diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml
index d13c0fa..4594fad 100644
--- a/.github/workflows/create-release.yml
+++ b/.github/workflows/create-release.yml
@@ -8,6 +8,10 @@ on:
push:
branches:
- "main"
+ paths-ignore:
+ - "docs/**"
+ - "CHANGELOG.md"
+ - "README.md"
env:
IMAGE_NAME: "${{ github.repository_owner }}/github-actions-runner"
diff --git a/README.md b/README.md
index 7c7d16a..9d05a74 100644
--- a/README.md
+++ b/README.md
@@ -37,22 +37,100 @@ Available Tags:
| Variable | Type | Description |
| -------------------------------------- | ------ | ----------------------------------------------------------------------------------------------------------------- |
| `GH_ORG`, `GH_REPO` or `GH_ENTERPRISE` | string | Points to the GitHub enterprise, organisation or repo where the runner should be installed |
-| `GH_ACCESS_TOKEN` | string | Developer Token vor the GitHub Organisation
This Token can be personal and is onlv needed during installation |
+| `GH_ACCESS_TOKEN` | string | Developer Token vor the GitHub Organisation
This Token can be personal and is onlv needed during installation |
### Optional environmental variables
For the helm values see the [values.yaml](https://github.com/fullstack-devops/helm-charts/blob/main/charts/github-actions-runner/values.yaml), section `envValues`
-| Variable | Type | Default | Description |
-| ----------------- | ------ | ------------------------ | -------------------------------------------------------------------- |
-| `GH_URL` | string | `https://github.com` | For GitHub Enterprise support |
-| `GH_API_ENDPOINT` | string | `https://api.github.com` | For GitHub Enterprise support eg.: `https://git.example.com/api/v3/` |
-| `KANIKO_ENABLED` | bool | `false` | enable builds with kaniko (works only with kaniko-sidecar) |
+| Variable | Type | Default | Description |
+| ------------------------ | ------ | ------------------------ | ------------------------------------------------------------------------- |
+| `GH_URL` | string | `https://github.com` | For GitHub Enterprise support |
+| `GH_API_ENDPOINT` | string | `https://api.github.com` | For GitHub Enterprise support eg.: `https://git.example.com/api/v3/` |
+| `KANIKO_ENABLED` | bool | `false` | enable builds with kaniko (works only with kaniko-sidecar) |
+| `PROXY_PAC` | string | - | proxy pac file url |
+| `PROXY_NTLM_CREDENTIALS` | string | - | (required when `PROXY_PAC` is set) credentials when connecting with proxy |
---
+## Proxy Support
+
+The way out ;)
+
+- Getting the Software to create the Credentials: https://github.com/samuong/alpaca/releases
+- Creating your NTML Cerdentials `alpaca -d -u -H`
+- Set the env variables `PROXY_PAC` and `PROXY_NTLM_CREDENTIALS` in your container, pod or helm-chart
+- If you want to use the proxy service in your github-action checkout the examples
+
## Examples
+### Proxy in github actions
+
+#### for only one step
+
+```yaml
+name: Deploy from internet
+
+on:
+
+jobs:
+ add-helm-chart:
+ runs-on: [self-hosted, ansible] # look for default tags or your own
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v3
+
+ - name: check helm chart
+ env:
+ http_proxy: http://localhost:3128
+ https_proxy: http://localhost:3128
+ no_proxy: "197.0.0.0/8,*.internal.net" # replace with you internal reachable adresses
+ run: |
+ helm repo add fs-devops https://fullstack-devops.github.io/helm-charts/
+ helm repo add sonatype https://sonatype.github.io/helm3-charts/
+
+ - name: do something here
+
+ - name: remove check helm chart
+ if: always()
+ run: |
+ helm repo remove fs-devops
+ helm repo remove sonatype
+```
+
+#### for whole workflow
+
+```yaml
+name: Deploy from internet
+
+on:
+
+env:
+ http_proxy: http://localhost:3128
+ https_proxy: http://localhost:3128
+ no_proxy: "197.0.0.0/8,*.internal.net" # replace with you internal reachable adresses
+
+jobs:
+ add-helm-chart:
+ runs-on: [self-hosted, ansible] # look for default tags or your own
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v3
+
+ - name: check helm chart
+ run: |
+ helm repo add fs-devops https://fullstack-devops.github.io/helm-charts/
+ helm repo add sonatype https://sonatype.github.io/helm3-charts/
+
+ - name: do something here
+
+ - name: remove check helm chart
+ if: always()
+ run: |
+ helm repo remove fs-devops
+ helm repo remove sonatype
+```
+
### docker
If you are using `docker` or `podman` the options and commands are basically the same.
