From fac3a3e740593be66a4fde63b86998b6641f4488 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Tue, 4 Feb 2025 01:17:36 +0100 Subject: [PATCH 01/11] Switch to GitHub provided baseline image --- code/container/Dockerfile | 9 +++------ code/container/install_actions.sh | 13 ------------- 2 files changed, 3 insertions(+), 19 deletions(-) delete mode 100644 code/container/install_actions.sh diff --git a/code/container/Dockerfile b/code/container/Dockerfile index 509ed69..2d5612f 100644 --- a/code/container/Dockerfile +++ b/code/container/Dockerfile @@ -1,10 +1,9 @@ -FROM myoung34/github-runner-base:ubuntu-focal +FROM ghcr.io/actions/actions-runner:2.322.0 LABEL maintainer="info@perfectthymetech.com" ENV AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache RUN mkdir -p /opt/hostedtoolcache -ARG GH_RUNNER_VERSION="2.322.0" ARG AZURE_CLI_VERSION="2.68.0" ARG PWSH_VERSION="7.5.0" ARG TARGETPLATFORM @@ -12,12 +11,10 @@ ARG TARGETPLATFORM SHELL ["/bin/bash", "-o", "pipefail", "-c"] WORKDIR /actions-runner -COPY install_actions.sh install_dependencies.sh /actions-runner/ +COPY install_dependencies.sh /actions-runner/ -RUN chmod +x /actions-runner/install_actions.sh /actions-runner/install_dependencies.sh \ - && /actions-runner/install_actions.sh ${GH_RUNNER_VERSION} ${TARGETPLATFORM} \ +RUN chmod +x /actions-runner/install_dependencies.sh \ && /actions-runner/install_dependencies.sh ${AZURE_CLI_VERSION} ${PWSH_VERSION} \ - && rm /actions-runner/install_actions.sh \ && rm /actions-runner/install_dependencies.sh \ && chown runner /_work /actions-runner /opt/hostedtoolcache diff --git a/code/container/install_actions.sh b/code/container/install_actions.sh deleted file mode 100644 index 10421a8..0000000 --- a/code/container/install_actions.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -ex -GH_RUNNER_VERSION=$1 -TARGETPLATFORM=$2 - -export TARGET_ARCH="x64" -if [[ $TARGETPLATFORM == "linux/arm64" ]]; then - export TARGET_ARCH="arm64" -fi -curl -L "https://github.com/actions/runner/releases/download/v${GH_RUNNER_VERSION}/actions-runner-linux-${TARGET_ARCH}-${GH_RUNNER_VERSION}.tar.gz" > actions.tar.gz -tar -zxf actions.tar.gz -rm -f actions.tar.gz -./bin/installdependencies.sh -mkdir /_work From 4f61a4cf6a2996bc92902cdd8700aef27921e9b1 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Tue, 4 Feb 2025 01:28:04 +0100 Subject: [PATCH 02/11] Add root command --- code/container/Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/code/container/Dockerfile b/code/container/Dockerfile index 2d5612f..355df54 100644 --- a/code/container/Dockerfile +++ b/code/container/Dockerfile @@ -1,6 +1,8 @@ FROM ghcr.io/actions/actions-runner:2.322.0 LABEL maintainer="info@perfectthymetech.com" +USER root + ENV AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache RUN mkdir -p /opt/hostedtoolcache From 388a1a833734568c91aa799a445ac4547d1e9259 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Tue, 4 Feb 2025 01:34:27 +0100 Subject: [PATCH 03/11] Test without sudo --- code/container/install_dependencies.