GitHub Actions Runner in Docker - Latest #2410
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: GitHub Actions Runner in Docker - Latest | |
| on: | |
| push: | |
| paths-ignore: | |
| - Dockerfile.base | |
| - README.md | |
| branches: | |
| - master | |
| - develop | |
| schedule: | |
| - cron: '59 23 * * *' | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| packages: write | |
| jobs: | |
| ubuntu_tests: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| release: [jammy, focal, noble] | |
| platform: [amd64, arm64] | |
| fail-fast: false | |
| steps: | |
| - name: Copy Repo Files | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Get GitHub organization or user | |
| run: echo 'ORG='$(echo $(dirname ${GITHUB_REPOSITORY}) | awk '{print tolower($0)}') >> $GITHUB_ENV | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 | |
| with: | |
| image: tonistiigi/binfmt:qemu-v7.0.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 | |
| - name: Copy Dockerfile | |
| run: cp Dockerfile Dockerfile.ubuntu-${{ matrix.release }}; sed -i.bak "s/FROM.*/FROM ${ORG}\/github-runner-base:ubuntu-${{ matrix.release }}/" Dockerfile.ubuntu-${{ matrix.release }} | |
| - name: Install Goss and dgoss | |
| run: | | |
| curl -fsSL https://goss.rocks/install | sh | |
| export PATH=$PATH:/usr/local/bin | |
| - name: Get current Git SHA | |
| id: vars | |
| run: echo "GIT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_ENV | |
| - name: set testable image environment variable | |
| id: testvars | |
| run: echo "GH_RUNNER_IMAGE=ubuntu-${{ matrix.release }}-${{ env.GIT_SHA }}-${{ matrix.platform }}" >> $GITHUB_ENV | |
| - name: Login to DockerHub | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| username: ${{ secrets.DOCKER_USER }} | |
| password: ${{ secrets.DOCKER_TOKEN }} | |
| - name: Retry build and load | |
| uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 | |
| with: | |
| timeout_minutes: 60 | |
| max_attempts: 3 | |
| command: | | |
| docker buildx build \ | |
| --file Dockerfile.ubuntu-${{ matrix.release }} \ | |
| --platform linux/${{ matrix.platform }} \ | |
| --tag ${{ env.GH_RUNNER_IMAGE }} \ | |
| --load \ | |
| --pull \ | |
| --cache-from type=gha \ | |
| --cache-to type=gha,mode=max \ | |
| . | |
| # Tests will run against the final `${GH_RUNNER_IMAGE}` laid on top of `base-${GH_RUNNER_IMAGE}` | |
| - name: Run goss tests | |
| uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 | |
| with: | |
| timeout_minutes: 60 | |
| max_attempts: 3 | |
| command: | | |
| echo "os: ubuntu" >goss_vars_${GH_RUNNER_IMAGE}.yaml | |
| echo "oscodename: ${{ matrix.release }}" >>goss_vars_${GH_RUNNER_IMAGE}.yaml | |
| echo "arch: ${{ matrix.platform }}" >>goss_vars_${GH_RUNNER_IMAGE}.yaml | |
| # test the edge case from deregistration on reusable runners | |
| GOSS_VARS=goss_vars_${GH_RUNNER_IMAGE}.yaml GOSS_FILE=goss_reusage_fail.yaml GOSS_SLEEP=1 dgoss run --entrypoint /usr/bin/sleep \ | |
| -e DEBUG_ONLY=true \ | |
| -e ACCESS_TOKEN=notreal \ | |
| -e LABELS=linux,x64 \ | |
| -e REPO_URL=https://github.com/octokode/test1 \ | |
| -e RUNNER_NAME=sustainjane-runner-1 \ | |
| -e RUNNER_SCOPE=repo \ | |
| -e RUNNER_WORKDIR=/tmp/runner/work \ | |
| -e DISABLE_AUTOMATIC_DEREGISTRATION=false \ | |
| -e CONFIGURED_ACTIONS_RUNNER_FILES_DIR=/runner/data \ | |
| ${GH_RUNNER_IMAGE} 10 | |
| if [ $? -ne 0 ]; then | |
| exit 1 | |
| fi | |
