initial commit
This commit is contained in:
@@ -0,0 +1,2 @@
|
||||
.github
|
||||
.git
|
||||
@@ -0,0 +1,9 @@
|
||||
* text=auto eol=lf
|
||||
|
||||
# scripts
|
||||
*.sh text eol=lf
|
||||
*.bat text eol=crlf
|
||||
|
||||
## DOCKER
|
||||
*.dockerignore text
|
||||
Dockerfile text
|
||||
@@ -0,0 +1,129 @@
|
||||
name: Build act images
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: 0 12 */7 * *
|
||||
push:
|
||||
paths:
|
||||
- '.github/workflows/build-ubuntu.yml'
|
||||
- 'Dockerfile'
|
||||
- 'scripts/**'
|
||||
- 'build.sh'
|
||||
branches:
|
||||
- 'master'
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
REGISTRY: git.keligrubb.com
|
||||
SLUG: ${{ github.repository_owner }}/ubuntu
|
||||
IMAGE_LABEL_OWNER: ${{ github.repository_owner }}
|
||||
IMAGE_LABEL_REPO: ${{ github.repository }}
|
||||
NODE: '20 24'
|
||||
BUILD_REF: ${{ github.sha }}
|
||||
SKIP_TEST: false
|
||||
LATEST_TAG: 24.04
|
||||
|
||||
jobs:
|
||||
build-act:
|
||||
name: Build act ${{ matrix.TAG }}
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
fail-fast: true
|
||||
max-parallel: 4
|
||||
matrix:
|
||||
TAG:
|
||||
- 24.04
|
||||
- 22.04
|
||||
|
||||
steps:
|
||||
- uses: https://git.keligrubb.com/actions/checkout@v6
|
||||
|
||||
- name: Log in to container registry
|
||||
uses: https://git.keligrubb.com/actions/docker-login-action@v4
|
||||
with:
|
||||
registry: ${{ env.REGISTRY }}
|
||||
username: jasper-agent
|
||||
password: ${{ secrets.JASPER_REPO_TOKEN }}
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: https://git.keligrubb.com/actions/docker-setup-buildx-action@v4
|
||||
|
||||
- name: Compute tags and metadata
|
||||
run: |
|
||||
if [[ "${{ github.event_name }}" == "schedule" || "${{ github.event_name }}" == "workflow_dispatch" ]]; then
|
||||
PART_TAG=$(date +%Y%m%d)
|
||||
else
|
||||
PART_TAG=dev
|
||||
fi
|
||||
echo "PART_TAG=$PART_TAG" >> "$GITHUB_ENV"
|
||||
|
||||
if [ "${LATEST_TAG}" = "${{ matrix.TAG }}" ]; then
|
||||
RELEASE_TAG=$(lsb_release -rs)
|
||||
else
|
||||
RELEASE_TAG="${{ matrix.TAG }}"
|
||||
fi
|
||||
echo "RELEASE_TAG=$RELEASE_TAG" >> "$GITHUB_ENV"
|
||||
|
||||
BUILD_DATE=$(date -u +"%Y-%m-%d %H:%M:%SZ")
|
||||
echo "BUILD_DATE=$BUILD_DATE" >> "$GITHUB_ENV"
|
||||
|
||||
TAG_NAME="act-${{ matrix.TAG }}"
|
||||
{
|
||||
echo "${TAG_NAME}-${PART_TAG}"
|
||||
if [ "${LATEST_TAG}" = "${{ matrix.TAG }}" ]; then
|
||||
echo "act-latest-${PART_TAG}"
|
||||
fi
|
||||
echo "${TAG_NAME}"
|
||||
if [ "${LATEST_TAG}" = "${{ matrix.TAG }}" ]; then
|
||||
echo "act-latest"
|
||||
fi
|
||||
} > .tags
|
||||
|
||||
echo "ACT_TEST_IMAGE=${{ env.REGISTRY }}/${{ env.SLUG }}:${TAG_NAME}-${PART_TAG}" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Build Docker image
|
||||
uses: https://git.keligrubb.com/actions/docker-build-push-action@v7
|
||||
with:
|
||||
context: .
