Proposal to Add Packer Build Support for Windows Container

[oilrich25]

Dear @ChristopherHX and fellow developers,

First and foremost, I would like to express sincere gratitude to @ChristopherHX for the valuable contributions that enable us to smoothly utilize GitHub's official actions/runner through ChristopherHX/gitea-actions-runner. Additionally, I appreciate the efforts put into the project https://github.com/ChristopherHX/runner.server, which adds support for Windows Container to actions/runner.

However, as the scripts executed by actions/runner are based on Node.js, using the standard Microsoft Windows image directly does not meet our requirements. We need to pack additional components such as nodejs and git to fulfill our needs.

During my exploration, I came across the windows-2019.json file in actions/runner-images. I noticed that it is packed using the packer tool, and the related file can be found here:

https://github.com/actions/runner-images/blob/main/images/windows/templates/windows-2019.json

https://github.com/hashicorp/packer/releases

To meet our specific needs, I attempted to pack a Windows Container image using the following Packer configuration on Windows:

# builds.pkr.hcl
packer {
  required_plugins {
    docker = {
      version = ">= 0.0.7"
      source  = "github.com/hashicorp/docker"
    }
  }
}

source "docker" "windowsltsc" {
  image  = "mcr.microsoft.com/windows/servercore:ltsc2019"
  commit = true
  windows_container = true
}

build {
  name = "Build"
  sources = [
    "source.docker.windowsltsc"
  ]
  provisioner "powershell" {
     inline = [ "echo Hello World!" ]
  }

  post-processor "docker-tag" {
     repository = "runner-images/windows"
     tags = ["runner-hostedtoolcache-ltsc2019"]
  }
}

packer init .\builds.pkr.hcl
packer build .\builds.pkr.hcl

PS C:\Users\Administrator> packer -v
1.7.0
PS C:\Users\Administrator\Desktop\windows_2019_docker> packer build .\builds.pkr.hcl
Build.docker.windowsltsc: output will be in this color.

==> Build.docker.windowsltsc: Creating a temporary directory for sharing data...
==> Build.docker.windowsltsc: Pulling Docker image: mcr.microsoft.com/windows/servercore:ltsc2019
    Build.docker.windowsltsc: ltsc2019: Pulling from windows/servercore
    Build.docker.windowsltsc: Digest: sha256:4fe58f25a157ea749c7b770acebfdbd70c3cb2088c446943e90fe89ea059558b
    Build.docker.windowsltsc: Status: Image is up to date for mcr.microsoft.com/windows/servercore:ltsc2019
    Build.docker.windowsltsc: mcr.microsoft.com/windows/servercore:ltsc2019
==> Build.docker.windowsltsc: Starting docker container...
    Build.docker.windowsltsc: Run command: docker run -v C:\Users\Administrator\AppData\Roaming\packer.d\tmp464450642:c:/packer-files -d -i -t --entrypoint=powershell -- mcr.microsoft.com/windows/servercore:ltsc2019
    Build.docker.windowsltsc: Container ID: 6d8f1bd3ea6f47b68c75b034c2bc79d50d662b22ccfb4a52be356849eb044b73
==> Build.docker.windowsltsc: Using dockerWindowsContainer communicator to connect:
==> Build.docker.windowsltsc: Provisioning with Powershell...
==> Build.docker.windowsltsc: Provisioning with powershell script: C:\Users\ADMINI~1\AppData\Local\Temp\2\powershell-provisioner255266019
    Build.docker.windowsltsc: Hello
    Build.docker.windowsltsc: World!
==> Build.docker.windowsltsc: Committing the container
    Build.docker.windowsltsc: Image ID: sha256:8a8c7941967a94d6fb7a21de8c3378dfb2c141feae8695f6bc510fdc78df63c5
==> Build.docker.windowsltsc: Killing the container: 6d8f1bd3ea6f47b68c75b034c2bc79d50d662b22ccfb4a52be356849eb044b73
==> Build.docker.windowsltsc: Running post-processor:  (type docker-tag)
    Build.docker.windowsltsc (docker-tag): Tagging image: sha256:8a8c7941967a94d6fb7a21de8c3378dfb2c141feae8695f6bc510fdc78df63c5
    Build.docker.windowsltsc (docker-tag): Repository: runner-images/windows:runner-hostedtoolcache-ltsc2019
Build 'Build.docker.windowsltsc' finished after 56 seconds 935 milliseconds.

