Merge pull request 'add release notes for v2.3.0' (#53) from earl-warren/runner:wip-release into main

Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/53

.dockerignore

@@ -0,0 +1,2 @@
+Dockerfile
+forgejo-runner

.forgejo/workflows/build-release.yml

@@ -0,0 +1,133 @@
+name: Build release
+
+on: 
+  push:
+    tags: 'v*'
+
+jobs:
+  release:
+    runs-on: self-hosted
+    # root is used for testing, allow it
+    if: github.repository_owner == 'forgejo-integration' || github.repository_owner == 'root'
+    steps:
+      - uses: actions/checkout@v3
+
+      - id: verbose
+        run: |
+          # if there are no secrets, be verbose
+          if test -z "${{ secrets.TOKEN }}"; then
+            value=true
+          else
+            value=false
+          fi
+          echo "value=$value" >> "$GITHUB_OUTPUT"
+          echo "shell=set -x" >> "$GITHUB_OUTPUT"
+          
+      - id: registry
+        run: |
+          ${{ steps.verbose.outputs.shell }}
+          url="${{ env.GITHUB_SERVER_URL }}"
+          hostport=${url##http*://}
+          hostport=${hostport%%/}
+          echo "host-port=${hostport}" >> "$GITHUB_OUTPUT"
+          if ! [[ $url =~ ^http:// ]] ; then
+             exit 0
+          fi
+          cat >> "$GITHUB_OUTPUT" <<EOF
+          insecure=true
+          buildx-config<<ENDVAR
+          [registry."${hostport}"]
+            http = true
+          ENDVAR
+          EOF
+        
+      - id: secrets
+        run: |
+          token="${{ secrets.TOKEN }}"
+          doer="${{ secrets.DOER }}"
+          if test -z "$token"; then
+             apt-get -qq install -y jq
+             doer=root
+             api=http://$doer:admin1234@${{ steps.registry.outputs.host-port }}/api/v1/users/$doer/tokens
+             curl -sS -X DELETE $api/release
+             token=$(curl -sS -X POST -H 'Content-Type: application/json' --data-raw '{"name": "release", "scopes": ["all"]}' $api | jq --raw-output .sha1)
+          fi
+          echo "token=${token}" >> "$GITHUB_OUTPUT"
+          echo "doer=${doer}" >> "$GITHUB_OUTPUT"
+
+      - name: allow docker pull/push to forgejo
+        if: ${{ steps.registry.outputs.insecure }}
+        run: |-
+          mkdir /etc/docker
+          cat > /etc/docker/daemon.json <<EOF
+            {
+              "insecure-registries" : ["${{ steps.registry.outputs.host-port }}"],
+              "bip": "172.26.0.1/16"
+            }
+          EOF
+
+      - run: |
+          echo deb http://deb.debian.org/debian bullseye-backports main | tee /etc/apt/sources.list.d/backports.list && apt-get -qq update
+          DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -qq -y -t bullseye-backports docker.io
+          
+      - uses: https://github.com/docker/setup-buildx-action@v2
+        with:
+          config-inline: |
+           ${{ steps.registry.outputs.buildx-config }}
+
+      - run: |
+          token="${{ steps.secrets.outputs.token }}" ; test -z "$token" && token="${{ secrets.TOKEN }}"
+          doer="${{ steps.secrets.outputs.doer }}" ; test -z "$doer" && doer="${{ secrets.DOER }}"
+          BASE64_AUTH=`echo -n "$doer:$token" | base64`
+          mkdir -p ~/.docker
+          echo "{\"auths\": {\"$CI_REGISTRY\": {\"auth\": \"$BASE64_AUTH\"}}}" > ~/.docker/config.json
+        env:
+          CI_REGISTRY: "${{ env.GITHUB_SERVER_URL }}${{ env.GITHUB_REPOSITORY_OWNER }}"
+
+      - id: build
+        run: |
+          ${{ steps.verbose.outputs.shell }}
+          tag="${{ github.ref_name }}"
+          tag=${tag##*v}
+          echo "tag=$tag" >> "$GITHUB_OUTPUT"
+          echo "image=${{ steps.registry.outputs.host-port }}/${{ github.repository }}:${tag}" >> "$GITHUB_OUTPUT"
+          
+      - uses: https://github.com/docker/build-push-action@v4
+        # workaround until https://github.com/docker/build-push-action/commit/d8823bfaed2a82c6f5d4799a2f8e86173c461aba is in @v4 or @v5 is released
+        env:
+          ACTIONS_RUNTIME_TOKEN: ''
+        with:
+          context: .
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.build.outputs.image }}
+
+      - run: |
+          ${{ steps.verbose.outputs.shell }}
+          mkdir -p release
+          for arch in amd64 arm64; do
+            docker create --platform linux/$arch --name runner ${{ steps.build.outputs.image }}
+            docker cp runner:/bin/forgejo-runner release/forgejo-runner-$arch
+            shasum -a 256 < release/forgejo-runner-$arch | cut -f1 -d ' ' > release/forgejo-runner-$arch.sha256
+            docker rm runner
+          done
+
+      - name: publish release (when TOKEN secret is NOT set)
+        if: ${{ secrets.TOKEN == '' }}
+        uses: https://code.forgejo.org/actions/forgejo-release@v1
+        with:
+          direction: upload
+          release-dir: release
+          release-notes: "RELEASE-NOTES#${{ steps.build.outputs.tag }}"
+          token: ${{ steps.secrets.outputs.token }}
+          verbose: ${{ steps.verbose.outputs.value }}
+
+      - name: publish release (when TOKEN secret is set)
+        if: ${{ secrets.TOKEN != '' }}
+        uses: https://code.forgejo.org/actions/forgejo-release@v1
+        with:
+          direction: upload
+          release-dir: release
+          release-notes: "RELEASE-NOTES#${{ steps.build.outputs.tag }}"
+          token: ${{ secrets.TOKEN }}
+          verbose: ${{ steps.verbose.outputs.value }}

.forgejo/workflows/integration.yml

@@ -0,0 +1,59 @@
+name: Integration tests for the release process
+
+on: 
+  push:
+    paths:
+      - go.mod
+      - Dockerfile
+      - .forgejo/workflows/release.yml
+      - .forgejo/workflows/integration.yml
+
+jobs:
+  release-simulation:
+    runs-on: self-hosted
+    if: github.repository_owner != 'forgejo-integration' && github.repository_owner != 'forgejo-experimental' && github.repository_owner != 'forgejo-release'
+    steps:
+      - uses: actions/checkout@v3
+
+      - id: forgejo
+        uses: https://code.forgejo.org/actions/setup-forgejo@v1
+        with:
+          user: root
+          password: admin1234
+          image-version: 1.19
+          lxc-ip-prefix: 10.0.9
+
+      - name: publish the runner release
+        run: |
+          set -x
+
+          dir=$(mktemp -d)
+          trap "rm -fr $dir" EXIT
+
+          url=http://root:admin1234@${{ steps.forgejo.outputs.host-port }}
+          export FORGEJO_RUNNER_LOGS="${{ steps.forgejo.outputs.runner-logs }}"
+
+          #
+          # Create a new project with the runner and the release workflow only
+          #
+          rsync -a --exclude .git ./ $dir/
+          rm $(find $dir/.forgejo/workflows/*.yml | grep -v release.yml)
+          forgejo-test-helper.sh push $dir $url root runner |& tee $dir/pushed
+          eval $(grep '^sha=' < $dir/pushed)
+
+          #
+          # Push a tag to trigger the release workflow and wait for it to complete
+          #
+          forgejo-test-helper.sh api POST $url repos/root/runner/tags ${{ steps.forgejo.outputs.token }} --data-raw '{"tag_name": "v1.2.3", "target": "'$sha'"}'
+          LOOPS=180 forgejo-test-helper.sh wait_success "$url" root/runner $sha
+
+          #
+          # Minimal sanity checks. e2e test is for the setup-forgejo action
+          # and the infrastructure playbook.
+          #
+          curl -L -sS $url/root/runner/releases/download/v1.2.3/forgejo-runner-amd64 > forgejo-runner
+          chmod +x forgejo-runner
+          ./forgejo-runner --version | grep 1.2.3
+          curl -L -sS $url/root/runner/releases/download/v1.2.3/forgejo-runner-amd64.sha256 > forgejo-runner.one
+          shasum -a 256 < forgejo-runner | cut -f1 -d ' ' > forgejo-runner.two
+          diff forgejo-runner.one forgejo-runner.two