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/code/container/install_dependencies.sh b/code/container/install_dependencies.sh index 3380a11..771c430 100644 --- a/code/container/install_dependencies.sh +++ b/code/container/install_dependencies.sh @@ -3,20 +3,20 @@ AZURE_CLI_VERSION=$1 PWSH_VERSION=$2 # Install Azure CLI -sudo apt-get install -y ca-certificates curl apt-transport-https lsb-release gnupg \ - && sudo mkdir -p /etc/apt/keyrings \ - && curl -sLS https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | sudo tee /etc/apt/keyrings/microsoft.gpg > /dev/null \ - && sudo chmod go+r /etc/apt/keyrings/microsoft.gpg \ +apt-get install -y ca-certificates curl apt-transport-https lsb-release gnupg \ + && mkdir -p /etc/apt/keyrings \ + && curl -sLS https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | tee /etc/apt/keyrings/microsoft.gpg > /dev/null \ + && chmod go+r /etc/apt/keyrings/microsoft.gpg \ && AZ_DIST=$(lsb_release -cs) \ - && echo "deb [arch=`dpkg --print-architecture` signed-by=/etc/apt/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/azure-cli/ $AZ_DIST main" | sudo tee /etc/apt/sources.list.d/azure-cli.list \ - && sudo apt-get update \ + && echo "deb [arch=`dpkg --print-architecture` signed-by=/etc/apt/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/azure-cli/ $AZ_DIST main" | tee /etc/apt/sources.list.d/azure-cli.list \ + && apt-get update \ && AZ_DIST=$(lsb_release -cs) \ - && sudo apt-get install -y azure-cli=$AZURE_CLI_VERSION-1~$AZ_DIST + && apt-get install -y azure-cli=$AZURE_CLI_VERSION-1~$AZ_DIST # Install Powershell -sudo apt-get install -y wget \ +apt-get install -y wget \ && wget https://github.com/PowerShell/PowerShell/releases/download/v$PWSH_VERSION/powershell_$PWSH_VERSION-1.deb_amd64.deb \ - && sudo dpkg -i powershell_$PWSH_VERSION-1.deb_amd64.deb \ - && sudo apt-get install -fy \ + && dpkg -i powershell_$PWSH_VERSION-1.deb_amd64.deb \ + && apt-get install -fy \ && rm powershell_$PWSH_VERSION-1.deb_amd64.deb \ && pwsh -Command "Install-Module -Name Az -Repository PSGallery -Force" From 2a81e5ad196dc8d9f05c6bac76531e4759b6d9ed Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Tue, 4 Feb 2025 10:32:26 +0100 Subject: [PATCH 04/11] Test with update --- code/container/install_dependencies.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/code/container/install_dependencies.sh b/code/container/install_dependencies.sh index 771c430..6fd80e0 100644 --- a/code/container/install_dependencies.sh +++ b/code/container/install_dependencies.sh @@ -14,7 +14,8 @@ apt-get install -y ca-certificates curl apt-transport-https lsb-release gnupg \ && apt-get install -y azure-cli=$AZURE_CLI_VERSION-1~$AZ_DIST # Install Powershell -apt-get install -y wget \ +apt-get update \ + && apt-get install -y wget \ && wget https://github.com/PowerShell/PowerShell/releases/download/v$PWSH_VERSION/powershell_$PWSH_VERSION-1.deb_amd64.deb \ && dpkg -i powershell_$PWSH_VERSION-1.deb_amd64.deb \ && apt-get install -fy \ From bd127a90c8882104d0e2ec81396f91f98cdfc34f Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Tue, 4 Feb 2025 13:33:20 +0100 Subject: [PATCH 05/11] Add mkdir --- code/container/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/code/container/Dockerfile b/code/container/Dockerfile index 355df54..df097e3 100644 --- a/code/container/Dockerfile +++ b/code/container/Dockerfile @@ -5,6 +5,7 @@ USER root ENV AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache RUN mkdir -p /opt/hostedtoolcache +RUN mkdir -p /_work ARG AZURE_CLI_VERSION="2.68.0" ARG PWSH_VERSION="7.5.0" From f4829b013af9114fa29e12dedd152e1e9b927cff Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Tue, 4 Feb 2025 13:37:58 +0100 Subject: [PATCH 06/11] push container for testing --- .github/workflows/_containerTemplate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/_containerTemplate.yml b/.github/workflows/_containerTemplate.yml index e72c182..413667c 100644 --- a/.github/workflows/_containerTemplate.yml +++ b/.github/workflows/_containerTemplate.yml @@ -101,7 +101,7 @@ jobs: with: context: ${{ inputs.working_directory }} file: ${{ inputs.working_directory }}/Dockerfile - push: ${{ github.event_name != 'pull_request' }} + push: true tags: ${{ steps.metadata.outputs.tags }} labels: ${{ steps.metadata.outputs.labels }} cache-from: type=gha From d4d699373a0783e026a0e89ee05dfa61dc4de790 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Tue, 4 Feb 2025 16:26:30 +0100 Subject: [PATCH 07/11] test push image --- .github/workflows/container.