Merge pull request #631 from linuxserver/universal-docker-in-docker-update

universal-docker-in-docker add/update workflows, add qemu, remove s6v2
2026-06-17 13:52:56 -04:00 · 2023-05-21 09:58:03 -04:00
parent 196c0a9a21 f629e97660
commit 2b033cae73
17 changed files with 84 additions and 174 deletions
@@ -1,72 +1,47 @@
 name: Build Image

-on: [push, pull_request, workflow_dispatch]
+on: [push, pull_request_target, workflow_dispatch]

 env:
-  ENDPOINT: "linuxserver/mods"
-  BASEIMAGE: "universal"
-  MODNAME: "docker-in-docker"
+  GITHUB_REPO: "linuxserver/docker-mods" #don't modify
+  ENDPOINT: "linuxserver/mods" #don't modify
+  BASEIMAGE: "universal" #replace
+  MODNAME: "docker-in-docker" #replace

 jobs:
-  build:
+  set-vars:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v2.3.3
+      - name: Set Vars
+        id: outputs
+        run: |
+          echo "GITHUB_REPO=${{ env.GITHUB_REPO }}" >> $GITHUB_OUTPUT
+          echo "ENDPOINT=${{ env.ENDPOINT }}" >> $GITHUB_OUTPUT
+          echo "BASEIMAGE=${{ env.BASEIMAGE }}" >> $GITHUB_OUTPUT
+          echo "MODNAME=${{ env.MODNAME }}" >> $GITHUB_OUTPUT
+          # **** If the mod needs to be versioned, set the versioning logic below. Otherwise leave as is. ****
+          COMPOSE_RELEASE=$(curl -sX GET "https://api.github.com/repos/docker/compose/releases/latest" | awk '/tag_name/{print $4;exit}' FS='[""]' | sed 's|^v||')
+          DOCKER_RELEASE=$(curl -sX GET "https://api.github.com/repos/moby/moby/releases/latest" | awk '/tag_name/{print $4;exit}' FS='[""]' | sed 's|^v||')
+          MOD_VERSION="${DOCKER_RELEASE}-${COMPOSE_RELEASE}"
+          echo "MOD_VERSION=${MOD_VERSION}" >> $GITHUB_OUTPUT
+    outputs:
+      GITHUB_REPO: ${{ steps.outputs.outputs.GITHUB_REPO }}
+      ENDPOINT: ${{ steps.outputs.outputs.ENDPOINT }}
+      BASEIMAGE: ${{ steps.outputs.outputs.BASEIMAGE }}
+      MODNAME: ${{ steps.outputs.outputs.MODNAME }}
+      MOD_VERSION: ${{ steps.outputs.outputs.MOD_VERSION }}

