# Copyright 2024 The Forgejo Authors. # SPDX-License-Identifier: MIT # # Create a secret with: # # openssl rand -hex 20 # # Replace all occurences of {SHARED_SECRET} below with the output. # # NOTE: a token obtained from the Forgejo web interface cannot be used # as a shared secret. # # Replace ${RUNNER_TOKEN} with the token obtained from the Forgejo web interface. # # Replace {ROOT_PASSWORD} with a secure password. # volumes: docker_certs: services: docker-in-docker: image: code.forgejo.org/oci/docker:dind hostname: docker # Must set hostname for both internal DNS and TLS to work as certs are only valid for docker and localhost restart: unless-stopped privileged: true environment: DOCKER_TLS_CERTDIR: "/certs" # set to "" to disable the use of TLS, also manually update existing runner configs to use port 2375 DOCKER_HOST: "docker" # remove aswell to disable TLS volumes: - docker_certs:/certs forgejo: image: codeberg.org/forgejo/forgejo:1.21 hostname: forgejo volumes: - /srv/forgejo-data:/data ports: - 8080:3000 environment: FORGEJO__security__INSTALL_LOCK: "true" # remove in production FORGEJO__log__LEVEL: "debug" # remove in production FORGEJO__repository__ENABLE_PUSH_CREATE_USER: "true" # enables the ability to create a repo when pushing FORGEJO__repository__DEFAULT_PUSH_CREATE_PRIVATE: "false" # defaults above to public FORGEJO__repository__DEFAULT_REPO_UNITS: "repo.code,repo.actions" # `command` is not neecessary, but can be used to create an admin user as shown below when combined with INSTALL_LOCK command: >- bash -c ' /bin/s6-svscan /etc/s6 & sleep 10 ; su -c "forgejo admin user create --admin --username root --password {ROOT_PASSWORD} --email root@example.com" git ; su -c "forgejo forgejo-cli actions register --secret {SHARED_SECRET}" git ; sleep infinity ' # all values that have defaults listed are optional # only FORGEJO_SECRET or RUNNER_TOKEN is required, the secret will be prioritized # FORGEJO_URL is required if forgejo is not in this compose file or docker network runner-daemon: ## TODO: Update image to the the release ## made from this PR: https://code.forgejo.org/forgejo/runner/pulls/283 # image: code.forgejo.org/forgejo/runner:3.4.1 build: ../../ user: "1000" # defaults to 1000, restart: unless-stopped # needed for fixing file ownership on restart volumes: - /srv/runner-data:/data - docker_certs:/certs depends_on: - docker-in-docker - forgejo links: - forgejo - docker-in-docker environment: CONFIG_FILE: config.yml # defaults to /data/config.yml DOCKER_HOST: "tcp://docker:2376" # defaults to tcp://docker:2376 DOCKER_CERT_PATH: "/certs/client" # defaults to /certs/client DOCKER_TLS_VERIFY: "1" # defaults to 1 DOCKER_PRIVILEGED: "true" # defaults to false for security reasons FORGEJO_URL: ${FORGEJO_URL} # defaults to http://forgejo:3000 FORGEJO_SECRET: "{SHARED_SECRET}" # shared secret, must match Forgejo's, overrides RUNNER_TOKEN RUNNER_FILE: .runner # defaults to /data/runner.json RUNNER_NAME: runner-daemon # defaults to forgejo-runner, used for registration RUNNER_TOKEN: ${RUNNER_TOKEN} # token obtained from Forgejo web interface DEBUG: "true" # defaults to false, set to true to enable debug logging SKIP_WAIT: "false" # defaults to false, set to true to skip the 10 second wait to allow for forgejo and docker-in-docker to start