Skip to content
This repository was archived by the owner on Feb 11, 2025. It is now read-only.

Commit f9a8971

Browse files
eksrhaeksrha
authored
feat: move ansible to base + fix temurin keystore (#56)
1 parent 60d455b commit f9a8971

File tree

16 files changed

+92
-196
lines changed

16 files changed

+92
-196
lines changed

.github/workflows/cleanup-pr.yml

+1
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@ jobs:
2727
matrix: ${{ fromJson(needs.load_matrix.outputs.matrix) }}
2828
steps:
2929
- name: Delete github-actions-runner:${{ matrix.flavour }}
30+
continue-on-error: true
3031
uses: bots-house/[email protected]
3132
with:
3233
owner: ${{ github.repository_owner }}

README.md

+10-10
Original file line numberDiff line numberDiff line change
@@ -15,16 +15,16 @@ Package / Images: `quay.io/fullstack-devops/github-actions-runner`
1515

1616
Available Tags:
1717

18-
| Name (tag) | Installed Tools/ Software | Dockerfile | Description |
19-
| ------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------ | -------------------------------------------------------------------------------------------------- |
20-
| `latest-base` | libffi-dev, libicu-dev, build-essential, libssl-dev, ca-certificates, jq, sed, grep, git, curl, wget, zip, [awesome-ci](https://github.com/fullstack-devops/awesome-ci), [alpaca](https://github.com/samuong/alpaca) | [Dockerfile](images/base/Dockerfile) | Base runner with nothing fancy installed, but with internet connection more tools can be installed |
21-
| `latest-kaniko-sidecar` | kaniko | [Dockerfile](images/kaniko-sidecar/Dockerfile) | Sidecar used by other runner images to build containers |
22-
| `latest-ansible-k8s` | base-image + ansible, helm, kubectl, skopeo | [Dockerfile](images/ansible-k8s/Dockerfile) | Runner specializing in automated k8s deployments via Ansible in your cluster |
23-
| `latest-maven-adopt-8-ng` | base-image + ansible, helm, maven, adoptopenjdk-8-hotspot, xmlstarlet, nodejs | [Dockerfile](images/maven-adopt-8-ng/Dockerfile) | Runner specialized in building Java applications that requires an older Java 8 version |
24-
| `latest-maven-temurin-11` | base-image + ansible, helm, maven, temurin-11, xmlstarlet, nodejs | [Dockerfile](images/maven-temurin-11/Dockerfile) | Runner specialized in building Java applications that requires Java temurin-11 |
25-
| `latest-maven-temurin-17` | base-image + ansible, helm, maven, temurin-17, xmlstarlet, nodejs | [Dockerfile](images/maven-temurin-17/Dockerfile) | Runner specialized in building Java applications that requires Java temurin-17 |
26-
| `latest-ng-cli-karma` | base-image + ansible, helm, nodejs, npm, yarn, angular/cli, chromium | [Dockerfile](images/ng-cli-karma/Dockerfile) | Runner specialized in building Angular application and capable for testing with chromium and karma |
27-
| `latest-golang` | base-image + ansible, helm, go, nodejs | [Dockerfile](images/golang/Dockerfile) | Runner specialized in building go applications |
18+
| Name (tag) | Installed Tools/ Software | Dockerfile | Description |
19+
| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------ | -------------------------------------------------------------------------------------------------- |
20+
| `latest-base` | libffi-dev, libicu-dev, build-essential, libssl-dev, ca-certificates, jq, sed, grep, git, curl, wget, zip, nodejs, ansible, [awesome-ci](https://github.com/fullstack-devops/awesome-ci), [alpaca](https://github.com/samuong/alpaca) | [Dockerfile](images/base/Dockerfile) | Base runner with nothing fancy installed, but with internet connection more tools can be installed |
21+
| `latest-kaniko-sidecar` | kaniko | [Dockerfile](images/kaniko-sidecar/Dockerfile) | Sidecar used by other runner images to build containers |
22+
| `latest-ansible-k8s` | base-image + helm, kubectl, skopeo | [Dockerfile](images/ansible-k8s/Dockerfile) | Runner specializing in automated k8s deployments via Ansible in your cluster |
23+
| `latest-maven-adopt-8-ng` | base-image + helm, maven, adoptopenjdk-8-hotspot, xmlstarlet | [Dockerfile](images/maven-adopt-8-ng/Dockerfile) | Runner specialized in building Java applications that requires an older Java 8 version |
24+
| `latest-maven-temurin-11` | base-image + helm, maven, temurin-11, xmlstarlet, | [Dockerfile](images/maven-temurin-11/Dockerfile) | Runner specialized in building Java applications that requires Java temurin-11 |
25+
| `latest-maven-temurin-17` | base-image + helm, maven, temurin-17, xmlstarlet, | [Dockerfile](images/maven-temurin-17/Dockerfile) | Runner specialized in building Java applications that requires Java temurin-17 |
26+
| `latest-ng-cli-karma` | base-image + helm, npm, yarn, angular/cli, chromium | [Dockerfile](images/ng-cli-karma/Dockerfile) | Runner specialized in building Angular application and capable for testing with chromium and karma |
27+
| `latest-golang` | base-image + helm, go, | [Dockerfile](images/golang/Dockerfile) | Runner specialized in building go applications |
2828

