FROM myoung34/github-runner:latest ARG RUBY_VERSION=3.3.11 ARG RUBY_MINOR=3.3 ARG RUBY_BUILD_VERSION=v20260326 ARG RUNNER_UID=1001 ARG RUNNER_GID=1001 ENV RUNNER_TOOL_CACHE=/home/runner/_tool ENV RUNNER_RUBY_TOOLCACHE=/opt/runner-toolcache ENV PATH="/home/runner/_tool/Ruby/${RUBY_MINOR}/x64/bin:/opt/runner-toolcache/Ruby/${RUBY_MINOR}/x64/bin:${PATH}" USER root # Bake the IAmWorkin step-ca root CA into the system trust store. Without # this, .NET HttpClient calls from CI tests against *.iamworkin.lan # (e.g. https://selenium.iamworkin.lan/session) fail with `PartialChain` # because the runner image's default Ubuntu trust bundle doesn't include # our internal Root CA. update-ca-certificates regenerates # /etc/ssl/certs/ca-certificates.crt, which OpenSSL + .NET on Linux read # automatically — no SSL_CERT_FILE env var needed. COPY step-ca-root.crt /usr/local/share/ca-certificates/iamworkin-step-ca-root.crt RUN apt-get update \ && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ autoconf \ bison \ build-essential \ ca-certificates \ curl \ libdb-dev \ libffi-dev \ libgdbm-dev \ libgmp-dev \ libncurses-dev \ libreadline-dev \ libssl-dev \ libyaml-dev \ patch \ pkg-config \ uuid-dev \ zlib1g-dev \ && update-ca-certificates \ && curl -fsSL "https://github.com/rbenv/ruby-build/archive/refs/tags/${RUBY_BUILD_VERSION}.tar.gz" -o /tmp/ruby-build.tar.gz \ && mkdir -p /tmp/ruby-build \ && tar -xzf /tmp/ruby-build.tar.gz --strip-components=1 -C /tmp/ruby-build \ && /tmp/ruby-build/install.sh \ && rm -rf /tmp/ruby-build /tmp/ruby-build.tar.gz /var/lib/apt/lists/* COPY install-ruby-toolcache.sh /usr/local/bin/install-ruby-toolcache.sh RUN chmod +x /usr/local/bin/install-ruby-toolcache.sh \ && RUBY_VERSION="${RUBY_VERSION}" RUBY_MINOR="${RUBY_MINOR}" TOOLCACHE_ROOT="${RUNNER_RUBY_TOOLCACHE}" RUNNER_UID="${RUNNER_UID}" RUNNER_GID="${RUNNER_GID}" /usr/local/bin/install-ruby-toolcache.sh \ && ruby -v