github-runners/Dockerfile at main · arceos-hypervisor/github-runners · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
# Custom Actions Runner with QEMU and build tools
# Base image: official GitHub Actions runner
FROM ghcr.io/actions/actions-runner:latest

# Switch to root to install packages
USER root

ENV DEBIAN_FRONTEND=noninteractive

# Install common build tools and dependencies
# - build-essential: gcc, g++, make, libc dev headers
# - binfmt-support: helpers for binfmt_misc (host typically manages handlers)
# - Additional dependencies for building QEMU from source
RUN apt-get update \
    && apt-get install -y --no-install-recommends \
       build-essential \
       pkg-config \
       git \
       ca-certificates \
       binfmt-support \
       dosfstools \
       python3-venv \
       udev \
       libudev-dev \
       openssl \
       libssl-dev \
       xxd \
       wget \
       mbpoll \
       flex \
       bison \
       libelf-dev \
       gcc-aarch64-linux-gnu \
       g++-aarch64-linux-gnu \
       gcc-riscv64-linux-gnu \
       g++-riscv64-linux-gnu \
       bc \
       fakeroot \
       coreutils \
       cpio \
       gzip \
       debootstrap \
       debian-archive-keyring \
       eatmydata \
       file \
       rsync \
       # Additional dependencies for QEMU compilation
       libglib2.0-dev \
       libfdt-dev \
       libpixman-1-dev \
       zlib1g-dev \
       libnfs-dev \
       libiscsi-dev \
       python3-dev \
       python3-pip \
       python3-tomli \
       python3-sphinx \
       cmake \
       clang \
       libclang-dev \
       ninja-build \
       libslirp0 \
    && rm -rf /var/lib/apt/lists/*

# Ensure bindgen can find libclang.so in a stable location.
RUN set -eux; \
    libclang_path="$(ls -1 /usr/lib/llvm-*/lib/libclang.so 2>/dev/null | head -n1)"; \
    if [ -n "${libclang_path}" ]; then \
      ln -sf "${libclang_path}" /usr/lib/libclang.so; \
    fi

# Build and install QEMU 10.1.2 from source
RUN mkdir -p /tmp/qemu-build \
    && cd /tmp/qemu-build \
    && wget https://download.qemu.org/qemu-10.1.2.tar.xz \
    && tar -xf qemu-10.1.2.tar.xz \
    && cd qemu-10.1.2 \
    && ./configure \
        --enable-kvm \
        --disable-docs \
        --enable-virtfs \
        --enable-vhost-net \
        --enable-slirp \
    && make -j$(nproc) \
    && make install \
    && cd / \
    && rm -rf /tmp/qemu-build

# 串口访问只能是 root 和 dialout 组，这里直把 runner 用户加入 dialout 组
RUN usermod -aG dialout runner
RUN usermod -aG kvm runner

# 多组织共享硬件锁：runner-wrapper 用于多 org 共享同一硬件时的并发控制（Job 级别锁）
COPY runner-wrapper /home/runner/runner-wrapper
RUN chmod +x /home/runner/runner-wrapper/runner-wrapper.sh \
    /home/runner/runner-wrapper/pre-job-lock.sh \
    /home/runner/runner-wrapper/post-job-lock.sh

# Return to the default user expected by the runner image
USER runner

#  Rust development for runner user
ENV PATH=/home/runner/.cargo/bin:$PATH \
    RUST_VERSION=nightly

RUN set -eux; \
    dpkgArch="$(dpkg --print-architecture)"; \
    case "${dpkgArch##*-}" in \
        amd64) rustArch='x86_64-unknown-linux-gnu'; rustupSha256='20a06e644b0d9bd2fbdbfd52d42540bdde820ea7df86e92e533c073da0cdd43c' ;; \
        armhf) rustArch='armv7-unknown-linux-gnueabihf'; rustupSha256='3b8daab6cc3135f2cd4b12919559e6adaee73a2fbefb830fadf0405c20231d61' ;; \
        arm64) rustArch='aarch64-unknown-linux-gnu'; rustupSha256='e3853c5a252fca15252d07cb23a1bdd9377a8c6f3efa01531109281ae47f841c' ;; \
        i386) rustArch='i686-unknown-linux-gnu'; rustupSha256='a5db2c4b29d23e9b318b955dd0337d6b52e93933608469085c924e0d05b1df1f' ;; \
        *) echo >&2 "unsupported architecture: ${dpkgArch}"; exit 1 ;; \
    esac; \
    url="https://static.rust-lang.org/rustup/archive/1.28.2/${rustArch}/rustup-init"; \
    wget "$url"; \
    echo "${rustupSha256} *rustup-init" | sha256sum -c -; \
    chmod +x rustup-init; \
    ./rustup-init -y --no-modify-path --profile minimal --default-toolchain $RUST_VERSION --default-host ${rustArch}; \
    rm rustup-init; \
    rustup --version; \
    cargo --version; \
    rustc --version;

# Install additional Rust toolchains, targets and components
RUN rustup toolchain install nightly-2025-12-12 nightly-2026-02-25 && \
    rustup target add aarch64-unknown-none-softfloat riscv64gc-unknown-none-elf x86_64-unknown-none loongarch64-unknown-none-softfloat --toolchain nightly-2025-12-12 && \
    rustup target add aarch64-unknown-none-softfloat riscv64gc-unknown-none-elf x86_64-unknown-none loongarch64-unknown-none-softfloat --toolchain nightly-2026-02-25 && \
    rustup target add aarch64-unknown-none-softfloat riscv64gc-unknown-none-elf x86_64-unknown-none loongarch64-unknown-none-softfloat --toolchain nightly && \
    rustup component add clippy llvm-tools rust-src rustfmt --toolchain nightly-2025-12-12 && \
    rustup component add clippy llvm-tools rust-src rustfmt --toolchain nightly-2026-02-25 && \
    rustup component add clippy llvm-tools rust-src rustfmt --toolchain nightly

# Add Rust mirror configuration to ~/.cargo/config.toml
# RUN echo '[source.crates-io]\nreplace-with = "rsproxy-sparse"\n[source.rsproxy]\nregistry = "https://rsproxy.cn/crates.io-index"\n[source.rsproxy-sparse]\nregistry = "sparse+https://rsproxy.cn/index/"\n[registries.rsproxy]\nindex = "https://rsproxy.cn/crates.io-index"\n[net]\ngit-fetch-with-cli = true' > /home/runner/.cargo/config.toml

RUN cargo install cargo-binutils
RUN cargo install cargo-clone