Skip to content

Commit 896dfc7

Browse files
committed
feat: Add RHEL GitHub Actions Runner image support for ppc64le
1 parent f4e0861 commit 896dfc7

39 files changed

Lines changed: 2219 additions & 10 deletions
Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
#!/bin/bash
2+
3+
# journalctl
4+
if command -v journalctl; then
5+
journalctl --rotate
6+
journalctl --vacuum-time=1s
7+
fi
8+
9+
# delete all .gz and rotated file
10+
find /var/log -type f -regex ".*\.gz$" -delete
11+
find /var/log -type f -regex ".*\.[0-9]$" -delete
12+
13+
# wipe log files
14+
find /var/log/ -type f -exec cp /dev/null {} \;
Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
#!/bin/bash
2+
3+
# Replace $HOME with the default user's home directory for environmental variables related to the default user home directory
4+
5+
homeDir=$(cut -d: -f6 /etc/passwd | tail -1)
6+
sed -i "s|\$HOME|$homeDir|g" /etc/environment
Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
#!/bin/bash
2+
3+
# Enable user session on boot, not on login
4+
UserId=$(cut -d: -f3 /etc/passwd | tail -1)
5+
loginctl enable-linger "$UserId"
Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
#!/bin/bash -e
2+
################################################################################
3+
## File: cleanup.sh
4+
## Desc: Perform cleanup for RHEL
5+
################################################################################
6+
7+
# before cleanup
8+
before=$(df / -Pm | awk 'NR==2{print $4}')
9+
10+
# Clear the local repository of retrieved package files
11+
yum clean all
12+
rm -rf /var/cache/yum/*
13+
rm -rf /tmp/*
14+
rm -rf /root/.cache
15+
16+
# Rotate and vacuum journal logs if `journalctl` is available
17+
if command -v journalctl; then
18+
journalctl --rotate
19+
journalctl --vacuum-time=1s
20+
fi
21+
22+
# Delete all .gz and rotated files
23+
find /var/log -type f -regex ".*\.gz$" -delete
24+
find /var/log -type f -regex ".*\.[0-9]$" -delete
25+
26+
# Wipe log files
27+
find /var/log/ -type f -exec cp /dev/null {} \;
28+
29+
# Remove mock binaries for yum/dnf
30+
prefix=/usr/local/bin
31+
for tool in yum dnf; do
32+
rm -f $prefix/$tool
33+
done
34+
35+
# after cleanup
36+
after=$(df / -Pm | awk 'NR==2{print $4}')
37+
38+
# Display size
39+
echo "Before: $before MB"
40+
echo "After : $after MB"
41+
# shellcheck disable=SC2004
42+
echo "Delta : $(($after - $before)) MB"
Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
#!/bin/bash -e
2+
################################################################################
3+
## File: configure-dnf.sh
4+
## Desc: Configure dnf/yum, install jq package, and improve package management behavior.
5+
################################################################################
6+
# Source the helpers for use with the script
7+
# shellcheck disable=SC1091
8+
source "$HELPER_SCRIPTS"/install.sh
9+
# Enable retries for DNF (maximum retries set to 10)
10+
# shellcheck disable=SC2129
11+
echo "retries=10" >> /etc/dnf/dnf.conf
12+
13+
# Automatically assume 'yes' for prompts in DNF
14+
echo "assumeyes=True" >> /etc/dnf/dnf.conf
15+
16+
# Configure DNF to always consider phased updates
17+
echo "phased_updates=1" >> /etc/dnf/dnf.conf
18+
19+
# Fix potential bad proxy or HTTP headers settings
20+
cat <<EOF >> /etc/dnf/dnf.conf
21+
http_caching=none
22+
EOF
23+
24+
# Remove unattended-upgrade equivalents if present (e.g., dnf-automatic)
25+
