feat: Branchs generate beta docker images and improves to dockerfile setup (#7)

Author: diegolagospagopa

.github/workflows/beta-docker-branch.yml

@@ -0,0 +1,47 @@
+name: Beta docker on dev branch
+
+on:
+  push:
+    # Sequence of patterns matched against refs/heads
+    branches-ignore:
+      - 'main'
+    paths-ignore:
+      - 'CODEOWNERS'
+      - '**.md'
+      - '.**'
+
+jobs:
+  release:
+    name: Beta docker on dev branch
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: Checkout
+        id: checkout
+        # from https://github.com/actions/checkout/commits/main
+        uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+
+      - name: Log in to the Container registry
+        id: docker_login
+        # from https://github.com/docker/login-action/commits/master
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.PAT_GITHUB_PACKAGES }}
+
+      - name: Build and push Docker image
+        id: docker_build_push
+        # from https://github.com/docker/build-push-action/commits/master
+        uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5
+        with:
+          context: .
+          push: true
+          tags: |
+            ghcr.io/${{ github.repository }}:beta-${{ github.ref_name }}
+          labels: |
+            maintainer=https://pagopa.it
+            org.opencontainers.image.source=https://github.com/${{ github.repository }}

.hadolint.yaml

@@ -0,0 +1,5 @@
+ignored:
+  - DL3008
+  - DL3009
+  - DL3015
+  - DL4006

Dockerfile

@@ -1,21 +1,21 @@
 # from https://hub.docker.com/_/ubuntu/tags?page=1&name=22.04
 FROM ubuntu:22.04@sha256:965fbcae990b0467ed5657caceaec165018ef44a4d2d46c7cdea80a9dff0d1ea
 
-COPY install_script.sh install_script.sh
+WORKDIR /
 
-RUN bash install_script.sh
+COPY dockerfile-setup.sh dockerfile-setup.sh
+RUN bash dockerfile-setup.sh
 
-COPY entrypoint.sh /entrypoint.sh
-RUN chmod +x /entrypoint.sh
+COPY github-runner-entrypoint.sh /github-runner-entrypoint.sh
+RUN chmod +x /github-runner-entrypoint.sh
 
+# changed user to avoid root user
 USER github
 
-WORKDIR /
-
 RUN whoami && \
     az --version && \
     kubectl --help && \
     helm --help && \
     yq --version
 
-ENTRYPOINT ["/entrypoint.sh"]
+ENTRYPOINT ["/github-runner-entrypoint.sh"]

docker-compose.yaml

@@ -0,0 +1,8 @@
+version: "3.9"
+services:
+  github_runner:
+    build: .
+    environment:
+      - GITHUB_REPOSITORY=${GITHUB_REPOSITORY}
+      - GITHUB_TOKEN=${GITHUB_TOKEN}
+

install_script.sh dockerfile-setup.shinstall_script.sh renamed to dockerfile-setup.sh

@@ -1,9 +1,22 @@
 #!/usr/bin/env bash
 
-apt-get update && apt-get install -y curl git
-
+echo "[INFO] Start apt get install base packages"
+
+apt-get update \
+    && apt-get -y install curl git vim \
+    && apt-get -y install zip unzip \
+    && apt-get -y install ca-certificates curl wget apt-transport-https lsb-release gnupg \
+    && apt-get -y install jq \
+    && apt-get satisfy "python3-pip  (<= 22.1)" -y
+    # install jq from https://stedolan.github.io/jq/download/
+
+#
+# Github Action runner
+#
+echo "[INFO] Install github action runner"
 mkdir -p actions-runner
-cd actions-runner
+cd actions-runner || exit
+
 # from https://github.com/actions/runner/releases
 GITHUB_RUNNER_VERSION="2.300.2"
 GITHUB_RUNNER_VERSION_SHA="ed5bf2799c1ef7b2dd607df66e6b676dff8c44fb359c6fedc9ebf7db53339f0c"
@@ -14,13 +27,10 @@ rm actions-runner-linux-x64-${GITHUB_RUNNER_VERSION}.tar.gz
 
 bash bin/installdependencies.sh
 
-# install zip, unip
-
-apt-get -y install zip unzip
-
-# install az cli from https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=apt#option-2-step-by-step-installation-instructions
-
-apt-get -y install ca-certificates curl wget apt-transport-https lsb-release gnupg
+#
+# AZCLI
+#
+echo "[INFO] Install azcli"
 
 curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null
 AZ_REPO=$(lsb_release -cs)
@@ -30,36 +40,31 @@ apt-get update && apt-get -y install azure-cli
 
 az config set extension.use_dynamic_install=yes_without_prompt
 
-# install python-pip
-
-apt-get -y install python-pip
-
+#
+# KUBERNETES DEPENDENCIES
+#
 # install kubectl from https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/#install-using-native-package-management
+echo "[INFO] Install kubernetes"
 
 curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
 echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list
 