|
||||
file: ./Dockerfile
|
||||
load: true
|
||||
tags: act:built
|
||||
build-args: |
|
||||
NODE_VERSION=${{ env.NODE }}
|
||||
DISTRO=ubuntu
|
||||
TYPE=act
|
||||
RUNNER=root
|
||||
BUILD_DATE=${{ env.BUILD_DATE }}
|
||||
BUILD_OWNER=${{ env.IMAGE_LABEL_OWNER }}
|
||||
BUILD_REPO=${{ env.IMAGE_LABEL_REPO }}
|
||||
BUILD_TAG=act-${{ matrix.TAG }}
|
||||
BUILD_TAG_VERSION=${{ env.PART_TAG }}
|
||||
BUILD_REF=${{ env.BUILD_REF }}
|
||||
FROM_IMAGE=buildpack-deps
|
||||
FROM_TAG=${{ env.RELEASE_TAG }}
|
||||
|
||||
- name: Push Docker image (all tags from .tags)
|
||||
run: |
|
||||
IMAGE="${{ env.REGISTRY }}/${{ env.SLUG }}"
|
||||
while read -r tag; do
|
||||
docker tag act:built "$IMAGE:$tag"
|
||||
docker push "$IMAGE:$tag"
|
||||
done < .tags
|
||||
|
||||
- if: ${{ !env.SKIP_TEST }}
|
||||
uses: https://git.keligrubb.com/actions/setup-go@v6
|
||||
with:
|
||||
go-version: '>=1.21.0'
|
||||
|
||||
- if: ${{ !env.SKIP_TEST }}
|
||||
uses: https://git.keligrubb.com/actions/checkout@v6
|
||||
with:
|
||||
repository: nektos/act
|
||||
path: act
|
||||
|
||||
- if: ${{ !env.SKIP_TEST }}
|
||||
env:
|
||||
ACT_TEST_IMAGE: ${{ env.ACT_TEST_IMAGE }}
|
||||
run: |
|
||||
cd act/
|
||||
go test ./...
|
||||
@@ -0,0 +1,34 @@
|
||||
name: Lint Docker files and shell scripts
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
paths:
|
||||
- '.gitea/workflows/**'
|
||||
- 'Dockerfile'
|
||||
- 'scripts/**'
|
||||
- 'build.sh'
|
||||
|
||||
jobs:
|
||||
lint-dockerfile:
|
||||
name: Lint Dockerfile with hadolint
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: https://git.keligrubb.com/actions/checkout@v6
|
||||
- name: Run hadolint
|
||||
uses: hadolint/hadolint-action@v3
|
||||
with:
|
||||
dockerfile: Dockerfile
|
||||
|
||||
lint-shell-scripts:
|
||||
name: Lint shell scripts with shellcheck
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: https://git.keligrubb.com/actions/checkout@v6
|
||||
- name: Install shellcheck
|
||||
run: |
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y shellcheck
|
||||
- name: Run shellcheck
|
||||
run: |
|
||||
find . -name '*.sh' -print0 | xargs -0 -n1 shellcheck
|
||||
|
||||
+12
@@ -0,0 +1,12 @@
|
||||
# custom stuff
|
||||
.secrets
|
||||
.env
|
||||
|
||||
# wip
|
||||
*.hcl
|
||||
|
||||
# mega-linter
|
||||
report
|
||||
|
||||
# quick local actions for act
|
||||
.github/workflows/act.yml
|
||||
@@ -0,0 +1,14 @@
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/hadolint/hadolint/master/contrib/hadolint.json
|
||||
---
|
||||
ignored:
|
||||
- SC2086
|
||||
- DL3004
|
||||
- DL3002
|
||||
- DL3008
|
||||
- DL3016
|
||||
- DL3018
|
||||
- DL3003
|
||||
trustedRegistries:
|
||||
- docker.io
|
||||
- ghcr.io
|
||||
- quay.io
|
||||
+47
@@ -0,0 +1,47 @@
|
||||
ARG FROM_IMAGE
|
||||
ARG FROM_TAG
|
||||
FROM ${FROM_IMAGE}:${FROM_TAG}
|
||||
|
||||
# > automatic buildx ARGs
|
||||
ARG TARGETARCH
|
||||
|
||||
# > ARGs before FROM are not accessible
|
||||
ARG FROM_IMAGE
|
||||
ARG FROM_TAG
|
||||
|
||||
# > Our custom ARGs
|
||||
# latest Node.js LTS versions
|
||||
ARG NODE_VERSION="20 24"
|
||||
ARG DISTRO=ubuntu
|
||||
ARG TYPE=act
|
||||
ARG RUNNER
|
||||
|
||||
# > Force apt to not be interactive/not ask
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
SHELL [ "/bin/bash", "--login", "-e", "-o", "pipefail", "-c" ]
|
||||
WORKDIR /tmp
|
||||
|
||||
COPY ./scripts /imagegeneration/installers
