initial commit
This commit is contained in:
+176
@@ -0,0 +1,176 @@
|
||||
#!/bin/bash
|
||||
# shellcheck disable=SC2174,SC1091
|
||||
|
||||
set -Eeuxo pipefail
|
||||
|
||||
printf "\n\t🐋 Build started 🐋\t\n"
|
||||
|
||||
# Remove '"' so it can be sourced by sh/bash
|
||||
sed 's|"||g' -i "/etc/environment"
|
||||
|
||||
. /etc/os-release
|
||||
|
||||
node_arch() {
|
||||
case "$(uname -m)" in
|
||||
'aarch64') echo 'arm64' ;;
|
||||
'x86_64') echo 'x64' ;;
|
||||
'armv7l') echo 'armv7l' ;;
|
||||
*) exit 1 ;;
|
||||
esac
|
||||
}
|
||||
|
||||
ImageOS=ubuntu$(echo "${VERSION_ID}" | cut -d'.' -f 1)
|
||||
AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache
|
||||
ACT_TOOLSDIRECTORY=/opt/acttoolcache
|
||||
{
|
||||
echo "IMAGE_OS=$ImageOS"
|
||||
echo "ImageOS=$ImageOS"
|
||||
echo "LSB_RELEASE=${VERSION_ID}"
|
||||
echo "AGENT_TOOLSDIRECTORY=${AGENT_TOOLSDIRECTORY}"
|
||||
echo "RUN_TOOL_CACHE=${AGENT_TOOLSDIRECTORY}"
|
||||
echo "DEPLOYMENT_BASEPATH=/opt/runner"
|
||||
echo "USER=$(whoami)"
|
||||
echo "RUNNER_USER=$(whoami)"
|
||||
echo "ACT_TOOLSDIRECTORY=${ACT_TOOLSDIRECTORY}"
|
||||
} | tee -a "/etc/environment"
|
||||
|
||||
mkdir -m 0777 -p "${AGENT_TOOLSDIRECTORY}"
|
||||
chown -R 1001:1000 "${AGENT_TOOLSDIRECTORY}"
|
||||
mkdir -m 0777 -p "${ACT_TOOLSDIRECTORY}"
|
||||
chown -R 1001:1000 "${ACT_TOOLSDIRECTORY}"
|
||||
|
||||
mkdir -m 0777 -p /github
|
||||
chown -R 1001:1000 /github
|
||||
|
||||
printf "\n\t🐋 Installing packages 🐋\t\n"
|
||||
packages=(
|
||||
ssh
|
||||
gawk
|
||||
curl
|
||||
jq
|
||||
shellcheck
|
||||
wget
|
||||
sudo
|
||||
gnupg-agent
|
||||
ca-certificates
|
||||
software-properties-common
|
||||
apt-transport-https
|
||||
libyaml-0-2
|
||||
zstd
|
||||
zip
|
||||
unzip
|
||||
xz-utils
|
||||
python3-pip
|
||||
python3-venv
|
||||
pipx
|
||||
)
|
||||
|
||||
apt-get -yq update
|
||||
apt-get -yq install --no-install-recommends --no-install-suggests "${packages[@]}"
|
||||
|
||||
ln -s "$(which python3)" "/usr/local/bin/python"
|
||||
|
||||
add-apt-repository ppa:git-core/ppa -y
|
||||
apt-get update
|
||||
apt-get install -y git
|
||||
|
||||
git --version
|
||||
|
||||
git config --system --add safe.directory '*'
|
||||
|
||||
wget https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh -qO- | bash
|
||||
apt-get update
|
||||
apt-get install -y git-lfs
|
||||
|
||||
LSB_OS_VERSION="${VERSION_ID//\./}"
|
||||
echo "LSB_OS_VERSION=${LSB_OS_VERSION}" | tee -a "/etc/environment"
|
||||
|
||||
wget -qO "/imagegeneration/toolset.json" "https://raw.githubusercontent.com/actions/virtual-environments/main/images/ubuntu/toolsets/toolset-${LSB_OS_VERSION}.json" || echo "File not available"
|
||||
wget -qO "/imagegeneration/LICENSE" "https://raw.githubusercontent.com/actions/virtual-environments/main/LICENSE"
|
||||
|
||||
if [ "$(uname -m)" = x86_64 ]; then
|
||||
wget -qO "/usr/bin/jq" "https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64"
|
||||
chmod +x "/usr/bin/jq"
|
||||
fi
|
||||
|
||||
printf "\n\t🐋 Updated apt lists and upgraded packages 🐋\t\n"
|
||||
|
||||
printf "\n\t🐋 Creating ~/.ssh and adding 'github.com' 🐋\t\n"
|
||||
mkdir -m 0700 -p ~/.ssh
|
||||
ssh-keyscan github.com >>/etc/ssh/ssh_known_hosts
|
||||
|
||||
printf "\n\t🐋 Installed base utils 🐋\t\n"
|
||||
|
||||
printf "\n\t🐋 Installing docker cli 🐋\t\n"
