Fix for using docker inside runner's container (#175)
#153 Co-authored-by: zwanto <antoine.hamon@protonmail.com> Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/175 Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org> Co-authored-by: zwanto <zwanto@noreply.code.forgejo.org> Co-committed-by: zwanto <zwanto@noreply.code.forgejo.org>
This commit is contained in:
parent
eb89a98c6a
commit
6980165781
3 changed files with 38 additions and 14 deletions
|
@ -39,7 +39,7 @@ Creating docker-compose_docker-in-docker_1 ... done
|
||||||
Creating docker-compose_forgejo_1 ... done
|
Creating docker-compose_forgejo_1 ... done
|
||||||
Creating docker-compose_runner-register_1 ... done
|
Creating docker-compose_runner-register_1 ... done
|
||||||
...
|
...
|
||||||
docker-in-docker_1 | time="2023-08-24T10:22:15.023338461Z" level=warning msg="WARNING: API is accessible on http://0.0.0.0:2375
|
docker-in-docker_1 | time="2023-08-24T10:22:15.023338461Z" level=warning msg="WARNING: API is accessible on http://0.0.0.0:2376
|
||||||
...
|
...
|
||||||
forgejo_1 | 2023/08/24 10:22:14 ...s/graceful/server.go:75:func1() [D] Starting server on tcp:0.0.0.0:3000 (PID: 19)
|
forgejo_1 | 2023/08/24 10:22:14 ...s/graceful/server.go:75:func1() [D] Starting server on tcp:0.0.0.0:3000 (PID: 19)
|
||||||
...
|
...
|
||||||
|
@ -58,12 +58,14 @@ To login the Forgejo instance:
|
||||||
|
|
||||||
## Tests workflow
|
## Tests workflow
|
||||||
|
|
||||||
The `compose-demo-workflow.yml` compose file runs a demo workflow to
|
The `compose-demo-workflow.yml` compose file runs two demo workflows:
|
||||||
verify the `Forgejo runner` can pick up a task from the Forgejo instance
|
* one to verify the `Forgejo runner` can pick up a task from the Forgejo instance
|
||||||
and run it to completion.
|
and run it to completion.
|
||||||
|
* one to verify docker can be run inside the `Forgejo runner` container.
|
||||||
|
|
||||||
A new repository is created in root/test with the following workflow
|
A new repository is created in root/test with the following workflows:
|
||||||
in `.forgejo/workflows/demo.yml`:
|
|
||||||
|
#### `.forgejo/workflows/demo.yml`:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
on: [push]
|
on: [push]
|
||||||
|
@ -74,6 +76,17 @@ jobs:
|
||||||
- run: echo All Good
|
- run: echo All Good
|
||||||
```
|
```
|
||||||
|
|
||||||
|
#### `.forgejo/workflows/demo_docker.yml`
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
on: [push]
|
||||||
|
jobs:
|
||||||
|
test_docker:
|
||||||
|
runs-on: ubuntu-22.04
|
||||||
|
steps:
|
||||||
|
- run: docker info
|
||||||
|
```
|
||||||
|
|
||||||
A wait loop expects the status of the check associated with the
|
A wait loop expects the status of the check associated with the
|
||||||
commit in Forgejo to show "success" to assert the workflow was run.
|
commit in Forgejo to show "success" to assert the workflow was run.
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
# Copyright 2023 The Forgejo Authors.
|
# Copyright 2023 The Forgejo Authors.
|
||||||
# SPDX-License-Identifier: MIT
|
# SPDX-License-Identifier: MIT
|
||||||
|
|
||||||
version: "3"
|
|
||||||
|
|
||||||
services:
|
services:
|
||||||
|
|
||||||
demo-workflow:
|
demo-workflow:
|
||||||
|
@ -20,6 +18,7 @@ services:
|
||||||
git init --initial-branch=main ;
|
git init --initial-branch=main ;
|
||||||
mkdir -p .forgejo/workflows ;
|
mkdir -p .forgejo/workflows ;
|
||||||
echo "{ on: [push], jobs: { test: { runs-on: docker, steps: [ {uses: actions/checkout@v4}, { run: echo All Good } ] } } }" > .forgejo/workflows/demo.yml ;
|
echo "{ on: [push], jobs: { test: { runs-on: docker, steps: [ {uses: actions/checkout@v4}, { run: echo All Good } ] } } }" > .forgejo/workflows/demo.yml ;
|
||||||
|
echo "{ on: [push], jobs: { test_docker: { runs-on: ubuntu-22.04, steps: [ { run: docker info } ] } } }" > .forgejo/workflows/demo_docker.yml ;
|
||||||
git add . ;
|
git add . ;
|
||||||
git config user.email root@example.com ;
|
git config user.email root@example.com ;
|
||||||
