-
Notifications
You must be signed in to change notification settings - Fork 0
/
bootstrap.sh.tpl
67 lines (52 loc) · 2.09 KB
/
bootstrap.sh.tpl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#!/bin/bash
set -Eeuo pipefail
#set -Eeuxo pipefail
# Add non-root user non-interactively if not present
# Use the --gecos option to skip the chfn interactive part.
id -u doactuser &>/dev/null || adduser --disabled-password --gecos "" doactuser
# Create folder
mkdir -p ~/doact
cd ~/doact
# Install dependinces
apt-get update
apt-get -y install ca-certificates curl gnupg lsb-release acl
mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
# create a script for non-root user
cat << 'EOF' > ./script.sh
#!/bin/bash
set -Eeuo pipefail
#set -Eeuxo pipefail
# Create a registration token using Github REST API v3
temp=$(curl -XPOST \
-H "Accept: application/vnd.github.v3+json" \
-H "authorization: Bearer ${GITHUB_ACCESS_TOKEN}" \
"https://api.github.com/repos/${GITHUB_REPO_NAME}/actions/runners/registration-token")
# Extract token value from the response
REGISTRATION_TOKEN=$(echo $temp | grep "token" | awk '{print $3}'| awk -F , '{print $1 }' | sed 's/"//g')
# Create a folder
mkdir actions-runner && cd actions-runner
# Download the latest runner package
curl -O -L https://github.com/actions/runner/releases/download/v2.294.0/actions-runner-linux-x64-2.294.0.tar.gz
# Extract the installer
tar xzf ./actions-runner-linux-x64-2.294.0.tar.gz
# Configure the runner
./config.sh --url https://github.com/${GITHUB_REPO_NAME} --token $REGISTRATION_TOKEN --replace <<< $'\n\n'
EOF
# give permission to user to access /root
setfacl -Rm u:doactuser:rwx /root
# add the execute permission
chmod +x ./script.sh
# run script.sh with non-root user
su doactuser ./script.sh
# clean up files with sensitive data
rm script.sh
# Install runner service as Root and start the runner service
cd actions-runner
./svc.sh install
./svc.sh start