diff --git a/.github/workflows/build-pr.yml b/.github/workflows/build-pr.yml index 1560af5..6b6a748 100644 --- a/.github/workflows/build-pr.yml +++ b/.github/workflows/build-pr.yml @@ -12,35 +12,22 @@ jobs: secrets: token: ${{ secrets.GITHUB_TOKEN }} - build_base: + load_matrix: runs-on: ubuntu-latest - needs: generate_infos + outputs: + matrix: ${{ steps.set-matrix.outputs.matrix }} steps: - name: Check out the repo uses: actions/checkout@v2 + - id: set-matrix + working-directory: images + run: | + flavours=$(ls -I "base"| xargs echo | sed 's/ /,/g') + echo "Building flavours: $flavours" + flavours="{\"flavour\":[\"`echo "$flavours" | sed 's/,/","/g'`\"]}" + echo "::set-output name=matrix::$flavours" - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 - - - name: Build github-actions-runner:base - uses: docker/build-push-action@v2 - with: - context: ./images/base - push: true - tags: | - ${{ env.IMAGE_BASE }}:base-pr-${{ github.event.pull_request.number }} - - build_kaniko-sidecar: + build_base: runs-on: ubuntu-latest needs: generate_infos steps: @@ -60,20 +47,19 @@ jobs: id: buildx uses: docker/setup-buildx-action@v1 - - name: Build github-actions-runner:kaniko-sidecar + - name: Build github-actions-runner:base uses: docker/build-push-action@v2 with: - context: ./images/kaniko-sidecar + context: ./images/base push: true tags: | - ${{ env.IMAGE_BASE }}:kaniko-sidecar-pr-${{ github.event.pull_request.number }} + ${{ env.IMAGE_BASE }}:base-pr-${{ github.event.pull_request.number }} - build_flavors: + build_flavours: runs-on: ubuntu-latest - needs: [generate_infos, build_base] + needs: [generate_infos, load_matrix, build_base] strategy: - matrix: - flavor: [ansible-k8s, maven-adopt-8-ng, maven-temurin-11, golang, ng-cli-karma, fullstacked] + matrix: ${{ fromJson(needs.load_matrix.outputs.matrix) }} steps: - name: Check out the repo uses: actions/checkout@v2 @@ -94,12 +80,12 @@ jobs: - name: link child image to current pr run: | sed -i --expression "s@FROM ${{ env.IMAGE_BASE }}.*@FROM ${{ env.IMAGE_BASE }}:base-pr-${{ github.event.pull_request.number }}@g" \ - images/${{ matrix.flavor }}/Dockerfile + images/${{ matrix.flavour }}/Dockerfile - - name: Build github-actions-runner:${{ matrix.flavor }} + - name: Build github-actions-runner:${{ matrix.flavour }} uses: docker/build-push-action@v2 with: - context: ./images/${{ matrix.flavor }} + context: ./images/${{ matrix.flavour }} push: true tags: | - ${{ env.IMAGE_BASE }}:${{ matrix.flavor }}-pr-${{ github.event.pull_request.number }} + ${{ env.IMAGE_BASE }}:${{ matrix.flavour }}-pr-${{ github.event.pull_request.number }} diff --git a/.github/workflows/cleanup-pr.yml b/.github/workflows/cleanup-pr.yml index a6cca58..bd9793b 100644 --- a/.github/workflows/cleanup-pr.yml +++ b/.github/workflows/cleanup-pr.yml @@ -5,37 +5,31 @@ on: types: [closed] jobs: - purge_base_images: - name: Delete image from ghcr.io + load_matrix: runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.set-matrix.outputs.matrix }} steps: - - name: Delete github-actions-runner:base - uses: bots-house/ghcr-delete-image-action@v1.0.0 - with: - owner: ${{ github.repository_owner }} - name: github-actions-runner - token: ${{ secrets.GH_DEL_IMAGE_PAT }} - tag: base-pr-${{ github.event.pull_request.number }} - - - name: Delete github-actions-runner:kaniko-sidecar - uses: bots-house/ghcr-delete-image-action@v1.0.0 - with: - owner: ${{ github.repository_owner }} - name: github-actions-runner - token: ${{ secrets.GH_DEL_IMAGE_PAT }} - tag: kaniko-sidecar-pr-${{ github.event.pull_request.number }} + - name: Check out the repo + uses: actions/checkout@v2 + - id: set-matrix + working-directory: images + run: | + flavours=$(ls -I "base"| xargs echo | sed 's/ /,/g') + echo "Building flavours: $flavours" + flavours="{\"flavour\":[\"`echo "$flavours" | sed 's/,/","/g'`\"]}" + echo "::set-output name=matrix::$flavours" - purge_flavor_images: - name: Delete image from ghcr.io + purge_images: runs-on: ubuntu-latest + needs: load_matrix strategy: - matrix: - flavor: [ansible-k8s, maven-adopt-8-ng, maven-temurin-11, golang, ng-cli-karma, fullstacked] + matrix: ${{ fromJson(needs.load_matrix.outputs.matrix) }} steps: - - name: Delete github-actions-runner:${{ matrix.flavor }} + - name: Delete github-actions-runner:${{ matrix.flavour }} uses: bots-house/ghcr-delete-image-action@v1.0.0 with: owner: ${{ github.repository_owner }} name: github-actions-runner token: ${{ secrets.GH_DEL_IMAGE_PAT }} - tag: ${{ matrix.flavor }}-pr-${{ github.event.pull_request.number }} + tag: ${{ matrix.flavour }}-pr-${{ github.event.pull_request.number }} diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 45562ab..ab71886 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -18,6 +18,21 @@ jobs: secrets: token: ${{ secrets.GITHUB_TOKEN }} + load_matrix: + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.set-matrix.outputs.matrix }} + steps: + - name: Check out the repo + uses: actions/checkout@v2 + - id: set-matrix + working-directory: images + run: | + flavours=$(ls -I "base"| xargs echo | sed 's/ /,/g') + echo "Building flavours: $flavours" + flavours="{\"flavour\":[\"`echo "$flavours" | sed 's/,/","/g'`\"]}" + echo "::set-output name=matrix::$flavours" + build_base: runs-on: ubuntu-latest needs: create_release @@ -56,48 +71,11 @@ jobs: quay.io/${{ env.IMAGE_NAME }}:latest-base quay.io/${{ env.IMAGE_NAME }}:${{needs.create_release.outputs.version}}-base - build_kaniko-sidecar: - runs-on: ubuntu-latest - needs: create_release - steps: - - name: Check out the repo - uses: actions/checkout@v2 - - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Login to Red Hat Quay - uses: docker/login-action@v1 - with: - registry: quay.io - username: ${{ secrets.RH_QUAY_USERNAME }} - password: ${{ secrets.RH_QUAY_PASSWORD }} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Build github-actions-runner:kaniko-sidecar - uses: docker/build-push-action@v2 - with: - context: ./images/kaniko-sidecar - push: true - tags: | - ghcr.io/${{ env.IMAGE_NAME }}:latest-kaniko-sidecar - ghcr.io/${{ env.IMAGE_NAME }}:${{needs.create_release.outputs.version}}-kaniko-sidecar - quay.io/${{ env.IMAGE_NAME }}:latest-kaniko-sidecar - quay.io/${{ env.IMAGE_NAME }}:${{needs.create_release.outputs.version}}-kaniko-sidecar - - build_flavors: + build_flavours: runs-on: ubuntu-latest - needs: [create_release, build_base] + needs: [create_release, load_matrix, build_base] strategy: - matrix: - flavor: [ansible-k8s, maven-adopt-8-ng, maven-temurin-11, golang, ng-cli-karma, fullstacked] + matrix: ${{ fromJson(needs.load_matrix.outputs.matrix) }} steps: - name: Check out the repo uses: actions/checkout@v2 @@ -123,22 +101,22 @@ jobs: - name: link child image to current version run: | sed -i --expression "s@FROM ghcr.io/${{ env.IMAGE_NAME }}.