-      - name: Build image
-        run: |
-          # Set version
-          if [ -z ${COMPOSE_RELEASE+x} ]; then COMPOSE_RELEASE=$(curl -sX GET "https://api.github.com/repos/docker/compose/releases/latest" | awk '/tag_name/{print $4;exit}' FS='[""]' | sed 's|^v||'); fi
-          if [ -z ${DOCKER_RELEASE+x} ]; then DOCKER_RELEASE=$(curl -sX GET "https://api.github.com/repos/moby/moby/releases/latest" | awk '/tag_name/{print $4;exit}' FS='[""]' | sed 's|^v||'); fi
-          if curl -fSsL "https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_RELEASE}.tgz" >/dev/null && curl -fSsL "https://download.docker.com/linux/static/stable/armhf/docker-${DOCKER_RELEASE}.tgz" >/dev/null && curl -fSsL "https://download.docker.com/linux/static/stable/aarch64/docker-${DOCKER_RELEASE}.tgz" >/dev/null; then echo "Docker tarballs exist, proceeding"; else echo "Docker tarballs are missing, exiting!" && exit 1; fi
-          COMBINED_VERSION=${DOCKER_RELEASE}-${COMPOSE_RELEASE}
-          echo "**** Combined version is ${COMBINED_VERSION} ****"
-          echo "COMBINED_VERSION=${COMBINED_VERSION}" >> $GITHUB_ENV
-          # Build image
-          docker build --no-cache --build-arg COMPOSE_RELEASE=${COMPOSE_RELEASE} --build-arg DOCKER_RELEASE=${DOCKER_RELEASE} -t ${{ github.sha }} .
-      - name: Tag image
-        if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) }}
-        run: |
-          docker tag ${{ github.sha }} ${ENDPOINT}:${BASEIMAGE}-${MODNAME}
-          docker tag ${{ github.sha }} ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ env.COMBINED_VERSION }}
-          docker tag ${{ github.sha }} ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ env.COMBINED_VERSION }}-${{ github.sha }}
-          docker tag ${{ github.sha }} ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ github.sha }}
-          docker tag ${{ github.sha }} ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}
-          docker tag ${{ github.sha }} ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ env.COMBINED_VERSION }}
-          docker tag ${{ github.sha }} ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ env.COMBINED_VERSION }}-${{ github.sha }}
-          docker tag ${{ github.sha }} ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ github.sha }}
-      - name: Credential check
-        if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) }}
-        run: |
-          echo "CR_USER=${{ secrets.CR_USER }}" >> $GITHUB_ENV
-          echo "CR_PAT=${{ secrets.CR_PAT }}" >> $GITHUB_ENV
-          echo "DOCKERUSER=${{ secrets.DOCKERUSER }}" >> $GITHUB_ENV
-          echo "DOCKERPASS=${{ secrets.DOCKERPASS }}" >> $GITHUB_ENV
-          if [[ "${{ secrets.CR_USER }}" == "" && "${{ secrets.CR_PAT }}" == "" && "${{ secrets.DOCKERUSER }}" == "" && "${{ secrets.DOCKERPASS }}" == "" ]]; then
-            echo "::error::Push credential secrets missing."
-            echo "::error::You must set either CR_USER & CR_PAT or DOCKERUSER & DOCKERPASS as secrets in your repo settings."
-            echo "::error::See https://github.com/linuxserver/docker-mods/blob/master/README.md for more information/instructions."
-            exit 1
-          fi
-      - name: Login to GitHub Container Registry
-        if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) && env.CR_USER && env.CR_PAT }}
-        run: |
-          echo "${{ secrets.CR_PAT }}" | docker login ghcr.io -u ${{ secrets.CR_USER }} --password-stdin
-      - name: Push tags to GitHub Container Registry
-        if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) && env.CR_USER && env.CR_PAT }}
-        run: |
-          docker push ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ env.COMBINED_VERSION }}
-          docker push ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ env.COMBINED_VERSION }}-${{ github.sha }}
-          docker push ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ github.sha }}
-          docker push ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}
-      - name: Login to DockerHub
-        if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) && env.DOCKERUSER && env.DOCKERPASS }}
-        run: |
-          echo ${{ secrets.DOCKERPASS }} | docker login -u ${{ secrets.DOCKERUSER }} --password-stdin
-      - name: Push tags to DockerHub
-        if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) && env.DOCKERUSER && env.DOCKERPASS }}
-        run: |
-          docker push ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ env.COMBINED_VERSION }}
-          docker push ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ env.COMBINED_VERSION }}-${{ github.sha }}
-          docker push ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ github.sha }}
-          docker push ${ENDPOINT}:${BASEIMAGE}-${MODNAME}
+  build:
+    uses: linuxserver/github-workflows/.github/workflows/docker-mod-builder.yml@v1
+    needs: set-vars
+    secrets:
+      CR_USER: ${{ secrets.CR_USER }}
+      CR_PAT: ${{ secrets.CR_PAT }}
+      DOCKERUSER: ${{ secrets.DOCKERUSER }}
+      DOCKERPASS: ${{ secrets.DOCKERPASS }}
+    with:
+      GITHUB_REPO: ${{ needs.set-vars.outputs.GITHUB_REPO }}
+      ENDPOINT: ${{ needs.set-vars.outputs.ENDPOINT }}
+      BASEIMAGE: ${{ needs.set-vars.outputs.BASEIMAGE }}
+      MODNAME: ${{ needs.set-vars.outputs.MODNAME }}
+      MOD_VERSION: ${{ needs.set-vars.outputs.MOD_VERSION }}
@@ -0,0 +1,16 @@
+name: Issue & PR Tracker
+
+on:
+  issues:
+    types: [opened,reopened,labeled,unlabeled,closed]
+  pull_request_target:
+    types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled,closed]
+  pull_request_review:
+    types: [submitted,edited,dismissed]
+
+jobs:
+  manage-project:
+    permissions:
+      issues: write
+    uses: linuxserver/github-workflows/.github/workflows/issue-pr-tracker.yml@v1
+    secrets: inherit
@@ -1,9 +1,10 @@
 name: Permission check
 on:
-  pull_request:
+  pull_request_target:
    paths:
      - '**/run'
      - '**/finish'
+      - '**/check'
 jobs:
  permission_check:
    uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1
@@ -1,8 +1,9 @@
+# syntax=docker/dockerfile:1
+
 ## Buildstage ##
 FROM ghcr.io/linuxserver/baseimage-alpine:3.17 as buildstage