|
||||
RUN bash /imagegeneration/installers/${TYPE}.sh
|
||||
|
||||
ARG BUILD_DATE
|
||||
ARG BUILD_TAG=${TYPE}
|
||||
ARG BUILD_REF
|
||||
ARG BUILD_TAG_VERSION
|
||||
ARG BUILD_OWNER
|
||||
ARG BUILD_REPO
|
||||
|
||||
LABEL org.opencontainers.image.created="${BUILD_DATE}"
|
||||
LABEL org.opencontainers.image.vendor="${BUILD_OWNER}"
|
||||
LABEL org.opencontainers.image.authors="https://github.com/${BUILD_OWNER}"
|
||||
LABEL org.opencontainers.image.url="https://github.com/${BUILD_OWNER}/${BUILD_REPO}/tree/${BUILD_REF}/"
|
||||
LABEL org.opencontainers.image.source="https://github.com/${BUILD_OWNER}/${BUILD_REPO}"
|
||||
LABEL org.opencontainers.image.documentation="https://github.com/${BUILD_OWNER}/${BUILD_REPO}"
|
||||
LABEL org.opencontainers.image.version="${BUILD_TAG_VERSION}"
|
||||
LABEL org.opencontainers.image.title="${BUILD_TAG}-${TARGETARCH}"
|
||||
LABEL org.opencontainers.image.description="Special image built for using with https://github.com/nektos/act"
|
||||
LABEL org.opencontainers.image.revision="${BUILD_REF}"
|
||||
|
||||
USER ${RUNNER}
|
||||
|
||||
@@ -0,0 +1,88 @@
|
||||
# Docker images for act
|
||||
|
||||
Ubuntu-based images for [nektos/act][nektos/act], kept small while staying compatible with most GitHub Actions.
|
||||
|
||||
## Images
|
||||
|
||||
Built from [`scripts/act.sh`](./scripts/act.sh). Published to this repo’s Gitea registry:
|
||||
|
||||
- **Registry:** `git.keligrubb.com`
|
||||
- **Image:** `git.keligrubb.com/actions/ubuntu`
|
||||
- **Tags:** `act-22.04`, `act-24.04`, `act-latest` (and dated tags e.g. `act-24.04-YYYYMMDD`)
|
||||
|
||||
## When images are updated
|
||||
|
||||
- Dependencies required for actions change
|
||||
- Changes to GitHub Actions, Act, or the container registry
|
||||
- Size or performance improvements
|
||||
|
||||
## Build locally
|
||||
|
||||
You can build and push from this repo without using CI.
|
||||
|
||||
**Prereqs:** Docker with `buildx`, and push access to your registry (e.g. `git.keligrubb.com`).
|
||||
|
||||
**1. Set env (repo root):**
|
||||
|
||||
```sh
|
||||
export IMAGE_LABEL_OWNER="actions"
|
||||
export IMAGE_LABEL_REPO="ubuntu"
|
||||
export SLUG="actions/ubuntu"
|
||||
|
||||
export DISTRO="ubuntu"
|
||||
export TYPE="act"
|
||||
export RUNNER="root"
|
||||
export NODE="20 24"
|
||||
export PLATFORMS="linux/amd64,linux/arm64"
|
||||
|
||||
export FROM_IMAGE="buildpack-deps"
|
||||
export FROM_TAG="24.04"
|
||||
|
||||
export TAG="act-24.04"
|
||||
export LATEST_TAG="act-latest"
|
||||
export PART_TAG="$(date +%Y%m%d)"
|
||||
export BUILD_TAG="${TAG}"
|
||||
export BUILD_TAG_VERSION="${PART_TAG}"
|
||||
export BUILD_REF="$(git rev-parse HEAD 2>/dev/null || echo unknown)"
|
||||
```
|
||||
|
||||
**2. Log in to your registry:**
|
||||
|
||||
```sh
|
||||
docker login git.keligrubb.com
|
||||
```
|
||||
|
||||
**3. Build and push:**
|
||||
|
||||
```sh
|
||||
tags=""
|
||||
tags="${tags} git.keligrubb.com/${SLUG}:${TAG}-${PART_TAG}"
|
||||
tags="${tags} git.keligrubb.com/${SLUG}:${LATEST_TAG}-${PART_TAG}"
|
||||
tags="${tags} git.keligrubb.com/${SLUG}:${TAG}"
|
||||
tags="${tags} git.keligrubb.com/${SLUG}:${LATEST_TAG}"
|
||||
|
||||
./build.sh --push --tags ${tags}
|
||||
```
|
||||
|
||||
This builds the root `Dockerfile` (which runs `scripts/act.sh`), then pushes to each tag. For a local build only (no push), run `./build.sh`.
