refactor: Update Dockerfiles and scripts for consistency and enhancements

Updated syntax version in Dockerfiles and improved ENV var formatting. Enhanced entrypoint.sh and app_token.sh for clearer variable names and structure. Bumped versions for Git LFS, .NET, GH Runner, and PowerShell.

Author: derskythe

Dockerfile

@@ -1,21 +1,25 @@
+# syntax=docker/dockerfile:1
 ARG BASE_IMAGE="derskythe/github-runner-base:latest"
 FROM ${BASE_IMAGE} AS base
 # hadolint ignore=DL3007
 
 ARG CACHE_HOSTED_TOOLS_DIRECTORY="/opt/hostedtoolcache"
-ENV CACHE_HOSTED_TOOLS_DIRECTORY=${CACHE_HOSTED_TOOLS_DIRECTORY}
-ARG GH_RUNNER_VERSION="2.313.0"
+ARG GH_RUNNER_VERSION="2.320.0"
 ARG RUNNER_DIR="/actions-runner"
-ENV RUNNER_DIR=${RUNNER_DIR}
 ARG CHOWN_USER="runner"
 ARG TARGETARCH
 
+ENV CACHE_HOSTED_TOOLS_DIRECTORY=${CACHE_HOSTED_TOOLS_DIRECTORY} \
+    RUNNER_DIR=${RUNNER_DIR}
+
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
 RUN install -d -m 0755 -o ${CHOWN_USER} -g ${CHOWN_USER} ${CACHE_HOSTED_TOOLS_DIRECTORY}/nuget-packages /_work
 
 WORKDIR ${RUNNER_DIR}
+
 COPY --chown=${CHOWN_USER} *.sh .
+
 RUN chmod +x entrypoint.sh \
     && TARGET_ARCH=$(echo ${TARGETARCH} | sed 's/amd/x/') \
     && wget -qO- "https://github.com/actions/runner/releases/download/v${GH_RUNNER_VERSION}/actions-runner-linux-$TARGET_ARCH-${GH_RUNNER_VERSION}.tar.gz" | tar xz \
@@ -25,4 +29,4 @@ RUN chmod +x entrypoint.sh \
 
 ENTRYPOINT ["./entrypoint.sh"]
 CMD ["./bin/Runner.Listener", "run", "--startuptype", "service"]
-#
+#

Dockerfile.base

@@ -1,23 +1,26 @@
+# syntax=docker/dockerfile:1
 ARG BUILD_IMAGE=ubuntu:22.10
 FROM ${BUILD_IMAGE}
 
 ARG DUMB_INIT_VERSION=1.2.5
 ARG GIT_CORE_PPA_KEY=A1715D88E1DF1F24
 ARG CHOWN_USER=runner
 ARG DOCKER_COMPOSE_VERSION=1.29.2
-ARG GIT_LFS_VERSION=3.4.1
+ARG GIT_LFS_VERSION=3.5.1
 ARG LSB_RELEASE_CODENAME=focal
 ARG DOCKER_CODENAME=focal
 ARG DISTRO=ubuntu
 ARG TARGETARCH
 
-ENV DOCKER_COMPOSE_VERSION=${DOCKER_COMPOSE_VERSION}
-ENV GIT_LFS_VERSION=${GIT_LFS_VERSION}
-ENV LANG=en_US.UTF-8
-ENV LANGUAGE=en_US.UTF-8
-ENV LC_ALL=en_US.UTF-8
-#SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-ENV DEBIAN_FRONTEND=noninteractive
+ENV DOCKER_COMPOSE_VERSION=${DOCKER_COMPOSE_VERSION} \
+    GIT_LFS_VERSION=${GIT_LFS_VERSION} \
+    LANG=en_US.UTF-8 \
+    LANGUAGE=en_US.UTF-8 \
+    LC_ALL=en_US.UTF-8 \
+    DEBIAN_FRONTEND=noninteractive
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
 # hadolint ignore=SC2086,DL3015,DL3008,DL3013
 RUN echo en_US.UTF-8 UTF-8 >> /etc/locale.gen \
   && apt-get update -qq \