*@FROM ghcr.io/${{ env.IMAGE_NAME }}:${{needs.create_release.outputs.version}}-base@g" \ - images/${{ matrix.flavor }}/Dockerfile + images/${{ matrix.flavour }}/Dockerfile - - name: Build github-actions-runner:${{ matrix.flavor }} + - name: Build github-actions-runner:${{ matrix.flavour }} uses: docker/build-push-action@v2 with: - context: ./images/${{ matrix.flavor }} + context: ./images/${{ matrix.flavour }} push: true tags: | - ghcr.io/${{ env.IMAGE_NAME }}:latest-${{ matrix.flavor }} - ghcr.io/${{ env.IMAGE_NAME }}:${{needs.create_release.outputs.version}}-${{ matrix.flavor }} - quay.io/${{ env.IMAGE_NAME }}:latest-${{ matrix.flavor }} - quay.io/${{ env.IMAGE_NAME }}:${{needs.create_release.outputs.version}}-${{ matrix.flavor }} + ghcr.io/${{ env.IMAGE_NAME }}:latest-${{ matrix.flavour }} + ghcr.io/${{ env.IMAGE_NAME }}:${{needs.create_release.outputs.version}}-${{ matrix.flavour }} + quay.io/${{ env.IMAGE_NAME }}:latest-${{ matrix.flavour }} + quay.io/${{ env.IMAGE_NAME }}:${{needs.create_release.outputs.version}}-${{ matrix.flavour }} publish_release: runs-on: ubuntu-latest - needs: [create_release, build_base, build_flavors] + needs: [create_release, build_base, build_flavours] steps: - name: Checkout code uses: actions/checkout@v2 diff --git a/README.md b/README.md index f90cce9..f03fdea 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![Anchore Container Scan](https://github.com/fullstack-devops/github-actions-runner/actions/workflows/anchore.yml/badge.svg)](https://github.com/fullstack-devops/github-actions-runner/actions/workflows/anchore.yml) # GitHub Actions Custom Runner -Container images with Github Actions Runner. Different flavored images with preinstalled tools and software for builds with limited internet access and non root privileges (exception for kaniko). +Container images with Github Actions Runner. Different flavoured images with preinstalled tools and software for builds with limited internet access and non root privileges (exception for kaniko). With a focus on already installed software to avoid a subsequent installation by a `setup-action`. Ideal for building software in corporate environments of large and small organizations that often restrict Internet access. @@ -13,12 +13,16 @@ Support: If you need help or a feature just open an issue! Package / Images: `ghcr.io/fullstack-devops/github-actions-runner` Available Tags: -| Name (tag) | Installed Tools/ Software | Description | -| ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | -| `latest-base` | libffi-dev, libicu-dev, build-essential, libssl-dev, ca-certificates, jq, sed, grep, git, curl, wget, zip, [awesome-ci](https://github.com/fullstack-devops/awesome-ci), [alpaca](https://github.com/samuong/alpaca) | Base runner with nothing fancy installed
[Dockerfile](images/base/Dockerfile) | -| `latest-kaniko-sidecar` | kaniko | Sidecar used by other runner images to build containers without root privileges | -| `latest-ansible-k8s` | base-image + ansible, helm, kubectl, skopeo | Runner specialized for automated k8s deployments via ansible
For more Details see [Dockerfile](images/ansible-k8s/Dockerfile) | -| `latest-fullstacked` | base-image + ansible, helm, maven, temurin-11, nodejs, go, yarn, angular/cli, chromium | Runner with a bunch of tools to build your hole application
For more Details see [Dockerfile](images/fullstacked/Dockerfile) | +| Name (tag) | Installed Tools/ Software | Dockerfile | Description | +|---------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|----------------------------------------------------------------------------------------------------| +| `latest-base` | libffi-dev, libicu-dev, build-essential, libssl-dev, ca-certificates, jq, sed, grep, git, curl, wget, zip, [awesome-ci](https://github.com/fullstack-devops/awesome-ci), [alpaca](https://github.com/samuong/alpaca) | [Dockerfile](images/base/Dockerfile) | Base