forgejo-runner/entrypoint.sh

174 lines
5.5 KiB
Bash
Raw Normal View History

#!/usr/bin/env bash
set -e
run_command() {
local cmd="$1"
redacted_cmd=$(echo "$cmd" | sed -E 's/(--secret\s+|--token\s+)[^ ]+/--\1[REDACTED]/g')
decho "Running command: $redacted_cmd"
if [[ "$ISROOT" == true ]]; then
decho "Running as forgejo-runner"
su -c "$cmd" forgejo-runner
else
decho "Running as RUNNER_USER: ${RUNNER_USER}"
eval "$cmd"
fi
}
decho() {
if [[ "${DEBUG}" == "true" ]]; then
echo "[entrypoint] $@"
fi
}
# Initial setup
cd /data
decho "RUNNER_USER: ${RUNNER_USER}"
RUNNER_USER="${RUNNER_USER:-1000}"
# Check if the script is running as root
if [[ $(id -u) -eq 0 ]]; then
ISROOT=true
decho "Running as root"
fi
if [[ "$ISROOT" == true ]]; then
# Check if the forgejo-runner user exists
if id "forgejo-runner" &>/dev/null; then
echo "forgejo-runner user exists."
# Change the user ID if needed
CURRENT_UID=$(id -u forgejo-runner)
decho "CURRENT_UID: ${CURRENT_UID}"
if [[ "${CURRENT_UID}" -ne "${RUNNER_USER}" ]]; then
echo "Changing UID of forgejo-runner to ${RUNNER_USER}"
sed -i "s/^forgejo-runner:[^:]*:[^:]*:/forgejo-runner:x:${RUNNER_USER}:/" /etc/passwd
fi
else
echo "Creating user forgejo-runner with UID ${RUNNER_USER}"
adduser --uid "${RUNNER_USER}" --home /home/forgejo-runner --disabled-password --gecos "" forgejo-runner
fi
# Ensure /data is owned by the runner user
if [[ $(stat -c "%u" /data) != "${RUNNER_USER}" ]]; then
decho "Changing ownership of /data to ${RUNNER_USER}"
chown -R forgejo-runner:forgejo-runner /data
fi
fi
# Handle and alter the config file
if [[ -z "${CONFIG_FILE}" ]]; then
echo "CONFIG_FILE is not set"
CONFIG_FILE="/data/config.yml"
fi
CONFIG_ARG="--config ${CONFIG_FILE}"
decho "CONFIG: ${CONFIG_ARG}"
DOCKER_HOST=${DOCKER_HOST:-docker}
DOCKER_TLS_CERTDIR=${DOCKER_TLS_CERTDIR:-"/certs/client"}
DOCKER_TLS_VERIFY=${DOCKER_TLS_VERIFY:-0}
decho "DOCKER_HOST: ${DOCKER_HOST}"
decho "DOCKER_TLS_CERTDIR: ${DOCKER_TLS_CERTDIR}"
decho "DOCKER_TLS_VERIFY: ${DOCKER_TLS_VERIFY}"
if [[ ! -f "${CONFIG_FILE}" ]]; then
echo "Creating ${CONFIG_FILE}"
run_command "forgejo-runner generate-config > ${CONFIG_FILE}" forgejo-runner
# Remove test environment variables if they exist in the config file
sed -i "/^ A_TEST_ENV_NAME_1:/d" ${CONFIG_FILE}
sed -i "/^ A_TEST_ENV_NAME_2:/d" ${CONFIG_FILE}
# Apply default values for docker
sed -i "/^ labels:/c\ \"labels\": [\"docker:docker://code.forgejo.org/oci/node:20-bookworm\", \"ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04\"]" ${CONFIG_FILE}
sed -i "/^ network:/c\ network: host" ${CONFIG_FILE}
sed -i "/^ privileged:/c\ privileged: true" ${CONFIG_FILE}
if [[ "${DOCKER_TLS_VERIFY}" -ne 1 ]]; then