.forgejo/workflows/publish-binary.yml

@@ -0,0 +1,40 @@
+name: Publish release
+
+on: 
+  push:
+    tags: 'v*'
+
+jobs:
+  release:
+    runs-on: self-hosted
+    if: github.repository_owner == 'forgejo-release' && secrets.TOKEN != ''
+    steps:
+
+      - name: install the certificate authority
+        run: |
+          apt-get install -qq -y wget
+          wget --no-check-certificate -O /usr/local/share/ca-certificates/enough.crt https://forgejo.octopuce.forgejo.org/forgejo/enough/raw/branch/main/certs/2023-05-13/ca.crt
+          update-ca-certificates --fresh
+
+      - uses: actions/checkout@v3
+
+      - name: download release
+        uses: https://code.forgejo.org/actions/forgejo-release@v1
+        with:
+          url: https://code.forgejo.org
+          repo: forgejo-integration/runner
+          direction: download
+          release-dir: release
+          download-retry: 60
+          token: ${{ secrets.TOKEN }}
+
+      - name: upload release
+        uses: https://code.forgejo.org/actions/forgejo-release@v1
+        with:
+          url: https://code.forgejo.org
+          repo: forgejo/runner
+          direction: upload
+          release-dir: release
+          release-notes: "RELEASE-NOTES"
+          token: ${{ secrets.TOKEN }}
+          gpg-private-key: ${{ secrets.GPG }}

.forgejo/workflows/publish-container-image.yml

@@ -0,0 +1,43 @@
+# SPDX-License-Identifier: MIT
+name: copy container images from integration to the destination organization
+
+on: 
+  push:
+    tags: 'v*'
+
+jobs:
+  builder:
+    runs-on: self-hosted
+    if: github.repository_owner == 'forgejo-release' && secrets.TOKEN != ''
+    steps:
+
+    - name: apt-get install docker.io
+      run: |
+        DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -qq -y docker.io
+
+    - name: login code.forgejo.org
+      uses: https://github.com/docker/login-action@v2
+      with:
+          registry: code.forgejo.org
+          username: ${{ secrets.DOER }}
+          password: ${{ secrets.TOKEN }}
+
+    - id: tag
+      run: |
+        tag="${{ github.ref_name }}"
+        tag=${tag##*v}
+        echo "tag=$tag" >> "$GITHUB_OUTPUT"
+
+    - uses: https://code.forgejo.org/forgejo/forgejo-container-image@v1
+      env:
+        VERIFY: 'false'
+      with:
+        url: https://code.forgejo.org
+        destination-owner: forgejo
+        owner: forgejo-integration
+        suffixes: ' '
+        project: runner
+        tag: ${{ steps.tag.outputs.tag }}
+        doer: ${{ secrets.DOER }}
+        token: ${{ secrets.TOKEN }}
+        verbose: true

.forgejo/workflows/test.yml

@@ -0,0 +1,55 @@
+name: checks
+on: 
+  - pull_request
+  - push
+
+env:
+  FORGEJO_HOST_PORT: 'forgejo:3000'
+  FORGEJO_ADMIN_USER: 'root'
+  FORGEJO_ADMIN_PASSWORD: 'admin1234'
+  FORGEJO_RUNNER_SECRET: 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+  FORGEJO_SCRIPT: |
+    /bin/s6-svscan /etc/s6 & sleep 10 ; su -c "forgejo admin user create --admin --username $FORGEJO_ADMIN_USER --password $FORGEJO_ADMIN_PASSWORD --email root@example.com" git && su -c "forgejo forgejo-cli actions register --labels docker --name therunner --secret $FORGEJO_RUNNER_SECRET" git && sleep infinity  
+  GOPROXY: https://goproxy.io,direct
+
+jobs:
+  tests:
+    name: check and test
+    if: github.repository_owner != 'forgejo-integration' && github.repository_owner != 'forgejo-experimental' && github.repository_owner != 'forgejo-release'
+    runs-on: docker
+
+    services:
+      forgejo:
+        image: codeberg.org/forgejo-integration/forgejo:1.20.0-4-rc2
+        env:
+          FORGEJO__security__INSTALL_LOCK: "true"
+          FORGEJO__log__LEVEL: "debug"
+          FORGEJO__actions__ENABLED: "true"
+          FORGEJO_ADMIN_USER: ${{ env.FORGEJO_ADMIN_USER }}
+          FORGEJO_ADMIN_PASSWORD: ${{ env.FORGEJO_ADMIN_PASSWORD }}
+          FORGEJO_RUNNER_SECRET: ${{ env.FORGEJO_RUNNER_SECRET }}
+        cmd:
+          - 'bash'
+          - '-c'
+          - ${{ env.FORGEJO_SCRIPT }}
+
+    steps:
+      - uses: actions/setup-go@v3
+        with:
+          # pin because of https://github.com/nektos/act/issues/1908
+          go-version: 1.20.5
+
+      - uses: actions/checkout@v3
+
+      - run: make vet
+
+      - run: make build
+
+      - name: check the forgejo server is responding
+        run: |
+          set -x
+          apt-get update -qq
+          apt-get install -y -qq jq curl
+          test $FORGEJO_ADMIN_USER = $(curl -sS http://$FORGEJO_ADMIN_USER:$FORGEJO_ADMIN_PASSWORD@$FORGEJO_HOST_PORT/api/v1/user | jq --raw-output .login)
+
+      - run: make FORGEJO_URL=http://$FORGEJO_HOST_PORT test

.gitea/workflows/release-nightly.yml

@@ -1,105 +0,0 @@
-name: release-nightly
-
-on:
-  push:
-    branches: [ main ]
-
-env:
-  GOPATH: /go_path
-  GOCACHE: /go_cache
-
-jobs:
-  goreleaser:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          fetch-depth: 0 # all history for all branches and tags
-      - uses: actions/setup-go@v3
-        with:
-          go-version: '>=1.20.1'
-      - uses: https://gitea.com/actions/go-hashfiles@v0.0.1
-        id: hash-go
-        with:
-          patterns: |
-            go.mod
-            go.sum
-      - name: cache go
-        id: cache-go
-        uses: https://github.com/actions/cache@v3
-        with:
-          path: |
-            /go_path
-            /go_cache
-          key: go_path-${{ steps.hash-go.outputs.hash }}
-      - name: goreleaser
-        uses: https://github.com/goreleaser/goreleaser-action@v4
-        with:
-            distribution: goreleaser-pro
-            version: latest
-            args: release --nightly
-        env:
-          GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
-          AWS_REGION: ${{ secrets.AWS_REGION }}
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          S3_REGION: ${{ secrets.AWS_REGION }}
-          S3_BUCKET: ${{ secrets.AWS_BUCKET }}
-  release-image:
-    runs-on: ubuntu-latest
-    container:
-      image: catthehacker/ubuntu:act-latest
-    env:
-      DOCKER_ORG: gitea
-      DOCKER_LATEST: nightly
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0 # all history for all branches and tags
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Set up Docker BuildX
-        uses: docker/setup-buildx-action@v2
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
-      - name: Get Meta
-        id: meta
-        run: |
-          echo REPO_NAME=$(echo ${GITHUB_REPOSITORY} | awk -F"/" '{print $2}') >> $GITHUB_OUTPUT
-          echo REPO_VERSION=$(git describe --tags --always | sed 's/^v//') >> $GITHUB_OUTPUT
-
-      - name: Build and push
-        uses: docker/build-push-action@v4
-        env:
-          ACTIONS_RUNTIME_TOKEN: '' # See https://gitea.com/gitea/act_runner/issues/119
-        with:
-          context: .
-          file: ./Dockerfile
-          platforms: |
-            linux/amd64
-            linux/arm64
-          push: true
-          tags: |
-            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}
-
-      - name: Build and push dind-rootless
-        uses: docker/build-push-action@v4
-        env:
-          ACTIONS_RUNTIME_TOKEN: '' # See https://gitea.com/gitea/act_runner/issues/119
-        with:
-          context: .
-          file: ./Dockerfile.rootless
-          platforms: |
-            linux/amd64
-            linux/arm64
-          push: true
-          tags: |
-            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}-dind-rootless

