tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / development / tools / continuous-integration / github-runner / default.nix
at fix-function-merge 12 kB view raw
1{ autoSignDarwinBinariesHook 2, buildDotnetModule 3, dotnetCorePackages 4, fetchFromGitHub 5, fetchpatch 6, git 7, glibc 8, glibcLocales 9, lib 10, nixosTests 11, stdenv 12, which 13, buildPackages 14, runtimeShell 15 # List of Node.js runtimes the package should support 16, nodeRuntimes ? [ "node20" ] 17, nodejs_20 18}: 19 20# Node.js runtimes supported by upstream 21assert builtins.all (x: builtins.elem x [ "node20" ]) nodeRuntimes; 22 23buildDotnetModule rec { 24 pname = "github-runner"; 25 version = "2.317.0"; 26 27 src = fetchFromGitHub { 28 owner = "actions"; 29 repo = "runner"; 30 rev = "v${version}"; 31 hash = "sha256-+VwEH4hmEjeYFWm7TOndD5SOJwsyPZEhKkCSyl7x8cE="; 32 leaveDotGit = true; 33 postFetch = '' 34 git -C $out rev-parse --short HEAD > $out/.git-revision 35 rm -rf $out/.git 36 ''; 37 }; 38 39 # The git commit is read during the build and some tests depend on a git repo to be present 40 # https://github.com/actions/runner/blob/22d1938ac420a4cb9e3255e47a91c2e43c38db29/src/dir.proj#L5 41 unpackPhase = '' 42 cp -r $src $TMPDIR/src 43 chmod -R +w $TMPDIR/src 44 cd $TMPDIR/src 45 ( 46 export PATH=${buildPackages.git}/bin:$PATH 47 git init 48 git config user.email "root@localhost" 49 git config user.name "root" 50 git add . 51 git commit -m "Initial commit" 52 git checkout -b v${version} 53 ) 54 mkdir -p $TMPDIR/bin 55 cat > $TMPDIR/bin/git <<EOF 56 #!${runtimeShell} 57 if [ \$# -eq 1 ] && [ "\$1" = "rev-parse" ]; then 58 echo $(cat $TMPDIR/src/.git-revision) 59 exit 0 60 fi 61 exec ${buildPackages.git}/bin/git "\$@" 62 EOF 63 chmod +x $TMPDIR/bin/git 64 export PATH=$TMPDIR/bin:$PATH 65 ''; 66 67 patches = [ 68 # Replace some paths that originally point to Nix's read-only store 69 ./patches/host-context-dirs.patch 70 # Use GetDirectory() to obtain "diag" dir 71 ./patches/use-get-directory-for-diag.patch 72 # Don't try to install service 73 ./patches/dont-install-service.patch 74 # Access `.env` and `.path` relative to `$RUNNER_ROOT`, if set 75 ./patches/env-sh-use-runner-root.patch 76 # Fix FHS path: https://github.com/actions/runner/pull/2464 77 (fetchpatch { 78 name = "ln-fhs.patch"; 79 url = "https://github.com/actions/runner/commit/5ff0ce1.patch"; 80 hash = "sha256-2Vg3cKZK3cE/OcPDZkdN2Ro2WgvduYTTwvNGxwCfXas="; 81 }) 82 ] ++ lib.optionals (nodeRuntimes == [ "node20" ]) [ 83 # If the package is built without Node 16, make Node 20 the default internal version 84 # https://github.com/actions/runner/pull/2844 85 (fetchpatch { 86 name = "internal-node-20.patch"; 87 url = "https://github.com/actions/runner/commit/acdc6ed.patch"; 88 hash = "sha256-3/6yhhJPr9OMWBFc5/NU/DRtn76aTYvjsjQo2u9ZqnU="; 89 }) 90 ]; 91 92 postPatch = '' 93 # Ignore changes to src/Runner.Sdk/BuildConstants.cs 94 substituteInPlace src/dir.proj \ 95 --replace 'git update-index --assume-unchanged ./Runner.Sdk/BuildConstants.cs' \ 96 'true' 97 ''; 98 99 