generated from oci/template
Compare commits
1 commit
Author | SHA1 | Date | |
---|---|---|---|
b0604254e7 |
2 changed files with 44 additions and 3 deletions
27
Dockerfile
27
Dockerfile
|
@ -1,8 +1,29 @@
|
||||||
FROM code.forgejo.org/forgejo/runner:5
|
FROM code.forgejo.org/forgejo/runner:5 AS runner
|
||||||
|
FROM debian:bullseye
|
||||||
|
|
||||||
|
COPY --from=runner /bin/forgejo-runner /bin/forgejo-runner
|
||||||
|
|
||||||
USER root
|
USER root
|
||||||
COPY ./entrypoint.sh /entrypoint.sh
|
COPY ./entrypoint.sh /entrypoint.sh
|
||||||
RUN chmod +x /entrypoint.sh
|
RUN chmod +x /entrypoint.sh
|
||||||
|
|
||||||
USER runner
|
# Install required packages
|
||||||
ENTRYPOINT [ "/entrypoint.sh" ]
|
RUN apt-get update && \
|
||||||
|
apt-get install -y sudo lxc lxc-templates uidmap && \
|
||||||
|
apt-get clean
|
||||||
|
|
||||||
|
# Configure user and permissions
|
||||||
|
RUN useradd -m runner && \
|
||||||
|
echo "runner ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/runner && \
|
||||||
|
chmod 0440 /etc/sudoers.d/runner && \
|
||||||
|
mkdir /data && chown runner:runner /data
|
||||||
|
|
||||||
|
# Enable subuid and subgid for unprivileged containers
|
||||||
|
RUN echo "runner:100000:65536" >> /etc/subuid && \
|
||||||
|
echo "runner:100000:65536" >> /etc/subgid
|
||||||
|
|
||||||
|
VOLUME [ "/data" ]
|
||||||
|
|
||||||
|
WORKDIR /data
|
||||||
|
|
||||||
|
ENTRYPOINT [ "/entrypoint.sh" ]
|
||||||
|
|
|
@ -22,6 +22,8 @@ decho $PWD
|
||||||
if [[ $(id -u) -eq 0 ]]; then
|
if [[ $(id -u) -eq 0 ]]; then
|
||||||
ISROOT=true
|
ISROOT=true
|
||||||
decho "[WARNING] Running as root user"
|
decho "[WARNING] Running as root user"
|
||||||
|
else
|
||||||
|
decho "[INFO] Running as non-root user: $(id -u)"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Handle if `command` is passed, as command appends arguments to the entrypoint
|
# Handle if `command` is passed, as command appends arguments to the entrypoint
|
||||||
|
@ -30,6 +32,24 @@ if [ "$#" -gt 0 ]; then
|
||||||
exit
|
exit
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
# LXC setup
|
||||||
|
if [[ "${LXC}" == "true" ]]; then
|
||||||
|
decho "Initializing LXC environment..."
|
||||||
|
lxc-checkconfig || {
|
||||||
|
echo "LXC environment is not correctly configured." >&2
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
if [[ ! -d /var/lib/lxc ]]; then
|
||||||
|
mkdir -p /var/lib/lxc
|
||||||
|
chown -R $(id -u):$(id -g) /var/lib/lxc
|
||||||
|
fi
|
||||||
|
|
||||||
|
decho "LXC environment initialized."
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
# Handle and alter the config file
|
# Handle and alter the config file
|
||||||
if [[ -z "${CONFIG_FILE}" ]]; then
|
if [[ -z "${CONFIG_FILE}" ]]; then
|
||||||
echo "CONFIG_FILE is not set"
|
echo "CONFIG_FILE is not set"
|
||||||
|
|
Loading…
Reference in a new issue