Merge pull request #214 from marcel-dempers/githubactions

github actions updates
2025-06-06 17:01:30 +00:00 · 2023-10-16 22:56:39 +11:00 · 2023-10-16 22:56:39 +11:00 · 1d08bd1f9d
commit 1d08bd1f9d
parent e398b601e4 6ce511cd36
5 changed files with 200 additions and 67 deletions
--- a/.github/workflows/self-hosted-runner._yaml
+++ b/.github/workflows/self-hosted-runner._yaml
@ -0,0 +1,20 @@
 ###########################################################
 # IMPORTANT -> Rename the file extension to ".yaml" (remove "_") to enable this 
 ###########################################################
 name: Self-Hosted Runner Test
 on: 
  push:
    branches:
    - <branch-name>
 jobs:
  build:
    runs-on: self-hosted
    steps:
    - uses: actions/checkout@v2
    - name: docker build python
      run: |
        docker build ./python/introduction/ -t python:1.0.0
--- a/github/actions/self-hosted-runner/README.md
+++ b/github/actions/self-hosted-runner/README.md
@ -1,3 +1,82 @@
 # Introduction to GitHub Actions: Self hosted runners
-<a href="https://youtu.be/d3isYUrPN7s" title="githubactions"><img src="https://i.ytimg.com/vi/d3isYUrPN7s/hqdefault.jpg" width="20%" alt="introduction to github actions runners" /></a> 
+## Create a kubernetes cluster
 In this guide we we''ll need a Kubernetes cluster for testing. Let's create one using [kind](https://kind.sigs.k8s.io/) </br>
 ```
 kind create cluster --name githubactions --image kindest/node:v1.28.0@sha256:b7a4cad12c197af3ba43202d3efe03246b3f0793f162afb40a33c923952d5b31
 ```
 Let's test our cluster:
 ```
 kubectl get nodes
 NAME                          STATUS   ROLES           AGE     VERSION
 githubactions-control-plane   Ready    control-plane   2m53s   v1.28.0
 ```
 ## Running the Runner in Docker 
 We can simply install this directly on to virtual machines , but for this demo, I'd like to run it in Kubernetes inside a container. </br>
 ### Security notes
 * Running in Docker needs high priviledges.
 * Would not recommend to use these on public repositories.
 * Would recommend to always run your CI systems in seperate Kubernetes clusters.
 ### Creating a Dockerfile
 * Installing Docker CLI 
 For this to work we need a `dockerfile` and follow instructions to [Install Docker](https://docs.docker.com/engine/install/debian/).
 I would grab the content and create statements for my `dockerfile` </br>
 Now notice that we only install the `docker` CLI. </br> 
 This is because we want our running to be able to run docker commands , but the actual docker server runs elsewhere </br>
 This gives you flexibility to tighten security by running docker on the host itself and potentially run the container runtime in a non-root environment </br>
 * Installing Github Actions Runner 
 Next up we will need to install the [GitHub actions runner](https://github.com/actions/runner) in our `dockerfile`
 Now to give you a "behind the scenes" of how I usually build my `dockerfile`s, I run a container to test my installs: 
 ```
 docker build . -t github-runner:latest 
 docker run -it github-runner bash
 ```
 Next steps:
 * Now we can see `docker` is installed 
 * To see how a runner is installed, lets go to our repo | runner and click "New self-hosted runner"
 * Try these steps in the container
 * We will needfew dependencies
 * We download the runner
 * TODO
 Finally lets test the runner in `docker` 
 ```
 docker run -it -e GITHUB_PERSONAL_TOKEN="" -e GITHUB_OWNER=marcel-dempers -e GITHUB_REPOSITORY=docker-development-youtube-series github-runner
 ```
 ## Deploy to Kubernetes 
 Load our github runner image so we dont need to push it to a registry:
 ```
 kind load docker-image github-runner:latest --name githubactions
 ```
 Create a kubernetes secret with our github details 
 ```
 kubectl create ns github
 kubectl -n github create secret generic github-secret `
  --from-literal GITHUB_OWNER=marcel-dempers `
  --from-literal GITHUB_REPOSITORY=docker-development-youtube-series `
  --from-literal GITHUB_PERSONAL_TOKEN=""
 kubectl -n github apply -f kubernetes.yaml
 ```
--- a/github/actions/self-hosted-runner/dockerfile
+++ b/github/actions/self-hosted-runner/dockerfile
@ -1,40 +1,46 @@
-FROM debian:buster
+FROM debian:bookworm-slim
-ARG RUNNER_VERSION="2.169.1"
+ARG RUNNER_VERSION="2.302.1"
 ENV GITHUB_PERSONAL_TOKEN ""
 ENV GITHUB_OWNER ""
 ENV GITHUB_REPOSITORY ""
-RUN apt-get update \
+# Install Docker -> https://docs.docker.com/engine/install/debian/
-    && apt-get install -y \
+
-        curl \
+# Add Docker's official GPG key:
-        sudo \
+RUN apt-get update && \
-        git \
+    apt-get install -y ca-certificates curl gnupg
-        jq \
+RUN install -m 0755 -d /etc/apt/keyrings
-        tar \
+RUN curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
-        gnupg2 \
+RUN chmod a+r /etc/apt/keyrings/docker.gpg
-        apt-transport-https \
+
-        ca-certificates  \
+# Add the repository to Apt sources:
-    && apt-get clean \
+RUN echo \
-    && rm -rf /var/lib/apt/lists/*
+  "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
  tee /etc/apt/sources.list.d/docker.list > /dev/null
 RUN apt-get update
 # I only install the CLI, we will run docker in another container!
 RUN apt-get install -y docker-ce-cli
 # Install the GitHub Actions Runner 
 RUN apt-get update && apt-get install -y sudo jq
 RUN useradd -m github && \
-    usermod -aG sudo github && \
+  usermod -aG sudo github && \
-    echo "%sudo ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
+  echo "%sudo ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
 #setup docker runner 
 RUN curl -sSL https://get.docker.com/ | sh
 RUN usermod -aG docker github 
 USER github
-WORKDIR /home/github
+WORKDIR /actions-runner
 RUN curl -Ls https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz | tar xz \
  && sudo ./bin/installdependencies.sh
-RUN curl -O -L https://github.com/actions/runner/releases/download/v$RUNNER_VERSION/actions-runner-linux-x64-$RUNNER_VERSION.tar.gz
+COPY --chown=github:github entrypoint.sh  /actions-runner/entrypoint.sh
-RUN tar xzf ./actions-runner-linux-x64-$RUNNER_VERSION.tar.gz
+RUN sudo chmod u+x /actions-runner/entrypoint.sh
 RUN sudo ./bin/installdependencies.sh
-COPY --chown=github:github entrypoint.sh ./entrypoint.sh
+#working folder for the runner 
-RUN sudo chmod u+x ./entrypoint.sh
+RUN sudo mkdir /work 
-ENTRYPOINT ["/home/github/entrypoint.sh"]
+ENTRYPOINT ["/actions-runner/entrypoint.sh"]
--- a/github/actions/self-hosted-runner/entrypoint.sh
+++ b/github/actions/self-hosted-runner/entrypoint.sh
@ -2,14 +2,15 @@
 registration_url="https://api.github.com/repos/${GITHUB_OWNER}/${GITHUB_REPOSITORY}/actions/runners/registration-token"
 echo "Requesting registration URL at '${registration_url}'"
-payload=$(curl -sX POST -H "Authorization: token ${GITHUB_PAT}" ${registration_url})
+payload=$(curl -sX POST -H "Authorization: token ${GITHUB_PERSONAL_TOKEN}" ${registration_url})
 export RUNNER_TOKEN=$(echo $payload | jq .token --raw-output)
 ./config.sh \
    --name $(hostname) \
    --token ${RUNNER_TOKEN} \
    -- labels my-runner \
    --url https://github.com/${GITHUB_OWNER}/${GITHUB_REPOSITORY} \
-    --work ${RUNNER_WORKDIR} \
+    --work "/work" \
    --unattended \
    --replace
--- a/github/actions/self-hosted-runner/kubernetes.yaml
+++ b/github/actions/self-hosted-runner/kubernetes.yaml
@ -1,37 +1,64 @@
-apiVersion: v1
+apiVersion: apps/v1
-kind: Secret
+kind: Deployment
-metadata:
+metadata:
-  name: github-secret
+  name: github-runner
-type: Opaque
+  labels:
-data:
+    app: github-runner
-  GITHUB_PERSONAL_TOKEN: XXXXXXXXXXXXXXXXXXXXXXXXX
+spec:
---
+  replicas: 1
-apiVersion: apps/v1
+  selector:
-kind: Deployment
+    matchLabels:
-metadata:
+      app: github-runner
-  name: github-runner
+  template:
-  labels:
+    metadata:
-    app: github-runner
+      labels:
-spec:
+        app: github-runner
-  replicas: 1
+    spec:
-  selector:
+      containers:
-    matchLabels:
+      - name: github-runner
-      app: github-runner
+        imagePullPolicy: Never #use local kind image
-  template:
+        image: github-runner:latest
-    metadata:
+        env:
-      labels:
+        - name: GITHUB_OWNER
-        app: github-runner
+          valueFrom:
-    spec:
+            secretKeyRef:
-      containers:
+              name: github-secret
-      - name: github-runner
+              key: GITHUB_OWNER
-        image: aimvector/github-runner:latest
+        - name: GITHUB_REPOSITORY
-        env:
+          valueFrom:
-        - name: GITHUB_OWNER
+            secretKeyRef:
-          value: marcel-dempers
+              name: github-secret
-        - name: GITHUB_REPOSITORY
+              key: GITHUB_REPOSITORY
-          value: docker-development-youtube-series
+        - name: GITHUB_PERSONAL_TOKEN 
-        - name: GITHUB_PERSONAL_TOKEN 
+          valueFrom:
-          valueFrom:
+            secretKeyRef:
-            secretKeyRef:
+              name: github-secret
-              name: github-secret
+              key: GITHUB_PERSONAL_TOKEN
-              key: GITHUB_PERSONAL_TOKEN
+        - name: DOCKER_HOST
          value: tcp://localhost:2375
        volumeMounts:
        - name: data
          mountPath: /work/
      - name: dind 
        image: docker:24.0.6-dind
        env:
        - name: DOCKER_TLS_CERTDIR
          value: ""
        resources: 
            requests: 
                cpu: 20m 
                memory: 512Mi 
        securityContext: 
            privileged: true 
        volumeMounts: 
          - name: docker-graph-storage 
            mountPath: /var/lib/docker 
          - name: data
            mountPath: /work/
      volumes:
      - name: docker-graph-storage 
        emptyDir: {}
      - name: data
        emptyDir: {}