Update docs

Author: herokukms

.gitignore

@@ -1 +1,2 @@
 *.qcow2
+.vscode/settings.json

README.md

@@ -1,31 +1,130 @@
-# alpine-nested-qemu-docker
+# github-runner-nested-docker
+
+This is a modified **alpine-nested-qemu-docker** for running **[myoung34/github-runner:ubuntu-jammy](https://github.com/myoung34/docker-github-actions-runner)** in a Docker container without privileged mode.
+
+## How to ?
+
+This is a sample Kubernetes manifest for deploying it:
+
+```yaml
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: heartbeat
+  namespace: sandbox-github-runner
+type: Opaque
+stringData:
+  now: "19820002"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: entrypoint
+  namespace: sandbox-github-runner
+data:
+  entrypoint: |
+    #!/bin/sh
+    while (! docker stats --no-stream ); do
+      # Docker takes a few seconds to initialize
+      echo "Waiting for Docker to launch..."
+      sleep $((`od -vAn -N2 -tu2 < /dev/urandom` %15))
+    done
+    docker run -e ACCESS_TOKEN=kfNKfcRR7rYAUebw31o= -e ORG_NAME=herokukms -e RUNNER_GROUP=Docker-runners -e RUNNER_SCOPE=org -e RUNNER_NAME_PREFIX=heroku  -e TIMESTAMP=19820002 myoung34/github-runner:ubuntu-jammy
+---
+apiVersion: apps/v1
+#kind: Deployment
+kind: StatefulSet
+metadata:
+  name: herokukms-runner
+  namespace: sandbox-github-runner
+  labels:
+    app: herokukms-runner
+spec:
+  replicas: 9
+  #strategy:
+  #  type: Recreate
+  selector:
+    matchLabels:
+      app: herokukms-runner
+  template:
+    metadata:
+      labels:
+        app: herokukms-runner
+    spec:
+      containers:
+      - name: herokukms-runner
+        image: herokukms/github-runner-nested:1.0.0
+        volumeMounts:
+        - name: entrypoint
+          mountPath: /ext
+        env:
+          - name: ACCESS_TOKEN
+            value: kfNKfcRR7rYAUebw31o=
+          - name: ORG_NAME
+            value: herokukms
+          - name: RUNNER_GROUP
+            value: Docker-runners
+          - name: RUNNER_SCOPE
+            value: org
+          - name: TIMESTAMP
+            value: "19820002"
+          - name: RANDOM_RUNNER_SUFFIX
+            value: "hostname"
+          - name: QEMU_CPU
+            value: "1"
+          - name: QEMU_RAM
+            value: "2048"
+          - name: UPDATED                      
+            value: "19820002"
+#        securityContext:
+#          privileged: true
+      volumes:
+      - name: entrypoint
+        configMap: 
+          name: entrypoint
+          defaultMode: 0777
+```
+
+## alpine-nested-qemu-docker
+
 ## Why this strange  idea ?
+
 Because most of docker container can't run in a privileged environment and so cannot run Docker.  
-This Docker image runs an Alpine linux in a QEMU virtual machine so the docker daemon runs like in a real machine. 
+This Docker image runs an Alpine linux in a QEMU virtual machine so the docker daemon runs like in a real machine.
+
+## How to
 
-# How to
 ```sh
 docker run -it -v ./entrypoint:/ext/entrypoint eltorio/alpine-nested-qemu-docker  
 ```
+
 `./entrypoint` is a mandatory shell script. It will be run after docker and ntpd services in the Alpine virtual machine
 
-# Demo
+## Demo
+
 For launching busybox:latest in the non privileged image:
+
 ```sh
 make build
 make demo
 ```
 
-# Connect to nested Alpine
+## Connect to nested Alpine
+
 While connected to the qemu container you can reach the nested Alpine vm with
+
 ```sh
 telnet localhost
 ```
+
 hit enter and connect as root
 For leaving telnet hit CTRL+$ and quit
 
-# Kubernetes sample deployement
+## Kubernetes sample deployement
+
 This launch 10 replicas of busybox:latest on Kubernetes
+
 ```yaml
 ---
 apiVersion: v1
@@ -83,4 +182,4 @@ spec:
         configMap: 
           name: entrypoint
           defaultMode: 0777
-```
+```

_sensitive_datas/_sensitive_datas.tar.xz.enc

@@ -0,0 +1,10 @@
+U2FsdGVkX18EqgKXii0aiZ7cJd0aIpoCAme6mKwPmJczf0E9GUxOVcwhSkYeY3tP
+mOQh3Ij3r8Cqal8068UhgqH4deefgebiAIdcVVhN74rb54zMxRQyUaki/wDCL1gl
+KljsyGKVLJr3lsZH2pfbOVFD8ThI1YNelbe2vYJkIFBCWwG9n4aFnLD81GBoyl/6
+4SdRpbJaUFl+YyLDP7VOW9VkXtmluC7pGmUbQ3uS3UJ3gnqbHPXaHyi6PRbMwAZX
+Btp79OOHSWw6TX+8svNEjpHdDXtWUW2Uy6ZMnEcmyBylqUj58G+iVMHgtSKQLy+r
+eMhJDJXIXvWAl3obtl73THhAnJLnXYhBa5JYEi9R65m5jgW6l/8FycxkgJXEhBrS
+mvq5YVsG9bG3G9YEV5GIDJ8rJEOJlQsJPCL6eSdLzeqBfRA0MrHN1keEkqHH/Q1f
+1+PRH8bnnLz77R+E4xKO9/u4OGanm9p5Ytu05r5IosM4Elr80kyxfKbIXdpyyOGI
+fnCYrkyF/E7XlYEvg6Ar0Xx46FXrwaF6kQsfWLe3Ia661ifr7ZaHB6r3PyYZ+/T7
+WsmnRc5GB7XK0f5dLq/8/R3J4usT3flQh6hcwfi4W98=

_sensitive_datas/restore_sensitive_datas

@@ -0,0 +1,13 @@
+#!/bin/sh
+echo "If you restore for a cloned repo you may declare a PROJECT_ROOT environment variable before running this"
+read -p "Press any key to continue... " -n1 -s
+cd $PROJECT_ROOT
+#1-decrypt
+openssl aes-256-cbc -a -d -md sha256 -in _sensitive_datas/_sensitive_datas.tar.xz.enc -out _sensitive_datas/_sensitive_datas.tar.xz
+#2-show content
+echo "++++++++++++++++++++++++++++++++++++++++++++++++++"
+echo "_sensitive_datas/_sensitive_datas.tar.xz contains:"
+tar -tvJf _sensitive_datas/_sensitive_datas.tar.xz
+#3 show help
+echo "if you want to restore enter:"
+echo "cd $PROJECT_ROOT && tar -xvJf _sensitive_datas/_sensitive_datas.tar.xz"

_sensitive_datas/store_sensitive_datas

@@ -0,0 +1,8 @@
+#!/bin/bash
+#1-store
+cd "$PROJECT_ROOT" || exit
+tar -cvJf _sensitive_datas/_sensitive_datas.tar.xz .vscode/launch.json .vscode/settings.json ./launch-* ./*.pem ./*.key .wrangler/ crowdin.yml
+#2-encrypt
+openssl aes-256-cbc -base64 -md sha256 -in _sensitive_datas/_sensitive_datas.tar.xz -out _sensitive_datas/_sensitive_datas.tar.xz.enc
+#3-delete 
+rm _sensitive_datas/_sensitive_datas.tar.xz