| # test the base | |
| GOSS_VARS=goss_vars_${GH_RUNNER_IMAGE}.yaml GOSS_FILE=goss_base.yaml GOSS_SLEEP=1 dgoss run --entrypoint /usr/bin/sleep -e RUNNER_NAME=test -e DEBUG_ONLY=true ${GH_RUNNER_IMAGE} 10 | |
| if [ $? -ne 0 ]; then | |
| exit 1 | |
| fi | |
| # test the final image but with all defaults | |
| GOSS_VARS=goss_vars_${GH_RUNNER_IMAGE}.yaml GOSS_FILE=goss_full_defaults.yaml GOSS_SLEEP=1 dgoss run --entrypoint /usr/bin/sleep -e RUNNER_NAME=test -e DEBUG_ONLY=true ${GH_RUNNER_IMAGE} 10 | |
| if [ $? -ne 0 ]; then | |
| exit 1 | |
| fi | |
| # test the final image but with non-default values | |
| GOSS_VARS=goss_vars_${GH_RUNNER_IMAGE}.yaml GOSS_FILE=goss_full.yaml GOSS_SLEEP=1 dgoss run --entrypoint /usr/bin/sleep \ | |
| -e DEBUG_ONLY=true \ | |
| -e RUNNER_NAME=huzzah \ | |
| -e REPO_URL=https://github.com/myoung34/docker-github-actions-runner \ | |
| -e RUN_AS_ROOT=true \ | |
| -e RUNNER_NAME_PREFIX=asdf \ | |
| -e ACCESS_TOKEN=1234 \ | |
| -e APP_ID=5678 \ | |
| -e APP_PRIVATE_KEY=2345 \ | |
| -e APP_LOGIN=SOMETHING \ | |
| -e RUNNER_SCOPE=org \ | |
| -e ORG_NAME=myoung34 \ | |
| -e ENTERPRISE_NAME=emyoung34 \ | |
| -e LABELS=blue,green \ | |
| -e RUNNER_TOKEN=3456 \ | |
| -e RUNNER_WORKDIR=/tmp/a \ | |
| -e RUNNER_GROUP=wat \ | |
| -e GITHUB_HOST=github.example.com \ | |
| -e DISABLE_AUTOMATIC_DEREGISTRATION=true \ | |
| -e EPHEMERAL=true \ | |
| -e DISABLE_AUTO_UPDATE=true \ | |
| ${GH_RUNNER_IMAGE} 10 | |
| if [ $? -ne 0 ]; then | |
| exit 1 | |
| fi | |
| debian_tests: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| release: [bookworm, trixie] | |
| platform: [amd64, arm64] | |
| fail-fast: false | |
| steps: | |
| - name: Copy Repo Files | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Get GitHub organization or user | |
| run: echo 'ORG='$(echo $(dirname ${GITHUB_REPOSITORY}) | awk '{print tolower($0)}') >> $GITHUB_ENV | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 | |
| with: | |
| image: tonistiigi/binfmt:qemu-v7.0.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 | |
| - name: Copy Dockerfile | |
| run: cp Dockerfile Dockerfile.debian-${{ matrix.release }}; sed -i.bak "s/FROM.*/FROM ${ORG}\/github-runner-base:debian-${{ matrix.release }}/" Dockerfile.debian-${{ matrix.release }} | |
| - name: Install Goss and dgoss | |
| run: | | |
| curl -fsSL https://goss.rocks/install | sh | |
| export PATH=$PATH:/usr/local/bin | |
| - name: Get current Git SHA | |
| id: vars | |
| run: echo "GIT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_ENV | |
| - name: set testable image environment variable | |
| id: testvars | |
| run: echo "GH_RUNNER_IMAGE=debian-${{ matrix.release }}-${{ env.GIT_SHA }}-${{ matrix.platform }}" >> $GITHUB_ENV | |
| - name: Login to DockerHub | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| username: ${{ secrets.DOCKER_USER }} | |
| password: ${{ secrets.DOCKER_TOKEN }} | |
| - name: Retry build and load | |
| uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 | |
| with: | |
| timeout_minutes: 60 | |
| max_attempts: 3 | |
| command: | | |
| docker buildx build \ | |
| --file Dockerfile.debian-${{ matrix.release }} \ | |
| --platform linux/${{ matrix.platform }} \ | |
| --tag ${{ env.GH_RUNNER_IMAGE }} \ | |
| --load \ | |
| --pull \ | |
| --cache-from type=gha \ | |
| --cache-to type=gha,mode=max \ | |
| . | |
| # Tests will run against the final `${GH_RUNNER_IMAGE}` laid on top of `base-${GH_RUNNER_IMAGE}` | |
