From 5a0579f03aaaed5d7bb8216a30c2573ea2dc0d8a Mon Sep 17 00:00:00 2001 From: merith-xyz Date: Wed, 25 Sep 2024 09:46:06 -0700 Subject: [PATCH 01/77] basic entrypoint, automatic registration of runner works --- Dockerfile | 5 ++-- entrypoint.sh | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 81 insertions(+), 2 deletions(-) create mode 100644 entrypoint.sh diff --git a/Dockerfile b/Dockerfile index 50f1965..6843a3a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -38,10 +38,11 @@ LABEL maintainer="contact@forgejo.org" \ ENV HOME=/data -USER 1000:1000 +COPY entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh WORKDIR /data VOLUME ["/data"] -CMD ["/bin/forgejo-runner"] +ENTRYPOINT ["/entrypoint.sh"] diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..4fd5ae8 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,78 @@ +#!/usr/bin/env bash + +set -e + +## Initial setup +if [[ ! -d /data ]]; then + mkdir -p /data +fi +cd /data + +if [[ -z "${RUNNER_FILE}" ]]; then + RUNNER_FILE="/data/.runner" +fi + +if [[ ! -f "${RUNNER_FILE}" ]]; then + touch "${RUNNER_FILE}" +fi + +if [[ -z "${CONFIG_FILE}" ]]; then + CONFIG_FILE="/data/config.yml" +fi +CONFIG_ARG="--config ${CONFIG_FILE}" + +if [[ ! -f "${CONFIG_FILE}" ]]; then + forgejo-runner generate-config > ${CONFIG_FILE} +fi + +EXTRA_ARGS="" +if [[ ! -z "${RUNNER_LABELS}" ]]; then + EXTRA_ARGS="${EXTRA_ARGS} --labels ${RUNNER_LABELS}" +fi + +# For simplicity sake, I am not using the same ENV variable names as the original script + +if [[ -z "${RUNNER_FILE}" ]]; then + RUNNER_FILE=".runner" +fi +sed -i "/^ file:/c\ file: ${RUNNER_FILE}" ${CONFIG_FILE} + +if [[ ! -s "${RUNNER_FILE}" ]]; then + try=$((try + 1)) + success=0 + if [[ -z "${RUNNER_TOKEN}" ]]; then + echo "RUNNER_TOKEN is not set" + exit 1 + fi + + if [[ -z "${FORGEJO_URL}" ]]; then + echo "FORGEJO_URL is not set" + echo "Defaulting to http://forgejo:8080" + fi + + + # The point of this loop is to make it simple, when running both forgejo-runner and gitea in docker, + # for the forgejo-runner to wait a moment for gitea to become available before erroring out. Within + # the context of a single docker-compose, something similar could be done via healthchecks, but + # this is more flexible. + while [[ $success -eq 0 ]] && [[ $try -lt ${MAX_REG_ATTEMPTS:-10} ]]; do + forgejo-runner register \ + --instance "${FORGEJO_URL:-http://forgejo:8080}" \ + --token "${RUNNER_TOKEN}" \ + --name "${RUNNER_NAME:-$(hostname)}" \ + ${CONFIG_ARG} ${EXTRA_ARGS} --no-interactive 2>&1 | tee /tmp/reg.log + + cat /tmp/reg.log | grep 'Runner registered successfully' >/dev/null + if [[ $? -eq 0 ]]; then + echo "SUCCESS" + success=1 + else + echo "Waiting to retry ..." + sleep 5 + fi + done +fi +# Prevent reading the token from the forgejo-runner process +unset RUNNER_TOKEN + +forgejo-runner daemon ${CONFIG_ARG} From 190607cf35712c0e79b2385b240d9bdc3d194b33 Mon Sep 17 00:00:00 2001 From: Merith Date: Wed, 25 Sep 2024 13:00:54 -0700 Subject: [PATCH 02/77] address dockerfile feedback, further work on entrypoint --- Dockerfile | 3 +-- entrypoint.sh | 71 ++++++++++++++++++++++++++++++++++++--------------- 2 files changed, 51 insertions(+), 23 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6843a3a..c40304b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -38,8 +38,7 @@ LABEL maintainer="contact@forgejo.org" \ ENV HOME=/data -COPY entrypoint.sh /entrypoint.sh -RUN chmod +x /entrypoint.sh +COPY --chmod=555 entrypoint.sh /entrypoint.sh WORKDIR /data diff --git a/entrypoint.sh b/entrypoint.sh index 4fd5ae8..a11508c 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -8,36 +8,71 @@ if [[ ! -d /data ]]; then fi cd /data -if [[ -z "${RUNNER_FILE}" ]]; then - RUNNER_FILE="/data/.runner" -fi +RUNNER_USERID="${RUNNER_USERID:-1000}" -if [[ ! -f "${RUNNER_FILE}" ]]; then - touch "${RUNNER_FILE}" +## Setup User +if id "forgejo-runner" &>/dev/null; then + if [[ ! -z "${RUNNER_USERID}" ]]; then + echo "Changing UID of forgejo-runner to ${RUNNER_USERID}" + sed -i "s/^forgejo-runner:[^:]*:[^:]*:/forgejo-runner:x:${RUNNER_USERID}:/" /etc/passwd + fi +else + echo "Creating user forgejo-runner with UID ${RUNNER_USERID}" + adduser --uid "${RUNNER_USERID}" --home /home/forgejo-runner --disabled-password --gecos "" forgejo-runner fi +chown -R forgejo-runner:forgejo-runner /data +## Handle and alter the config file if [[ -z "${CONFIG_FILE}" ]]; then CONFIG_FILE="/data/config.yml" fi CONFIG_ARG="--config ${CONFIG_FILE}" +DOCKER_HOST=${DOCKER_HOST:-docker} +echo "DOCKER_HOST: ${DOCKER_HOST}" if [[ ! -f "${CONFIG_FILE}" ]]; then - forgejo-runner generate-config > ${CONFIG_FILE} + su -c "forgejo-runner generate-config > ${CONFIG_FILE}" forgejo-runner + + # Remove test environment variables if they exist in the config file + sed -i "/^ A_TEST_ENV_NAME_1:/d" ${CONFIG_FILE} + sed -i "/^ A_TEST_ENV_NAME_2:/d" ${CONFIG_FILE} + + # apply default values for docker + sed -i "/\"labels\":/c\ \"labels\": [\"docker:docker://code.forgejo.org/oci/node:20-bookworm\", \"ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04\"]" ${CONFIG_FILE} + + sed -i "/^ network:/c\ network: host" config.yml + sed -i "/^ privileged:/c\ privileged: true" ${CONFIG_FILE} + sed -i "/^ options:/c\ options: -v /certs/client:/certs/client" config.yml + sed -i "/^ docker_host:/c\ docker_host: tcp://${DOCKER_HOST}:2376" ${CONFIG_FILE} fi +if [[ ! -z "${ENV_FILE}" ]]; then + sed -i "/^ env_file:/c\ env_file: ${ENV_FILE}" ${CONFIG_FILE} +else + ENV_FILE="/data/.env" +fi +if [[ ! -f "${ENV_FILE}" ]]; then + echo "Creating ${ENV_FILE} and populating with default values" + cat < ${ENV_FILE} + DOCKER_TLS_VERIFY: 1 + DOCKER_CERT_PATH: /certs/client +EOF +fi + + EXTRA_ARGS="" if [[ ! -z "${RUNNER_LABELS}" ]]; then EXTRA_ARGS="${EXTRA_ARGS} --labels ${RUNNER_LABELS}" fi -# For simplicity sake, I am not using the same ENV variable names as the original script - +# Set the runner file if [[ -z "${RUNNER_FILE}" ]]; then - RUNNER_FILE=".runner" + RUNNER_FILE=".runner.json" # use json so editors know how to highlight fi sed -i "/^ file:/c\ file: ${RUNNER_FILE}" ${CONFIG_FILE} if [[ ! -s "${RUNNER_FILE}" ]]; then + touch ${RUNNER_FILE} try=$((try + 1)) success=0 if [[ -z "${RUNNER_TOKEN}" ]]; then @@ -45,22 +80,16 @@ if [[ ! -s "${RUNNER_FILE}" ]]; then exit 1 fi - if [[ -z "${FORGEJO_URL}" ]]; then - echo "FORGEJO_URL is not set" - echo "Defaulting to http://forgejo:8080" - fi - - # The point of this loop is to make it simple, when running both forgejo-runner and gitea in docker, # for the forgejo-runner to wait a moment for gitea to become available before erroring out. Within # the context of a single docker-compose, something similar could be done via healthchecks, but # this is more flexible. while [[ $success -eq 0 ]] && [[ $try -lt ${MAX_REG_ATTEMPTS:-10} ]]; do - forgejo-runner register \ - --instance "${FORGEJO_URL:-http://forgejo:8080}" \ - --token "${RUNNER_TOKEN}" \ - --name "${RUNNER_NAME:-$(hostname)}" \ - ${CONFIG_ARG} ${EXTRA_ARGS} --no-interactive 2>&1 | tee /tmp/reg.log + su -c "forgejo-runner register \ + --instance \"${FORGEJO_URL:-http://forgejo:3000}\" \ + --token \"${RUNNER_TOKEN}\" \ + --name \"${RUNNER_NAME:-$(hostname)}\" \ + ${CONFIG_ARG} ${EXTRA_ARGS} --no-interactive 2>&1 | tee /tmp/reg.log" forgejo-runner cat /tmp/reg.log | grep 'Runner registered successfully' >/dev/null if [[ $? -eq 0 ]]; then @@ -75,4 +104,4 @@ fi # Prevent reading the token from the forgejo-runner process unset RUNNER_TOKEN -forgejo-runner daemon ${CONFIG_ARG} +su -c "forgejo-runner daemon ${CONFIG_ARG}" forgejo-runner From 16e18662a01078a90a4ad77c642ad4de2e21d087 Mon Sep 17 00:00:00 2001 From: Merith Date: Wed, 25 Sep 2024 13:34:18 -0700 Subject: [PATCH 03/77] add a root-user check, clean up some formatting --- entrypoint.sh | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index a11508c..bed8152 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -2,7 +2,13 @@ set -e -## Initial setup +# Check if the script is run as root +if [ "$EUID" -ne 0 ]; then + echo "This script must be run as root" + exit 1 +fi + +# Initial setup if [[ ! -d /data ]]; then mkdir -p /data fi @@ -10,7 +16,7 @@ cd /data RUNNER_USERID="${RUNNER_USERID:-1000}" -## Setup User +# Setup User if id "forgejo-runner" &>/dev/null; then if [[ ! -z "${RUNNER_USERID}" ]]; then echo "Changing UID of forgejo-runner to ${RUNNER_USERID}" @@ -20,9 +26,11 @@ else echo "Creating user forgejo-runner with UID ${RUNNER_USERID}" adduser --uid "${RUNNER_USERID}" --home /home/forgejo-runner --disabled-password --gecos "" forgejo-runner fi + +# Ensure /data is owned by the runner user chown -R forgejo-runner:forgejo-runner /data -## Handle and alter the config file +# Handle and alter the config file if [[ -z "${CONFIG_FILE}" ]]; then CONFIG_FILE="/data/config.yml" fi @@ -37,12 +45,12 @@ if [[ ! -f "${CONFIG_FILE}" ]]; then sed -i "/^ A_TEST_ENV_NAME_1:/d" ${CONFIG_FILE} sed -i "/^ A_TEST_ENV_NAME_2:/d" ${CONFIG_FILE} - # apply default values for docker + # Apply default values for docker sed -i "/\"labels\":/c\ \"labels\": [\"docker:docker://code.forgejo.org/oci/node:20-bookworm\", \"ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04\"]" ${CONFIG_FILE} - sed -i "/^ network:/c\ network: host" config.yml + sed -i "/^ network:/c\ network: host" ${CONFIG_FILE} sed -i "/^ privileged:/c\ privileged: true" ${CONFIG_FILE} - sed -i "/^ options:/c\ options: -v /certs/client:/certs/client" config.yml + sed -i "/^ options:/c\ options: -v /certs/client:/certs/client" ${CONFIG_FILE} sed -i "/^ docker_host:/c\ docker_host: tcp://${DOCKER_HOST}:2376" ${CONFIG_FILE} fi @@ -51,6 +59,7 @@ if [[ ! -z "${ENV_FILE}" ]]; then else ENV_FILE="/data/.env" fi + if [[ ! -f "${ENV_FILE}" ]]; then echo "Creating ${ENV_FILE} and populating with default values" cat < ${ENV_FILE} @@ -59,7 +68,6 @@ if [[ ! -f "${ENV_FILE}" ]]; then EOF fi - EXTRA_ARGS="" if [[ ! -z "${RUNNER_LABELS}" ]]; then EXTRA_ARGS="${EXTRA_ARGS} --labels ${RUNNER_LABELS}" @@ -101,6 +109,7 @@ if [[ ! -s "${RUNNER_FILE}" ]]; then fi done fi + # Prevent reading the token from the forgejo-runner process unset RUNNER_TOKEN From 3c5ba1c1d2416d201d0e4d7a35fb101778f0be35 Mon Sep 17 00:00:00 2001 From: Merith Date: Wed, 25 Sep 2024 14:05:56 -0700 Subject: [PATCH 04/77] push example docker-compose for runner and forgejo --- entrypoint.sh | 1 + examples/docker-compose/.gitignore | 2 + .../compose-forgejo-and-runner.yml | 89 +++++++------------ 3 files changed, 36 insertions(+), 56 deletions(-) create mode 100644 examples/docker-compose/.gitignore diff --git a/entrypoint.sh b/entrypoint.sh index bed8152..c19b9cd 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -51,6 +51,7 @@ if [[ ! -f "${CONFIG_FILE}" ]]; then sed -i "/^ network:/c\ network: host" ${CONFIG_FILE} sed -i "/^ privileged:/c\ privileged: true" ${CONFIG_FILE} sed -i "/^ options:/c\ options: -v /certs/client:/certs/client" ${CONFIG_FILE} + sed -i "/^ valid_volumes:/c\ valid_volumes:\n - /certs/client" ${CONFIG_FILE} sed -i "/^ docker_host:/c\ docker_host: tcp://${DOCKER_HOST}:2376" ${CONFIG_FILE} fi diff --git a/examples/docker-compose/.gitignore b/examples/docker-compose/.gitignore new file mode 100644 index 0000000..294fcad --- /dev/null +++ b/examples/docker-compose/.gitignore @@ -0,0 +1,2 @@ +forgejo/ +forgejo-runner/ diff --git a/examples/docker-compose/compose-forgejo-and-runner.yml b/examples/docker-compose/compose-forgejo-and-runner.yml index 4794985..c15c63d 100644 --- a/examples/docker-compose/compose-forgejo-and-runner.yml +++ b/examples/docker-compose/compose-forgejo-and-runner.yml @@ -11,18 +11,23 @@ # NOTE: a token obtained from the Forgejo web interface cannot be used # as a shared secret. # -# Replace {ROOT_PASSWORD} with a secure password +# Replace {RUNNER_TOKEN} with the token obtained from the Forgejo web interface. # +networks: + forgejo: + volumes: docker_certs: services: - docker-in-docker: image: code.forgejo.org/oci/docker:dind + container_name: docker # needed for docker internal DNS resolution hostname: docker # Must set hostname as TLS certificates are only valid for docker or localhost privileged: true + networks: + - forgejo environment: DOCKER_TLS_CERTDIR: /certs DOCKER_HOST: docker-in-docker @@ -31,63 +36,35 @@ services: forgejo: image: codeberg.org/forgejo/forgejo:1.21 - command: >- - bash -c ' - /bin/s6-svscan /etc/s6 & - sleep 10 ; - su -c "forgejo forgejo-cli actions register --secret {SHARED_SECRET}" git ; - su -c "forgejo admin user create --admin --username root --password {ROOT_PASSWORD} --email root@example.com" git ; - sleep infinity - ' - environment: - FORGEJO__security__INSTALL_LOCK: "true" - FORGEJO__log__LEVEL: "debug" - FORGEJO__repository__ENABLE_PUSH_CREATE_USER: "true" - FORGEJO__repository__DEFAULT_PUSH_CREATE_PRIVATE: "false" - FORGEJO__repository__DEFAULT_REPO_UNITS: "repo.code,repo.actions" + container_name: forgejo + networks: + - forgejo volumes: - - /srv/forgejo-data:/data + - ./forgejo:/data ports: - 8080:3000 - runner-register: - image: code.forgejo.org/forgejo/runner:3.4.1 - links: - - docker-in-docker - - forgejo - environment: - DOCKER_HOST: tcp://docker-in-docker:2376 + forgejo-runner: + ## TODO: Update image to the the release + ## made from this PR: https://code.forgejo.org/forgejo/runner/pulls/283 + + # image: code.forgejo.org/forgejo/runner:3.4.1 + build: ../../ + container_name: forgejo-runner volumes: - - /srv/runner-data:/data - user: 0:0 - command: >- - bash -ec ' - while : ; do - forgejo-runner create-runner-file --connect --instance http://forgejo:3000 --name runner --secret {SHARED_SECRET} && break ; - sleep 1 ; - done ; - sed -i -e "s|\"labels\": null|\"labels\": [\"docker:docker://code.forgejo.org/oci/node:20-bookworm\", \"ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04\"]|" .runner ; - forgejo-runner generate-config > config.yml ; - sed -i -e "s|network: .