Dockerfile.base-dotnet

@@ -1,23 +1,26 @@
+# syntax=docker/dockerfile:1
 ARG BUILD_IMAGE=ubuntu:20.04
 FROM ${BUILD_IMAGE}
 
 ARG DUMB_INIT_VERSION=1.2.5
 ARG GIT_CORE_PPA_KEY=A1715D88E1DF1F24
 ARG CHOWN_USER=runner
 ARG DOCKER_COMPOSE_VERSION=1.29.2
-ARG GIT_LFS_VERSION=3.4.1
+ARG GIT_LFS_VERSION=3.5.1
 ARG LSB_RELEASE_CODENAME=focal
 ARG DOCKER_CODENAME=focal
 ARG DISTRO=ubuntu
 ARG TARGETARCH
 
-ENV DOCKER_COMPOSE_VERSION=${DOCKER_COMPOSE_VERSION}
-ENV GIT_LFS_VERSION=${GIT_LFS_VERSION}
-ENV LANG=en_US.UTF-8
-ENV LANGUAGE=en_US.UTF-8
-ENV LC_ALL=en_US.UTF-8
-#SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-ENV DEBIAN_FRONTEND=noninteractive
+ENV DOCKER_COMPOSE_VERSION=${DOCKER_COMPOSE_VERSION} \
+    GIT_LFS_VERSION=${GIT_LFS_VERSION} \
+    LANG=en_US.UTF-8 \
+    LANGUAGE=en_US.UTF-8 \
+    LC_ALL=en_US.UTF-8 \
+    DEBIAN_FRONTEND=noninteractive
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
 # hadolint ignore=SC2086,DL3015,DL3008,DL3013
 RUN echo en_US.UTF-8 UTF-8 >> /etc/locale.gen \
   && apt-get update -qq \

Dockerfile.base-slim

@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 ARG BUILD_IMAGE=debian:bullseye-slim
 FROM ${BUILD_IMAGE}
 
@@ -8,12 +9,14 @@ ARG DOCKER_CODENAME=bullseye
 ARG DISTRO=debian
 ARG TARGETARCH
 
-ENV DOCKER_COMPOSE_VERSION=${DOCKER_COMPOSE_VERSION}
-ENV LANG=en_US.UTF-8
-ENV LANGUAGE=en_US.UTF-8
-ENV LC_ALL=en_US.UTF-8
+ENV DOCKER_COMPOSE_VERSION=${DOCKER_COMPOSE_VERSION} \
+    LANG=en_US.UTF-8 \
+    LANGUAGE=en_US.UTF-8 \
+    LC_ALL=en_US.UTF-8 \
+    DEBIAN_FRONTEND=noninteractive
+
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-ENV DEBIAN_FRONTEND=noninteractive
+
 # hadolint ignore=SC2086,DL3015,DL3008,DL3013
 RUN echo en_US.UTF-8 UTF-8 >> /etc/locale.gen \
   && apt-get update -qq \
@@ -64,4 +67,4 @@ RUN echo en_US.UTF-8 UTF-8 >> /etc/locale.gen \
   && GH_CLI_DOWNLOAD_URL=$(curl -sSL -H "Accept: application/vnd.github+json"   https://api.github.com/repos/cli/cli/releases/latest | jq ".assets[] | select(.name == \"gh_${GH_CLI_VERSION}_linux_${TARGETARCH}.deb\")" | jq -r '.browser_download_url') \
   && curl -sSLo /tmp/ghcli.deb ${GH_CLI_DOWNLOAD_URL} && apt-get -y install /tmp/ghcli.deb \
   && rm -rf /tmp/ghcli.deb /var/lib/apt/lists/* /tmp/*
-#
+#

Dockerfile.dotnet

@@ -1,24 +1,24 @@
+# syntax=docker/dockerfile:1
 ARG BASE_IMAGE="derskythe/runner-base-slim:latest"
 FROM ${BASE_IMAGE} AS base
 # hadolint ignore=DL3007
 
