merith-xyz
ae1e54a796
Some checks failed
Integration tests for the release process / release-simulation (pull_request) Failing after 2s
/ example-docker-compose (pull_request) Failing after 1s
/ cascade (pull_request) Failing after 8s
checks / build and test (pull_request) Failing after 34s
checks / runner exec tests (pull_request) Has been skipped
92 lines
3.6 KiB
YAML
92 lines
3.6 KiB
YAML
# Copyright 2024 The Forgejo Authors.
|
|
# SPDX-License-Identifier: MIT
|
|
|
|
#
|
|
# Create a secret with:
|
|
#
|
|
# openssl rand -hex 20
|
|
#
|
|
# Replace all occurences of {SHARED_SECRET} below with the output.
|
|
#
|
|
# NOTE: a token obtained from the Forgejo web interface cannot be used
|
|
# as a shared secret.
|
|
#
|
|
# Replace ${RUNNER_TOKEN} with the token obtained from the Forgejo web interface.
|
|
#
|
|
# Replace {ROOT_PASSWORD} with a secure password.
|
|
#
|
|
volumes:
|
|
docker_certs:
|
|
|
|
services:
|
|
docker-in-docker:
|
|
image: code.forgejo.org/oci/docker:dind
|
|
hostname: docker # Must set hostname for both internal DNS and TLS to work as certs are only valid for docker and localhost
|
|
restart: unless-stopped
|
|
privileged: true
|
|
environment:
|
|
DOCKER_TLS_CERTDIR: "/certs" # set to "" to disable the use of TLS, also manually update existing runner configs to use port 2375
|
|
DOCKER_HOST: "docker" # remove aswell to disable TLS
|
|
volumes:
|
|
- docker_certs:/certs
|
|
|
|
forgejo:
|
|
image: codeberg.org/forgejo/forgejo:1.21
|
|
hostname: forgejo
|
|
volumes:
|
|
- /srv/forgejo-data:/data
|
|
ports:
|
|
- 8080:3000
|
|
environment:
|
|
FORGEJO__security__INSTALL_LOCK: "true" # remove in production
|
|
FORGEJO__log__LEVEL: "debug" # remove in production
|
|
FORGEJO__repository__ENABLE_PUSH_CREATE_USER: "true" # enables the ability to create a repo when pushing
|
|
FORGEJO__repository__DEFAULT_PUSH_CREATE_PRIVATE: "false" # defaults above to public
|
|
FORGEJO__repository__DEFAULT_REPO_UNITS: "repo.code,repo.actions"
|
|
# `command` is not neecessary, but can be used to create an admin user as shown below when combined with INSTALL_LOCK
|
|
command: >-
|
|
bash -c '
|
|
/bin/s6-svscan /etc/s6 &
|
|
sleep 10 ;
|
|
su -c "forgejo admin user create --admin --username root --password {ROOT_PASSWORD} --email root@example.com" git ;
|
|
su -c "forgejo forgejo-cli actions register --secret {SHARED_SECRET}" git ;
|
|
sleep infinity
|
|
'
|
|
|
|
# all values that have defaults listed are optional
|
|
# only FORGEJO_SECRET or RUNNER_TOKEN is required, the secret will be prioritized
|
|
# FORGEJO_URL is required if forgejo is not in this compose file or docker network
|
|
runner-daemon:
|
|
## TODO: Update image to the the release
|
|
## made from this PR: https://code.forgejo.org/forgejo/runner/pulls/283
|
|
|
|
# image: code.forgejo.org/forgejo/runner:3.4.1
|
|
build: ../../
|
|
user: "1000" # defaults to 1000,
|
|
restart: unless-stopped # needed for fixing file ownership on restart
|
|
volumes:
|
|
- /srv/runner-data:/data
|
|
- docker_certs:/certs
|
|
depends_on:
|
|
- docker-in-docker
|
|
- forgejo
|
|
links:
|
|
- forgejo
|
|
- docker-in-docker
|
|
environment:
|
|
CONFIG_FILE: config.yml # defaults to /data/config.yml
|
|
|
|
DOCKER_HOST: "tcp://docker:2376" # defaults to tcp://docker:2376
|
|
DOCKER_CERT_PATH: "/certs/client" # defaults to /certs/client
|
|
DOCKER_TLS_VERIFY: "1" # defaults to 1
|
|
DOCKER_PRIVILEGED: "true" # defaults to false for security reasons
|
|
|
|
FORGEJO_URL: ${FORGEJO_URL} # defaults to http://forgejo:3000
|
|
FORGEJO_SECRET: "{SHARED_SECRET}" # shared secret, must match Forgejo's, overrides RUNNER_TOKEN
|
|
|
|
RUNNER_FILE: .runner # defaults to /data/runner.json
|
|
RUNNER_NAME: runner-daemon # defaults to forgejo-runner, used for registration
|
|
RUNNER_TOKEN: ${RUNNER_TOKEN} # token obtained from Forgejo web interface
|
|
|
|
DEBUG: "true" # defaults to false, set to true to enable debug logging
|
|
SKIP_WAIT: "false" # defaults to false, set to true to skip the 10 second wait to allow for forgejo and docker-in-docker to start
|