github-runner/docker-compose.yml at main · batumilove/github-runner · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
services:
  runner:
    image: ghcr.io/actions/actions-runner:latest
    container_name: gh-runner-${CONTAINER_NAME:-ephemeral}
    environment:
      RUNNER_NAME: ${RUNNER_NAME:-runner-ephemeral-$$}
      RUNNER_LABELS: ${RUNNER_LABELS:-self-hosted,docker,linux,org}
      RUNNER_SCOPE: org
      ORG_URL: https://github.com/${GITHUB_ORG}
      EPHEMERAL: "true"
      RUNNER_WORKDIR: /runner/_work
      RUNNER_TOKEN: ${RUNNER_TOKEN}
      GITHUB_PAT: ${GITHUB_PAT:-}
      GITHUB_ORG: ${GITHUB_ORG}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - runner-work:/runner/_work
    group_add:
      - ${DOCKER_GID:-999}
    entrypoint:
      - /bin/bash
      - -c
      - |
        echo "GitHub Actions Runner - Ephemeral Mode"
        echo "Organization: $${GITHUB_ORG}"

        # Install Docker CLI if not present
        if ! command -v docker &> /dev/null; then
            echo "Installing Docker CLI..."
            apt-get update && apt-get install -y docker.io
        fi

        # Test Docker access
        echo "Testing Docker access..."
        docker info | grep -E "Swarm|Server Version" || echo "Docker access test failed"

        # Function to fetch token using PAT
        fetch_token_with_pat() {
            if [ -n "$${GITHUB_PAT}" ]; then
                echo "Fetching registration token using PAT..." >&2
                response=$$(curl -s -w "\nHTTP_STATUS:%{http_code}" -X POST \
                    -H "Authorization: token $${GITHUB_PAT}" \
                    -H "Accept: application/vnd.github+json" \
                    "https://api.github.com/orgs/$${GITHUB_ORG}/actions/runners/registration-token")

                http_status=$$(echo "$$response" | grep "HTTP_STATUS:" | cut -d: -f2)
                body=$$(echo "$$response" | sed '$$d')

                if [ "$$http_status" != "201" ]; then
                    echo "Failed to get token. HTTP status: $$http_status" >&2
                    return 1
                fi

                token=$$(echo "$$body" | jq -r '.token' 2>/dev/null)
                if [ "$$token" != "null" ] && [ -n "$$token" ]; then
                    echo "$$token"
                else
                    return 1
                fi
            fi
        }

        # Main loop
        while true; do
            if [ -z "$${RUNNER_TOKEN}" ] && [ -n "$${GITHUB_PAT}" ]; then
                echo "Fetching token with PAT..."
                RUNNER_TOKEN=$$(fetch_token_with_pat)
                if [ -z "$${RUNNER_TOKEN}" ]; then
                    echo "Failed to fetch token. Check PAT permissions (needs admin:org)"
                    sleep 60
                    continue
                fi
            elif [ -z "$${RUNNER_TOKEN}" ]; then
                echo "ERROR: No RUNNER_TOKEN or GITHUB_PAT provided!"
                sleep 60
                continue
            fi

            echo "Configuring runner..."
            ./config.sh --unattended --ephemeral --url "$${ORG_URL}" \
                --token "$${RUNNER_TOKEN}" --name "$${RUNNER_NAME}" \
                --labels "$${RUNNER_LABELS}" --work "$${RUNNER_WORKDIR}" --replace

            echo "Starting runner..."
            ./run.sh

            echo "Runner exited. Refreshing token for next job..."
            unset RUNNER_TOKEN
            sleep 5
        done
    restart: unless-stopped

volumes:
  runner-work: