1- FROM ghcr.io/actions/actions-runner:2.328.0 AS actions-runner
1+ # Adapted from https://github.com/actions/runner/blob/main/images/Dockerfile
2+ FROM ubuntu:25.10 AS build
3+
4+ ARG TARGETOS
5+ ARG TARGETARCH
6+ ARG RUNNER_VERSION=2.329.0
7+ ARG RUNNER_CONTAINER_HOOKS_VERSION=0.7.0
8+ ARG DOCKER_VERSION=28.5.1
9+ ARG BUILDX_VERSION=0.29.1
10+
11+ RUN apt update -y && apt install curl unzip -y
12+
13+ WORKDIR /actions-runner
14+ RUN export RUNNER_ARCH=${TARGETARCH} \
15+ && if [ "$RUNNER_ARCH" = "amd64" ]; then export RUNNER_ARCH=x64 ; fi \
16+ && curl -f -L -o runner.tar.gz https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-${TARGETOS}-${RUNNER_ARCH}-${RUNNER_VERSION}.tar.gz \
17+ && tar xzf ./runner.tar.gz \
18+ && rm runner.tar.gz
19+
20+ RUN curl -f -L -o runner-container-hooks.zip https://github.com/actions/runner-container-hooks/releases/download/v${RUNNER_CONTAINER_HOOKS_VERSION}/actions-runner-hooks-k8s-${RUNNER_CONTAINER_HOOKS_VERSION}.zip \
21+ && unzip ./runner-container-hooks.zip -d ./k8s \
22+ && rm runner-container-hooks.zip
23+
24+ RUN curl -f -L -o runner-container-hooks.zip https://github.com/actions/runner-container-hooks/releases/download/v0.8.0/actions-runner-hooks-k8s-0.8.0.zip \
25+ && unzip ./runner-container-hooks.zip -d ./k8s-novolume \
26+ && rm runner-container-hooks.zip
27+
28+ RUN export RUNNER_ARCH=${TARGETARCH} \
29+ && if [ "$RUNNER_ARCH" = "amd64" ]; then export DOCKER_ARCH=x86_64 ; fi \
30+ && if [ "$RUNNER_ARCH" = "arm64" ]; then export DOCKER_ARCH=aarch64 ; fi \
31+ && curl -fLo docker.tgz https://download.docker.com/${TARGETOS}/static/stable/${DOCKER_ARCH}/docker-${DOCKER_VERSION}.tgz \
32+ && tar zxvf docker.tgz \
33+ && rm -rf docker.tgz \
34+ && mkdir -p /usr/local/lib/docker/cli-plugins \
35+ && curl -fLo /usr/local/lib/docker/cli-plugins/docker-buildx \
36+ "https://github.com/docker/buildx/releases/download/v${BUILDX_VERSION}/buildx-v${BUILDX_VERSION}.linux-${TARGETARCH}" \
37+ && chmod +x /usr/local/lib/docker/cli-plugins/docker-buildx
38+
39+ FROM ubuntu:25.10 AS actions-runner
40+
41+ ARG TARGETARCH
242
343# renovate: datasource=github-releases depName=google/go-containerregistry
444ARG CRANE_VERSION=v0.20.6
545# renovate: datasource=github-releases depName=mikefarah/yq
6- ARG YQ_VERSION=v4.47 .1
46+ ARG YQ_VERSION=v4.48 .1
747# renovate: datasource=github-releases depName=getsops/sops
8- ARG SOPS_VERSION=v3.10.2
48+ ARG SOPS_VERSION=v3.11.0
949# renovate: datasource=github-tags depName=aws/aws-cli
10- ARG AWSCLI_VERSION=2.28.14
50+ ARG AWSCLI_VERSION=2.31.16
51+
52+ ENV DEBIAN_FRONTEND=noninteractive
53+ ENV RUNNER_MANUALLY_TRAP_SIG=1
54+ ENV ACTIONS_RUNNER_PRINT_LOG_TO_STDOUT=1
55+ ENV ImageOS=ubuntu25
56+
57+ # 'gpg-agent' and 'software-properties-common' are needed for the 'add-apt-repository' command that follows
58+ RUN apt update -y \
59+ && apt install -y --no-install-recommends sudo lsb-release gpg-agent software-properties-common curl jq unzip \
60+ && rm -rf /var/lib/apt/lists/*
61+
62+ # Configure git-core/ppa based on guidance here: https://git-scm.com/download/linux
63+ RUN add-apt-repository ppa:git-core/ppa \
64+ && apt update -y \
65+ && apt install -y git \
66+ && rm -rf /var/lib/apt/lists/*
67+
68+ RUN adduser --disabled-password --gecos "" --uid 1001 runner \
69+ && groupadd docker --gid 123 \
70+ && usermod -aG sudo runner \
71+ && usermod -aG docker runner \
72+ && echo "%sudo ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers \
73+ && echo "Defaults env_keep += \" DEBIAN_FRONTEND\" " >> /etc/sudoers
74+
75+ WORKDIR /home/runner
76+
77+ COPY --chown=runner:docker --from=build /actions-runner .