DOTNET_SYSTEM_GLOBALIZATION_INVARIANT = isNull glibcLocales; 100 LOCALE_ARCHIVE = lib.optionalString (!DOTNET_SYSTEM_GLOBALIZATION_INVARIANT) "${glibcLocales}/lib/locale/locale-archive"; 101 102 postConfigure = '' 103 # Generate src/Runner.Sdk/BuildConstants.cs 104 dotnet msbuild \ 105 -t:GenerateConstant \ 106 -p:ContinuousIntegrationBuild=true \ 107 -p:Deterministic=true \ 108 -p:PackageRuntime="${dotnetCorePackages.systemToDotnetRid stdenv.hostPlatform.system}" \ 109 -p:RunnerVersion="${version}" \ 110 src/dir.proj 111 ''; 112 113 nativeBuildInputs = [ 114 which 115 git 116 ] ++ lib.optionals (stdenv.isDarwin && stdenv.isAarch64) [ 117 autoSignDarwinBinariesHook 118 ]; 119 120 buildInputs = [ stdenv.cc.cc.lib ]; 121 122 dotnet-sdk = dotnetCorePackages.sdk_6_0; 123 dotnet-runtime = dotnetCorePackages.runtime_6_0; 124 125 dotnetFlags = [ "-p:PackageRuntime=${dotnetCorePackages.systemToDotnetRid stdenv.hostPlatform.system}" ]; 126 127 # As given here: https://github.com/actions/runner/blob/0befa62/src/dir.proj#L33-L41 128 projectFile = [ 129 "src/Sdk/Sdk.csproj" 130 "src/Runner.Common/Runner.Common.csproj" 131 "src/Runner.Listener/Runner.Listener.csproj" 132 "src/Runner.Worker/Runner.Worker.csproj" 133 "src/Runner.PluginHost/Runner.PluginHost.csproj" 134 "src/Runner.Sdk/Runner.Sdk.csproj" 135 "src/Runner.Plugins/Runner.Plugins.csproj" 136 ]; 137 nugetDeps = ./deps.nix; 138 139 doCheck = true; 140 141 __darwinAllowLocalNetworking = true; 142 143 # Fully qualified name of disabled tests 144 disabledTests = 145 [ 146 "GitHub.Runner.Common.Tests.Listener.SelfUpdaterL0.TestSelfUpdateAsync" 147 "GitHub.Runner.Common.Tests.ProcessInvokerL0.OomScoreAdjIsInherited" 148 ] 149 ++ map (x: "GitHub.Runner.Common.Tests.Listener.SelfUpdaterL0.TestSelfUpdateAsync_${x}") [ 150 "Cancel_CloneHashTask_WhenNotNeeded" 151 "CloneHash_RuntimeAndExternals" 152 "DownloadRetry" 153 "FallbackToFullPackage" 154 "NoUpdateOnOldVersion" 155 "NotUseExternalsRuntimeTrimmedPackageOnHashMismatch" 156 "UseExternalsRuntimeTrimmedPackage" 157 "UseExternalsTrimmedPackage" 158 "ValidateHash" 159 ] 160 ++ map (x: "GitHub.Runner.Common.Tests.Listener.SelfUpdaterV2L0.${x}") [ 161 "TestSelfUpdateAsync_DownloadRetry" 162 "TestSelfUpdateAsync_ValidateHash" 163 "TestSelfUpdateAsync" 164 ] 165 ++ map (x: "GitHub.Runner.Common.Tests.Worker.ActionManagerL0.PrepareActions_${x}") [ 166 "CompositeActionWithActionfile_CompositeContainerNested" 167 "CompositeActionWithActionfile_CompositePrestepNested" 168 "CompositeActionWithActionfile_MaxLimit" 169 "CompositeActionWithActionfile_Node" 170 "DownloadActionFromGraph" 171 "NotPullOrBuildImagesMultipleTimes" 172 "RepositoryActionWithActionYamlFile_DockerHubImage" 173 "RepositoryActionWithActionfileAndDockerfile" 174 "RepositoryActionWithActionfile_DockerHubImage" 175 "RepositoryActionWithActionfile_Dockerfile" 176 "RepositoryActionWithActionfile_DockerfileRelativePath" 177 "RepositoryActionWithActionfile_Node" 178 "RepositoryActionWithDockerfile" 179 "RepositoryActionWithDockerfileInRelativePath" 180 "RepositoryActionWithDockerfilePrepareActions_Repository" 181 "RepositoryActionWithInvalidWrapperActionfile_Node" 182 "RepositoryActionWithWrapperActionfile_PreSteps" 183 ] 184 ++ map (x: "GitHub.Runner.Common.Tests.DotnetsdkDownloadScriptL0.