diff --git a/images/ansible-k8s/Dockerfile b/images/ansible-k8s/Dockerfile
index 9573d2d..04e0587 100644
--- a/images/ansible-k8s/Dockerfile
+++ b/images/ansible-k8s/Dockerfile
@@ -14,7 +14,7 @@ ENV GH_RUNNER_LABELS="ubuntu-20.04,ansible-k8s"
# https://github.com/kubernetes/kubernetes/releases/
ARG KUBECTL_VERSION=1.23.5
# https://github.com/helm/helm/releases
-ARG HELM_VERSION=3.8.1
+ARG HELM_VERSION=3.12.0
COPY --from=build /go/src/github.com/containers/skopeo/bin/skopeo /usr/local/bin/skopeo
COPY --from=build /go/src/github.com/containers/skopeo/default-policy.json /etc/containers/policy.json
diff --git a/images/base/Dockerfile b/images/base/Dockerfile
index bd90870..aa4d5d8 100644
--- a/images/base/Dockerfile
+++ b/images/base/Dockerfile
@@ -18,13 +18,13 @@ ENV GH_RUNNER_WORKDIR="/home/$USERNAME"
ENV GH_KANIKO_WORKDIR="/kaniko/workspace"
# https://github.com/actions/runner/releases
-ENV GH_RUNNER_VERSION=2.300.2
+ENV GH_RUNNER_VERSION=2.304.0
ENV GH_RUNNER_LABELS=ubuntu-20.04
# https://github.com/fullstack-devops/awesome-ci/releases
-ENV AWESOME_CI_VERSION 1.1.3
+ENV AWESOME_CI_VERSION 1.2.4
# https://github.com/samuong/alpaca/releases
-ENV ALPACA_VERSION 1.3.2
+ENV ALPACA_VERSION 2.0.2
# making nessecarry directories
RUN mkdir /helper-scripts \
diff --git a/images/base/helper-scripts/detect-setup.sh b/images/base/helper-scripts/detect-setup.sh
index a8f58d2..55f11c6 100755
--- a/images/base/helper-scripts/detect-setup.sh
+++ b/images/base/helper-scripts/detect-setup.sh
@@ -1,7 +1,6 @@
#!/bin/bash
CA_FILE="/etc/ssl/certs/ca-certificates.crt"
-CUSTOM_CA_FILE="/etc/ssl/certs/custom/ca-certificates.crt"
importCertOldJava () {
alias=$(openssl x509 -noout -subject -in "$1" | awk -F= '{print $NF}' | sed -e 's/^[ \t]*//' | sed -e 's/ /_/g')
@@ -15,9 +14,8 @@ importCertNewJava () {
keytool -importcert -alias $alias -cacerts -storepass changeit -file $1 -noprompt -trustcacerts
}
-# merge custom ca file
-if [ -f "$CA_FILE" ]; then
- cat $CUSTOM_CA_FILE >> $CA_FILE
+if test -r $CA_FILE; then
+ echo "[WARN] no permissions on $CA_FILE"
fi
# yarn
diff --git a/images/base/helper-scripts/gh-entrypoint.sh b/images/base/helper-scripts/gh-entrypoint.sh
index 8e1f866..0529a91 100755
--- a/images/base/helper-scripts/gh-entrypoint.sh
+++ b/images/base/helper-scripts/gh-entrypoint.sh
@@ -1,22 +1,44 @@
#!/bin/bash
+echo "#####################"
+echo "Running entrypoint.sh"
+echo ""
+
# connection details
-last_char="${GH_URL: -1}"
-[[ $last_char == "/" ]] && GH_URL="${GH_URL::-1}"
-readonly _GH_URL="${GH_URL:-https://github.com}"
+if [ -n "$GH_URL" ]; then
+ last_char="${GH_URL: -1}"
+ [[ $last_char == "/" ]] && GH_URL="${GH_URL::-1}"
+ readonly _GH_URL="$GH_URL"
+ echo "Using custom GitHub enterprise instance: $_GH_URL"
+else
+ readonly _GH_URL="https://github.com"
+ echo "Using default GitHub instance: $_GH_URL"
+fi
-last_char="${GH_API_ENDPOINT: -1}"
-[[ $last_char == "/" ]] && GH_API_ENDPOINT="${GH_API_ENDPOINT::-1}"