dnf remove -y dnf-automatic
26+
27+
# Display DNF repository configurations
28+
echo 'DNF/YUM repositories:'
29+
dnf repolist
30+
31+
# Update repositories and install jq
32+
install_dnfpkgs jq
33+
34+
# Optional: Configure parallel downloads to speed up package installation
35+
echo "max_parallel_downloads=10" >> /etc/dnf/dnf.conf
Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
#!/bin/bash -e
2+
################################################################################
3+
## File: configure-dnfpkg.sh
4+
## Desc: Configure dnf and package management settings
5+
################################################################################
6+
7+
# Source the helpers for use with the script
8+
# shellcheck disable=SC1091
9+
source "$HELPER_SCRIPTS"/etc-environment.sh
10+
11+
# Configure dnf to automatically answer 'yes' for package installation
12+
# This replaces the non-interactive mode typically set in DEBIAN_FRONTEND
13+
# shellcheck disable=SC2129
14+
echo "assumeyes=True" >> /etc/dnf/dnf.conf
15+
16+
# Prevent dnf from prompting for confirmation on replacing configuration files
17+
# Equivalent to dpkg's --force-confdef --force-confold
18+
echo "override_install_langs=en_US.UTF-8" >> /etc/dnf/dnf.conf
19+
20+
# Hide information about packages that are no longer required
21+
# dnf has an autoremove feature, but it can be configured to prevent auto removal prompts
22+
echo "clean_requirements_on_remove=True" >> /etc/dnf/dnf.conf
23+
24+
# Configure dnf to automatically clean up unused packages and dependencies
25+
echo "autoclean_metadata=True" >> /etc/dnf/dnf.conf
Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
#!/bin/bash -e
2+
################################################################################
3+
## File: configure-environment.sh
4+
## Desc: Configure system and environment
5+
################################################################################
6+
# Source the helpers for use with the script
7+
# shellcheck disable=SC1091
8+
source "$HELPER_SCRIPTS"/os.sh
9+
source "$HELPER_SCRIPTS"/etc-environment.sh
10+
11+
# Set ImageVersion and ImageOS env variables
12+
set_etc_environment_variable "ImageVersion" "${IMAGE_VERSION}"
13+
set_etc_environment_variable "ImageOS" "${IMAGE_OS}"
14+
15+
# Set the ACCEPT_EULA variable to Y value to confirm your acceptance of the End-User Licensing Agreement
16+
set_etc_environment_variable "ACCEPT_EULA" "Y"
17+
18+
# This directory is supposed to be created in $HOME and owned by user(https://github.com/actions/runner-images/issues/491)
19+
mkdir -p /etc/skel/.config/configstore
20+
# shellcheck disable=SC2016
21+
set_etc_environment_variable "XDG_CONFIG_HOME" '$HOME/.config'
22+
23+
# Change waagent entries to use /mnt for swap file
24+
# sed -i 's/ResourceDisk.Format=n/ResourceDisk.Format=y/g' /etc/waagent.conf
25+
# sed -i 's/ResourceDisk.EnableSwap=n/ResourceDisk.EnableSwap=y/g' /etc/waagent.conf
26+
# sed -i 's/ResourceDisk.SwapSizeMB=0/ResourceDisk.SwapSizeMB=4096/g' /etc/waagent.conf
27+
28+
# Add localhost alias to ::1 IPv6
29+
sed -i 's/::1 ip6-localhost ip6-loopback/::1 localhost ip6-localhost ip6-loopback/g' /etc/hosts
30+
31+
# Prepare directory and env variable for toolcache
32+
AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache
33+
mkdir -p $AGENT_TOOLSDIRECTORY && echo "Directory created." || echo "Directory already exists."
