merith-xyz
00584cc415
sorry for the unprofessional commit message, I have been working on this effectively non-stop since the previous commit, and have been fighting docker networking being inconsistent as well as filepermisson issues, end me
192 lines
6 KiB
Bash
Executable file
192 lines
6 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
|
|
set -e
|
|
|
|
run_command() {
|
|
local cmd="$1"
|
|
|
|
# Replace any --token <value> or --secret <value> with [REDACTED]
|
|
local safe_cmd=$(echo "$cmd" | sed -E 's/--(token|secret) [^ ]+/--\1 [REDACTED]/g')
|
|
|
|
decho "Running command: $safe_cmd"
|
|
|
|
if [[ "$ISROOT" == true ]]; then
|
|
decho "Running as forgejo-runner"
|
|
su -c "$cmd" forgejo-runner
|
|
else
|
|
decho "Running as $(whoami)"
|
|
eval "$cmd"
|
|
fi
|
|
}
|
|
|
|
makeUser() {
|
|
adduser -u ${RUNNER_USER} -h /data -s /bin/bash -D forgejo-runner
|
|
}
|
|
makeGroup() {
|
|
addgroup -g ${RUNNER_USER} forgejo-runner
|
|
}
|
|
|
|
decho() {
|
|
if [[ "${DEBUG}" == "true" ]]; then
|
|
echo "[entrypoint] $@"
|
|
fi
|
|
}
|
|
|
|
# Initial setup
|
|
cd /data
|
|
|
|
decho "RUNNER_USER: ${RUNNER_USER}"
|
|
RUNNER_USER="${RUNNER_USER:-1000}"
|
|
# Check if the script is running as root
|
|
if [[ $(id -u) -eq 0 ]]; then
|
|
ISROOT=true
|
|
decho "Running as root"
|
|
fi
|
|
|
|
if [[ "$ISROOT" == true ]]; then
|
|
# Check if the forgejo-runner user exists, if not, create it
|
|
if ! id -u forgejo-runner >/dev/null 2>&1; then
|
|
decho "Creating user forgejo-runner with UID ${RUNNER_USER}"
|
|
makeUser
|
|
else
|
|
CURRENT_UID=$(id -u forgejo-runner)
|
|
if [[ "${CURRENT_UID}" -ne "${RUNNER_USER}" ]]; then
|
|
decho "Changing UID of forgejo-runner from ${CURRENT_UID} to ${RUNNER_USER}"
|
|
deluser forgejo-runner
|
|
makeUser
|
|
fi
|
|
fi
|
|
|
|
# Check if the forgejo-runner group exists, if not, create it
|
|
if ! getent group forgejo-runner >/dev/null 2>&1; then
|
|
decho "Creating group forgejo-runner with GID ${RUNNER_USER}"
|
|
makeGroup
|
|
else
|
|
CURRENT_GID=$(getent group forgejo-runner | cut -d: -f3)
|
|
if [[ "${CURRENT_GID}" -ne "${RUNNER_USER}" ]]; then
|
|
decho "Changing GID of forgejo-runner from ${CURRENT_GID} to ${RUNNER_USER}"
|
|
delgroup forgejo-runner
|
|
makeGroup
|
|
fi
|
|
fi
|
|
|
|
# Ensure /data is owned by the runner user
|
|
# yes this can slow things down but is 100% nessecary for the runner to function
|
|
# when running as a root user, because for some reason the runner create files as
|
|
# root and then cant access them
|
|
chown -R forgejo-runner:forgejo-runner /data
|
|
fi
|
|
|
|
# Handle and alter the config file
|
|
if [[ -z "${CONFIG_FILE}" ]]; then
|
|
echo "CONFIG_FILE is not set"
|
|
CONFIG_FILE="/data/config.yml"
|
|
fi
|
|
CONFIG_ARG="--config ${CONFIG_FILE}"
|
|
decho "CONFIG: ${CONFIG_ARG}"
|
|
|
|
DOCKER_HOST=${DOCKER_HOST:-docker}
|
|
DOCKER_CERT_PATH=${DOCKER_CERT_PATH:-"/certs/client"}
|
|
DOCKER_TLS_VERIFY=${DOCKER_TLS_VERIFY:-0}
|
|
decho "DOCKER_HOST: ${DOCKER_HOST}"
|
|
decho "DOCKER_CERT_PATH: ${DOCKER_CERT_PATH}"
|
|
decho "DOCKER_TLS_VERIFY: ${DOCKER_TLS_VERIFY}"
|
|
if [[ ! -f "${CONFIG_FILE}" ]]; then
|
|
echo "Creating ${CONFIG_FILE}"
|
|
run_command "forgejo-runner generate-config > ${CONFIG_FILE}"
|
|
|
|
# Remove test environment variables if they exist in the config file
|
|
sed -i "/^ A_TEST_ENV_NAME_1:/d" ${CONFIG_FILE}
|
|
sed -i "/^ A_TEST_ENV_NAME_2:/d" ${CONFIG_FILE}
