Container Images
Each runner pod uses a single unified container image: the GitHub Actions runner together with the full set of tools listed below. The image is built for linux/riscv64 and stored in the Scaleway Container Registry.
Source: the images/ directory.
Runner image
Dockerfile: runner/Dockerfile.ubuntu.
The runner image is a multi-stage build based on Ubuntu. Dockerfile.ubuntu is parameterised by ARG OS_VERSION. The build pipeline currently produces Ubuntu 24.04 images; the matrix entry for 26.04 is commented out and will be re-enabled when RVA23 hardware lands.
GitHub Actions Runner
The GitHub Actions Runner for RISC-V, built with .NET 8. This is the process that registers with GitHub, receives the job, and executes workflow steps. The JIT runner config is passed in via the RUNNER_JITCONFIG environment variable; the scheduler obtains it from the GitHub API at pod creation time.
Pre-installed software
| Category | Packages |
|---|---|
| Languages | Python 3.10–3.14 (including free-threaded variants), Node.js 20/22/24, Go 1.22–1.26, Rust, Java (Temurin 17/21/25), PHP, Ruby, Perl, Lua, R |
| Compilers | GCC 12/13/14, G++, Clang |
| Build tools | Make, CMake, Ninja, Autoconf, Automake, Libtool, Flex, Bison, Binutils, Gradle, Maven, Ant |
| Container tooling | Docker (CLI, Buildx, Compose, daemon), podman, buildah, skopeo, runc, kubectl, tini, crictl |
| VCS | Git, Mercurial, gh CLI |
| Networking | curl, wget, openssh-client, netcat, dnsutils |
| Compression | bzip2, lz4, xz, zip, 7z, aria2 |
| Packaging | dpkg, rpm, fakeroot |
| Utilities | jq, shellcheck, tree, rsync, sudo, parallel, sccache |
The image aims to track the official GitHub Actions Ubuntu runner images. Pinned versions live in images/versions-map.json. If your workflow needs a package that is not in the image, open an issue.
Entrypoint and runtime
riscv-runner-entrypoint.sh is the PID-1 entrypoint, wrapped by tini (docker-init). It:
- Verifies the container runs as the
runneruser in/home/runner. - Detects iptables legacy vs nf_tables and adjusts PATH.
- Starts
containerdthendockerd --mtu=1450in the background. - Requires
RUNNER_VERSIONandRUNNER_JITCONFIGenv vars. - Launches
run.sh --jitconfig "$RUNNER_JITCONFIG". - Forwards SIGTERM to the runner; a cleanup trap kills
dockerdandcontainerdon exit.
The image creates a non-root runner user with passwordless sudo. All workflow steps run inside this single container. The pod runs with privileged: true and host network so the in-pod Docker daemon can program iptables and bridge devices.
Build pipeline
Workflow: .github/workflows/deploy-images.yml.
A single build-runner matrix job builds the runner image. Currently only ubuntu 24.04 is enabled.
- Trigger: push or PR to
mainfiltered toimages/**, daily schedule at 06:00 UTC, or manual dispatch. - Platform:
linux/riscv64, built natively on self-hostedubuntu-24.04-riscvrunners. No QEMU emulation in the build path. - Caching: GitHub Actions Cache (
type=gha) for Docker layer reuse. A concurrency group ensures only one build runs per scope. - Registry choice: Scaleway for
riseproject-dev/main,ghcr.iofor other internal branches, a tar artifact for external PRs. - Deploy: after
mainbuilds,deploy-stagingretags:ubuntu-24.04-staging, thendeploy-prodretags:ubuntu-24.04-latestafter an environment-gated approval. Both deployskubectl rollout restart daemonset/rise-riscv-runner-device-pluginso each node pre-pulls the new image via the init container in the daemonset.
Version sync
scripts/update-versions.py fetches the latest actions/runner-images release tagged ubuntu24/*, downloads its internal.ubuntu24.json manifest, walks images/versions-map.json, and updates the matching ARG …_VERSION= lines in the referenced Dockerfiles. It does not update SHA256/SHA512 hashes; those must be edited manually before merging.
The weekly workflow update-images-versions-map.yml runs the script every Monday at 00:00 UTC and opens a draft PR if anything changes.
Registry
Images are stored in the Scaleway Container Registry:
rg.fr-par.scw.cloud/funcscwriseriscvrunnerappqdvknz9s/riscv-runner
Image tags
| Tag | Image | Source branch |
|---|---|---|
ubuntu-24.04-latest | Runner image, Ubuntu 24.04 | main (deploy-prod) |
ubuntu-24.04-staging | Runner image, Ubuntu 24.04 | main (deploy-staging) |
ubuntu-24.04-sha-<sha> | Per-commit build | every build |
Source files
| File | Role |
|---|---|
runner/Dockerfile.ubuntu | Runner image (multi-stage: tools, language runtimes, container tooling) |
runner/riscv-runner-entrypoint.sh | PID-1 entrypoint, exec’s run.sh --jitconfig "$RUNNER_JITCONFIG" |
versions-map.json | Pinned versions for all bundled tools and runtimes |
.github/workflows/deploy-images.yml | Build, staging deploy, prod deploy |
.github/workflows/update-images-versions-map.yml | Weekly version sync |
scripts/update-versions.py | Version sync script |