" \
   && curl -L -o runner.tar.gz https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-${ARCH}-${RUNNER_VERSION}.tar.gz \
   && tar xzf ./runner.tar.gz \
   && rm runner.tar.gz \
@@ -72,14 +77,14 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
   && apt-get install -y libyaml-dev \
   && rm -rf /var/lib/apt/lists/*
 
-RUN echo AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache > /runner.env \
+RUN echo AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache > .env \
   && mkdir /opt/hostedtoolcache \
   && chgrp runner /opt/hostedtoolcache \
   && chmod g+rwx /opt/hostedtoolcache
 
-COPY entrypoint.sh /runner
-COPY patched /runner/patched
+COPY entrypoint.sh /
+COPY patched $RUNNER_ASSETS_DIR/patched
 
-USER runner
+USER runner/runner
 ENTRYPOINT ["/usr/local/bin/dumb-init", "--"]
-CMD ["/runner/entrypoint.sh"]
+CMD ["/entrypoint.sh"]
diff --git a/runner/dindrunner.Dockerfile b/runner/dindrunner.Dockerfile
@@ -48,6 +48,8 @@ ARG DOCKER_CHANNEL=stable
 ARG DOCKER_VERSION=19.03.13
 ARG DEBUG=false
 
+RUN test -n "$TARGETPLATFORM" || (echo "TARGETPLATFORM must be set" && false)
+
 # Docker installation
 RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
     && if [ "$ARCH" = "arm64" ]; then export ARCH=aarch64 ; fi \
@@ -66,15 +68,17 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
 	dockerd --version; \
 	docker --version
 
+ENV RUNNER_ASSETS_DIR=/runnertmp
+
 # Runner download supports amd64 as x64
 #
 # libyaml-dev is required for ruby/setup-ruby action.
 # It is installed after installdependencies.sh and before removing /var/lib/apt/lists
 # to avoid rerunning apt-update on its own.
 RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
     && if [ "$ARCH" = "amd64" ]; then export ARCH=x64 ; fi \
-    && mkdir -p /runner \
-     && cd /runner \
+    && mkdir -p "$RUNNER_ASSETS_DIR" \
+     && cd "$RUNNER_ASSETS_DIR" \
     && curl -L -o runner.tar.gz https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-${ARCH}-${RUNNER_VERSION}.tar.gz \
     && tar xzf ./runner.tar.gz \
     && rm runner.tar.gz \
@@ -100,7 +104,7 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
 
 VOLUME /var/lib/docker
 
-COPY patched /runner/patched
+COPY patched $RUNNER_ASSETS_DIR/patched
 
 # No group definition, as that makes it harder to run docker.
 USER runner

diff --git a/runner/entrypoint.sh b/runner/entrypoint.sh
@@ -44,6 +44,14 @@ if [ -z "${RUNNER_REPO}" ] && [ -n "${RUNNER_ORG}" ] && [ -n "${RUNNER_GROUP}" ]
   RUNNER_GROUP_ARG="--runnergroup ${RUNNER_GROUP}"
 fi
 
+# Hack due to https://github.com/summerwind/actions-runner-controller/issues/252#issuecomment-758338483
+if [ ! -d /runner ]; then
+  echo "/runner should be an emptyDir mount. Please fix the pod spec." 1>&2
+  exit 1
+fi
+
+mv /runnertmp/* /runner/
+
 cd /runner
 ./config.sh --unattended --replace --name "${RUNNER_NAME}" --url "${GITHUB_URL}${ATTACH}" --token "${RUNNER_TOKEN}" ${RUNNER_GROUP_ARG} ${LABEL_ARG} ${WORKDIR_ARG}