| - name: Run goss tests | |
| uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 | |
| with: | |
| timeout_minutes: 60 | |
| max_attempts: 3 | |
| command: | | |
| echo "os: debian" >goss_vars_${GH_RUNNER_IMAGE}.yaml | |
| echo "oscodename: ${{ matrix.release }}" >>goss_vars_${GH_RUNNER_IMAGE}.yaml | |
| echo "arch: ${{ matrix.platform }}" >>goss_vars_${GH_RUNNER_IMAGE}.yaml | |
| # test the edge case from deregistration on reusable runners | |
| GOSS_VARS=goss_vars_${GH_RUNNER_IMAGE}.yaml GOSS_FILE=goss_reusage_fail.yaml GOSS_SLEEP=1 dgoss run --entrypoint /usr/bin/sleep \ | |
| -e DEBUG_ONLY=true \ | |
| -e ACCESS_TOKEN=notreal \ | |
| -e LABELS=linux,x64 \ | |
| -e REPO_URL=https://github.com/octokode/test1 \ | |
| -e RUNNER_NAME=sustainjane-runner-1 \ | |
| -e RUNNER_SCOPE=repo \ | |
| -e RUNNER_WORKDIR=/tmp/runner/work \ | |
| -e DISABLE_AUTOMATIC_DEREGISTRATION=false \ | |
| -e CONFIGURED_ACTIONS_RUNNER_FILES_DIR=/runner/data \ | |
| ${GH_RUNNER_IMAGE} 10 | |
| if [ $? -ne 0 ]; then | |
| exit 1 | |
| fi | |
| # test the base | |
| GOSS_VARS=goss_vars_${GH_RUNNER_IMAGE}.yaml GOSS_FILE=goss_base.yaml GOSS_SLEEP=1 dgoss run --entrypoint /usr/bin/sleep -e RUNNER_NAME=test -e DEBUG_ONLY=true ${GH_RUNNER_IMAGE} 10 | |
| # test the final image but with all defaults | |
| GOSS_VARS=goss_vars_${GH_RUNNER_IMAGE}.yaml GOSS_FILE=goss_full_defaults.yaml GOSS_SLEEP=1 dgoss run --entrypoint /usr/bin/sleep -e RUNNER_NAME=test -e DEBUG_ONLY=true ${GH_RUNNER_IMAGE} 10 | |
| # test the final image but with non-default values | |
| GOSS_VARS=goss_vars_${GH_RUNNER_IMAGE}.yaml GOSS_FILE=goss_full.yaml GOSS_SLEEP=1 dgoss run --entrypoint /usr/bin/sleep \ | |
| -e DEBUG_ONLY=true \ | |
| -e RUNNER_NAME=huzzah \ | |
| -e REPO_URL=https://github.com/myoung34/docker-github-actions-runner \ | |
| -e RUN_AS_ROOT=true \ | |
| -e RUNNER_NAME_PREFIX=asdf \ | |
| -e ACCESS_TOKEN=1234 \ | |
| -e APP_ID=5678 \ | |
| -e APP_PRIVATE_KEY=2345 \ | |
| -e APP_LOGIN=SOMETHING \ | |
| -e RUNNER_SCOPE=org \ | |
| -e ORG_NAME=myoung34 \ | |
| -e ENTERPRISE_NAME=emyoung34 \ | |
| -e LABELS=blue,green \ | |
| -e RUNNER_TOKEN=3456 \ | |
| -e RUNNER_WORKDIR=/tmp/a \ | |
| -e RUNNER_GROUP=wat \ | |
| -e GITHUB_HOST=github.example.com \ | |
| -e DISABLE_AUTOMATIC_DEREGISTRATION=true \ | |
| -e EPHEMERAL=true \ | |
| -e DISABLE_AUTO_UPDATE=true \ | |
| ${GH_RUNNER_IMAGE} 10 | |
| ubuntu_latest_deploy: | |
| runs-on: ubuntu-latest | |
| needs: ubuntu_tests | |
| steps: | |
| - name: Copy Repo Files | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Get GitHub organization or user | |
| run: echo 'ORG='$(echo $(dirname ${GITHUB_REPOSITORY}) | awk '{print tolower($0)}') >> $GITHUB_ENV | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 | |
| with: | |
| image: tonistiigi/binfmt:qemu-v7.0.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 | |
| - name: Update Dockerfile FROM org | |
| run: sed -i.bak "s/FROM.*/FROM ${ORG}\/github-runner-base:latest/" Dockerfile | |
| - name: Login to DockerHub | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| username: ${{ secrets.DOCKER_USER }} | |
| password: ${{ secrets.DOCKER_TOKEN }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Retry build and push | |
| uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 | |
| with: | |
| timeout_minutes: 60 | |
| max_attempts: 3 | |