-readonly _GH_API_ENDPOINT="${GH_API_ENDPOINT:-https://api.github.com}"
+if [ -n "$GH_API_ENDPOINT" ]; then
+ last_char="${GH_API_ENDPOINT: -1}"
+ [[ $last_char == "/" ]] && GH_API_ENDPOINT="${GH_API_ENDPOINT::-1}"
+ readonly _GH_API_ENDPOINT="$GH_API_ENDPOINT"
+ echo "Using custom api url: $_GH_API_ENDPOINT"
+else
+ # if GH_API_ENDPOINT not specified but GH_URL
+ if [ -n "$GH_URL" ]; then
+ readonly _GH_API_ENDPOINT="$_GH_URL/api/v3"
+ echo "Using custom GitHub instance with default api url: $_GH_API_ENDPOINT"
+ else
+ readonly _GH_API_ENDPOINT="https://api.github.com"
+ echo "Using default GitHub instance: $_GH_API_ENDPOINT"
+ fi
+fi
# Org/ Repo details
if [ -n "$GH_ORG" ]; then
readonly RUNNER_URL="${_GH_URL}/${GH_ORG}"
readonly RUNNER_REG_TOKEN_URL="${_GH_API_ENDPOINT}/orgs/${GH_ORG}/actions/runners/registration-token"
-elif [ -n "$GH_ORG" ] && [ -n "$GH_REPO" ]; then
+ elif [ -n "$GH_ORG" ] && [ -n "$GH_REPO" ]; then
readonly RUNNER_URL="${_GH_URL}/${GH_ORG}/${GH_REPO}"
readonly RUNNER_REG_TOKEN_URL="${_GH_API_ENDPOINT}/repos/${GH_ORG}/${GH_REPO}/actions/runners/registration-token"
-elif [ -n "$GH_ENTERPRISE" ]; then
+ elif [ -n "$GH_ENTERPRISE" ]; then
readonly RUNNER_URL="${_GH_URL}/${GH_ENTERPRISE}"
readonly RUNNER_REG_TOKEN_URL="${_GH_API_ENDPOINT}/enterprises/${GH_ENTERPRISEs}/actions/runners/registration-token"
else
@@ -30,7 +52,7 @@ fi
# access details
if [ ! -z "$RUNNER_TOKEN" ]; then
readonly REG_TOKEN=$RUNNER_TOKEN
-elif [ ! -z $GH_ACCESS_TOKEN ]; then
+ elif [ ! -z $GH_ACCESS_TOKEN ]; then
readonly REG_TOKEN=$(curl -s -X POST -H "Accept: application/vnd.github.v3+json" -H "Authorization: token $GH_ACCESS_TOKEN" $RUNNER_REG_TOKEN_URL | jq .token --raw-output)
else
echo "Please provide one of the Environment Variables:"
@@ -40,43 +62,59 @@ fi
if [ -z ${RUNNER_HOME} ]; then
echo "Environment variable 'RUNNER_HOME' is not set"
- exit 1
+ exit 255
fi
if [ "$KANIKO_ENABLED" == "true" ]; then
readonly GH_WORKDIR=$GH_KANIKO_WORKDIR
- echo "Build container via Kaniko: enabled"
+ echo "Build container via Kaniko: enabled"
GH_RUNNER_LABELS="${GH_RUNNER_LABELS},kaniko"
else
readonly GH_WORKDIR=$GH_RUNNER_WORKDIR
- echo "Build container via Kaniko: disabled"
+ echo "Build container via Kaniko: disabled"
fi
-echo "Connecting runner to: $RUNNER_URL"
-echo "Individual Runner Name: $HOSTNAME"
-echo "Runner Home: $RUNNER_HOME"
+echo "Connecting runner to: $RUNNER_URL"
+echo "Individual Runner Name: $HOSTNAME"
+echo "Runner Home: $RUNNER_HOME"
+echo ""
+
+# proxy support
+if [ -n "$PROXY_PAC" ]; then
+ echo "Using configured Proxy PAC"
+ if [ ! -n "$PROXY_NTLM_CREDENTIALS" ]; then
+ echo "Please provide the Environment Variable 'PROXY_NTLM_CREDENTIALS'"
+ exit 255
+ fi
+ NTLM_CREDENTIALS="$PROXY_NTLM_CREDENTIALS" alpaca -C "$PROXY_PAC" >/dev/null 2>&1 &
+ unset PROXY_NTLM_CREDENTIALS
+ echo $! >/tmp/proxy_pid
+fi
-echo "Running setup fpr installed software..."
+echo ""
+echo "Running setup for installed software..."