|
||||
install -m 0755 -d /etc/apt/keyrings
|
||||
curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
|
||||
chmod a+r /etc/apt/keyrings/docker.asc
|
||||
cat <<EOF >/etc/apt/sources.list.d/docker.sources
|
||||
Types: deb
|
||||
URIs: https://download.docker.com/linux/ubuntu
|
||||
Suites: $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}")
|
||||
Components: stable
|
||||
Signed-By: /etc/apt/keyrings/docker.asc
|
||||
EOF
|
||||
apt-get -yq update
|
||||
apt-get -yq install --no-install-recommends --no-install-suggests docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
|
||||
printf "\n\t🐋 Installed docker cli 🐋\t\n"
|
||||
docker -v
|
||||
printf "\n\t🐋 Installed docker buildx 🐋\t\n"
|
||||
docker buildx version
|
||||
IFS=' ' read -r -a NODE <<<"$NODE_VERSION"
|
||||
for ver in "${NODE[@]}"; do
|
||||
if [[ "${ver}" == "24" && "$(node_arch)" == "armv7l" ]]; then
|
||||
ver="22" # rip arm32/v7
|
||||
fi
|
||||
printf "\n\t🐋 Installing Node.JS=%s 🐋\t\n" "${ver}"
|
||||
VER=$(curl https://nodejs.org/download/release/index.json | jq "[.[] | select(.version|test(\"^v${ver}\"))][0].version" -r)
|
||||
NODEPATH="${ACT_TOOLSDIRECTORY}/node/${VER:1}/$(node_arch)"
|
||||
mkdir -v -m 0777 -p "$NODEPATH"
|
||||
wget "https://nodejs.org/download/release/latest-v${ver}.x/node-$VER-linux-$(node_arch).tar.xz" -O "node-$VER-linux-$(node_arch).tar.xz"
|
||||
tar -Jxf "node-$VER-linux-$(node_arch).tar.xz" --strip-components=1 -C "$NODEPATH"
|
||||
rm "node-$VER-linux-$(node_arch).tar.xz"
|
||||
if [[ "${ver}" == "24" ]]; then # make this version the default (latest LTS)
|
||||
sed "s|^PATH=|PATH=$NODEPATH/bin:|mg" -i /etc/environment
|
||||
ln -sfn "$NODEPATH/bin/node" /usr/local/bin/node
|
||||
ln -sfn "$NODEPATH/bin/npm" /usr/local/bin/npm
|
||||
fi
|
||||
export PATH="$NODEPATH/bin:$PATH"
|
||||
|
||||
printf "\n\t🐋 Installed Node.JS 🐋\t\n"
|
||||
"${NODEPATH}"/bin/node -v
|
||||
|
||||
printf "\n\t🐋 Installed NPM 🐋\t\n"
|
||||
"${NODEPATH}"/bin/npm -v
|
||||
done
|
||||
|
||||
case "$(uname -m)" in
|
||||
'aarch64')
|
||||
scripts=(
|
||||
yq
|
||||
)
|
||||
;;
|
||||
'x86_64')
|
||||
scripts=(
|
||||
yq
|
||||
)
|
||||
;;
|
||||
'armv7l')
|
||||
scripts=(
|
||||
yq
|
||||
)
|
||||
;;
|
||||
*) exit 1 ;;
|
||||
esac
|
||||
|
||||
for SCRIPT in "${scripts[@]}"; do
|
||||
printf "\n\t🧨 Executing %s.sh 🧨\t\n" "${SCRIPT}"
|
||||
bash "/imagegeneration/installers/${SCRIPT}.sh"
|
||||
done
|
||||
|
||||
printf "\n\t🐋 Cleaning image 🐋\t\n"
|
||||
apt-get clean
|
||||
rm -rf /var/cache/* /var/log/* /var/lib/apt/lists/* /tmp/* || echo 'Failed to delete directories'
|
||||
|
||||
printf "\n\t🐋 Cleaned up image 🐋\t\n"
|
||||
|
||||
@@ -0,0 +1,78 @@
|
||||
#!/bin/bash -e
|
||||
################################################################################
|
||||
## File: yq.sh
|
||||
## Desc: Installs YQ with checksum validation
|
||||
################################################################################
|
||||
# source: https://github.com/actions/runner-images/blob/5d6938f680075d63fa71f8aa70990866cd12884b/images/linux/scripts/installers/yq.sh
|
||||
|
||||
download_with_retries() {
|
||||
local URL="$1"
|
||||
local DEST="${2:-.}"
|
||||
local NAME="${3:-${URL##*/}}"
|
||||
echo "Downloading '$URL' to '${DEST}/${NAME}'..."
|
||||
local retries=20
|
||||
local interval=30
|
||||
while [ "$retries" -gt 0 ]; do
|
||||
((retries--)) || true
|
||||
if curl -fsSL -o "${DEST}/${NAME}" "$URL"; then
|
||||
echo "Download completed"
|
||||
return 0
|
||||
fi
|
||||
echo "Error downloading. Waiting ${interval}s before retry, ${retries} attempts left"
|
||||
sleep "$interval"
|
||||
done
|
||||
echo "Could not download $URL"
|
||||
return 1
|
||||
}
|
||||
|
||||
get_hash_from_remote_file() {
|
||||
local url=$1
|
||||
local keywords=("$2" "$3")
|
||||
local delimiter=${4:-' '}
|
||||
local word_number=${5:-1}
|
||||
local matching_line
|
||||
matching_line=$(curl -fsSL "$url" | sed 's/ */ /g' | tr -d '`')
|
||||
for keyword in "${keywords[@]}"; do
|
||||
matching_line=$(echo "$matching_line" | grep "$keyword" || true)
|
||||
done
|
||||
matching_line=$(echo "$matching_line" | head -n1)
|
||||
if [ -z "$matching_line" ]; then
|
||||
echo "Keywords (${keywords[*]}) not found in the file with hashes." >&2
|
||||
exit 1
|
||||
fi
|
||||
echo "$matching_line" | cut -d "$delimiter" -f "$word_number" | tr -d -c '[:alnum:]'
|
||||
}
|
||||
|
||||
use_checksum_comparison() {
|
||||
local file_path=$1
|
||||
local checksum=$2
|
||||
local sha_type=${3:-256}
|
||||
local local_file_hash
|
||||
echo "Performing checksum verification"
|
||||
if [ ! -f "$file_path" ]; then
|
||||
echo "File not found: $file_path" >&2
|
||||
exit 1
|
||||
fi
|
||||
local_file_hash=$(shasum -a "$sha_type" "$file_path" | awk '{print $1}')
|
||||
if [ "$local_file_hash" != "$checksum" ]; then
|
||||
echo "Checksum verification failed. Expected: $checksum; Actual: $local_file_hash." >&2
|
||||
exit 1
|
||||
fi
|
||||
echo "Checksum verification passed"
|
||||
}
|
||||
|
||||
yq_arch() {
|
||||
case "$(uname -m)" in
|
||||
'aarch64') echo 'arm64' ;;
|
||||
'x86_64') echo 'amd64' ;;
|
||||
'armv7l') echo 'arm' ;;
|
||||
*) exit 1 ;;
|
||||
esac
|
||||
}
|
||||
|
||||
base_url="https://github.com/mikefarah/yq/releases/latest/download"
|
||||
filename="yq_linux_$(yq_arch)"
|
||||
download_with_retries "${base_url}/${filename}" "/tmp" "yq"
|
||||
external_hash=$(get_hash_from_remote_file "${base_url}/checksums" "${filename} " "" " " "19")
|
||||
use_checksum_comparison "/tmp/yq" "${external_hash}"
|
||||
sudo install /tmp/yq /usr/bin/yq
|
||||
Reference in New Issue
Block a user