-ARG DOCKER_RELEASE
-ARG COMPOSE_RELEASE
+ARG MOD_VERSION

 RUN \
  echo "**** install packages ****" && \
@@ -10,10 +11,16 @@ RUN \
    git \
    go && \
  echo "**** retrieve latest version ****" && \
-  if [ -z ${DOCKER_RELEASE+x} ]; then \
+  if [[ -z "${MOD_VERSION+x}" ]]; then \
    DOCKER_RELEASE=$(curl -sX GET "https://api.github.com/repos/moby/moby/releases/latest" \
      | awk '/tag_name/{print $4;exit}' FS='[""]' \
      | sed 's|^v||'); \
+    COMPOSE_RELEASE=$(curl -sX GET "https://api.github.com/repos/docker/compose/releases/latest" \
+      | awk '/tag_name/{print $4;exit}' FS='[""]' \
+      | sed 's|^v||'); \
+  else \
+    DOCKER_RELEASE=$(echo "${MOD_VERSION}" | sed 's|-.*||'); \
+    COMPOSE_RELEASE=$(echo "${MOD_VERSION}" | sed 's|.*-||'); \
  fi && \
  echo "**** grab docker ****" && \
  mkdir -p /root-layer/docker-tgz && \
@@ -26,12 +33,6 @@ RUN \
  curl -fo \
    /root-layer/docker-tgz/docker_aarch64.tgz -L \
    "https://download.docker.com/linux/static/stable/aarch64/docker-${DOCKER_RELEASE}.tgz" && \
-  echo "**** retrieve latest compose version ****" && \
-  if [ -z ${COMPOSE_RELEASE+x} ]; then \
-    COMPOSE_RELEASE=$(curl -sX GET "https://api.github.com/repos/docker/compose/releases/latest" \
-      | awk '/tag_name/{print $4;exit}' FS='[""]' \
-      | sed 's|^v||'); \
-  fi && \
  echo "**** grab compose ****" && \
  curl -fo \
    /root-layer/docker-tgz/docker-compose_x86_64 -L \
@@ -43,11 +44,9 @@ RUN \
    /root-layer/docker-tgz/docker-compose_aarch64 -L \
    "https://github.com/docker/compose/releases/download/v${COMPOSE_RELEASE}/docker-compose-linux-aarch64" && \
  echo "**** retrieve latest compose switch version ****" && \
-  if [ -z ${SWITCH_RELEASE+x} ]; then \
-    SWITCH_RELEASE=$(curl -sX GET "https://api.github.com/repos/docker/compose-switch/releases/latest" \
-      | awk '/tag_name/{print $4;exit}' FS='[""]' \
-      | sed 's|^v||'); \
-  fi && \
+  SWITCH_RELEASE=$(curl -sX GET "https://api.github.com/repos/docker/compose-switch/releases/latest" \
+    | awk '/tag_name/{print $4;exit}' FS='[""]' \
+    | sed 's|^v||') && \
  echo "**** grab compose switch ****" && \
  curl -fo \
    /root-layer/docker-tgz/compose-switch_x86_64 -L \
@@ -10,5 +10,6 @@ In the container's docker arguments,
 * Set the `privileged` option for the container

 Docker data root will reside under `/config/var/lib/docker`.
+On amd64, QEMU will be enabled on container start.

