[scale-set] build images in public repo vs private repo

.github/workflows/runner-image-scale-set-build.yml

@@ -0,0 +1,71 @@
+name: Build and Push Actions Runner scale-set image
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+    paths:
+      - "images/ubuntu/dockerfiles-scaleset/**"
+
+  pull_request: # to test the workflow
+    branches:
+      - main
+    paths:
+      - "images/ubuntu/dockerfiles-scaleset/**"
+
+permissions:
+  contents: write
+  packages: write
+  id-token: write
+
+jobs:
+  build:
+    strategy:
+      matrix:
+        base_image: [22.04-devel, 24.04-devel]
+    runs-on: ubuntu-xl
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          show-progress: false
+          token: ${{ secrets.GITHUB_TOKEN }}
+          persist-credentials: true
+          fetch-depth: 1
+
+      - name: Get token
+        id: get_workflow_token
+        uses: peter-murray/workflow-application-token-action@v4
+        with:
+          application_id: ${{ secrets.WORKFLOW_ACTIONS_APP_ID }}
+          application_private_key: ${{ secrets.WORKFLOW_ACTIONS_PEM }}
+          organization: devzero-inc
+          permissions: "contents:read"
+
+      - name: Set up Git
+        shell: bash
+        env:
+          ACCESS_TOKEN: ${{ steps.get_workflow_token.outputs.token }}
+        run: |
+          go env -w GOPRIVATE="github.com/devzero-inc/*"
+          git config --global url."https://x-access-token:$ACCESS_TOKEN@github.com/".insteadOf "https://github.com/"
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Hub
+        uses: docker/#-action@v3
+        with:
+          username: ${{ vars.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
+
+      - name: Build and Push Docker image
+        shell: bash
+        run: |
+          cd images/ubuntu/dockerfiles-scaleset
+          TAG=${{ matrix.base_image }} BASE_IMAGE=devzeroinc/gha-runner-image-ubuntu:${{ matrix.base_image}} \
+          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
+            make build-image
+          else
+            make push
+          fi

.gitignore

@@ -397,3 +397,6 @@ launch.json
 
 # Ignore dynamic template
 images/*/*-temp.json
+
+# dzcmd untarred for images/ubuntu/dockerfiles-scaleset
+images/ubuntu/dockerfiles-scaleset/dzcmd

images/ubuntu/dockerfiles-scaleset/Dockerfile

@@ -0,0 +1,109 @@
+ARG BASE_IMAGE=devzeroinc/gha-runner-image-ubuntu:22.04-devel
+
+FROM ${BASE_IMAGE} AS initial
+
+ARG ARCH=amd64
+ARG RUNNER_VERSION=2.322.0
+ARG RUNNER_USER_UID=1001
+
+ENV DEBIAN_FRONTEND=noninteractive
+RUN apt-get update -y \
+    && apt-get install -y software-properties-common \
+    && add-apt-repository -y ppa:git-core/ppa \
+    && apt-get update -y \
+    && apt-get install -y --no-install-recommends \
+    systemd \
+    systemd-sysv \
+    libsystemd0 \
+    ca-certificates \
+    dbus \
+    iptables \
+    iproute2 \
+    kmod \
+    locales \
+    sudo \
+    curl \
+    git \
+    vim \
+    nano \
+    ssh \
+    ssh \
+    build-essential \
+    htop \
+    dnsutils \
+    net-tools \
+    less \
+    wget \
+    zip \
+    unzip \
+    udev \
+    jq
+
+
+# Download latest git-lfs version
+RUN curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash && \
+    apt-get install -y --no-install-recommends git-lfs
+
+RUN adduser --disabled-password --gecos "" --uid $RUNNER_USER_UID runner \
+    && usermod -aG sudo runner \
+    && echo "%sudo   ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers \
+    && echo "Defaults env_keep += \"DEBIAN_FRONTEND\"" >> /etc/sudoers
+
+# Create docker group and add runner user to it
+RUN groupadd docker || true \
+    && usermod -aG docker runner
+
+# Enable sshing in
+RUN systemctl enable ssh
+
+RUN echo "runner:runner" | chpasswd
+
+ENV HOME=/home/runner
+ENV RUNNER_ASSETS_DIR=/runner
+
+RUN mkdir -p "${RUNNER_ASSETS_DIR}" && chown -R runner:runner "${RUNNER_ASSETS_DIR}"
+
+USER runner
+RUN if [ "$ARCH" = "amd64" ] || [ "$ARCH" = "x86_64" ] || [ "$ARCH" = "i386" ]; then export ARCH=x64 ; fi \
+    && cd "$RUNNER_ASSETS_DIR" \
+    && umask 000 \
+    && curl -fLo runner.tar.gz https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-${ARCH}-${RUNNER_VERSION}.tar.gz \
+    && tar xzf ./runner.tar.gz \
+    && rm runner.tar.gz \
+    && sudo ./bin/installdependencies.sh \
+    && sudo apt-get install -y libyaml-dev
+
+RUN cd "${RUNNER_ASSETS_DIR}" \
+    && curl -f -L -o runner-container-hooks.zip https://github.com/actions/runner-container-hooks/releases/download/v0.6.2/actions-runner-hooks-k8s-0.6.2.zip \
+    && unzip ./runner-container-hooks.zip -d ./k8s \
+    && rm runner-container-hooks.zip
+
+ENV RUNNER_TOOL_CACHE=/opt/hostedtoolcache
+RUN sudo mkdir -p /opt/hostedtoolcache \
+    && sudo chown -R runner:runner /opt/hostedtoolcache \
+    && sudo chmod -R g+rwx /opt/hostedtoolcache
+
+USER root
+
+RUN update-alternatives --set iptables /usr/sbin/iptables-legacy \
+    && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
+
+COPY github-runner.service /etc/systemd/system/github-runner.service
+
+RUN systemctl enable github-runner
+
+RUN systemctl mask systemd-modules-load.service \
+    systemd-resolved.service \
+    unattended-upgrades.service
+
+# trying multi-stage build, but if you have a very large base image it won't help much
+# FROM scratch
+# COPY --from=initial / /
+ARG CACHEBUST
+RUN echo ${CACHEBUST}
+ENV CACHEBUST=${CACHEBUST}
+COPY dzcmd /usr/bin
+RUN chmod +x /usr/bin/dzcmd
+RUN ln -s /usr/bin/dzcmd /usr/bin/dzboot
+STOPSIGNAL SIGRTMIN+3
+ENV DZBOOT_SKIP_PERSIST="1"

