From de6cede59e7bdf403f45e76874be37c1ec77c884 Mon Sep 17 00:00:00 2001 From: Dimi Kot Date: Fri, 8 Mar 2024 12:27:25 -0800 Subject: [PATCH] Add FORWARD_HOST/FORWARD_PORTS tool to self-hosted-runner container --- docker/compose.yml | 2 ++ docker/host/entrypoint.sh | 2 +- docker/self-hosted-runner/Dockerfile | 2 ++ docker/self-hosted-runner/README.md | 3 +++ .../root/entrypoint.00-validate.sh | 10 ++++++++++ .../root/entrypoint.05-forward.sh | 19 +++++++++++++++++++ 6 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 docker/self-hosted-runner/root/entrypoint.05-forward.sh diff --git a/docker/compose.yml b/docker/compose.yml index 065dcba..08cda87 100644 --- a/docker/compose.yml +++ b/docker/compose.yml @@ -28,3 +28,5 @@ services: - GH_TOKEN - CI_STORAGE_HOST=${CI_STORAGE_HOST:-host:22} - CI_STORAGE_HOST_PRIVATE_KEY_EVAL=${CI_STORAGE_HOST_PRIVATE_KEY_EVAL_TEST_ONLY?} + - FORWARD_HOST=${CI_STORAGE_HOST:-host} + - FORWARD_PORTS=22/tcp diff --git a/docker/host/entrypoint.sh b/docker/host/entrypoint.sh index ecc0674..e569364 100644 --- a/docker/host/entrypoint.sh +++ b/docker/host/entrypoint.sh @@ -6,7 +6,7 @@ set -u -e if [[ "${CI_STORAGE_HOST_PUBLIC_KEY_EVAL:=}" == "" ]]; then - echo "CI_STORAGE_HOST_PUBLIC_KEY_EVAL must be contain a bash script which prints a valid SSH public key (e.g. fetched from AWS Secrets Manager or so)." + echo "CI_STORAGE_HOST_PUBLIC_KEY_EVAL must contain a bash script which prints a valid SSH public key (e.g. fetched from AWS Secrets Manager or so)." exit 1 fi diff --git a/docker/self-hosted-runner/Dockerfile b/docker/self-hosted-runner/Dockerfile index afacda5..9bac3bb 100644 --- a/docker/self-hosted-runner/Dockerfile +++ b/docker/self-hosted-runner/Dockerfile @@ -8,6 +8,8 @@ ENV GH_LABELS="" ENV GH_TOKEN="" ENV CI_STORAGE_HOST="" ENV CI_STORAGE_HOST_PRIVATE_KEY_EVAL="" +ENV FORWARD_HOST="" +ENV FORWARD_PORTS="" ENV DEBIAN_FRONTEND=noninteractive RUN true \ diff --git a/docker/self-hosted-runner/README.md b/docker/self-hosted-runner/README.md index 481aaa9..3a5584f 100644 --- a/docker/self-hosted-runner/README.md +++ b/docker/self-hosted-runner/README.md @@ -21,6 +21,9 @@ self-hosted runners as you want. An example scenario: artifacts of someone else. If the job then uses ci-storage GitHub action to restore the files from a slot, it will be very quick, because most of the files are already there. +5. Additionally, if `FORWARD_HOST` and `FORWARD_PORTS` are passed, the container + sets up rinetd port forwarding from localhost's ports to the ports of + `$FORWARD_HOST`. The container in this Dockerfile serves only one particular GitHub repository (controlled by `GH_REPOSITORY` environment variable at boot time). To serve diff --git a/docker/self-hosted-runner/root/entrypoint.00-validate.sh b/docker/self-hosted-runner/root/entrypoint.00-validate.sh index 0ca65b9..fbe3e02 100644 --- a/docker/self-hosted-runner/root/entrypoint.00-validate.sh +++ b/docker/self-hosted-runner/root/entrypoint.00-validate.sh @@ -25,3 +25,13 @@ if [[ "${CI_STORAGE_HOST_PRIVATE_KEY_EVAL:=}" != "" && "$CI_STORAGE_HOST_PRIVATE echo "If CI_STORAGE_HOST_PRIVATE_KEY_EVAL is passed, it must contain a shell command which prints an SSH private key (e.g. fetched from AWS Secrets Manager or so)."; exit 1; fi + +if [[ "${FORWARD_HOST:=}" != "" && ! "$FORWARD_HOST" =~ ^[-.[:alnum:]]+(:[0-9]+)?$ ]]; then + echo "If FORWARD_HOST is passed, it must be in form of host[:port]."; + exit 1; +fi + +if [[ "${FORWARD_PORTS:=}" != "" && ! "$FORWARD_PORTS" =~ ^([[:space:]]*[0-9]+(/tcp|/udp)?[[:space:]]*)+$ ]]; then + echo 'If FORWARD_PORTS is passed, it must be in form of (example): "123 456/udp 789/tcp".'; + exit 1; +fi diff --git a/docker/self-hosted-runner/root/entrypoint.05-forward.sh b/docker/self-hosted-runner/root/entrypoint.05-forward.sh new file mode 100644 index 0000000..5d0ffea --- /dev/null +++ b/docker/self-hosted-runner/root/entrypoint.05-forward.sh @@ -0,0 +1,19 @@ +#!/bin/bash +set -u -e + +if [[ "$FORWARD_HOST" == "" ]]; then + FORWARD_HOST="$CI_STORAGE_HOST" +fi + +if [[ "$FORWARD_HOST" != "" && "$FORWARD_PORTS" != "" ]]; then + FORWARD_HOST="${FORWARD_HOST%%:*}" + for port in $FORWARD_PORTS; do + echo "127.0.0.1 $port $FORWARD_HOST $port"; + done > /etc/rinetd.conf + + service rinetd start + + echo "Forwarding ports:" + cat /etc/rinetd.conf + echo +fi