.gitea/workflows/release-tag.yml

@@ -1,118 +0,0 @@
-name: release-tag
-
-on:
-  push:
-    tags:
-      - '*'
-
-env:
-  GOPATH: /go_path
-  GOCACHE: /go_cache
-
-jobs:
-  goreleaser:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          fetch-depth: 0 # all history for all branches and tags
-      - uses: actions/setup-go@v3
-        with:
-          go-version: '>=1.20.1'
-      - uses: https://gitea.com/actions/go-hashfiles@v0.0.1
-        id: hash-go
-        with:
-          patterns: |
-            go.mod
-            go.sum
-      - name: cache go
-        id: cache-go
-        uses: https://github.com/actions/cache@v3
-        with:
-          path: |
-            /go_path
-            /go_cache
-          key: go_path-${{ steps.hash-go.outputs.hash }}
-      - name: Import GPG key
-        id: import_gpg
-        uses: https://github.com/crazy-max/ghaction-import-gpg@v5
-        with:
-          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
-          passphrase: ${{ secrets.PASSPHRASE }}
-          fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
-      - name: goreleaser
-        uses: https://github.com/goreleaser/goreleaser-action@v4
-        with:
-            distribution: goreleaser-pro
-            version: latest
-            args: release
-        env:
-          GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
-          AWS_REGION: ${{ secrets.AWS_REGION }}
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          S3_REGION: ${{ secrets.AWS_REGION }}
-          S3_BUCKET: ${{ secrets.AWS_BUCKET }}
-          GORELEASER_FORCE_TOKEN: 'gitea'
-          GITEA_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
-  release-image:
-    runs-on: ubuntu-latest
-    container:
-      image: catthehacker/ubuntu:act-latest
-    env:
-      DOCKER_ORG: gitea
-      DOCKER_LATEST: latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0 # all history for all branches and tags
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Set up Docker BuildX
-        uses: docker/setup-buildx-action@v2
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
-      - name: Get Meta
-        id: meta
-        run: |
-          echo REPO_NAME=$(echo ${GITHUB_REPOSITORY} | awk -F"/" '{print $2}') >> $GITHUB_OUTPUT
-          echo REPO_VERSION=$(git describe --tags --always | sed 's/^v//') >> $GITHUB_OUTPUT
-
-      - name: Build and push
-        uses: docker/build-push-action@v4
-        env:
-          ACTIONS_RUNTIME_TOKEN: '' # See https://gitea.com/gitea/act_runner/issues/119
-        with:
-          context: .
-          file: ./Dockerfile
-          platforms: |
-            linux/amd64
-            linux/arm64
-          push: true
-          tags: |
-            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}
-            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}
-
-      - name: Build and push dind-rootless
-        uses: docker/build-push-action@v4
-        env:
-          ACTIONS_RUNTIME_TOKEN: '' # See https://gitea.com/gitea/act_runner/issues/119
-        with:
-          context: .
-          file: ./Dockerfile.rootless
-          platforms: |
-            linux/amd64
-            linux/arm64
-          push: true
-          tags: |
-            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}-dind-rootless
-            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}-dind-rootless

.gitea/workflows/test.yml

@@ -1,38 +0,0 @@
-name: checks
-on:
-  - push
-  - pull_request
-
-env:
-  GOPATH: /go_path
-  GOCACHE: /go_cache
-
-jobs:
-  lint:
-    name: check and test
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v3
-        with:
-          go-version: '>=1.20.1'
-      - uses: https://gitea.com/actions/go-hashfiles@v0.0.1
-        id: hash-go
-        with:
-          patterns: |
-            go.mod
-            go.sum
-      - name: cache go
-        id: cache-go
-        uses: https://github.com/actions/cache@v3
-        with:
-          path: |
-            /go_path
-            /go_cache
-          key: go_path-${{ steps.hash-go.outputs.hash }}
-      - name: vet checks
-        run: make vet
-      - name: build
-        run: make build
-      - name: test
-        run: make test

.gitignore

@@ -1,4 +1,6 @@
-act_runner
+*~
+
+forgejo-runner
 .env
 .runner
 coverage.txt

.goreleaser.checksum.sh

@@ -1,12 +0,0 @@
-#!/bin/bash
-
-set -e
-
-if [ -z "$1" ]; then
-  echo "usage: $0 <path>"
-  exit 1
-fi
-
-SUM=$(shasum -a 256 "$1" | cut -d' ' -f1)
-BASENAME=$(basename "$1")
-echo -n "${SUM}  ${BASENAME}" > "$1".sha256

.goreleaser.yaml

@@ -1,115 +0,0 @@
-before:
-  hooks:
-    - go mod tidy
-
-builds:
-- env:
-  - CGO_ENABLED=0
-  goos:
-  - darwin
-  - linux
-  - windows
-  - freebsd
-  goarch:
-  - amd64
-  - arm
-  - arm64
-  goarm:
-  - "5"
-  - "6"
-  - "7"
-  ignore:
-    - goos: darwin
-      goarch: arm
-    - goos: darwin
-      goarch: ppc64le
-    - goos: darwin
-      goarch: s390x
-    - goos: windows
-      goarch: ppc64le
-    - goos: windows
-      goarch: s390x
-    - goos: windows
-      goarch: arm
-      goarm: "5"
-    - goos: windows
-      goarch: arm
-      goarm: "6"
-    - goos: windows
-      goarch: arm
-      goarm: "7"
-    - goos: windows
-      goarch: arm64
-    - goos: freebsd
-      goarch: ppc64le
-    - goos: freebsd
-      goarch: s390x
-    - goos: freebsd
-      goarch: arm
-      goarm: "5"
-    - goos: freebsd
-      goarch: arm
-      goarm: "6"
-    - goos: freebsd
-      goarch: arm
-      goarm: "7"
-    - goos: freebsd
-      goarch: arm64
-  flags:
-  - -trimpath
-  ldflags:
-  - -s -w -X gitea.com/gitea/act_runner/internal/pkg/ver.version={{ .Summary }}
-  binary: >-
-    {{ .ProjectName }}-
-    {{- .Version }}-
-    {{- .Os }}-
-    {{- if eq .Arch "amd64" }}amd64
-    {{- else if eq .Arch "amd64_v1" }}amd64
-    {{- else if eq .Arch "386" }}386
-    {{- else }}{{ .Arch }}{{ end }}
-    {{- if .Arm }}-{{ .Arm }}{{ end }}
-  no_unique_dist_dir: true
-  hooks:
-    post:
-      - cmd: xz -k -9 {{ .Path }}
-        dir: ./dist/
-      - cmd: sh .goreleaser.checksum.sh {{ .Path }}
-      - cmd: sh .goreleaser.checksum.sh {{ .Path }}.xz
-
-blobs:
-  -
-    provider: s3
-    bucket: "{{ .Env.S3_BUCKET }}"
-    region: "{{ .Env.S3_REGION }}"
-    folder: "act_runner/{{.Version}}"
-    extra_files:
-      - glob: ./**.xz
-      - glob: ./**.sha256
-
-archives:
-  - format: binary
-    name_template: "{{ .Binary }}"
-    allow_different_binary_count: true
-
-checksum:
-  name_template: 'checksums.txt'
-  extra_files:
-      - glob: ./**.xz
-
-snapshot:
-  name_template: "{{ .Branch }}-devel"
-
-nightly:
-  name_template: "nightly"
-
-gitea_urls:
-  api: https://gitea.com/api/v1
-  download: https://gitea.com
-
-release:
-  extra_files:
-    - glob: ./**.xz
-    - glob: ./**.xz.sha256
-
-# yaml-language-server: $schema=https://goreleaser.com/static/schema-pro.json
-# vim: set ts=2 sw=2 tw=0 fo=cnqoj