*|network: host|" config.yml ; - sed -i -e "s|^ envs:$$| envs:\n DOCKER_HOST: tcp://docker:2376\n DOCKER_TLS_VERIFY: 1\n DOCKER_CERT_PATH: /certs/client|" config.yml ; - sed -i -e "s|^ options:| options: -v /certs/client:/certs/client|" config.yml ; - sed -i -e "s| valid_volumes: \[\]$$| valid_volumes:\n - /certs/client|" config.yml ; - chown -R 1000:1000 /data - ' - - runner-daemon: - image: code.forgejo.org/forgejo/runner:3.4.1 - links: - - docker-in-docker - - forgejo - environment: - DOCKER_HOST: tcp://docker:2376 - DOCKER_CERT_PATH: /certs/client - DOCKER_TLS_VERIFY: "1" - volumes: - - /srv/runner-data:/data + - ./forgejo-runner:/data - docker_certs:/certs - command: >- - bash -c ' - while : ; do test -w .runner && forgejo-runner --config config.yml daemon ; sleep 1 ; done - ' + networks: + - forgejo + depends_on: + - docker-in-docker + - forgejo + environment: + CONFIG_FILE: config.yml # defaults to /data/config.yml + + FORGEJO_URL: ${FORGEJO_URL} # defaults to http://forgejo:3000 + + RUNNER_FILE: runner.json # defaults to /data/runner.json + RUNNER_NAME: forgejo-runner # defaults to forgejo-runner, used for registration + RUNNER_TOKEN: "{RUNNER_TOKEN}" + RUNNER_USER: 1000 # defaults to 1000 From c1654806c5f2e3223df68c6fa6a53a6f49c6bdb4 Mon Sep 17 00:00:00 2001 From: Merith Date: Wed, 25 Sep 2024 15:21:53 -0700 Subject: [PATCH 05/77] update entrypoint and dockerfile, fix test workflow update dockerfile, rework entrypoint execution, update compose and test --- .forgejo/workflows/example-docker-compose.yml | 11 ++- Dockerfile | 2 +- Dockerfile.rootless | 6 ++ entrypoint.sh | 89 ++++++++++++------- .../compose-forgejo-and-runner.yml | 44 ++++++++- 5 files changed, 112 insertions(+), 40 deletions(-) create mode 100644 Dockerfile.rootless diff --git a/.forgejo/workflows/example-docker-compose.yml b/.forgejo/workflows/example-docker-compose.yml index 4e2f547..2a18988 100644 --- a/.forgejo/workflows/example-docker-compose.yml +++ b/.forgejo/workflows/example-docker-compose.yml @@ -39,8 +39,11 @@ jobs: # Launch Forgejo & the runner # $cli up -d - for delay in $(seq 60) ; do test -f /srv/runner-data/.runner && break ; sleep 30 ; done - test -f /srv/runner-data/.runner + for delay in $(seq 60) ; do + test -f ./forgejo-runner/runner.json && break + sleep 30 + done + test -f ./forgejo-runner/runner.json # # Run the demo workflow # @@ -56,11 +59,11 @@ jobs: grep --quiet "$success" /tmp/out && break grep --quiet "$failure" /tmp/out && break $cli ps --all - $cli logs --tail=20 runner-daemon demo-workflow + $cli logs --tail=20 forgejo-runner demo-workflow sleep 30 done grep --quiet "$success" /tmp/out - $cli logs runner-daemon > /tmp/runner.log + $cli logs forgejo-runner > /tmp/runner.log grep --quiet 'Start image=code.forgejo.org/oci/node:20-bookworm' /tmp/runner.log - name: full docker compose logs diff --git a/Dockerfile b/Dockerfile index c40304b..ed94063 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/tonistiigi/xx AS xx -FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.21-alpine3.19 as build-env +FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.21-alpine3.19 AS build-env # # Transparently cross compile for the target platform diff --git a/Dockerfile.rootless b/Dockerfile.rootless new file mode 100644 index 0000000..882be5c --- /dev/null +++ b/Dockerfile.rootless @@ -0,0 +1,6 @@ +FROM code.forgejo.org/forgejo/runner:3.4.1 + +USER 1000:1000 +## In Theory these can be removed on next release of the runner image +COPY --chown=forgejo-runner:forgejo-runner --chmod=555 ./entrypoint.sh /entrypoint +ENTRYPOINT [ "/entrypoint" ] \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh index c19b9cd..c6145e9 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -2,11 +2,15 @@ set -e -# Check if the script is run as root -if [ "$EUID" -ne 0 ]; then - echo "This script must be run as root" - exit 1 -fi +run_command() { + local cmd="$1" + echo "Running $cmd as $(id -u)" + if [[ "$ISROOT" == true ]]; then + su -c "$cmd" forgejo-runner + else + eval "$cmd" + fi +} # Initial setup if [[ ! -d /data ]]; then @@ -16,38 +20,48 @@ cd /data RUNNER_USERID="${RUNNER_USERID:-1000}" -# Setup User -if id "forgejo-runner" &>/dev/null; then - if [[ ! -z "${RUNNER_USERID}" ]]; then - echo "Changing UID of forgejo-runner to ${RUNNER_USERID}" - sed -i "s/^forgejo-runner:[^:]*:[^:]*:/forgejo-runner:x:${RUNNER_USERID}:/" /etc/passwd - fi -else - echo "Creating user forgejo-runner with UID ${RUNNER_USERID}" - adduser --uid "${RUNNER_USERID}" --home /home/forgejo-runner --disabled-password --gecos "" forgejo-runner +# Check if the script is running as root +if [[ $(id -u) -eq 0 ]]; then + ISROOT=true fi -# Ensure /data is owned by the runner user -chown -R forgejo-runner:forgejo-runner /data +if [[ "$ISROOT" == true ]]; then + # Check if the forgejo-runner user exists + if id "forgejo-runner" &>/dev/null; then + echo "forgejo-runner user exists." + + # Change the user ID if needed + CURRENT_UID=$(id -u forgejo-runner) + if [[ "${CURRENT_UID}" -ne "${RUNNER_USERID}" ]]; then + echo "Changing UID of forgejo-runner to ${RUNNER_USERID}" + sed -i "s/^forgejo-runner:[^:]*:[^:]*:/forgejo-runner:x:${RUNNER_USERID}:/" /etc/passwd + fi + else + echo "Creating user forgejo-runner with UID ${RUNNER_USERID}" + adduser --uid "${RUNNER_USERID}" --home /home/forgejo-runner --disabled-password --gecos "" forgejo-runner + fi + + # Ensure /data is owned by the runner user + chown -R forgejo-runner:forgejo-runner /data +fi # Handle and alter the config file if [[ -z "${CONFIG_FILE}" ]]; then + echo "CONFIG_FILE is not set" CONFIG_FILE="/data/config.yml" fi CONFIG_ARG="--config ${CONFIG_FILE}" DOCKER_HOST=${DOCKER_HOST:-docker} -echo "DOCKER_HOST: ${DOCKER_HOST}" if [[ ! -f "${CONFIG_FILE}" ]]; then - su -c "forgejo-runner generate-config > ${CONFIG_FILE}" forgejo-runner + run_command "forgejo-runner generate-config > ${CONFIG_FILE}" forgejo-runner # Remove test environment variables if they exist in the config file sed -i "/^ A_TEST_ENV_NAME_1:/d" ${CONFIG_FILE} sed -i "/^ A_TEST_ENV_NAME_2:/d" ${CONFIG_FILE} # Apply default values for docker - sed -i "/\"labels\":/c\ \"labels\": [\"docker:docker://code.forgejo.org/oci/node:20-bookworm\", \"ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04\"]" ${CONFIG_FILE} - + sed -i "/^ labels:/c\ \"labels\": [\"docker:docker://code.forgejo.org/oci/node:20-bookworm\", \"ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04\"]" ${CONFIG_FILE} sed -i "/^ network:/c\ network: host" ${CONFIG_FILE} sed -i "/^ privileged:/c\ privileged: true" ${CONFIG_FILE} sed -i "/^ options:/c\ options: -v /certs/client:/certs/client" ${CONFIG_FILE} @@ -63,7 +77,7 @@ fi if [[ ! -f "${ENV_FILE}" ]]; then echo "Creating ${ENV_FILE} and populating with default values" - cat < ${ENV_FILE} + cat <${ENV_FILE} DOCKER_TLS_VERIFY: 1 DOCKER_CERT_PATH: /certs/client EOF @@ -76,7 +90,7 @@ fi # Set the runner file if [[ -z "${RUNNER_FILE}" ]]; then - RUNNER_FILE=".runner.json" # use json so editors know how to highlight + RUNNER_FILE=".runner.json" # use json so editors know how to highlight fi sed -i "/^ file:/c\ file: ${RUNNER_FILE}" ${CONFIG_FILE} @@ -84,9 +98,15 @@ if [[ ! -s "${RUNNER_FILE}" ]]; then touch ${RUNNER_FILE} try=$((try + 1)) success=0 - if [[ -z "${RUNNER_TOKEN}" ]]; then - echo "RUNNER_TOKEN is not set" - exit 1 + + if [[ ! -z "${FORGEJO_SECRET}" ]]; then + EXTRA_ARGS="${EXTRA_ARGS} --secret ${FORGEJO_SECRET}" + else + if [[ -z "${RUNNER_TOKEN}" ]]; then + echo "RUNNER_TOKEN is not set" + exit 1 + fi + EXTRA_ARGS="${EXTRA_ARGS} --token ${RUNNER_TOKEN}" fi # The point of this loop is to make it simple, when running both forgejo-runner and gitea in docker, @@ -94,13 +114,18 @@ if [[ ! -s "${RUNNER_FILE}" ]]; then # the context of a single docker-compose, something similar could be done via healthchecks, but # this is more flexible. while [[ $success -eq 0 ]] && [[ $try -lt ${MAX_REG_ATTEMPTS:-10} ]]; do - su -c "forgejo-runner register \ - --instance \"${FORGEJO_URL:-http://forgejo:3000}\" \ - --token \"${RUNNER_TOKEN}\" \ - --name \"${RUNNER_NAME:-$(hostname)}\" \ - ${CONFIG_ARG} ${EXTRA_ARGS} --no-interactive 2>&1 | tee /tmp/reg.log" forgejo-runner + # run_command "forgejo-runner register \ + # --instance \"${FORGEJO_URL:-http://forgejo:3000}\" \ + # --name \"${RUNNER_NAME:-$(hostname)}\" \ + # ${CONFIG_ARG} ${EXTRA_ARGS} --no-interactive 2>&1 | tee /tmp/reg.log" - cat /tmp/reg.log | grep 'Runner registered successfully' >/dev/null + run_command "forgejo-runner create-runner-file --connect \ + --instance \"${FORGEJO_URL:-http://forgejo:3000}\" \ + --name \"${RUNNER_NAME:-$(hostname)}\" \ + ${CONFIG_ARG} ${EXTRA_ARGS} 2>&1 | tee /tmp/reg.log" + + + cat /tmp/reg.log | grep 'connection successful' >/dev/null if [[ $? -eq 0 ]]; then echo "SUCCESS" success=1 @@ -114,4 +139,4 @@ fi # Prevent reading the token from the forgejo-runner process unset RUNNER_TOKEN -su -c "forgejo-runner daemon ${CONFIG_ARG}" forgejo-runner +run_command "forgejo-runner daemon ${CONFIG_ARG}" diff --git a/examples/docker-compose/compose-forgejo-and-runner.yml b/examples/docker-compose/compose-forgejo-and-runner.yml index c15c63d..eb6006e 100644 --- a/examples/docker-compose/compose-forgejo-and-runner.yml +++ b/examples/docker-compose/compose-forgejo-and-runner.yml @@ -11,7 +11,7 @@ # NOTE: a token obtained from the Forgejo web interface cannot be used # as a shared secret. # -# Replace {RUNNER_TOKEN} with the token obtained from the Forgejo web interface. +# Replace ${RUNNER_TOKEN} with the token obtained from the Forgejo web interface. # networks: @@ -43,14 +43,24 @@ services: - ./forgejo:/data ports: - 8080:3000 + command: >- + bash -c ' + /bin/s6-svscan /etc/s6 & + sleep 10 ; + su -c "forgejo forgejo-cli actions register --secret {SHARED_SECRET}" git ; + sleep infinity + ' forgejo-runner: ## TODO: Update image to the the release ## made from this PR: https://code.forgejo.org/forgejo/runner/pulls/283 # image: code.forgejo.org/forgejo/runner:3.4.1 - build: ../../ + build: + context: ../../ + dockerfile: Dockerfile container_name: forgejo-runner + # user: "1000" # set to run rootless, overrides RUNNER_USER volumes: - ./forgejo-runner:/data - docker_certs:/certs @@ -63,8 +73,36 @@ services: CONFIG_FILE: config.yml # defaults to /data/config.yml FORGEJO_URL: ${FORGEJO_URL} # defaults to http://forgejo:3000 + FORGEJO_SECRET: "{SHARED_SECRET}" # shared secret, must match Forgejo's RUNNER_FILE: runner.json # defaults to /data/runner.json RUNNER_NAME: forgejo-runner # defaults to forgejo-runner, used for registration - RUNNER_TOKEN: "{RUNNER_TOKEN}" + RUNNER_TOKEN: "${RUNNER_TOKEN}" RUNNER_USER: 1000 # defaults to 1000 + + forgejo-runner-rootless: + ## TODO: Update image to the the release + ## made from this PR: https://code.forgejo.org/forgejo/runner/pulls/283 + + # image: code.forgejo.org/forgejo/runner:3.4.1 + build: + context: ../../ + dockerfile: Dockerfile.rootless + container_name: forgejo-runner-rootless + volumes: + - ./forgejo-runner:/data + - docker_certs:/certs + networks: + - forgejo + depends_on: + - docker-in-docker + - forgejo + environment: + CONFIG_FILE: config-rootless.yml # defaults to /data/config.yml + + FORGEJO_URL: ${FORGEJO_URL} # defaults to http://forgejo:3000 + FORGEJO_SECRET: "{SHARED_SECRET}" # shared secret, must match Forgejo's + + RUNNER_FILE: runner-rootless.json # defaults to /data/runner.json + RUNNER_NAME: forgejo-runner # defaults to forgejo-runner, used for registration + RUNNER_TOKEN: "${RUNNER_TOKEN}" \ No newline at end of file From 1e6e1cb3c2c4e8fa9bd39754cd70cb756d59548c Mon Sep 17 00:00:00 2001 From: Merith Date: Wed, 25 Sep 2024 17:10:50 -0700 Subject: [PATCH 06/77] disabled TLS in example, not needed for a closed docker network --- entrypoint.sh | 26 +++++++++---------- .../compose-forgejo-and-runner.yml | 6 ++--- 2 files changed, 15 insertions(+), 17 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index c6145e9..d1376c0 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -64,9 +64,14 @@ if [[ ! -f "${CONFIG_FILE}" ]]; then sed -i "/^ labels:/c\ \"labels\": [\"docker:docker://code.forgejo.org/oci/node:20-bookworm\", \"ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04\"]" ${CONFIG_FILE} sed -i "/^ network:/c\ network: host" ${CONFIG_FILE} sed -i "/^ privileged:/c\ privileged: true" ${CONFIG_FILE} - sed -i "/^ options:/c\ options: -v /certs/client:/certs/client" ${CONFIG_FILE} - sed -i "/^ valid_volumes:/c\ valid_volumes:\n - /certs/client" ${CONFIG_FILE} - sed -i "/^ docker_host:/c\ docker_host: tcp://${DOCKER_HOST}:2376" ${CONFIG_FILE} + + if [[ "${DOCKER_TLS_VERIFY}" -ne 1 ]]; then + sed -i "/^ docker_host:/c\ docker_host: tcp://${DOCKER_HOST}:2375" ${CONFIG_FILE} + else + sed -i "/^ docker_host:/c\ docker_host: tcp://${DOCKER_HOST}:2376" ${CONFIG_FILE} + sed -i "/^ valid_volumes:/c\ valid_volumes:\n - /certs/client" ${CONFIG_FILE} + sed -i "/^ options:/c\ options: -v /certs/client:/certs/client" ${CONFIG_FILE} + fi fi if [[ ! -z "${ENV_FILE}" ]]; then @@ -76,11 +81,8 @@ else fi if [[ ! -f "${ENV_FILE}" ]]; then - echo "Creating ${ENV_FILE} and populating with default values" - cat <${ENV_FILE} - DOCKER_TLS_VERIFY: 1 - DOCKER_CERT_PATH: /certs/client -EOF + echo "Creating ${ENV_FILE}" + touch ${ENV_FILE} fi EXTRA_ARGS="" @@ -101,12 +103,14 @@ if [[ ! -s "${RUNNER_FILE}" ]]; then if [[ ! -z "${FORGEJO_SECRET}" ]]; then EXTRA_ARGS="${EXTRA_ARGS} --secret ${FORGEJO_SECRET}" + echo "Registering with