${x}") [ 185 "EnsureDotnetsdkBashDownloadScriptUpToDate" 186 "EnsureDotnetsdkPowershellDownloadScriptUpToDate" 187 ] 188 ++ [ "GitHub.Runner.Common.Tests.Listener.RunnerL0.TestRunOnceHandleUpdateMessage" ] 189 # Tests for trimmed runner packages which aim at reducing the update size. Not relevant for Nix. 190 ++ map (x: "GitHub.Runner.Common.Tests.PackagesTrimL0.${x}") [ 191 "RunnerLayoutParts_CheckExternalsHash" 192 "RunnerLayoutParts_CheckDotnetRuntimeHash" 193 ] 194 ++ lib.optionals (stdenv.hostPlatform.system == "aarch64-linux") [ 195 # "JavaScript Actions in Alpine containers are only supported on x64 Linux runners. Detected Linux Arm64" 196 "GitHub.Runner.Common.Tests.Worker.StepHostL0.DetermineNodeRuntimeVersionInAlpineContainerAsync" 197 "GitHub.Runner.Common.Tests.Worker.StepHostL0.DetermineNode20RuntimeVersionInAlpineContainerAsync" 198 ] 199 ++ lib.optionals DOTNET_SYSTEM_GLOBALIZATION_INVARIANT [ 200 "GitHub.Runner.Common.Tests.ProcessExtensionL0.SuccessReadProcessEnv" 201 "GitHub.Runner.Common.Tests.Util.StringUtilL0.FormatUsesInvariantCulture" 202 "GitHub.Runner.Common.Tests.Worker.VariablesL0.Constructor_SetsOrdinalIgnoreCaseComparer" 203 "GitHub.Runner.Common.Tests.Worker.WorkerL0.DispatchCancellation" 204 "GitHub.Runner.Common.Tests.Worker.WorkerL0.DispatchRunNewJob" 205 ] 206 ++ lib.optionals (!lib.elem "node16" nodeRuntimes) [ 207 "GitHub.Runner.Common.Tests.ProcessExtensionL0.SuccessReadProcessEnv" 208 ]; 209 210 testProjectFile = [ "src/Test/Test.csproj" ]; 211 212 preCheck = '' 213 mkdir -p _layout/externals 214 '' + lib.optionalString (lib.elem "node20" nodeRuntimes) '' 215 ln -s ${nodejs_20} _layout/externals/node20 216 ''; 217 218 postInstall = '' 219 mkdir -p $out/bin 220 221 install -m755 src/Misc/layoutbin/runsvc.sh $out/lib/github-runner 222 install -m755 src/Misc/layoutbin/RunnerService.js $out/lib/github-runner 223 install -m755 src/Misc/layoutroot/run.sh $out/lib/github-runner 224 install -m755 src/Misc/layoutroot/run-helper.sh.template $out/lib/github-runner/run-helper.sh 225 install -m755 src/Misc/layoutroot/config.sh $out/lib/github-runner 226 install -m755 src/Misc/layoutroot/env.sh $out/lib/github-runner 227 228 # env.sh is patched to not require any wrapping 229 ln -sr "$out/lib/github-runner/env.sh" "$out/bin/" 230 231 substituteInPlace $out/lib/github-runner/config.sh \ 232 --replace './bin/Runner.Listener' "$out/bin/Runner.Listener" 233 '' + lib.optionalString stdenv.isLinux '' 234 substituteInPlace $out/lib/github-runner/config.sh \ 235 --replace 'command -v ldd' 'command -v ${glibc.bin}/bin/ldd' \ 236 --replace 'ldd ./bin' '${glibc.bin}/bin/ldd ${dotnet-runtime}/shared/Microsoft.NETCore.App/${dotnet-runtime.version}/' \ 237 --replace '/sbin/ldconfig' '${glibc.bin}/bin/ldconfig' 238 '' + '' 239 # Remove uneeded copy for run-helper template 