From ca88e97c157faea8b7a0cb885e242ebc67d8bc5f Mon Sep 17 00:00:00 2001
From: Sam Toxopeus <sam@fuga.cloud>
Date: Thu, 3 Oct 2024 16:06:09 +0200
Subject: [PATCH] Initial commit

---
 .github/workflows/build.yaml | 60 ++++++++++++++++++++++++++++++++++++
 Dockerfile                   |  5 +++
 README.md                    |  3 ++
 3 files changed, 68 insertions(+)
 create mode 100644 .github/workflows/build.yaml
 create mode 100644 Dockerfile
 create mode 100644 README.md

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
new file mode 100644
index 0000000..0779d00
--- /dev/null
+++ b/.github/workflows/build.yaml
@@ -0,0 +1,60 @@
+name: Build and Tag Docker Image
+
+on:
+  push:
+    branches:
+      - master
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ${{ vars.FUGA_REGISTRY_FQDN }}
+  # github.repository as <account>/<repo>
+  IMAGE: public/actions-runner
+
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+    # Checkout the repository
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Extract the version from the Dockerfile
+    - name: Set version from Dockerfile
+      id: set-version
+      run: |
+        VERSION=$(grep -oP '^FROM ghcr.io/actions/actions-runner:\K[^\s]+' Dockerfile)
+        echo "VERSION=$VERSION" >> $GITHUB_ENV
+
+    # Log into Docker (optional, only needed if pushing to a registry)
+    - name: Log in to GitHub Container Registry
+      run: echo "${{ secrets.FUGA_REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY }} -u ${{ secrets.FUGA_REGISTRY_USERNAME }} --password-stdin
+
+    # Build the Docker image
+    - name: Build Docker image
+      run: docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.VERSION }} .
+
+    # Push the Docker image
+    - name: Push Docker image
+      run: docker push ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.VERSION }}
+
+    # Install Cosign (for signing)
+    - name: Install Cosign
+      run: |
+        curl -LO https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64
+        chmod +x cosign-linux-amd64
+        sudo mv cosign-linux-amd64 /usr/local/bin/cosign
+
+    # Sign the Docker image using GitHub OIDC
+    - name: Sign Docker image
+      run: |
+        cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.VERSION }} \
+        --identity-token "${{ secrets.GITHUB_TOKEN }}"
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..632fdff
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,5 @@
+FROM ghcr.io/actions/actions-runner:2.319.1
+
+RUN sudo apt update -y && \
+    sudo apt install -y \
+    curl
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..ac2e8d2
--- /dev/null
+++ b/README.md
@@ -0,0 +1,3 @@
+# Fuga Cloud `actions-runner` images
+
+This repo extends the default images to support common tools such as curl.
\ No newline at end of file