diff --git a/images/Dockerfile b/images/Dockerfile index 707da217691..6d8af59a953 100644 --- a/images/Dockerfile +++ b/images/Dockerfile @@ -1,19 +1,19 @@ # Source: https://github.com/dotnet/dotnet-docker -FROM mcr.microsoft.com/dotnet/runtime-deps:6.0-jammy as build +FROM mcr.microsoft.com/dotnet/runtime-deps:8.0-noble as build ARG TARGETOS ARG TARGETARCH ARG RUNNER_VERSION ARG RUNNER_CONTAINER_HOOKS_VERSION=0.6.0 ARG DOCKER_VERSION=25.0.5 -ARG BUILDX_VERSION=0.13.2 +ARG BUILDX_VERSION=0.14.1 RUN apt update -y && apt install curl unzip -y WORKDIR /actions-runner RUN export RUNNER_ARCH=${TARGETARCH} \ && if [ "$RUNNER_ARCH" = "amd64" ]; then export RUNNER_ARCH=x64 ; fi \ - && curl -f -L -o runner.tar.gz https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-${TARGETOS}-${RUNNER_ARCH}-${RUNNER_VERSION}.tar.gz \ + && curl -f -L -o runner.tar.gz https://github.com/dfinity/runner/releases/download/v${RUNNER_VERSION}/actions-runner-${TARGETOS}-${RUNNER_ARCH}-${RUNNER_VERSION}.tar.gz \ && tar xzf ./runner.tar.gz \ && rm runner.tar.gz @@ -21,27 +21,16 @@ RUN curl -f -L -o runner-container-hooks.zip https://github.com/actions/runner-c && unzip ./runner-container-hooks.zip -d ./k8s \ && rm runner-container-hooks.zip -RUN export RUNNER_ARCH=${TARGETARCH} \ - && if [ "$RUNNER_ARCH" = "amd64" ]; then export DOCKER_ARCH=x86_64 ; fi \ - && if [ "$RUNNER_ARCH" = "arm64" ]; then export DOCKER_ARCH=aarch64 ; fi \ - && curl -fLo docker.tgz https://download.docker.com/${TARGETOS}/static/stable/${DOCKER_ARCH}/docker-${DOCKER_VERSION}.tgz \ - && tar zxvf docker.tgz \ - && rm -rf docker.tgz \ - && mkdir -p /usr/local/lib/docker/cli-plugins \ - && curl -fLo /usr/local/lib/docker/cli-plugins/docker-buildx \ - "https://github.com/docker/buildx/releases/download/v${BUILDX_VERSION}/buildx-v${BUILDX_VERSION}.linux-${TARGETARCH}" \ - && chmod +x /usr/local/lib/docker/cli-plugins/docker-buildx - -FROM mcr.microsoft.com/dotnet/runtime-deps:6.0-jammy +FROM mcr.microsoft.com/dotnet/runtime-deps:8.0-noble ENV DEBIAN_FRONTEND=noninteractive ENV RUNNER_MANUALLY_TRAP_SIG=1 ENV ACTIONS_RUNNER_PRINT_LOG_TO_STDOUT=1 -ENV ImageOS=ubuntu22 +ENV ImageOS=ubuntu24 # 'gpg-agent' and 'software-properties-common' are needed for the 'add-apt-repository' command that follows RUN apt update -y \ - && apt install -y --no-install-recommends sudo lsb-release gpg-agent software-properties-common \ + && apt install -y --no-install-recommends sudo lsb-release gpg-agent software-properties-common podman \ && rm -rf /var/lib/apt/lists/* # Configure git-core/ppa based on guidance here: https://git-scm.com/download/linux @@ -49,17 +38,18 @@ RUN add-apt-repository ppa:git-core/ppa \ && apt update -y RUN adduser --disabled-password --gecos "" --uid 1001 runner \ - && groupadd docker --gid 123 \ && usermod -aG sudo runner \ - && usermod -aG docker runner \ && echo "%sudo ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers \ && echo "Defaults env_keep += \"DEBIAN_FRONTEND\"" >> /etc/sudoers -WORKDIR /home/runner +COPY < +2.317.0-podman9 diff --git a/src/Runner.Worker/Container/DockerCommandManager.cs b/src/Runner.Worker/Container/DockerCommandManager.cs index 41b914a5ee0..675e1e0a583 100644 --- a/src/Runner.Worker/Container/DockerCommandManager.cs +++ b/src/Runner.Worker/Container/DockerCommandManager.cs @@ -113,6 +113,11 @@ public async Task DockerCreate(IExecutionContext context, ContainerInfo // OPTIONS dockerOptions.Add($"--name {container.ContainerDisplayName}"); dockerOptions.Add($"--label {DockerInstanceLabel}"); + // TODO: pull opts from env + dockerOptions.Add("--privileged"); + dockerOptions.Add("--cgroupns host"); + dockerOptions.Add("-u 1001:1001"); + //dockerOptions.Add("--userns keep-id"); if (!string.IsNullOrEmpty(container.ContainerWorkDirectory)) { dockerOptions.Add($"--workdir {container.ContainerWorkDirectory}"); diff --git a/src/Runner.Worker/ContainerOperationProvider.cs b/src/Runner.Worker/ContainerOperationProvider.cs index c5cccb77ef0..37bff377a3c 100644 --- a/src/Runner.Worker/ContainerOperationProvider.cs +++ b/src/Runner.Worker/ContainerOperationProvider.cs @@ -92,18 +92,23 @@ public async Task StartContainersAsync(IExecutionContext executionContext, objec // Create local docker network for this job to avoid port conflict when multiple runners run on same machine. // All containers within a job join the same network + /* executionContext.Output("##[group]Create local container network"); var containerNetwork = $"github_network_{Guid.NewGuid().ToString("N")}"; await CreateContainerNetworkAsync(executionContext, containerNetwork); executionContext.JobContext.Container["network"] = new StringContextData(containerNetwork); executionContext.Output("##[endgroup]"); + */ + // TODO: conditional logic + var containerNetwork = "host"; + executionContext.JobContext.Container["network"] = new StringContextData(containerNetwork); foreach (var container in containers) { container.ContainerNetwork = containerNetwork; await StartContainerAsync(executionContext, container); } - + await RunContainersHealthcheck(executionContext, containers); } @@ -159,8 +164,9 @@ public async Task StopContainersAsync(IExecutionContext executionContext, object { await StopContainerAsync(executionContext, container); } + // TODO: conditional // Remove the container network - await RemoveContainerNetworkAsync(executionContext, containers.First().ContainerNetwork); + //await RemoveContainerNetworkAsync(executionContext, containers.First().ContainerNetwork); } private async Task StartContainerAsync(IExecutionContext executionContext, ContainerInfo container) diff --git a/src/runnerversion b/src/runnerversion index f7103c080f6..46c0370224b 100644 --- a/src/runnerversion +++ b/src/runnerversion @@ -1 +1 @@ -2.317.0 +2.317.0-podman9