SECRET" else if [[ -z "${RUNNER_TOKEN}" ]]; then echo "RUNNER_TOKEN is not set" exit 1 fi EXTRA_ARGS="${EXTRA_ARGS} --token ${RUNNER_TOKEN}" + echo "Registering with TOKEN" fi # The point of this loop is to make it simple, when running both forgejo-runner and gitea in docker, @@ -114,17 +118,11 @@ if [[ ! -s "${RUNNER_FILE}" ]]; then # the context of a single docker-compose, something similar could be done via healthchecks, but # this is more flexible. while [[ $success -eq 0 ]] && [[ $try -lt ${MAX_REG_ATTEMPTS:-10} ]]; do - # run_command "forgejo-runner register \ - # --instance \"${FORGEJO_URL:-http://forgejo:3000}\" \ - # --name \"${RUNNER_NAME:-$(hostname)}\" \ - # ${CONFIG_ARG} ${EXTRA_ARGS} --no-interactive 2>&1 | tee /tmp/reg.log" - run_command "forgejo-runner create-runner-file --connect \ --instance \"${FORGEJO_URL:-http://forgejo:3000}\" \ --name \"${RUNNER_NAME:-$(hostname)}\" \ ${CONFIG_ARG} ${EXTRA_ARGS} 2>&1 | tee /tmp/reg.log" - cat /tmp/reg.log | grep 'connection successful' >/dev/null if [[ $? -eq 0 ]]; then echo "SUCCESS" diff --git a/examples/docker-compose/compose-forgejo-and-runner.yml b/examples/docker-compose/compose-forgejo-and-runner.yml index eb6006e..e38e841 100644 --- a/examples/docker-compose/compose-forgejo-and-runner.yml +++ b/examples/docker-compose/compose-forgejo-and-runner.yml @@ -7,7 +7,7 @@ # openssl rand -hex 20 # # Replace all occurences of {SHARED_SECRET} below with the output. -# +# # NOTE: a token obtained from the Forgejo web interface cannot be used # as a shared secret. # @@ -29,7 +29,7 @@ services: networks: - forgejo environment: - DOCKER_TLS_CERTDIR: /certs + DOCKER_TLS_CERTDIR: "" # set to "certs" to use the TLS certificates, also update existing runner configs to use port 2376 DOCKER_HOST: docker-in-docker volumes: - docker_certs:/certs @@ -104,5 +104,5 @@ services: FORGEJO_SECRET: "{SHARED_SECRET}" # shared secret, must match Forgejo's RUNNER_FILE: runner-rootless.json # defaults to /data/runner.json - RUNNER_NAME: forgejo-runner # defaults to forgejo-runner, used for registration + RUNNER_NAME: forgejo-runner-rootless # defaults to forgejo-runner, used for registration RUNNER_TOKEN: "${RUNNER_TOKEN}" \ No newline at end of file From 2c4a1d43beeb359eee0c40366cb90907f4760a52 Mon Sep 17 00:00:00 2001 From: Merith Date: Thu, 26 Sep 2024 07:28:00 -0700 Subject: [PATCH 07/77] revert changes to workflow --- .forgejo/workflows/example-docker-compose.yml | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/.forgejo/workflows/example-docker-compose.yml b/.forgejo/workflows/example-docker-compose.yml index 2a18988..f1089ec 100644 --- a/.forgejo/workflows/example-docker-compose.yml +++ b/.forgejo/workflows/example-docker-compose.yml @@ -39,11 +39,8 @@ jobs: # Launch Forgejo & the runner # $cli up -d - for delay in $(seq 60) ; do - test -f ./forgejo-runner/runner.json && break - sleep 30 - done - test -f ./forgejo-runner/runner.json + for delay in $(seq 60) ; do test -f /srv/runner-data/.runner && break ; sleep 30 ; done + test -f /srv/runner-data/.runner # # Run the demo workflow # @@ -59,15 +56,15 @@ jobs: grep --quiet "$success" /tmp/out && break grep --quiet "$failure" /tmp/out && break $cli ps --all - $cli logs --tail=20 forgejo-runner demo-workflow + $cli logs --tail=20 runner-daemon demo-workflow sleep 30 done grep --quiet "$success" /tmp/out - $cli logs forgejo-runner > /tmp/runner.log + $cli logs runner-daemon > /tmp/runner.log grep --quiet 'Start image=code.forgejo.org/oci/node:20-bookworm' /tmp/runner.log - name: full docker compose logs if: always() run: | cd examples/docker-compose - docker compose -f compose-forgejo-and-runner.yml -f compose-demo-workflow.yml logs + docker compose -f compose-forgejo-and-runner.yml -f compose-demo-workflow.yml logs \ No newline at end of file From ea96696f10c9c700bb14b093821917ba4dd6a2e6 Mon Sep 17 00:00:00 2001 From: Merith Date: Thu, 26 Sep 2024 15:08:31 -0700 Subject: [PATCH 08/77] remove rootless dockerfile, updatedate entrypoint, update docker compose Removed the rootless dockerfile as upon further investigation into how a `rootless` container works, the entrypoint that has been written fully accomodates that to reflect this the compose file has had the rootless config removed from it as it is no longer needed to test a seperate container image, added a debug echo function `decho` to the entrypoint, when `DEBUG=true` it will print "[entrypoint] message content" added a 10 second wait to the entrypoint to allow other services such as docker-in-docker and forgejo to finish launching before the runner is launched, this is bypassable by `SKIP_WAIT=true` applied several modifications requested by viceice, --- Dockerfile.rootless | 6 -- entrypoint.sh | 73 ++++++++++++++----- .../compose-forgejo-and-runner.yml | 70 +++++++----------- 3 files changed, 78 insertions(+), 71 deletions(-) delete mode 100644 Dockerfile.rootless diff --git a/Dockerfile.rootless b/Dockerfile.rootless deleted file mode 100644 index 882be5c..0000000 --- a/Dockerfile.rootless +++ /dev/null @@ -1,6 +0,0 @@ -FROM code.forgejo.org/forgejo/runner:3.4.1 - -USER 1000:1000 -## In Theory these can be removed on next release of the runner image -COPY --chown=forgejo-runner:forgejo-runner --chmod=555 ./entrypoint.sh /entrypoint -ENTRYPOINT [ "/entrypoint" ] \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh index d1376c0..ed17b19 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -4,25 +4,32 @@ set -e run_command() { local cmd="$1" - echo "Running $cmd as $(id -u)" + redacted_cmd=$(echo "$cmd" | sed -E 's/(--secret\s+|--token\s+)[^ ]+/--\1[REDACTED]/g') + decho "Running command: $redacted_cmd" if [[ "$ISROOT" == true ]]; then + decho "Running as forgejo-runner" su -c "$cmd" forgejo-runner else + decho "Running as RUNNER_USER: ${RUNNER_USER}" eval "$cmd" fi } +decho() { + if [[ "${DEBUG}" == "true" ]]; then + echo "[entrypoint] $@" + fi +} + # Initial setup -if [[ ! -d /data ]]; then - mkdir -p /data -fi cd /data -RUNNER_USERID="${RUNNER_USERID:-1000}" - +decho "RUNNER_USER: ${RUNNER_USER}" +RUNNER_USER="${RUNNER_USER:-1000}" # Check if the script is running as root if [[ $(id -u) -eq 0 ]]; then ISROOT=true + decho "Running as root" fi if [[ "$ISROOT" == true ]]; then @@ -32,17 +39,21 @@ if [[ "$ISROOT" == true ]]; then # Change the user ID if needed CURRENT_UID=$(id -u forgejo-runner) - if [[ "${CURRENT_UID}" -ne "${RUNNER_USERID}" ]]; then - echo "Changing UID of forgejo-runner to ${RUNNER_USERID}" - sed -i "s/^forgejo-runner:[^:]*:[^:]*:/forgejo-runner:x:${RUNNER_USERID}:/" /etc/passwd + decho "CURRENT_UID: ${CURRENT_UID}" + if [[ "${CURRENT_UID}" -ne "${RUNNER_USER}" ]]; then + echo "Changing UID of forgejo-runner to ${RUNNER_USER}" + sed -i "s/^forgejo-runner:[^:]*:[^:]*:/forgejo-runner:x:${RUNNER_USER}:/" /etc/passwd fi else - echo "Creating user forgejo-runner with UID ${RUNNER_USERID}" - adduser --uid "${RUNNER_USERID}" --home /home/forgejo-runner --disabled-password --gecos "" forgejo-runner + echo "Creating user forgejo-runner with UID ${RUNNER_USER}" + adduser --uid "${RUNNER_USER}" --home /home/forgejo-runner --disabled-password --gecos "" forgejo-runner fi # Ensure /data is owned by the runner user - chown -R forgejo-runner:forgejo-runner /data + if [[ $(stat -c "%u" /data) != "${RUNNER_USER}" ]]; then + decho "Changing ownership of /data to ${RUNNER_USER}" + chown -R forgejo-runner:forgejo-runner /data + fi fi # Handle and alter the config file @@ -51,9 +62,16 @@ if [[ -z "${CONFIG_FILE}" ]]; then CONFIG_FILE="/data/config.yml" fi CONFIG_ARG="--config ${CONFIG_FILE}" +decho "CONFIG: ${CONFIG_ARG}" DOCKER_HOST=${DOCKER_HOST:-docker} +DOCKER_TLS_CERTDIR=${DOCKER_TLS_CERTDIR:-"/certs/client"} +DOCKER_TLS_VERIFY=${DOCKER_TLS_VERIFY:-0} +decho "DOCKER_HOST: ${DOCKER_HOST}" +decho "DOCKER_TLS_CERTDIR: ${DOCKER_TLS_CERTDIR}" +decho "DOCKER_TLS_VERIFY: ${DOCKER_TLS_VERIFY}" if [[ ! -f "${CONFIG_FILE}" ]]; then + echo "Creating ${CONFIG_FILE}" run_command "forgejo-runner generate-config > ${CONFIG_FILE}" forgejo-runner # Remove test environment variables if they exist in the config file @@ -65,41 +83,53 @@ if [[ ! -f "${CONFIG_FILE}" ]]; then sed -i "/^ network:/c\ network: host" ${CONFIG_FILE} sed -i "/^ privileged:/c\ privileged: true" ${CONFIG_FILE} + if [[ "${DOCKER_TLS_VERIFY}" -ne 1 ]]; then + decho "Docker TLS diabled" sed -i "/^ docker_host:/c\ docker_host: tcp://${DOCKER_HOST}:2375" ${CONFIG_FILE} else + decho "Docker TLS enabled" sed -i "/^ docker_host:/c\ docker_host: tcp://${DOCKER_HOST}:2376" ${CONFIG_FILE} - sed -i "/^ valid_volumes:/c\ valid_volumes:\n - /certs/client" ${CONFIG_FILE} - sed -i "/^ options:/c\ options: -v /certs/client:/certs/client" ${CONFIG_FILE} + sed -i "/^ valid_volumes:/c\ valid_volumes:\n - ${DOCKER_TLS_CERTDIR}" ${CONFIG_FILE} + sed -i "/^ options:/c\ options: -v ${DOCKER_TLS_CERTDIR}:${DOCKER_TLS_CERTDIR}" ${CONFIG_FILE} fi fi -if [[ ! -z "${ENV_FILE}" ]]; then - sed -i "/^ env_file:/c\ env_file: ${ENV_FILE}" ${CONFIG_FILE} -else - ENV_FILE="/data/.env" -fi +ENV_FILE=${ENV_FILE:-"/data/.env"} +decho "ENV_FILE: ${ENV_FILE}" +sed -i "/^ env_file:/c\ env_file: ${ENV_FILE}" ${CONFIG_FILE} if [[ ! -f "${ENV_FILE}" ]]; then echo "Creating ${ENV_FILE}" touch ${ENV_FILE} + echo "DOCKER_HOST=${DOCKER_HOST}" >> ${ENV_FILE} + echo "DOCKER_TLS_VERIFY=${DOCKER_TLS_VERIFY}" >> ${ENV_FILE} + echo "DOCKER_TLS_CERTDIR=${DOCKER_TLS_CERTDIR}" >> ${ENV_FILE} fi EXTRA_ARGS="" if [[ ! -z "${RUNNER_LABELS}" ]]; then EXTRA_ARGS="${EXTRA_ARGS} --labels ${RUNNER_LABELS}" fi +decho "EXTRA_ARGS: ${EXTRA_ARGS}" # Set the runner file if [[ -z "${RUNNER_FILE}" ]]; then - RUNNER_FILE=".runner.json" # use json so editors know how to highlight + RUNNER_FILE="runner.json" # use json so editors know how to highlight fi +decho "RUNNER_FILE: ${RUNNER_FILE}" sed -i "/^ file:/c\ file: ${RUNNER_FILE}" ${CONFIG_FILE} +if [[ "${SKIP_WAIT}" != "true" ]]; then + secho "Waiting 10s to allow other services to start up..." + sleep 10 +fi + if [[ ! -s "${RUNNER_FILE}" ]]; then touch ${RUNNER_FILE} try=$((try + 1)) success=0 + decho "try: ${try}, success: ${success}" if [[ ! -z "${FORGEJO_SECRET}" ]]; then EXTRA_ARGS="${EXTRA_ARGS} --secret ${FORGEJO_SECRET}" @@ -112,6 +142,7 @@ if [[ ! -s "${RUNNER_FILE}" ]]; then EXTRA_ARGS="${EXTRA_ARGS} --token ${RUNNER_TOKEN}" echo "Registering with TOKEN" fi + decho "EXTRA_ARGS after secret/token: ${EXTRA_ARGS}" # The point of this loop is to make it simple, when running both forgejo-runner and gitea in docker, # for the forgejo-runner to wait a moment for gitea to become available before erroring out. Within @@ -131,10 +162,12 @@ if [[ ! -s "${RUNNER_FILE}" ]]; then echo "Waiting to retry ..." sleep 5 fi + decho "try: ${try}, success: ${success}" done fi # Prevent reading the token from the forgejo-runner process unset RUNNER_TOKEN +unset FORGEJO_SECRET run_command "forgejo-runner daemon ${CONFIG_ARG}" diff --git a/examples/docker-compose/compose-forgejo-and-runner.yml b/examples/docker-compose/compose-forgejo-and-runner.yml index e38e841..e644a4f 100644 --- a/examples/docker-compose/compose-forgejo-and-runner.yml +++ b/examples/docker-compose/compose-forgejo-and-runner.yml @@ -7,7 +7,7 @@ # openssl rand -hex 20 # # Replace all occurences of {SHARED_SECRET} below with the output. -# +# # NOTE: a token obtained from the Forgejo web interface cannot be used # as a shared secret. # @@ -23,20 +23,19 @@ volumes: services: docker-in-docker: image: code.forgejo.org/oci/docker:dind - container_name: docker # needed for docker internal DNS resolution - hostname: docker # Must set hostname as TLS certificates are only valid for docker or localhost + # container_name: docker # Must set container_name to docker for both internal DNS and TLS to work + hostname: docker privileged: true networks: - forgejo environment: - DOCKER_TLS_CERTDIR: "" # set to "certs" to use the TLS certificates, also update existing runner configs to use port 2376 - DOCKER_HOST: docker-in-docker + DOCKER_TLS_CERTDIR: "/certs" # set to "" to disable the use of TLS, also manually update existing runner configs to use port 2375 volumes: - docker_certs:/certs forgejo: image: codeberg.org/forgejo/forgejo:1.21 - container_name: forgejo + hostname: forgejo networks: - forgejo volumes: @@ -47,20 +46,21 @@ services: bash -c ' /bin/s6-svscan /etc/s6 & sleep 10 ; + su -c "forgejo admin user create --admin --username root --password examplepassword --email root@example.com" git ; su -c "forgejo forgejo-cli actions register --secret {SHARED_SECRET}" git ; sleep infinity ' + # all values that have defaults listed are optional + # only FORGEJO_SECRET or RUNNER_TOKEN is required + # FORGEJO_URL is required if forgejo is in this compose file or docker network forgejo-runner: ## TODO: Update image to the the release ## made from this PR: https://code.forgejo.org/forgejo/runner/pulls/283 - - # image: code.forgejo.org/forgejo/runner:3.4.1 - build: - context: ../../ - dockerfile: Dockerfile - container_name: forgejo-runner - # user: "1000" # set to run rootless, overrides RUNNER_USER + + # image: code.forgejo.org/forgejo/runner:3.4.1 + build: ../../ + # user: "1000" # set to run rootless, overrides RUNNER_USER and disables automatic file ownership volumes: - ./forgejo-runner:/data - docker_certs:/certs @@ -70,39 +70,19 @@ services: - docker-in-docker - forgejo environment: - CONFIG_FILE: config.yml # defaults to /data/config.yml + CONFIG_FILE: config.yml # defaults to /data/config.yml - FORGEJO_URL: ${FORGEJO_URL} # defaults to http://forgejo:3000 - FORGEJO_SECRET: "{SHARED_SECRET}" # shared secret, must match Forgejo's + DOCKER_HOST: "docker" # defaults to docker + DOCKER_TLS_CERTDIR: "/certs/client" # defaults to /certs/client + DOCKER_TLS_VERIFY: "1" # defaults to 0, set to 1 to enable TLS - RUNNER_FILE: runner.json # defaults to /data/runner.json - RUNNER_NAME: forgejo-runner # defaults to forgejo-runner, used for registration + FORGEJO_URL: ${FORGEJO_URL} # defaults to http://forgejo:3000 + FORGEJO_SECRET: "{SHARED_SECRET}" # shared secret, must match Forgejo's, overrides RUNNER_TOKEN + + RUNNER_FILE: .runner # defaults to /data/runner.json + RUNNER_NAME: forgejo-runner # defaults to forgejo-runner, used for registration RUNNER_TOKEN: "${RUNNER_TOKEN}" - RUNNER_USER: 1000 # defaults to 1000 + RUNNER_USER: 1000 # defaults to 1000, allows for automatic file ownership - forgejo-runner-rootless: - ## TODO: Update image to the the release - ## made from this PR: https://code.forgejo.org/forgejo/runner/pulls/283 - - # image: code.forgejo.org/forgejo/runner:3.4.1 - build: - context: ../../ - dockerfile: Dockerfile.rootless - container_name: forgejo-runner-rootless - volumes: - - ./forgejo-runner:/data - - docker_certs:/certs - networks: - - forgejo - depends_on: - - docker-in-docker - - forgejo - environment: - CONFIG_FILE: config-rootless.yml # defaults to /data/config.yml - - FORGEJO_URL: ${FORGEJO_URL} # defaults to http://forgejo:3000 - FORGEJO_SECRET: "{SHARED_SECRET}" # shared secret, must match Forgejo's - - RUNNER_FILE: runner-rootless.json # defaults to /data/runner.json - RUNNER_NAME: forgejo-runner-rootless # defaults to forgejo-runner, used for registration - RUNNER_TOKEN: "${RUNNER_TOKEN}" \ No newline at end of file + DEBUG: "true" # defaults to false, set to true to enable debug logging + SKIP_WAIT: "false" # defaults to false, set to true to skip the 10 second wait to allow for forgejo and docker-in-docker to start From f9ff5dce170bcea3780e8332b234f879cf8d239b Mon Sep 17 00:00:00 2001 From: merith-xyz Date: Thu, 26 Sep 2024 15:16:51 -0700 Subject: [PATCH 09/77] echo, not secho --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index ed17b19..60622c4 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -121,7 +121,7 @@ decho "RUNNER_FILE: ${RUNNER_FILE}" sed -i "/^ file:/c\ file: ${RUNNER_FILE}" ${CONFIG_FILE} if [[ "${SKIP_WAIT}" != "true" ]]; then - secho "Waiting 10s to allow other services to start up..." + echo "Waiting 10s to allow other services to start up..." sleep 10 fi From 00584cc415b5adb0e669e506d3d89f678748f902 Mon Sep 17 00:00:00 2001 From: merith-xyz Date: Thu, 26 Sep 2024 19:00:54 -0700 Subject: [PATCH 10/77] I guess it works now sorry for the unprofessional commit message, I have been working on this effectively non-stop since the previous commit, and have been fighting docker networking being inconsistent as well as filepermisson issues, end me --- entrypoint.sh | 109 ++++++++++-------- .../compose-forgejo-and-runner.yml | 19 +-- 2 files changed, 74 insertions(+), 54 deletions(-) mode change 100644 => 100755 entrypoint.sh diff --git a/entrypoint.sh b/entrypoint.sh old mode 100644 new mode 100755 index 60622c4..bb72004 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -4,17 +4,28 @@ set -e run_command() { local cmd="$1" - redacted_cmd=$(echo "$cmd" | sed -E 's/(--secret\s+|--token\s+)[^ ]+/--\1[REDACTED]/g') - decho "Running command: $redacted_cmd" + + # Replace any --token or --secret with [REDACTED] + local safe_cmd=$(echo "$cmd" | sed -E 's/--(token|secret) [^ ]+/--\1 [REDACTED]/g') + + decho "Running command: $safe_cmd" + if [[ "$ISROOT" == true ]]; then decho "Running as forgejo-runner" su -c "$cmd" forgejo-runner else - decho "Running as RUNNER_USER: ${RUNNER_USER}" + decho "Running as $(whoami)" eval "$cmd" fi } +makeUser() { + adduser -u ${RUNNER_USER} -h /data -s /bin/bash -D forgejo-runner +} +makeGroup() { + addgroup -g ${RUNNER_USER} forgejo-runner +} + decho() { if [[ "${DEBUG}" == "true" ]]; then echo "[entrypoint] $@" @@ -33,27 +44,37 @@ if [[ $(id -u) -eq 0 ]]; then fi if [[ "$ISROOT" == true ]]; then - # Check if the forgejo-runner user exists - if id "forgejo-runner" &>/dev/null; then - echo "forgejo-runner user exists." - - # Change the user ID if needed - CURRENT_UID=$(id -u forgejo-runner) - decho "CURRENT_UID: ${CURRENT_UID}" - if [[ "${CURRENT_UID}" -ne "${RUNNER_USER}" ]]; then - echo "Changing UID of forgejo-runner to ${RUNNER_USER}" - sed -i "s/^forgejo-runner:[^:]*:[^:]*:/forgejo-runner:x:${RUNNER_USER}:/" /etc/passwd - fi + # Check if the forgejo-runner user exists, if not, create it + if ! id -u forgejo-runner >/dev/null 2>&1; then + decho "Creating user forgejo-runner with UID ${RUNNER_USER}" + makeUser else - echo "Creating user forgejo-runner with UID ${RUNNER_USER}" - adduser --uid "${RUNNER_USER}" --home /home/forgejo-runner --disabled-password --gecos "" forgejo-runner + CURRENT_UID=$(id -u forgejo-runner) + if [[ "${CURRENT_UID}" -ne "${RUNNER_USER}" ]]; then + decho "Changing UID of forgejo-runner from ${CURRENT_UID} to ${RUNNER_USER}" + deluser forgejo-runner + makeUser + fi + fi + + # Check if the forgejo-runner group exists, if not, create it + if ! getent group forgejo-runner >/dev/null 2>&1; then + decho "Creating group forgejo-runner with GID ${RUNNER_USER}" + makeGroup + else + CURRENT_GID=$(getent group forgejo-runner | cut -d: -f3) + if [[ "${CURRENT_GID}" -ne "${RUNNER_USER}" ]]; then + decho "Changing GID of forgejo-runner from ${CURRENT_GID} to ${RUNNER_USER}" + delgroup forgejo-runner + makeGroup + fi fi # Ensure /data is owned by the runner user - if [[ $(stat -c "%u" /data) != "${RUNNER_USER}" ]]; then - decho "Changing ownership of /data to ${RUNNER_USER}" - chown -R forgejo-runner:forgejo-runner /data - fi + # yes this can slow things down but is 100% nessecary for the runner to function + # when running as a root user, because for some reason the runner create files as + # root and then cant access them + chown -R forgejo-runner:forgejo-runner /data fi # Handle and alter the config file @@ -65,33 +86,33 @@ CONFIG_ARG="--config ${CONFIG_FILE}" decho "CONFIG: ${CONFIG_ARG}" DOCKER_HOST=${DOCKER_HOST:-docker} -DOCKER_TLS_CERTDIR=${DOCKER_TLS_CERTDIR:-"/certs/client"} +DOCKER_CERT_PATH=${DOCKER_CERT_PATH:-"/certs/client"} DOCKER_TLS_VERIFY=${DOCKER_TLS_VERIFY:-0} decho "DOCKER_HOST: ${DOCKER_HOST}" -decho "DOCKER_TLS_CERTDIR: ${DOCKER_TLS_CERTDIR}" +decho "DOCKER_CERT_PATH: ${DOCKER_CERT_PATH}" decho "DOCKER_TLS_VERIFY: ${DOCKER_TLS_VERIFY}" if [[ ! -f "${CONFIG_FILE}" ]]; then echo "Creating ${CONFIG_FILE}" - run_command "forgejo-runner generate-config > ${CONFIG_FILE}" forgejo-runner + run_command "forgejo-runner generate-config > ${CONFIG_FILE}" # Remove test environment variables if they exist in the config file sed -i "/^ A_TEST_ENV_NAME_1:/d" ${CONFIG_FILE} sed -i "/^ A_TEST_ENV_NAME_2:/d" ${CONFIG_FILE} # Apply default values for docker - sed -i "/^ labels:/c\ \"labels\": [\"docker:docker://code.forgejo.org/oci/node:20-bookworm\", \"ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04\"]" ${CONFIG_FILE} + sed -i "/^ labels:/c\ labels: [\"docker:docker://code.forgejo.org/oci/node:20-bookworm\", \"ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04\"]" ${CONFIG_FILE} sed -i "/^ network:/c\ network: host" ${CONFIG_FILE} sed -i "/^ privileged:/c\ privileged: true" ${CONFIG_FILE} if [[ "${DOCKER_TLS_VERIFY}" -ne 1 ]]; then decho "Docker TLS diabled" - sed -i "/^ docker_host:/c\ docker_host: tcp://${DOCKER_HOST}:2375" ${CONFIG_FILE} + sed -i "/^ docker_host:/c\ docker_host: ${DOCKER_HOST}" ${CONFIG_FILE} else decho "Docker TLS enabled" - sed -i "/^ docker_host:/c\ docker_host: tcp://${DOCKER_HOST}:2376" ${CONFIG_FILE} - sed -i "/^ valid_volumes:/c\ valid_volumes:\n - ${DOCKER_TLS_CERTDIR}" ${CONFIG_FILE} - sed -i "/^ options:/c\ options: -v ${DOCKER_TLS_CERTDIR}:${DOCKER_TLS_CERTDIR}" ${CONFIG_FILE} + sed -i "/^ docker_host:/c\ docker_host: ${DOCKER_HOST}" ${CONFIG_FILE} + sed -i "/^ valid_volumes:/c\ valid_volumes:\n - ${DOCKER_CERT_PATH}" ${CONFIG_FILE} + sed -i "/^ options:/c\ options: -v ${DOCKER_CERT_PATH}:${DOCKER_CERT_PATH}" ${CONFIG_FILE} fi fi @@ -104,7 +125,7 @@ if [[ ! -f "${ENV_FILE}" ]]; then touch ${ENV_FILE} echo "DOCKER_HOST=${DOCKER_HOST}" >> ${ENV_FILE} echo "DOCKER_TLS_VERIFY=${DOCKER_TLS_VERIFY}" >> ${ENV_FILE} - echo "DOCKER_TLS_CERTDIR=${DOCKER_TLS_CERTDIR}" >> ${ENV_FILE} + echo "DOCKER_CERT_PATH=${DOCKER_CERT_PATH}" >> ${ENV_FILE} fi EXTRA_ARGS="" @@ -131,30 +152,28 @@ if [[ ! -s "${RUNNER_FILE}" ]]; then success=0 decho "try: ${try}, success: ${success}" - if [[ ! -z "${FORGEJO_SECRET}" ]]; then - EXTRA_ARGS="${EXTRA_ARGS} --secret ${FORGEJO_SECRET}" - echo "Registering with SECRET" - else - if [[ -z "${RUNNER_TOKEN}" ]]; then - echo "RUNNER_TOKEN is not set" - exit 1 - fi - EXTRA_ARGS="${EXTRA_ARGS} --token ${RUNNER_TOKEN}" - echo "Registering with TOKEN" - fi - decho "EXTRA_ARGS after secret/token: ${EXTRA_ARGS}" - # The point of this loop is to make it simple, when running both forgejo-runner and gitea in docker, # for the forgejo-runner to wait a moment for gitea to become available before erroring out. Within # the context of a single docker-compose, something similar could be done via healthchecks, but # this is more flexible. while [[ $success -eq 0 ]] && [[ $try -lt ${MAX_REG_ATTEMPTS:-10} ]]; do + if [[ ! -z "${FORGEJO_SECRET}" ]]; then run_command "forgejo-runner create-runner-file --connect \ --instance \"${FORGEJO_URL:-http://forgejo:3000}\" \ --name \"${RUNNER_NAME:-$(hostname)}\" \ - ${CONFIG_ARG} ${EXTRA_ARGS} 2>&1 | tee /tmp/reg.log" - - cat /tmp/reg.log | grep 'connection successful' >/dev/null + --secret \"${FORGEJO_SECRET}\" \ + ${CONFIG_ARG}\ + ${EXTRA_ARGS} 2>&1 | tee /tmp/reg.log" + else + run_command "forgejo-runner register \ + --instance \"${FORGEJO_URL:-http://forgejo:3000}\" \ + --name \"${RUNNER_NAME:-$(hostname)}\" \ + --token \"${RUNNER_TOKEN}\" \ + --no-interactive \ + ${CONFIG_ARG}\ + ${EXTRA_ARGS} 2>&1 | tee /tmp/reg.log" + fi + cat /tmp/reg.log | grep -E 'connection successful|registered successfully' >/dev/null if [[ $? -eq 0 ]]; then echo "SUCCESS" success=1 diff --git a/examples/docker-compose/compose-forgejo-and-runner.yml b/examples/docker-compose/compose-forgejo-and-runner.yml index e644a4f..a2d1fa5 100644 --- a/examples/docker-compose/compose-forgejo-and-runner.yml +++ b/examples/docker-compose/compose-forgejo-and-runner.yml @@ -23,13 +23,13 @@ volumes: services: docker-in-docker: image: code.forgejo.org/oci/docker:dind - # container_name: docker # Must set container_name to docker for both internal DNS and TLS to work - hostname: docker + hostname: docker # Must set hostname for both internal DNS and TLS to work as certs are only valid for docker and localhost privileged: true networks: - forgejo environment: DOCKER_TLS_CERTDIR: "/certs" # set to "" to disable the use of TLS, also manually update existing runner configs to use port 2375 + DOCKER_HOST: "docker" # remove aswell to disable TLS volumes: - docker_certs:/certs @@ -39,7 +39,7 @@ services: networks: - forgejo volumes: - - ./forgejo:/data + - /srv/forgejo-data:/data ports: - 8080:3000 command: >- @@ -54,15 +54,16 @@ services: # all values that have defaults listed are optional # only FORGEJO_SECRET or RUNNER_TOKEN is required # FORGEJO_URL is required if forgejo is in this compose file or docker network - forgejo-runner: + runner-daemon: ## TODO: Update image to the the release ## made from this PR: https://code.forgejo.org/forgejo/runner/pulls/283 # image: code.forgejo.org/forgejo/runner:3.4.1 build: ../../ # user: "1000" # set to run rootless, overrides RUNNER_USER and disables automatic file ownership + restart: unless-stopped # needed for fixing file ownership on restart volumes: - - ./forgejo-runner:/data + - /srv/runner-data:/data - docker_certs:/certs networks: - forgejo @@ -72,16 +73,16 @@ services: environment: CONFIG_FILE: config.yml # defaults to /data/config.yml - DOCKER_HOST: "docker" # defaults to docker - DOCKER_TLS_CERTDIR: "/certs/client" # defaults to /certs/client + DOCKER_HOST: "tcp://docker:2376" # defaults to tcp://docker:2376 + DOCKER_CERT_PATH: "/certs/client" # defaults to /certs/client DOCKER_TLS_VERIFY: "1" # defaults to 0, set to 1 to enable TLS FORGEJO_URL: ${FORGEJO_URL} # defaults to http://forgejo:3000 FORGEJO_SECRET: "{SHARED_SECRET}" # shared secret, must match Forgejo's, overrides RUNNER_TOKEN RUNNER_FILE: .runner # defaults to /data/runner.json - RUNNER_NAME: forgejo-runner # defaults to forgejo-runner, used for registration - RUNNER_TOKEN: "${RUNNER_TOKEN}" + RUNNER_NAME: runner-daemon # defaults to forgejo-runner, used for registration + RUNNER_TOKEN: ${RUNNER_TOKEN} # token obtained from Forgejo web interface RUNNER_USER: 1000 # defaults to 1000, allows for automatic file ownership DEBUG: "true" # defaults to false, set to true to enable debug logging From 42078da550cc37003156fa9127c203b09b0ff0b1 Mon Sep 17 00:00:00 2001 From: Merith Date: Fri, 27 Sep 2024 10:38:59 -0700 Subject: [PATCH 11/77] dont use root-user by default --- .forgejo/workflows/example-docker-compose.yml | 2 +- Dockerfile | 2 + entrypoint.sh | 89 +++---------------- examples/docker-compose/.gitignore | 3 +- .../compose-forgejo-and-runner.yml | 19 ++-- 5 files changed, 26 insertions(+), 89 deletions(-) diff --git a/.forgejo/workflows/example-docker-compose.yml b/.forgejo/workflows/example-docker-compose.yml index f1089ec..4e2f547 100644 --- a/.forgejo/workflows/example-docker-compose.yml +++ b/.forgejo/workflows/example-docker-compose.yml @@ -67,4 +67,4 @@ jobs: if: always() run: | cd examples/docker-compose - docker compose -f compose-forgejo-and-runner.yml -f compose-demo-workflow.yml logs \ No newline at end of file + docker compose -f compose-forgejo-and-runner.yml -f compose-demo-workflow.yml logs diff --git a/Dockerfile b/Dockerfile index ed94063..af507da 100644 --- a/Dockerfile +++ b/Dockerfile @@ -38,6 +38,8 @@ LABEL maintainer="contact@forgejo.org" \ ENV HOME=/data +USER 1000:1000 + COPY --chmod=555 entrypoint.sh /entrypoint.sh WORKDIR /data diff --git a/entrypoint.sh b/entrypoint.sh index bb72004..64ec4f7 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -2,28 +2,13 @@ set -e +# Technically not nessecary but it cleans up the logs from having token/secret values run_command() { local cmd="$1" - # Replace any --token or --secret with [REDACTED] local safe_cmd=$(echo "$cmd" | sed -E 's/--(token|secret) [^ ]+/--\1 [REDACTED]/g') - decho "Running command: $safe_cmd" - - if [[ "$ISROOT" == true ]]; then - decho "Running as forgejo-runner" - su -c "$cmd" forgejo-runner - else - decho "Running as $(whoami)" - eval "$cmd" - fi -} - -makeUser() { - adduser -u ${RUNNER_USER} -h /data -s /bin/bash -D forgejo-runner -} -makeGroup() { - addgroup -g ${RUNNER_USER} forgejo-runner + eval "$cmd" } decho() { @@ -32,49 +17,10 @@ decho() { fi } -# Initial setup -cd /data - -decho "RUNNER_USER: ${RUNNER_USER}" -RUNNER_USER="${RUNNER_USER:-1000}" # Check if the script is running as root if [[ $(id -u) -eq 0 ]]; then ISROOT=true - decho "Running as root" -fi - -if [[ "$ISROOT" == true ]]; then - # Check if the forgejo-runner user exists, if not, create it - if ! id -u forgejo-runner >/dev/null 2>&1; then - decho "Creating user forgejo-runner with UID ${RUNNER_USER}" - makeUser - else - CURRENT_UID=$(id -u forgejo-runner) - if [[ "${CURRENT_UID}" -ne "${RUNNER_USER}" ]]; then - decho "Changing UID of forgejo-runner from ${CURRENT_UID} to ${RUNNER_USER}" - deluser forgejo-runner - makeUser - fi - fi - - # Check if the forgejo-runner group exists, if not, create it - if ! getent group forgejo-runner >/dev/null 2>&1; then - decho "Creating group forgejo-runner with GID ${RUNNER_USER}" - makeGroup - else - CURRENT_GID=$(getent group forgejo-runner | cut -d: -f3) - if [[ "${CURRENT_GID}" -ne "${RUNNER_USER}" ]]; then - decho "Changing GID of forgejo-runner from ${CURRENT_GID} to ${RUNNER_USER}" - delgroup forgejo-runner - makeGroup - fi - fi - - # Ensure /data is owned by the runner user - # yes this can slow things down but is 100% nessecary for the runner to function - # when running as a root user, because for some reason the runner create files as - # root and then cant access them - chown -R forgejo-runner:forgejo-runner /data + decho "[WARNING] Running as root user" fi # Handle and alter the config file @@ -85,9 +31,9 @@ fi CONFIG_ARG="--config ${CONFIG_FILE}" decho "CONFIG: ${CONFIG_ARG}" -DOCKER_HOST=${DOCKER_HOST:-docker} +DOCKER_HOST=${DOCKER_HOST:-"tcp://docker:2367"} DOCKER_CERT_PATH=${DOCKER_CERT_PATH:-"/certs/client"} -DOCKER_TLS_VERIFY=${DOCKER_TLS_VERIFY:-0} +DOCKER_TLS_VERIFY=${DOCKER_TLS_VERIFY:-1} decho "DOCKER_HOST: ${DOCKER_HOST}" decho "DOCKER_CERT_PATH: ${DOCKER_CERT_PATH}" decho "DOCKER_TLS_VERIFY: ${DOCKER_TLS_VERIFY}" @@ -102,18 +48,7 @@ if [[ ! -f "${CONFIG_FILE}" ]]; then # Apply default values for docker sed -i "/^ labels:/c\ labels: [\"docker:docker://code.forgejo.org/oci/node:20-bookworm\", \"ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04\"]" ${CONFIG_FILE} sed -i "/^ network:/c\ network: host" ${CONFIG_FILE} - sed -i "/^ privileged:/c\ privileged: true" ${CONFIG_FILE} - - if [[ "${DOCKER_TLS_VERIFY}" -ne 1 ]]; then - decho "Docker TLS diabled" - sed -i "/^ docker_host:/c\ docker_host: ${DOCKER_HOST}" ${CONFIG_FILE} - else - decho "Docker TLS enabled" - sed -i "/^ docker_host:/c\ docker_host: ${DOCKER_HOST}" ${CONFIG_FILE} - sed -i "/^ valid_volumes:/c\ valid_volumes:\n - ${DOCKER_CERT_PATH}" ${CONFIG_FILE} - sed -i "/^ options:/c\ options: -v ${DOCKER_CERT_PATH}:${DOCKER_CERT_PATH}" ${CONFIG_FILE} - fi fi ENV_FILE=${ENV_FILE:-"/data/.env"} @@ -135,9 +70,7 @@ fi decho "EXTRA_ARGS: ${EXTRA_ARGS}" # Set the runner file -if [[ -z "${RUNNER_FILE}" ]]; then - RUNNER_FILE="runner.json" # use json so editors know how to highlight -fi +RUNNER_FILE=${RUNNER_FILE:-"runner.json"} # use json so editors know how to highlight decho "RUNNER_FILE: ${RUNNER_FILE}" sed -i "/^ file:/c\ file: ${RUNNER_FILE}" ${CONFIG_FILE} @@ -157,22 +90,22 @@ if [[ ! -s "${RUNNER_FILE}" ]]; then # the context of a single docker-compose, something similar could be done via healthchecks, but # this is more flexible. while [[ $success -eq 0 ]] && [[ $try -lt ${MAX_REG_ATTEMPTS:-10} ]]; do - if [[ ! -z "${FORGEJO_SECRET}" ]]; then - run_command "forgejo-runner create-runner-file --connect \ + if [[ ! -z "${FORGEJO_SECRET}" ]]; then + run_command "forgejo-runner create-runner-file --connect \ --instance \"${FORGEJO_URL:-http://forgejo:3000}\" \ --name \"${RUNNER_NAME:-$(hostname)}\" \ --secret \"${FORGEJO_SECRET}\" \ ${CONFIG_ARG}\ ${EXTRA_ARGS} 2>&1 | tee /tmp/reg.log" - else - run_command "forgejo-runner register \ + else + run_command "forgejo-runner register \ --instance \"${FORGEJO_URL:-http://forgejo:3000}\" \ --name \"${RUNNER_NAME:-$(hostname)}\" \ --token \"${RUNNER_TOKEN}\" \ --no-interactive \ ${CONFIG_ARG}\ ${EXTRA_ARGS} 2>&1 | tee /tmp/reg.log" - fi + fi cat /tmp/reg.log | grep -E 'connection successful|registered successfully' >/dev/null if [[ $? -eq 0 ]]; then echo "SUCCESS" diff --git a/examples/docker-compose/.gitignore b/examples/docker-compose/.gitignore index 294fcad..94bf3ec 100644 --- a/examples/docker-compose/.gitignore +++ b/examples/docker-compose/.gitignore @@ -1,2 +1 @@ -forgejo/ -forgejo-runner/ +srv diff --git a/examples/docker-compose/compose-forgejo-and-runner.yml b/examples/docker-compose/compose-forgejo-and-runner.yml index a2d1fa5..6431893 100644 --- a/examples/docker-compose/compose-forgejo-and-runner.yml +++ b/examples/docker-compose/compose-forgejo-and-runner.yml @@ -13,7 +13,8 @@ # # Replace ${RUNNER_TOKEN} with the token obtained from the Forgejo web interface. # - +# Replace ROOT_PASSWORD with a secure password. +# networks: forgejo: @@ -24,12 +25,13 @@ services: docker-in-docker: image: code.forgejo.org/oci/docker:dind hostname: docker # Must set hostname for both internal DNS and TLS to work as certs are only valid for docker and localhost + restart: unless-stopped privileged: true networks: - forgejo environment: DOCKER_TLS_CERTDIR: "/certs" # set to "" to disable the use of TLS, also manually update existing runner configs to use port 2375 - DOCKER_HOST: "docker" # remove aswell to disable TLS + DOCKER_HOST: "docker" # remove aswell to disable TLS volumes: - docker_certs:/certs @@ -42,25 +44,27 @@ services: - /srv/forgejo-data:/data ports: - 8080:3000 + environment: + FORGEJO__security__INSTALL_LOCK: "true" # remove in production command: >- bash -c ' /bin/s6-svscan /etc/s6 & sleep 10 ; - su -c "forgejo admin user create --admin --username root --password examplepassword --email root@example.com" git ; + su -c "forgejo admin user create --admin --username root --password ROOT_PASSWORD --email root@example.com" git ; su -c "forgejo forgejo-cli actions register --secret {SHARED_SECRET}" git ; sleep infinity ' # all values that have defaults listed are optional - # only FORGEJO_SECRET or RUNNER_TOKEN is required - # FORGEJO_URL is required if forgejo is in this compose file or docker network + # only FORGEJO_SECRET or RUNNER_TOKEN is required, the secret will be prioritized + # FORGEJO_URL is required if forgejo is not in this compose file or docker network runner-daemon: ## TODO: Update image to the the release ## made from this PR: https://code.forgejo.org/forgejo/runner/pulls/283 # image: code.forgejo.org/forgejo/runner:3.4.1 build: ../../ - # user: "1000" # set to run rootless, overrides RUNNER_USER and disables automatic file ownership + user: "1000" # defaults to 1000, restart: unless-stopped # needed for fixing file ownership on restart volumes: - /srv/runner-data:/data @@ -75,7 +79,7 @@ services: DOCKER_HOST: "tcp://docker:2376" # defaults to tcp://docker:2376 DOCKER_CERT_PATH: "/certs/client" # defaults to /certs/client - DOCKER_TLS_VERIFY: "1" # defaults to 0, set to 1 to enable TLS + DOCKER_TLS_VERIFY: "1" # defaults to 1 FORGEJO_URL: ${FORGEJO_URL} # defaults to http://forgejo:3000 FORGEJO_SECRET: "{SHARED_SECRET}" # shared secret, must match Forgejo's, overrides RUNNER_TOKEN @@ -83,7 +87,6 @@ services: RUNNER_FILE: .runner # defaults to /data/runner.json RUNNER_NAME: runner-daemon # defaults to forgejo-runner, used for registration RUNNER_TOKEN: ${RUNNER_TOKEN} # token obtained from Forgejo web interface - RUNNER_USER: 1000 # defaults to 1000, allows for automatic file ownership DEBUG: "true" # defaults to false, set to true to enable debug logging SKIP_WAIT: "false" # defaults to false, set to true to skip the 10 second wait to allow for forgejo and docker-in-docker to start From 95fb2cafff645a2eb0b026b59e1eb54f81a85b36 Mon Sep 17 00:00:00 2001 From: Merith Date: Fri, 27 Sep 2024 10:46:35 -0700 Subject: [PATCH 12/77] fix Kind/Breaking tag --- entrypoint.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 64ec4f7..db9291f 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -4,7 +4,7 @@ set -e # Technically not nessecary but it cleans up the logs from having token/secret values run_command() { - local cmd="$1" + local cmd="$@" # Replace any --token or --secret with [REDACTED] local safe_cmd=$(echo "$cmd" | sed -E 's/--(token|secret) [^ ]+/--\1 [REDACTED]/g') decho "Running command: $safe_cmd" @@ -23,6 +23,12 @@ if [[ $(id -u) -eq 0 ]]; then decho "[WARNING] Running as root user" fi +# Handle if `command` is passed, as command appends arguments to the entrypoint +if [ "$#" -gt 0 ]; then + run_command "$@" + exit +fi + # Handle and alter the config file if [[ -z "${CONFIG_FILE}" ]]; then echo "CONFIG_FILE is not set" From 890778d33ad275cf8dabc2b0e18c004ed2b46f8f Mon Sep 17 00:00:00 2001 From: merith-xyz Date: Fri, 27 Sep 2024 11:08:56 -0700 Subject: [PATCH 13/77] resolve tag Kind/Breaks Docker treats "command" as an agument to an entrypoint if it exists, now the entrypoint runs arguments as if they were a command --- entrypoint.sh | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index db9291f..712227e 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -8,7 +8,7 @@ run_command() { # Replace any --token or --secret with [REDACTED] local safe_cmd=$(echo "$cmd" | sed -E 's/--(token|secret) [^ ]+/--\1 [REDACTED]/g') decho "Running command: $safe_cmd" - eval "$cmd" + eval $cmd } decho() { @@ -16,6 +16,7 @@ decho() { echo "[entrypoint] $@" fi } +decho $PWD # Check if the script is running as root if [[ $(id -u) -eq 0 ]]; then @@ -25,7 +26,7 @@ fi # Handle if `command` is passed, as command appends arguments to the entrypoint if [ "$#" -gt 0 ]; then - run_command "$@" + run_command $@ exit fi @@ -97,20 +98,20 @@ if [[ ! -s "${RUNNER_FILE}" ]]; then # this is more flexible. while [[ $success -eq 0 ]] && [[ $try -lt ${MAX_REG_ATTEMPTS:-10} ]]; do if [[ ! -z "${FORGEJO_SECRET}" ]]; then - run_command "forgejo-runner create-runner-file --connect \ - --instance \"${FORGEJO_URL:-http://forgejo:3000}\" \ - --name \"${RUNNER_NAME:-$(hostname)}\" \ - --secret \"${FORGEJO_SECRET}\" \ + run_command forgejo-runner create-runner-file --connect \ + --instance "${FORGEJO_URL:-http://forgejo:3000}" \ + --name "${RUNNER_NAME:-$(hostname)}" \ + --secret "${FORGEJO_SECRET}" \ ${CONFIG_ARG}\ - ${EXTRA_ARGS} 2>&1 | tee /tmp/reg.log" + ${EXTRA_ARGS} 2>&1 | tee /tmp/reg.log else - run_command "forgejo-runner register \ - --instance \"${FORGEJO_URL:-http://forgejo:3000}\" \ - --name \"${RUNNER_NAME:-$(hostname)}\" \ - --token \"${RUNNER_TOKEN}\" \ + run_command forgejo-runner register \ + --instance "${FORGEJO_URL:-http://forgejo:3000}" \ + --name "${RUNNER_NAME:-$(hostname)}" \ + --token "${RUNNER_TOKEN}" \ --no-interactive \ ${CONFIG_ARG}\ - ${EXTRA_ARGS} 2>&1 | tee /tmp/reg.log" + ${EXTRA_ARGS} 2>&1 | tee /tmp/reg.log fi cat /tmp/reg.log | grep -E 'connection successful|registered successfully' >/dev/null if [[ $? -eq 0 ]]; then @@ -128,4 +129,4 @@ fi unset RUNNER_TOKEN unset FORGEJO_SECRET -run_command "forgejo-runner daemon ${CONFIG_ARG}" +run_command forgejo-runner daemon ${CONFIG_ARG} From c8382f44a8c1459999c64b644f3c043a59484d60 Mon Sep 17 00:00:00 2001 From: merith-xyz Date: Fri, 27 Sep 2024 22:43:01 -0700 Subject: [PATCH 14/77] update tests file new container --- .forgejo/workflows/example-docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.forgejo/workflows/example-docker-compose.yml b/.forgejo/workflows/example-docker-compose.yml index 4e2f547..ac8bb66 100644 --- a/.forgejo/workflows/example-docker-compose.yml +++ b/.forgejo/workflows/example-docker-compose.yml @@ -35,6 +35,7 @@ jobs: secret=$(openssl rand -hex 20) sed -i -e "s/{SHARED_SECRET}/$secret/" compose-forgejo-and-runner.yml cli="docker compose --progress quiet -f compose-forgejo-and-runner.yml" + chown -R 1000:1000 /srv # # Launch Forgejo & the runner # From be3d0891f15956b78ccc2364bf3967a7a3cbc8fa Mon Sep 17 00:00:00 2001 From: merith-xyz Date: Fri, 27 Sep 2024 23:14:32 -0700 Subject: [PATCH 15/77] remove needless sudo? --- .forgejo/workflows/example-docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/example-docker-compose.yml b/.forgejo/workflows/example-docker-compose.yml index ac8bb66..23cc219 100644 --- a/.forgejo/workflows/example-docker-compose.yml +++ b/.forgejo/workflows/example-docker-compose.yml @@ -17,7 +17,7 @@ jobs: export DEBIAN_FRONTEND=noninteractive apt-get install -qq -y ca-certificates curl gnupg install -m 0755 -d /etc/apt/keyrings - curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg + curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null