From b49b25e180af7c795ac178375944d63b1794817e Mon Sep 17 00:00:00 2001 From: Carly Gundy <47304080+cgundy@users.noreply.github.com> Date: Wed, 31 Jul 2024 10:57:22 +0200 Subject: [PATCH] chore(IDX): create minimal image (#682) This PR introduces a minimal runner images that can be used across all dfinity orgs. The reason for this is that self-hosted runners must use a container image, but using `build-ic` for all jobs not in the ic repo is impractical. Because the image is public it can be used in other orgs as well. --- .github/minimal-runner-image/Dockerfile | 20 +++++++++ .github/minimal-runner-image/README.md | 3 ++ .github/minimal-runner-image/TAG | 1 + .../workflows/build-minimal-runner-image.yml | 43 +++++++++++++++++++ 4 files changed, 67 insertions(+) create mode 100644 .github/minimal-runner-image/Dockerfile create mode 100644 .github/minimal-runner-image/README.md create mode 100644 .github/minimal-runner-image/TAG create mode 100644 .github/workflows/build-minimal-runner-image.yml diff --git a/.github/minimal-runner-image/Dockerfile b/.github/minimal-runner-image/Dockerfile new file mode 100644 index 000000000000..38e1ab772d0d --- /dev/null +++ b/.github/minimal-runner-image/Dockerfile @@ -0,0 +1,20 @@ +FROM ubuntu:20.04 + +RUN apt -yq update && \ + apt -yq install --no-install-recommends git curl wget ca-certificates sudo build-essential jq xxd + +RUN groupadd -g 1001 runner && useradd -ms /bin/bash -u 1001 -g 1001 runner && \ + echo "ALL ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers + +USER runner + +# Set PATH for runner user +ENV PATH=/ic/bin:/home/runner/.cargo/bin:/home/runner/.local/bin:$PATH + +# Install rustup and cargo +ARG RUST_VERSION=1.79.0 +RUN curl --fail https://sh.rustup.rs -sSf \ + | sh -s -- -y --default-toolchain ${RUST_VERSION}-x86_64-unknown-linux-gnu --no-modify-path && \ + rustup default ${RUST_VERSION}-x86_64-unknown-linux-gnu + +CMD ["/bin/bash"] diff --git a/.github/minimal-runner-image/README.md b/.github/minimal-runner-image/README.md new file mode 100644 index 000000000000..6f148f34bbb6 --- /dev/null +++ b/.github/minimal-runner-image/README.md @@ -0,0 +1,3 @@ +# Minimal Runner Image + +We maintain a minimal image that can be used for all self-hosted runners across dfinity. The reason why it is stored in the `ic` repo, is because GHCR can only create public images from a repo that is public. It is also a central repo that many developers use and can easily refer to. This is an alternative to using the full `ic-build` image which is much larger. diff --git a/.github/minimal-runner-image/TAG b/.github/minimal-runner-image/TAG new file mode 100644 index 000000000000..49d59571fbf6 --- /dev/null +++ b/.github/minimal-runner-image/TAG @@ -0,0 +1 @@ +0.1 diff --git a/.github/workflows/build-minimal-runner-image.yml b/.github/workflows/build-minimal-runner-image.yml new file mode 100644 index 000000000000..d4eddfb7ccc1 --- /dev/null +++ b/.github/workflows/build-minimal-runner-image.yml @@ -0,0 +1,43 @@ +name: Build Minimal Runner Image + +on: + workflow_dispatch: + pull_request: + paths: + - '.github/workflows/build-minimal-runner-image.yml' + - '.github/minimal-runner-image/**' + +permissions: + contents: read + packages: write + +jobs: + build-and-upload-minimal-image: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@a530e948adbeb357dbca95a7f8845d385edf4438 # v3 + + - name: Login to GHCR + uses: docker/login-action@5f4866a30a54f16a52d2ecb4a3898e9e424939cf # v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Determine TAG + id: tag + run: | + echo "TAG=$(cat ${{ github.workspace }}/.github/minimal-runner-image/TAG)" >> $GITHUB_ENV + + - name: Build and push image + uses: docker/build-push-action@eb539f44b153603ccbfbd98e2ab9d4d0dcaf23a4 # v5 + with: + context: ${{ github.workspace}}/.github/minimal-runner-image + push: true + tags: | + ghcr.io/${{ github.repository_owner }}/minimal-runner-image:${{ env.TAG }} + ghcr.io/${{ github.repository_owner }}/minimal-runner-image:latest