Dockerfile

@@ -1,16 +1,16 @@
-FROM golang:1.20-alpine3.18 as builder
-# Do not remove `git` here, it is required for getting runner version when executing `make build`
-RUN apk add --no-cache make git
+#Build stage
+# Switch back to 1.20 instead of 1.20.5 when https://github.com/nektos/act/issues/1908 is resolved
+FROM golang:1.20.5-alpine3.18 AS build-env
 
-COPY . /opt/src/act_runner
-WORKDIR /opt/src/act_runner
+RUN apk --no-cache add build-base git
 
-RUN make clean && make build
+COPY . /srv
+WORKDIR /srv
+RUN make build
 
 FROM alpine:3.18
-RUN apk add --no-cache git bash tini
+LABEL maintainer="contact@forgejo.org"
 
-COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner
-COPY scripts/run.sh /opt/act/run.sh
+COPY --from=build-env /srv/forgejo-runner /bin/forgejo-runner
 
-ENTRYPOINT ["/sbin/tini","--","/opt/act/run.sh"]
+ENTRYPOINT ["/bin/forgejo-runner"]

Dockerfile.rootless

@@ -2,8 +2,8 @@ FROM golang:1.20-alpine3.18 as builder
 # Do not remove `git` here, it is required for getting runner version when executing `make build`
 RUN apk add --no-cache make git
 
-COPY . /opt/src/act_runner
-WORKDIR /opt/src/act_runner
+COPY . /opt/src/forgejo-runner
+WORKDIR /opt/src/forgejo-runner
 
 RUN make clean && make build
 
@@ -12,7 +12,7 @@ USER root
 RUN apk add --no-cache \
   git bash supervisor
 
-COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner
+COPY --from=builder /opt/src/forgejo-runner/forgejo-runner /usr/local/bin/forgejo-runner
 COPY /scripts/supervisord.conf /etc/supervisord.conf
 COPY /scripts/run.sh /opt/act/run.sh
 COPY /scripts/rootless.sh /opt/act/rootless.sh

LICENSE

@@ -1,3 +1,4 @@
+Copyright (c) 2023 The Forgejo Authors
 Copyright (c) 2022 The Gitea Authors
 
 Permission is hereby granted, free of charge, to any person obtaining a copy

Makefile

@@ -1,5 +1,5 @@
 DIST := dist
-EXECUTABLE := act_runner
+EXECUTABLE := forgejo-runner
 GOFMT ?= gofumpt -l
 DIST := dist
 DIST_DIRS := $(DIST)/binaries $(DIST)/release
@@ -21,11 +21,7 @@ DOCKER_TAG ?= nightly
 DOCKER_REF := $(DOCKER_IMAGE):$(DOCKER_TAG)
 DOCKER_ROOTLESS_REF := $(DOCKER_IMAGE):$(DOCKER_TAG)-dind-rootless
 
-ifneq ($(shell uname), Darwin)
-	EXTLDFLAGS = -extldflags "-static" $(null)
-else
-	EXTLDFLAGS =
-endif
+EXTLDFLAGS = -extldflags "-static" $(null)
 
 ifeq ($(HAS_GO), GO)
 	GOPATH ?= $(shell $(GO) env GOPATH)
@@ -108,8 +104,7 @@ test: fmt-check
 .PHONY: vet
 vet:
 	@echo "Running go vet..."
-	@$(GO) build code.gitea.io/gitea-vet
-	@$(GO) vet -vettool=gitea-vet $(GO_PACKAGES_TO_VET)
+	@$(GO) vet $(GO_PACKAGES_TO_VET)
 
 install: $(GOFILES)
 	$(GO) install -v -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)'
@@ -117,7 +112,7 @@ install: $(GOFILES)
 build: go-check $(EXECUTABLE)
 
 $(EXECUTABLE): $(GOFILES)
-	$(GO) build -v -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)' -o $@
+	$(GO) build -v -tags 'netgo osusergo $(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)' -o $@
 
 .PHONY: deps-backend
 deps-backend:

README.md

@@ -1,99 +1,122 @@
-# act runner
+# Forgejo Runner
 
-Act runner is a runner for Gitea based on [Gitea fork](https://gitea.com/gitea/act) of [act](https://github.com/nektos/act).
+A daemon that connects to a Forgejo instance and runs jobs for continous integration. The high level [installation instructions](https://forgejo.org/docs/next/admin/actions/) are part of the Forgejo documentation.
 
-## Installation
+# Configuration
 
-### Prerequisites
+Display the usage with `forgejo-runner --help`.
 
-Docker Engine Community version is required for docker mode. To install Docker CE, follow the official [install instructions](https://docs.docker.com/engine/install/).
+For more information on the configuration file, see the [commented example](internal/pkg/config/config.example.yaml).
 
-### Download pre-built binary
+# Hacking
 
-Visit [here](https://dl.gitea.com/act_runner/) and download the right version for your platform.
+The Forgejo runner depends on [a fork of ACT](https://code.forgejo.org/forgejo/act) and is a dependency of the [setup-forgejo action](https://code.forgejo.org/actions/setup-forgejo). Together they provide a development environment with end to end testing. Each repository also has some unit testing that can be used to quickly detect the simplest mistakes such as a failure to compile or static code checking failures (vulnerability, lint, etc.).
 
-### Build from source
+Assuming the modifications to the [Forgejo runner](https://code.forgejo.org/forgejo/runner) are pushed to a fork in a branch named `wip-runner-change`, a pull request will verify it compiles and the binary is sane (running `forgejo-runner --version`). It will not verify that it is able to properly run jobs when connected to a live Forgejo instance.
 