|
||||
|
||||
**4. Use with act**
|
||||
|
||||
Point act at your image, e.g.:
|
||||
|
||||
```sh
|
||||
act -P ubuntu-latest=git.keligrubb.com/actions/ubuntu:act-24.04
|
||||
```
|
||||
|
||||
Or put the image in `.actrc` or your workflow’s `runs-on` image.
|
||||
|
||||
## Customising
|
||||
|
||||
Edit [`scripts/act.sh`](./scripts/act.sh) to add or remove packages. Keep `DISTRO=ubuntu`, `TYPE=act`, and a valid `RUNNER` user, then re-run the build steps above.
|
||||
|
||||
## Licence
|
||||
|
||||
Parts of this repository are from [actions/virtual-environments][actions/virtual-environments], used under the [MIT License](https://github.com/actions/virtual-environments/blob/main/LICENSE).
|
||||
|
||||
[nektos/act]: https://github.com/nektos/act
|
||||
[actions/virtual-environments]: https://github.com/actions/virtual-environments
|
||||
@@ -0,0 +1,212 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
set -u
|
||||
|
||||
usage() {
|
||||
cat <<EOF
|
||||
Usage: $0 [options]
|
||||
|
||||
Environment-backed options (CLI flags are optional):
|
||||
--owner VALUE (default: \$IMAGE_LABEL_OWNER)
|
||||
--repository VALUE (default: \$IMAGE_LABEL_REPO)
|
||||
--slug VALUE (default: catthehacker/ubuntu)
|
||||
--tags TAG [TAG ...] Multiple destination tags
|
||||
--tag TAG Single destination tag
|
||||
--node VALUE (default: \$NODE)
|
||||
--distro VALUE (default: ubuntu)
|
||||
--type VALUE (default: \$TYPE)
|
||||
--runner VALUE (default: \$RUNNER)
|
||||
--platforms CSV (default: \$PLATFORMS, comma-separated)
|
||||
--build-tag VALUE (default: \$BUILD_TAG)
|
||||
--build-tag-version VAL (default: \$BUILD_TAG_VERSION)
|
||||
--build-ref VALUE (default: \$BUILD_REF)
|
||||
--from-image VALUE (default: \$FROM_IMAGE)
|
||||
--from-tag VALUE (default: \$FROM_TAG)
|
||||
--push Push manifest to remote registries
|
||||
-h, --help Show this help and exit
|
||||
EOF
|
||||
}
|
||||
|
||||
# Defaults from environment (mirrors build.ps1 parameter defaults), with safe fallbacks
|
||||
owner=${IMAGE_LABEL_OWNER:-actions}
|
||||
repository=${IMAGE_LABEL_REPO:-ubuntu}
|
||||
tags=""
|
||||
tag=""
|
||||
node=${NODE:-"20 24"}
|
||||
distro='ubuntu'
|
||||
type=${TYPE:-act}
|
||||
runner=${RUNNER:-root}
|
||||
platforms=${PLATFORMS:-linux/amd64,linux/arm64}
|
||||
build_tag=${BUILD_TAG:-act-24.04}
|
||||
build_tag_version=${BUILD_TAG_VERSION:-dev}
|
||||
build_ref=${BUILD_REF:-local}
|
||||
from_image=${FROM_IMAGE:-buildpack-deps}
|
||||
from_tag=${FROM_TAG:-24.04}
|
||||
push=false
|
||||
|
||||
# Argument parsing (simple long options, designed to be close to build.ps1 semantics)
|
||||
while [ "$#" -gt 0 ]; do
|
||||
case "$1" in
|
||||
--owner)
|
||||
owner=$2
|
||||
shift 2
|
||||
;;
|
||||
--repository)
|
||||
repository=$2
|
||||
shift 2
|
||||
;;
|
||||
--tags)
|
||||
shift
|
||||
# Collect all following non-option arguments as tags
|
||||
while [ "$#" -gt 0 ] && [ "${1#-}" = "$1" ]; do
|
||||
if [ -z "$tags" ]; then
|
||||
tags=$1
|
||||
else
|
||||
tags="$tags $1"
|
||||
fi
|
||||
shift
|
||||
done
|
||||
;;
|
||||
--tag)
|
||||
tag=$2
|
||||
shift 2
|
||||
;;
|
||||
--node)
|
||||
node=$2
|
||||
shift 2
|
||||
;;
|
||||
--distro)
|
||||
distro=$2
|
||||
shift 2
|
||||