-ARG GH_RUNNER_VERSION='2.313.0'
+ARG GH_RUNNER_VERSION='2.320.0'
 ARG RUNNER_DIR="/actions-runner"
-ENV RUNNER_DIR=${RUNNER_DIR}
 ARG CACHE_HOSTED_TOOLS_DIRECTORY="${RUNNER_DIR}/hostedtoolcache"
-ENV CACHE_HOSTED_TOOLS_DIRECTORY=${CACHE_HOSTED_TOOLS_DIRECTORY}
 ARG CHOWN_USER="runner"
 ARG TARGETARCH
 ARG DISTRO
 ARG DISTRO_VERSION
 
-# SDK version
-ENV DOTNET_VERSION='7.0'
-ENV PWSH_VERSION='7.3.3'
-ENV NUGET_PACKAGES=${CACHE_HOSTED_TOOLS_DIRECTORY}/nuget-packages
-ENV DOTNET_GENERATE_ASPNET_CERTIFICATE=false
-ENV DOTNET_NOLOGO=true
-ENV NUGET_XMLDOC_MODE=skip
+ENV CACHE_HOSTED_TOOLS_DIRECTORY=${CACHE_HOSTED_TOOLS_DIRECTORY} \
+    RUNNER_DIR=${RUNNER_DIR} \
+    DOTNET_VERSION='8.0' \
+    PWSH_VERSION='7.4.6' \
+    NUGET_PACKAGES=${CACHE_HOSTED_TOOLS_DIRECTORY}/nuget-packages \
+    DOTNET_GENERATE_ASPNET_CERTIFICATE=false \
+    DOTNET_NOLOGO=true \
+    NUGET_XMLDOC_MODE=skip
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 

Dockerfile.slim

@@ -1,17 +1,18 @@
+# syntax=docker/dockerfile:1
 ARG BASE_IMAGE="derskythe/github-runner-base:latest"
 FROM ${BASE_IMAGE} AS base
 # hadolint ignore=DL3007
 
-ARG GH_RUNNER_VERSION="2.303.0"
+ARG GH_RUNNER_VERSION="2.320.0"
 ARG RUNNER_DIR="/actions-runner"
-ENV RUNNER_DIR=${RUNNER_DIR}
 ARG CACHE_HOSTED_TOOLS_DIRECTORY="${RUNNER_DIR}/hostedtoolcache"
 ARG CHOWN_USER="runner"
 ARG TARGETARCH
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
-ENV NUGET_PACKAGES=${CACHE_HOSTED_TOOLS_DIRECTORY}/nuget-packages \
+ENV RUNNER_DIR=${RUNNER_DIR} \
+    NUGET_PACKAGES=${CACHE_HOSTED_TOOLS_DIRECTORY}/nuget-packages \
     CACHE_HOSTED_TOOLS_DIRECTORY=${CACHE_HOSTED_TOOLS_DIRECTORY}
 
 WORKDIR ${RUNNER_DIR}

Dockerfiles/Dockerfile.base-build

@@ -2,20 +2,21 @@
 ARG BUILD_IMAGE
 FROM ${BUILD_IMAGE} AS build
 
-ENV RUNNER_DIR=${RUNNER_DIR}
-ARG CACHE_HOSTED_TOOLS_DIRECTORY="${RUNNER_DIR}/hostedtoolcache"
-ENV CACHE_HOSTED_TOOLS_DIRECTORY=${CACHE_HOSTED_TOOLS_DIRECTORY}
-ENV NUGET_PACKAGES=${CACHE_HOSTED_TOOLS_DIRECTORY}/nuget-packages
 ARG TARGETARCH
-ENV DOTNET_GENERATE_ASPNET_CERTIFICATE=false
-ENV DOTNET_NOLOGO=true
-ENV NUGET_XMLDOC_MODE=skip
+ARG CACHE_HOSTED_TOOLS_DIRECTORY="${RUNNER_DIR}/hostedtoolcache"
 