apt-get update -qq apt-get install -qq -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin=2.20.2-1~debian.11~bullseye From 9308fe37c62bab0ce79aa7a4d35021dc0dcc84a1 Mon Sep 17 00:00:00 2001 From: merith-xyz Date: Fri, 27 Sep 2024 23:15:40 -0700 Subject: [PATCH 16/77] remove useless sudo 2? --- .forgejo/workflows/example-docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/example-docker-compose.yml b/.forgejo/workflows/example-docker-compose.yml index 23cc219..7b31a6d 100644 --- a/.forgejo/workflows/example-docker-compose.yml +++ b/.forgejo/workflows/example-docker-compose.yml @@ -18,7 +18,7 @@ jobs: apt-get install -qq -y ca-certificates curl gnupg install -m 0755 -d /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg - echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null apt-get update -qq apt-get install -qq -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin=2.20.2-1~debian.11~bullseye docker version From 54b9c53136a2c1cc07cf4c2fce44d5f235b65415 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 1 Oct 2024 17:30:57 +0000 Subject: [PATCH 17/77] Update dependency go to v1.23.2 --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 07622ad..e6e13a2 100644 --- a/go.mod +++ b/go.mod @@ -2,7 +2,7 @@ module gitea.com/gitea/act_runner go 1.21.13 -toolchain go1.23.1 +toolchain go1.23.2 require ( code.gitea.io/actions-proto-go v0.4.0 From 38e884d9731f889b78d46f9162175874862b1e6c Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 5 Oct 2024 00:00:52 +0000 Subject: [PATCH 18/77] Update module golang.org/x/term to v0.25.0 --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index e6e13a2..84cd05b 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 - golang.org/x/term v0.24.0 + golang.org/x/term v0.25.0 golang.org/x/time v0.6.0 google.golang.org/protobuf v1.34.2 gopkg.in/yaml.v3 v3.0.1 @@ -96,7 +96,7 @@ require ( golang.org/x/mod v0.13.0 // indirect golang.org/x/net v0.23.0 // indirect golang.org/x/sync v0.6.0 // indirect - golang.org/x/sys v0.25.0 // indirect + golang.org/x/sys v0.26.0 // indirect golang.org/x/tools v0.14.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index 498a542..f874072 100644 --- a/go.sum +++ b/go.sum @@ -274,15 +274,15 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= -golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= +golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= -golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= +golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= +golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= From 722c10968106a1bad4f1609867040380182ef40f Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 8 Oct 2024 00:01:47 +0000 Subject: [PATCH 19/77] Update module google.golang.org/protobuf to v1.35.1 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 84cd05b..8ad9c4e 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/stretchr/testify v1.9.0 golang.org/x/term v0.25.0 golang.org/x/time v0.6.0 - google.golang.org/protobuf v1.34.2 + google.golang.org/protobuf v1.35.1 gopkg.in/yaml.v3 v3.0.1 gotest.tools/v3 v3.5.1 ) diff --git a/go.sum b/go.sum index f874072..e851de1 100644 --- a/go.sum +++ b/go.sum @@ -314,8 +314,8 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b h1: google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc= google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk= google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= -google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= -google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= +google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= +google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= From 95ef0da0217188f5b483d21869c50469ddddb640 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 8 Oct 2024 04:31:39 +0000 Subject: [PATCH 20/77] Update module golang.org/x/time to v0.7.0 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 8ad9c4e..e5d85a9 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 golang.org/x/term v0.25.0 - golang.org/x/time v0.6.0 + golang.org/x/time v0.7.0 google.golang.org/protobuf v1.35.1 gopkg.in/yaml.v3 v3.0.1 gotest.tools/v3 v3.5.1 diff --git a/go.sum b/go.sum index e851de1..1ee3516 100644 --- a/go.sum +++ b/go.sum @@ -292,8 +292,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= -golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= +golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200325010219-a49f79bcc224/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= From 20915dc1bf9378587bb2fa88664519b48c30d006 Mon Sep 17 00:00:00 2001 From: Kwonunn Date: Sat, 19 Oct 2024 14:58:44 +0200 Subject: [PATCH 21/77] chore: add issue templates --- .forgejo/issue_template/bug-report.yaml | 84 ++++++++++++++++++++ .forgejo/issue_template/feature-request.yaml | 26 ++++++ 2 files changed, 110 insertions(+) create mode 100644 .forgejo/issue_template/bug-report.yaml create mode 100644 .forgejo/issue_template/feature-request.yaml diff --git a/.forgejo/issue_template/bug-report.yaml b/.forgejo/issue_template/bug-report.yaml new file mode 100644 index 0000000..414f4e4 --- /dev/null +++ b/.forgejo/issue_template/bug-report.yaml @@ -0,0 +1,84 @@ +name: 🐛 Bug Report +description: Found something you weren't expecting? Report it here! +title: "bug: " +labels: ["Kind/Bug"] +body: + - type: markdown + attributes: + value: | + **NOTE: If your issue is a security concern, please email (GPG: `A4676E79`) instead of opening a public issue.** + - type: markdown + attributes: + value: | + - Please speak English, as this is the language all maintainers can speak and write. + - Be as clear and concise as possible. A very verbose report is harder to interpret in a concrete way. + - Be civil, and follow the [Forgejo Code of Conduct](https://codeberg.org/forgejo/code-of-conduct). + - Take a moment to [check that your issue hasn't been reported before](https://code.forgejo.org/forgejo/runner/issues?q=&type=all&labels=19). + - type: dropdown + id: can-reproduce + attributes: + label: Can you reproduce the bug on the Forgejo test instance? + description: | + Please try reproducing your issue at https://dev.next.forgejo.org. + It is running the latest development branch and will confirm the problem is not already fixed. + If you can reproduce it, provide a URL in the description. + options: + - "Yes" + - "No" + validations: + required: true + - type: textarea + id: description + attributes: + label: Description + description: | + Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see above). + validations: + required: true + - type: input + id: forgejo-ver + attributes: + label: Forgejo Version + description: Forgejo version (or commit reference) of your instance + - type: input + id: runner-ver + attributes: + label: Runner Version + description: Runner version (or commit reference) of the runner on your instance + - type: textarea + id: forgejo-run-info + attributes: + label: How are you running Forgejo? + description: | + Please include information on whether you built Forgejo yourself, used one of our downloads, or are using some other package. + Please also tell us how you are running Forgejo, e.g. if it is being run from a container, a command-line, systemd etc. + If you are using a package or systemd tell us what distribution you are using. + validations: + required: true + - type: textarea + id: runner-run-info + attributes: + label: How are you running the Runner? + description: | + Please include information on whether you built the Runner yourself, used one of our downloads, or are using some other package. + Please also tell us how you are running it, e.g. if it is being run from a container, a command-line, systemd etc. + If you are using a package or systemd tell us what distribution you are using. + validations: + required: true + - type: textarea + id: logs + attributes: + label: Logs + description: | + It's really important to provide pertinent logs. You must give us `DEBUG` level logs. + Please read https://forgejo.org/docs/latest/admin/logging-documentation/. + + Please copy and paste your logs here, with any sensitive information (e.g. API keys) removed/hidden. + You can wrap your logs in `
...
` tags so it doesn't take up too much space in the issue. + - type: textarea + id: workflow + attributes: + label: Workflow file + description: | + If the bug occurs in a specific workflow, please provide an example workflow file. + If you have linked to a reproduction repository this won't be necessary. diff --git a/.forgejo/issue_template/feature-request.yaml b/.forgejo/issue_template/feature-request.yaml new file mode 100644 index 0000000..3daeafd --- /dev/null +++ b/.forgejo/issue_template/feature-request.yaml @@ -0,0 +1,26 @@ +name: 💡 Feature Request +description: Got an idea for an improvement to the Forgejo Runner? Suggest it here! +title: "feat: " +labels: ["Kind/Enhancement"] +body: +- type: markdown + attributes: + value: | + - Please speak English, as this is the language all maintainers can speak and write. + - Be as clear and concise as possible. A very verbose request is harder to interpret in a concrete way. + - Be civil, and follow the [Forgejo Code of Conduct](https://codeberg.org/forgejo/code-of-conduct). + - Please make sure you are using the latest release of the runner and take a moment to [check that your feature hasn't already been suggested](https://code.forgejo.org/forgejo/runner/issues?q=&type=all). +- type: textarea + id: needs-benefits + attributes: + label: Needs and benefits + description: As concisely as possible, describe the benefits your feature request will provide or the problems it will try to solve. + validations: + required: true +- type: textarea + id: description + attributes: + label: Feature Description + description: As concisely as possible, describe the feature you would like to see added or the changes you would like to see made to Forgejo. + validations: + required: true From 5a4387dd00bf927a780ed295419a64c608960abb Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 20 Oct 2024 00:00:48 +0000 Subject: [PATCH 22/77] Update module code.forgejo.org/forgejo/act to v1.21.4 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index e5d85a9..d884b2a 100644 --- a/go.mod +++ b/go.mod @@ -102,4 +102,4 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect ) -replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.21.3 +replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.21.4 diff --git a/go.sum b/go.sum index 1ee3516..6e719f7 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -code.forgejo.org/forgejo/act v1.21.3 h1:EeJbrz0aar2QhIcBlOW5gjK1rjrQxcAvQSPpG/R1h5w= -code.forgejo.org/forgejo/act v1.21.3/go.mod h1:+PcvJ9iv+NTFeJSh79ra9Jbk9l0vvyA9D9me5/dbxYM= +code.forgejo.org/forgejo/act v1.21.4 h1:p/w1kQAC2BU43tB4vKicN/j0xCsMfeDULwCv5nUhHRM= +code.forgejo.org/forgejo/act v1.21.4/go.mod h1:+PcvJ9iv+NTFeJSh79ra9Jbk9l0vvyA9D9me5/dbxYM= code.gitea.io/actions-proto-go v0.4.0 h1:OsPBPhodXuQnsspG1sQ4eRE1PeoZyofd7+i73zCwnsU= code.gitea.io/actions-proto-go v0.4.0/go.mod h1:mn7Wkqz6JbnTOHQpot3yDeHx+O5C9EGhMEE+htvHBas= code.gitea.io/gitea-vet v0.2.3 h1:gdFmm6WOTM65rE8FUBTRzeQZYzXePKSSB1+r574hWwI= From 2b64f15543ca76ac09721c2bf898ffc2cd708eaa Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Tue, 29 Oct 2024 07:49:55 +0100 Subject: [PATCH 23/77] fix: make container.docker_host default to - Otherwise containers will be running by default with a socket to the docker host which is insecure. The default must be secure. --- RELEASE-NOTES.md | 4 +++- internal/pkg/config/config.example.yaml | 16 ++++++++-------- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index c4d9db3..44084b3 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -1,7 +1,9 @@ # Release Notes -## 3.5.2 +## 4.0.0 +* Breaking change: fix the default configuration for `docker_host` is changed to [not mounting the docker server socket](https://code.forgejo.org/forgejo/runner/pulls/305). +* [Remove debug information from the setup of a workflow](https://code.forgejo.org/forgejo/runner/pulls/297). * Fix [crash in some cases when the YAML structure is not as expected](https://code.forgejo.org/forgejo/runner/issues/267). ## 3.5.1 diff --git a/internal/pkg/config/config.example.yaml b/internal/pkg/config/config.example.yaml index 32dfb68..88bc2c6 100644 --- a/internal/pkg/config/config.example.yaml +++ b/internal/pkg/config/config.example.yaml @@ -1,7 +1,7 @@ # Example configuration file, it's safe to copy this as the default config file without any modification. # You don't have to copy this file to your instance, -# just run `./act_runner generate-config > config.yaml` to generate a config file. +# just run `forgejo-runner generate-config > config.yaml` to generate a config file. log: # The level of logging, can be trace, debug, info, warn, error, fatal @@ -40,7 +40,7 @@ runner: # The labels of a runner are used to determine which jobs the runner can run, and how to run them. # Like: ["macos-arm64:host", "ubuntu-latest:docker://node:20-bookworm", "ubuntu-22.04:docker://node:20-bookworm"] # If it's empty when registering, it will ask for inputting labels. - # If it's empty when execute `deamon`, will use labels in `.runner` file. + # If it's empty when executing the `daemon`, it will use labels in the `.runner` file. labels: [] cache: @@ -57,8 +57,8 @@ cache: # 0 means to use a random available port. port: 0 # The external cache server URL. Valid only when enable is true. - # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself. - # The URL should generally end with "/". + # If it's specified, it will be used to set the ACTIONS_CACHE_URL environment variable. The URL