chore(IDX): create minimal image (dfinity#682)

This PR introduces a minimal runner images that can be used across all dfinity orgs. The reason for this is that self-hosted runners must use a container image, but using `build-ic` for all jobs not in the ic repo is impractical. Because the image is public it can be used in other orgs as well.
levifeldman · Oct 1, 2024 · b49b25e · b49b25e
1 parent 2197b0f
commit b49b25e
Show file tree

Hide file tree

Showing 4 changed files with 67 additions and 0 deletions.
diff --git a/.github/minimal-runner-image/Dockerfile b/.github/minimal-runner-image/Dockerfile
@@ -0,0 +1,20 @@
+FROM ubuntu:20.04
+
+RUN apt -yq update && \
+    apt -yq install --no-install-recommends git curl wget ca-certificates sudo build-essential jq xxd
+
+RUN groupadd -g 1001 runner && useradd -ms /bin/bash -u 1001 -g 1001 runner && \
+    echo "ALL ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+
+USER runner
+
+# Set PATH for runner user
+ENV PATH=/ic/bin:/home/runner/.cargo/bin:/home/runner/.local/bin:$PATH
+
+# Install rustup and cargo
+ARG RUST_VERSION=1.79.0
+RUN curl --fail https://sh.rustup.rs -sSf \
+    | sh -s -- -y --default-toolchain ${RUST_VERSION}-x86_64-unknown-linux-gnu --no-modify-path && \
+    rustup default ${RUST_VERSION}-x86_64-unknown-linux-gnu
+
+CMD ["/bin/bash"]
diff --git a/.github/minimal-runner-image/README.md b/.github/minimal-runner-image/README.md
@@ -0,0 +1,3 @@
+# Minimal Runner Image
+
+We maintain a minimal image that can be used for all self-hosted runners across dfinity. The reason why it is stored in the `ic` repo, is because GHCR can only create public images from a repo that is public. It is also a central repo that many developers use and can easily refer to. This is an alternative to using the full `ic-build` image which is much larger.
diff --git a/.github/minimal-runner-image/TAG b/.github/minimal-runner-image/TAG
@@ -0,0 +1 @@
+0.1
diff --git a/.github/workflows/build-minimal-runner-image.yml b/.github/workflows/build-minimal-runner-image.yml
@@ -0,0 +1,43 @@
+name: Build Minimal Runner Image
+
+on:
+  workflow_dispatch:
+  pull_request:
+    paths:
+      - '.github/workflows/build-minimal-runner-image.yml'
+      - '.github/minimal-runner-image/**'
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  build-and-upload-minimal-image:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@a530e948adbeb357dbca95a7f8845d385edf4438 # v3
+
+      - name: Login to GHCR
+        uses: docker/login-action@5f4866a30a54f16a52d2ecb4a3898e9e424939cf # v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Determine TAG
+        id: tag
+        run: |
+         echo "TAG=$(cat ${{ github.workspace }}/.github/minimal-runner-image/TAG)" >> $GITHUB_ENV
+
+      - name: Build and push image
+        uses: docker/build-push-action@eb539f44b153603ccbfbd98e2ab9d4d0dcaf23a4 # v5
+        with:
+          context: ${{ github.workspace}}/.github/minimal-runner-image
+          push: true
+          tags: |
+            ghcr.io/${{ github.repository_owner }}/minimal-runner-image:${{ env.TAG }}
+            ghcr.io/${{ github.repository_owner }}/minimal-runner-image:latest