decho "Docker TLS diabled"
sed -i "/^ docker_host:/c\ docker_host: tcp://${DOCKER_HOST}:2375" ${CONFIG_FILE}
else
decho "Docker TLS enabled"
sed -i "/^ docker_host:/c\ docker_host: tcp://${DOCKER_HOST}:2376" ${CONFIG_FILE}
sed -i "/^ valid_volumes:/c\ valid_volumes:\n - ${DOCKER_TLS_CERTDIR}" ${CONFIG_FILE}
sed -i "/^ options:/c\ options: -v ${DOCKER_TLS_CERTDIR}:${DOCKER_TLS_CERTDIR}" ${CONFIG_FILE}
fi
fi
ENV_FILE=${ENV_FILE:-"/data/.env"}
decho "ENV_FILE: ${ENV_FILE}"
sed -i "/^ env_file:/c\ env_file: ${ENV_FILE}" ${CONFIG_FILE}
if [[ ! -f "${ENV_FILE}" ]]; then
echo "Creating ${ENV_FILE}"
touch ${ENV_FILE}
echo "DOCKER_HOST=${DOCKER_HOST}" >> ${ENV_FILE}
echo "DOCKER_TLS_VERIFY=${DOCKER_TLS_VERIFY}" >> ${ENV_FILE}
echo "DOCKER_TLS_CERTDIR=${DOCKER_TLS_CERTDIR}" >> ${ENV_FILE}
fi
EXTRA_ARGS=""
if [[ ! -z "${RUNNER_LABELS}" ]]; then
EXTRA_ARGS="${EXTRA_ARGS} --labels ${RUNNER_LABELS}"
fi
decho "EXTRA_ARGS: ${EXTRA_ARGS}"
# Set the runner file
if [[ -z "${RUNNER_FILE}" ]]; then
RUNNER_FILE="runner.json" # use json so editors know how to highlight
fi
decho "RUNNER_FILE: ${RUNNER_FILE}"
sed -i "/^ file:/c\ file: ${RUNNER_FILE}" ${CONFIG_FILE}
if [[ "${SKIP_WAIT}" != "true" ]]; then
secho "Waiting 10s to allow other services to start up..."
sleep 10
fi
if [[ ! -s "${RUNNER_FILE}" ]]; then
touch ${RUNNER_FILE}
try=$((try + 1))
success=0
decho "try: ${try}, success: ${success}"
if [[ ! -z "${FORGEJO_SECRET}" ]]; then
EXTRA_ARGS="${EXTRA_ARGS} --secret ${FORGEJO_SECRET}"
echo "Registering with SECRET"
else
if [[ -z "${RUNNER_TOKEN}" ]]; then
echo "RUNNER_TOKEN is not set"
exit 1
fi
EXTRA_ARGS="${EXTRA_ARGS} --token ${RUNNER_TOKEN}"
echo "Registering with TOKEN"
fi
decho "EXTRA_ARGS after secret/token: ${EXTRA_ARGS}"
# The point of this loop is to make it simple, when running both forgejo-runner and gitea in docker,
# for the forgejo-runner to wait a moment for gitea to become available before erroring out. Within
# the context of a single docker-compose, something similar could be done via healthchecks, but
# this is more flexible.
while [[ $success -eq 0 ]] && [[ $try -lt ${MAX_REG_ATTEMPTS:-10} ]]; do
run_command "forgejo-runner create-runner-file --connect \
--instance \"${FORGEJO_URL:-http://forgejo:3000}\" \
--name \"${RUNNER_NAME:-$(hostname)}\" \
${CONFIG_ARG} ${EXTRA_ARGS} 2>&1 | tee /tmp/reg.log"
cat /tmp/reg.log | grep 'connection successful' >/dev/null
if [[ $? -eq 0 ]]; then
echo "SUCCESS"
success=1
else
echo "Waiting to retry ..."
sleep 5
fi
decho "try: ${try}, success: ${success}"
done
fi
# Prevent reading the token from the forgejo-runner process
unset RUNNER_TOKEN
unset FORGEJO_SECRET
run_command "forgejo-runner daemon ${CONFIG_ARG}"