From b24860c97b8156eeb65b0da2a9c3b28175de4040 Mon Sep 17 00:00:00 2001
From: Michel Roegl-Brunner
 <73236783+michelroegl-brunner@users.noreply.github.com>
Date: Fri, 28 Feb 2025 15:15:29 +0100
Subject: [PATCH] Update all Action to new selfhosted Runner Cluster (#2739)

* Update Runner

* Update Workflows
---
 .../runner/docker/gh-runner-self.dockerfile   | 68 +++++++++++++++++++
 .github/workflows/auto-update-app-headers.yml |  2 +-
 .github/workflows/autolabeler.yml             |  2 +-
 .github/workflows/changelog-pr.yml            |  2 +-
 .github/workflows/close-discussion.yml        |  2 +-
 .../workflows/create-docker-for-runner.yml    | 37 ++++++++++
 .github/workflows/delete-json-branch.yml      |  2 +-
 .github/workflows/frontend-cicd.yml           |  2 +-
 .github/workflows/github-release.yml          |  2 +-
 .github/workflows/update-json-date.yml        |  2 +-
 .github/workflows/validate-filenames.yml      |  2 +-
 11 files changed, 114 insertions(+), 9 deletions(-)
 create mode 100644 .github/runner/docker/gh-runner-self.dockerfile
 create mode 100644 .github/workflows/create-docker-for-runner.yml

diff --git a/.github/runner/docker/gh-runner-self.dockerfile b/.github/runner/docker/gh-runner-self.dockerfile
new file mode 100644
index 000000000..e5ae072ab
--- /dev/null
+++ b/.github/runner/docker/gh-runner-self.dockerfile
@@ -0,0 +1,68 @@
+FROM mcr.microsoft.com/dotnet/runtime-deps:8.0-jammy as build
+
+ARG TARGETOS
+ARG TARGETARCH
+ARG DOCKER_VERSION=27.5.1
+ARG BUILDX_VERSION=0.20.1
+ARG RUNNER_ARCH="x64"
+
+RUN apt update -y && apt install sudo curl unzip -y
+
+WORKDIR /actions-runner
+
+RUN RUNNER_VERSION=$(curl -s https://api.github.com/repos/actions/runner/releases/latest | grep "tag_name" | head -n 1 | awk '{print substr($2, 3, length($2)-4)}') \
+    && curl -f -L -o runner.tar.gz https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-${RUNNER_ARCH}-${RUNNER_VERSION}.tar.gz \
+    && tar xzf ./runner.tar.gz \
+    && rm runner.tar.gz
+
+RUN RUNNER_CONTAINER_HOOKS_VERSION=$(curl -s https://api.github.com/repos/actions/runner-container-hooks/releases/latest | grep "tag_name" | head -n 1 | awk '{print substr($2, 3, length($2)-4)}') \
+    && curl -f -L -o runner-container-hooks.zip https://github.com/actions/runner-container-hooks/releases/download/v${RUNNER_CONTAINER_HOOKS_VERSION}/actions-runner-hooks-k8s-${RUNNER_CONTAINER_HOOKS_VERSION}.zip \
+    && unzip ./runner-container-hooks.zip -d ./k8s \
+    && rm runner-container-hooks.zip
+
+RUN export RUNNER_ARCH=${TARGETARCH} \
+    && if [ "$RUNNER_ARCH" = "amd64" ]; then export DOCKER_ARCH=x86_64 ; fi \
+    && if [ "$RUNNER_ARCH" = "arm64" ]; then export DOCKER_ARCH=aarch64 ; fi \
+    && curl -fLo docker.tgz https://download.docker.com/${TARGETOS}/static/stable/${DOCKER_ARCH}/docker-${DOCKER_VERSION}.tgz \
+    && tar zxvf docker.tgz \
+    && rm -rf docker.tgz \
+    && mkdir -p /usr/local/lib/docker/cli-plugins \
+    && curl -fLo /usr/local/lib/docker/cli-plugins/docker-buildx \
+        "https://github.com/docker/buildx/releases/download/v${BUILDX_VERSION}/buildx-v${BUILDX_VERSION}.linux-${TARGETARCH}" \
+    && chmod +x /usr/local/lib/docker/cli-plugins/docker-buildx
+
+FROM mcr.microsoft.com/dotnet/runtime-deps:8.0-jammy
+
+ENV DEBIAN_FRONTEND=noninteractive
+ENV RUNNER_MANUALLY_TRAP_SIG=1
+ENV ACTIONS_RUNNER_PRINT_LOG_TO_STDOUT=1
+ENV ImageOS=ubuntu22
+
+RUN apt update -y \
+    && apt install -y --no-install-recommends sudo lsb-release gpg-agent software-properties-common curl jq unzip \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN add-apt-repository ppa:git-core/ppa \
+    && apt update -y \
+    && apt install -y git \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN adduser --disabled-password --gecos "" --uid 1001 runner \
+    && groupadd docker --gid 123 \
+    && usermod -aG sudo runner \
+    && usermod -aG docker runner \
+    && echo "%sudo   ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers \
+    && echo "Defaults env_keep += \"DEBIAN_FRONTEND\"" >> /etc/sudoers
+
+# Install own dependencies in final image
+RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
+    && apt-get install -y nodejs \
+    && apt-get install -y gh jq git
+
+WORKDIR /home/runner
+
+COPY --chown=runner:docker --from=build /actions-runner .
+COPY --from=build /usr/local/lib/docker/cli-plugins/docker-buildx /usr/local/lib/docker/cli-plugins/docker-buildx
+RUN install -o root -g root -m 755 docker/* /usr/bin/ && rm -rf docker
+
+USER runner
diff --git a/.github/workflows/auto-update-app-headers.yml b/.github/workflows/auto-update-app-headers.yml
index 5e447ea54..b6c4f2b77 100644
--- a/.github/workflows/auto-update-app-headers.yml
+++ b/.github/workflows/auto-update-app-headers.yml
@@ -10,7 +10,7 @@ on:
 
