From 025c88ca6b58483e36bec4842164d7f614ea1de1 Mon Sep 17 00:00:00 2001
From: Paul Pan <i@0x7f.app>
Date: Sat, 27 Jan 2024 19:54:09 +0800
Subject: [PATCH] fix: drop openrc in runner images: missing pids in cgroups
 setup

---
 Runner.Dockerfile    |  5 +++--
 docker-entrypoint.sh | 18 +++++++++++++-----
 2 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/Runner.Dockerfile b/Runner.Dockerfile
index 385dd15..2072f2a 100644
--- a/Runner.Dockerfile
+++ b/Runner.Dockerfile
@@ -20,7 +20,7 @@ RUN --mount=type=cache,id=golang,target=/go/pkg make build
 FROM docker.io/library/alpine
 
 WORKDIR /app
-RUN apk --no-cache add tzdata ca-certificates bash openrc \
+RUN apk --no-cache add tzdata ca-certificates bash tini \
                    containerd nerdctl
 
 # sources
@@ -29,4 +29,5 @@ COPY --from=builder /builder/config.docker.yaml /app
 COPY --from=builder /builder/docker-entrypoint.sh /app
 COPY --from=builder /builder/woj /app
 
-ENTRYPOINT ["/app/docker-entrypoint.sh"]
+# reap zombies from containerd-shim
+ENTRYPOINT ["/sbin/tini", "/app/docker-entrypoint.sh"]
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
index 3f07562..df7a694 100755
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -118,11 +118,19 @@ function generate_config() {
 }
 
 startup_containerd() {
-    rc-status
-    touch /run/openrc/softlevel
-    rc-update add containerd default
-    rc-service containerd start
-    rc-service containerd status
+    # taken from https://github.com/moby/moby/blob/ee6cbc540e9c62feb143c2a8d3f0c86d2a468767/hack/dind#L59-L69
+    # cgroup v2: enable nesting
+    if [ -f /sys/fs/cgroup/cgroup.controllers ]; then
+    	# move the processes from the root group to the /init group,
+    	# otherwise writing subtree_control fails with EBUSY.
+    	# An error during moving non-existent process (i.e., "cat") is ignored.
+    	mkdir -p /sys/fs/cgroup/init
+    	xargs -rn1 < /sys/fs/cgroup/cgroup.procs > /sys/fs/cgroup/init/cgroup.procs || :
+    	# enable controllers
+    	sed -e 's/ / +/g' -e 's/^/+/' < /sys/fs/cgroup/cgroup.controllers \
+    		> /sys/fs/cgroup/cgroup.subtree_control
+    fi
+    nohup containerd &
     log_info 'containerd started'
 }