2929
> Hint: `latest` can be replaced with an specific release version for more stability in your environment.
3030

images/ansible-k8s/Dockerfile

+2-24
Original file line numberDiff line numberDiff line change
@@ -9,16 +9,6 @@ RUN make bin/skopeo
99
FROM ghcr.io/fullstack-devops/github-actions-runner:latest-base
1010

1111
USER root
12-
# install packages along with jq so we can parse JSON
13-
# add additional packages as necessary
14-
ARG PACKAGES="ansible"
15-
ARG PACKAGES_PYTHON="kubernetes"
16-
17-
RUN apt-get update \
18-
&& add-apt-repository -y --update ppa:ansible/ansible \
19-
&& apt-get install -y --no-install-recommends ${PACKAGES} \
20-
&& rm -rf /var/lib/apt/lists/* \
21-
&& apt-get clean
2212

2313
ENV GH_RUNNER_LABELS="ubuntu-20.04,ansible-k8s"
2414
# https://github.com/kubernetes/kubernetes/releases/
@@ -39,21 +29,9 @@ RUN export ARCH=$(/helper-scripts/translate-aarch.sh a-short) \
3929
&& wget -q https://get.helm.sh/helm-v${HELM_VERSION}-linux-${ARCH}.tar.gz -O - | tar -xzO linux-${ARCH}/helm > /usr/local/bin/helm \
4030
&& chmod +x /usr/local/bin/helm
4131

42-
ENV TMP_DIR=/home/${USERNAME}/tmp
43-
44-
RUN mkdir /home/${USERNAME}/.ansible
45-
RUN mkdir ${TMP_DIR}
46-
47-
COPY requirements.yml ${TMP_DIR}/requirements.yml
48-
49-
RUN chown -R ${USERNAME} /home/${USERNAME}
50-
51-
USER ${USERNAME}
52-
53-
RUN pip3 install ${PACKAGES_PYTHON} --user
32+
RUN chown -R $USERNAME /home/$USERNAME
5433

55-
# RUN ansible-galaxy install -c -r ${TMP_DIR}/requirements.yml
56-
RUN ansible-galaxy collection install -c -r ${TMP_DIR}/requirements.yml
34+
USER $USERNAME
5735

5836
# install helm plugins helm push, appr && diff
5937
RUN helm plugin install --version 0.10.3 https://github.com/chartmuseum/helm-push.git \

images/base/Dockerfile

+34-14
Original file line numberDiff line numberDiff line change
@@ -2,14 +2,19 @@ FROM ubuntu:20.04
22

33
ARG UBUNTU_VERSION=20.04
44
ARG DEBIAN_FRONTEND=noninteractive
5-
ARG PACKAGES="libffi-dev libicu-dev build-essential libssl-dev ca-certificates software-properties-common jq sed grep git curl wget zip python3-pip"
5+
ARG PACKAGES_BASE="libffi-dev libicu-dev build-essential libssl-dev ca-certificates software-properties-common curl"
6+
ARG PACKAGES_ADDITIONAL="jq sed grep git wget zip ansible python3-pip nodejs"
7+
ARG PACKAGES_PYTHON="kubernetes"
68

79
ENV USERNAME="runner"
810
ENV USERID=1000
911
ENV UBUNTU_VERSION=20.04
10-
ENV RUNNER_HOME="/home/${USERNAME}/runner"
1112

12-
ENV GH_RUNNER_WORKDIR="/home/${USERNAME}"
13+
ENV HOME="/home/$USERNAME"
14+
ENV RUNNER_HOME="/home/$USERNAME/runner"
15+
ENV USER_TMP_DIR="/home/$USERNAME/tmp"
16+
17+
ENV GH_RUNNER_WORKDIR="/home/$USERNAME"
1318
ENV GH_KANIKO_WORKDIR="/kaniko/workspace"
1419

1520
# https://github.com/actions/runner/releases
@@ -23,24 +28,32 @@ ENV ALPACA_VERSION 1.3.2
2328

