Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 86 Commits
.github		.github
alpine		alpine
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
CONTRIBUTING.md		CONTRIBUTING.md
Dockerfile		Dockerfile
Dockerfile.dind		Dockerfile.dind
Dockerfile.docker		Dockerfile.docker
LICENSE		LICENSE
README.md		README.md
dind		dind
docker-entrypoint.sh		docker-entrypoint.sh
dockerd-entrypoint.sh		dockerd-entrypoint.sh
dockerd-rootless-setup-tool.sh		dockerd-rootless-setup-tool.sh
dockerd-rootless.sh		dockerd-rootless.sh
github-actions-entrypoint.sh		github-actions-entrypoint.sh
logger.sh		logger.sh
modprobe.sh		modprobe.sh
runner.sh		runner.sh
token.sh		token.sh

Repository files navigation

GitHub Actions Runner

Built onubuntu:20.04, configured for rootless dind 🎉, impossible without invaluable advice from@kenichi-shibata and@sidick.

Inspiration from

https://github.com/cruizba/ubuntu-dind showed me it was possible on ubuntu
https://github.com/myoung34/docker-github-actions-runner showed it running docker outside docker - inspired API and wrote some README - rights theirs
https://github.com/docker-library/docker/tree/master/20.10/dind-rootless for their outstanding work

Images

Docker Github Actions Runner

This will run thenew self-hosted github actions runners.

Environment Variables

Environment Variable	Description
`RUNNER_NAME`	The name of the runner to use. Supercedes (overrides)`RUNNER_NAME_PREFIX`
`RUNNER_NAME_PREFIX`	A prefix for a randomly generated name (followed by a random 13 digit string). You must not also provide`RUNNER_NAME`. Defaults to`github-runner`
`ACCESS_TOKEN`	Agithub PAT to use to generate`RUNNER_TOKEN` dynamically at container start. Not using this requires a valid`RUNNER_TOKEN`
`ORG_RUNNER`	Only valid if using`ACCESS_TOKEN`. This will set the runner to an org runner. Default is 'false'. Valid values are 'true' or 'false'. If this is set to true you must also set`ORG_NAME` and makes`REPO_URL` unneccesary
`ORG_NAME`	The organization name for the runner to register under. Requires`ORG_RUNNER` to be 'true'. No default value.
`LABELS`	A comma separated string to indicate the labels. Default is 'default'
`REPO_URL`	If using a non-organization runner this is the full repository url to register under such as 'https://github.com/msyea/repo'
`RUNNER_TOKEN`	If not using a PAT for`ACCESS_TOKEN` this will be the runner token provided by the Add Runner UI (a manual process). Note: This token is short lived and will change frequently.`ACCESS_TOKEN` is likely preferred.
`RUNNER_WORKDIR`	The working directory for the runner. Runners on the same host should not share this directory. Default is '/_work'. This must match the source path for the bind-mounted volume at RUNNER_WORKDIR, in order for container actions to access files.
`RUNNER_GROUP`	Name of the runner group to add this runner to (defaults to the default runner group)
`GITHUB_HOST`	Optional URL of the Github Enterprise server e.g github.mycompany.com. Defaults to`github.com`.

Manual

# org runnerdocker run -d --restart always --name github-runner \  -e RUNNER_NAME_PREFIX="myrunner" \  -e ACCESS_TOKEN="footoken" \  -e RUNNER_WORKDIR="/tmp/github-runner-your-repo" \  -e RUNNER_GROUP="my-group" \  -e ORG_RUNNER="true" \  -e ORG_NAME="octokode" \  -e LABELS="my-label,other-label" \  msyea/github-actions-runner:latest# per repodocker run -d --restart always --name github-runner \  -e REPO_URL="https://github.com/msyea/repo" \  -e RUNNER_NAME="foo-runner" \  -e RUNNER_TOKEN="footoken" \  -e RUNNER_WORKDIR="/tmp/github-runner-your-repo" \  -e RUNNER_GROUP="my-group" \  msyea/github-actions-runner:latest

Or shell wrapper:

functiongithub-runner {    name=github-runner-${1//\//-}    org=$(dirname$1)    repo=$(basename$1)    tag=${3:-latest}    docker rm -f$name    docker run -d --restart=always \        -e REPO_URL="https://github.com/${org}/${repo}" \        -e RUNNER_TOKEN="$2" \        -e RUNNER_NAME="linux-${repo}" \        -e RUNNER_WORKDIR="/tmp/github-runner-${repo}" \        -e RUNNER_GROUP="my-group" \        -e LABELS="my-label,other-label" \        --name$name${org}/github-runner:${tag}}github-runner your-account/your-repo       AARGHTHISISYOURGHACTIONSTOKENgithub-runner your-account/some-other-repo ARGHANOTHERGITHUBACTIONSTOKEN ubuntu-xenial

Ordocker-compose.yml:

version:'2.3'services:worker:image:msyea/github-actions-runner:latestenvironment:REPO_URL:https://github.com/example/repoRUNNER_NAME:example-nameRUNNER_TOKEN:someGithubTokenHereRUNNER_GROUP:my-groupORG_RUNNER:'false'LABELS:linux,x64,gpu

Usage From GH Actions Workflow

name:Packageon:release:types:[created]jobs:build:runs-on:self-hostedsteps:    -uses:actions/checkout@v1    -name:build packagesrun:make all

Automatically Acquiring a Runner Token

A runner token can be automatically acquired at runtime ifACCESS_TOKEN (a GitHub personal access token) is a supplied. This uses theGitHub Actions API. e.g.:

docker run -d --restart always --name github-runner \  -e ACCESS_TOKEN="footoken" \  -e RUNNER_NAME="foo-runner" \  -e RUNNER_WORKDIR="/tmp/github-runner-your-repo" \  -e RUNNER_GROUP="my-group" \  -e ORG_RUNNER="true" \  -e ORG_NAME="octokode" \  -e LABELS="my-label,other-label" \  msyea/github-actions-runner:latest

Create GitHub personal access token

Creating GitHub personal access token (PAT) for using by self-hosted runner make sure the following scopes are selected:

repo (all)
admin:org (all)(mandatory for organization-wide runner)
admin:public_key - read:public_key
admin:repo_hook - read:repo_hook
admin:org_hook
notifications
workflow

Also, when creating a PAT for self-hosted runner which will process events from several repositories of the particular organization, create the PAT using organization owner account. Otherwise your new PAT will not have sufficient privileges for all repositories.