should generally end with "/". + # Otherwise it will be set to the the URL of the internal cache server. external_server: "" container: @@ -87,10 +87,10 @@ container: # - '**' valid_volumes: [] # overrides the docker client host with the specified one. - # If it's empty, act_runner will find an available docker host automatically. - # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers. - # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work. - docker_host: "" + # If "-", an available docker host will automatically be found. + # If empty, an available docker host will automatically be found and mounted in the job container (e.g. /var/run/docker.sock). + # Otherwise the specified docker host will be used and an error will be returned if it doesn't work. + docker_host: "-" # Pull docker image(s) even if already present force_pull: false From 45fe0a6c667fd9a58c771b40ed0a86cd0ce24d53 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 1 Nov 2024 00:07:20 +0000 Subject: [PATCH 24/77] Update module code.forgejo.org/forgejo/act to v1.21.5 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index d884b2a..f8f6982 100644 --- a/go.mod +++ b/go.mod @@ -102,4 +102,4 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect ) -replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.21.4 +replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.21.5 diff --git a/go.sum b/go.sum index 6e719f7..76d4a2c 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -code.forgejo.org/forgejo/act v1.21.4 h1:p/w1kQAC2BU43tB4vKicN/j0xCsMfeDULwCv5nUhHRM= -code.forgejo.org/forgejo/act v1.21.4/go.mod h1:+PcvJ9iv+NTFeJSh79ra9Jbk9l0vvyA9D9me5/dbxYM= +code.forgejo.org/forgejo/act v1.21.5 h1:rWI+bhClocogdNwjRrM836rZYY7JBcHY3VUAwkYqEtw= +code.forgejo.org/forgejo/act v1.21.5/go.mod h1:+PcvJ9iv+NTFeJSh79ra9Jbk9l0vvyA9D9me5/dbxYM= code.gitea.io/actions-proto-go v0.4.0 h1:OsPBPhodXuQnsspG1sQ4eRE1PeoZyofd7+i73zCwnsU= code.gitea.io/actions-proto-go v0.4.0/go.mod h1:mn7Wkqz6JbnTOHQpot3yDeHx+O5C9EGhMEE+htvHBas= code.gitea.io/gitea-vet v0.2.3 h1:gdFmm6WOTM65rE8FUBTRzeQZYzXePKSSB1+r574hWwI= From 3f3601e46b10b12cc249ca14d68e3149a07dac7e Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Fri, 1 Nov 2024 06:18:24 +0100 Subject: [PATCH 25/77] chore(release-notes): version 4.0.1 --- RELEASE-NOTES.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index 44084b3..55a49f0 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -1,5 +1,9 @@ # Release Notes +## 4.0.1 + +* Do not panic when [the number of arguments of a function evaluated in an expression is incorect](https://code.forgejo.org/forgejo/act/pulls/59/files). + ## 4.0.0 * Breaking change: fix the default configuration for `docker_host` is changed to [not mounting the docker server socket](https://code.forgejo.org/forgejo/runner/pulls/305). From 71149e36fae163523d81f0cf23da3a64129e0f33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thorben=20G=C3=BCnther?= Date: Sun, 20 Oct 2024 14:32:56 +0200 Subject: [PATCH 26/77] Add configurable logging level for jobs This changes the default for JobLoggerLevel from "trace" to "info". Closes #298 --- internal/app/run/runner.go | 9 +++++++++ internal/pkg/config/config.example.yaml | 2 ++ internal/pkg/config/config.go | 6 +++++- 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/internal/app/run/runner.go b/internal/app/run/runner.go index e8654b6..e774786 100644 --- a/internal/app/run/runner.go +++ b/internal/app/run/runner.go @@ -232,6 +232,15 @@ func (r *Runner) run(ctx context.Context, task *runnerv1.Task, reporter *report. Inputs: inputs, } + if r.cfg.Log.JobLevel != "" { + level, err := log.ParseLevel(r.cfg.Log.JobLevel) + if err != nil { + return err + } + + runnerConfig.JobLoggerLevel = &level + } + rr, err := runner.New(runnerConfig) if err != nil { return err diff --git a/internal/pkg/config/config.example.yaml b/internal/pkg/config/config.example.yaml index 88bc2c6..20218ae 100644 --- a/internal/pkg/config/config.example.yaml +++ b/internal/pkg/config/config.example.yaml @@ -6,6 +6,8 @@ log: # The level of logging, can be trace, debug, info, warn, error, fatal level: info + # The level of logging for jobs, can be trace, debug, info, earn, error, fatal + job_level: info runner: # Where to store the registration result. diff --git a/internal/pkg/config/config.go b/internal/pkg/config/config.go index a1536b3..5ab177d 100644 --- a/internal/pkg/config/config.go +++ b/internal/pkg/config/config.go @@ -16,7 +16,8 @@ import ( // Log represents the configuration for logging. type Log struct { - Level string `yaml:"level"` // Level indicates the logging level. + Level string `yaml:"level"` // Level indicates the logging level. + JobLevel string `yaml:"job_level"` // JobLevel indicates the job logging level. } // Runner represents the configuration for the runner. @@ -113,6 +114,9 @@ func LoadDefault(file string) (*Config, error) { if cfg.Log.Level == "" { cfg.Log.Level = "info" } + if cfg.Log.JobLevel == "" { + cfg.Log.JobLevel = "info" + } if cfg.Runner.File == "" { cfg.Runner.File = ".runner" } From 846ff2a616634540c641729182429c93dd6b726e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thorben=20G=C3=BCnther?= Date: Wed, 30 Oct 2024 22:11:19 +0100 Subject: [PATCH 27/77] Add simple test --- internal/pkg/config/config_test.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/internal/pkg/config/config_test.go b/internal/pkg/config/config_test.go index d2ddf2f..af3ebf7 100644 --- a/internal/pkg/config/config_test.go +++ b/internal/pkg/config/config_test.go @@ -35,3 +35,10 @@ func TestConfigTune(t *testing.T) { assert.EqualValues(t, 2*time.Second, c.Runner.FetchInterval) }) } + +func TestDefaultSettings(t *testing.T) { + config, err := LoadDefault("") + assert.NoError(t, err) + + assert.EqualValues(t, config.Log.JobLevel, "info") +} From 8b2242d893d405f87a5402bc595d69f45ec1680f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thorben=20G=C3=BCnther?= Date: Sat, 2 Nov 2024 20:32:13 +0100 Subject: [PATCH 28/77] Update release notes. --- RELEASE-NOTES.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index 55a49f0..f899d14 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -1,5 +1,9 @@ # Release Notes +## 4.1.0 + +* [Add job_level logging option to config](https://code.forgejo.org/forgejo/runner/pulls/299) to make the logging level of jobs configurable. Change default from "trace" to "info". + ## 4.0.1 * Do not panic when [the number of arguments of a function evaluated in an expression is incorect](https://code.forgejo.org/forgejo/act/pulls/59/files). From 6c9959d7a96a7876f3c51f834f3a11d98eca621e Mon Sep 17 00:00:00 2001 From: Kwonunn Date: Mon, 28 Oct 2024 08:58:35 +0100 Subject: [PATCH 29/77] Cherry-pick gitea act_runner #543 From: https://gitea.com/gitea/act_runner/commit/1735b26e66f8e81c526204c128f1bcfd7f578906 Don't log job output when debug logging is not enabled We wanted the ability to disable outputting the logs from the individual job to the console. This changes the logging so that job logs are only output to the console whenever debug logging is enabled in `act_runner`, while still allowing the `Reporter` to receive these logs and forward them to Gitea when debug logging is not enabled. Signed-off-by: Kwonunn --- internal/app/run/logging.go | 24 ++++++++++++++++++++++++ internal/app/run/runner.go | 4 ++++ 2 files changed, 28 insertions(+) create mode 100644 internal/app/run/logging.go diff --git a/internal/app/run/logging.go b/internal/app/run/logging.go new file mode 100644 index 0000000..d0e6d1c --- /dev/null +++ b/internal/app/run/logging.go @@ -0,0 +1,24 @@ +// Copyright 2024 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package run + +import ( + "io" + + log "github.com/sirupsen/logrus" +) + +// NullLogger is used to create a new JobLogger to discard logs. This +// will prevent these logs from being logged to the stdout, but +// forward them to the Reporter via its hook. +type NullLogger struct{} + +// WithJobLogger creates a new logrus.Logger that will discard all logs. +func (n NullLogger) WithJobLogger() *log.Logger { + logger := log.New() + logger.SetOutput(io.Discard) + logger.SetLevel(log.TraceLevel) + + return logger +} diff --git a/internal/app/run/runner.go b/internal/app/run/runner.go index e774786..9eaf37e 100644 --- a/internal/app/run/runner.go +++ b/internal/app/run/runner.go @@ -252,6 +252,10 @@ func (r *Runner) run(ctx context.Context, task *runnerv1.Task, reporter *report. // add logger recorders ctx = common.WithLoggerHook(ctx, reporter) + if !log.IsLevelEnabled(log.DebugLevel) { + ctx = runner.WithJobLoggerFactory(ctx, NullLogger{}) + } + execErr := executor(ctx) reporter.SetOutputs(job.Outputs) return execErr From 0ba115ba6789411868fa92ec882470bc3307b664 Mon Sep 17 00:00:00 2001 From: Kwonunn Date: Sun, 3 Nov 2024 15:10:54 +0100 Subject: [PATCH 30/77] Version bump and add release notes --- RELEASE-NOTES.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index f899d14..01fcf39 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -1,8 +1,9 @@ # Release Notes -## 4.1.0 +## 5.0.0 * [Add job_level logging option to config](https://code.forgejo.org/forgejo/runner/pulls/299) to make the logging level of jobs configurable. Change default from "trace" to "info". +* [Don't log job output when debug logging is not enabled](https://code.forgejo.org/forgejo/runner/pulls/303). This reduces the default amount of log output of the runner. ## 4.0.1 From 0658d72b3f25a8d18fdf4e7da01a65fda6114273 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 6 Nov 2024 23:35:14 +0000 Subject: [PATCH 31/77] Update dependency go to v1.23.3 --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index f8f6982..28c3f2e 100644 --- a/go.mod +++ b/go.mod @@ -2,7 +2,7 @@ module gitea.com/gitea/act_runner go 1.21.13 -toolchain go1.23.2 +toolchain go1.23.3 require ( code.gitea.io/actions-proto-go v0.4.0 From 228e0025657576ad666b4a2756b1e3f26743661c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20Kro=CC=88ner?= Date: Thu, 7 Nov 2024 07:30:12 +0000 Subject: [PATCH 32/77] Add support for windows build on GitHub (#312) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR adds a Windows build pipeline running on GitHub. Currently it runs on the repository https://github.com/Crown0815/forgejo-runner-windows. So far the build does not include tests, but I am working on a solution. For the time being we can release the windows builds easily though. Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/312 Co-authored-by: Felix Kröner Co-committed-by: Felix Kröner --- .github/workflows/build-release.yml | 48 +++++++++++++++++++++++++++++ .gitignore | 3 ++ 2 files changed, 51 insertions(+) create mode 100644 .github/workflows/build-release.yml diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml new file mode 100644 index 0000000..8086590 --- /dev/null +++ b/.github/workflows/build-release.yml @@ -0,0 +1,48 @@ +# This workflow will build a Windows binary for each architecture and upload it as an artifact. +# If the push is a tag, it will create a release with the binaries attached. +# This build is currently supported on https://github.com/Crown0815/forgejo-runner-windows + +name: Build release + +on: + push: + tags: 'v*' +jobs: + build: + name: Build ${{matrix.architecture}} + runs-on: ubuntu-latest + strategy: + matrix: + architecture: ['386', amd64, arm, arm64] + steps: + - uses: actions/checkout@v4 + - name: Build for ${{matrix.architecture}} + run: | + env GOOS=windows GOARCH=${{matrix.architecture}} \ + go build -o forgejo-runner-windows-${{matrix.architecture}}.exe + + - uses: actions/upload-artifact@v4 + with: + name: forgejo-runner-windows-${{matrix.architecture}} + path: forgejo-runner-windows-${{matrix.architecture}}.exe + + release: + runs-on: ubuntu-latest + needs: build + if: github.event_name == 'push' && github.ref_type == 'tag' + steps: + - uses: actions/download-artifact@v4 + with: + path: . + + - name: Create Release + uses: softprops/action-gh-release@v2 + with: + tag_name: ${{ github.ref_name }} + files: forgejo-runner-windows-*/forgejo-runner-windows-*.exe + draft: false + prerelease: ${{ contains(github.ref, 'beta') || contains(github.ref, 'alpha') }} + token: ${{ secrets.RELEASE_TOKEN }} + fail_on_unmatched_files: true + body: See [original release notes](https://code.forgejo.org/forgejo/runner/releases/tag/${{ github.ref_name }}). + diff --git a/.gitignore b/.gitignore index 3a3808c..57ec96d 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,6 @@ coverage.txt __debug_bin # gorelease binary folder dist + +# Jetbrains IDE +.idea From 9510276a99e87fbf60bdd8fc5b26003d5858f1ce Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 8 Nov 2024 00:05:20 +0000 Subject: [PATCH 33/77] Update module golang.org/x/term to v0.26.0 --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 28c3f2e..4f8f6c1 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 - golang.org/x/term v0.25.0 + golang.org/x/term v0.26.0 golang.org/x/time v0.7.0 google.golang.org/protobuf v1.35.1 gopkg.in/yaml.v3 v3.0.1 @@ -96,7 +96,7 @@ require ( golang.org/x/mod v0.13.0 // indirect golang.org/x/net v0.23.0 // indirect golang.org/x/sync v0.6.0 // indirect - golang.org/x/sys v0.26.0 // indirect + golang.org/x/sys v0.27.0 // indirect golang.org/x/tools v0.14.