Move Docker and git-core/ppa installs to the build stage.

This reduces the overall runtime image size by ~301MB. (1.24GB to 939MB).
actions · Jun 6, 2024 · 5991aad · 5991aad
1 parent 4ef34c4
commit 5991aad
Showing 1 changed file with 20 additions and 10 deletions.
diff --git a/images/Dockerfile b/images/Dockerfile
@@ -21,6 +21,7 @@ RUN curl -f -L -o runner-container-hooks.zip https://github.com/actions/runner-c
  && unzip ./runner-container-hooks.zip -d ./k8s \
  && rm runner-container-hooks.zip
 
+WORKDIR /actions-docker
 RUN export RUNNER_ARCH=${TARGETARCH} \
  && if [ "$RUNNER_ARCH" = "amd64" ]; then export DOCKER_ARCH=x86_64 ; fi \
  && if [ "$RUNNER_ARCH" = "arm64" ]; then export DOCKER_ARCH=aarch64 ; fi \
@@ -32,34 +33,43 @@ RUN export RUNNER_ARCH=${TARGETARCH} \
  "https://github.com/docker/buildx/releases/download/v${BUILDX_VERSION}/buildx-v${BUILDX_VERSION}.linux-${TARGETARCH}" \
  && chmod +x /usr/local/lib/docker/cli-plugins/docker-buildx
 
+# Configure git-core/ppa based on guidance here: https://git-scm.com/download/linux
+# The second `apt update` isn't strictly necessary, but let's leave it here to force the
+# image build to break if the ppa is suddenly unavailable.
+WORKDIR /ppa
+RUN apt update -y \
+ && apt install -y --no-install-recommends sudo lsb-release gpg-agent software-properties-common \
+ && add-apt-repository ppa:git-core/ppa \
+ && apt update -y
+
 FROM mcr.microsoft.com/dotnet/runtime-deps:6.0-jammy
 
 ENV DEBIAN_FRONTEND=noninteractive
 ENV RUNNER_MANUALLY_TRAP_SIG=1
 ENV ACTIONS_RUNNER_PRINT_LOG_TO_STDOUT=1
 ENV ImageOS=ubuntu22
 
-# 'gpg-agent' and 'software-properties-common' are needed for the 'add-apt-repository' command that follows
 RUN apt update -y \
- && apt install -y --no-install-recommends sudo lsb-release gpg-agent software-properties-common \
+ && apt install -y --no-install-recommends sudo lsb-release \
  && rm -rf /var/lib/apt/lists/*
 
-# Configure git-core/ppa based on guidance here: https://git-scm.com/download/linux
-RUN add-apt-repository ppa:git-core/ppa \
- && apt update -y
-
 RUN adduser --disabled-password --gecos "" --uid 1001 runner \
  && groupadd docker --gid 123 \
  && usermod -aG sudo runner \
  && usermod -aG docker runner \
  && echo "%sudo ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers \
  && echo "Defaults env_keep += \"DEBIAN_FRONTEND\"" >> /etc/sudoers
 
-WORKDIR /home/runner
-
-COPY --chown=runner:docker --from=build /actions-runner .
+# Copy Docker files from build stage
+COPY --from=build --chown=root:root --chmod=0755 /actions-docker/docker/* /usr/bin/
 COPY --from=build /usr/local/lib/docker/cli-plugins/docker-buildx /usr/local/lib/docker/cli-plugins/docker-buildx
 
-RUN install -o root -g root -m 755 docker/* /usr/bin/ && rm -rf docker
+# Copy PPAs from build stage
+COPY --from=build /etc/apt/sources.list.d/*.list /etc/apt/sources.list.d/
+COPY --from=build /etc/apt/trusted.gpg.d/*.gpg /etc/apt/trusted.gpg.d/
+
+# Copy everything from /actions-runner in the build stage as our runner home
+WORKDIR /home/runner
+COPY --chown=runner:docker --from=build /actions-runner .
 
 USER runner