docker-gitea-act-runner
docker-gitea-act-runner copied to clipboard
Published
20 hours ago •
vegardit
vegardit
Trying to use DIND and GITEA_RUNNER_JOB_CONTAINER_PRIVILEGED to run a privileged container
This could well be pilot error but I'm trying to run a gitea act job that runs docker-wine --as-root as I wish to install a number of packages in wine before executing pyinstaller.
I have not managed to get the gitea act runner to run in privileged mode. So I came across this project which looks promising.
This is the docker-wine command I use on my station. I use the docker-wine wrapper as it does a lot of checking and seemed easier than trying to run the docker-wine container explicitly.
./docker-wine --name="${DOCKER_TAG}" --as-root --home-volume=/code/dist/ --notty --xvfb --volume="${PWDDIR}:/code" /code/wine-workdir/install.sh "${BRANCH_NAME}-${VERSION}"
Without the --as-root I cannot install various windows installers (like python) in the 'install.sh' script.
This all works on my workstation.
When I run this to a act job I see:
...
latest: Pulling from scottyhardy/docker-wine
Digest: sha256:bfcfd3f9cfd31dacd23a9df80e9565b0e3f7fdaaea86ab060b9bba064fed2ce2
Status: Image is up to date for scottyhardy/docker-wine:latest
docker.io/scottyhardy/docker-wine:latest
ERROR: To run as root, either set env RUN_AS_ROOT=yes or use ./docker-wine --as-root
This is my act configuration... using a custom gitea-ham container in a private registry that has toolchains etc already included based off of gitea/runner-images:ubuntu-22.04. This is used by all my act jobs.
config.yaml
log:
level: info
runner:
file: .runner
capacity: 4
env_file: .env
timeout: 1h
insecure: false
fetch_timeout: 5s
fetch_interval: 5s
labels: [
"gitea-ham:docker://XXXXXXXXXXXXXX"
]
cache:
enabled: true
dir: ""
host: ""
port: 0
external_server: ""
container:
network: ""
privileged: true
options:
valid_volumes:
- /certs
docker_host: ""
force_pull: false
host:
workdir_parent:
The act runner from this project is launched via docker-compose...
services:
app:
image: vegardit/gitea-act-runner:dind-latest
container_name: gitea-act-runner
restart: always
privileged: true
volumes:
- ./config.yaml:/config.yaml
- ./data:/data:rw
environment:
- CONFIG_FILE=/config.yaml
- GITEA_INSTANCE_URL=XXXXXXXXXXXXX
- GITEA_RUNNER_REGISTRATION_TOKEN=XXXXXXXX
- GITEA_RUNNER_NAME=ops-2
- GITEA_RUNNER_LABELS=gitea-ham:docker://XXXXXXXXXXXXXXXXX
- GITEA_RUNNER_JOB_CONTAINER_PRIVILEGED=true
it seems to be happy and comes up...
gitea-act-runner | _____ _ _ _ _____
gitea-act-runner | / ____(_) | /\ | | | __ \
gitea-act-runner | | | __ _| |_ ___ __ _ / \ ___| |_ | |__) | _ _ __ _ __ ___ _ __
gitea-act-runner | | | |_ | | __/ _ \/ _` | / /\ \ / __| __| | _ / | | | '_ \| '_ \ / _ \ '__|
gitea-act-runner | | |__| | | || __/ (_| | / ____ \ (__| |_ | | \ \ |_| | | | | | | | __/ |
gitea-act-runner | \_____|_|\__\___|\__,_| /_/ \_\___|\__| |_| \_\__,_|_| |_|_| |_|\___|_|
gitea-act-runner |
gitea-act-runner | GIT_REPO: https://XXXXXXXXXXXXXXXXXX
gitea-act-runner | GIT_BRANCH: main
gitea-act-runner | GIT_COMMIT: d6fc45c @ 2025-01-05 21:52:47 UTC
gitea-act-runner | IMAGE_BUILD: 2025-03-19T17:14:42Z
gitea-act-runner |
gitea-act-runner | 2025-03-24 12:28:17 INFO [/opt/run.sh:26] act_runner version v0.2.11
gitea-act-runner | 2025-03-24 12:28:17 INFO [/opt/run.sh:27] Timezone: UTC +0000
gitea-act-runner | 2025-03-24 12:28:17 INFO [/opt/run.sh:28] Hostname: 48bf3fcdf068
gitea-act-runner | 2025-03-24 12:28:17 INFO [/opt/run.sh:29] IP Addresses:
gitea-act-runner | - 172.18.0.2
gitea-act-runner | 2025-03-24 12:28:17 INFO [/opt/run.sh:31] Config environment variables:
gitea-act-runner | - GITEA_INSTANCE_URL=https://XXXXXXXXXXXXXXX
gitea-act-runner | - GITEA_RUNNER_CONFIG_TEMPLATE_FILE=/opt/config.template.yaml
gitea-act-runner | - GITEA_RUNNER_GID=1000
gitea-act-runner | - GITEA_RUNNER_JOB_CONTAINER_PRIVILEGED=true
gitea-act-runner | - GITEA_RUNNER_LABELS=gitea-ham:docker://XXXXXXXXXXXXXXXXXX
gitea-act-runner | - GITEA_RUNNER_LABELS_DEFAULT=ubuntu-latest:docker://catthehacker/ubuntu:act-latest,ubuntu-24.04:docker://catthehacker/ubuntu:act-24.04,ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04,ubuntu-20.04:docker://catthehacker/ubuntu:act-20.04
gitea-act-runner | - GITEA_RUNNER_NAME=ops-2
gitea-act-runner | - GITEA_RUNNER_REGISTRATION_RETRY_INTERVAL=5s
gitea-act-runner | - GITEA_RUNNER_REGISTRATION_TIMEOUT=30
gitea-act-runner | - GITEA_RUNNER_REGISTRATION_TOKEN=******
gitea-act-runner | - GITEA_RUNNER_UID=1000
gitea-act-runner | 2025-03-24 12:28:17 INFO [/opt/run.sh:65] Starting Docker engine...