;;
|
||||
--type)
|
||||
type=$2
|
||||
shift 2
|
||||
;;
|
||||
--runner)
|
||||
runner=$2
|
||||
shift 2
|
||||
;;
|
||||
--platforms)
|
||||
platforms=$2
|
||||
shift 2
|
||||
;;
|
||||
--build-tag)
|
||||
build_tag=$2
|
||||
shift 2
|
||||
;;
|
||||
--build-tag-version)
|
||||
build_tag_version=$2
|
||||
shift 2
|
||||
;;
|
||||
--build-ref)
|
||||
build_ref=$2
|
||||
shift 2
|
||||
;;
|
||||
--from-image)
|
||||
from_image=$2
|
||||
shift 2
|
||||
;;
|
||||
--from-tag)
|
||||
from_tag=$2
|
||||
shift 2
|
||||
;;
|
||||
--push)
|
||||
push=true
|
||||
shift
|
||||
;;
|
||||
-h|--help)
|
||||
usage
|
||||
exit 0
|
||||
;;
|
||||
*)
|
||||
printf 'Unknown argument: %s\n' "$1" >&2
|
||||
usage
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
# Helper to run a command and fail with a useful message (equivalent to exec in build.ps1)
|
||||
exec_cmd() {
|
||||
if ! "$@"; then
|
||||
status=$?
|
||||
printf '%s failed with exit code %s\n' "$*" "$status" >&2
|
||||
exit "$status"
|
||||
fi
|
||||
}
|
||||
|
||||
if [ -z "$platforms" ]; then
|
||||
printf 'Error: PLATFORMS is empty. Set PLATFORMS or pass --platforms.\n' >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z "$from_image" ] || [ -z "$from_tag" ]; then
|
||||
printf 'Error: FROM_IMAGE/FROM_TAG are empty. Set env vars or pass --from-image/--from-tag.\n' >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "$push" = true ]; then
|
||||
# Combine tags and tag (if provided)
|
||||
all_tags=$tags
|
||||
if [ -n "$tag" ]; then
|
||||
if [ -z "$all_tags" ]; then
|
||||
all_tags=$tag
|
||||
else
|
||||
all_tags="$all_tags $tag"
|
||||
fi
|
||||
fi
|
||||
else
|
||||
# Even when not pushing, honor --tag so the local image is named.
|
||||
all_tags=$tags
|
||||
if [ -n "$tag" ]; then
|
||||
if [ -z "$all_tags" ]; then
|
||||
all_tags=$tag
|
||||
else
|
||||
all_tags="$all_tags $tag"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
# Buildx expects comma-separated --platform list; reuse platforms as-is.
|
||||
|
||||
tag_args=""
|
||||
for t in $all_tags; do
|
||||
tag_args="$tag_args -t $t"
|
||||
done
|
||||
|
||||
build_date=$(date -u +"%Y-%m-%d %H:%M:%SZ")
|
||||
|
||||
# Build argument vector to preserve spacing/quoting (e.g. NODE_VERSION="20 24")
|
||||
set -- docker buildx build \
|
||||
--ulimit "nofile=4096:4096" \
|
||||
--platform "$platforms" \
|
||||
--build-arg "TARGETARCH=\$TARGETARCH" \
|
||||
--build-arg "NODE_VERSION=$node" \
|
||||
--build-arg "DISTRO=$distro" \
|
||||
--build-arg "TYPE=$type" \
|
||||
--build-arg "RUNNER=$runner" \
|
||||
--build-arg "BUILD_DATE=$build_date" \
|
||||
--build-arg "BUILD_OWNER=$owner" \
|
||||
--build-arg "BUILD_OWNER_MAIL=$owner" \
|
||||
--build-arg "BUILD_REPO=$repository" \
|
||||
--build-arg "BUILD_TAG=$build_tag" \
|
||||
--build-arg "BUILD_TAG_VERSION=$build_tag_version" \
|
||||
--build-arg "BUILD_REF=$build_ref" \
|
||||
--build-arg "FROM_IMAGE=$from_image" \
|
||||
--build-arg "FROM_TAG=$from_tag" \
|
||||
--file "./Dockerfile"
|
||||
|
||||
# Append tag flags
|
||||
# shellcheck disable=SC2086
|
||||
set -- "$@" $tag_args
|
||||
|
||||
# Append push/load and final PATH argument
|
||||
if [ "$push" = true ]; then
|
||||
set -- "$@" --push .
