diff --git a/Dockerfile b/Dockerfile index 2e11302..a355fd2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,29 @@ -FROM code.forgejo.org/forgejo/runner:5 +FROM code.forgejo.org/forgejo/runner:5 AS runner +FROM debian:bullseye + +COPY --from=runner /bin/forgejo-runner /bin/forgejo-runner USER root COPY ./entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh -USER runner -ENTRYPOINT [ "/entrypoint.sh" ] \ No newline at end of file +# Install required packages +RUN apt-get update && \ + apt-get install -y sudo lxc lxc-templates uidmap && \ + apt-get clean + +# Configure user and permissions +RUN useradd -m runner && \ + echo "runner ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/runner && \ + chmod 0440 /etc/sudoers.d/runner && \ + mkdir /data && chown runner:runner /data + +# Enable subuid and subgid for unprivileged containers +RUN echo "runner:100000:65536" >> /etc/subuid && \ + echo "runner:100000:65536" >> /etc/subgid + +VOLUME [ "/data" ] + +WORKDIR /data + +ENTRYPOINT [ "/entrypoint.sh" ] diff --git a/entrypoint.sh b/entrypoint.sh index 8202a92..5fa8191 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -22,6 +22,8 @@ decho $PWD if [[ $(id -u) -eq 0 ]]; then ISROOT=true decho "[WARNING] Running as root user" +else + decho "[INFO] Running as non-root user: $(id -u)" fi # Handle if `command` is passed, as command appends arguments to the entrypoint @@ -30,6 +32,24 @@ if [ "$#" -gt 0 ]; then exit fi + +# LXC setup +if [[ "${LXC}" == "true" ]]; then + decho "Initializing LXC environment..." + lxc-checkconfig || { + echo "LXC environment is not correctly configured." >&2 + exit 1 + } + + if [[ ! -d /var/lib/lxc ]]; then + mkdir -p /var/lib/lxc + chown -R $(id -u):$(id -g) /var/lib/lxc + fi + + decho "LXC environment initialized." +fi + + # Handle and alter the config file if [[ -z "${CONFIG_FILE}" ]]; then echo "CONFIG_FILE is not set"