gitea-act-runner | Starting Docker: docker.
gitea-act-runner | 2025-03-24 12:28:17 INFO [/opt/run.sh:70] Waiting for Docker engine to start...
gitea-act-runner | time="2025-03-24T12:28:18.943654423Z" level=info msg="API listen on /var/run/docker.sock"
gitea-act-runner | ===========================================================
gitea-act-runner | Client: Docker Engine - Community
gitea-act-runner | Version: 28.0.2
gitea-act-runner | Context: default
gitea-act-runner | Debug Mode: false
gitea-act-runner |
gitea-act-runner | Server:
gitea-act-runner | Containers: 1
gitea-act-runner | Running: 1
gitea-act-runner | Paused: 0
gitea-act-runner | Stopped: 0
gitea-act-runner | Images: 5
gitea-act-runner | Server Version: 28.0.2
gitea-act-runner | Storage Driver: overlay2
gitea-act-runner | Backing Filesystem: extfs
gitea-act-runner | Supports d_type: true
gitea-act-runner | Using metacopy: false
gitea-act-runner | Native Overlay Diff: true
gitea-act-runner | userxattr: false
gitea-act-runner | Logging Driver: json-file
gitea-act-runner | Cgroup Driver: cgroupfs
gitea-act-runner | Cgroup Version: 2
gitea-act-runner | Plugins:
gitea-act-runner | Volume: local
gitea-act-runner | Network: bridge host ipvlan macvlan null overlay
gitea-act-runner | Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
gitea-act-runner | Swarm: inactive
gitea-act-runner | Runtimes: io.containerd.runc.v2 runc
gitea-act-runner | Default Runtime: runc
gitea-act-runner | Init Binary: docker-init
gitea-act-runner | containerd version: bcc810d6b9066471b0b6fa75f557a15a1cbf31bb
gitea-act-runner | runc version: v1.2.4-0-g6c52b3f
gitea-act-runner | init version: de40ad0
gitea-act-runner | Security Options:
gitea-act-runner | apparmor
gitea-act-runner | seccomp
gitea-act-runner | Profile: builtin
gitea-act-runner | cgroupns
gitea-act-runner | Kernel Version: 6.8.0-49-generic
gitea-act-runner | Operating System: Debian GNU/Linux 12 (bookworm) (containerized)
gitea-act-runner | OSType: linux
gitea-act-runner | Architecture: x86_64
gitea-act-runner | CPUs: 4
gitea-act-runner | Total Memory: 15.51GiB
gitea-act-runner | Name: 48bf3fcdf068
gitea-act-runner | ID: 1f29280e-d436-4858-b16c-12ee6ff0f6dd
gitea-act-runner | Docker Root Dir: /var/lib/docker
gitea-act-runner | Debug Mode: false
gitea-act-runner | Experimental: false
gitea-act-runner | Insecure Registries:
gitea-act-runner | ::1/128
gitea-act-runner | 127.0.0.0/8
gitea-act-runner | Live Restore Enabled: false
gitea-act-runner |
gitea-act-runner | ===========================================================
gitea-act-runner | 2025-03-24 12:28:21 INFO [/opt/run_runner.sh:10] Effective user: uid=1000(act) gid=1000(act) groups=1000(act),27(sudo),100(users),999(docker)
gitea-act-runner | time="2025-03-24T12:28:21Z" level=info msg="Starting runner daemon"
gitea-act-runner | time="2025-03-24T12:28:25Z" level=info msg="runner: ops-2, with version: v0.2.11, with labels: [gitea-ham], declare successfully"
This is my act Job
windows:
runs-on: gitea-ham
container:
privileged: true
image: XXXXXXX/gitea-ham:latest
credentials:
username: "loadbuilder"
password: ${{ secrets.REGISTRY_LOADBUILDER_PASSWORD }}
steps:
- uses: actions/checkout@v4
- name: Build Windows Client
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
VERSION: "dev"
run: |
./build_windows.sh
Any ideas/thoughts... I'm reasonable comfortable with what DinD is but may have overlooked something obvious.