240 substituteInPlace $out/lib/github-runner/run.sh --replace 'cp -f "$DIR"/run-helper.sh.template "$DIR"/run-helper.sh' ' ' 241 substituteInPlace $out/lib/github-runner/run-helper.sh --replace '"$DIR"/bin/' '"$DIR"/' 242 243 # Make paths absolute 244 substituteInPlace $out/lib/github-runner/runsvc.sh \ 245 --replace './externals' "$out/lib/externals" \ 246 --replace './bin/RunnerService.js' "$out/lib/github-runner/RunnerService.js" 247 248 # The upstream package includes Node and expects it at the path 249 # externals/node$version. As opposed to the official releases, we don't 250 # link the Alpine Node flavors. 251 mkdir -p $out/lib/externals 252 '' + lib.optionalString (lib.elem "node20" nodeRuntimes) '' 253 ln -s ${nodejs_20} $out/lib/externals/node20 254 '' + '' 255 # Install Nodejs scripts called from workflows 256 install -D src/Misc/layoutbin/hashFiles/index.js $out/lib/github-runner/hashFiles/index.js 257 mkdir -p $out/lib/github-runner/checkScripts 258 install src/Misc/layoutbin/checkScripts/* $out/lib/github-runner/checkScripts/ 259 '' + lib.optionalString stdenv.isLinux '' 260 # Wrap explicitly to, e.g., prevent extra entries for LD_LIBRARY_PATH 261 makeWrapperArgs=() 262 263 # We don't wrap with libicu 264 substituteInPlace $out/lib/github-runner/config.sh \ 265 --replace '$LDCONFIG_COMMAND -NXv ''${libpath//:/ }' 'echo libicu' 266 '' + '' 267 # XXX: Using the corresponding Nix argument does not work as expected: 268 # https://github.com/NixOS/nixpkgs/issues/218449 269 # Common wrapper args for `executables` 270 makeWrapperArgs+=( 271 --run 'export RUNNER_ROOT="''${RUNNER_ROOT:-"$HOME/.github-runner"}"' 272 --run 'mkdir -p "$RUNNER_ROOT"' 273 --chdir "$out" 274 ) 275 ''; 276 277 # List of files to wrap 278 executables = [ 279 "config.sh" 280 "Runner.Listener" 281 "Runner.PluginHost" 282 "Runner.Worker" 283 "run.sh" 284 "runsvc.sh" 285 ]; 286 287 doInstallCheck = true; 288 installCheckPhase = '' 289 runHook preInstallCheck 290 291 export RUNNER_ROOT="$TMPDIR" 292 293 $out/bin/config.sh --help >/dev/null 294 $out/bin/Runner.Listener --help >/dev/null 295 296 version=$($out/bin/Runner.Listener --version) 297 if [[ "$version" != "${version}" ]]; then 298 printf 'Unexpected version %s' "$version" 299 exit 1 300 fi 301 302 commit=$($out/bin/Runner.Listener --commit) 303 if [[ "$commit" != "$(git rev-parse HEAD)" ]]; then 304 printf 'Unexpected commit %s' "$commit" 305 exit 1 306 fi 307 308 runHook postInstallCheck 309 ''; 310 311 passthru = { 312 tests.smoke-test = nixosTests.github-runner; 313 updateScript = ./update.sh; 314 }; 315 316 meta = with lib; { 317 changelog = "https://github.com/actions/runner/releases/tag/v${version}"; 318 description = "Self-hosted runner for GitHub Actions"; 319 homepage = "https://github.com/actions/runner"; 320 license = licenses.mit; 321 maintainers = with maintainers; [ veehaitch newam kfollesdal aanderse zimbatm ]; 322 platforms = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ]; 323 sourceProvenance = with sourceTypes; [ binaryNativeCode ]; 324 }; 325}