diff --git a/images/Dockerfile b/images/Dockerfile index c8a02ddf666..603087e0f29 100644 --- a/images/Dockerfile +++ b/images/Dockerfile @@ -21,6 +21,7 @@ RUN curl -f -L -o runner-container-hooks.zip https://github.com/actions/runner-c && unzip ./runner-container-hooks.zip -d ./k8s \ && rm runner-container-hooks.zip +WORKDIR /actions-docker RUN export RUNNER_ARCH=${TARGETARCH} \ && if [ "$RUNNER_ARCH" = "amd64" ]; then export DOCKER_ARCH=x86_64 ; fi \ && if [ "$RUNNER_ARCH" = "arm64" ]; then export DOCKER_ARCH=aarch64 ; fi \ @@ -32,6 +33,15 @@ RUN export RUNNER_ARCH=${TARGETARCH} \ "https://github.com/docker/buildx/releases/download/v${BUILDX_VERSION}/buildx-v${BUILDX_VERSION}.linux-${TARGETARCH}" \ && chmod +x /usr/local/lib/docker/cli-plugins/docker-buildx +# Configure git-core/ppa based on guidance here: https://git-scm.com/download/linux +# The second `apt update` isn't strictly necessary, but let's leave it here to force the +# image build to break if the ppa is suddenly unavailable. +WORKDIR /ppa +RUN apt update -y \ + && apt install -y --no-install-recommends sudo lsb-release gpg-agent software-properties-common \ + && add-apt-repository ppa:git-core/ppa \ + && apt update -y + FROM mcr.microsoft.com/dotnet/runtime-deps:6.0-jammy ENV DEBIAN_FRONTEND=noninteractive @@ -39,15 +49,10 @@ ENV RUNNER_MANUALLY_TRAP_SIG=1 ENV ACTIONS_RUNNER_PRINT_LOG_TO_STDOUT=1 ENV ImageOS=ubuntu22 -# 'gpg-agent' and 'software-properties-common' are needed for the 'add-apt-repository' command that follows RUN apt update -y \ - && apt install -y --no-install-recommends sudo lsb-release gpg-agent software-properties-common \ + && apt install -y sudo lsb-release \ && rm -rf /var/lib/apt/lists/* -# Configure git-core/ppa based on guidance here: https://git-scm.com/download/linux -RUN add-apt-repository ppa:git-core/ppa \ - && apt update -y - RUN adduser --disabled-password --gecos "" --uid 1001 runner \ && groupadd docker --gid 123 \ && usermod -aG sudo runner \ @@ -55,11 +60,16 @@ RUN adduser --disabled-password --gecos "" --uid 1001 runner \ && echo "%sudo ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers \ && echo "Defaults env_keep += \"DEBIAN_FRONTEND\"" >> /etc/sudoers -WORKDIR /home/runner - -COPY --chown=runner:docker --from=build /actions-runner . +# Copy Docker files from build stage +COPY --from=build --chown=root:root --chmod=0755 /actions-docker/docker/* /usr/bin/ COPY --from=build /usr/local/lib/docker/cli-plugins/docker-buildx /usr/local/lib/docker/cli-plugins/docker-buildx -RUN install -o root -g root -m 755 docker/* /usr/bin/ && rm -rf docker +# Copy PPAs from build stage +COPY --from=build /etc/apt/sources.list.d/*.list /etc/apt/sources.list.d/ +COPY --from=build /etc/apt/trusted.gpg.d/*.gpg /etc/apt/trusted.gpg.d/ + +# Copy everything from /actions-runner in the build stage as our runner home +WORKDIR /home/runner +COPY --chown=runner:docker --from=build /actions-runner . USER runner