feat(docker): Add flag to enable IPv6 in auto-created networks

This commit is contained in:
s3lph 2023-11-14 19:16:09 +01:00
parent 330199c532
commit 1139bb7d12
4 changed files with 60 additions and 52 deletions

View file

@ -58,6 +58,7 @@ type executeArgs struct {
image string image string
cacheHandler *artifactcache.Handler cacheHandler *artifactcache.Handler
network string network string
enableIPv6 bool
githubInstance string githubInstance string
} }
@ -378,36 +379,37 @@ func runExec(ctx context.Context, execArgs *executeArgs) func(cmd *cobra.Command
// run the plan // run the plan
config := &runner.Config{ config := &runner.Config{
Workdir: execArgs.Workdir(), Workdir: execArgs.Workdir(),
BindWorkdir: false, BindWorkdir: false,
ReuseContainers: false, ReuseContainers: false,
ForcePull: execArgs.forcePull, ForcePull: execArgs.forcePull,
ForceRebuild: execArgs.forceRebuild, ForceRebuild: execArgs.forceRebuild,
LogOutput: true, LogOutput: true,
JSONLogger: execArgs.jsonLogger, JSONLogger: execArgs.jsonLogger,
Env: execArgs.LoadEnvs(), Env: execArgs.LoadEnvs(),
Secrets: execArgs.LoadSecrets(), Secrets: execArgs.LoadSecrets(),
InsecureSecrets: execArgs.insecureSecrets, InsecureSecrets: execArgs.insecureSecrets,
Privileged: execArgs.privileged, Privileged: execArgs.privileged,
UsernsMode: execArgs.usernsMode, UsernsMode: execArgs.usernsMode,
ContainerArchitecture: execArgs.containerArchitecture, ContainerArchitecture: execArgs.containerArchitecture,
ContainerDaemonSocket: execArgs.containerDaemonSocket, ContainerDaemonSocket: execArgs.containerDaemonSocket,
UseGitIgnore: execArgs.useGitIgnore, UseGitIgnore: execArgs.useGitIgnore,
GitHubInstance: execArgs.githubInstance, GitHubInstance: execArgs.githubInstance,
ContainerCapAdd: execArgs.containerCapAdd, ContainerCapAdd: execArgs.containerCapAdd,
ContainerCapDrop: execArgs.containerCapDrop, ContainerCapDrop: execArgs.containerCapDrop,
ContainerOptions: execArgs.containerOptions, ContainerOptions: execArgs.containerOptions,
AutoRemove: true, AutoRemove: true,
ArtifactServerPath: execArgs.artifactServerPath, ArtifactServerPath: execArgs.artifactServerPath,
ArtifactServerPort: execArgs.artifactServerPort, ArtifactServerPort: execArgs.artifactServerPort,
ArtifactServerAddr: execArgs.artifactServerAddr, ArtifactServerAddr: execArgs.artifactServerAddr,
NoSkipCheckout: execArgs.noSkipCheckout, NoSkipCheckout: execArgs.noSkipCheckout,
// PresetGitHubContext: preset, // PresetGitHubContext: preset,
// EventJSON: string(eventJSON), // EventJSON: string(eventJSON),
ContainerNamePrefix: fmt.Sprintf("FORGEJO-ACTIONS-TASK-%s", eventName), ContainerNamePrefix: fmt.Sprintf("FORGEJO-ACTIONS-TASK-%s", eventName),
ContainerMaxLifetime: maxLifetime, ContainerMaxLifetime: maxLifetime,
ContainerNetworkMode: container.NetworkMode(execArgs.network), ContainerNetworkMode: container.NetworkMode(execArgs.network),
DefaultActionInstance: execArgs.defaultActionsURL, ContainerNetworkEnableIPv6: execArgs.enableIPv6,
DefaultActionInstance: execArgs.defaultActionsURL,
PlatformPicker: func(_ []string) string { PlatformPicker: func(_ []string) string {
return execArgs.image return execArgs.image
}, },
@ -486,6 +488,7 @@ func loadExecCmd(ctx context.Context) *cobra.Command {
execCmd.PersistentFlags().BoolVarP(&execArg.dryrun, "dryrun", "n", false, "dryrun mode") execCmd.PersistentFlags().BoolVarP(&execArg.dryrun, "dryrun", "n", false, "dryrun mode")
execCmd.PersistentFlags().StringVarP(&execArg.image, "image", "i", "node:16-bullseye", "docker image to use") execCmd.PersistentFlags().StringVarP(&execArg.image, "image", "i", "node:16-bullseye", "docker image to use")
execCmd.PersistentFlags().StringVarP(&execArg.network, "network", "", "", "Specify the network to which the container will connect") execCmd.PersistentFlags().StringVarP(&execArg.network, "network", "", "", "Specify the network to which the container will connect")
execCmd.PersistentFlags().BoolVarP(&execArg.enableIPv6, "enable-ipv6", "6", false, "Create network with IPv6 enabled.")
execCmd.PersistentFlags().StringVarP(&execArg.githubInstance, "gitea-instance", "", "", "Gitea instance to use.") execCmd.PersistentFlags().StringVarP(&execArg.githubInstance, "gitea-instance", "", "", "Gitea instance to use.")
return execCmd return execCmd

