Feature/helper scripts

.github/workflows/build-pr.yml

@@ -3,13 +3,16 @@ name: Build PR
 on:
   pull_request:
 
+env:
+  IMAGE_BASE: "ghcr.io/${{ github.repository_owner }}/github-actions-runner"
+
 jobs:
   generate_infos:
     uses: fullstack-devops/actions/.github/workflows/generate-build-infos.yml@main
     secrets:
       token: ${{ secrets.GITHUB_TOKEN }}
 
-  build:
+  build_base:
     runs-on: ubuntu-latest
     needs: generate_infos
     steps:
@@ -28,11 +31,18 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
 
-      - name: Build github-runner-base
+      - name: Build github-actions-runner:base
+        uses: docker/build-push-action@v2
+        with:
+          context: ./images/base
+          push: true
+          tags: |
+            ${{ env.IMAGE_BASE }}:base-pr-${{ github.event.pull_request.number }}
+
+      - name: Build github-actions-runner:kaniko-sidecar
         uses: docker/build-push-action@v2
         with:
-          context: ./
-          push: false
+          context: ./images/kaniko-sidecar
+          push: true
           tags: |
-            ghcr.io/${{ github.repository_owner }}/github-runner-base:latest
-            ghcr.io/${{ github.repository_owner }}/github-runner-base:${{needs.generate_infos.outputs.version}}
+            ${{ env.IMAGE_BASE }}:kaniko-sidecar-pr-${{ github.event.pull_request.number }}

.github/workflows/cleanup-pr.yml

@@ -0,0 +1,25 @@
+name: Cleanup PR
+
+on:
+  pull_request:
+    types: [closed]
+
+jobs:
+  purge-image:
+    name: Delete image from ghcr.io
+    runs-on: ubuntu-latest
+    steps:
+      - name: Delete base image
+        uses: bots-house/ghcr-delete-image-action@v1
+        with:
+          owner: ${{ github.repository_owner }}
+          name: github-actions-runner
+          token: ${{ secrets.GITHUB_TOKEN }}
+          tag: base-pr-${{ github.event.pull_request.number }}
+      - name: Delete kaniko-sidecar image
+        uses: bots-house/ghcr-delete-image-action@v1
+        with:
+          owner: ${{ github.repository_owner }}
+          name: github-actions-runner
+          token: ${{ secrets.GITHUB_TOKEN }}
+          tag: kaniko-sidecar-pr-${{ github.event.pull_request.number }}

.github/workflows/create-release.yml

@@ -9,6 +9,9 @@ on:
     branches:
       - "main"
 
+env:
+  IMAGE_BASE: "ghcr.io/${{ github.repository_owner }}/github-actions-runner"
+
 jobs:
   create_release:
     uses: fullstack-devops/actions/.github/workflows/create-release.yml@main
@@ -34,14 +37,23 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
 
-      - name: Build and push github-runner-base
+      - name: Build github-actions-runner:base
+        uses: docker/build-push-action@v2
+        with:
+          context: ./images/base
+          push: true
+          tags: |
+            ${IMAGE_BASE}:latest
+            ${IMAGE_BASE}:base-latest
+            ${IMAGE_BASE}:base-${{needs.create_release.outputs.version}}
+
+      - name: Build github-actions-runner:kaniko-sidecar
         uses: docker/build-push-action@v2
         with:
-          context: ./
+          context: ./images/kaniko-sidecar
           push: true
           tags: |
-            ghcr.io/${{ github.repository_owner }}/github-runner-base:latest
-            ghcr.io/${{ github.repository_owner }}/github-runner-base:${{needs.create_release.outputs.version}}
+            ${IMAGE_BASE}:kaniko-sidecar-${{needs.create_release.outputs.version}}
 
   publish_release:
     runs-on: ubuntu-latest

README.md

@@ -9,14 +9,81 @@ Base Image for github runner images in repo @fullstack-devops/github-runner. Can
 
 | Variable          | Type   | Description                                                                                                       |
 |-------------------|--------|-------------------------------------------------------------------------------------------------------------------|
-| `GH_ORGANIZATION` | string | Points to the GitHub Organisation where the runner should be installed                                            |
+| `GH_ORG`          | string | Points to the GitHub Organisation where the runner should be installed                                            |
 | `GH_ACCESS_TOKEN` | string | Developer Token vor the GitHub Organisation<br> This Token can be personal and is onlv needed during installation |
 
