Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

podman + krun Support #25

Merged
merged 13 commits into from
Sep 27, 2024
22 changes: 22 additions & 0 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -67,3 +67,25 @@ Instead, pass `-D /local` to the [`runner.sh`](./runner.sh) script. This will
mount the [`runner`](./runner/) directory into the microVM at `/local` and run
the scripts that it contains from there instead. Which "entrypoint" to use is
driven by the `RUNNER_ENTRYPOINT` variable in [`runner.sh`](./runner.sh).

## Cleanup

During development, many images might be created. To clean them away, you can
run one of the following commands.

When using the `krunvm` runtime:

```bash
buildah rmi $(buildah images --format '{{.ID}}')
```

When using `podman+krun`:

```bash
podman image rm $(podman images -q)
```

> [!WARNING]
> These commands will remove all unused images on your system. Make sure you
> don't need any of these images for other projects before running the cleanup.
> You may need to rebuild images for this project after cleanup.
28 changes: 18 additions & 10 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,20 +1,24 @@
# krunvm-based GitHub Runner(s)

This project creates [self-hosted][self] (ephemeral) GitHub [runners] based on
[krunvm]. [krunvm] creates [microVM]s, so the project enables fully isolated
[libkrun]. [libkrun] creates [microVM]s, so the project enables fully isolated
[runners] inside your infrastruture. MicroVMs boot fast, providing an experience
close to running containers. [krunvm] creates and starts VMs based on the
close to running containers. [libkrun] creates and starts VMs based on the
multi-platform OCI images created for this project -- [ubuntu] (default) or
[fedora].
[fedora]. The project will create [microVM]s using either [krunvm] or
[krun][crun] and [podman].

![Demo](./demo/demo.gif)

[self]: https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners
[runners]: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners
[libkrun]: https://github.com/containers/libkrun
[krunvm]: https://github.com/containers/krunvm
[microVM]: https://github.com/infracloudio/awesome-microvm
[ubuntu]: https://github.com/efrecon/gh-runner-krunvm/pkgs/container/runner-krunvm-ubuntu
[fedora]: https://github.com/efrecon/gh-runner-krunvm/pkgs/container/runner-krunvm-fedora
[crun]: https://github.com/containers/crun
[podman]: https://github.com/containers/podman

## Example

Expand Down Expand Up @@ -68,6 +72,7 @@ starting with `RUNNER_` will affect the behaviour of each [runner] (loop).
critical software tools.
+ Good compatibility with the regular GitHub [runners]: same user ID, member of
the `docker` group, password-less `sudo`, etc.
+ Supports both [krunvm] or the [krun][crun] runtime under [podman].
+ In theory, the main [ubuntu] and [fedora] images should be able to be used in
more traditional container-based solutions -- perhaps [sysbox]? Reports and/or
changes are welcome.
Expand All @@ -85,17 +90,20 @@ UNIX binary utilities. PRs are welcome to make the project work on MacOS, if it
does not already.

Apart from the standard UNIX binary utilities, you will need the following
installed on the host. Installation is easiest on Fedora
installed on the host. Installation is easiest on Fedora (see original [issue]
for installation on older versions).

+ `curl`
+ `jq`
+ `buildah`
+ `krunvm` (and its [requirements])
+ A compatible runtime, i.e. either:
+ `krun` and [`podman`][podman].
+ `krunvm`, its [requirements] and `buildah`

Note: You do not need `podman`.
Note: When opting for `krunvm`, you do not need `podman`.

[built]: ./.github/workflows/ci.yml
[requirements]: https://github.com/containers/krunvm#installation
[issue]: https://github.com/efrecon/gh-runner-krunvm/issues/22

## GitHub Token

Expand Down Expand Up @@ -129,9 +137,9 @@ permissions.
The [orchestrator] creates as many loops of ephemeral runners as requested.
These loops are implemented as part of the [runner.sh][runner] script: the
script will create a microVM based on the default image (see below), memory and
vCPU requirement. It will then start that microVM using `krunvm` and that will
start an (ephemeral) GitHub [runner][self]. As soon as a job has been executed
on that runner, the microVM will end and a new will be created.
vCPU requirement. It will then start that microVM using `krunvm` or `podman` and
the VM will start an (ephemeral) GitHub [runner][self]. As soon as a job has
been executed on that runner, the microVM will end and a new will be created.

The OCI image is built in two parts:

Expand Down
31 changes: 25 additions & 6 deletions lib/common.sh
Original file line number Diff line number Diff line change
Expand Up @@ -51,9 +51,33 @@ usage() {
}

check_command() {
OPTIND=1
_hard=1
_warn=0
while getopts "sw-" _opt; do
case "$_opt" in
s) # Soft check, return an error code instead of exiting
_hard=0;;
w) # Print a warning when soft checking
_warn=1;;
-) # End of options, everything after is the command
break;;
?)
error "$_opt is an unrecognised option";;
esac
done
shift $((OPTIND-1))
efrecon marked this conversation as resolved.
Show resolved Hide resolved
efrecon marked this conversation as resolved.
Show resolved Hide resolved
if [ -z "$1" ]; then
error "No command specified for checking"
fi
trace "Checking $1 is an accessible command"
if ! command -v "$1" >/dev/null 2>&1; then
error "Command not found: $1"
if is_true "$_hard"; then
error "Command not found: $1"
elif is_true "$_warn"; then
warn "Command not found: $1"
fi
return 1
efrecon marked this conversation as resolved.
Show resolved Hide resolved
fi
}

Expand All @@ -70,11 +94,6 @@ get_env() (
fi
)

run_krunvm() {
debug "Running krunvm $*"
buildah unshare krunvm "$@"
}

tac() {
awk '{ buffer[NR] = $0; } END { for(i=NR; i>0; i--) { print buffer[i] } }'
}
Expand Down
Loading
Loading