78+ COPY --from=build /usr/local/lib/docker/cli-plugins/docker-buildx /usr/local/lib/docker/cli-plugins/docker-buildx
1179
12- USER root
80+ RUN install -o root -g root -m 755 docker/* /usr/bin/ && rm -rf docker
1381
82+ # Siderolabs custom packages
1483RUN apt-get update -y && \
1584 apt upgrade -y && \
1685 apt install -y \
@@ -34,9 +103,14 @@ RUN apt-get update -y && \
34103 net-tools \
35104 && rm -rf /var/lib/apt/lists/*
36105
37- RUN curl -fSL https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 -o /usr/bin/yq && chmod +x /usr/bin/yq
38- RUN curl -fSL https://github.com/google/go-containerregistry/releases/download/${CRANE_VERSION}/go-containerregistry_Linux_x86_64.tar.gz | tar xzf - -C /usr/local/bin/ crane
39- RUN curl -fSL https://github.com/getsops/sops/releases/download/${SOPS_VERSION}/sops-${SOPS_VERSION}.linux.amd64 -o /usr/bin/sops && chmod +x /usr/bin/sops
40- RUN curl -fSL https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${AWSCLI_VERSION}.zip -o awscliv2.zip && unzip awscliv2.zip && ./aws/install && rm -rf awscliv2.zip aws
106+ RUN curl -fSL https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_${TARGETARCH} -o /usr/bin/yq && chmod +x /usr/bin/yq
107+ RUN export CRANE_PLATFORM=${TARGETARCH} \
108+ && if [ "$CRANE_PLATFORM" = "amd64" ]; then CRANE_PLATFORM=x86_64 ; fi \
109+ && curl -fSL https://github.com/google/go-containerregistry/releases/download/${CRANE_VERSION}/go-containerregistry_Linux_${CRANE_PLATFORM}.tar.gz | tar xzf - -C /usr/local/bin/ crane
110+ RUN curl -fSL https://github.com/getsops/sops/releases/download/${SOPS_VERSION}/sops-${SOPS_VERSION}.linux.${TARGETARCH} -o /usr/bin/sops && chmod +x /usr/bin/sops
111+ RUN export AWSCLI_PLATFORM=${TARGETARCH} \
112+ && if [ "$AWSCLI_PLATFORM" = "amd64" ]; then AWSCLI_PLATFORM=x86_64 ; fi \
113+ && if [ "$AWSCLI_PLATFORM" = "arm64" ]; then AWSCLI_PLATFORM=aarch64 ; fi \
114+ && curl -fSL https://awscli.amazonaws.com/awscli-exe-linux-${AWSCLI_PLATFORM}-${AWSCLI_VERSION}.zip -o awscliv2.zip && unzip awscliv2.zip && ./aws/install && rm -rf awscliv2.zip aws
41115
42116USER runner
0 commit comments