2429
# making nessecarry directories
2530
RUN mkdir /helper-scripts \
26-
&& mkdir -p /kaniko/workspace
31+
&& mkdir -p /kaniko/workspace \
32+
&& mkdir -p $USER_TMP_DIR \
33+
&& mkdir -p $RUNNER_HOME \
34+
&& mkdir -p $HOME/.ansible \
35+
&& mkdir -p /run/user/$USERID
2736

2837
# Copy image helper scripts
2938
ADD ./helper-scripts/ /helper-scripts/
3039

3140
RUN chmod -R 755 /helper-scripts
3241

33-
# install packages along with jq so we can parse JSON
34-
# add additional packages as necessary
3542
RUN apt-get update \
36-
&& curl -sL https://deb.nodesource.com/setup_lts.x | bash - \
37-
&& apt-get install -y ${PACKAGES} \
43+
&& apt-get install -y $PACKAGES_BASE \
3844
&& rm -rf /var/lib/apt/lists/* \
3945
&& apt-get clean
4046

41-
# install nodejs
42-
RUN curl -sL https://deb.nodesource.com/setup_lts.x | bash - \
43-
&& apt-get install -y nodejs \
47+
## ansible keys
48+
RUN curl -fsSL https://packages.adoptium.net/artifactory/api/gpg/key/public | apt-key add - \
49+
&& echo "deb https://packages.adoptium.net/artifactory/deb $(awk -F= '/^VERSION_CODENAME/{print$2}' /etc/os-release) main" | tee /etc/apt/sources.list.d/adoptium.list
50+
51+
# install packages along with jq so we can parse JSON
52+
# add additional packages as necessary
53+
RUN apt-get update \
54+
&& add-apt-repository -y --update ppa:ansible/ansible \
55+
&& curl -fsSL https://deb.nodesource.com/setup_lts.x | bash - \
56+
&& apt-get install -y $PACKAGES_ADDITIONAL \
4457
&& rm -rf /var/lib/apt/lists/* \
4558
&& apt-get clean
4659

@@ -63,8 +76,9 @@ WORKDIR /home/${USERNAME}/runner
6376
RUN useradd -m -u $USERID $USERNAME \
6477
&& usermod -aG sudo $USERNAME \
6578
&& chown -R $USERNAME $GH_RUNNER_WORKDIR \
66-
&& chown -R $USERNAME $GH_KANIKO_WORKDIR \
67-
&& mkdir -p ${RUNNER_HOME}
79+
&& chown -R $USERNAME $GH_KANIKO_WORKDIR
80+
81+
COPY requirements.yml $USER_TMP_DIR/requirements.yml
6882

6983
# Install github runner
7084
RUN export ARCH=$(/helper-scripts/translate-aarch.sh x-short) \
@@ -75,9 +89,15 @@ RUN export ARCH=$(/helper-scripts/translate-aarch.sh x-short) \
7589
&& cd ./bin \
7690
&& apt-get clean
7791

78-
RUN chown -R $USERNAME /home/${USERNAME}
92+
# chown userscoped directories
93+
RUN chown -R $USERNAME $HOME \
94+
&& chown -R $USERNAME /run/user/$USERID
7995

8096
# set the entrypoint to the entrypoint.sh script
8197
ENTRYPOINT ["/helper-scripts/gh-entrypoint.sh"]
8298

8399
USER $USERNAME
100+
101+
RUN pip3 install $PACKAGES_PYTHON --user
102+
# RUN ansible-galaxy install -c -r ${TMP_DIR}/requirements.yml
103+
RUN ansible-galaxy collection install -c -r $USER_TMP_DIR/requirements.yml

images/base/helper-scripts/detect-setup.sh

+23-11
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,18 @@
22

33
CA_FILE="/etc/ssl/certs/ca-certificates.crt"
44

5+
importCertOldJava () {
6+
alias=$(openssl x509 -noout -subject -in "$1" | awk -F= '{print $NF}' | sed -e 's/^[ \t]*//' | sed -e 's/ /_/g')
7+
echo "importing cert $1 with alias $alias"
8+
keytool -importcert -alias $alias -keystore /usr/lib/jvm/adopt*/jre/lib/security/cacerts -storepass changeit -file $1 -noprompt
9+
}
10+
11+
importCertNewJava () {
12+
alias=$(openssl x509 -noout -subject -in "$1" | awk -F= '{print $NF}' | sed -e 's/^[ \t]*//' | sed -e 's/ /_/g')
13+
echo "importing cert $1 with alias $alias"
14+
keytool -importcert -alias $alias -cacerts -storepass changeit -file $1 -noprompt -trustcacerts
15+
}
16+
517
# yarn
618
if command -v yarn -v &> /dev/null; then
719
echo ""
@@ -26,17 +38,17 @@ if command -v java --version &> /dev/null; then
2638
find $javacerts -empty -delete
2739

