Heavily (90%) based on ubuntu-nested-qemu-docker.
Github action runner is embedded in the container.
Providing /ext/entrypoint
can automate the start of the runner.
The runner lives at /actions-runner .
Launch the container interactively with make _run
and log into the nested Ubuntu as root or runner without password, cd to /actions-runner and play !
myoung34 entrypoint is embedded so you can use it like:
export REPO_URL='https://github.com/herokukms/github-runner-docker'
export ACCESS_TOKEN='ghp_DA2KUNAo01OI3vtF59P5ZdzGLmQ63u3XG7KS'
cd /actions-runner
/entrypoint.sh ./bin/Runner.Listener run --startuptype service
Because most of docker container can't run in a privileged environment and so cannot run Docker.
This Docker image runs an Ubuntu linux in a QEMU virtual machine so the docker daemon runs like in a real machine.
For modding you need /sources/ubuntu.iso. It is the official Ubuntu 22.0.4 x64 live server iso. You can find it at or download it via the official .torrent.
A copy of the torrent is here… But trusting is something difficulkt :).
docker run -p 5900:5900 -p 8080:80 -p 2323:23 -it -v ./ext:/ext eltorio/ubuntu-nested-qemu-docker
./ext/entrypoint
is a mandatory shell script. It will be run after all services in the Ubuntu virtual machine.
From inside the docker container you can log in the qemu guest via telnet localhost
as runner or root without password.
You can use vnc on port 5900 (:0) , web vnc on port 80 or telnet on port 23
Before packaging this clean was done:
apt-get clean autoclean
apt-get autoremove --yes
echo "" > ~/.bash_history
halt
While connected to the qemu container you can reach the nested Ubuntu vm with
telnet localhost
hit enter and connect as root For leaving telnet hit CTRL+$ and quit
This launch 10 replicas of action-runner on Kubernetes without special privilege
---
apiVersion: v1
kind: Secret
metadata:
name: heartbeat
namespace: runner-sandbox
type: Opaque
stringData:
now: "19792921"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: entrypoint
namespace: runner-sandbox
data:
entrypoint: |
#!/bin/sh
while (! docker stats --no-stream ); do
# Docker takes a few seconds to initialize
echo "Waiting for Docker to launch..."
sleep $((`od -vAn -N2 -tu2 < /dev/urandom` %15))
done
export ACCESS_TOKEN=ghp_DA2KUNAo01OI3vtF59P5ZdzGLmQ63u3XG7KS
export ORG_NAME=Heroku
export RUNNER_GROUP=k8s
export RUNNER_SCOPE=org
export RUNNER_NAME_PREFIX=heroku
cd /actions-runner || exit
/entrypoint.sh ./bin/Runner.Listener run --startuptype service
---
apiVersion: apps/v1
#kind: Deployment
kind: StatefulSet
metadata:
name: herokukms-runner
namespace: runner-sandbox
labels:
app: herokukms-runner
spec:
replicas: 1
#strategy:
# type: Recreate
selector:
matchLabels:
app: herokukms-runner
template:
metadata:
labels:
app: herokukms-runner
spec:
containers:
- name: herokukms-runner
image: herokukms/github-runner-docker:1.0.0
volumeMounts:
- name: entrypoint
mountPath: /ext
env:
- name: ACCESS_TOKEN
value: ghp_DA2KUNAo01OI3vtF59P5ZdzGLmQ63u3XG7KS
- name: ORG_NAME
value: "Heroku"
- name: RUNNER_GROUP
value: "k8s"
- name: RUNNER_SCOPE
value: org
- name: TIMESTAMP
value: "19792921"
- name: RANDOM_RUNNER_SUFFIX
value: "hostname"
- name: QEMU_CPU
value: "1"
- name: QEMU_RAM
value: "2048"
#- name: UPDATED
# value: "19792921"
# securityContext:
# privileged: true
volumes:
- name: entrypoint
configMap:
name: entrypoint
defaultMode: 0777