| command: | | |
| docker buildx build \ | |
| --file Dockerfile \ | |
| --platform linux/amd64,linux/arm64 \ | |
| --tag ${{ env.ORG }}/github-runner:latest \ | |
| --tag ghcr.io/${{ github.repository }}:latest \ | |
| --push \ | |
| --pull \ | |
| --cache-from type=gha \ | |
| --cache-to type=gha,mode=max \ | |
| . | |
| ubuntu_deploy: | |
| runs-on: ubuntu-latest | |
| needs: ubuntu_tests | |
| strategy: | |
| matrix: | |
| release: [jammy, focal, noble] | |
| fail-fast: false | |
| steps: | |
| - name: Copy Repo Files | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Get GitHub organization or user | |
| run: echo 'ORG='$(echo $(dirname ${GITHUB_REPOSITORY}) | awk '{print tolower($0)}') >> $GITHUB_ENV | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 | |
| with: | |
| image: tonistiigi/binfmt:qemu-v7.0.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 | |
| - name: Copy Dockerfile | |
| run: cp Dockerfile Dockerfile.ubuntu-${{ matrix.release }}; sed -i.bak "s/FROM.*/FROM ${ORG}\/github-runner-base:ubuntu-${{ matrix.release }}/" Dockerfile.ubuntu-${{ matrix.release }} | |
| - name: Login to DockerHub | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| username: ${{ secrets.DOCKER_USER }} | |
| password: ${{ secrets.DOCKER_TOKEN }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Retry build and push | |
| uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 | |
| with: | |
| timeout_minutes: 60 | |
| max_attempts: 3 | |
| command: | | |
| docker buildx build \ | |
| --file Dockerfile.ubuntu-${{ matrix.release }} \ | |
| --platform linux/amd64,linux/arm64 \ | |
| --tag ${{ env.ORG }}/github-runner:ubuntu-${{ matrix.release }} \ | |
| --tag ghcr.io/${{ github.repository }}:ubuntu-${{ matrix.release }} \ | |
| --push \ | |
| --pull \ | |
| --cache-from type=gha \ | |
| --cache-to type=gha,mode=max \ | |
| . | |
| debian_deploy: | |
| runs-on: ubuntu-latest | |
| needs: debian_tests | |
| strategy: | |
| matrix: | |
| release: [bookworm, trixie] | |
| fail-fast: false | |
| steps: | |
| - name: Copy Repo Files | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Get GitHub organization or user | |
| run: echo 'ORG='$(echo $(dirname ${GITHUB_REPOSITORY}) | awk '{print tolower($0)}') >> $GITHUB_ENV | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 | |
| with: | |
| image: tonistiigi/binfmt:qemu-v7.0.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 | |
| - name: Copy Dockerfile | |
| run: cp Dockerfile Dockerfile.debian-${{ matrix.release }}; sed -i.bak "s/FROM.*/FROM ${ORG}\/github-runner-base:debian-${{ matrix.release }}/" Dockerfile.debian-${{ matrix.release }} | |
| - name: Login to DockerHub | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| username: ${{ secrets.DOCKER_USER }} | |
| password: ${{ secrets.DOCKER_TOKEN }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Retry build and push | |
| uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 | |
| with: | |
| timeout_minutes: 60 | |
| max_attempts: 3 | |
| command: | | |
| docker buildx build \ | |
| --file Dockerfile.debian-${{ matrix.release }} \ | |
| --platform linux/amd64,linux/arm64 \ | |
| --tag ${{ env.ORG }}/github-runner:debian-${{ matrix.release }} \ | |
| --tag ghcr.io/${{ github.repository }}:debian-${{ matrix.release }} \ | |
| --push \ | |
| --pull \ | |
| --cache-from type=gha \ | |
| --cache-to type=gha,mode=max \ | |
| . |