2840
java_version=$(java -version 2>&1 | awk -F '"' '/version/ {print $2}')
29-
for x in $javacerts/*.crt ; do
30-
alias=$(openssl x509 -noout -subject -in "$x" | awk -F= '{print $NF}' | sed -e 's/^[ \t]*//' | sed -e 's/ /_/g')
31-
echo "importing cert of $alias"
32-
if [[ "$java_version" > "1.8" ]]; then
33-
echo "using java greater 1.8"
34-
keytool -importcert -alias $alias -cacerts -storepass changeit -file $x -noprompt
35-
else
36-
echo "using java lower 1.8"
37-
keytool -importcert -alias $alias -keystore /usr/lib/jvm/adopt*/jre/lib/security/cacerts -storepass changeit -file $x -noprompt
38-
fi
39-
done
41+
if [[ "$java_version" > "1.8" ]]; then
42+
echo "using java greater 1.8"
43+
for cert in $javacerts/*.crt ; do
44+
importCertNewJava $cert
45+
done
46+
else
47+
echo "using java lower 1.8"
48+
for cert in $javacerts/*.crt ; do
49+
importCertOLdJava $cert
50+
done
51+
fi
4052
rm -rf $javacerts
4153
fi
4254

images/ansible-k8s/requirements.yml renamed to images/base/requirements.yml

File renamed without changes.

images/golang/Dockerfile

+2-31
Original file line numberDiff line numberDiff line change
@@ -1,23 +1,8 @@
11
FROM ghcr.io/fullstack-devops/github-actions-runner:latest-base
22

33
USER root
4-
# install packages along with jq so we can parse JSON
5-
# add additional packages as necessary
6-
ARG PACKAGES="ansible"
7-
ARG PACKAGES_PYTHON="kubernetes"
84

9-
## ansible keys
10-
RUN wget -O - https://packages.adoptium.net/artifactory/api/gpg/key/public | apt-key add -
11-
RUN echo "deb https://packages.adoptium.net/artifactory/deb $(awk -F= '/^VERSION_CODENAME/{print$2}' /etc/os-release) main" | tee /etc/apt/sources.list.d/adoptium.list
12-
13-
RUN apt-get update \
14-
&& add-apt-repository -y --update ppa:ansible/ansible \
15-
&& curl -fsSL https://deb.nodesource.com/setup_lts.x | bash - \
16-
&& apt-get install -y --no-install-recommends ${PACKAGES} \
17-
&& rm -rf /var/lib/apt/lists/* \
18-
&& apt-get clean
19-
20-
ENV GH_RUNNER_LABELS="ubuntu-20.04,nodejs,go,golang,helm,ansible"
5+
ENV GH_RUNNER_LABELS="ubuntu-20.04,nodejs,golang,helm,ansible"
216
# https://github.com/helm/helm/releases
227
ARG HELM_VERSION=3.8.1
238
# https://go.dev/dl/
@@ -35,24 +20,10 @@ RUN export ARCH=$(/helper-scripts/translate-aarch.sh a-short) \
3520
&& rm -rf /usr/local/src/go.linux.tar.gz \
3621
&& ln -s /usr/local/src/go/bin/go /usr/local/bin/
3722

38-
ENV TMP_DIR=/home/${USERNAME}/tmp
39-
40-
RUN mkdir /run/user/$USERID \
41-
&& mkdir /home/${USERNAME}/.ansible \
42-
&& mkdir ${TMP_DIR}
43-
44-
COPY requirements.yml ${TMP_DIR}/requirements.yml
45-
46-
RUN chown -R $USERNAME /home/$USERNAME \
47-
&& chown -R $USERNAME /run/user/$USERID
23+
RUN chown -R $USERNAME /home/$USERNAME
4824

4925
USER $USERNAME
5026

51-
RUN pip3 install $PACKAGES_PYTHON --user
52-
53-
# RUN ansible-galaxy install -c -r ${TMP_DIR}/requirements.yml
54-
RUN ansible-galaxy collection install -c -r ${TMP_DIR}/requirements.yml
55-
5627
# install helm plugins helm push, appr && diff
5728
RUN helm plugin install --version 0.10.3 https://github.com/chartmuseum/helm-push.git \
5829
&& helm plugin install --version 0.7.0 https://github.com/app-registry/appr-helm-plugin.git \

images/golang/requirements.yml

-4
This file was deleted.

images/kaniko-sidecar/Dockerfile

+1
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
# https://github.com/GoogleContainerTools/kaniko/releases
12
FROM gcr.io/kaniko-project/executor:v1.9.1-debug
23

34
COPY kaniko-entrypoint.sh /kaniko/kaniko-entrypoint.sh

0 commit comments

Comments
 (0)