/helper-scripts/detect-setup.sh
+echo "configure GitHub runner"
${RUNNER_HOME}/config.sh \
- --name $HOSTNAME \
- --token $REG_TOKEN \
- --work $GH_WORKDIR \
- --url "$RUNNER_URL" \
- --labels $GH_RUNNER_LABELS \
- --unattended \
- --replace
-echo "Runner configured"
+--name $HOSTNAME \
+--token $REG_TOKEN \
+--work $GH_WORKDIR \
+--url "$RUNNER_URL" \
+--labels $GH_RUNNER_LABELS \
+--runnergroup ${GH_RUNNER_GROUP:-'default'} \
+--unattended \
+--replace
+echo "GitHub runner configured"
cleanup() {
echo "Removing runner..."
if [ ! -z "$RUNNER_TOKEN" ]; then
- readonly REG_TOKEN=$RUNNER_TOKEN
- elif [ ! -z $GH_ACCESS_TOKEN ]; then
- readonly REG_TOKEN=$(curl -s -X POST -H "Accept: application/vnd.github.v3+json" -H "Authorization: token $GH_ACCESS_TOKEN" $RUNNER_REG_TOKEN_URL | jq .token --raw-output)
+ readonly REG_TOKEN_RM=$RUNNER_TOKEN
+ elif [ ! -z $GH_ACCESS_TOKEN ]; then
+ readonly REG_TOKEN_RM=$(curl -s -X POST -H "Accept: application/vnd.github.v3+json" -H "Authorization: token $GH_ACCESS_TOKEN" $RUNNER_REG_TOKEN_URL | jq .token --raw-output)
fi
- ${RUNNER_HOME}/config.sh remove --token ${REG_TOKEN}
+ ${RUNNER_HOME}/config.sh remove --token ${REG_TOKEN_RM}
exit 1
}
diff --git a/images/golang/Dockerfile b/images/golang/Dockerfile
index 33874d9..2b10700 100644
--- a/images/golang/Dockerfile
+++ b/images/golang/Dockerfile
@@ -4,9 +4,9 @@ USER root
ENV GH_RUNNER_LABELS="ubuntu-20.04,nodejs,golang,helm,ansible"
# https://github.com/helm/helm/releases
-ARG HELM_VERSION=3.8.1
+ARG HELM_VERSION=3.12.0
# https://go.dev/dl/
-ARG GO_VERSION=1.19
+ARG GO_VERSION=1.20.4
# Install helm
RUN export ARCH=$(/helper-scripts/translate-aarch.sh a-short) \
@@ -16,7 +16,7 @@ RUN export ARCH=$(/helper-scripts/translate-aarch.sh a-short) \
# install build tools for golang
RUN export ARCH=$(/helper-scripts/translate-aarch.sh a-short) \
&& wget https://golang.org/dl/go${GO_VERSION}.linux-${ARCH}.tar.gz -O /usr/local/src/go.linux.tar.gz \
- && tar -xf /usr/local/src/go.linux.tar.gz \
+ && tar -C /usr/local/src -xzf /usr/local/src/go.linux.tar.gz \
&& rm -rf /usr/local/src/go.linux.tar.gz \
&& ln -s /usr/local/src/go/bin/go /usr/local/bin/
@@ -24,6 +24,8 @@ RUN chown -R $USERNAME /home/$USERNAME
USER $USERNAME
+ENV PATH=$PATH:/home/runner/go/bin
+
# install helm plugins helm push, appr && diff
RUN helm plugin install --version 0.10.3 https://github.com/chartmuseum/helm-push.git \
&& helm plugin install --version 0.7.0 https://github.com/app-registry/appr-helm-plugin.git \
diff --git a/images/maven-adopt-8-ng/Dockerfile b/images/maven-adopt-8-ng/Dockerfile
index 57de55d..5331ac1 100644
--- a/images/maven-adopt-8-ng/Dockerfile
+++ b/images/maven-adopt-8-ng/Dockerfile
@@ -19,20 +19,20 @@ RUN chmod 666 /usr/lib/jvm/adoptopenjdk-8-hotspot-amd64/jre/lib/security/cacerts
ENV GH_RUNNER_LABELS="ubuntu-20.04,maven,openjdk-8,nodejs,go,yarn,helm,ansible"
# https://github.com/helm/helm/releases
-ARG HELM_VERSION=3.8.1
+ARG HELM_VERSION=3.12.0
# Install helm
RUN export ARCH=$(/helper-scripts/translate-aarch.sh a-short) \
&& wget -q https://get.helm.sh/helm-v${HELM_VERSION}-linux-${ARCH}.tar.gz -O - | tar -xzO linux-${ARCH}/helm > /usr/local/bin/helm \
