From 9eda13d511e05bfa485f91e41f216cb13178b3c3 Mon Sep 17 00:00:00 2001 From: Maxim Rychkov Date: Wed, 27 May 2026 10:40:59 +0500 Subject: [PATCH 01/10] feat: add DinD config for amd64 and arm64 runners --- .env.example | 4 +++ .reusable-runner.yml | 17 +++++++++++ DockerImage/Dockerfile | 59 ++++++++++++++++++++++++++++++++++++++ DockerImage/Dockerfile.mac | 48 +++++++++++++++++++++++++++++++ DockerImage/start.sh | 17 +++++++++++ docker-compose.yml | 19 ++++++++++++ 6 files changed, 164 insertions(+) create mode 100644 .env.example create mode 100644 .reusable-runner.yml create mode 100644 DockerImage/Dockerfile create mode 100644 DockerImage/Dockerfile.mac create mode 100644 DockerImage/start.sh create mode 100644 docker-compose.yml diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..7390eb6 --- /dev/null +++ b/.env.example @@ -0,0 +1,4 @@ +REPOSITORY_OWNER=TourmalineCore +REG_TOKEN= +RUNNER_GROUP=Default +LABELS=self-hosted \ No newline at end of file diff --git a/.reusable-runner.yml b/.reusable-runner.yml new file mode 100644 index 0000000..fc79eb3 --- /dev/null +++ b/.reusable-runner.yml @@ -0,0 +1,17 @@ +services: + runner: + build: + context: ./DockerImage + restart: unless-stopped + env_file: .env + privileged: true + deploy: + mode: replicated + replicas: 2 + resources: + limits: + cpus: '2' + memory: 2G + reservations: + cpus: '0.4' + memory: 256M \ No newline at end of file diff --git a/DockerImage/Dockerfile b/DockerImage/Dockerfile new file mode 100644 index 0000000..f507436 --- /dev/null +++ b/DockerImage/Dockerfile @@ -0,0 +1,59 @@ +FROM ubuntu:24.04 + +ARG RUNNER_VERSION="2.334.0" +ARG DOCKER_VERSION="29.5.2" + +# curl and sudo is needed to install packages +# libicu-dev is needed to run a runner +# ca-certificates is needed to install docker +RUN apt-get update -y && \ + apt-get upgrade -y && \ + apt-get install -y \ + curl \ + sudo \ + libicu-dev \ + ca-certificates + +RUN install -m 0755 -d /etc/apt/keyrings && \ + curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc && \ + chmod a+r /etc/apt/keyrings/docker.asc && \ + # Add the repository to Apt sources: + echo \ + "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ + $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \ + tee /etc/apt/sources.list.d/docker.list > /dev/null && \ + apt-get update && \ + apt install -y --no-install-recommends \ + containerd.io \ + docker-buildx-plugin \ + docker-ce=5:${DOCKER_VERSION}-1~ubuntu.24.04~noble \ + docker-ce-cli=5:${DOCKER_VERSION}-1~ubuntu.24.04~noble \ + docker-compose-plugin && \ + rm -rf /var/lib/apt/lists/* + +RUN curl -fsSL --retry 3 "https://github.com/moby/moby/raw/docker-v${DOCKER_VERSION}/hack/dind" -o /usr/local/bin/dind \ + && chmod a+x /usr/local/bin/dind + +# Ranner cannot be run as the root user, so it`s needed to create a separate user +RUN useradd -m runner && \ + usermod -aG docker runner && \ + usermod -aG sudo runner && \ + echo "%sudo ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers + +RUN cd /home/runner && \ + mkdir actions-runner && \ + cd actions-runner && \ + curl -o actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz -L https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz && \ + tar xzf ./actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz + +USER runner + +# Copy the start script and make it executable +COPY start.sh /start.sh +RUN sudo chmod +x /start.sh + +# Without this volume docker can't mount and use the overlay2 storage-driver, and will instead use the slower VFS +# Also without this volume and overlay2, errors occur when creating a cluster using kind +VOLUME /var/lib/docker + +ENTRYPOINT ["/start.sh"] \ No newline at end of file diff --git a/DockerImage/Dockerfile.mac b/DockerImage/Dockerfile.mac new file mode 100644 index 0000000..bbd45df --- /dev/null +++ b/DockerImage/Dockerfile.mac @@ -0,0 +1,48 @@ +FROM --platform=linux/arm64 ubuntu:24.04 + +ARG RUNNER_VERSION="2.334.0" + +# curl and sudo is needed to install packages +# libicu-dev is needed to run a runner +# ca-certificates is needed to install docker +RUN apt-get update -y && \ + apt-get upgrade -y && \ + apt-get install -y \ + curl \ + sudo \ + libicu-dev \ + ca-certificates + +RUN install -m 0755 -d /etc/apt/keyrings && \ + curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc && \ + chmod a+r /etc/apt/keyrings/docker.asc && \ + # Add the repository to Apt sources: + echo \ + "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ + $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \ + tee /etc/apt/sources.list.d/docker.list > /dev/null && \ + apt-get update && \ + apt install -y --no-install-recommends \ + containerd.io \ + docker-buildx-plugin \ + docker-ce-cli \ + docker-compose-plugin && \ + rm -rf /var/lib/apt/lists/* + +# Ranner cannot be run as the root user, so it`s needed to create a separate user +RUN useradd -m runner && \ + usermod -aG root runner + +RUN cd /home/runner && \ + mkdir actions-runner && \ + cd actions-runner && \ + curl -o actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz -L https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz && \ + tar xzf ./actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz + +# Copy the start script and make it executable +COPY start.sh /start.sh +RUN sudo chmod +x /start.sh + +USER runner + +ENTRYPOINT ["/start.sh"] \ No newline at end of file diff --git a/DockerImage/start.sh b/DockerImage/start.sh new file mode 100644 index 0000000..a160542 --- /dev/null +++ b/DockerImage/start.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +cd /home/runner/actions-runner || exit + +./config.sh --url https://github.com/${REPOSITORY_OWNER} --token ${REG_TOKEN} --runnergroup $RUNNER_GROUP --labels $LABELS + +sudo /usr/local/bin/dind dockerd --log-level=error & + +cleanup() { + echo "Removing runner..." + ./config.sh remove --unattended --token ${REG_TOKEN} +} + +trap 'cleanup; exit 130' INT +trap 'cleanup; exit 143' TERM + +./run.sh & wait $! \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..c27a9bb --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,19 @@ +services: + amd64-runner: + profiles: + - amd64 + build: + dockerfile: Dockerfile + extends: + file: .reusable-runner.yml + service: runner + + arm64-runner: + profiles: + - arm64 + build: + dockerfile: Dockerfile.mac + platform: linux/arm64 + extends: + file: .reusable-runner.yml + service: runner From 41bb7c7c1c79289faa6aef6180695fe7a50b28a8 Mon Sep 17 00:00:00 2001 From: Maxim Rychkov Date: Wed, 27 May 2026 16:56:53 +0500 Subject: [PATCH 02/10] fix: add cleanup to the start script because without it docker won't start after restart --- DockerImage/start.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/DockerImage/start.sh b/DockerImage/start.sh index a160542..052c355 100644 --- a/DockerImage/start.sh +++ b/DockerImage/start.sh @@ -2,6 +2,10 @@ cd /home/runner/actions-runner || exit +# Cleanup docker dirs because docker fails to start if they haven`t been cleaned up after restart +sudo rm -f /var/run/docker.pid +sudo rm -rf /var/run/docker + ./config.sh --url https://github.com/${REPOSITORY_OWNER} --token ${REG_TOKEN} --runnergroup $RUNNER_GROUP --labels $LABELS sudo /usr/local/bin/dind dockerd --log-level=error & From f5513c4f184c39cc2de3ea8e386272d3a45a2fc7 Mon Sep 17 00:00:00 2001 From: Maxim Rychkov Date: Wed, 27 May 2026 16:57:42 +0500 Subject: [PATCH 03/10] cleanup: remove --unattended flag in the cleanup command because it's not needed --- DockerImage/start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DockerImage/start.sh b/DockerImage/start.sh index 052c355..92b335c 100644 --- a/DockerImage/start.sh +++ b/DockerImage/start.sh @@ -12,7 +12,7 @@ sudo /usr/local/bin/dind dockerd --log-level=error & cleanup() { echo "Removing runner..." - ./config.sh remove --unattended --token ${REG_TOKEN} + ./config.sh remove --token ${REG_TOKEN} } trap 'cleanup; exit 130' INT From 49b883545568036a4a2c7fe2b3c8abf3720e4702 Mon Sep 17 00:00:00 2001 From: Maxim Rychkov Date: Wed, 27 May 2026 16:58:44 +0500 Subject: [PATCH 04/10] chore: add TARGETARCH to select runner arch and use one Dockerfile for both archs --- .reusable-runner.yml | 1 + DockerImage/Dockerfile | 13 ++++++++----- docker-compose.yml | 4 ---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.reusable-runner.yml b/.reusable-runner.yml index fc79eb3..bc3da81 100644 --- a/.reusable-runner.yml +++ b/.reusable-runner.yml @@ -1,6 +1,7 @@ services: runner: build: + dockerfile: Dockerfile context: ./DockerImage restart: unless-stopped env_file: .env diff --git a/DockerImage/Dockerfile b/DockerImage/Dockerfile index f507436..109916f 100644 --- a/DockerImage/Dockerfile +++ b/DockerImage/Dockerfile @@ -34,17 +34,20 @@ RUN install -m 0755 -d /etc/apt/keyrings && \ RUN curl -fsSL --retry 3 "https://github.com/moby/moby/raw/docker-v${DOCKER_VERSION}/hack/dind" -o /usr/local/bin/dind \ && chmod a+x /usr/local/bin/dind -# Ranner cannot be run as the root user, so it`s needed to create a separate user +# Runner cannot be run as the root user, so it`s needed to create a separate user RUN useradd -m runner && \ usermod -aG docker runner && \ usermod -aG sudo runner && \ echo "%sudo ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers -RUN cd /home/runner && \ +ARG TARGETARCH + +RUN ARCH=$([ "$TARGETARCH" = "amd64" ] && echo x64 || echo arm64) && \ + cd /home/runner && \ mkdir actions-runner && \ cd actions-runner && \ - curl -o actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz -L https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz && \ - tar xzf ./actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz + curl -o actions-runner-linux-${ARCH}-${RUNNER_VERSION}.tar.gz -L https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-${ARCH}-${RUNNER_VERSION}.tar.gz && \ + tar xzf ./actions-runner-linux-${ARCH}-${RUNNER_VERSION}.tar.gz USER runner @@ -56,4 +59,4 @@ RUN sudo chmod +x /start.sh # Also without this volume and overlay2, errors occur when creating a cluster using kind VOLUME /var/lib/docker -ENTRYPOINT ["/start.sh"] \ No newline at end of file +ENTRYPOINT ["/start.sh"] diff --git a/docker-compose.yml b/docker-compose.yml index c27a9bb..be27d54 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,8 +2,6 @@ services: amd64-runner: profiles: - amd64 - build: - dockerfile: Dockerfile extends: file: .reusable-runner.yml service: runner @@ -11,8 +9,6 @@ services: arm64-runner: profiles: - arm64 - build: - dockerfile: Dockerfile.mac platform: linux/arm64 extends: file: .reusable-runner.yml From e545e212986e259e82fa32cdfcba1c6ee41dac5b Mon Sep 17 00:00:00 2001 From: Maxim Rychkov Date: Mon, 1 Jun 2026 15:50:32 +0500 Subject: [PATCH 05/10] chore: remove not needed cleanup trigger --- DockerImage/start.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/DockerImage/start.sh b/DockerImage/start.sh index 92b335c..8387536 100644 --- a/DockerImage/start.sh +++ b/DockerImage/start.sh @@ -15,7 +15,6 @@ cleanup() { ./config.sh remove --token ${REG_TOKEN} } -trap 'cleanup; exit 130' INT -trap 'cleanup; exit 143' TERM +trap 'cleanup' TERM ./run.sh & wait $! \ No newline at end of file From f41da6d2a78b885bad7d1695b75e07b4a2b097ce Mon Sep 17 00:00:00 2001 From: Maxim Rychkov Date: Mon, 1 Jun 2026 15:51:16 +0500 Subject: [PATCH 06/10] cleanup: remove not needed Dockerfile for mac, because now we can use one DOckerfile for both arm64 and amd64 --- .reusable-runner.yml | 18 -------------- DockerImage/Dockerfile.mac | 48 -------------------------------------- docker-compose.yml | 31 +++++++++++++----------- 3 files changed, 17 insertions(+), 80 deletions(-) delete mode 100644 .reusable-runner.yml delete mode 100644 DockerImage/Dockerfile.mac diff --git a/.reusable-runner.yml b/.reusable-runner.yml deleted file mode 100644 index bc3da81..0000000 --- a/.reusable-runner.yml +++ /dev/null @@ -1,18 +0,0 @@ -services: - runner: - build: - dockerfile: Dockerfile - context: ./DockerImage - restart: unless-stopped - env_file: .env - privileged: true - deploy: - mode: replicated - replicas: 2 - resources: - limits: - cpus: '2' - memory: 2G - reservations: - cpus: '0.4' - memory: 256M \ No newline at end of file diff --git a/DockerImage/Dockerfile.mac b/DockerImage/Dockerfile.mac deleted file mode 100644 index bbd45df..0000000 --- a/DockerImage/Dockerfile.mac +++ /dev/null @@ -1,48 +0,0 @@ -FROM --platform=linux/arm64 ubuntu:24.04 - -ARG RUNNER_VERSION="2.334.0" - -# curl and sudo is needed to install packages -# libicu-dev is needed to run a runner -# ca-certificates is needed to install docker -RUN apt-get update -y && \ - apt-get upgrade -y && \ - apt-get install -y \ - curl \ - sudo \ - libicu-dev \ - ca-certificates - -RUN install -m 0755 -d /etc/apt/keyrings && \ - curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc && \ - chmod a+r /etc/apt/keyrings/docker.asc && \ - # Add the repository to Apt sources: - echo \ - "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ - $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \ - tee /etc/apt/sources.list.d/docker.list > /dev/null && \ - apt-get update && \ - apt install -y --no-install-recommends \ - containerd.io \ - docker-buildx-plugin \ - docker-ce-cli \ - docker-compose-plugin && \ - rm -rf /var/lib/apt/lists/* - -# Ranner cannot be run as the root user, so it`s needed to create a separate user -RUN useradd -m runner && \ - usermod -aG root runner - -RUN cd /home/runner && \ - mkdir actions-runner && \ - cd actions-runner && \ - curl -o actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz -L https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz && \ - tar xzf ./actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz - -# Copy the start script and make it executable -COPY start.sh /start.sh -RUN sudo chmod +x /start.sh - -USER runner - -ENTRYPOINT ["/start.sh"] \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index be27d54..4016317 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,15 +1,18 @@ services: - amd64-runner: - profiles: - - amd64 - extends: - file: .reusable-runner.yml - service: runner - - arm64-runner: - profiles: - - arm64 - platform: linux/arm64 - extends: - file: .reusable-runner.yml - service: runner + runner: + build: + dockerfile: Dockerfile + context: ./DockerImage + restart: unless-stopped + env_file: .env + privileged: true + deploy: + mode: replicated + replicas: 2 + resources: + limits: + cpus: '2' + memory: 2G + reservations: + cpus: '0.4' + memory: 256M From abd550e45b10980e7371968d5cc7b90f99879dbf Mon Sep 17 00:00:00 2001 From: Maxim Rychkov Date: Mon, 1 Jun 2026 15:51:45 +0500 Subject: [PATCH 07/10] git: add .gitignore file --- .gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2eea525 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.env \ No newline at end of file From 482fea955f920bfa73075de9cf1a90eb68d23554 Mon Sep 17 00:00:00 2001 From: Maxim Rychkov Date: Mon, 1 Jun 2026 15:51:59 +0500 Subject: [PATCH 08/10] ci: change docker version --- DockerImage/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/DockerImage/Dockerfile b/DockerImage/Dockerfile index 109916f..cbb527a 100644 --- a/DockerImage/Dockerfile +++ b/DockerImage/Dockerfile @@ -1,7 +1,7 @@ FROM ubuntu:24.04 ARG RUNNER_VERSION="2.334.0" -ARG DOCKER_VERSION="29.5.2" +ARG DOCKER_VERSION="28.5.2" # curl and sudo is needed to install packages # libicu-dev is needed to run a runner @@ -31,7 +31,7 @@ RUN install -m 0755 -d /etc/apt/keyrings && \ docker-compose-plugin && \ rm -rf /var/lib/apt/lists/* -RUN curl -fsSL --retry 3 "https://github.com/moby/moby/raw/docker-v${DOCKER_VERSION}/hack/dind" -o /usr/local/bin/dind \ +RUN curl -fsSL --retry 3 "https://github.com/moby/moby/raw/v${DOCKER_VERSION}/hack/dind" -o /usr/local/bin/dind \ && chmod a+x /usr/local/bin/dind # Runner cannot be run as the root user, so it`s needed to create a separate user From 6ad87eb33d589cdfffdc8c5ea796b2936b4c0ffa Mon Sep 17 00:00:00 2001 From: Maxim Rychkov Date: Tue, 2 Jun 2026 17:08:26 +0500 Subject: [PATCH 09/10] git: add.gitattributes to enforce LF line-endings --- .gitattributes | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitattributes diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..94f480d --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +* text=auto eol=lf \ No newline at end of file From 957ccac24849341aac48c4db1aa1c090d8bdf396 Mon Sep 17 00:00:00 2001 From: Maxim Rychkov Date: Wed, 3 Jun 2026 15:42:42 +0500 Subject: [PATCH 10/10] chore: remove libicu package because it will be installed by installdependencies script --- DockerImage/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/DockerImage/Dockerfile b/DockerImage/Dockerfile index cbb527a..fb8a666 100644 --- a/DockerImage/Dockerfile +++ b/DockerImage/Dockerfile @@ -11,7 +11,6 @@ RUN apt-get update -y && \ apt-get install -y \ curl \ sudo \ - libicu-dev \ ca-certificates RUN install -m 0755 -d /etc/apt/keyrings && \ @@ -49,6 +48,8 @@ RUN ARCH=$([ "$TARGETARCH" = "amd64" ] && echo x64 || echo arm64) && \ curl -o actions-runner-linux-${ARCH}-${RUNNER_VERSION}.tar.gz -L https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-${ARCH}-${RUNNER_VERSION}.tar.gz && \ tar xzf ./actions-runner-linux-${ARCH}-${RUNNER_VERSION}.tar.gz +RUN /home/runner/actions-runner/bin/installdependencies.sh + USER runner # Copy the start script and make it executable