Fix release workflow to not use add-path

Fixes #208

.github/workflows/release.yml

@@ -22,7 +22,7 @@ jobs:
           sudo mv ghr_v0.13.0_linux_amd64/ghr /usr/local/bin
 
       - name: Set version
-        run: echo "::set-env name=VERSION::$(cat ${GITHUB_EVENT_PATH} | jq -r '.release.tag_name')"
+        run: echo "VERSION=$(cat ${GITHUB_EVENT_PATH} | jq -r '.release.tag_name')" >> $GITHUB_ENV
 
       - name: Upload artifacts
         env:

README.md

@@ -321,6 +321,8 @@ spec:
         requests:
           cpu: "2.0"
           memory: "4Gi"
+      # If set to false, there are no privileged container and you cannot use docker. 
+      dockerEnabled: false
       # If set to true, runner pod container only 1 container that's expected to be able to run docker, too.
       # image summerwind/actions-runner-dind or custom one should be used with true -value
       dockerdWithinRunnerContainer: false
@@ -340,6 +342,10 @@ spec:
               value: abcd1234
           securityContext:
             runAsUser: 0
+      # if workDir is not specified, the default working directory is /runner/_work
+      # this setting allows you to customize the working directory location
+      # for example, the below setting is the same as on the ubuntu-18.04 image
+      workDir: /home/runner/work
 ```
 
 ## Runner labels

api/v1alpha1/runner_types.go

@@ -59,6 +59,8 @@ type RunnerSpec struct {
 
 	// +optional
 	Volumes []corev1.Volume `json:"volumes,omitempty"`
+	// +optional
+	WorkDir string `json:"workDir,omitempty"`
 
 	// +optional
 	InitContainers []corev1.Container `json:"initContainers,omitempty"`
@@ -84,6 +86,8 @@ type RunnerSpec struct {
 	TerminationGracePeriodSeconds *int64 `json:"terminationGracePeriodSeconds,omitempty"`
 	// +optional
 	DockerdWithinRunnerContainer *bool `json:"dockerdWithinRunnerContainer,omitempty"`
+	// +optional
+	DockerEnabled *bool `json:"dockerEnabled,omitempty"`
 }
 
 // ValidateRepository validates repository field.

api/v1alpha1/zz_generated.deepcopy.go

@@ -530,6 +530,11 @@ func (in *RunnerSpec) DeepCopyInto(out *RunnerSpec) {
 		*out = new(bool)
 		**out = **in
 	}
+	if in.DockerEnabled != nil {
+		in, out := &in.DockerEnabled, &out.DockerEnabled
+		*out = new(bool)
+		**out = **in
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunnerSpec.

charts/actions-runner-controller/crds/actions.summerwind.dev_runnerdeployments.yaml

@@ -400,6 +400,8 @@ spec:
                           - name
                         type: object
                       type: array
+                    dockerEnabled:
+                      type: boolean
                     dockerdContainerResources:
                       description: ResourceRequirements describes the compute resource requirements.
                       properties:
@@ -1531,6 +1533,8 @@ spec:
                           - name
                         type: object
                       type: array
+                    workDir:
+                      type: string
                   type: object
               type: object
           required:

charts/actions-runner-controller/crds/actions.summerwind.dev_runnerreplicasets.yaml

@@ -400,6 +400,8 @@ spec:
                           - name
                         type: object
                       type: array
+                    dockerEnabled:
+                      type: boolean
                     dockerdContainerResources:
                       description: ResourceRequirements describes the compute resource requirements.
                       properties:
@@ -1531,6 +1533,8 @@ spec:
                           - name
                         type: object
                       type: array
+                    workDir:
+                      type: string
                   type: object
               type: object
           required:

charts/actions-runner-controller/crds/actions.summerwind.dev_runners.yaml

@@ -393,6 +393,8 @@ spec:
                   - name
                 type: object
               type: array
+            dockerEnabled:
+              type: boolean
             dockerdContainerResources:
               description: ResourceRequirements describes the compute resource requirements.
               properties:
@@ -1524,6 +1526,8 @@ spec:
                   - name
                 type: object
               type: array
+            workDir:
+              type: string
           type: object
         status:
           description: RunnerStatus defines the observed state of Runner

config/crd/bases/actions.summerwind.dev_runnerdeployments.yaml

@@ -400,6 +400,8 @@ spec:
                           - name
                         type: object
                       type: array
+                    dockerEnabled:
+                      type: boolean
                     dockerdContainerResources:
                       description: ResourceRequirements describes the compute resource requirements.
                       properties:
@@ -1531,6 +1533,8 @@ spec:
                           - name
                         type: object
                       type: array
+                    workDir:
+                      type: string
                   type: object
               type: object
           required:

config/crd/bases/actions.summerwind.dev_runnerreplicasets.yaml

@@ -400,6 +400,8 @@ spec:
                           - name
                         type: object
                       type: array
+                    dockerEnabled:
+                      type: boolean
                     dockerdContainerResources:
                       description: ResourceRequirements describes the compute resource requirements.
                       properties:
@@ -1531,6 +1533,8 @@ spec:
                           - name
                         type: object
                       type: array
+                    workDir:
+                      type: string
                   type: object
               type: object
           required:

config/crd/bases/actions.summerwind.dev_runners.yaml

@@ -393,6 +393,8 @@ spec:
                   - name
                 type: object
               type: array
+            dockerEnabled:
+              type: boolean
             dockerdContainerResources:
               description: ResourceRequirements describes the compute resource requirements.
               properties:
@@ -1524,6 +1526,8 @@ spec:
                   - name
                 type: object
               type: array
+            workDir:
+              type: string
           type: object
         status:
           description: RunnerStatus defines the observed state of Runner

controllers/runner_controller.go

@@ -299,6 +299,7 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 	var (
 		privileged      bool = true
 		dockerdInRunner bool = runner.Spec.DockerdWithinRunnerContainer != nil && *runner.Spec.DockerdWithinRunnerContainer
+		dockerEnabled   bool = runner.Spec.DockerEnabled == nil || *runner.Spec.DockerEnabled
 	)
 
 	runnerImage := runner.Spec.Image
@@ -306,6 +307,11 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 		runnerImage = r.RunnerImage
 	}
 
+	workDir := runner.Spec.WorkDir
+	if workDir == "" {
+		workDir = "/runner/_work"
+	}
+
 	runnerImagePullPolicy := runner.Spec.ImagePullPolicy
 	if runnerImagePullPolicy == "" {
 		runnerImagePullPolicy = corev1.PullAlways
@@ -344,6 +350,10 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 			Name:  "GITHUB_URL",
 			Value: r.GitHubClient.GithubBaseURL,
 		},
+		{
+			Name:  "RUNNER_WORKDIR",
+			Value: workDir,
+		},
 	}
 
 	env = append(env, runner.Spec.Env...)
@@ -373,7 +383,7 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 		},
 	}
 
-	if !dockerdInRunner {
+	if !dockerdInRunner && dockerEnabled {
 		pod.Spec.Volumes = []corev1.Volume{
 			{
 				Name: "work",
@@ -382,7 +392,7 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 				},
 			},
 			{
-				Name: "docker",
+				Name: "externals",
 				VolumeSource: corev1.VolumeSource{
 					EmptyDir: &corev1.EmptyDirVolumeSource{},
 				},
@@ -391,24 +401,34 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 		pod.Spec.Containers[0].VolumeMounts = []corev1.VolumeMount{
 			{
 				Name:      "work",
-				MountPath: "/runner/_work",
+				MountPath: workDir,
 			},
 			{
-				Name:      "docker",
+				Name:      "externals",
-				MountPath: "/var/run",
+				MountPath: "/runner/externals",
 			},
 		}
+		pod.Spec.Containers[0].Env = append(pod.Spec.Containers[0].Env, corev1.EnvVar{
+			Name:  "DOCKER_HOST",
+			Value: "tcp://localhost:2375",
+		})
 		pod.Spec.Containers = append(pod.Spec.Containers, corev1.Container{
 			Name:  "docker",
 			Image: r.DockerImage,
 			VolumeMounts: []corev1.VolumeMount{
 				{
 					Name:      "work",
-					MountPath: "/runner/_work",
+					MountPath: workDir,
 				},
 				{
-					Name:      "docker",
+					Name:      "externals",
-					MountPath: "/var/run",
+					MountPath: "/runner/externals",
+				},
+			},
+			Env: []corev1.EnvVar{
+				{
+					Name:  "DOCKER_TLS_CERTDIR",
+					Value: "",
 				},
 			},
 			SecurityContext: &corev1.SecurityContext{

runner/Dockerfile

@@ -1,7 +1,7 @@
 FROM ubuntu:18.04
 
 ARG TARGETPLATFORM
-ARG RUNNER_VERSION=2.274.1
+ARG RUNNER_VERSION=2.274.2
 ARG DOCKER_VERSION=19.03.12
 
 ENV DEBIAN_FRONTEND=noninteractive
@@ -55,7 +55,7 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
   && usermod -aG docker runner \
   && echo "%sudo   ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers
 
-# Runner download supports amd64 as x64
+# Runner download supports amd64 as x64. Externalstmp is needed for making mount points work inside DinD.
 RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
   && if [ "$ARCH" = "amd64" ]; then export ARCH=x64 ; fi \
   && mkdir -p /runner \
@@ -64,6 +64,7 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
   && tar xzf ./runner.tar.gz \
   && rm runner.tar.gz \
   && ./bin/installdependencies.sh \
+  && mv ./externals ./externalstmp \
   && rm -rf /var/lib/apt/lists/*
 
 COPY entrypoint.sh /runner

runner/Makefile

@@ -2,7 +2,7 @@ NAME ?= summerwind/actions-runner
 DIND_RUNNER_NAME ?= ${NAME}-dind
 TAG ?= latest
 
-RUNNER_VERSION ?= 2.273.5
+RUNNER_VERSION ?= 2.274.2
 DOCKER_VERSION ?= 19.03.12
 
 # default list of platforms for which multiarch image is built

runner/entrypoint.sh

@@ -27,6 +27,10 @@ else
   exit 1
 fi
 
+if [ -n "${RUNNER_WORKDIR}" ]; then
+  WORKDIR_ARG="--work ${RUNNER_WORKDIR}"
+fi
+
 if [ -n "${RUNNER_LABELS}" ]; then
   LABEL_ARG="--labels ${RUNNER_LABELS}"
 fi
@@ -41,7 +45,10 @@ if [ -z "${RUNNER_REPO}" ] && [ -n "${RUNNER_ORG}" ] && [ -n "${RUNNER_GROUP}" ]
 fi
 
 cd /runner
-./config.sh --unattended --replace --name "${RUNNER_NAME}" --url "${GITHUB_URL}${ATTACH}" --token "${RUNNER_TOKEN}" ${RUNNER_GROUP_ARG} ${LABEL_ARG}
+./config.sh --unattended --replace --name "${RUNNER_NAME}" --url "${GITHUB_URL}${ATTACH}" --token "${RUNNER_TOKEN}" ${RUNNER_GROUP_ARG} ${LABEL_ARG} ${WORKDIR_ARG}
+
+# Hack due to the DinD volumes
+mv ./externalstmp/* ./externals/
 
 for f in runsvc.sh RunnerService.js; do
   diff {bin,patched}/${f} || :