|
||||
else
|
||||
set -- "$@" --load .
|
||||
fi
|
||||
|
||||
exec_cmd "$@"
|
||||
|
||||
+176
@@ -0,0 +1,176 @@
|
||||
#!/bin/bash
|
||||
# shellcheck disable=SC2174,SC1091
|
||||
|
||||
set -Eeuxo pipefail
|
||||
|
||||
printf "\n\t🐋 Build started 🐋\t\n"
|
||||
|
||||
# Remove '"' so it can be sourced by sh/bash
|
||||
sed 's|"||g' -i "/etc/environment"
|
||||
|
||||
. /etc/os-release
|
||||
|
||||
node_arch() {
|
||||
case "$(uname -m)" in
|
||||
'aarch64') echo 'arm64' ;;
|
||||
'x86_64') echo 'x64' ;;
|
||||
'armv7l') echo 'armv7l' ;;
|
||||
*) exit 1 ;;
|
||||
esac
|
||||
}
|
||||
|
||||
ImageOS=ubuntu$(echo "${VERSION_ID}" | cut -d'.' -f 1)
|
||||
AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache
|
||||
ACT_TOOLSDIRECTORY=/opt/acttoolcache
|
||||
{
|
||||
echo "IMAGE_OS=$ImageOS"
|
||||
echo "ImageOS=$ImageOS"
|
||||
echo "LSB_RELEASE=${VERSION_ID}"
|
||||
echo "AGENT_TOOLSDIRECTORY=${AGENT_TOOLSDIRECTORY}"
|
||||
echo "RUN_TOOL_CACHE=${AGENT_TOOLSDIRECTORY}"
|
||||
echo "DEPLOYMENT_BASEPATH=/opt/runner"
|
||||
echo "USER=$(whoami)"
|
||||
echo "RUNNER_USER=$(whoami)"
|
||||
echo "ACT_TOOLSDIRECTORY=${ACT_TOOLSDIRECTORY}"
|
||||
} | tee -a "/etc/environment"
|
||||
|
||||
mkdir -m 0777 -p "${AGENT_TOOLSDIRECTORY}"
|
||||
chown -R 1001:1000 "${AGENT_TOOLSDIRECTORY}"
|
||||
mkdir -m 0777 -p "${ACT_TOOLSDIRECTORY}"
|
||||
chown -R 1001:1000 "${ACT_TOOLSDIRECTORY}"
|
||||
|
||||
mkdir -m 0777 -p /github
|
||||
chown -R 1001:1000 /github
|
||||
|
||||
printf "\n\t🐋 Installing packages 🐋\t\n"
|
||||
packages=(
|
||||
ssh
|
||||
gawk
|
||||
curl
|
||||
jq
|
||||
shellcheck
|
||||
wget
|
||||
sudo
|
||||
gnupg-agent
|
||||
ca-certificates
|
||||
software-properties-common
|
||||
apt-transport-https
|
||||
libyaml-0-2
|
||||
zstd
|
||||
zip
|
||||
unzip
|
||||
xz-utils
|
||||
python3-pip
|
||||
python3-venv
|
||||
pipx
|
||||
)
|
||||
|
||||
apt-get -yq update
|
||||
apt-get -yq install --no-install-recommends --no-install-suggests "${packages[@]}"
|
||||
|
||||
ln -s "$(which python3)" "/usr/local/bin/python"
|
||||
|
||||
add-apt-repository ppa:git-core/ppa -y
|
||||
apt-get update
|
||||
apt-get install -y git
|
||||
|
||||
git --version
|
||||
|
||||
git config --system --add safe.directory '*'
|
||||
|
||||
wget https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh -qO- | bash
|
||||
apt-get update
|
||||
apt-get install -y git-lfs
|
||||
|
||||
LSB_OS_VERSION="${VERSION_ID//\./}"
|
||||
echo "LSB_OS_VERSION=${LSB_OS_VERSION}" | tee -a "/etc/environment"
|
||||
|
||||
wget -qO "/imagegeneration/toolset.json" "https://raw.githubusercontent.com/actions/virtual-environments/main/images/ubuntu/toolsets/toolset-${LSB_OS_VERSION}.json" || echo "File not available"
|
||||
wget -qO "/imagegeneration/LICENSE" "https://raw.githubusercontent.com/actions/virtual-environments/main/LICENSE"
|
||||
|
||||
if [ "$(uname -m)" = x86_64 ]; then
|
||||
wget -qO "/usr/bin/jq" "https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64"
|
||||
chmod +x "/usr/bin/jq"
|
||||
fi
|
||||
|
||||
printf "\n\t🐋 Updated apt lists and upgraded packages 🐋\t\n"
|
||||
|
||||
printf "\n\t🐋 Creating ~/.ssh and adding 'github.com' 🐋\t\n"
|
||||
mkdir -m 0700 -p ~/.ssh
|
||||
ssh-keyscan github.com >>/etc/ssh/ssh_known_hosts
|
||||
|
||||
printf "\n\t🐋 Installed base utils 🐋\t\n"
|
||||
|
||||
