scripts/img-startup

#!/bin/bash

# Sample of a purpose build image for GitHub Actions for specific repo.
# Customize as needed for your own use case.

# Disable apt prompts
export DEBIAN_FRONTEND="noninteractive"

log() {
  printf '>>> %s\n' "$@"
}

# OS Updates
apt-get update
apt-get upgrade
apt-get dist-upgrade
apt-get full-upgrade

# Core packages
log "Installing base packages"
apt-get -y install \
  apt-transport-https \
  jq \
  lsb-release \
  software-properties-common

# Docker
log "Installing docker"
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | \
  gpg --dearmor -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg

echo \
  "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
  tee /etc/apt/sources.list.d/docker.list > /dev/null

apt-get update
apt-get install -y \
  docker-ce \
  docker-ce-cli \
  containerd.io \
  docker-buildx-plugin

# Golang
log "Installing golang"
GO_VERSION="1.20.5"
wget "https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz"
tar -C /usr/local/ -xzf "go${GO_VERSION}.linux-amd64.tar.gz"
rm "go${GO_VERSION}.linux-amd64.tar.gz"
echo "export PATH=$PATH:/usr/local/go/bin" >> /etc/profile
source /etc/profile

# GCP SDK
log "Installing Google Cloud SDK"
REPO_URL="https://packages.cloud.google.com/apt"
echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] $REPO_URL cloud-sdk main" > /etc/apt/sources.list.d/google-cloud-sdk.list
wget -qO- https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor > /usr/share/keyrings/cloud.google.gpg

apt-get update -y
apt-get install -y google-cloud-sdk

rm /etc/apt/sources.list.d/google-cloud-sdk.list
rm /usr/share/keyrings/cloud.google.gpg

# GitHub CLI
log "Installing GitHub CLI"
curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \
&& chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \
&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
&& apt update \
&& apt install -y gh

# Github runner 
log "Installing GitHub runner"
GH_RUNNER_VERSION="$(curl -sSfL "https://api.github.com/repos/actions/runner/releases/latest" | jq -r ".tag_name")"
GH_RUNNER_VERSION="${GH_RUNNER_VERSION:1}" # trim leading "v"
mkdir -p /workspace
mkdir -p /runner && cd /runner
curl -o runner.tar.gz \
     -L https://github.com/actions/runner/releases/download/v${GH_RUNNER_VERSION}/actions-runner-linux-x64-${GH_RUNNER_VERSION}.tar.gz
tar xzf ./runner.tar.gz
rm -f ./runner.tar.gz
bin/installdependencies.sh

# This script is run before the job is started.
# Just print the hostname to stdout for now.
cat > job-started.sh <<"EOF"
#!/bin/bash
echo "job started: $(hostname)"
EOF

# This script is run after the job is completed.
# It is used to shutdown SSH, which health check detects and restarts the VM.
cat > job-completed.sh <<"EOF"
#!/bin/bash
echo "cleanup started: $(hostname)"
systemctl stop ssh
systemctl disable ssh
echo "cleanup completed"
EOF

chmod +x ./job-started.sh
chmod +x ./job-completed.sh

# Wire pre/post job scripts
echo ACTIONS_RUNNER_HOOK_JOB_STARTED=/runner/job-started.sh | tee -a .env
echo ACTIONS_RUNNER_HOOK_JOB_COMPLETED=/runner/job-completed.sh | tee -a .env

# Change ownership
chown -R "root:root" /runner/
chown -R "root:root" /workspace/

# Cleanup image
log "Cleaning up"
apt-get clean -y
apt-get autoremove -y
rm -rf /var/lib/apt/lists/*
rm -rf /var/cache/apt/archives/*
rm -rf /var/cache/apt/*.bin
rm -rf /var/lib/dhcp/*
rm -rf /var/tmp/*
rm -rf /tmp/*
find /var/log -type f -regex ".*\.gz$" -delete
find /var/log -type f -regex ".*\.[0-9]$" -delete
find /var/log/ -type f -exec cp /dev/null {} \;
journalctl --flush --rotate --vacuum-time=1s