From fb21f0da0550c6735897a09e0987b1b70fd76796 Mon Sep 17 00:00:00 2001
From: Tingluo Huang <tingluohuang@github.com>
Date: Fri, 5 Sep 2025 18:05:42 -0400
Subject: [PATCH] Bump docker image to use ubuntu 24.04

---
 .github/workflows/build.yml   | 48 +++++++++++++++++++++++++++++++++++
 .github/workflows/release.yml |  3 ++-
 images/Dockerfile             |  6 ++---
 3 files changed, 53 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 72d64cda8..586789884 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -14,6 +14,9 @@ on:
     paths-ignore:
     - '**.md'
 
+permissions:
+  contents: read
+
 jobs:
   build:
     strategy:
@@ -80,3 +83,48 @@ jobs:
         name: runner-package-${{ matrix.runtime }}
         path: |
           _package
+
+  docker:
+    strategy:
+      matrix:
+        os: [ ubuntu-latest, ubuntu-24.04-arm ]
+        include:
+          - os: ubuntu-latest
+            docker_platform: linux/amd64
+          - os: ubuntu-24.04-arm
+            docker_platform: linux/arm64
+    runs-on: ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v5
+
+    - name: Get latest runner version
+      id: latest_runner
+      uses: actions/github-script@v7
+      with:
+        github-token: ${{secrets.GITHUB_TOKEN}}
+        script: |
+          const release = await github.rest.repos.getLatestRelease({
+            owner: 'actions',
+            repo: 'runner',
+          });
+          const version = release.data.tag_name.replace(/^v/, '');
+          core.setOutput('version', version);
+
+    - name: Setup Docker buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Build Docker image
+      uses: docker/build-push-action@v6
+      with:
+        context: ./images
+        load: true
+        platforms: ${{ matrix.docker_platform }}
+        tags: |
+          ${{ github.sha }}:latest
+        build-args: |
+          RUNNER_VERSION=${{ steps.latest_runner.outputs.version }}
+
+    - name: Test Docker image
+      run: |
+        docker run --rm ${{ github.sha }}:latest ./run.sh --version
+  
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 702eea07d..8771f2a0a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -334,8 +334,9 @@ jobs:
           push: true
           labels: |
             org.opencontainers.image.source=${{github.server_url}}/${{github.repository}}
-            org.opencontainers.image.description=https://github.com/actions/runner/releases/tag/v${{ steps.image.outputs.version }}
             org.opencontainers.image.licenses=MIT
+          annotations: |
+            org.opencontainers.image.description=https://github.com/actions/runner/releases/tag/v${{ steps.image.outputs.version }}
 
       - name: Generate attestation
         uses: actions/attest-build-provenance@v3
diff --git a/images/Dockerfile b/images/Dockerfile
index 3b0769231..f84cabfaa 100644
--- a/images/Dockerfile
+++ b/images/Dockerfile
@@ -1,5 +1,5 @@
 # Source: https://github.com/dotnet/dotnet-docker
-FROM mcr.microsoft.com/dotnet/runtime-deps:8.0-jammy AS build
+FROM mcr.microsoft.com/dotnet/runtime-deps:8.0-noble AS build
 
 ARG TARGETOS
 ARG TARGETARCH
@@ -32,12 +32,12 @@ RUN export RUNNER_ARCH=${TARGETARCH} \
         "https://github.com/docker/buildx/releases/download/v${BUILDX_VERSION}/buildx-v${BUILDX_VERSION}.linux-${TARGETARCH}" \
     && chmod +x /usr/local/lib/docker/cli-plugins/docker-buildx
 
-FROM mcr.microsoft.com/dotnet/runtime-deps:8.0-jammy
+FROM mcr.microsoft.com/dotnet/runtime-deps:8.0-noble
 
 ENV DEBIAN_FRONTEND=noninteractive
 ENV RUNNER_MANUALLY_TRAP_SIG=1
 ENV ACTIONS_RUNNER_PRINT_LOG_TO_STDOUT=1
-ENV ImageOS=ubuntu22
+ENV ImageOS=ubuntu24
 
 # 'gpg-agent' and 'software-properties-common' are needed for the 'add-apt-repository' command that follows
 RUN apt update -y \