Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker image size reduction #3319

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Docker image size reduction #3319

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
154 changes: 99 additions & 55 deletions images/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,66 +1,110 @@
# Source: https://github.com/dotnet/dotnet-docker
FROM mcr.microsoft.com/dotnet/runtime-deps:6.0-jammy as build
ARG BUILD_FROM=mcr.microsoft.com/dotnet/runtime-deps:6.0-jammy
ARG DOCKER_VERSION=27.1.1-cli
ARG RUNNER_CONTAINER_HOOKS_VERSION=0.6.1

##############################################################################
# Create a versioned alias for docker:cli
# Dockerfile syntax does not allow variables in the COPY source, but this alias
# works perfectly.
FROM docker:${DOCKER_VERSION} AS docker-cli

##############################################################################
# This build stage has the potential to create a mess, so we isolate it and copy
# only the desired files into our final stage.
FROM $BUILD_FROM AS build

ARG TARGETOS
ARG TARGETARCH
ARG RUNNER_VERSION
ARG RUNNER_CONTAINER_HOOKS_VERSION=0.6.1
ARG DOCKER_VERSION=27.1.1
ARG BUILDX_VERSION=0.16.2

RUN apt update -y && apt install curl unzip -y
ARG RUNNER_CONTAINER_HOOKS_VERSION

WORKDIR /actions-runner
RUN export RUNNER_ARCH=${TARGETARCH} \
&& if [ "$RUNNER_ARCH" = "amd64" ]; then export RUNNER_ARCH=x64 ; fi \
&& curl -f -L -o runner.tar.gz https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-${TARGETOS}-${RUNNER_ARCH}-${RUNNER_VERSION}.tar.gz \
&& tar xzf ./runner.tar.gz \
&& rm runner.tar.gz

RUN curl -f -L -o runner-container-hooks.zip https://github.com/actions/runner-container-hooks/releases/download/v${RUNNER_CONTAINER_HOOKS_VERSION}/actions-runner-hooks-k8s-${RUNNER_CONTAINER_HOOKS_VERSION}.zip \
&& unzip ./runner-container-hooks.zip -d ./k8s \
&& rm runner-container-hooks.zip

RUN export RUNNER_ARCH=${TARGETARCH} \
&& if [ "$RUNNER_ARCH" = "amd64" ]; then export DOCKER_ARCH=x86_64 ; fi \
&& if [ "$RUNNER_ARCH" = "arm64" ]; then export DOCKER_ARCH=aarch64 ; fi \
&& curl -fLo docker.tgz https://download.docker.com/${TARGETOS}/static/stable/${DOCKER_ARCH}/docker-${DOCKER_VERSION}.tgz \
&& tar zxvf docker.tgz \
&& rm -rf docker.tgz \
&& mkdir -p /usr/local/lib/docker/cli-plugins \
&& curl -fLo /usr/local/lib/docker/cli-plugins/docker-buildx \
"https://github.com/docker/buildx/releases/download/v${BUILDX_VERSION}/buildx-v${BUILDX_VERSION}.linux-${TARGETARCH}" \
&& chmod +x /usr/local/lib/docker/cli-plugins/docker-buildx

FROM mcr.microsoft.com/dotnet/runtime-deps:6.0-jammy

ENV DEBIAN_FRONTEND=noninteractive
ENV RUNNER_MANUALLY_TRAP_SIG=1
ENV ACTIONS_RUNNER_PRINT_LOG_TO_STDOUT=1
ENV ImageOS=ubuntu22

# 'gpg-agent' and 'software-properties-common' are needed for the 'add-apt-repository' command that follows
RUN apt update -y \
&& apt install -y --no-install-recommends sudo lsb-release gpg-agent software-properties-common curl jq unzip \
&& rm -rf /var/lib/apt/lists/*

# Configure git-core/ppa based on guidance here: https://git-scm.com/download/linux
RUN add-apt-repository ppa:git-core/ppa \
&& apt update -y \
&& apt install -y --no-install-recommends git