-```bash
-make build
+For end to end testing, a branch should be pushed to a fork of the [setup-forgejo action](https://code.forgejo.org/actions/setup-forgejo) with a [modification to the tests](https://code.forgejo.org/actions/setup-forgejo/src/commit/ae7f03683b7b05c7d9c6aaeacaf27843de0366a4/.forgejo/workflows/integration.yml#L10-L19), similar to:
+
+```yaml
+#
+# Uncomment the following for a shortcut to debugging the Forgejo runner.
+# It will build the runner from a designated repository and branch instead of
+# downloading it from a canonical release.
+#
+./forgejo-test-helper.sh build_runner https://code.forgejo.org/earl-warren/runner wip-runner-change
 ```
 
-### Build a docker image
+Where https://code.forgejo.org/earl-warren/runner is the URL of the Forgejo runner fork and `wip-runner-change` is the branch where the changes under test were pushed. When they do the `wip-runner-change` branch can be discarded.
 
-```bash
-make docker
+The runner can be released by merging the `wip-runner-change` branch and by pushing a new tag, for instance `v10.2.3`. For more information see the [documentation that details this release process](https://forgejo.org/docs/next/developer/RELEASE/#forgejo-runner-publication) in the Forgejo infrastructure. Once published, the [setup-forgejo](https://code.forgejo.org/actions/setup-forgejo/) action can be updated to default to this latest version knowing it already passed integration tests.
+
+## ACT
+
+Assuming the modifications to [ACT](https://code.forgejo.org/forgejo/act) are pushed to a fork in a branch named `wip-act-change`, a pull request will verify it compiles. It will not verify that the Forgejo runner can compile with it.
+
+For verifying it is compatible with the Forgejo runner, a branch should be pushed to a fork of the [Forgejo runner](https://code.forgejo.org/forgejo/runner) (for instance `wip-runner-change`) that uses the ACT version under test in the `wip-act-change` by modifying `go.mod` to contain something like the following and running `go mod tidy`:
+
+```
+replace github.com/nektos/act => code.forgejo.org/earl-warren/act wip-act-change
 ```
 
-## Quickstart
+Where https://code.forgejo.org/earl-warren/act is the URL of the ACT fork and `wip-act-change` is the branch where the changes under test were pushed. It will not verify that it is able to properly run jobs when connected to a live Forgejo instance. The `wip-runner-change` branch must, in turn, be tested as explained above. When the Forgejo runner modified to include the changes in the `wip-act-change` branch pass the end to end test of the `setup-forgejo` action, it is ready to be released.
 
-### Register
+ACT can be released by merging the `wip-act-change` branch and by pushing a new tag, for instance `v48.8.20`. Once published, the Forgejo runner can be updated to default to this latest version knowing it already passed end to end tests with something like:
 
-```bash
-./act_runner register
+```
+replace github.com/nektos/act => code.forgejo.org/forgejo/act v48.8.20
 ```
 
-And you will be asked to input:
+## Local debug
 
-1. Gitea instance URL, like `http://192.168.8.8:3000/`. You should use your gitea instance ROOT_URL as the instance argument
- and you should not use `localhost` or `127.0.0.1` as instance IP;
-2. Runner token, you can get it from `http://192.168.8.8:3000/admin/runners`;
-3. Runner name, you can just leave it blank;
-4. Runner labels, you can just leave it blank.
+The repositories are checked out in the same directory:
 
-The process looks like:
+- **runner**: [Forgejo runner](https://code.forgejo.org/forgejo/runner)
+- **act**: [ACT](https://code.forgejo.org/forgejo/act)
+- **setup-forgejo**: [setup-forgejo](https://code.forgejo.org/actions/setup-forgejo)
 
-```text
-INFO Registering runner, arch=amd64, os=darwin, version=0.1.5.
-WARN Runner in user-mode.
-INFO Enter the Gitea instance URL (for example, https://gitea.com/):
-http://192.168.8.8:3000/
-INFO Enter the runner token:
-fe884e8027dc292970d4e0303fe82b14xxxxxxxx
-INFO Enter the runner name (if set empty, use hostname: Test.local):
+### Install dependencies
 
-INFO Enter the runner labels, leave blank to use the default labels (comma-separated, for example, ubuntu-20.04:docker://node:16-bullseye,ubuntu-18.04:docker://node:16-buster,linux_arm:host):
+The dependencies are installed manually or with:
 
-INFO Registering runner, name=Test.local, instance=http://192.168.8.8:3000/, labels=[ubuntu-latest:docker://node:16-bullseye ubuntu-22.04:docker://node:16-bullseye ubuntu-20.04:docker://node:16-bullseye ubuntu-18.04:docker://node:16-buster].
-DEBU Successfully pinged the Gitea instance server
-INFO Runner registered successfully.
+```shell
+setup-forgejo/forgejo-dependencies.sh
 ```
 
-You can also register with command line arguments.
+### Build the Forgejo runner with the local ACT
 
-```bash
-./act_runner register --instance http://192.168.8.8:3000 --token <my_runner_token> --no-interactive
+The Forgejo runner is rebuilt with the ACT directory by changing the `runner/go.mod` file to:
+
+```
+replace github.com/nektos/act => ../act
 ```
 
-If the registry succeed, it will run immediately. Next time, you could run the runner directly.
+Running:
 
-### Run
-
-```bash
-./act_runner daemon
+```
+cd runner ; go mod tidy
 ```
 
-### Run with docker
+Building:
 
-```bash
-docker run -e GITEA_INSTANCE_URL=https://your_gitea.com -e GITEA_RUNNER_REGISTRATION_TOKEN=<your_token> -v /var/run/docker.sock:/var/run/docker.sock --name my_runner gitea/act_runner:nightly
+```shell
+cd runner ; rm -f forgejo-runner ; make forgejo-runner
 ```
 
-### Configuration
+### Launch Forgejo and the runner
 
-You can also configure the runner with a configuration file.
-The configuration file is a YAML file, you can generate a sample configuration file with `./act_runner generate-config`.
+A Forgejo instance is launched with:
 
-```bash
-./act_runner generate-config > config.yaml
+```shell
+cd setup-forgejo ; ./forgejo.sh setup
+firefox http://$(cat forgejo-ip):3000
 ```
 
-You can specify the configuration file path with `-c`/`--config` argument.
+The user is `root` with password `admin1234`. The runner is registered with:
 