View file

@ -189,28 +189,29 @@ func (r *Runner) run(ctx context.Context, task *runnerv1.Task, reporter *report.
BindWorkdir: false, BindWorkdir: false,
ActionCacheDir: filepath.FromSlash(r.cfg.Host.WorkdirParent), ActionCacheDir: filepath.FromSlash(r.cfg.Host.WorkdirParent),
ReuseContainers: false, ReuseContainers: false,
ForcePull: r.cfg.Container.ForcePull, ForcePull: r.cfg.Container.ForcePull,
ForceRebuild: false, ForceRebuild: false,
LogOutput: true, LogOutput: true,
JSONLogger: false, JSONLogger: false,
Env: r.envs, Env: r.envs,
Secrets: task.Secrets, Secrets: task.Secrets,
GitHubInstance: strings.TrimSuffix(r.client.Address(), "/"), GitHubInstance: strings.TrimSuffix(r.client.Address(), "/"),
AutoRemove: true, AutoRemove: true,
NoSkipCheckout: true, NoSkipCheckout: true,
PresetGitHubContext: preset, PresetGitHubContext: preset,
EventJSON: string(eventJSON), EventJSON: string(eventJSON),
ContainerNamePrefix: fmt.Sprintf("GITEA-ACTIONS-TASK-%d", task.Id), ContainerNamePrefix: fmt.Sprintf("GITEA-ACTIONS-TASK-%d", task.Id),
ContainerMaxLifetime: maxLifetime, ContainerMaxLifetime: maxLifetime,
ContainerNetworkMode: container.NetworkMode(r.cfg.Container.Network), ContainerNetworkMode: container.NetworkMode(r.cfg.Container.Network),
ContainerOptions: r.cfg.Container.Options, ContainerNetworkEnableIPv6: r.cfg.Container.EnableIPv6,
ContainerDaemonSocket: r.cfg.Container.DockerHost, ContainerOptions: r.cfg.Container.Options,
Privileged: r.cfg.Container.Privileged, ContainerDaemonSocket: r.cfg.Container.DockerHost,
DefaultActionInstance: taskContext["gitea_default_actions_url"].GetStringValue(), Privileged: r.cfg.Container.Privileged,
PlatformPicker: r.labels.PickPlatform, DefaultActionInstance: taskContext["gitea_default_actions_url"].GetStringValue(),
Vars: task.Vars, PlatformPicker: r.labels.PickPlatform,
ValidVolumes: r.cfg.Container.ValidVolumes, Vars: task.Vars,
ValidVolumes: r.cfg.Container.ValidVolumes,
} }
rr, err := runner.New(runnerConfig) rr, err := runner.New(runnerConfig)

View file

@ -58,6 +58,9 @@ container:
# Could be host, bridge or the name of a custom network. # Could be host, bridge or the name of a custom network.
# If it's empty, create a network automatically. # If it's empty, create a network automatically.
network: "" network: ""
# Whether to create networks with IPv6 enabled. Requires the Docker daemon to be set up accordingly.
# Only takes effect if "network" is set to "".
enable_ipv6: false
# Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker). # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
privileged: false privileged: false
# And other options to be used when the container is started (eg, --add-host=my.forgejo.url:host-gateway). # And other options to be used when the container is started (eg, --add-host=my.forgejo.url:host-gateway).

View file

@ -45,6 +45,7 @@ type Cache struct {
type Container struct { type Container struct {
Network string `yaml:"network"` // Network specifies the network for the container. Network string `yaml:"network"` // Network specifies the network for the container.
NetworkMode string `yaml:"network_mode"` // Deprecated: use Network instead. Could be removed after Gitea 1.20 NetworkMode string `yaml:"network_mode"` // Deprecated: use Network instead. Could be removed after Gitea 1.20
EnableIPv6 bool `yaml:"enable_ipv6"` // EnableIPv6 indicates whether the network is created with IPv6 enabled.
Privileged bool `yaml:"privileged"` // Privileged indicates whether the container runs in privileged mode. Privileged bool `yaml:"privileged"` // Privileged indicates whether the container runs in privileged mode.
Options string `yaml:"options"` // Options specifies additional options for the container. Options string `yaml:"options"` // Options specifies additional options for the container.
WorkdirParent string `yaml:"workdir_parent"` // WorkdirParent specifies the parent directory for the container's working directory. WorkdirParent string `yaml:"workdir_parent"` // WorkdirParent specifies the parent directory for the container's working directory.