merith-tk/runner
1
0
Fork 0
Code Issues Pull requests 2 Projects Releases Packages Wiki Activity Actions

pass tests, allow drop in replacement

Browse source 
restore original variables
update to include privileged variable
treat `command` as a command and not an argument to entrypoint
This commit is contained in:
Merith 2024-09-27 10:46:35 -07:00 committed by Merith-TK
parent 27bbc83fed
commit 38a43e67ed
3 changed files with 38 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.forgejo/workflows/example-docker-compose.yml
View file

@ -35,7 +35,7 @@ jobs:
# #
# Launch Forgejo & the runner # Launch Forgejo & the runner
# #
$cli up -d $cli up -d --remove-orphans
for delay in $(seq 60) ; do test -f /srv/runner-data/.runner && break ; sleep 30 ; done for delay in $(seq 60) ; do test -f /srv/runner-data/.runner && break ; sleep 30 ; done
test -f /srv/runner-data/.runner test -f /srv/runner-data/.runner
# #

39
entrypoint.sh
View file

@ -4,11 +4,11 @@ set -e
# Technically not nessecary but it cleans up the logs from having token/secret values # Technically not nessecary but it cleans up the logs from having token/secret values
run_command() { run_command() {
local cmd="$1" local cmd="$@"
# Replace any --token <value> or --secret <value> with [REDACTED] # Replace any --token <value> or --secret <value> with [REDACTED]
local safe_cmd=$(echo "$cmd" | sed -E 's/--(token|secret) [^ ]+/--\1 [REDACTED]/g') local safe_cmd=$(echo "$cmd" | sed -E 's/--(token|secret) [^ ]+/--\1 [REDACTED]/g')
decho "Running command: $safe_cmd" decho "Running command: $safe_cmd"
eval "$cmd" eval $cmd
} }
decho() { decho() {
@ -16,6 +16,7 @@ decho() {
echo "[entrypoint] $@" echo "[entrypoint] $@"
fi fi
} }
decho $PWD
# Check if the script is running as root # Check if the script is running as root
if [[ $(id -u) -eq 0 ]]; then if [[ $(id -u) -eq 0 ]]; then
@ -23,6 +24,12 @@ if [[ $(id -u) -eq 0 ]]; then
decho "[WARNING] Running as root user" decho "[WARNING] Running as root user"
fi fi
# Handle if `command` is passed, as command appends arguments to the entrypoint
if [ "$#" -gt 0 ]; then
run_command $@
exit
fi
# Handle and alter the config file # Handle and alter the config file
if [[ -z "${CONFIG_FILE}" ]]; then if [[ -z "${CONFIG_FILE}" ]]; then
echo "CONFIG_FILE is not set" echo "CONFIG_FILE is not set"
@ -49,6 +56,12 @@ if [[ ! -f "${CONFIG_FILE}" ]]; then
sed -i "/^ labels:/c\ labels: [\"docker:docker://code.forgejo.org/oci/node:20-bookworm\", \"ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04\"]" ${CONFIG_FILE} sed -i "/^ labels:/c\ labels: [\"docker:docker://code.forgejo.org/oci/node:20-bookworm\", \"ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04\"]" ${CONFIG_FILE}
sed -i "/^ network:/c\ network: host" ${CONFIG_FILE} sed -i "/^ network:/c\ network: host" ${CONFIG_FILE}
if [[ "${DOCKER_PRIVILEGED}" == "true" ]]; then
sed -i "/^ privileged:/c\ privileged: true" ${CONFIG_FILE}
sed -i "/^ options:/c\ options: -v /certs/client:/certs/client" ${CONFIG_FILE}
sed -i "/^ valid_volumes:/c\ valid_volumes:\n - /certs/client" ${CONFIG_FILE}
fi
fi fi
ENV_FILE=${ENV_FILE:-"/data/.env"} ENV_FILE=${ENV_FILE:-"/data/.env"}
@ -91,20 +104,20 @@ if [[ ! -s "${RUNNER_FILE}" ]]; then
# this is more flexible. # this is more flexible.
while [[ $success -eq 0 ]] && [[ $try -lt ${MAX_REG_ATTEMPTS:-10} ]]; do while [[ $success -eq 0 ]] && [[ $try -lt ${MAX_REG_ATTEMPTS:-10} ]]; do
if [[ ! -z "${FORGEJO_SECRET}" ]]; then if [[ ! -z "${FORGEJO_SECRET}" ]]; then
run_command "forgejo-runner create-runner-file --connect \ run_command forgejo-runner create-runner-file --connect \
--instance \"${FORGEJO_URL:-http://forgejo:3000}\" \ --instance "${FORGEJO_URL:-http://forgejo:3000}" \
--name \"${RUNNER_NAME:-$(hostname)}\" \ --name "${RUNNER_NAME:-$(hostname)}" \
--secret \"${FORGEJO_SECRET}\" \ --secret "${FORGEJO_SECRET}" \
${CONFIG_ARG}\ ${CONFIG_ARG}\
${EXTRA_ARGS} 2>&1 | tee /tmp/reg.log" ${EXTRA_ARGS} 2>&1 | tee /tmp/reg.log
else else
run_command "forgejo-runner register \ run_command forgejo-runner register \
--instance \"${FORGEJO_URL:-http://forgejo:3000}\" \ --instance "${FORGEJO_URL:-http://forgejo:3000}" \
--name \"${RUNNER_NAME:-$(hostname)}\" \ --name "${RUNNER_NAME:-$(hostname)}" \
--token \"${RUNNER_TOKEN}\" \ --token "${RUNNER_TOKEN}" \
--no-interactive \ --no-interactive \
${CONFIG_ARG}\ ${CONFIG_ARG}\
${EXTRA_ARGS} 2>&1 | tee /tmp/reg.log" ${EXTRA_ARGS} 2>&1 | tee /tmp/reg.log
fi fi
cat /tmp/reg.log | grep -E 'connection successful|registered successfully' >/dev/null cat /tmp/reg.log | grep -E 'connection successful|registered successfully' >/dev/null
if [[ $? -eq 0 ]]; then if [[ $? -eq 0 ]]; then
@ -122,4 +135,4 @@ fi
unset RUNNER_TOKEN unset RUNNER_TOKEN
unset FORGEJO_SECRET unset FORGEJO_SECRET
run_command "forgejo-runner daemon ${CONFIG_ARG}" run_command forgejo-runner daemon ${CONFIG_ARG}