images/ubuntu/dockerfiles-scaleset/Makefile

@@ -0,0 +1,43 @@
+.DEFAULT_GOAL := help
+# Run targets in parallel
+MAKEFLAGS += -j 4
+ARCH ?= amd64
+
+DZ_TAR := dz.tar.gz
+DZ_DIR := dz
+
+DOCKER_REGISTRY ?= docker.io/devzeroinc
+IMAGE_NAME ?= gha-scale-set-runner-ubuntu
+BASE_IMAGE ?= devzeroinc/gha-runner-image-ubuntu:22.04-devel
+TAG ?= $(shell date -u +"%Y-%m-%d")-$(shell git describe --always --abbrev=6 --dirty --match="")-devel
+
+.PHONY: download-cli
+download-cli:
+	wget -O $(DZ_TAR) https://get.devzero.io/stable/linux-$(ARCH)/dz.tar.gz
+	tar -xzf $(DZ_TAR)
+	rm -rf $(DZ_TAR)
+
+.PHONY: build-image
+build-image: download-cli ## Build the image
+	docker build --platform linux/$(ARCH) --build-arg="CACHEBUST=$(TAG)" --build-arg="ARCH=$(ARCH)" --build-arg="BASE_IMAGE=$(BASE_IMAGE)" -t $(IMAGE_NAME):$(TAG) .
+
+.PHONY: save-image
+save-image: download-cli
+	docker build --platform linux/$(ARCH) --build-arg="ARCH=$(ARCH)" --build-arg="CACHEBUST=$(TAG)" -t $(IMAGE_NAME):$(ARCH)-$(TAG) .
+	docker save -o ./$(IMAGE_NAME)_$(TAG)_$(ARCH).tar $(IMAGE_NAME):$(ARCH)-$(TAG)
+
+.PHONY: push
+push: build-image ## Push the image to the registry using the TAG
+	docker tag $(IMAGE_NAME):$(TAG) $(DOCKER_REGISTRY)/$(IMAGE_NAME):$(TAG)
+	docker push $(DOCKER_REGISTRY)/$(IMAGE_NAME):$(TAG)
+
+.PHONY: latest
+latest: build-image ## Push the image to the registry using latest tag
+	docker tag $(IMAGE_NAME):$(TAG) $(DOCKER_REGISTRY)/$(IMAGE_NAME):latest
+	docker push $(DOCKER_REGISTRY)/$(IMAGE_NAME):latest
+
+.PHONY: help
+help:  ## Show this help
+	@echo "\nSpecify a command. The choices are:\n"
+	@grep -hE '^[0-9a-zA-Z_-]+:.*?## .*$$' ${MAKEFILE_LIST} | awk 'BEGIN {FS = ":.*?## "}; {printf "  \033[0;36m%-20s\033[m %s\n", $$1, $$2}'
+	@echo ""

images/ubuntu/dockerfiles-scaleset/github-runner.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=GitHub Runner service
+After=network.target
+
+[Service]
+PassEnvironment=ACTIONS_RUNNER_INPUT_JITCONFIG 
+ExecStart=sh -c '/runner/bin/runsvc.sh && sudo shutdown now'
+User=runner
+WorkingDirectory=/runner
+KillMode=process
+KillSignal=SIGTERM
+TimeoutStopSec=5min
+
+[Install]
+WantedBy=multi-user.target