midou/bromite-buildtools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add proxy support

Browse Source
This commit is contained in:
uazo 2021-07-31 10:06:38 +00:00
parent 5f239bfb4c
commit 532a0475bf
9 changed files with 84 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
images/github-runner/Dockerfile
View File

@ -23,7 +23,7 @@ RUN mkdir -p /run/systemd && echo 'docker' > /run/systemd/container
RUN apt-get update && \ RUN apt-get update && \
apt-get install -y --no-install-recommends \ apt-get install -y --no-install-recommends \
systemd systemd-sysv libsystemd0 ca-certificates dbus \ systemd systemd-sysv libsystemd0 ca-certificates dbus \
iptables iproute2 kmod locales sudo udev && \ iptables iproute2 kmod locales sudo udev socat && \
echo "ReadKMsg=no" >> /etc/systemd/journald.conf && \ echo "ReadKMsg=no" >> /etc/systemd/journald.conf && \
apt-get clean -y && \ apt-get clean -y && \
rm -rf /var/cache/debconf/* /var/lib/apt/lists/* /var/log/* /tmp/* /var/tmp/* \ rm -rf /var/cache/debconf/* /var/lib/apt/lists/* /var/log/* /tmp/* /var/tmp/* \
@ -50,7 +50,7 @@ RUN apt-get update && apt-get install --no-install-recommends -y openssh-server
mkdir /home/admin/.ssh && \ mkdir /home/admin/.ssh && \
chown admin:admin /home/admin/.ssh chown admin:admin /home/admin/.ssh
EXPOSE 22 #EXPOSE 22
# Extra deps for GHA Runner # Extra deps for GHA Runner
ENV DEBIAN_FRONTEND=noninteractive ENV DEBIAN_FRONTEND=noninteractive
@ -63,7 +63,7 @@ RUN apt-get update \
wget \ wget \
zip \ zip \
git \ git \
pigz \ pigz nano \
&& rm -rf /var/lib/apt/list/* && rm -rf /var/lib/apt/list/*
# Add and config runner user as sudo # Add and config runner user as sudo
@ -77,7 +77,7 @@ RUN useradd -m runner \
# Build args # Build args
ARG TARGETPLATFORM=amd64 ARG TARGETPLATFORM=amd64
ARG RUNNER_VERSION=2.302.1 ARG RUNNER_VERSION=2.302.4
WORKDIR /runner WORKDIR /runner
# Runner download supports amd64 as x64 # Runner download supports amd64 as x64
@ -109,5 +109,12 @@ RUN chmod +x ./patched/runsvc.sh /usr/local/bin/startup.sh
USER runner USER runner
ENV HTTP_PROXY="http://127.0.0.1:8118"
ENV HTTPS_PROXY="http://127.0.0.1:8118"
ENV http_proxy="http://127.0.0.1:8118"
ENV https_proxy="http://127.0.0.1:8118"
COPY docker.default /etc/default/docker
COPY proxy.conf /etc/apt/apt.conf.d/proxy.conf
ENTRYPOINT ["/usr/local/bin/dumb-init", "--"] ENTRYPOINT ["/usr/local/bin/dumb-init", "--"]
CMD ["startup.sh"] CMD ["startup.sh"]

2
images/github-runner/docker.default Normal file
View File

@ -0,0 +1,2 @@
export http_proxy="http://127.0.0.1:8118"
export https_proxy="http://127.0.0.1:8118"

1
images/github-runner/proxy.conf Normal file
View File

@ -0,0 +1 @@
Acquire::http::Proxy "http://127.0.0.1:8118";

7
images/github-runner/startup.sh
View File

@ -1,8 +1,15 @@
#!/bin/bash #!/bin/bash
echo "Starting Proxy Support"
socat TCP-LISTEN:8118,reuseaddr,fork UNIX-CLIENT:/tmp/forward-proxy/proxy.sock &
sudo iptables -A INPUT -p tcp -s localhost --dport 8118 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 8118 -j DROP
echo "Starting supervisor (Docker)" echo "Starting supervisor (Docker)"
sudo service docker start sudo service docker start
#bash
if [ -n "${GITHUB_REPOSITORY}" ] if [ -n "${GITHUB_REPOSITORY}" ]
then then
auth_url="https://api.github.com/repos/${GITHUB_OWNER}/${GITHUB_REPOSITORY}/actions/runners/registration-token" auth_url="https://api.github.com/repos/${GITHUB_OWNER}/${GITHUB_REPOSITORY}/actions/runners/registration-token"

3
images/goma-server/start-goma-server.sh
View File

@ -7,9 +7,6 @@ NC='\033[0m' # No Color
echo -e ${RED} -------- start goma-server ${NC} echo -e ${RED} -------- start goma-server ${NC}
#test -f /tmp/proxy/bots.sock && sudo rm /tmp/proxy/bots.sock
#socat UNIX-LISTEN:/tmp/proxy/bots.sock,reuseaddr,fork TCP4:$REMOTEEXEC_ADDR &
socat TCP-LISTEN:50051,reuseaddr,fork UNIX-CLIENT:/tmp/proxy/bots.sock & socat TCP-LISTEN:50051,reuseaddr,fork UNIX-CLIENT:/tmp/proxy/bots.sock &
cd ./goma-server/ cd ./goma-server/

13
images/privoxy/Dockerfile Normal file
View File

@ -0,0 +1,13 @@
FROM alpine:3.14
ARG REMOTEEXEC_ADDR
COPY user.action .
COPY privoxy.conf .
COPY start-proxy.sh .
RUN apk update && apk add privoxy bash sudo socat
CMD sudo chmod +x ./start-proxy.sh &&\
REMOTEEXEC_ADDR=$REMOTEEXEC_ADDR &&\
./start-proxy.sh

18
images/privoxy/privoxy.conf Normal file
View File

@ -0,0 +1,18 @@
#confdir /etc/privoxy
logdir /var/log/privoxy
#listen-address 127.0.0.1:8118
listen-address 0.0.0.0:8118
debug 1024
#debug 32768 # log all data read from the network
#debug 65536 # Log the applying actions
toggle 1
enable-remote-toggle 0
enable-edit-actions 1
enable-remote-http-toggle 0
enforce-blocks 1
actionsfile user.action

12
images/privoxy/start-proxy.sh Normal file
View File

@ -0,0 +1,12 @@
#!/bin/bash
test -e /tmp/forward-proxy/proxy.sock && sudo rm /tmp/forward-proxy/proxy.sock
test -e /tmp/proxy/bots.sock && sudo rm /tmp/proxy/bots.sock
socat UNIX-LISTEN:/tmp/forward-proxy/proxy.sock,reuseaddr,fork TCP:127.0.0.1:8118 &
socat UNIX-LISTEN:/tmp/proxy/bots.sock,reuseaddr,fork TCP4:$REMOTEEXEC_ADDR &
sudo chmod 777 /tmp/forward-proxy/proxy.sock
sudo chmod 777 /tmp/proxy/bots.sock
privoxy --no-daemon privoxy.conf

20
images/privoxy/user.action Normal file
View File

@ -0,0 +1,20 @@
{ +block{blocked} }
/ # Block all URLs
{ -block }
.github.com
.docker.io
.docker.com
.githubusercontent.com
.ubuntu.com
# for buildeps
chromium.googlesource.com
# for chr-source
chrome-infra-packages.appspot.com
.googleapis.com
.googlesource.com
# for goma client
chrome-infra-packages.appspot.com