|
|
|
|
# Apply default values for docker
|
|
sed -i "/^ labels:/c\ labels: [\"docker:docker://code.forgejo.org/oci/node:20-bookworm\", \"ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04\"]" ${CONFIG_FILE}
|
|
sed -i "/^ network:/c\ network: host" ${CONFIG_FILE}
|
|
sed -i "/^ privileged:/c\ privileged: true" ${CONFIG_FILE}
|
|
|
|
|
|
if [[ "${DOCKER_TLS_VERIFY}" -ne 1 ]]; then
|
|
decho "Docker TLS diabled"
|
|
sed -i "/^ docker_host:/c\ docker_host: ${DOCKER_HOST}" ${CONFIG_FILE}
|
|
else
|
|
decho "Docker TLS enabled"
|
|
sed -i "/^ docker_host:/c\ docker_host: ${DOCKER_HOST}" ${CONFIG_FILE}
|
|
sed -i "/^ valid_volumes:/c\ valid_volumes:\n - ${DOCKER_CERT_PATH}" ${CONFIG_FILE}
|
|
sed -i "/^ options:/c\ options: -v ${DOCKER_CERT_PATH}:${DOCKER_CERT_PATH}" ${CONFIG_FILE}
|
|
fi
|
|
fi
|
|
|
|
ENV_FILE=${ENV_FILE:-"/data/.env"}
|
|
decho "ENV_FILE: ${ENV_FILE}"
|
|
sed -i "/^ env_file:/c\ env_file: ${ENV_FILE}" ${CONFIG_FILE}
|
|
|
|
if [[ ! -f "${ENV_FILE}" ]]; then
|
|
echo "Creating ${ENV_FILE}"
|
|
touch ${ENV_FILE}
|
|
echo "DOCKER_HOST=${DOCKER_HOST}" >> ${ENV_FILE}
|
|
echo "DOCKER_TLS_VERIFY=${DOCKER_TLS_VERIFY}" >> ${ENV_FILE}
|
|
echo "DOCKER_CERT_PATH=${DOCKER_CERT_PATH}" >> ${ENV_FILE}
|
|
fi
|
|
|
|
EXTRA_ARGS=""
|
|
if [[ ! -z "${RUNNER_LABELS}" ]]; then
|
|
EXTRA_ARGS="${EXTRA_ARGS} --labels ${RUNNER_LABELS}"
|
|
fi
|
|
decho "EXTRA_ARGS: ${EXTRA_ARGS}"
|
|
|
|
# Set the runner file
|
|
if [[ -z "${RUNNER_FILE}" ]]; then
|
|
RUNNER_FILE="runner.json" # use json so editors know how to highlight
|
|
fi
|
|
decho "RUNNER_FILE: ${RUNNER_FILE}"
|
|
sed -i "/^ file:/c\ file: ${RUNNER_FILE}" ${CONFIG_FILE}
|
|
|
|
if [[ "${SKIP_WAIT}" != "true" ]]; then
|
|
echo "Waiting 10s to allow other services to start up..."
|
|
sleep 10
|
|
fi
|
|
|
|
if [[ ! -s "${RUNNER_FILE}" ]]; then
|
|
touch ${RUNNER_FILE}
|
|
try=$((try + 1))
|
|
success=0
|
|
decho "try: ${try}, success: ${success}"
|
|
|
|
# The point of this loop is to make it simple, when running both forgejo-runner and gitea in docker,
|
|
# for the forgejo-runner to wait a moment for gitea to become available before erroring out. Within
|
|
# the context of a single docker-compose, something similar could be done via healthchecks, but
|
|
# this is more flexible.
|
|
while [[ $success -eq 0 ]] && [[ $try -lt ${MAX_REG_ATTEMPTS:-10} ]]; do
|
|
if [[ ! -z "${FORGEJO_SECRET}" ]]; then
|
|
run_command "forgejo-runner create-runner-file --connect \
|
|
--instance \"${FORGEJO_URL:-http://forgejo:3000}\" \
|
|
--name \"${RUNNER_NAME:-$(hostname)}\" \
|
|
--secret \"${FORGEJO_SECRET}\" \
|
|
${CONFIG_ARG}\
|
|
${EXTRA_ARGS} 2>&1 | tee /tmp/reg.log"
|
|
else
|
|
run_command "forgejo-runner register \
|
|
--instance \"${FORGEJO_URL:-http://forgejo:3000}\" \
|
|
--name \"${RUNNER_NAME:-$(hostname)}\" \
|
|
--token \"${RUNNER_TOKEN}\" \
|
|
--no-interactive \
|
|
${CONFIG_ARG}\
|
|
${EXTRA_ARGS} 2>&1 | tee /tmp/reg.log"
|
|
fi
|
|
cat /tmp/reg.log | grep -E 'connection successful|registered successfully' >/dev/null
|
|
if [[ $? -eq 0 ]]; then
|
|
echo "SUCCESS"
|
|
success=1
|
|
else
|
|
echo "Waiting to retry ..."
|
|
sleep 5
|
|
fi
|
|
decho "try: ${try}, success: ${success}"
|
|
done
|
|
fi
|
|
|
|
# Prevent reading the token from the forgejo-runner process
|
|
unset RUNNER_TOKEN
|
|
unset FORGEJO_SECRET
|
|
|
|
run_command "forgejo-runner daemon ${CONFIG_ARG}"
|