 jobs:
   update-app-files:
-    runs-on: ubuntu-latest
+    runs-on: runner-cluster-htl-set
 
     permissions:
       contents: write
diff --git a/.github/workflows/autolabeler.yml b/.github/workflows/autolabeler.yml
index 013c40be5..54647eab6 100644
--- a/.github/workflows/autolabeler.yml
+++ b/.github/workflows/autolabeler.yml
@@ -7,7 +7,7 @@ on:
 
 jobs:
   autolabeler:
-    runs-on: ubuntu-latest
+    runs-on: runner-cluster-htl-set
     permissions:
       pull-requests: write
     env:
diff --git a/.github/workflows/changelog-pr.yml b/.github/workflows/changelog-pr.yml
index dc5bcd3d3..036ef7a7c 100644
--- a/.github/workflows/changelog-pr.yml
+++ b/.github/workflows/changelog-pr.yml
@@ -7,7 +7,7 @@ on:
 
 jobs:
   update-changelog-pull-request:
-    runs-on: ubuntu-latest
+    runs-on: runner-cluster-htl-set
     env:
       CONFIG_PATH: .github/changelog-pr-config.json
       BRANCH_NAME: github-action-update-changelog
diff --git a/.github/workflows/close-discussion.yml b/.github/workflows/close-discussion.yml
index 4b39fbf96..dd9a80b33 100644
--- a/.github/workflows/close-discussion.yml
+++ b/.github/workflows/close-discussion.yml
@@ -6,7 +6,7 @@ on:
 
 jobs:
   close-discussion:
-    runs-on: ubuntu-latest
+    runs-on: runner-cluster-htl-set
 
     steps:
       - name: Checkout Repository
diff --git a/.github/workflows/create-docker-for-runner.yml b/.github/workflows/create-docker-for-runner.yml
new file mode 100644
index 000000000..c9fef0a5c
--- /dev/null
+++ b/.github/workflows/create-docker-for-runner.yml
@@ -0,0 +1,37 @@
+name: Build and Publish Docker Image
+
+on:
+  push:
+    branches:
+      - main 
+    paths:
+      - '.github/runner/docker/**' 
+  schedule:
+    - cron: '0 0 * * *'  
+
+jobs:
+  build:
+    runs-on: ubuntu-latest #To ensure it always builds we use the github runner with all the right tooling
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build Docker image
+        run: |
+          repo_name=${{ github.repository }}  # Get repository name
+          repo_name_lower=$(echo $repo_name | tr '[:upper:]' '[:lower:]')  # Convert to lowercase
+          docker build -t ghcr.io/$repo_name_lower/gh-runner-self:latest -f .github/runner/docker/gh-runner-self.dockerfile .
+  
+      - name: Push Docker image to GHCR
+        run: |
+          repo_name=${{ github.repository }}  # Get repository name
+          repo_name_lower=$(echo $repo_name | tr '[:upper:]' '[:lower:]')  # Convert to lowercase
+          docker push ghcr.io/$repo_name_lower/gh-runner-self:latest
diff --git a/.github/workflows/delete-json-branch.yml b/.github/workflows/delete-json-branch.yml
index e4cdcf24f..b72868402 100644
--- a/.github/workflows/delete-json-branch.yml
+++ b/.github/workflows/delete-json-branch.yml
@@ -9,7 +9,7 @@ on:
 
 jobs:
   delete_branch:
-    runs-on: ubuntu-latest
+    runs-on: runner-cluster-htl-set
     steps:
       - name: Checkout the code
         uses: actions/checkout@v3
diff --git a/.github/workflows/frontend-cicd.yml b/.github/workflows/frontend-cicd.yml
index dd242f6ef..c4f1a6418 100644
--- a/.github/workflows/frontend-cicd.yml
+++ b/.github/workflows/frontend-cicd.yml
@@ -27,7 +27,7 @@ concurrency:
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: runner-cluster-htl-set
     defaults:
       run:
         working-directory: frontend  # Set default working directory for all run steps
diff --git a/.github/workflows/github-release.yml b/.github/workflows/github-release.yml
index eba622ff9..ad95f730a 100644
--- a/.github/workflows/github-release.yml
+++ b/.github/workflows/github-release.yml
@@ -7,7 +7,7 @@ on:
 
 jobs:
   create-new-release:
-    runs-on: ubuntu-latest
+    runs-on: runner-cluster-htl-set
     permissions:
       contents: write
     steps:
diff --git a/.github/workflows/update-json-date.yml b/.github/workflows/update-json-date.yml
index 7e9c24973..26957e50c 100644
--- a/.github/workflows/update-json-date.yml
+++ b/.github/workflows/update-json-date.yml
@@ -10,7 +10,7 @@ on:
 
 jobs:
   update-app-files:
-    runs-on: ubuntu-latest
+    runs-on: runner-cluster-htl-set
 
     permissions:
       contents: write
diff --git a/.github/workflows/validate-filenames.yml b/.github/workflows/validate-filenames.yml
index ad821e943..dac806260 100644
--- a/.github/workflows/validate-filenames.yml
+++ b/.github/workflows/validate-filenames.yml
@@ -10,7 +10,7 @@ on:
 jobs:
   check-files:
     name: Check changed files
-    runs-on: ubuntu-latest
+    runs-on: runner-cluster-htl-set
     permissions:
       pull-requests: write