printf "\n\t🐋 Installing docker cli 🐋\t\n"
|
||||
install -m 0755 -d /etc/apt/keyrings
|
||||
curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
|
||||
chmod a+r /etc/apt/keyrings/docker.asc
|
||||
cat <<EOF >/etc/apt/sources.list.d/docker.sources
|
||||
Types: deb
|
||||
URIs: https://download.docker.com/linux/ubuntu
|
||||
Suites: $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}")
|
||||
Components: stable
|
||||
Signed-By: /etc/apt/keyrings/docker.asc
|
||||
EOF
|
||||
apt-get -yq update
|
||||
apt-get -yq install --no-install-recommends --no-install-suggests docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
|
||||
printf "\n\t🐋 Installed docker cli 🐋\t\n"
|
||||
docker -v
|
||||
printf "\n\t🐋 Installed docker buildx 🐋\t\n"
|
||||
docker buildx version
|
||||
IFS=' ' read -r -a NODE <<<"$NODE_VERSION"
|
||||
for ver in "${NODE[@]}"; do
|
||||
if [[ "${ver}" == "24" && "$(node_arch)" == "armv7l" ]]; then
|
||||
ver="22" # rip arm32/v7
|
||||
fi
|
||||
printf "\n\t🐋 Installing Node.JS=%s 🐋\t\n" "${ver}"
|
||||
VER=$(curl https://nodejs.org/download/release/index.json | jq "[.[] | select(.version|test(\"^v${ver}\"))][0].version" -r)
|
||||
NODEPATH="${ACT_TOOLSDIRECTORY}/node/${VER:1}/$(node_arch)"
|
||||
mkdir -v -m 0777 -p "$NODEPATH"
|
||||
wget "https://nodejs.org/download/release/latest-v${ver}.x/node-$VER-linux-$(node_arch).tar.xz" -O "node-$VER-linux-$(node_arch).tar.xz"
|
||||
tar -Jxf "node-$VER-linux-$(node_arch).tar.xz" --strip-components=1 -C "$NODEPATH"
|
||||
rm "node-$VER-linux-$(node_arch).tar.xz"
|
||||
if [[ "${ver}" == "24" ]]; then # make this version the default (latest LTS)
|
||||
sed "s|^PATH=|PATH=$NODEPATH/bin:|mg" -i /etc/environment
|
||||
ln -sfn "$NODEPATH/bin/node" /usr/local/bin/node
|
||||
ln -sfn "$NODEPATH/bin/npm" /usr/local/bin/npm
|
||||
fi
|
||||
export PATH="$NODEPATH/bin:$PATH"
|
||||
|
||||
printf "\n\t🐋 Installed Node.JS 🐋\t\n"
|
||||
"${NODEPATH}"/bin/node -v
|
||||
|
||||
printf "\n\t🐋 Installed NPM 🐋\t\n"
|
||||
"${NODEPATH}"/bin/npm -v
|
||||
done
|
||||
|
||||
case "$(uname -m)" in
|
||||
'aarch64')
|
||||
scripts=(
|
||||
yq
|
||||
)
|
||||
;;
|
||||
'x86_64')
|
||||
scripts=(
|
||||
yq
|
||||
)
|
||||
;;
|
||||
'armv7l')
|
||||
scripts=(
|
||||
yq
|
||||
)
|
||||
;;
|
||||
*) exit 1 ;;
|
||||
esac
|
||||
|
||||
for SCRIPT in "${scripts[@]}"; do
|
||||
printf "\n\t🧨 Executing %s.sh 🧨\t\n" "${SCRIPT}"
|
||||
bash "/imagegeneration/installers/${SCRIPT}.sh"
|
||||
done
|
||||
|
||||
printf "\n\t🐋 Cleaning image 🐋\t\n"
|
||||
apt-get clean
|
||||
rm -rf /var/cache/* /var/log/* /var/lib/apt/lists/* /tmp/* || echo 'Failed to delete directories'
|
||||
|
||||
printf "\n\t🐋 Cleaned up image 🐋\t\n"
|
||||
|
||||
@@ -0,0 +1,78 @@
|
||||
#!/bin/bash -e
|
||||
################################################################################
|
||||
## File: yq.sh
|
||||
## Desc: Installs YQ with checksum validation
|
||||
################################################################################
|
||||
# source: https://github.com/actions/runner-images/blob/5d6938f680075d63fa71f8aa70990866cd12884b/images/linux/scripts/installers/yq.sh
|
||||
|
||||
download_with_retries() {
|
||||
local URL="$1"
|
||||
local DEST="${2:-.}"
|
||||
local NAME="${3:-${URL##*/}}"
|
||||
echo "Downloading '$URL' to '${DEST}/${NAME}'..."