34+
set_etc_environment_variable "AGENT_TOOLSDIRECTORY" "${AGENT_TOOLSDIRECTORY}"
35+
set_etc_environment_variable "RUNNER_TOOL_CACHE" "${AGENT_TOOLSDIRECTORY}"
36+
chmod -R 777 $AGENT_TOOLSDIRECTORY
37+
38+
# https://github.com/orgs/community/discussions/47563
39+
echo 'net.ipv6.conf.all.disable_ipv6=1' | tee -a /etc/sysctl.conf
40+
echo 'net.ipv6.conf.default.disable_ipv6=1' | tee -a /etc/sysctl.conf
41+
echo 'net.ipv6.conf.lo.disable_ipv6=1' | tee -a /etc/sysctl.conf
42+
43+
# https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html
44+
# https://www.suse.com/support/kb/doc/?id=000016692
45+
echo 'vm.max_map_count=262144' | tee -a /etc/sysctl.conf
46+
47+
# https://kind.sigs.k8s.io/docs/user/known-issues/#pod-errors-due-to-too-many-open-files
48+
echo 'fs.inotify.max_user_watches=655360' | tee -a /etc/sysctl.conf
49+
echo 'fs.inotify.max_user_instances=1280' | tee -a /etc/sysctl.conf
50+
51+
# https://github.com/actions/runner-images/issues/9491
52+
echo 'vm.mmap_rnd_bits=28' | tee -a /etc/sysctl.conf
53+
54+
# https://github.com/actions/runner-images/pull/7860
55+
netfilter_rule='/etc/udev/rules.d/50-netfilter.rules'
56+
rules_directory="$(dirname "${netfilter_rule}")"
57+
mkdir -p "$rules_directory"
58+
touch $netfilter_rule
59+
echo 'ACTION=="add", SUBSYSTEM=="module", KERNEL=="nf_conntrack", RUN+="/usr/sbin/sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1"' | tee -a $netfilter_rule
Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
#!/bin/bash -e
2+
################################################################################
3+
## File: configure-image-data.sh
4+
## Desc: Create a file with image data and documentation links
5+
################################################################################
6+
# shellcheck disable=SC2153
7+
imagedata_file="$IMAGEDATA_FILE"
8+
image_version="$IMAGE_VERSION"
9+
image_version_major=${image_version/.*/} # Extract the major version
10+
image_version_minor=$(echo "$image_version" | cut -d "." -f 2) # Extract the minor version
11+
12+
# Determine OS name and version for CentOS
13+
# shellcheck disable=SC2002
14+
os_name=$(cat /etc/redhat-release | sed "s/ /\\\n/g") # Get OS name
15+
# shellcheck disable=SC1083
16+
os_version=$(rpm -E %{rhel}) # Get CentOS version
17+
image_label="centos-${os_version}" # Set image label
18+
19+
REPO_OWNER="IBM"
20+
REPO_NAME="action-runner-image-pz"
21+
BRANCH="main"
22+
23+
api_release_response=$(curl -s ${GITHUB_TOKEN:+-H "Authorization: Bearer ${GITHUB_TOKEN}"} "https://api.github.com/repos/${REPO_OWNER}/${REPO_NAME}/releases/latest")
24+
git_tag=$(echo "$api_release_response" | jq -r .tag_name)
25+
26+
build_sha=$(curl -s ${GITHUB_TOKEN:+-H "Authorization: Bearer ${GITHUB_TOKEN}"} "https://api.github.com/repos/${REPO_OWNER}/${REPO_NAME}/commits/${BRANCH}" | jq -r .sha)
27+
28+
github_url="https://github.com/${REPO_OWNER}/${REPO_NAME}/blob/${BRANCH}/images"
29+
software_url="${github_url}/centos/toolsets/toolset-${image_version_major}${image_version_minor}.json"
30+
31+
if [ "$git_tag" != "null" ] && [ -n "$git_tag" ]; then
32+
echo "Release found: ${git_tag}"
33+
tag_slug=${git_tag//\//%2F} # URL encode slashes
34+
releaseUrl="https://github.com/${REPO_OWNER}/${REPO_NAME}/releases/tag/${tag_slug}"
35+
else
36+
echo "Warning: No release found. Falling back to commit SHA: ${build_sha}"
37+
releaseUrl="https://github.com/${REPO_OWNER}/${REPO_NAME}/tree/${build_sha}"
38+
fi
39+
40+
runner_image_version="$(date +%Y%m%d)"
41+
image_build_date=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
42+
image_builder_id=$(cat /etc/machine-id 2>/dev/null || hostname -s 2>/dev/null)
43+
44+
# Create the image data JSON file
45+
cat <<EOF > "$imagedata_file"
46+
[
47+
{
48+
"group": "Runner Image Provisioner",
49+
"detail": "Commit: ${build_sha}\nBuild Date: ${image_build_date}\nBuilder ID: ${image_builder_id}"
50+
},
51+
{
52+
"group": "Operating System",
53+
"detail": "${os_name}"
54+
},
55+
{
56+
"group": "Runner Image",
57+
"detail": "Image: ${image_label}\nVersion: ${runner_image_version}\nIncluded Software: ${software_url}\nImage Release: ${releaseUrl}"
58+
}
59+
]
60+
EOF
Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
#!/bin/bash -e
2+
################################################################################
3+
## File: configure-limits.sh
4+
## Desc: Configure limits
5+
################################################################################
6+
echo 'session required pam_limits.so' >> /etc/pam.d/system-auth
7+
echo 'session required pam_limits.so' >> /etc/pam.d/password-auth
8+
echo 'DefaultLimitNOFILE=65536' >> /etc/systemd/system.conf
9+
echo 'DefaultLimitSTACK=16M:infinity' >> /etc/systemd/system.conf
10+
11+
# Raise Number of File Descriptors
12+
# shellcheck disable=SC2129
13+
echo '* soft nofile 65536' >> /etc/security/limits.conf
14+
echo '* hard nofile 65536' >> /etc/security/limits.conf
15+
16+
# Double stack size from default 8192KB
17+
echo '* soft stack 16384' >> /etc/security/limits.conf
18+
echo '* hard stack 16384' >> /etc/security/limits.conf
Lines changed: 104 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,104 @@
1+
#!/bin/bash
2+
3+
set -euo pipefail
4+
5+
header() {
6+
TS=$(date +"%Y-%m-%dT%H:%M:%S%:z")
7+
echo "${TS} +--------------------------------------------+"
8+
echo "${TS} | $*"
9+
echo "${TS} +--------------------------------------------+"
10+
echo
11+
}
12+
13+
msg() {
14+
# shellcheck disable=SC2046
15+
echo $(date +"%Y-%m-%dT%H:%M:%S%:z") "$*"
16+
}
17+
18+
check_idempotency() {
19+
header "Checking Idempotency"
20+
21+
msg "Fetching latest upstream version from ${RUNNERREPO}..."