runner with nothing fancy installed, but with internet connection more tools can be installed | +| `latest-kaniko-sidecar` | kaniko | [Dockerfile](images/kaniko-sidecar/Dockerfile) | Sidecar used by other runner images to build containers | +| `latest-ansible-k8s` | base-image + ansible, helm, kubectl, skopeo | [Dockerfile](images/ansible-k8s/Dockerfile) | Runner specializing in automated k8s deployments via Ansible in your cluster | +| `latest-maven-adopt-8-ng` | base-image + ansible, helm, maven, adoptopenjdk-8-hotspot, xmlstarlet, nodejs | [Dockerfile](images/maven-adopt-8-ng/Dockerfile) | Runner specialized in building Java applications that requires an older Java 8 version | +| `latest-maven-temurin-11` | base-image + ansible, helm, maven, temurin-11, xmlstarlet, nodejs | [Dockerfile](images/maven-temurin-11/Dockerfile) | Runner specialized in building Java applications that requires Java temurin-11 | +| `latest-maven-temurin-17` | base-image + ansible, helm, maven, temurin-17, xmlstarlet, nodejs | [Dockerfile](images/maven-temurin-17/Dockerfile) | Runner specialized in building Java applications that requires Java temurin-17 | +| `latest-ng-cli-karma` | base-image + ansible, helm, nodejs, npm, yarn, angular/cli, chromium | [Dockerfile](images/ng-cli-karma/Dockerfile) | Runner specialized in building Angular application and capable for testing with chromium and karma | +| `latest-golang` | base-image + ansible, helm, go, nodejs | [Dockerfile](images/golang/Dockerfile) | Runner specialized in building go applications | > Hint: `latest` can be replaced with an specific release version for more stability in your environment. @@ -29,7 +33,7 @@ Available Tags: ### Required environmental variables | Variable | Type | Description | -| ----------------- | ------ | ----------------------------------------------------------------------------------------------------------------- | +|-------------------|--------|-------------------------------------------------------------------------------------------------------------------| | `GH_ORG` | string | Points to the GitHub Organisation where the runner should be installed | | `GH_ACCESS_TOKEN` | string | Developer Token vor the GitHub Organisation
This Token can be personal and is onlv needed during installation | @@ -38,7 +42,7 @@ Available Tags: For the helm values see the [values.yaml](https://github.com/fullstack-devops/helm-charts/blob/main/charts/github-actions-runner/values.yaml), section `envValues` | Variable | Type | Default | Description | -| ----------------- | ------ | ------------------------ | -------------------------------------------------------------------- | +|-------------------|--------|--------------------------|----------------------------------------------------------------------| | `GH_URL` | string | `https://github.com` | For GitHub Enterprise support | | `GH_API_ENDPOINT` | string | `https://api.github.com` | For GitHub Enterprise support eg.: `https://git.example.com/api/v3/` | | `GH_REPO` | string | | installing a runner to a spezific repository | diff --git a/images/fullstacked/display-chromium b/images/fullstacked/display-chromium deleted file mode 100755 index 706212f..0000000 --- a/images/fullstacked/display-chromium +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -$CHROME_BIN --disable-dev-shm-usage --no-sandbox --no-first-run $@ diff --git a/images/fullstacked/xvfb-chromium b/images/fullstacked/xvfb-chromium deleted file mode 100755 index 953633f..0000000 --- a/images/fullstacked/xvfb-chromium +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -find_free_servernum() { - i=0 - while [ -f /tmp/.X$i-lock ]; do - i=$(($i + 1)) - done - echo $i -} - -export DISPLAY=":$(find_free_servernum)" -Xvfb "$DISPLAY" -ac -screen 0 "${XVFB_WHD:-1280x720x16}" -nolisten tcp +render & -xvfb_pid=$! - -echo "(wrapper:) launching with: $@" - -function cleanup { - kill -TERM $xvfb_pid > /dev/null 2>&1 -} - -trap cleanup EXIT - -$CHROME_BIN --disable-dev-shm-usage --no-sandbox --disable-gpu --no-first-run $@ \ No newline at end of file diff --git a/images/fullstacked/xvfb-chromium-webgl b/images/fullstacked/xvfb-chromium-webgl deleted file mode 100755 index f581a7f..0000000 --- a/images/fullstacked/xvfb-chromium-webgl +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -find_free_servernum() { - i=0 - while [ -f /tmp/.X$i-lock ]; do - i=$(($i + 1)) - done - echo $i -} - -export DISPLAY=":$(find_free_servernum)" -Xvfb "$DISPLAY" -ac -screen 0 "${XVFB_WHD:-1280x800x16}" -nolisten tcp +render & -xvfb_pid=$! - -function cleanup { - kill -TERM $xvfb_pid > /dev/null 2>&1 -} - -trap cleanup EXIT - -$CHROME_BIN --no-sandbox --no-first-run --use-gl=osmesa --enable-webgl --ignore-gpu-blacklist --window-size=1024,768 $@ \ No newline at end of file diff --git a/images/maven-temurin-11/Dockerfile b/images/maven-temurin-11/Dockerfile index c50d8bd..aa52688 100644 --- a/images/maven-temurin-11/Dockerfile +++ b/images/maven-temurin-11/Dockerfile @@ -3,7 +3,7 @@ FROM ghcr.io/fullstack-devops/github-actions-runner:latest-base USER root # install packages along with jq so we can parse JSON # add additional packages as necessary -ARG PACKAGES="temurin-11-jdk maven nodejs ansible" +ARG PACKAGES="temurin-11-jdk xmlstarlet maven nodejs ansible" ARG PACKAGES_PYTHON="kubernetes" ## ansible keys diff --git a/images/fullstacked/Dockerfile b/images/maven-temurin-17/Dockerfile similarity index 81% rename from images/fullstacked/Dockerfile rename to images/maven-temurin-17/Dockerfile index 2334c32..7f32b61 100644 --- a/images/fullstacked/Dockerfile +++ b/images/maven-temurin-17/Dockerfile @@ -3,12 +3,12 @@ FROM ghcr.io/fullstack-devops/github-actions-runner:latest-base USER root # install packages along with jq so we can parse JSON # add additional packages as necessary -ARG PACKAGES="temurin-11-jdk maven ansible" +ARG PACKAGES="temurin-17-jdk xmlstarlet maven nodejs ansible" ARG PACKAGES_PYTHON="kubernetes" ## ansible keys -RUN wget -O - https://packages.adoptium.net/artifactory/api/gpg/key/public | apt-key add - -RUN echo "deb https://packages.adoptium.net/artifactory/deb $(awk -F= '/^VERSION_CODENAME/{print$2}' /etc/os-release) main" | tee /etc/apt/sources.list.d/adoptium.list +RUN wget -O - https://packages.adoptium.net/artifactory/api/gpg/key/public | apt-key add - \ + && echo "deb https://packages.adoptium.net/artifactory/deb $(awk -F= '/^VERSION_CODENAME/{print$2}' /etc/os-release) main" | tee /etc/apt/sources.list.d/adoptium.list RUN apt-get update \ && add-apt-repository -y --update ppa:ansible/ansible \ @@ -16,7 +16,7 @@ RUN apt-get update \ && rm -rf /var/lib/apt/lists/* \ && apt-get clean -ENV GH_RUNNER_LABELS="ubuntu-20.04,maven,temurin-11,helm,ansible" +ENV GH_RUNNER_LABELS="ubuntu-20.04,maven,temurin-17,helm,ansible" # https://github.com/helm/helm/releases ARG HELM_VERSION=3.8.1 diff --git a/images/fullstacked/requirements.yml b/images/maven-temurin-17/requirements.yml similarity index 100% rename from images/fullstacked/requirements.yml rename to images/maven-temurin-17/requirements.yml