==> Wait completed after 56 seconds 935 milliseconds

==> Builds finished. The artifacts of successful builds are:
--> Build.docker.windowsltsc: Imported Docker image: sha256:8a8c7941967a94d6fb7a21de8c3378dfb2c141feae8695f6bc510fdc78df63c5
--> Build.docker.windowsltsc: Imported Docker image: runner-images/windows:runner-hostedtoolcache-ltsc2019 with tags runner-images/windows:runner-hostedtoolcache-ltsc2019

PS C:\Users\Administrator> docker images
REPOSITORY                             TAG                               IMAGE ID       CREATED          SIZE
runner-images/windows                  runner-hostedtoolcache-ltsc2019   8a8c7941967a   17 seconds ago   4.62GB
mcr.microsoft.com/windows/servercore   ltsc2019                          c632661e39bb   3 weeks ago      4.61GB

This configuration ran successfully, producing the desired Windows Container image.

I would like to inquire whether @ChristopherHX has considered packing windows-2019 using packer to broaden the support for Windows Container.

Once again, thank you for your contributions and time.

Best regards, oilrich25

[oilrich25]

I saw https://github.com/actions/runner-images/blob/main/images/windows/templates/windows-2019.json and its components are quite large, but always in actual applications only vs_BuildTools go, docker, node, donet, python, pwsh, choco, git, etc may be used. @ChristopherHX What do you think? Could you please enable this project?

PS C:\Users\Administrator> C:\Users\Administrator\Desktop\vs_BuildTools.exe --quiet --wait --norestart --nocache --channelUri C:\Users\Administrator\Desktop\VisualStudio.16.Release.chman --installChannelUri C:\Users\Administrator\Desktop\VisualStudio.16.Release.chman --add Microsoft.VisualStudio.Workload.VCTools --add Microsoft.VisualStudio.Component.VC.Tools.ARM64  --add Microsoft.VisualStudio.Component.VC.ATL --includeRecommended

[oilrich25]

I tried adding provisioner "windows-restart"

packer {
   required_plugins {
     docker = {
       version = ">= 0.0.7"
       source = "github.com/hashicorp/docker"
     }
   }
}

source "docker" "windowsltsc" {
   image = "mcr.microsoft.com/windows/servercore:ltsc2019"
   commit = true
   windows_container = true
}

build {
   name = "Build"
   sources = [
     "source.docker.windowsltsc"
   ]
   provisioner "powershell" {
      inline = [ "echo Hello World!" ]
   }

   provisioner "windows-restart" {
      restart_timeout = "10m"
   }

   post-processor "docker-tag" {
      repository = "runner-images/windows"
      tags = ["runner-hostedtoolcache-ltsc2019"]
   }
}

The log is as follows:

PS C:\Users\Administrator\Desktop\windows_2019_docker> packer build .\builds.pkr.hcl
Build.docker.windowsltsc: output will be in this color.

