disabled TLS in example,

not needed for a closed docker network

entrypoint.sh

@@ -64,9 +64,14 @@ if [[ ! -f "${CONFIG_FILE}" ]]; then
   sed -i "/^  labels:/c\  \"labels\": [\"docker:docker://code.forgejo.org/oci/node:20-bookworm\", \"ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04\"]" ${CONFIG_FILE}
   sed -i "/^  network:/c\  network: host" ${CONFIG_FILE}
   sed -i "/^  privileged:/c\  privileged: true" ${CONFIG_FILE}
-  sed -i "/^  options:/c\  options: -v /certs/client:/certs/client" ${CONFIG_FILE}
-  sed -i "/^  valid_volumes:/c\  valid_volumes:\n    - /certs/client" ${CONFIG_FILE}
+
+  if [[ "${DOCKER_TLS_VERIFY}" -ne 1 ]]; then
+    sed -i "/^  docker_host:/c\  docker_host: tcp://${DOCKER_HOST}:2375" ${CONFIG_FILE}
+  else
     sed -i "/^  docker_host:/c\  docker_host: tcp://${DOCKER_HOST}:2376" ${CONFIG_FILE}
+    sed -i "/^  valid_volumes:/c\  valid_volumes:\n    - /certs/client" ${CONFIG_FILE}
+    sed -i "/^  options:/c\  options: -v /certs/client:/certs/client" ${CONFIG_FILE}
+  fi
 fi
 
 if [[ ! -z "${ENV_FILE}" ]]; then
@@ -76,11 +81,8 @@ else
 fi
 
 if [[ ! -f "${ENV_FILE}" ]]; then
-  echo "Creating ${ENV_FILE} and populating with default values"
-  cat <<EOF >${ENV_FILE}
-  DOCKER_TLS_VERIFY: 1
-  DOCKER_CERT_PATH: /certs/client
-EOF
+  echo "Creating ${ENV_FILE}"
+  touch ${ENV_FILE}
 fi
 
 EXTRA_ARGS=""
@@ -101,12 +103,14 @@ if [[ ! -s "${RUNNER_FILE}" ]]; then
 
   if [[ ! -z "${FORGEJO_SECRET}" ]]; then
     EXTRA_ARGS="${EXTRA_ARGS} --secret ${FORGEJO_SECRET}"
+    echo "Registering with SECRET"
   else
     if [[ -z "${RUNNER_TOKEN}" ]]; then
       echo "RUNNER_TOKEN is not set"
       exit 1
     fi
     EXTRA_ARGS="${EXTRA_ARGS} --token ${RUNNER_TOKEN}"
+    echo "Registering with TOKEN"
   fi
 
   # The point of this loop is to make it simple, when running both forgejo-runner and gitea in docker,
@@ -114,17 +118,11 @@ if [[ ! -s "${RUNNER_FILE}" ]]; then
   # the context of a single docker-compose, something similar could be done via healthchecks, but
   # this is more flexible.
   while [[ $success -eq 0 ]] && [[ $try -lt ${MAX_REG_ATTEMPTS:-10} ]]; do
-    # run_command "forgejo-runner register \
-    #   --instance \"${FORGEJO_URL:-http://forgejo:3000}\" \
-    #   --name \"${RUNNER_NAME:-$(hostname)}\" \
-    #   ${CONFIG_ARG} ${EXTRA_ARGS} --no-interactive 2>&1 | tee /tmp/reg.log"
-
     run_command "forgejo-runner create-runner-file --connect \
     --instance \"${FORGEJO_URL:-http://forgejo:3000}\" \
     --name \"${RUNNER_NAME:-$(hostname)}\" \
     ${CONFIG_ARG} ${EXTRA_ARGS} 2>&1 | tee /tmp/reg.log"
 
-
     cat /tmp/reg.log | grep 'connection successful' >/dev/null
     if [[ $? -eq 0 ]]; then
       echo "SUCCESS"

examples/docker-compose/compose-forgejo-and-runner.yml

@@ -29,7 +29,7 @@ services:
     networks:
       - forgejo
     environment:
-      DOCKER_TLS_CERTDIR: /certs
+      DOCKER_TLS_CERTDIR: "" # set to "certs" to use the TLS certificates, also update existing runner configs to use port 2376
       DOCKER_HOST: docker-in-docker
     volumes:
       - docker_certs:/certs
@@ -104,5 +104,5 @@ services:
       FORGEJO_SECRET: "{SHARED_SECRET}" # shared secret, must match Forgejo's
 
       RUNNER_FILE:  runner-rootless.json    # defaults to /data/runner.json
-      RUNNER_NAME:  forgejo-runner # defaults to forgejo-runner, used for registration
+      RUNNER_NAME:  forgejo-runner-rootless # defaults to forgejo-runner, used for registration
       RUNNER_TOKEN: "${RUNNER_TOKEN}"