git config user.name username ;
|
git config user.name username ;
|
||||||
|
|
|
@ -14,14 +14,20 @@
|
||||||
# Replace {ROOT_PASSWORD} with a secure password
|
# Replace {ROOT_PASSWORD} with a secure password
|
||||||
#
|
#
|
||||||
|
|
||||||
version: "3"
|
volumes:
|
||||||
|
docker_certs:
|
||||||
|
|
||||||
services:
|
services:
|
||||||
|
|
||||||
docker-in-docker:
|
docker-in-docker:
|
||||||
image: docker:dind
|
image: docker:dind
|
||||||
privileged: true
|
hostname: docker # Must set hostname as TLS certificates are only valid for docker or localhost
|
||||||
command: [ "dockerd", "-H", "tcp://0.0.0.0:2375", "--tls=false" ]
|
privileged: true
|
||||||
|
environment:
|
||||||
|
DOCKER_TLS_CERTDIR: /certs
|
||||||
|
DOCKER_HOST: docker-in-docker
|
||||||
|
volumes:
|
||||||
|
- docker_certs:/certs
|
||||||
|
|
||||||
forgejo:
|
forgejo:
|
||||||
image: codeberg.org/forgejo/forgejo:1.21
|
image: codeberg.org/forgejo/forgejo:1.21
|
||||||
|
@ -29,7 +35,7 @@ services:
|
||||||
bash -c '
|
bash -c '
|
||||||
/bin/s6-svscan /etc/s6 &
|
/bin/s6-svscan /etc/s6 &
|
||||||
sleep 10 ;
|
sleep 10 ;
|
||||||
su -c "forgejo forgejo-cli actions register --secret {SHARED_SECRET} --labels docker --version 3.3.0" git ;
|
su -c "forgejo forgejo-cli actions register --secret {SHARED_SECRET} --labels docker,ubuntu-22.04 --version 3.3.0" git ;
|
||||||
su -c "forgejo admin user create --admin --username root --password {ROOT_PASSWORD} --email root@example.com" git ;
|
su -c "forgejo admin user create --admin --username root --password {ROOT_PASSWORD} --email root@example.com" git ;
|
||||||
sleep infinity
|
sleep infinity
|
||||||
'
|
'
|
||||||
|
@ -50,7 +56,7 @@ services:
|
||||||
- docker-in-docker
|
- docker-in-docker
|
||||||
- forgejo
|
- forgejo
|
||||||
environment:
|
environment:
|
||||||
DOCKER_HOST: tcp://docker-in-docker:2375
|
DOCKER_HOST: tcp://docker-in-docker:2376
|
||||||
volumes:
|
volumes:
|
||||||
- /srv/runner-data:/data
|
- /srv/runner-data:/data
|
||||||
user: 0:0
|
user: 0:0
|
||||||
|
@ -60,9 +66,12 @@ services:
|
||||||
forgejo-runner create-runner-file --connect --instance http://forgejo:3000 --name runner --secret {SHARED_SECRET} && break ;
|
forgejo-runner create-runner-file --connect --instance http://forgejo:3000 --name runner --secret {SHARED_SECRET} && break ;
|
||||||
sleep 1 ;
|
sleep 1 ;
|
||||||
done ;
|
done ;
|
||||||
|
sed -i -e "s|\"labels\": null|\"labels\": [\"docker:docker://node:16-bullseye\", \"ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04\"]|" .runner ;
|
||||||
forgejo-runner generate-config > config.yml ;
|
forgejo-runner generate-config > config.yml ;
|
||||||
sed -i -e "s|network: .*|network: host|" config.yml ;
|
sed -i -e "s|network: .*|network: host|" config.yml ;
|
||||||
sed -i -e "s|labels: \[\]|labels: \[\"docker:docker://alpine:3.18\"\]|" config.yml ;
|
sed -i -e "s|^ envs:$$| envs:\n DOCKER_HOST: tcp://docker:2376\n DOCKER_TLS_VERIFY: 1\n DOCKER_CERT_PATH: /certs/client|" config.yml ;
|
||||||
|
sed -i -e "s|^ options:| options: -v /certs/client:/certs/client|" config.yml ;
|
||||||
|
sed -i -e "s| valid_volumes: \[\]$$| valid_volumes:\n - /certs/client|" config.yml ;
|
||||||
chown -R 1000:1000 /data
|
chown -R 1000:1000 /data
|
||||||
'
|
'
|
||||||
|
|
||||||
|
@ -72,10 +81,13 @@ services:
|
||||||
- docker-in-docker
|
- docker-in-docker
|
||||||
- forgejo
|
- forgejo
|
||||||
environment:
|
environment:
|
||||||
DOCKER_HOST: tcp://docker-in-docker:2375
|
DOCKER_HOST: tcp://docker:2376
|
||||||
|
DOCKER_CERT_PATH: /certs/client
|
||||||
|
DOCKER_TLS_VERIFY: "1"
|
||||||
depends_on:
|
depends_on:
|
||||||
runner-register:
|
runner-register:
|
||||||
condition: service_completed_successfully
|
condition: service_completed_successfully
|
||||||
volumes:
|
volumes:
|
||||||
- /srv/runner-data:/data
|
- /srv/runner-data:/data
|
||||||
|
- docker_certs:/certs
|
||||||
command: "forgejo-runner --config config.yml daemon"
|
command: "forgejo-runner --config config.yml daemon"
|
||||||
|
|
Loading…
Reference in a new issue