22+
UPSTREAM_TAG=$(git ls-remote --tags --refs --sort='v:refname' "${RUNNERREPO}" | tail -n1 | awk -F/ '{print $NF}')
23+
24+
UPSTREAM_VER="${UPSTREAM_TAG#v}"
25+
msg "Latest Upstream Version: ${UPSTREAM_VER}"
26+
27+
CURRENT_VER="none"
28+
if [ -f "/opt/runner-cache/bin/Runner.Listener" ]; then
29+
CURRENT_VER=$(/opt/runner-cache/bin/Runner.Listener --version 2>/dev/null || echo "error")
30+
fi
31+
32+
msg "Current Installed Version: ${CURRENT_VER}"
33+
34+
if [ "${UPSTREAM_VER}" == "${CURRENT_VER}" ]; then
35+
header "Versions match (${UPSTREAM_VER}). Skipping build."
36+
exit 0
37+
else
38+
msg "Versions do not match or runner not installed. Proceeding with build..."
39+
fi
40+
}
41+
42+
patch_runner() {
43+
header "Cloning repo and Patching runner"
44+
cd /tmp
45+
git clone --tags -q "${RUNNERREPO}"
46+
cd runner
47+
# shellcheck disable=SC2046
48+
git checkout $(git tag --sort=-v:refname | grep '^v[0-9]' | head -n1)
49+
git apply --whitespace=nowarn "${IMAGE_FOLDER}"/runner-sdk-8.patch
50+
sed -i'' -e '/version/s/8......"$/8.0.100"/' src/global.json
51+
}
52+
53+
build_runner() {
54+
export DOTNET_NUGET_SIGNATURE_VERIFICATION=false
55+
header "Building runner binary"
56+
cd src
57+
58+
msg "Running dev layout"
59+
./dev.sh layout Release
60+
61+
msg "Creating package"
62+
./dev.sh package Release
63+
64+
msg "Running tests"
65+
./dev.sh test
66+
}
67+
68+
install_runner() {
69+
header "Installing runner"
70+
mkdir -p /opt/runner-cache
71+
tar -xf /tmp/runner/_package/*.tar.gz -C /opt/runner-cache
72+
}
73+
74+
pre_cleanup() {
75+
rm -rf /tmp/runner /opt/runner-cache
76+
}
77+
78+
post_cleanup() {
79+
rm -rf "${IMAGE_FOLDER}"/runner-sdk-8.patch \
80+
/tmp/preseed-yaml /home/ubuntu/.nuget \
81+
/home/runner/.local/share
82+
}
83+
84+
run() {
85+
check_idempotency
86+
pre_cleanup
87+
patch_runner
88+
build_runner
89+
install_runner
90+
post_cleanup
91+
}
92+
93+
RUNNERREPO="https://github.com/actions/runner"
94+
95+
# Parse arguments
96+
while getopts "a:" opt; do
97+
case ${opt} in
98+
a) RUNNERREPO=${OPTARG} ;;
99+
*) exit 1 ;;
100+
esac
101+
done
102+
shift $(( OPTIND - 1 ))
103+
104+
run

0 commit comments

Comments
 (0)