-ENV LANG=en_US.UTF-8
-ENV LANGUAGE=en_US.UTF-8
-ENV LC_ALL=en_US.UTF-8
+ENV RUNNER_DIR=${RUNNER_DIR} \
+    CACHE_HOSTED_TOOLS_DIRECTORY=${CACHE_HOSTED_TOOLS_DIRECTORY} \
+    NUGET_PACKAGES=${CACHE_HOSTED_TOOLS_DIRECTORY}/nuget-packages \
+    DOTNET_GENERATE_ASPNET_CERTIFICATE=false \
+    DOTNET_NOLOGO=true \
+    NUGET_XMLDOC_MODE=skip \
+    LANG=en_US.UTF-8 \
+    LANGUAGE=en_US.UTF-8 \
+    LC_ALL=en_US.UTF-8 \
+    DEBIAN_FRONTEND=noninteractive
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-ENV DEBIAN_FRONTEND=noninteractive
+
 # hadolint ignore=SC2086,DL3015,DL3008,DL3013
 WORKDIR /tmp/git-src
 COPY ./variables/${TARGETARCH}_extra.env /tmp/${TARGETARCH}.env

Dockerfiles/Dockerfile.build-old

@@ -1,11 +1,12 @@
-ARG BUILD_IMAGE=ubuntu:focal
+# syntax=docker/dockerfile:1
+ARG BUILD_IMAGE=ubuntu:focal
 FROM ${BUILD_IMAGE} AS build
 
-ENV LANG=en_US.UTF-8
-ENV LANGUAGE=en_US.UTF-8
-ENV LC_ALL=en_US.UTF-8
+ENV LANG=en_US.UTF-8 \
+    LANGUAGE=en_US.UTF-8 \
+    LC_ALL=en_US.UTF-8 \
+    DEBIAN_FRONTEND=noninteractive
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-ENV DEBIAN_FRONTEND=noninteractive
 # hadolint ignore=SC2086,DL3015,DL3008,DL3013
 RUN echo en_US.UTF-8 UTF-8 >> /etc/locale.gen \
   && apt-get update -qq \
@@ -58,19 +59,20 @@ ARG DUMB_INIT_VERSION=1.2.2
 ARG GIT_CORE_PPA_KEY=A1715D88E1DF1F24
 ARG CHOWN_USER=runner
 ARG DOCKER_COMPOSE_VERSION=1.27.4
-ARG GIT_LFS_VERSION=3.2.0
+ARG GIT_LFS_VERSION=3.5.1
 ARG LSB_RELEASE_CODENAME=focal
 ARG DOCKER_CODENAME=focal
 ARG DISTRO=ubuntu
 ARG TARGETARCH
 
-ENV DOCKER_COMPOSE_VERSION=${DOCKER_COMPOSE_VERSION}
-ENV GIT_LFS_VERSION=${GIT_LFS_VERSION}
-ENV LANG=en_US.UTF-8
-ENV LANGUAGE=en_US.UTF-8
-ENV LC_ALL=en_US.UTF-8
+ENV DOCKER_COMPOSE_VERSION=${DOCKER_COMPOSE_VERSION} \
+    GIT_LFS_VERSION=${GIT_LFS_VERSION} \
+    LANG=en_US.UTF-8 \
+    LANGUAGE=en_US.UTF-8 \
+    LC_ALL=en_US.UTF-8 \
+    DEBIAN_FRONTEND=noninteractive
+
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-ENV DEBIAN_FRONTEND=noninteractive
 # hadolint ignore=SC2086,DL3015,DL3008,DL3013
 
 COPY --from=build /*.deb /tmp

app_token.sh

@@ -12,7 +12,6 @@
 set -o pipefail
 
 _GITHUB_HOST=${GITHUB_HOST:="github.com"}
-
 # If URL is not github.com then use the enterprise api endpoint
 if [[ ${GITHUB_HOST} = "github.com" ]]; then
   URI="https://api.${_GITHUB_HOST}"
@@ -25,33 +24,30 @@ API_HEADER="Accept: application/vnd.github.${API_VERSION}+json"
 CONTENT_LENGTH_HEADER="Content-Length: 0"
 APP_INSTALLATIONS_URI="${URI}/app/installations"
 