|
||||
local retries=20
|
||||
local interval=30
|
||||
while [ "$retries" -gt 0 ]; do
|
||||
((retries--)) || true
|
||||
if curl -fsSL -o "${DEST}/${NAME}" "$URL"; then
|
||||
echo "Download completed"
|
||||
return 0
|
||||
fi
|
||||
echo "Error downloading. Waiting ${interval}s before retry, ${retries} attempts left"
|
||||
sleep "$interval"
|
||||
done
|
||||
echo "Could not download $URL"
|
||||
return 1
|
||||
}
|
||||
|
||||
get_hash_from_remote_file() {
|
||||
local url=$1
|
||||
local keywords=("$2" "$3")
|
||||
local delimiter=${4:-' '}
|
||||
local word_number=${5:-1}
|
||||
local matching_line
|
||||
matching_line=$(curl -fsSL "$url" | sed 's/ */ /g' | tr -d '`')
|
||||
for keyword in "${keywords[@]}"; do
|
||||
matching_line=$(echo "$matching_line" | grep "$keyword" || true)
|
||||
done
|
||||
matching_line=$(echo "$matching_line" | head -n1)
|
||||
if [ -z "$matching_line" ]; then
|
||||
echo "Keywords (${keywords[*]}) not found in the file with hashes." >&2
|
||||
exit 1
|
||||
fi
|
||||
echo "$matching_line" | cut -d "$delimiter" -f "$word_number" | tr -d -c '[:alnum:]'
|
||||
}
|
||||
|
||||
use_checksum_comparison() {
|
||||
local file_path=$1
|
||||
local checksum=$2
|
||||
local sha_type=${3:-256}
|
||||
local local_file_hash
|
||||
echo "Performing checksum verification"
|
||||
if [ ! -f "$file_path" ]; then
|
||||
echo "File not found: $file_path" >&2
|
||||
exit 1
|
||||
fi
|
||||
local_file_hash=$(shasum -a "$sha_type" "$file_path" | awk '{print $1}')
|
||||
if [ "$local_file_hash" != "$checksum" ]; then
|
||||
echo "Checksum verification failed. Expected: $checksum; Actual: $local_file_hash." >&2
|
||||
exit 1
|
||||
fi
|
||||
echo "Checksum verification passed"
|
||||
}
|
||||
|
||||
yq_arch() {
|
||||
case "$(uname -m)" in
|
||||
'aarch64') echo 'arm64' ;;
|
||||
'x86_64') echo 'amd64' ;;
|
||||
'armv7l') echo 'arm' ;;
|
||||
*) exit 1 ;;
|
||||
esac
|
||||
}
|
||||
|
||||
base_url="https://github.com/mikefarah/yq/releases/latest/download"
|
||||
filename="yq_linux_$(yq_arch)"
|
||||
download_with_retries "${base_url}/${filename}" "/tmp" "yq"
|
||||
external_hash=$(get_hash_from_remote_file "${base_url}/checksums" "${filename} " "" " " "19")
|
||||
use_checksum_comparison "/tmp/yq" "${external_hash}"
|
||||
sudo install /tmp/yq /usr/bin/yq
|
||||
Reference in New Issue
Block a user