 If adding multiple mods, enter them in an array separated by `|`, such as `DOCKER_MODS=linuxserver/mods:universal-docker-in-docker|linuxserver/mods:universal-mod2`
@@ -1,5 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-if [ -f /usr/bin/apt ]; then
-    apt-get update
-fi
@@ -1,55 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-ABC_USER=$(id -nu ${PUID:-911})
-mkdir -p /config/{logs/dockerd,var/lib/docker}
-chown -R ${ABC_USER}:${ABC_USER} /config/logs
-
-echo "**** installing docker and docker compose ****"
-if [ -f /usr/bin/apt ]; then
-    apt-get install -y \
-        btrfs-progs \
-        ca-certificates \
-        curl \
-        e2fsprogs \
-        iptables \
-        openssh-client \
-        openssl \
-        pigz \
-        xfsprogs \
-        xz-utils
-else
-    apk add --no-cache \
-        btrfs-progs \
-        curl \
-        e2fsprogs \
-        e2fsprogs-extra \
-        ip6tables \
-        iptables \
-        openssl \
-        pigz \
-        xfsprogs \
-        xz
-fi
-ARCH=$(uname -m)
-if [ -d "/docker-tgz" ] ; then
-    echo "Copying over docker and docker-compose binaries"
-    mkdir -p /usr/local/lib/docker/cli-plugins
-    mv "/docker-tgz/docker-compose_${ARCH}" /usr/local/lib/docker/cli-plugins/docker-compose
-    mv "/docker-tgz/docker-buildx_${ARCH}" /usr/local/lib/docker/cli-plugins/docker-buildx
-    mv "/docker-tgz/compose-switch_${ARCH}" /usr/local/bin/docker-compose
-    tar xf /docker-tgz/docker_${ARCH}.tgz \
-        --strip-components=1 -C \
-        /usr/local/bin/
-    rm -rf /docker-tgz
-else
-    echo "**** docker and docker-compose already installed, skipping ****"
-fi
-
-# delete PID if exists
-find /run /var/run -iname 'docker*.pid' -delete || :
-
-# create docker group and add abc to it
-groupadd -f docker
-if ! id -nG ${ABC_USER} | grep -q "docker"; then 
-    usermod -aG docker ${ABC_USER}
-fi
@@ -2,7 +2,7 @@

 ABC_USER=$(id -nu ${PUID:-911})
 mkdir -p /config/{logs/dockerd,var/lib/docker}
-chown -R ${ABC_USER}:${ABC_USER} /config/logs
+lsiown -R ${ABC_USER}:${ABC_USER} /config/logs

 echo "**** installing docker and docker compose ****"
 if [ -f /usr/bin/apt ]; then
@@ -0,0 +1,6 @@
+#!/usr/bin/with-contenv bash
+
+if [[ $(uname -m) = "x86_64" ]]; then
+    echo "**** Enabling QEMU ****"
+    exec docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
+fi
@@ -0,0 +1 @@
+oneshot
@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-mod-universal-docker-in-docker-qemu/run
@@ -0,0 +1 @@
+10736
@@ -23,5 +23,7 @@ if [ -f /sys/fs/cgroup/cgroup.controllers ]; then
        > /sys/fs/cgroup/cgroup.subtree_control
 fi

-exec 2>&1 /usr/local/bin/dockerd \
-    --data-root "/config/var/lib/docker"
+exec \
+    s6-notifyoncheck -d -n 300 -w 1000 -c "docker version" \
+        2>&1 /usr/local/bin/dockerd \
+            --data-root "/config/var/lib/docker"
@@ -1,6 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-ABC_USER=$(id -nu ${PUID:-911})
-
-exec \
-    s6-setuidgid ${ABC_USER} s6-log n30 s10000000 S30000000 T !"gzip -nq9" /config/logs/dockerd
@@ -1,27 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-## dind hack from https://github.com/moby/moby/blob/master/hack/dind
-export container=docker
-if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security; then
-    mount -t securityfs none /sys/kernel/security || {
-        echo 'Could not mount /sys/kernel/security.'
-        echo 'AppArmor detection and --privileged mode might break.'
-    }
-fi
-# Mount /tmp (conditionally)
-if ! mountpoint -q /tmp; then
-    mount -t tmpfs none /tmp
-fi
-# cgroup v2: enable nesting
-if [ -f /sys/fs/cgroup/cgroup.controllers ]; then
-    # move the init process (PID 1) from the root group to the /init group,
-    # otherwise writing subtree_control fails with EBUSY.
-    mkdir -p /sys/fs/cgroup/init
-    echo 1 > /sys/fs/cgroup/init/cgroup.procs
-    # enable controllers
-    sed -e 's/ / +/g' -e 's/^/+/' < /sys/fs/cgroup/cgroup.controllers \
-        > /sys/fs/cgroup/cgroup.subtree_control
-fi
-
-exec 2>&1 /usr/local/bin/dockerd \
-    --data-root "/config/var/lib/docker"
				`@@ -0,0 +1 @@`
				`/etc/s6-overlay/s6-rc.d/init-mod-universal-docker-in-docker-qemu/run`