-```bash
-./act_runner -c config.yaml register # register with config file
-./act_runner -c config.yaml daemon # run with config file
+```
+cd setup-forgejo
+docker exec --user 1000 forgejo forgejo actions generate-runner-token > forgejo-runner-token
+../runner/forgejo-runner register --no-interactive --instance "http://$(cat forgejo-ip):3000/" --name runner --token $(cat forgejo-runner-token) --labels docker:docker://node:16-bullseye,self-hosted
 ```
 
-### Example Deployments
+And launched with:
 
-Check out the [examples](examples) directory for sample deployment types.
+```shell
+cd setup-forgejo ; ../runner/forgejo-runner daemon
+```
+
+### Try a sample workflow
+
+From the Forgejo web interface, create a repository and add the following to `.forgejo/workflows/try.yaml`. It will launch the job and the result can be observed from the `actions` tab.
+
+```yaml
+on: [push]
+jobs:
+  ls:
+    runs-on: docker
+    steps:
+      - uses: actions/checkout@v3
+      - run: |
+          ls ${{ github.workspace }}
+```

RELEASE-NOTES.md

@@ -0,0 +1,5 @@
+# Release Notes
+
+## v2.3.0
+
+* Add support for [offline registration](https://forgejo.org/docs/next/admin/actions/#offline-registration).

go.mod

@@ -8,6 +8,7 @@ require (
 	github.com/avast/retry-go/v4 v4.3.1
 	github.com/bufbuild/connect-go v1.3.1
 	github.com/docker/docker v23.0.6+incompatible
+	github.com/google/uuid v1.3.0
 	github.com/joho/godotenv v1.5.1
 	github.com/mattn/go-isatty v0.0.18
 	github.com/nektos/act v0.0.0
@@ -89,4 +90,4 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
 
-replace github.com/nektos/act => gitea.com/gitea/act v0.246.2-0.20230703034344-3813f40cba18
+replace github.com/nektos/act => code.forgejo.org/earl-warren/act v0.0.0-20230712071828-cefe3d8dab38

go.sum

@@ -1,9 +1,9 @@
+code.forgejo.org/earl-warren/act v0.0.0-20230712071828-cefe3d8dab38 h1:2fPxnd6juYnuBTGkAZh3UHu+0ugr9QoFuJnK288pQPM=
+code.forgejo.org/earl-warren/act v0.0.0-20230712071828-cefe3d8dab38/go.mod h1:oU/5klyP5O+J2psPS3t50t09+SNVg+fZ/jN4lDZAq1U=
 code.gitea.io/actions-proto-go v0.3.0 h1:9Tvg8+TaaCXPKi6EnWl9vVgs2VZsj1Cs5afnsHa4AmM=
 code.gitea.io/actions-proto-go v0.3.0/go.mod h1:00ys5QDo1iHN1tHNvvddAcy2W/g+425hQya1cCSvq9A=
 code.gitea.io/gitea-vet v0.2.3-0.20230113022436-2b1561217fa5 h1:daBEK2GQeqGikJESctP5Cu1i33z5ztAD4kyQWiw185M=
 code.gitea.io/gitea-vet v0.2.3-0.20230113022436-2b1561217fa5/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFjGGfE=
-gitea.com/gitea/act v0.246.2-0.20230703034344-3813f40cba18 h1:UN4x0o3LKZCsNLPtbk2E1e38XQKsL7XI/XaRh7ckw1g=
-gitea.com/gitea/act v0.246.2-0.20230703034344-3813f40cba18/go.mod h1:oU/5klyP5O+J2psPS3t50t09+SNVg+fZ/jN4lDZAq1U=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
@@ -84,6 +84,8 @@ github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
+github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
+github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
 github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=

internal/app/cmd/cmd.go

@@ -17,8 +17,8 @@ import (
 func Execute(ctx context.Context) {
 	// ./act_runner
 	rootCmd := &cobra.Command{
-		Use:          "act_runner [event name to run]\nIf no event name passed, will default to \"on: push\"",
-		Short:        "Run GitHub actions locally by specifying the event name (e.g. `push`) or an action name directly.",
+		Use:          "forgejo-runner [event name to run]\nIf no event name passed, will default to \"on: push\"",
+		Short:        "Run Forgejo Actions locally by specifying the event name (e.g. `push`) or an action name directly.",
 		Args:         cobra.MaximumNArgs(1),
 		Version:      ver.Version(),
 		SilenceUsage: true,
@@ -35,12 +35,14 @@ func Execute(ctx context.Context) {
 		RunE:  runRegister(ctx, &regArgs, &configFile), // must use a pointer to regArgs
 	}
 	registerCmd.Flags().BoolVar(&regArgs.NoInteractive, "no-interactive", false, "Disable interactive mode")
-	registerCmd.Flags().StringVar(&regArgs.InstanceAddr, "instance", "", "Gitea instance address")
+	registerCmd.Flags().StringVar(&regArgs.InstanceAddr, "instance", "", "Forgejo instance address")
 	registerCmd.Flags().StringVar(&regArgs.Token, "token", "", "Runner token")
 	registerCmd.Flags().StringVar(&regArgs.RunnerName, "name", "", "Runner name")
 	registerCmd.Flags().StringVar(&regArgs.Labels, "labels", "", "Runner tags, comma separated")
 	rootCmd.AddCommand(registerCmd)
 
+	rootCmd.AddCommand(createRunnerFileCmd(ctx, &configFile))
+
 	// ./act_runner daemon
 	daemonCmd := &cobra.Command{
 		Use:   "daemon",

internal/app/cmd/create-runner-file.go

@@ -0,0 +1,164 @@
+// SPDX-License-Identifier: MIT
+
+package cmd
+
+import (
+	"context"
+	"encoding/hex"
+	"fmt"
+	"os"
+
+	pingv1 "code.gitea.io/actions-proto-go/ping/v1"
+	"github.com/bufbuild/connect-go"
+	gouuid "github.com/google/uuid"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+
+	"gitea.com/gitea/act_runner/internal/app/run"
+	"gitea.com/gitea/act_runner/internal/pkg/client"
+	"gitea.com/gitea/act_runner/internal/pkg/config"
+	"gitea.com/gitea/act_runner/internal/pkg/ver"
+)
+
+type createRunnerFileArgs struct {
+	Connect      bool
+	InstanceAddr string
+	Secret       string
+	Name         string
+}
+
+func createRunnerFileCmd(ctx context.Context, configFile *string) *cobra.Command {
+	var argsVar createRunnerFileArgs
+	cmd := &cobra.Command{
+		Use:   "create-runner-file",
+		Short: "Create a runner file using a shared secret used to pre-register the runner on the Forgejo instance",
+		Args:  cobra.MaximumNArgs(0),
+		RunE:  runCreateRunnerFile(ctx, &argsVar, configFile),
+	}
+	cmd.Flags().BoolVar(&argsVar.Connect, "connect", false, "tries to connect to the instance using the secret (Forgejo v1.21 instance or greater)")
+	cmd.Flags().StringVar(&argsVar.InstanceAddr, "instance", "", "Forgejo instance address")
+	cmd.MarkFlagRequired("instance")
+	cmd.Flags().StringVar(&argsVar.Secret, "secret", "", "secret shared with the Frogejo instance via forgejo-cli actions register")
+	cmd.MarkFlagRequired("secret")
+	cmd.Flags().StringVar(&argsVar.Name, "name", "", "Runner name")
+
+	return cmd
+}
+
+// must be exactly the same as fogejo/models/actions/forgejo.go
+func uuidFromSecret(secret string) (string, error) {
+	uuid, err := gouuid.FromBytes([]byte(secret[:16]))
+	if err != nil {
+		return "", fmt.Errorf("gouuid.FromBytes %v", err)
+	}
+	return uuid.String(), nil
+}
+
+// should be exactly the same as forgejo/cmd/forgejo/actions.go
+func validateSecret(secret string) error {
+	secretLen := len(secret)
+	if secretLen != 40 {
+		return fmt.Errorf("the secret must be exactly 40 characters long, not %d", secretLen)
+	}
+	if _, err := hex.DecodeString(secret); err != nil {
+		return fmt.Errorf("the secret must be an hexadecimal string: %w", err)
+	}
+	return nil
+}
+
+func ping(cfg *config.Config, reg *config.Registration) error {
+	// initial http client
+	cli := client.New(
+		reg.Address,
+		cfg.Runner.Insecure,
+		"",
+		"",
+		ver.Version(),
+	)
+
+	_, err := cli.Ping(context.Background(), connect.NewRequest(&pingv1.PingRequest{
+		Data: reg.UUID,
+	}))
+	if err != nil {
+		return fmt.Errorf("ping %s failed %w", reg.Address, err)
+	}
+	return nil
+}
+
+func runCreateRunnerFile(ctx context.Context, args *createRunnerFileArgs, configFile *string) func(cmd *cobra.Command, args []string) error {
+	return func(*cobra.Command, []string) error {
+		log.SetLevel(log.DebugLevel)
+		log.Info("Creating runner file")
+
+		//
+		// Prepare the registration data
+		//
+		cfg, err := config.LoadDefault(*configFile)
+		if err != nil {
+			return fmt.Errorf("invalid configuration: %w", err)
+		}
+
+		if err := validateSecret(args.Secret); err != nil {
+			return err
+		}
+
+		uuid, err := uuidFromSecret(args.Secret)
+		if err != nil {
+			return err
+		}
+
+		name := args.Name
+		if name == "" {
+			name, _ = os.Hostname()
+			log.Infof("Runner name is empty, use hostname '%s'.", name)
+		}
+
+		reg := &config.Registration{
+			Name:    name,
+			UUID:    uuid,
+			Token:   args.Secret,
+			Address: args.InstanceAddr,
+		}
+
+		//
+		// Verify the Forgejo instance is reachable
+		//
+		if err := ping(cfg, reg); err != nil {
+			return err
+		}
+
+		//
+		// Save the registration file
+		//
+		if err := config.SaveRegistration(cfg.Runner.File, reg); err != nil {
+			return fmt.Errorf("failed to save runner config to %s: %w", cfg.Runner.File, err)
+		}
+
+		//
+		// Verify the secret works
+		//
+		if args.Connect {
+			cli := client.New(
+				reg.Address,
+				cfg.Runner.Insecure,
+				reg.UUID,
+				reg.Token,
+				ver.Version(),
+			)
+
+			runner := run.NewRunner(cfg, reg, cli)
+			resp, err := runner.Declare(ctx, cfg.Runner.Labels)
+
+			if err != nil && connect.CodeOf(err) == connect.CodeUnimplemented {
+				log.Warn("Cannot verify the connection because the Forgejo instance is lower than v1.21")
+			} else if err != nil {
+				log.WithError(err).Error("fail to invoke Declare")
+				return err
+			} else {
+				log.Infof("connection successful: %s, with version: %s, with labels: %v",
+					resp.Msg.Runner.Name, resp.Msg.Runner.Version, resp.Msg.Runner.Labels)
+			}
+		}
+		return nil
+	}
+}

internal/app/cmd/create-runner-file_test.go

@@ -0,0 +1,118 @@
+// SPDX-License-Identifier: MIT
+
+package cmd
+
+import (
+	"bytes"
+	"context"
+	"os"
+	"testing"
+
+	runnerv1 "code.gitea.io/actions-proto-go/runner/v1"
+	"gitea.com/gitea/act_runner/internal/pkg/client"
+	"gitea.com/gitea/act_runner/internal/pkg/config"
+	"gitea.com/gitea/act_runner/internal/pkg/ver"
+	"github.com/bufbuild/connect-go"
+
+	"github.com/spf13/cobra"
+	"github.com/stretchr/testify/assert"
+	"gopkg.in/yaml.v3"
+)
+
+func executeCommand(ctx context.Context, cmd *cobra.Command, args ...string) (string, error) {
+	buf := new(bytes.Buffer)
+	cmd.SetOut(buf)
+	cmd.SetErr(buf)
+	cmd.SetArgs(args)
+
+	err := cmd.ExecuteContext(ctx)
+
+	return buf.String(), err
+}
+
+func Test_createRunnerFileCmd(t *testing.T) {
+	configFile := "config.yml"
+	ctx := context.Background()
+	cmd := createRunnerFileCmd(ctx, &configFile)
+	output, err := executeCommand(ctx, cmd)
+	assert.ErrorContains(t, err, `required flag(s) "instance", "secret" not set`)
+	assert.Contains(t, output, "Usage:")
+}
+
+func Test_validateSecret(t *testing.T) {
+	assert.ErrorContains(t, validateSecret("abc"), "exactly 40 characters")
+	assert.ErrorContains(t, validateSecret("ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"), "must be an hexadecimal")
+}
+
+func Test_uuidFromSecret(t *testing.T) {
+	uuid, err := uuidFromSecret("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA")
+	assert.NoError(t, err)
+	assert.EqualValues(t, uuid, "41414141-4141-4141-4141-414141414141")
+}
+
+func Test_ping(t *testing.T) {
+	cfg := &config.Config{}
+	address := os.Getenv("FORGEJO_URL")
+	if address == "" {
+		address = "https://code.forgejo.org"
+	}
+	reg := &config.Registration{
+		Address: address,
+		UUID:    "create-runner-file_test.go",
+	}
+	assert.NoError(t, ping(cfg, reg))
+}
+
+func Test_runCreateRunnerFile(t *testing.T) {
+	//
+	// Set the .runner file to be in a temporary directory
+	//
+	dir := t.TempDir()
+	configFile := dir + "/config.yml"
+	runnerFile := dir + "/.runner"
+	cfg, err := config.LoadDefault("")
+	cfg.Runner.File = runnerFile
+	yamlData, err := yaml.Marshal(cfg)
+	assert.NoError(t, err)
+	assert.NoError(t, os.WriteFile(configFile, yamlData, 0o666))
+
+	instance, has := os.LookupEnv("FORGEJO_URL")
+	if !has {
+		instance = "https://code.forgejo.org"
+	}
+	secret, has := os.LookupEnv("FORGEJO_RUNNER_SECRET")
+	assert.True(t, has)
+	name := "testrunner"
+
+	//
+	// Run create-runner-file
+	//
+	ctx := context.Background()
+	cmd := createRunnerFileCmd(ctx, &configFile)
+	output, err := executeCommand(ctx, cmd, "--connect", "--secret", secret, "--instance", instance, "--name", name)
+	assert.NoError(t, err)
+	assert.EqualValues(t, "", output)
+
+	//
+	// Read back the runner file and verify its content
+	//
+	reg, err := config.LoadRegistration(runnerFile)
+	assert.NoError(t, err)
+	assert.EqualValues(t, secret, reg.Token)
+	assert.EqualValues(t, instance, reg.Address)
+
+	//
+	// Verify that fetching a task successfully returns there is
+	// no task for this runner
+	//
+	cli := client.New(
+		reg.Address,
+		cfg.Runner.Insecure,
+		reg.UUID,
+		reg.Token,
+		ver.Version(),
+	)
+	resp, err := cli.FetchTask(ctx, connect.NewRequest(&runnerv1.FetchTaskRequest{}))
+	assert.NoError(t, err)
+	assert.Nil(t, resp.Msg.Task)
+}

internal/app/cmd/daemon.go

@@ -101,7 +101,7 @@ func runDaemon(ctx context.Context, configFile *string) func(cmd *cobra.Command,
 		resp, err := runner.Declare(ctx, ls.Names())
 		if err != nil && connect.CodeOf(err) == connect.CodeUnimplemented {
 			// Gitea instance is older version. skip declare step.
-			log.Warn("Because the Gitea instance is an old version, skip declare labels and version.")
+			log.Warn("Because the Forgejo instance is an old version, skip declare labels and version.")
 		} else if err != nil {
 			log.WithError(err).Error("fail to invoke Declare")
 			return err

internal/app/cmd/exec.go

@@ -404,7 +404,7 @@ func runExec(ctx context.Context, execArgs *executeArgs) func(cmd *cobra.Command
 			NoSkipCheckout:        execArgs.noSkipCheckout,
 			// PresetGitHubContext:   preset,
 			// EventJSON:             string(eventJSON),
-			ContainerNamePrefix:   fmt.Sprintf("GITEA-ACTIONS-TASK-%s", eventName),
+			ContainerNamePrefix:   fmt.Sprintf("FORGEJO-ACTIONS-TASK-%s", eventName),
 			ContainerMaxLifetime:  maxLifetime,
 			ContainerNetworkMode:  container.NetworkMode(execArgs.network),
 			DefaultActionInstance: execArgs.defaultActionsUrl,
@@ -458,7 +458,7 @@ func loadExecCmd(ctx context.Context) *cobra.Command {
 	execCmd.Flags().BoolVarP(&execArg.runList, "list", "l", false, "list workflows")
 	execCmd.Flags().StringVarP(&execArg.job, "job", "j", "", "run a specific job ID")
 	execCmd.Flags().StringVarP(&execArg.event, "event", "E", "", "run a event name")
-	execCmd.PersistentFlags().StringVarP(&execArg.workflowsPath, "workflows", "W", "./.gitea/workflows/", "path to workflow file(s)")
+	execCmd.PersistentFlags().StringVarP(&execArg.workflowsPath, "workflows", "W", "./.forgejo/workflows/", "path to workflow file(s)")
