From 774ec1cfaa1d92210eb10de865b7d8ae870061cd Mon Sep 17 00:00:00 2001
From: Patrick Hobusch <patrick@hobusch.net>
Date: Thu, 4 Jun 2026 14:18:40 +0800
Subject: [PATCH] Use community fork of runner-container-hooks with websocket
 heartbeat fix

Pulls k8s and k8s-novolume runner-container-hooks from
oradwell/runner-container-hooks (v0.7.1-alpha / v0.8.2-alpha) instead of
upstream. These community alpha releases backport PR
actions/runner-container-hooks#333, which adds a websocket heartbeat to the
kubernetes exec call. Without it, workflow steps that produce no output for ~5
minutes (e.g. long sleeps, silent test runs) cause the websocket to close and
the step to be reported as exit 0, masking real failures. See
actions/runner-container-hooks#228.

Upstream has not yet cut a release containing the fix. Revert to the upstream
repo once a tagged release ships.

Also adds an optional tagSuffix workflow_dispatch input to docker-publish.yml so
custom builds can be published as e.g. 2.333.1-hooksfix.
---
 .github/workflows/docker-publish.yml | 14 +++++++++++++-
 images/Dockerfile                    |  8 +++++---
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index 6f72d3e753c..cc9b4f4666c 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -6,6 +6,10 @@ on:
       releaseBranch:
         description: 'Release Branch (releases/mXXX)'
         required: true
+      tagSuffix:
+        description: 'Optional image tag suffix (e.g. "hooksfix" → 2.333.1-hooksfix)'
+        required: false
+        default: ''
 
 jobs:
   publish-image:
@@ -27,6 +31,8 @@ jobs:
       - name: Compute image version
         id: image
         uses: actions/github-script@v9
+        env:
+          TAG_SUFFIX: ${{ github.event.inputs.tagSuffix }}
         with:
           script: |
             const fs = require('fs');
@@ -35,7 +41,13 @@ jobs:
             if (!/^\d+\.\d+\.\d+$/.test(runnerVersion)) {
               throw new Error(`Invalid runner version: ${runnerVersion}`);
             }
+            const suffix = (process.env.TAG_SUFFIX || '').trim();
+            if (suffix && !/^[A-Za-z0-9][A-Za-z0-9._-]*$/.test(suffix)) {
+              throw new Error(`Invalid tag suffix: ${suffix}`);
+            }
+            const imageTag = suffix ? `${runnerVersion}-${suffix}` : runnerVersion;
             core.setOutput('version', runnerVersion);
+            core.setOutput('tag', imageTag);
 
       - name: Setup Docker buildx
         uses: docker/setup-buildx-action@v4
@@ -56,7 +68,7 @@ jobs:
             linux/amd64
             linux/arm64
           tags: |
-            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.image.outputs.version }}
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.image.outputs.tag }}
             ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
           build-args: |
             RUNNER_VERSION=${{ steps.image.outputs.version }}
diff --git a/images/Dockerfile b/images/Dockerfile
index df5e145d08c..529f741700d 100644
--- a/images/Dockerfile
+++ b/images/Dockerfile
@@ -4,7 +4,9 @@ FROM mcr.microsoft.com/dotnet/runtime-deps:8.0-noble AS build
 ARG TARGETOS
 ARG TARGETARCH
 ARG RUNNER_VERSION
-ARG RUNNER_CONTAINER_HOOKS_VERSION=0.7.0
+ARG RUNNER_CONTAINER_HOOKS_REPO=oradwell/runner-container-hooks
+ARG RUNNER_CONTAINER_HOOKS_VERSION=0.7.1-alpha
+ARG RUNNER_CONTAINER_HOOKS_NOVOLUME_VERSION=0.8.2-alpha
 ARG DOCKER_VERSION=29.5.0
 ARG BUILDX_VERSION=0.34.0
 
@@ -17,11 +19,11 @@ RUN export RUNNER_ARCH=${TARGETARCH} \
     && tar xzf ./runner.tar.gz \
     && rm runner.tar.gz
 
-RUN curl -f -L -o runner-container-hooks.zip https://github.com/actions/runner-container-hooks/releases/download/v${RUNNER_CONTAINER_HOOKS_VERSION}/actions-runner-hooks-k8s-${RUNNER_CONTAINER_HOOKS_VERSION}.zip \
+RUN curl -f -L -o runner-container-hooks.zip https://github.com/${RUNNER_CONTAINER_HOOKS_REPO}/releases/download/v${RUNNER_CONTAINER_HOOKS_VERSION}/actions-runner-hooks-k8s-${RUNNER_CONTAINER_HOOKS_VERSION}.zip \
     && unzip ./runner-container-hooks.zip -d ./k8s \
     && rm runner-container-hooks.zip
 
-RUN curl -f -L -o runner-container-hooks.zip https://github.com/actions/runner-container-hooks/releases/download/v0.8.1/actions-runner-hooks-k8s-0.8.1.zip \
+RUN curl -f -L -o runner-container-hooks.zip https://github.com/${RUNNER_CONTAINER_HOOKS_REPO}/releases/download/v${RUNNER_CONTAINER_HOOKS_NOVOLUME_VERSION}/actions-runner-hooks-k8s-${RUNNER_CONTAINER_HOOKS_NOVOLUME_VERSION}.zip \
     && unzip ./runner-container-hooks.zip -d ./k8s-novolume \
     && rm runner-container-hooks.zip