 ### Optional environmental variables
 
 For the helm values see the [values.yaml](helm/values.yaml), section `envValues`
 
-| Variable     | Type   | Default                  | Description                                                          |
-|--------------|--------|--------------------------|----------------------------------------------------------------------|
-| `GH_URL`     | string | `https://github.com`     | For GitHub Enterprise support                                        |
-| `GH_API_URL` | string | `https://api.github.com` | For GitHub Enterprise support eg.: `https://git.example.com/api/v3/` |
+| Variable          | Type   | Default                  | Description                                                          |
+|-------------------|--------|--------------------------|----------------------------------------------------------------------|
+| `GH_URL`          | string | `https://github.com`     | For GitHub Enterprise support                                        |
+| `GH_API_ENDPOINT` | string | `https://api.github.com` | For GitHub Enterprise support eg.: `https://git.example.com/api/v3/` |
+| `GH_REPO`         | string |                          | installing a runner to a spezific repository                         |
+| `KANIKO_ENABLED`  | bool   | `false`                  | enable builds with kaniko (works only with kaniko-sidecar)           |
+
+---
+
+## Examples
+
+### docker or podman
+
+If you are using `docker` or `podman` the options and commands are basically the same.
+
+Run registerd to an Organisation:
+```bash
+podman run -e GH_ORG=fullstack-devops -e GH_ACCESS_TOKEN=ghp_**** github-runner-base:latest
+```
+
+Run registerd to an Organisation and Repo:
+```bash
+podman run -e GH_ORG=fullstack-devops -e GH_REPO=github-runner-testing -e GH_ACCESS_TOKEN=ghp_**** github-runner-base:latest
+```
+
+> Replace the `ghp_****` with your own valid personal access token
+
+### docker-compose
+
+```yaml
+version: "3"
+
+services:
+  github-runner:
+    image: github-runner-base:latest
+    environment:
+      GH_ORG: fullstack-devops
+      GH_ACCESS_TOKEN: ghp_****
+```
+
+Build images with kaniko:
+```yaml
+version: "3"
+
+volumes:
+  kaniko_workspace:
+      driver: local
+
+services:
+  github-action-runner:
+    image: github-action-runner:base-latest
+    environment:
+      GH_ORG: fullstack-devops
+      GH_ACCESS_TOKEN: ghp_****
+      KANIKO_ENABLED: "true"
+    volumes:
+      - kaniko_workspace:/kaniko/workspace
+
+  github-action-runner-kaniko:
+    image: github-action-runner:kaniko-sidecar-latest
+    volumes:
+      - kaniko_workspace:/kaniko/workspace
+```
+
+### kubernetes pod
+
+tbd
+
+### helm
+
+tbd

Dockerfile → images/base/Dockerfile

@@ -1,32 +1,41 @@
 FROM ubuntu:20.04
 
-COPY export-aarch-infos.sh /export-aarch-infos.sh
-RUN chmod +x /export-aarch-infos.sh
-
 ARG DEBIAN_FRONTEND=noninteractive
+ARG PACKAGES="libffi-dev libicu-dev build-essential libssl-dev ca-certificates jq sed grep git curl wget zip"
 
 ENV USERNAME="runner"
 ENV RUNNER_HOME="/home/${USERNAME}/runner"
-ENV GH_WORKDIR="/home/${USERNAME}"
+
+ENV GH_RUNNER_WORKDIR="/home/${USERNAME}"
+ENV GH_KANIKO_WORKDIR="/kaniko/workspace"
 
 # https://github.com/actions/runner/releases
 ENV GH_RUNNER_VERSION=2.289.1
 ENV GH_RUNNER_LABELS=ubuntu-20.04
 
 ENV AWESOME_CI_VERSION 0.11.1
 
+# making nessecarry directories
+RUN mkdir /helper-scripts \
+  && mkdir -p /kaniko/workspace
+
+# Copy image helper scripts
+COPY ./helper-scripts/gh-entrypoint.sh /helper-scripts/gh-entrypoint.sh
+COPY ./helper-scripts/kaniko-wrapper.sh /helper-scripts/kaniko-wrapper.sh
+COPY ./helper-scripts/translate-aarch.sh /helper-scripts/translate-aarch.sh
+
+RUN chmod -R 755 /helper-scripts
+
 # install packages along with jq so we can parse JSON
 # add additional packages as necessary
-ARG PACKAGES="libffi-dev libicu-dev build-essential libssl-dev ca-certificates jq sed grep git curl wget zip"
-
 RUN apt-get update \
   && apt-get install -y ${PACKAGES} \
   && rm -rf /var/lib/apt/lists/* \
   && apt-get clean
 
 # install awesoeme ci
-RUN export ARCH=$(/export-aarch-infos.sh a-short)  \
-  && curl -L -O https://github.com/eksrvb/awesome-ci/releases/download/${AWESOME_CI_VERSION}/awesome-ci_${AWESOME_CI_VERSION}_${ARCH} \
+RUN export ARCH=$(/helper-scripts/translate-aarch.sh a-short)  \
+  && curl -L -O https://github.com/fullstack-devops/awesome-ci/releases/download/${AWESOME_CI_VERSION}/awesome-ci_${AWESOME_CI_VERSION}_${ARCH} \
   && mv awesome-ci_${AWESOME_CI_VERSION}_${ARCH} /usr/local/src/awesome-ci_${AWESOME_CI_VERSION}_${ARCH} \
   && chmod +x /usr/local/src/awesome-ci_${AWESOME_CI_VERSION}_${ARCH} \
   && ln -s /usr/local/src/awesome-ci_${AWESOME_CI_VERSION}_${ARCH} /usr/local/bin/
@@ -40,23 +49,17 @@ RUN useradd -m $USERNAME \
   && mkdir -p ${RUNNER_HOME}
 
 # Install github runner
-RUN export ARCH=$(/export-aarch-infos.sh x-short)  \
+RUN export ARCH=$(/helper-scripts/translate-aarch.sh x-short) \
   && curl -L -O https://github.com/actions/runner/releases/download/v${GH_RUNNER_VERSION}/actions-runner-linux-${ARCH}-${GH_RUNNER_VERSION}.tar.gz \
   && tar -zxf actions-runner-linux-x64-${GH_RUNNER_VERSION}.tar.gz \
   && rm -f actions-runner-linux-x64-${GH_RUNNER_VERSION}.tar.gz \
   && ./bin/installdependencies.sh \
   && cd ./bin \
   && apt-get clean
 
-# copy over the start script
-COPY gh-entrypoint.sh /gh-entrypoint.sh
-# make the script executable
-RUN chmod +x /gh-entrypoint.sh
-
 RUN chown -R $USERNAME /home/${USERNAME}
-RUN chown -R $USERNAME /gh-entrypoint.sh
 
 # set the entrypoint to the entrypoint.sh script
-ENTRYPOINT ["/gh-entrypoint.sh"]
+ENTRYPOINT ["/helper-scripts/gh-entrypoint.sh"]
 
 USER $USERNAME