==> Build.docker.windowsltsc: Creating a temporary directory for sharing data...
==> Build.docker.windowsltsc: Pulling Docker image: mcr.microsoft.com/windows/servercore:ltsc2019
     Build.docker.windowsltsc: ltsc2019: Pulling from windows/servercore
     Build.docker.windowsltsc: Digest: sha256:4fe58f25a157ea749c7b770acebfdbd70c3cb2088c446943e90fe89ea059558b
     Build.docker.windowsltsc: Status: Image is up to date for mcr.microsoft.com/windows/servercore:ltsc2019
     Build.docker.windowsltsc: mcr.microsoft.com/windows/servercore:ltsc2019
==> Build.docker.windowsltsc: Starting docker container...
     Build.docker.windowsltsc: Run command: docker run -v C:\Users\Administrator\AppData\Roaming\packer.d\tmp1509725874:c:/packer-files -d -i -t --entrypoint=powershell -- mcr .microsoft.com/windows/servercore:ltsc2019
     Build.docker.windowsltsc: Container ID: 5bfba7d51aeccf1cbe1198555e4821d4459221b21d5c50d36460fe505a0fc909
==> Build.docker.windowsltsc: Using dockerWindowsContainer communicator to connect:
==> Build.docker.windowsltsc: Provisioning with Powershell...
==> Build.docker.windowsltsc: Provisioning with powershell script: C:\Users\ADMINI~1\AppData\Local\Temp\2\powershell-provisioner703348455
     Build.docker.windowsltsc: Hello
     Build.docker.windowsltsc: World!
==> Build.docker.windowsltsc: Restarting Machine
==> Build.docker.windowsltsc: Waiting for machine to restart...
     Build.docker.windowsltsc: container 5bfba7d51aeccf1cbe1198555e4821d4459221b21d5c50d36460fe505a0fc909 encountered an error during hcs::System::CreateProcess: failure in a Windows system call: The request is not supported. (0x32)
     Build.docker.windowsltsc: container 5bfba7d51aeccf1cbe1198555e4821d4459221b21d5c50d36460fe505a0fc909 encountered an error during hcs::System::CreateProcess: failure in a Windows system call: The request is not supported. (0x32)
     Build.docker.windowsltsc: container 5bfba7d51aeccf1cbe1198555e4821d4459221b21d5c50d36460fe505a0fc909 encountered an error during hcs::System::CreateProcess: failure in a Windows system call: The request is not supported. (0x32)
     Build.docker.windowsltsc: container 5bfba7d51aeccf1cbe1198555e4821d4459221b21d5c50d36460fe505a0fc909 encountered an error during hcs::System::CreateProcess: failure in a Windows system call: The request is not supported. (0x32)
==> Build.docker.windowsltsc: Error response from daemon: Container 5bfba7d51aeccf1cbe1198555e4821d4459221b21d5c50d36460fe505a0fc909 is not running
==> Build.docker.windowsltsc: Error response from daemon: Container 5bfba7d51aeccf1cbe1198555e4821d4459221b21d5c50d36460fe505a0fc909 is not running
==> Build.docker.windowsltsc: Error response from daemon: Container 5bfba7d51aeccf1cbe1198555e4821d4459221b21d5c50d36460fe505a0fc909 is not running
==> Build.docker.windowsltsc: Error response from daemon: Container 5bfba7d51aeccf1cbe1198555e4821d4459221b21d5c50d36460fe505a0fc909 is not running
     Build.docker.windowsltsc: 5bfba7d51aec restarted.
==> Build.docker.windowsltsc: Machine successfully restarted, moving on
==> Build.docker.windowsltsc: Committing the container
     Build.docker.windowsltsc: Image ID: sha256:891aeb5525a21200352149a09c21eb5f61c4da3a0a714b1380fe6998a1d7ee2a
==> Build.docker.windowsltsc: Killing the container: 5bfba7d51aeccf1cbe1198555e4821d4459221b21d5c50d36460fe505a0fc909
==> Build.docker.windowsltsc: Running post-processor: (type docker-tag)
     Build.docker.windowsltsc (docker-tag): Tagging image: sha256:891aeb5525a21200352149a09c21eb5f61c4da3a0a714b1380fe6998a1d7ee2a
     Build.docker.windowsltsc (docker-tag): Repository: runner-images/windows:runner-hostedtoolcache-ltsc2019
Build 'Build.docker.windowsltsc' finished after 3 minutes 13 seconds.

==> Wait completed after 3 minutes 13 seconds

==> Builds finished. The artifacts of successful builds are:
--> Build.docker.windowsltsc: Imported Docker image: sha256:891aeb5525a21200352149a09c21eb5f61c4da3a0a714b1380fe6998a1d7ee2a
--> Build.docker.windowsltsc: Imported Docker image: runner-images/windows:runner-hostedtoolcache-ltsc2019 with tags runner-images/windows:runner-hostedtoolcache-ltsc2019
PS C:\Users\Administrator\Desktop\windows_2019_docker>

If you see Error response from daemon: Container 5bfba7d51aeccf1cbe1198555e4821d4459221b21d5c50d36460fe505a0fc909 is not running, don’t panic, then start it through docker ps -a and then docker start 5bfba7d51aeccf1cbe1198555e4821d4459221b21d5c50d36460fe505a0fc909. packer will continue to complete the next task.

In short, I feel that there is great hope for porting https://github.com/actions/runner-images/blob/main/images/windows/templates/windows-2019.json.

[oilrich25]

Convert windows-2019.json to windows-2019.pkr.hcl via https://developer.hashicorp.com/packer/tutorials/configuration-language/hcl2-upgrade

$ cd runner-images/images/windows/templates/
$ packer hcl2_upgrade -with-annotations windows-2019.json

[ChristopherHX]

In catthehacker/ubuntu, it was often required to patch the installer files. Due to this is this repository taring the whole disk of the hosted runner, which is the most stable way of getting the full image as of the last 6months into a docker image.

In catthehacker/ubuntu has been the full images manually crafted locally, but almost never updated before this repo took the full images over.

Yes for windows, is using the public packer template via an windows container the only option that the windows license allows.

I'm not really using windows container as a replacement for windows-latest, my OS disk is too small for storing big images.