 	execCmd.PersistentFlags().StringVarP(&execArg.workdir, "directory", "C", ".", "working directory")
 	execCmd.PersistentFlags().BoolVarP(&execArg.noWorkflowRecurse, "no-recurse", "", false, "Flag to disable running workflows from subdirectories of specified path in '--workflows'/'-W' flag")
 	execCmd.Flags().BoolVarP(&execArg.autodetectEvent, "detect-event", "", false, "Use first event type from workflow as event that triggered the workflow")
@@ -480,7 +480,7 @@ func loadExecCmd(ctx context.Context) *cobra.Command {
 	execCmd.PersistentFlags().StringVarP(&execArg.artifactServerPath, "artifact-server-path", "", ".", "Defines the path where the artifact server stores uploads and retrieves downloads from. If not specified the artifact server will not start.")
 	execCmd.PersistentFlags().StringVarP(&execArg.artifactServerAddr, "artifact-server-addr", "", "", "Defines the address where the artifact server listens")
 	execCmd.PersistentFlags().StringVarP(&execArg.artifactServerPort, "artifact-server-port", "", "34567", "Defines the port where the artifact server listens (will only bind to localhost).")
-	execCmd.PersistentFlags().StringVarP(&execArg.defaultActionsUrl, "default-actions-url", "", "https://github.com", "Defines the default url of action instance.")
+	execCmd.PersistentFlags().StringVarP(&execArg.defaultActionsUrl, "default-actions-url", "", "https://code.forgejo.org", "Defines the default url of action instance.")
 	execCmd.PersistentFlags().BoolVarP(&execArg.noSkipCheckout, "no-skip-checkout", "", false, "Do not skip actions/checkout")
 	execCmd.PersistentFlags().BoolVarP(&execArg.debug, "debug", "d", false, "enable debug log")
 	execCmd.PersistentFlags().BoolVarP(&execArg.dryrun, "dryrun", "n", false, "dryrun mode")

internal/app/cmd/register.go

@@ -91,10 +91,7 @@ const (
 )
 
 var defaultLabels = []string{
-	"ubuntu-latest:docker://node:16-bullseye",
-	"ubuntu-22.04:docker://node:16-bullseye", // There's no node:16-bookworm yet
-	"ubuntu-20.04:docker://node:16-bullseye",
-	"ubuntu-18.04:docker://node:16-buster",
+	"docker:docker://node:16-bullseye",
 }
 
 type registerInputs struct {
@@ -237,7 +234,7 @@ func printStageHelp(stage registerStage) {
 	case StageOverwriteLocalConfig:
 		log.Infoln("Runner is already registered, overwrite local config? [y/N]")
 	case StageInputInstance:
-		log.Infoln("Enter the Gitea instance URL (for example, https://gitea.com/):")
+		log.Infoln("Enter the Forgejo instance URL (for example, https://next.forgejo.org/):")
 	case StageInputToken:
 		log.Infoln("Enter the runner token:")
 	case StageInputRunnerName:
@@ -315,11 +312,11 @@ func doRegister(cfg *config.Config, inputs *registerInputs) error {
 		}
 		if err != nil {
 			log.WithError(err).
-				Errorln("Cannot ping the Gitea instance server")
+				Errorln("Cannot ping the Forgejo instance server")
 			// TODO: if ping failed, retry or exit
 			time.Sleep(time.Second)
 		} else {
-			log.Debugln("Successfully pinged the Gitea instance server")
+			log.Debugln("Successfully pinged the Forgejo instance server")
 			break
 		}
 	}

internal/app/run/runner.go

@@ -48,6 +48,13 @@ func NewRunner(cfg *config.Config, reg *config.Registration, cli client.Client)
 			ls = append(ls, l)
 		}
 	}
+
+	if cfg.Runner.Envs == nil {
+		cfg.Runner.Envs = make(map[string]string, 10)
+	}
+
+	cfg.Runner.Envs["GITHUB_SERVER_URL"] = reg.Address
+
 	envs := make(map[string]string, len(cfg.Runner.Envs))
 	for k, v := range cfg.Runner.Envs {
 		envs[k] = v
@@ -179,7 +186,7 @@ func (r *Runner) run(ctx context.Context, task *runnerv1.Task, reporter *report.
 	runnerConfig := &runner.Config{
 		// On Linux, Workdir will be like "/<parent_directory>/<owner>/<repo>"
 		// On Windows, Workdir will be like "\<parent_directory>\<owner>\<repo>"
-		Workdir:        filepath.FromSlash(fmt.Sprintf("/%s/%s", r.cfg.Container.WorkdirParent, preset.Repository)),
+		Workdir:        filepath.FromSlash(filepath.Clean(fmt.Sprintf("/%s/%s", r.cfg.Container.WorkdirParent, preset.Repository))),
 		BindWorkdir:    false,
 		ActionCacheDir: filepath.FromSlash(r.cfg.Host.WorkdirParent),
 

internal/pkg/config/config.example.yaml

@@ -17,14 +17,14 @@ runner:
   # It will be ignored if it's empty or the file doesn't exist.
   env_file: .env
   # The timeout for a job to be finished.
-  # Please note that the Gitea instance also has a timeout (3h by default) for the job.
-  # So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
+  # Please note that the Forgejo instance also has a timeout (3h by default) for the job.
+  # So the job could be stopped by the Forgejo instance if it's timeout is shorter than this.
   timeout: 3h
-  # Whether skip verifying the TLS certificate of the Gitea instance.
+  # Whether skip verifying the TLS certificate of the Forgejo instance.
   insecure: false
-  # The timeout for fetching the job from the Gitea instance.
+  # The timeout for fetching the job from the Forgejo instance.
   fetch_timeout: 5s
-  # The interval for fetching the job from the Gitea instance.
+  # The interval for fetching the job from the Forgejo instance.
   fetch_interval: 2s
   # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
   # Like: ["macos-arm64:host", "ubuntu-latest:docker://node:16-bullseye", "ubuntu-22.04:docker://node:16-bullseye"]
@@ -53,11 +53,11 @@ cache:
 container:
   # Specifies the network to which the container will connect.
   # Could be host, bridge or the name of a custom network.
-  # If it's empty, act_runner will create a network automatically.
+  # If it's empty, create a network automatically.
   network: ""
   # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
   privileged: false
-  # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
+  # And other options to be used when the container is started (eg, --add-host=my.forgejo.url:host-gateway).
   options:
   # The parent directory of a job's working directory.
   # If it's empty, /workspace will be used.

scripts/run.sh

@@ -21,12 +21,12 @@ if [[ ! -s .runner ]]; then
   try=$((try + 1))
   success=0
 
-  # The point of this loop is to make it simple, when running both act_runner and gitea in docker,
-  # for the act_runner to wait a moment for gitea to become available before erroring out.  Within
+  # The point of this loop is to make it simple, when running both forgejo-runner and gitea in docker,
+  # for the forgejo-runner to wait a moment for gitea to become available before erroring out.  Within
   # the context of a single docker-compose, something similar could be done via healthchecks, but
   # this is more flexible.
   while [[ $success -eq 0 ]] && [[ $try -lt ${GITEA_MAX_REG_ATTEMPTS:-10} ]]; do
-    act_runner register \
+    forgejo-runner register \
       --instance "${GITEA_INSTANCE_URL}" \
       --token    "${GITEA_RUNNER_REGISTRATION_TOKEN}" \
       --name     "${GITEA_RUNNER_NAME:-`hostname`}" \
@@ -42,7 +42,7 @@ if [[ ! -s .runner ]]; then
     fi
   done
 fi
-# Prevent reading the token from the act_runner process
+# Prevent reading the token from the forgejo-runner process
 unset GITEA_RUNNER_REGISTRATION_TOKEN
 
-act_runner daemon ${CONFIG_ARG}
+forgejo-runner daemon ${CONFIG_ARG}