diff --git a/.github/runner/docker/gh-runner-self.dockerfile b/.github/runner/docker/gh-runner-self.dockerfile new file mode 100644 index 00000000..e5ae072a --- /dev/null +++ b/.github/runner/docker/gh-runner-self.dockerfile @@ -0,0 +1,68 @@ +FROM mcr.microsoft.com/dotnet/runtime-deps:8.0-jammy as build + +ARG TARGETOS +ARG TARGETARCH +ARG DOCKER_VERSION=27.5.1 +ARG BUILDX_VERSION=0.20.1 +ARG RUNNER_ARCH="x64" + +RUN apt update -y && apt install sudo curl unzip -y + +WORKDIR /actions-runner + +RUN RUNNER_VERSION=$(curl -s https://api.github.com/repos/actions/runner/releases/latest | grep "tag_name" | head -n 1 | awk '{print substr($2, 3, length($2)-4)}') \ + && curl -f -L -o runner.tar.gz https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-${RUNNER_ARCH}-${RUNNER_VERSION}.tar.gz \ + && tar xzf ./runner.tar.gz \ + && rm runner.tar.gz + +RUN RUNNER_CONTAINER_HOOKS_VERSION=$(curl -s https://api.github.com/repos/actions/runner-container-hooks/releases/latest | grep "tag_name" | head -n 1 | awk '{print substr($2, 3, length($2)-4)}') \ + && curl -f -L -o runner-container-hooks.zip https://github.com/actions/runner-container-hooks/releases/download/v${RUNNER_CONTAINER_HOOKS_VERSION}/actions-runner-hooks-k8s-${RUNNER_CONTAINER_HOOKS_VERSION}.zip \ + && unzip ./runner-container-hooks.zip -d ./k8s \ + && rm runner-container-hooks.zip + +RUN export RUNNER_ARCH=${TARGETARCH} \ + && if [ "$RUNNER_ARCH" = "amd64" ]; then export DOCKER_ARCH=x86_64 ; fi \ + && if [ "$RUNNER_ARCH" = "arm64" ]; then export DOCKER_ARCH=aarch64 ; fi \ + && curl -fLo docker.tgz https://download.docker.com/${TARGETOS}/static/stable/${DOCKER_ARCH}/docker-${DOCKER_VERSION}.tgz \ + && tar zxvf docker.tgz \ + && rm -rf docker.tgz \ + && mkdir -p /usr/local/lib/docker/cli-plugins \ + && curl -fLo /usr/local/lib/docker/cli-plugins/docker-buildx \ + "https://github.com/docker/buildx/releases/download/v${BUILDX_VERSION}/buildx-v${BUILDX_VERSION}.linux-${TARGETARCH}" \ + && chmod +x /usr/local/lib/docker/cli-plugins/docker-buildx + +FROM mcr.microsoft.com/dotnet/runtime-deps:8.0-jammy + +ENV DEBIAN_FRONTEND=noninteractive +ENV RUNNER_MANUALLY_TRAP_SIG=1 +ENV ACTIONS_RUNNER_PRINT_LOG_TO_STDOUT=1 +ENV ImageOS=ubuntu22 + +RUN apt update -y \ + && apt install -y --no-install-recommends sudo lsb-release gpg-agent software-properties-common curl jq unzip \ + && rm -rf /var/lib/apt/lists/* + +RUN add-apt-repository ppa:git-core/ppa \ + && apt update -y \ + && apt install -y git \ + && rm -rf /var/lib/apt/lists/* + +RUN adduser --disabled-password --gecos "" --uid 1001 runner \ + && groupadd docker --gid 123 \ + && usermod -aG sudo runner \ + && usermod -aG docker runner \ + && echo "%sudo ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers \ + && echo "Defaults env_keep += \"DEBIAN_FRONTEND\"" >> /etc/sudoers + +# Install own dependencies in final image +RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \ + && apt-get install -y nodejs \ + && apt-get install -y gh jq git + +WORKDIR /home/runner + +COPY --chown=runner:docker --from=build /actions-runner . +COPY --from=build /usr/local/lib/docker/cli-plugins/docker-buildx /usr/local/lib/docker/cli-plugins/docker-buildx +RUN install -o root -g root -m 755 docker/* /usr/bin/ && rm -rf docker + +USER runner diff --git a/.github/workflows/auto-update-app-headers.yml b/.github/workflows/auto-update-app-headers.yml index 5e447ea5..b6c4f2b7 100644 --- a/.github/workflows/auto-update-app-headers.yml +++ b/.github/workflows/auto-update-app-headers.yml @@ -10,7 +10,7 @@ on: jobs: update-app-files: - runs-on: ubuntu-latest + runs-on: runner-cluster-htl-set permissions: contents: write diff --git a/.github/workflows/autolabeler.yml b/.github/workflows/autolabeler.yml index 013c40be..54647eab 100644 --- a/.github/workflows/autolabeler.yml +++ b/.github/workflows/autolabeler.yml @@ -7,7 +7,7 @@ on: jobs: autolabeler: - runs-on: ubuntu-latest + runs-on: runner-cluster-htl-set permissions: pull-requests: write env: diff --git a/.github/workflows/changelog-pr.yml b/.github/workflows/changelog-pr.yml index dc5bcd3d..036ef7a7 100644 --- a/.github/workflows/changelog-pr.yml +++ b/.github/workflows/changelog-pr.yml @@ -7,7 +7,7 @@ on: jobs: update-changelog-pull-request: - runs-on: ubuntu-latest + runs-on: runner-cluster-htl-set env: CONFIG_PATH: .github/changelog-pr-config.json BRANCH_NAME: github-action-update-changelog diff --git a/.github/workflows/close-discussion.yml b/.github/workflows/close-discussion.yml index 4b39fbf9..dd9a80b3 100644 --- a/.github/workflows/close-discussion.yml +++ b/.github/workflows/close-discussion.yml @@ -6,7 +6,7 @@ on: jobs: close-discussion: - runs-on: ubuntu-latest + runs-on: runner-cluster-htl-set steps: - name: Checkout Repository diff --git a/.github/workflows/create-docker-for-runner.yml b/.github/workflows/create-docker-for-runner.yml new file mode 100644 index 00000000..c9fef0a5 --- /dev/null +++ b/.github/workflows/create-docker-for-runner.yml @@ -0,0 +1,37 @@ +name: Build and Publish Docker Image + +on: + push: + branches: + - main + paths: + - '.github/runner/docker/**' + schedule: + - cron: '0 0 * * *' + +jobs: + build: + runs-on: ubuntu-latest #To ensure it always builds we use the github runner with all the right tooling + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Log in to GHCR + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build Docker image + run: | + repo_name=${{ github.repository }} # Get repository name + repo_name_lower=$(echo $repo_name | tr '[:upper:]' '[:lower:]') # Convert to lowercase + docker build -t ghcr.io/$repo_name_lower/gh-runner-self:latest -f .github/runner/docker/gh-runner-self.dockerfile . + + - name: Push Docker image to GHCR + run: | + repo_name=${{ github.repository }} # Get repository name + repo_name_lower=$(echo $repo_name | tr '[:upper:]' '[:lower:]') # Convert to lowercase + docker push ghcr.io/$repo_name_lower/gh-runner-self:latest diff --git a/.github/workflows/delete-json-branch.yml b/.github/workflows/delete-json-branch.yml index e4cdcf24..b7286840 100644 --- a/.github/workflows/delete-json-branch.yml +++ b/.github/workflows/delete-json-branch.yml @@ -9,7 +9,7 @@ on: jobs: delete_branch: - runs-on: ubuntu-latest + runs-on: runner-cluster-htl-set steps: - name: Checkout the code uses: actions/checkout@v3 diff --git a/.github/workflows/frontend-cicd.yml b/.github/workflows/frontend-cicd.yml index dd242f6e..c4f1a641 100644 --- a/.github/workflows/frontend-cicd.yml +++ b/.github/workflows/frontend-cicd.yml @@ -27,7 +27,7 @@ concurrency: jobs: build: - runs-on: ubuntu-latest + runs-on: runner-cluster-htl-set defaults: run: working-directory: frontend # Set default working directory for all run steps diff --git a/.github/workflows/github-release.yml b/.github/workflows/github-release.yml index eba622ff..ad95f730 100644 --- a/.github/workflows/github-release.yml +++ b/.github/workflows/github-release.yml @@ -7,7 +7,7 @@ on: jobs: create-new-release: - runs-on: ubuntu-latest + runs-on: runner-cluster-htl-set permissions: contents: write steps: diff --git a/.github/workflows/update-json-date.yml b/.github/workflows/update-json-date.yml index 7e9c2497..26957e50 100644 --- a/.github/workflows/update-json-date.yml +++ b/.github/workflows/update-json-date.yml @@ -10,7 +10,7 @@ on: jobs: update-app-files: - runs-on: ubuntu-latest + runs-on: runner-cluster-htl-set permissions: contents: write diff --git a/.github/workflows/validate-filenames.yml b/.github/workflows/validate-filenames.yml index ad821e94..dac80626 100644 --- a/.github/workflows/validate-filenames.yml +++ b/.github/workflows/validate-filenames.yml @@ -10,7 +10,7 @@ on: jobs: check-files: name: Check changed files - runs-on: ubuntu-latest + runs-on: runner-cluster-htl-set permissions: pull-requests: write