RUN adduser --disabled-password --gecos "" --uid 1001 runner \
&& groupadd docker --gid 123 \
&& usermod -aG sudo runner \
&& usermod -aG docker runner \
&& echo "%sudo ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers \
&& echo "Defaults env_keep += \"DEBIAN_FRONTEND\"" >> /etc/sudoers

WORKDIR /home/runner
# Install support packages
# 'gpg-agent' and 'software-properties-common' are needed for 'add-apt-repository'
RUN <<EOF
#!/bin/bash
set -e
apt-get update
apt-get install -y --no-install-recommends curl unzip
apt-get install -y --no-install-recommends gpg-agent software-properties-common
EOF

COPY --chown=runner:docker --from=build /actions-runner .
COPY --from=build /usr/local/lib/docker/cli-plugins/docker-buildx /usr/local/lib/docker/cli-plugins/docker-buildx
# Configure git-core/ppa based on guidance here: https://git-scm.com/download/linux
# We will copy the .gpg and .list files generated here into the final image.
RUN add-apt-repository ppa:git-core/ppa

# Install the GitHub Actions Runner
# Valid RUNNER_ARCH selections are x64 and arm64 while TARGETARCH selections are
# amd64 and arm64 respectively.
RUN <<EOF
#!/bin/bash
set -eu
case ${TARGETARCH} in
amd64) RUNNER_ARCH=x64 ;;
*) RUNNER_ARCH=${TARGETARCH} ;;
esac
curl -fsSL https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-${TARGETOS}-${RUNNER_ARCH}-${RUNNER_VERSION}.tar.gz | tar xzf -
EOF

# Install container hooks
RUN <<EOF
#!/bin/bash
set -eu
curl -fsSLo runner-container-hooks.zip https://github.com/actions/runner-container-hooks/releases/download/v${RUNNER_CONTAINER_HOOKS_VERSION}/actions-runner-hooks-k8s-${RUNNER_CONTAINER_HOOKS_VERSION}.zip
unzip -q -d k8s runner-container-hooks.zip
rm -f runner-container-hooks.zip
EOF

##############################################################################
# This stage builds the main runner image. Much of the content is copied from
# our build stage.
FROM $BUILD_FROM

RUN install -o root -g root -m 755 docker/* /usr/bin/ && rm -rf docker
ENV DEBIAN_FRONTEND=noninteractive \
RUNNER_MANUALLY_TRAP_SIG=1 \
ACTIONS_RUNNER_PRINT_LOG_TO_STDOUT=1 \
ImageOS=ubuntu22

# Copy PPA configurations from build stage
COPY --from=build /etc/apt/sources.list.d/*.list /etc/apt/sources.list.d/
COPY --from=build /etc/apt/trusted.gpg.d/*.gpg /etc/apt/trusted.gpg.d/

# Install docker and cli-plugins as a copy from docker:cli image
COPY --from=docker-cli --chown=root:root --chmod=0555 /usr/local/bin/docker /usr/bin/docker
COPY --from=docker-cli --chown=root:root --chmod=0555 /usr/local/libexec/docker/cli-plugins/docker-buildx /usr/local/libexec/docker/cli-plugins/docker-buildx

# Install a sane set of base utilities
# 'gpg-agent' and 'software-properties-common' are needed for 'add-apt-repository'
RUN <<EOF
#!/bin/bash
set -eu

apt-get update

apt-get install -y --no-install-recommends curl git jq sudo unzip
apt-get install -y --no-install-recommends gpg-agent software-properties-common

# Cleanup apt caches and lists
apt-get clean all
rm -rf /var/lib/apt/lists/* /var/cache/apt/*
EOF

# Create the actions runner user and home directory
RUN <<EOF
#!/bin/bash
set -eu
adduser --home /home/runner --disabled-password --gecos "" --uid 1001 runner
groupadd docker --gid 123
usermod -aG sudo runner
usermod -aG docker runner
cat >/etc/sudoers.d/runner <<_SUDOERS_
%sudo ALL=(ALL:ALL) NOPASSWD:ALL
Defaults env_keep += "DEBIAN_FRONTEND"
_SUDOERS_
EOF

# Copy everything from /actions-runner in the build stage as our runner home
WORKDIR /home/runner
COPY --chown=runner:docker --from=build /actions-runner .
USER runner