-
 # JWT parameters based off
 # https://docs.github.com/en/developers/apps/building-github-apps/authenticating-with-github-apps#authenticating-as-a-github-app
 #
 # JWT token issuance and expiration parameters
 JWT_IAT_DRIFT=60
 JWT_EXP_DELTA=600
-
 JWT_JOSE_HEADER='{
     "alg": "RS256",
     "typ": "JWT"
 }'
 
-
 build_jwt_payload() {
-    now=$(date +%s)
-    iat=$((now - JWT_IAT_DRIFT))
+    NOW=$(date +%s)
+    IAT=$((NOW - JWT_IAT_DRIFT))
     jq -c \
-        --arg iat_str "${iat}" \
+        --arg iat_str "${IAT}" \
         --arg exp_delta_str "${JWT_EXP_DELTA}" \
         --arg app_id_str "${APP_ID}" \
     '
-        ($iat_str | tonumber) as $iat
+        ($iat_str | tonumber) as $IAT
         | ($exp_delta_str | tonumber) as $exp_delta
         | ($app_id_str | tonumber) as $app_id
-        | .iat = $iat
-        | .exp = ($iat + $exp_delta)
+        | .IAT = $IAT
+        | .exp = ($IAT + $exp_delta)
         | .iss = $app_id
     ' <<< "{}" | tr -d '\n'
 }
@@ -65,25 +61,28 @@ rs256_sign() {
 }
 
 request_access_token() {
-    jwt_payload=$(build_jwt_payload)
-    encoded_jwt_parts=$(base64url <<<"${JWT_JOSE_HEADER}").$(base64url <<<"${jwt_payload}")
-    encoded_mac=$(echo -n "${encoded_jwt_parts}" | rs256_sign "${APP_PRIVATE_KEY}" | base64url)
-    generated_jwt="${encoded_jwt_parts}.${encoded_mac}"
+    JWT_PAYLOAD=$(build_jwt_payload)
+    ENCODED_JWT_PARTS=$(base64url <<<"${JWT_JOSE_HEADER}").$(base64url <<<"${JWT_PAYLOAD}")
+    ENCODED_MAC=$(echo -n "${ENCODED_JWT_PARTS}" | rs256_sign "${APP_PRIVATE_KEY}" | base64url)
+    GENERATED_JWT="${ENCODED_JWT_PARTS}.${ENCODED_MAC}"
 
-    auth_header="Authorization: Bearer ${generated_jwt}"
+    AUTH_HEADER="Authorization: Bearer ${GENERATED_JWT}"
 
-    app_installations_response=$(curl -sX GET \
-        -H "${auth_header}" \
+    APP_INSTALLATIONS_RESPONSE=$(curl -sX GET \
+        -H "${AUTH_HEADER}" \
         -H "${API_HEADER}" \
         "${APP_INSTALLATIONS_URI}" \
     )
-    access_token_url=$(echo "${app_installations_response}" | jq --raw-output '.[] | select (.account.login == "'"${APP_LOGIN}"'" and .app_id  == '"${APP_ID}"') .access_tokens_url')
+    ACCESS_TOKEN_URL=$(echo "${APP_INSTALLATIONS_RESPONSE}" | \
+      jq --raw-output '.[] | select (.account.login == "'"${APP_LOGIN}"'" and .app_id  == '"${APP_ID}"') .access_tokens_url')
     curl -sX POST \
         -H "${CONTENT_LENGTH_HEADER}" \
-        -H "${auth_header}" \
+        -H "${AUTH_HEADER}" \
         -H "${API_HEADER}" \
-        "${access_token_url}" | \
+        "${ACCESS_TOKEN_URL}" | \
         jq --raw-output .token
 }
 
 request_access_token
+
+exit 0