Overview
CI Tool for cross plattform builds
- lib type: helm charts repository
- repo: https://github.com/fullstack-devops/github-actions-runner
- examples: https://github.com/fullstack-devops/github-actions-runner/e
GitHub Actions Custom Runner
Container images with Github Actions Runner. Different flavoured images with preinstalled tools and software for builds with limited internet access and non root privileges (exception for kaniko).
With a focus on already installed software to avoid a subsequent installation by a setup-action
.
Ideal for building software in corporate environments of large and small organizations that often restrict Internet access. Software builds can be built there using a Nexus Repository or JFrog Artifactory
Support: If you need help or a feature just open an issue!
Package / Images: quay.io/fullstack-devops/github-actions-runner
Available Tags:
Name (tag) | Installed Tools/ Software | Dockerfile | Description |
---|---|---|---|
latest-base | libffi-dev, libicu-dev, build-essential, libssl-dev, ca-certificates, jq, sed, grep, git, curl, wget, zip, nodejs, ansible, awesome-ci, alpaca | Dockerfile | Base runner with nothing fancy installed, but with internet connection more tools can be installed |
latest-kaniko-sidecar | kaniko | Dockerfile | Sidecar used by other runner images to build containers |
latest-ansible-k8s | base-image + helm, kubectl, skopeo | Dockerfile | Runner specializing in automated k8s deployments via Ansible in your cluster |
latest-maven-adopt-8-ng | base-image + helm, maven, adoptopenjdk-8-hotspot, xmlstarlet | Dockerfile | Runner specialized in building Java applications that requires an older Java 8 version |
latest-maven-temurin-11 | base-image + helm, maven, temurin-11, xmlstarlet, | Dockerfile | Runner specialized in building Java applications that requires Java temurin-11 |
latest-maven-temurin-17 | base-image + helm, maven, temurin-17, xmlstarlet, | Dockerfile | Runner specialized in building Java applications that requires Java temurin-17 |
latest-ng-cli-karma | base-image + helm, npm, yarn, angular/cli, chromium | Dockerfile | Runner specialized in building Angular application and capable for testing with chromium and karma |
latest-golang | base-image + helm, go, | Dockerfile | Runner specialized in building go applications |
Hint:
latest
can be replaced with an specific release version for more stability in your environment.
Environmental variables
Required environmental variables
Variable | Type | Description |
---|---|---|
GH_ORG , GH_REPO or GH_ENTERPRISE | string | Points to the GitHub enterprise, organisation or repo where the runner should be installed |
GH_ACCESS_TOKEN | string | Developer Token vor the GitHub Organisation This Token can be personal and is onlv needed during installation |
Optional environmental variables
For the helm values see the values.yaml, section envValues
Variable | Type | Default | Description |
---|---|---|---|
GH_URL | string | https://github.com | For GitHub Enterprise support |
GH_API_ENDPOINT | string | https://api.github.com | For GitHub Enterprise support eg.: https://git.example.com/api/v3/ |
KANIKO_ENABLED | bool | false | enable builds with kaniko (works only with kaniko-sidecar) |
PROXY_PAC | string | - | proxy pac file url |
PROXY_NTLM_CREDENTIALS | string | - | (required when PROXY_PAC is set) credentials when connecting with proxy |
Proxy Support
The way out ;)
- Getting the Software to create the Credentials: https://github.com/samuong/alpaca/releases
- Creating your NTML Cerdentials
alpaca -d <windows-domain (optional)> -u <windows-user> -H
- Set the env variables
PROXY_PAC
andPROXY_NTLM_CREDENTIALS
in your container, pod or helm-chart - If you want to use the proxy service in your github-action checkout the examples
Examples
Proxy in github actions
for only one step
name: Deploy from internet
on:
jobs:
add-helm-chart:
runs-on: [self-hosted, ansible] # look for default tags or your own
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: check helm chart
env:
http_proxy: http://localhost:3128
https_proxy: http://localhost:3128
no_proxy: "197.0.0.0/8,*.internal.net" # replace with you internal reachable adresses
run: |
helm repo add fs-devops https://fullstack-devops.github.io/helm-charts/
helm repo add sonatype https://sonatype.github.io/helm3-charts/
- name: do something here
- name: remove check helm chart
if: always()
run: |
helm repo remove fs-devops
helm repo remove sonatype
for whole workflow
name: Deploy from internet
on:
env:
http_proxy: http://localhost:3128
https_proxy: http://localhost:3128
no_proxy: "197.0.0.0/8,*.internal.net" # replace with you internal reachable adresses
jobs:
add-helm-chart:
runs-on: [self-hosted, ansible] # look for default tags or your own
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: check helm chart
run: |
helm repo add fs-devops https://fullstack-devops.github.io/helm-charts/
helm repo add sonatype https://sonatype.github.io/helm3-charts/
- name: do something here
- name: remove check helm chart
if: always()
run: |
helm repo remove fs-devops
helm repo remove sonatype
docker
If you are using docker
or podman
the options and commands are basically the same.
Run registerd to an Organisation:
docker run -e GH_ORG=fullstack-devops -e GH_ACCESS_TOKEN=ghp_**** quay.io/fullstack-devops/github-actions-runner:latest-base
Run registerd to an Organisation and Repo:
docker run -e GH_ORG=fullstack-devops -e GH_REPO=github-runner-testing -e GH_ACCESS_TOKEN=ghp_**** quay.io/fullstack-devops/github-actions-runner:latest-base
Replace the
ghp_****
with your own valid personal access token
docker-compose
cd examples/docker-compose
docker-compose up -d
podman
Setup exchange directory (only nessesarry until podman supports emptyDir volumes)
mkdir /tmp/delme
Starting GitHub runner with podman
cd examples/podman
podman play kube deployment.yml
Removing GitHub runner an dumps
podman pod rm gh-runner-kaniko -f
rm -rf /tmp/delme
kubernetes pod
apiVersion: v1
kind: Pod
metadata:
name: gh-runner-kaniko
spec:
volumes:
- name: workspace-volume
emptyDir: {}
containers:
- name: kaniko
image: quay.io/fullstack-devops/github-actions-runner:latest-kaniko-sidecar
resources: {}
volumeMounts:
- name: workspace-volume
mountPath: /kaniko/workspace/
imagePullPolicy: IfNotPresent
tty: true
- name: github-actions-runner
image: quay.io/fullstack-devops/github-actions-runner:latest-base
resources: {}
env:
- name: GH_ORG
value: "fullstack-devops"
- name: KANIKO_ENABLED
value: true
- name: GH_ACCESS_TOKEN
value: "ghp_*****"
volumeMounts:
- name: workspace-volume
mountPath: /kaniko/workspace/
imagePullPolicy: IfNotPresent
restartPolicy: Never
helm
https://github.com/fullstack-devops/helm-charts/tree/main/charts/github-actions-runner