22
examples/docker-compose/compose-forgejo-and-runner.yml
View file

@ -13,11 +13,8 @@
# #
# Replace ${RUNNER_TOKEN} with the token obtained from the Forgejo web interface. # Replace ${RUNNER_TOKEN} with the token obtained from the Forgejo web interface.
# #
# Replace ROOT_PASSWORD with a secure password. # Replace {ROOT_PASSWORD} with a secure password.
# #
networks:
forgejo:
volumes: volumes:
docker_certs: docker_certs:
@ -27,8 +24,6 @@ services:
hostname: docker # Must set hostname for both internal DNS and TLS to work as certs are only valid for docker and localhost hostname: docker # Must set hostname for both internal DNS and TLS to work as certs are only valid for docker and localhost
restart: unless-stopped restart: unless-stopped
privileged: true privileged: true
networks:
- forgejo
environment: environment:
DOCKER_TLS_CERTDIR: "/certs" # set to "" to disable the use of TLS, also manually update existing runner configs to use port 2375 DOCKER_TLS_CERTDIR: "/certs" # set to "" to disable the use of TLS, also manually update existing runner configs to use port 2375
DOCKER_HOST: "docker" # remove aswell to disable TLS DOCKER_HOST: "docker" # remove aswell to disable TLS
@ -38,19 +33,22 @@ services:
forgejo: forgejo:
image: codeberg.org/forgejo/forgejo:1.21 image: codeberg.org/forgejo/forgejo:1.21
hostname: forgejo hostname: forgejo
networks:
- forgejo
volumes: volumes:
- /srv/forgejo-data:/data - /srv/forgejo-data:/data
ports: ports:
- 8080:3000 - 8080:3000
environment: environment:
FORGEJO__security__INSTALL_LOCK: "true" # remove in production FORGEJO__security__INSTALL_LOCK: "true" # remove in production
FORGEJO__log__LEVEL: "debug" # remove in production
FORGEJO__repository__ENABLE_PUSH_CREATE_USER: "true" # enables the ability to create a repo when pushing
FORGEJO__repository__DEFAULT_PUSH_CREATE_PRIVATE: "false" # defaults above to public
FORGEJO__repository__DEFAULT_REPO_UNITS: "repo.code,repo.actions"
# `command` is not neecessary, but can be used to create an admin user as shown below when combined with INSTALL_LOCK
command: >- command: >-
bash -c ' bash -c '
/bin/s6-svscan /etc/s6 & /bin/s6-svscan /etc/s6 &
sleep 10 ; sleep 10 ;
su -c "forgejo admin user create --admin --username root --password ROOT_PASSWORD --email root@example.com" git ; su -c "forgejo admin user create --admin --username root --password {ROOT_PASSWORD} --email root@example.com" git ;
su -c "forgejo forgejo-cli actions register --secret {SHARED_SECRET}" git ; su -c "forgejo forgejo-cli actions register --secret {SHARED_SECRET}" git ;
sleep infinity sleep infinity
' '
@ -69,17 +67,19 @@ services:
volumes: volumes:
- /srv/runner-data:/data - /srv/runner-data:/data
- docker_certs:/certs - docker_certs:/certs
networks:
- forgejo
depends_on: depends_on:
- docker-in-docker - docker-in-docker
- forgejo - forgejo
links:
- forgejo
- docker-in-docker
environment: environment:
CONFIG_FILE: config.yml # defaults to /data/config.yml CONFIG_FILE: config.yml # defaults to /data/config.yml
DOCKER_HOST: "tcp://docker:2376" # defaults to tcp://docker:2376 DOCKER_HOST: "tcp://docker:2376" # defaults to tcp://docker:2376
DOCKER_CERT_PATH: "/certs/client" # defaults to /certs/client DOCKER_CERT_PATH: "/certs/client" # defaults to /certs/client
DOCKER_TLS_VERIFY: "1" # defaults to 1 DOCKER_TLS_VERIFY: "1" # defaults to 1
DOCKER_PRIVILEGED: "true" # defaults to false for security reasons
FORGEJO_URL: ${FORGEJO_URL} # defaults to http://forgejo:3000 FORGEJO_URL: ${FORGEJO_URL} # defaults to http://forgejo:3000
FORGEJO_SECRET: "{SHARED_SECRET}" # shared secret, must match Forgejo's, overrides RUNNER_TOKEN FORGEJO_SECRET: "{SHARED_SECRET}" # shared secret, must match Forgejo's, overrides RUNNER_TOKEN