&& chmod +x /usr/local/bin/helm
-RUN mkdir -p /home/${USERNAME}/.m2/ \
- && chown -R $USERNAME /home/$USERNAME
-
# install npm tools: yarn
ENV NPM_CONFIG_LOGLEVEL=warn NG_CLI_ANALYTICS=false
RUN npm install --location=global yarn pnpm @angular/cli@15 \
&& npm cache clean --force
+
+RUN mkdir -p /home/${USERNAME}/.m2/ \
+ && chown -R $USERNAME /home/$USERNAME
USER $USERNAME
diff --git a/images/maven-temurin-11/Dockerfile b/images/maven-temurin-11/Dockerfile
index 97a3e4c..3ceb383 100644
--- a/images/maven-temurin-11/Dockerfile
+++ b/images/maven-temurin-11/Dockerfile
@@ -16,7 +16,7 @@ RUN chmod 666 /usr/lib/jvm/temurin*/lib/security/cacerts
ENV GH_RUNNER_LABELS="ubuntu-20.04,maven,temurin-11,helm,ansible"
# https://github.com/helm/helm/releases
-ARG HELM_VERSION=3.8.1
+ARG HELM_VERSION=3.12.0
# Install helm
RUN export ARCH=$(/helper-scripts/translate-aarch.sh a-short) \
diff --git a/images/maven-temurin-17/Dockerfile b/images/maven-temurin-17/Dockerfile
index fa47a6d..a58d114 100644
--- a/images/maven-temurin-17/Dockerfile
+++ b/images/maven-temurin-17/Dockerfile
@@ -1,9 +1,8 @@
FROM ghcr.io/fullstack-devops/github-actions-runner:latest-base
USER root
-# install packages along with jq so we can parse JSON
# add additional packages as necessary
-ARG PACKAGES="temurin-17-jdk xmlstarlet maven"
+ARG PACKAGES="temurin-17-jdk xmlstarlet"
ARG PACKAGES_PYTHON="kubernetes"
RUN apt-get update \
@@ -11,12 +10,17 @@ RUN apt-get update \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get clean
+# maven version > 3.6 is still not in ubuntu package managemant
+ENV MAVEN_VERSION=3.9.3
+RUN curl -fsSL https://dlcdn.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries/apache-maven-${MAVEN_VERSION}-bin.tar.gz | tar -xzC /opt/ \
+ && ln -s /opt/apache-maven-${MAVEN_VERSION}/bin/mvn /usr/bin/mvn
+
# make cacerts for user accessable
RUN chmod 666 /usr/lib/jvm/temurin*/lib/security/cacerts
ENV GH_RUNNER_LABELS="ubuntu-20.04,maven,temurin-17,helm,ansible"
# https://github.com/helm/helm/releases
-ARG HELM_VERSION=3.8.1
+ARG HELM_VERSION=3.12.0
# Install helm
RUN export ARCH=$(/helper-scripts/translate-aarch.sh a-short) \
diff --git a/images/ng-cli-karma/Dockerfile b/images/ng-cli-karma/Dockerfile
index 941a98f..2ccfda6 100644
--- a/images/ng-cli-karma/Dockerfile
+++ b/images/ng-cli-karma/Dockerfile
@@ -22,7 +22,7 @@ RUN apt-get update \
ENV GH_RUNNER_LABELS="ubuntu-20.04,nodejs,yarn,karma,chrome,helm,ansible"
# https://github.com/helm/helm/releases
-ARG HELM_VERSION=3.8.1
+ARG HELM_VERSION=3.12.0
# https://go.dev/dl/
ARG GO_VERSION=1.18
@@ -31,13 +31,13 @@ RUN export ARCH=$(/helper-scripts/translate-aarch.sh a-short) \
&& wget -q https://get.helm.sh/helm-v${HELM_VERSION}-linux-${ARCH}.tar.gz -O - | tar -xzO linux-${ARCH}/helm > /usr/local/bin/helm \
&& chmod +x /usr/local/bin/helm
-RUN chown -R $USERNAME /home/$USERNAME
-
# install npm tools: yarn
ENV NPM_CONFIG_LOGLEVEL=warn NG_CLI_ANALYTICS=false
RUN npm install --location=global yarn pnpm @angular/cli@15 \
&& npm cache clean --force
+RUN chown -R $USERNAME /home/$USERNAME
+
USER $USERNAME
# install helm plugins helm push, appr && diff