Add FORWARD_HOST/FORWARD_PORTS tool to self-hosted-runner container

dimikot · Mar 8, 2024 · de6cede · de6cede
1 parent 1c5b698
commit de6cede
Show file tree

Hide file tree

Showing 6 changed files with 37 additions and 1 deletion.
diff --git a/docker/compose.yml b/docker/compose.yml
@@ -28,3 +28,5 @@ services:
       - GH_TOKEN
       - CI_STORAGE_HOST=${CI_STORAGE_HOST:-host:22}
       - CI_STORAGE_HOST_PRIVATE_KEY_EVAL=${CI_STORAGE_HOST_PRIVATE_KEY_EVAL_TEST_ONLY?}
+      - FORWARD_HOST=${CI_STORAGE_HOST:-host}
+      - FORWARD_PORTS=22/tcp
diff --git a/docker/host/entrypoint.sh b/docker/host/entrypoint.sh
@@ -6,7 +6,7 @@
 set -u -e
 
 if [[ "${CI_STORAGE_HOST_PUBLIC_KEY_EVAL:=}" == "" ]]; then
-  echo "CI_STORAGE_HOST_PUBLIC_KEY_EVAL must be contain a bash script which prints a valid SSH public key (e.g. fetched from AWS Secrets Manager or so)."
+  echo "CI_STORAGE_HOST_PUBLIC_KEY_EVAL must contain a bash script which prints a valid SSH public key (e.g. fetched from AWS Secrets Manager or so)."
   exit 1
 fi
 

diff --git a/docker/self-hosted-runner/Dockerfile b/docker/self-hosted-runner/Dockerfile
@@ -8,6 +8,8 @@ ENV GH_LABELS=""
 ENV GH_TOKEN=""
 ENV CI_STORAGE_HOST=""
 ENV CI_STORAGE_HOST_PRIVATE_KEY_EVAL=""
+ENV FORWARD_HOST=""
+ENV FORWARD_PORTS=""
 
 ENV DEBIAN_FRONTEND=noninteractive
 RUN true \

diff --git a/docker/self-hosted-runner/README.md b/docker/self-hosted-runner/README.md
@@ -21,6 +21,9 @@ self-hosted runners as you want. An example scenario:
    artifacts of someone else. If the job then uses ci-storage GitHub action to
    restore the files from a slot, it will be very quick, because most of the
    files are already there.
+5. Additionally, if `FORWARD_HOST` and `FORWARD_PORTS` are passed, the container
+   sets up rinetd port forwarding from localhost's ports to the ports of
+   `$FORWARD_HOST`.
 
 The container in this Dockerfile serves only one particular GitHub repository
 (controlled by `GH_REPOSITORY` environment variable at boot time). To serve

diff --git a/docker/self-hosted-runner/root/entrypoint.00-validate.sh b/docker/self-hosted-runner/root/entrypoint.00-validate.sh
@@ -25,3 +25,13 @@ if [[ "${CI_STORAGE_HOST_PRIVATE_KEY_EVAL:=}" != "" && "$CI_STORAGE_HOST_PRIVATE
   echo "If CI_STORAGE_HOST_PRIVATE_KEY_EVAL is passed, it must contain a shell command which prints an SSH private key (e.g. fetched from AWS Secrets Manager or so).";
   exit 1;
 fi
+
+if [[ "${FORWARD_HOST:=}" != "" && ! "$FORWARD_HOST" =~ ^[-.[:alnum:]]+(:[0-9]+)?$ ]]; then
+  echo "If FORWARD_HOST is passed, it must be in form of host[:port].";
+  exit 1;
+fi
+
+if [[ "${FORWARD_PORTS:=}" != "" && ! "$FORWARD_PORTS" =~ ^([[:space:]]*[0-9]+(/tcp|/udp)?[[:space:]]*)+$ ]]; then
+  echo 'If FORWARD_PORTS is passed, it must be in form of (example): "123 456/udp 789/tcp".';
+  exit 1;
+fi
diff --git a/docker/self-hosted-runner/root/entrypoint.05-forward.sh b/docker/self-hosted-runner/root/entrypoint.05-forward.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+set -u -e
+
+if [[ "$FORWARD_HOST" == "" ]]; then
+  FORWARD_HOST="$CI_STORAGE_HOST"
+fi
+
+if [[ "$FORWARD_HOST" != "" && "$FORWARD_PORTS" != "" ]]; then
+  FORWARD_HOST="${FORWARD_HOST%%:*}"
+  for port in $FORWARD_PORTS; do
+    echo "127.0.0.1 $port $FORWARD_HOST $port";
+  done > /etc/rinetd.conf
+
+  service rinetd start
+
+  echo "Forwarding ports:"
+  cat /etc/rinetd.conf
+  echo
+fi