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index fcc5643..038fcf5 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -21,7 +21,7 @@ jobs: working_directory: "./code/container" registry_uri: "ghcr.io" image_namespace_name: "PerfectThymeTech" - image_name: "GitHubAgentAzure" + image_name: "github-agent" secrets: USER_NAME: ${{ github.actor }} PASSWORD: ${{ secrets.GITHUB_TOKEN }} From 027a7e2fb21d3c27005941cbb71df51bfadcbc90 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Tue, 4 Feb 2025 16:34:06 +0100 Subject: [PATCH 08/11] Try push image --- .github/workflows/_containerTemplate.yml | 4 ++-- .github/workflows/container.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/_containerTemplate.yml b/.github/workflows/_containerTemplate.yml index 413667c..1354573 100644 --- a/.github/workflows/_containerTemplate.yml +++ b/.github/workflows/_containerTemplate.yml @@ -56,7 +56,7 @@ jobs: - name: Install cosign id: install_cosign uses: sigstore/cosign-installer@v3.7.0 - if: github.event_name != 'pull_request' + # if: github.event_name != 'pull_request' with: cosign-release: 'v2.2.0' @@ -74,7 +74,7 @@ jobs: - name: Login Container Registry id: registry_login uses: docker/login-action@v3.3.0 - if: github.event_name != 'pull_request' + # if: github.event_name != 'pull_request' with: registry: ${{ inputs.registry_uri }} username: ${{ secrets.USER_NAME }} diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 038fcf5..fcc5643 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -21,7 +21,7 @@ jobs: working_directory: "./code/container" registry_uri: "ghcr.io" image_namespace_name: "PerfectThymeTech" - image_name: "github-agent" + image_name: "GitHubAgentAzure" secrets: USER_NAME: ${{ github.actor }} PASSWORD: ${{ secrets.GITHUB_TOKEN }} From d48e5428b5476c2a612ead0cd3c6a7bea5e158a4 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Tue, 4 Feb 2025 16:43:20 +0100 Subject: [PATCH 09/11] Revert workflow and test self-hosted --- .github/workflows/_containerTemplate.yml | 6 +++--- .github/workflows/lint.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/_containerTemplate.yml b/.github/workflows/_containerTemplate.yml index 1354573..e72c182 100644 --- a/.github/workflows/_containerTemplate.yml +++ b/.github/workflows/_containerTemplate.yml @@ -56,7 +56,7 @@ jobs: - name: Install cosign id: install_cosign uses: sigstore/cosign-installer@v3.7.0 - # if: github.event_name != 'pull_request' + if: github.event_name != 'pull_request' with: cosign-release: 'v2.2.0' @@ -74,7 +74,7 @@ jobs: - name: Login Container Registry id: registry_login uses: docker/login-action@v3.3.0 - # if: github.event_name != 'pull_request' + if: github.event_name != 'pull_request' with: registry: ${{ inputs.registry_uri }} username: ${{ secrets.USER_NAME }} @@ -101,7 +101,7 @@ jobs: with: context: ${{ inputs.working_directory }} file: ${{ inputs.working_directory }}/Dockerfile - push: true + push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.metadata.outputs.tags }} labels: ${{ steps.metadata.outputs.labels }} cache-from: type=gha diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 60959f4..684e893 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -10,7 +10,7 @@ on: jobs: lint: name: Lint and Test - runs-on: [ubuntu-latest] + runs-on: [self-hosted] continue-on-error: false steps: From 80f7ac820a668c5bf5b7ccc5c9d26cf15b352631 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Tue, 4 Feb 2025 18:29:52 +0100 Subject: [PATCH 10/11] Change permissions --- .github/workflows/_containerTemplate.yml | 7 ++++--- .github/workflows/lint.yml | 2 +- code/container/Dockerfile | 7 ++++++- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/.github/workflows/_containerTemplate.yml b/.github/workflows/_containerTemplate.yml index e72c182..9c47ec9 100644 --- a/.github/workflows/_containerTemplate.yml +++ b/.github/workflows/_containerTemplate.yml @@ -56,7 +56,7 @@ jobs: - name: Install cosign id: install_cosign uses: sigstore/cosign-installer@v3.7.0 - if: github.event_name != 'pull_request' + # if: github.event_name != 'pull_request' with: cosign-release: 'v2.2.0' @@ -74,7 +74,7 @@ jobs: - name: Login Container Registry id: registry_login uses: docker/login-action@v3.3.0 - if: github.event_name != 'pull_request' + # if: github.event_name != 'pull_request' with: registry: ${{ inputs.registry_uri }} username: ${{ secrets.USER_NAME }} @@ -101,7 +101,8 @@ jobs: with: context: ${{ inputs.working_directory }} file: ${{ inputs.working_directory }}/Dockerfile - push: ${{ github.event_name != 'pull_request' }} + # push: ${{ github.event_name != 'pull_request' }} + push: true tags: ${{ steps.metadata.outputs.tags }} labels: ${{ steps.metadata.outputs.labels }} cache-from: type=gha diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 684e893..385e96c 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -26,7 +26,7 @@ jobs: id: terraform_setup uses: hashicorp/setup-terraform@v3 with: - terraform_version: "1.9.6" + terraform_version: "1.10.4" terraform_wrapper: true # Checkout repository diff --git a/code/container/Dockerfile b/code/container/Dockerfile index df097e3..b5137b2 100644 --- a/code/container/Dockerfile +++ b/code/container/Dockerfile @@ -16,7 +16,10 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"] WORKDIR /actions-runner COPY install_dependencies.sh /actions-runner/ -RUN chmod +x /actions-runner/install_dependencies.sh \ +RUN apt-get update \ + && apt-get install -y curl jq \ + && chmod +x /actions-runner/install_dependencies.sh \ + && apt-get clean \ && /actions-runner/install_dependencies.sh ${AZURE_CLI_VERSION} ${PWSH_VERSION} \ && rm /actions-runner/install_dependencies.sh \ && chown runner /_work /actions-runner /opt/hostedtoolcache @@ -24,5 +27,7 @@ RUN chmod +x /actions-runner/install_dependencies.sh \ COPY token.sh entrypoint.sh app_token.sh / RUN chmod +x /token.sh /entrypoint.sh /app_token.sh +USER runner + ENTRYPOINT ["/entrypoint.sh"] CMD ["./bin/Runner.Listener", "run", "--startuptype", "service"] From a75a5509fe826955204d988a99652f59a0a3ebe3 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Tue, 4 Feb 2025 18:38:47 +0100 Subject: [PATCH 11/11] test --- .github/workflows/lint.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 385e96c..c1c6d8c 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -21,6 +21,13 @@ jobs: with: python-version: "3.11" + # Setup Node + - name: Setup Node + id: node_setup + uses: actions/setup-node@v4 + with: + node-version: 20 + # Setup Terraform - name: Setup Terraform id: terraform_setup