Fix release workflow to not use add-path

Fixes #208
parametrized working directory (#185 )
2025-12-10 19:50:30 +00:00 · 2020-11-26 08:39:03 +09:00 · 2020-11-25 08:55:26 +09:00 · 2020-11-25 08:53:47 +09:00 · 2020-11-17 09:31:34 +09:00 · 2020-11-16 09:41:12 +09:00
14 changed files with 80 additions and 13 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -22,7 +22,7 @@ jobs:
          sudo mv ghr_v0.13.0_linux_amd64/ghr /usr/local/bin

      - name: Set version
-        run: echo "::set-env name=VERSION::$(cat ${GITHUB_EVENT_PATH} | jq -r '.release.tag_name')"
+        run: echo "VERSION=$(cat ${GITHUB_EVENT_PATH} | jq -r '.release.tag_name')" >> $GITHUB_ENV

      - name: Upload artifacts
        env:
--- a/README.md
+++ b/README.md
@@ -321,6 +321,8 @@ spec:
        requests:
          cpu: "2.0"
          memory: "4Gi"
+      # If set to false, there are no privileged container and you cannot use docker. 
+      dockerEnabled: false
      # If set to true, runner pod container only 1 container that's expected to be able to run docker, too.
      # image summerwind/actions-runner-dind or custom one should be used with true -value
      dockerdWithinRunnerContainer: false
@@ -340,6 +342,10 @@ spec:
              value: abcd1234
          securityContext:
            runAsUser: 0
+      # if workDir is not specified, the default working directory is /runner/_work
+      # this setting allows you to customize the working directory location
+      # for example, the below setting is the same as on the ubuntu-18.04 image
+      workDir: /home/runner/work
 ```

 ## Runner labels
--- a/api/v1alpha1/runner_types.go
+++ b/api/v1alpha1/runner_types.go
@@ -59,6 +59,8 @@ type RunnerSpec struct {

 	// +optional
 	Volumes []corev1.Volume `json:"volumes,omitempty"`
+	// +optional
+	WorkDir string `json:"workDir,omitempty"`

 	// +optional
 	InitContainers []corev1.Container `json:"initContainers,omitempty"`
@@ -84,6 +86,8 @@ type RunnerSpec struct {
 	TerminationGracePeriodSeconds *int64 `json:"terminationGracePeriodSeconds,omitempty"`
 	// +optional
 	DockerdWithinRunnerContainer *bool `json:"dockerdWithinRunnerContainer,omitempty"`
+	// +optional
+	DockerEnabled *bool `json:"dockerEnabled,omitempty"`
 }

 // ValidateRepository validates repository field.
--- a/api/v1alpha1/zz_generated.deepcopy.go
+++ b/api/v1alpha1/zz_generated.deepcopy.go
@@ -530,6 +530,11 @@ func (in *RunnerSpec) DeepCopyInto(out *RunnerSpec) {
 		*out = new(bool)
 		**out = **in
 	}
+	if in.DockerEnabled != nil {
+		in, out := &in.DockerEnabled, &out.DockerEnabled
+		*out = new(bool)
+		**out = **in
+	}
 }

 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunnerSpec.
--- a/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerdeployments.yaml
+++ b/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerdeployments.yaml
@@ -400,6 +400,8 @@ spec:
                          - name
                        type: object
                      type: array
+                    dockerEnabled:
+                      type: boolean
                    dockerdContainerResources:
                      description: ResourceRequirements describes the compute resource requirements.
                      properties:
@@ -1531,6 +1533,8 @@ spec:
                          - name
                        type: object
                      type: array
+                    workDir:
+                      type: string
                  type: object
              type: object
          required:
--- a/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerreplicasets.yaml
+++ b/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerreplicasets.yaml
@@ -400,6 +400,8 @@ spec:
                          - name
                        type: object
                      type: array
+                    dockerEnabled:
+                      type: boolean
                    dockerdContainerResources:
                      description: ResourceRequirements describes the compute resource requirements.
                      properties:
@@ -1531,6 +1533,8 @@ spec:
                          - name
                        type: object
                      type: array
+                    workDir:
+                      type: string
                  type: object
              type: object
          required:
--- a/charts/actions-runner-controller/crds/actions.summerwind.dev_runners.yaml
+++ b/charts/actions-runner-controller/crds/actions.summerwind.dev_runners.yaml
@@ -393,6 +393,8 @@ spec:
                  - name
                type: object
              type: array
+            dockerEnabled:
+              type: boolean
            dockerdContainerResources:
              description: ResourceRequirements describes the compute resource requirements.