-apt-get update && apt-get -y install kubectl
-
 # install helm from https://helm.sh/docs/intro/install/#from-apt-debianubuntu
-
 curl https://baltocdn.com/helm/signing.asc | apt-key add -
 echo "deb https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list
 
-apt-get update && apt-get -y install helm
-
-# install jq from https://stedolan.github.io/jq/download/
-
-apt-get update && apt-get -y install jq
+apt-get update \
+    && apt-get satisfy "kubectl (<=1.26.1)" -y \
+    && apt-get update && apt-get satisfy "helm (<=3.12.1)" -y
 
 # install yq from https://github.com/mikefarah/yq#install
-
 YQ_VERSION="v4.30.6"
 YQ_BINARY="yq_linux_amd64"
 wget https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/${YQ_BINARY}.tar.gz -O - | tar xz && mv ${YQ_BINARY} /usr/bin/yq
 
-###
-
+#
+# USER CONFIGURATIONS
+#
 useradd github
 mkdir -p /home/github
 chown -R github:github /home/github

entrypoint.sh github-runner-entrypoint.shentrypoint.sh renamed to github-runner-entrypoint.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 
 INTERACTIVE="FALSE"
-if [ "$(echo $INTERACTIVE_MODE | tr '[:upper:]' '[:lower:]')" == "true" ]; then
+if [ "$(echo "$INTERACTIVE_MODE" | tr '[:upper:]' '[:lower:]')" == "true" ]; then
 	INTERACTIVE="TRUE"
 fi
 
@@ -20,7 +20,8 @@ if [ -z "$GITHUB_REPOSITORY_BANNER" ]; then
 fi
 
 if [ -z "$RUNNER_NAME" ]; then
-	export RUNNER_NAME="$(hostname)"
+	RUNNER_NAME="$(hostname)"
+  export RUNNER_NAME
 fi
 
 if [ -z "$WORK_DIR" ]; then
@@ -30,20 +31,24 @@ fi
 # Calculate runner replacement policy.
 REPLACEMENT_POLICY="\n\n\n"
 REPLACEMENT_POLICY_LABEL="FALSE"
-if [ "$(echo $REPLACE_EXISTING_RUNNER | tr '[:upper:]' '[:lower:]')" == "true" ]; then
+if [ "$(echo "$REPLACE_EXISTING_RUNNER" | tr '[:upper:]' '[:lower:]')" == "true" ]; then
 	REPLACEMENT_POLICY="Y\n\n"
 	REPLACEMENT_POLICY_LABEL="TRUE"
 fi
 
 # Configure runner interactively, or with the given replacement policy.
-printf "Configuring GitHub Runner for $GITHUB_REPOSITORY_BANNER\n"
-printf "\tRunner Name: $RUNNER_NAME\n\tWorking Directory: $WORK_DIR\n\tReplace Existing Runners: $REPLACEMENT_POLICY_LABEL\n"
+printf "Configuring GitHub Runner for %s\n\t" "$GITHUB_REPOSITORY_BANNER"
+printf "Runner Name: %s\n\t" "$RUNNER_NAME"
+printf "Working Directory: %s\n\t" "$WORK_DIR"
+printf "Replace Existing Runners: %s\n" "$REPLACEMENT_POLICY_LABEL"
+
+# actions-runner is a folder inside the github runner zip
 if [ "$INTERACTIVE" == "FALSE" ]; then
-	echo -ne "$REPLACEMENT_POLICY" | ./actions-runner/config.sh --url $GITHUB_REPOSITORY --token $GITHUB_TOKEN --agent $RUNNER_NAME --work $WORK_DIR --labels $LABELS --disableupdate
+	echo -ne "$REPLACEMENT_POLICY" | ./actions-runner/config.sh --url "$GITHUB_REPOSITORY" --token "$GITHUB_TOKEN" --name "$RUNNER_NAME" --work "$WORK_DIR" --labels "$LABELS" --disableupdate
 else
-	./actions-runner/config.sh --url $GITHUB_REPOSITORY --token $GITHUB_TOKEN --agent $RUNNER_NAME --work $WORK_DIR --labels $LABELS --disableupdate
+	./actions-runner/config.sh --url "$GITHUB_REPOSITORY" --token "$GITHUB_TOKEN" --name "$RUNNER_NAME" --work "$WORK_DIR" --labels "$LABELS" --disableupdate
 fi
 
 # Start the runner.
-printf "Executing GitHub Runner for $GITHUB_REPOSITORY\n"
+printf "Executing GitHub Runner for %s\n" "$GITHUB_REPOSITORY"
 ./actions-runner/run.sh