              properties:
@@ -1524,6 +1526,8 @@ spec:
                  - name
                type: object
              type: array
+            workDir:
+              type: string
          type: object
        status:
          description: RunnerStatus defines the observed state of Runner
--- a/config/crd/bases/actions.summerwind.dev_runnerdeployments.yaml
+++ b/config/crd/bases/actions.summerwind.dev_runnerdeployments.yaml
@@ -400,6 +400,8 @@ spec:
                          - name
                        type: object
                      type: array
+                    dockerEnabled:
+                      type: boolean
                    dockerdContainerResources:
                      description: ResourceRequirements describes the compute resource requirements.
                      properties:
@@ -1531,6 +1533,8 @@ spec:
                          - name
                        type: object
                      type: array
+                    workDir:
+                      type: string
                  type: object
              type: object
          required:
--- a/config/crd/bases/actions.summerwind.dev_runnerreplicasets.yaml
+++ b/config/crd/bases/actions.summerwind.dev_runnerreplicasets.yaml
@@ -400,6 +400,8 @@ spec:
                          - name
                        type: object
                      type: array
+                    dockerEnabled:
+                      type: boolean
                    dockerdContainerResources:
                      description: ResourceRequirements describes the compute resource requirements.
                      properties:
@@ -1531,6 +1533,8 @@ spec:
                          - name
                        type: object
                      type: array
+                    workDir:
+                      type: string
                  type: object
              type: object
          required:
--- a/config/crd/bases/actions.summerwind.dev_runners.yaml
+++ b/config/crd/bases/actions.summerwind.dev_runners.yaml
@@ -393,6 +393,8 @@ spec:
                  - name
                type: object
              type: array
+            dockerEnabled:
+              type: boolean
            dockerdContainerResources:
              description: ResourceRequirements describes the compute resource requirements.
              properties:
@@ -1524,6 +1526,8 @@ spec:
                  - name
                type: object
              type: array
+            workDir:
+              type: string
          type: object
        status:
          description: RunnerStatus defines the observed state of Runner
--- a/controllers/runner_controller.go
+++ b/controllers/runner_controller.go
@@ -299,6 +299,7 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 	var (
 		privileged      bool = true
 		dockerdInRunner bool = runner.Spec.DockerdWithinRunnerContainer != nil && *runner.Spec.DockerdWithinRunnerContainer
+		dockerEnabled   bool = runner.Spec.DockerEnabled == nil || *runner.Spec.DockerEnabled
 	)

 	runnerImage := runner.Spec.Image
@@ -306,6 +307,11 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 		runnerImage = r.RunnerImage
 	}

+	workDir := runner.Spec.WorkDir
+	if workDir == "" {
+		workDir = "/runner/_work"
+	}
+
 	runnerImagePullPolicy := runner.Spec.ImagePullPolicy
 	if runnerImagePullPolicy == "" {
 		runnerImagePullPolicy = corev1.PullAlways
@@ -344,6 +350,10 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 			Name:  "GITHUB_URL",
 			Value: r.GitHubClient.GithubBaseURL,
 		},
+		{
+			Name:  "RUNNER_WORKDIR",
+			Value: workDir,
+		},
 	}

 	env = append(env, runner.Spec.Env...)
@@ -373,7 +383,7 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 		},
 	}

-	if !dockerdInRunner {
+	if !dockerdInRunner && dockerEnabled {
 		pod.Spec.Volumes = []corev1.Volume{
 			{
 				Name: "work",
@@ -382,7 +392,7 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 				},
 			},
 			{
-				Name: "docker",
+				Name: "externals",
 				VolumeSource: corev1.VolumeSource{
 					EmptyDir: &corev1.EmptyDirVolumeSource{},
 				},
@@ -391,24 +401,34 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 		pod.Spec.Containers[0].VolumeMounts = []corev1.VolumeMount{
 			{
 				Name:      "work",
-				MountPath: "/runner/_work",
+				MountPath: workDir,
 			},
 			{
-				Name:      "docker",
-				MountPath: "/var/run",
+				Name:      "externals",
+				MountPath: "/runner/externals",
 			},
 		}
+		pod.Spec.Containers[0].Env = append(pod.Spec.Containers[0].Env, corev1.EnvVar{
+			Name:  "DOCKER_HOST",
+			Value: "tcp://localhost:2375",
+		})
 		pod.Spec.Containers = append(pod.Spec.Containers, corev1.Container{
 			Name:  "docker",
 			Image: r.DockerImage,
 			VolumeMounts: []corev1.VolumeMount{
 				{
 					Name:      "work",
-					MountPath: "/runner/_work",
+					MountPath: workDir,
 				},
 				{
-					Name:      "docker",
-					MountPath: "/var/run",
+					Name:      "externals",
+					MountPath: "/runner/externals",
+				},
+			},
+			Env: []corev1.EnvVar{
+				{
+					Name:  "DOCKER_TLS_CERTDIR",
+					Value: "",
 				},
 			},
 			SecurityContext: &corev1.SecurityContext{
--- a/runner/Dockerfile
+++ b/runner/Dockerfile
@@ -1,7 +1,7 @@
 FROM ubuntu:18.04

 ARG TARGETPLATFORM
-ARG RUNNER_VERSION=2.274.1
+ARG RUNNER_VERSION=2.274.2
 ARG DOCKER_VERSION=19.03.12

 ENV DEBIAN_FRONTEND=noninteractive
@@ -55,7 +55,7 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
  && usermod -aG docker runner \
  && echo "%sudo   ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers

-# Runner download supports amd64 as x64
+# Runner download supports amd64 as x64. Externalstmp is needed for making mount points work inside DinD.
 RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
  && if [ "$ARCH" = "amd64" ]; then export ARCH=x64 ; fi \
  && mkdir -p /runner \
@@ -64,6 +64,7 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
  && tar xzf ./runner.tar.gz \
  && rm runner.tar.gz \
  && ./bin/installdependencies.sh \
+  && mv ./externals ./externalstmp \
  && rm -rf /var/lib/apt/lists/*

 COPY entrypoint.sh /runner
--- a/runner/Makefile
+++ b/runner/Makefile
@@ -2,7 +2,7 @@ NAME ?= summerwind/actions-runner
 DIND_RUNNER_NAME ?= ${NAME}-dind
 TAG ?= latest

-RUNNER_VERSION ?= 2.273.5
+RUNNER_VERSION ?= 2.274.2
 DOCKER_VERSION ?= 19.03.12

 # default list of platforms for which multiarch image is built
--- a/runner/entrypoint.sh
+++ b/runner/entrypoint.sh
@@ -27,6 +27,10 @@ else
  exit 1
 fi

+if [ -n "${RUNNER_WORKDIR}" ]; then
+  WORKDIR_ARG="--work ${RUNNER_WORKDIR}"
+fi
+
 if [ -n "${RUNNER_LABELS}" ]; then
  LABEL_ARG="--labels ${RUNNER_LABELS}"
 fi
@@ -41,7 +45,10 @@ if [ -z "${RUNNER_REPO}" ] && [ -n "${RUNNER_ORG}" ] && [ -n "${RUNNER_GROUP}" ]
 fi

 cd /runner
-./config.sh --unattended --replace --name "${RUNNER_NAME}" --url "${GITHUB_URL}${ATTACH}" --token "${RUNNER_TOKEN}" ${RUNNER_GROUP_ARG} ${LABEL_ARG}
+./config.sh --unattended --replace --name "${RUNNER_NAME}" --url "${GITHUB_URL}${ATTACH}" --token "${RUNNER_TOKEN}" ${RUNNER_GROUP_ARG} ${LABEL_ARG} ${WORKDIR_ARG}
+
+# Hack due to the DinD volumes
+mv ./externalstmp/* ./externals/

 for f in runsvc.sh RunnerService.js; do
  diff {bin,patched}/${f} || :
Author	SHA1	Message	Date
Yusuke Kuoka	e5101554b3	Fix release workflow to not use add-path Fixes #208	2020-11-26 08:39:03 +09:00
Reinier Timmer	ee8fb5a388	parametrized working directory (#185 ) * parametrized working directory * manifests v3.0	2020-11-25 08:55:26 +09:00
Erik Nobel	4e93879b8f	[BUG?]: Create mountpoint for /externals/ (#203 ) * runner/controller: Add externals directory mount point * Runner: Create hack for moving content of /runner/externals/ dir * Externals dir Mount: mount examples for '__e/node12/bin/node' not found error	2020-11-25 08:53:47 +09:00
Shinnosuke Sawada	6ce6737f61	add dockerEnabled document (#193 ) Follow-up for #191	2020-11-17 09:31:34 +09:00
Shinnosuke Sawada	4371de9733	add dockerEnabled option (#191 ) Add dockerEnabled option for users who does not need docker and want not to run privileged container. if `dockerEnabled == false`, dind container not run, and there are no privileged container. Do the same as closed #96	2020-11-16 09:41:12 +09:00
Yusuke Kuoka	1fd752fca2	Use tcp DOCKER_HOST instead of sharing docker.sock (#177 ) docker:dind container creates `/var/run/docker.sock` with root user and root group. so, docker command in runner container needs root privileges to use docker.sock and docker action fails because lack of permission. Use tcp connection between runner and docker container, so runner container doesn't need root privileges to run docker, and can run docker action. Fixes #174	2020-11-16 09:32:29 +09:00
Shinnosuke Sawada	a4061d0625	gofmt ed	2020-11-12 09:20:06 +09:00
Shinnosuke Sawada	83857ba7e0	use tcp DOCKER_HOST instead of sharing docker.sock	2020-11-12 08:07:52 +09:00