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index 76d4a2c..5b7a1f8 100644 --- a/go.sum +++ b/go.sum @@ -274,15 +274,15 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= -golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= +golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= -golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= +golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU= +golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= From 4a57d4acf9acae45e0dea50e39c86d5777cbe322 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 8 Nov 2024 07:54:54 +0000 Subject: [PATCH 34/77] Update module golang.org/x/time to v0.8.0 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 4f8f6c1..9969f26 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 golang.org/x/term v0.26.0 - golang.org/x/time v0.7.0 + golang.org/x/time v0.8.0 google.golang.org/protobuf v1.35.1 gopkg.in/yaml.v3 v3.0.1 gotest.tools/v3 v3.5.1 diff --git a/go.sum b/go.sum index 5b7a1f8..290783c 100644 --- a/go.sum +++ b/go.sum @@ -292,8 +292,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= -golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg= +golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200325010219-a49f79bcc224/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= From f6626f09d562fb62a2b6202ef08f3a44c23a9697 Mon Sep 17 00:00:00 2001 From: Michael Kriese Date: Fri, 8 Nov 2024 09:53:52 +0100 Subject: [PATCH 35/77] fix: dockerfile casing typo --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 50f1965..a5c1daf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/tonistiigi/xx AS xx -FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.21-alpine3.19 as build-env +FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.21-alpine3.19 AS build-env # # Transparently cross compile for the target platform From 0fb825f8e7f45777aa974a4f9f87b1ae96fa68a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20Kro=CC=88ner?= Date: Sun, 10 Nov 2024 13:39:26 +0100 Subject: [PATCH 36/77] ci: Include version number in windows runner build --- .github/workflows/build-release.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml index 8086590..4524591 100644 --- a/.github/workflows/build-release.yml +++ b/.github/workflows/build-release.yml @@ -19,7 +19,9 @@ jobs: - name: Build for ${{matrix.architecture}} run: | env GOOS=windows GOARCH=${{matrix.architecture}} \ - go build -o forgejo-runner-windows-${{matrix.architecture}}.exe + go build \ + -ldflags "-s -w -X gitea.com/gitea/act_runner/internal/pkg/ver.version=${{ github.ref_name }}" \ + -o forgejo-runner-windows-${{matrix.architecture}}.exe - uses: actions/upload-artifact@v4 with: From c97e4d1fe394bb9427ce22acaa5dca2db7fdbffa Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 12 Nov 2024 00:08:54 +0000 Subject: [PATCH 37/77] Update module code.forgejo.org/forgejo/act to v1.22.0 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 9969f26..379967e 100644 --- a/go.mod +++ b/go.mod @@ -102,4 +102,4 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect ) -replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.21.5 +replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.22.0 diff --git a/go.sum b/go.sum index 290783c..c2b4f91 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -code.forgejo.org/forgejo/act v1.21.5 h1:rWI+bhClocogdNwjRrM836rZYY7JBcHY3VUAwkYqEtw= -code.forgejo.org/forgejo/act v1.21.5/go.mod h1:+PcvJ9iv+NTFeJSh79ra9Jbk9l0vvyA9D9me5/dbxYM= +code.forgejo.org/forgejo/act v1.22.0 h1:NbUf0+vQ48+ddwe4zVkINqnxKYl/to+NUvW7iisPA60= +code.forgejo.org/forgejo/act v1.22.0/go.mod h1:+PcvJ9iv+NTFeJSh79ra9Jbk9l0vvyA9D9me5/dbxYM= code.gitea.io/actions-proto-go v0.4.0 h1:OsPBPhodXuQnsspG1sQ4eRE1PeoZyofd7+i73zCwnsU= code.gitea.io/actions-proto-go v0.4.0/go.mod h1:mn7Wkqz6JbnTOHQpot3yDeHx+O5C9EGhMEE+htvHBas= code.gitea.io/gitea-vet v0.2.3 h1:gdFmm6WOTM65rE8FUBTRzeQZYzXePKSSB1+r574hWwI= From 7696c1b72acacbc47d35e5b2b5926febb095b4cb Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 12 Nov 2024 09:35:59 +0000 Subject: [PATCH 38/77] Update actions/checkout action to v4 --- .forgejo/workflows/build-release-integration.yml | 2 +- .forgejo/workflows/build-release.yml | 2 +- .forgejo/workflows/publish-release.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml index 7f92218..6dc496f 100644 --- a/.forgejo/workflows/build-release-integration.yml +++ b/.forgejo/workflows/build-release-integration.yml @@ -19,7 +19,7 @@ jobs: runs-on: self-hosted if: github.repository_owner != 'forgejo-integration' && github.repository_owner != 'forgejo-release' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - id: forgejo uses: https://code.forgejo.org/actions/setup-forgejo@v1 diff --git a/.forgejo/workflows/build-release.yml b/.forgejo/workflows/build-release.yml index 162befb..534f476 100644 --- a/.forgejo/workflows/build-release.yml +++ b/.forgejo/workflows/build-release.yml @@ -20,7 +20,7 @@ jobs: # root is used for testing, allow it if: secrets.ROLE == 'forgejo-integration' || github.repository_owner == 'root' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Increase the verbosity when there are no secrets id: verbose diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml index 35d8662..0d332d2 100644 --- a/.forgejo/workflows/publish-release.yml +++ b/.forgejo/workflows/publish-release.yml @@ -24,7 +24,7 @@ jobs: runs-on: self-hosted if: secrets.DOER != '' && secrets.FORGEJO != '' && secrets.TO_OWNER != '' && secrets.FROM_OWNER != '' && secrets.TOKEN != '' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: copy & sign uses: https://code.forgejo.org/forgejo/forgejo-build-publish/publish@v1 From 65c9651b1bfced50069d39591d891391ac9f57ea Mon Sep 17 00:00:00 2001 From: Michael Kriese Date: Tue, 12 Nov 2024 10:48:52 +0100 Subject: [PATCH 39/77] ci: don't run on renovate branches They are run on PR. Save some ci time (~6min) --- .forgejo/workflows/build-release-integration.yml | 2 ++ .forgejo/workflows/build-release.yml | 3 ++- .forgejo/workflows/publish-release.yml | 3 ++- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml index 7f92218..15a3f70 100644 --- a/.forgejo/workflows/build-release-integration.yml +++ b/.forgejo/workflows/build-release-integration.yml @@ -7,6 +7,8 @@ on: - Dockerfile - .forgejo/workflows/build-release.yml - .forgejo/workflows/build-release-integration.yml + branches-ignore: + - renovate/** # they are build via PR pull_request: paths: - go.mod diff --git a/.forgejo/workflows/build-release.yml b/.forgejo/workflows/build-release.yml index 162befb..5c2f952 100644 --- a/.forgejo/workflows/build-release.yml +++ b/.forgejo/workflows/build-release.yml @@ -12,7 +12,8 @@ name: Build release on: push: - tags: 'v*' + tags: + - 'v*' jobs: release: diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml index 35d8662..683533d 100644 --- a/.forgejo/workflows/publish-release.yml +++ b/.forgejo/workflows/publish-release.yml @@ -17,7 +17,8 @@ name: publish on: push: - tags: 'v*' + tags: + - 'v*' jobs: publish: From 0aed67ae6902e8d295aca6abba0d9c10fd0280a8 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 12 Nov 2024 10:05:45 +0000 Subject: [PATCH 40/77] Update actions/setup-go action to v5 --- .forgejo/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml index 677ab68..1864e57 100644 --- a/.forgejo/workflows/test.yml +++ b/.forgejo/workflows/test.yml @@ -36,7 +36,7 @@ jobs: - ${{ env.FORGEJO_SCRIPT }} steps: - - uses: actions/setup-go@v3 + - uses: actions/setup-go@v5 with: go-version: '1.21' From 4ddd8a4ce8f03424c09789b57db9ce623f2edab5 Mon Sep 17 00:00:00 2001 From: Michael Kriese Date: Tue, 12 Nov 2024 11:48:32 +0100 Subject: [PATCH 41/77] ci: use `go-version-file` --- .forgejo/workflows/test.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml index 1864e57..19d79b7 100644 --- a/.forgejo/workflows/test.yml +++ b/.forgejo/workflows/test.yml @@ -11,7 +11,7 @@ env: FORGEJO_ADMIN_PASSWORD: 'admin1234' FORGEJO_RUNNER_SECRET: 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' FORGEJO_SCRIPT: | - /bin/s6-svscan /etc/s6 & sleep 10 ; su -c "forgejo admin user create --admin --username $FORGEJO_ADMIN_USER --password $FORGEJO_ADMIN_PASSWORD --email root@example.com" git && su -c "forgejo forgejo-cli actions register --labels docker --name therunner --secret $FORGEJO_RUNNER_SECRET" git && sleep infinity + /bin/s6-svscan /etc/s6 & sleep 10 ; su -c "forgejo admin user create --admin --username $FORGEJO_ADMIN_USER --password $FORGEJO_ADMIN_PASSWORD --email root@example.com" git && su -c "forgejo forgejo-cli actions register --labels docker --name therunner --secret $FORGEJO_RUNNER_SECRET" git && sleep infinity GOPROXY: https://goproxy.io,direct jobs: @@ -36,11 +36,11 @@ jobs: - ${{ env.FORGEJO_SCRIPT }} steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v5 with: - go-version: '1.21' - - - uses: actions/checkout@v4 + go-version-file: go.mod - run: make vet From f4fc4c0247baee2014f036bba1368cf7394abdb6 Mon Sep 17 00:00:00 2001 From: Michael Kriese Date: Tue, 12 Nov 2024 11:52:18 +0100 Subject: [PATCH 42/77] test: unpin docker compose --- .forgejo/workflows/example-docker-compose.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.forgejo/workflows/example-docker-compose.yml b/.forgejo/workflows/example-docker-compose.yml index 4e2f547..f6abac9 100644 --- a/.forgejo/workflows/example-docker-compose.yml +++ b/.forgejo/workflows/example-docker-compose.yml @@ -20,12 +20,8 @@ jobs: curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null apt-get update -qq - apt-get install -qq -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin=2.20.2-1~debian.11~bullseye + apt-get install -qq -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin docker version - # - # docker compose is prone to non backward compatible changes, pin it - # - apt-get install -qq -y docker-compose-plugin=2.20.2-1~debian.11~bullseye docker compose version - name: run the example From 342141df3a98ae41fc5a67f2b5c36b48e2de4313 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 12 Nov 2024 11:41:45 +0000 Subject: [PATCH 43/77] Update golang packages to v1.22 --- Dockerfile | 2 +- go.mod | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index a5c1daf..70c59ca 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/tonistiigi/xx AS xx -FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.21-alpine3.19 AS build-env +FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.22-alpine3.19 AS build-env # # Transparently cross compile for the target platform diff --git a/go.mod b/go.mod index 379967e..ddd6cef 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module gitea.com/gitea/act_runner -go 1.21.13 +go 1.22.9 toolchain go1.23.3 From c9f8bb68879afcff4d6b8d553af5c3f9c7f4f35f Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 12 Nov 2024 13:01:01 +0000 Subject: [PATCH 44/77] Update code.forgejo.org/oci/alpine Docker tag to v3.20 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 70c59ca..4196e7c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/tonistiigi/xx AS xx -FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.22-alpine3.19 AS build-env +FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.22-alpine3.20 AS build-env # # Transparently cross compile for the target platform @@ -19,7 +19,7 @@ WORKDIR /srv RUN make clean && make build -FROM code.forgejo.org/oci/alpine:3.19 +FROM code.forgejo.org/oci/alpine:3.20 ARG RELEASE_VERSION RUN apk add --no-cache git bash From b4aba5f688d4e261dba19100e24ceba71179d0f0 Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Tue, 12 Nov 2024 14:08:44 +0100 Subject: [PATCH 45/77] tests: it make take time for Forgejo to come up --- .forgejo/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml index 19d79b7..42dd972 100644 --- a/.forgejo/workflows/test.yml +++ b/.forgejo/workflows/test.yml @@ -54,8 +54,8 @@ jobs: - name: check the forgejo server is responding run: | apt-get update -qq - apt-get install -y -qq jq curl - test $FORGEJO_ADMIN_USER = $(curl -sS http://$FORGEJO_ADMIN_USER:$FORGEJO_ADMIN_PASSWORD@$FORGEJO_HOST_PORT/api/v1/user | jq --raw-output .login) + apt-get install -y -qq jq curl retry + retry --delay=1 --times=60 bash -c 'test $FORGEJO_ADMIN_USER = $(curl -sS http://$FORGEJO_ADMIN_USER:$FORGEJO_ADMIN_PASSWORD@$FORGEJO_HOST_PORT/api/v1/user | jq --raw-output .login)' - run: make FORGEJO_URL=http://$FORGEJO_HOST_PORT test From 830df0d128cdda72db83f65588be9d3504606b02 Mon Sep 17 00:00:00 2001 From: Michael Kriese Date: Tue, 12 Nov 2024 15:14:00 +0100 Subject: [PATCH 46/77] chore(renovate): only one PR at a time --- renovate.json | 1 + 1 file changed, 1 insertion(+) diff --git a/renovate.json b/renovate.json index 31da118..75f587d 100644 --- a/renovate.json +++ b/renovate.json @@ -1,6 +1,7 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": ["local>forgejo/renovate-config"], + "prConcurrentLimit": 1, "packageRules": [ { "description": "Disable nektos/act, it's replaced", From a0df63fe705d5b19078f5037e0c7be1fba65f072 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 12 Nov 2024 15:31:26 +0000 Subject: [PATCH 47/77] Update golang packages to v1.23 --- Dockerfile | 2 +- go.mod | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4196e7c..6acc805 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/tonistiigi/xx AS xx -FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.22-alpine3.20 AS build-env +FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.23-alpine3.20 AS build-env # # Transparently cross compile for the target platform diff --git a/go.mod b/go.mod index ddd6cef..494dfd3 100644 --- a/go.mod +++ b/go.mod @@ -1,8 +1,6 @@ module gitea.com/gitea/act_runner -go 1.22.9 - -toolchain go1.23.3 +go 1.23.3 require ( code.gitea.io/actions-proto-go v0.4.0 From 355ec955329699dea63ea907339a20a8e2345e1f Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 12 Nov 2024 15:31:31 +0000 Subject: [PATCH 48/77] Update forgejo/forgejo-build-publish action to v5 --- .forgejo/workflows/publish-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml index af7c174..0ba5c1d 100644 --- a/.forgejo/workflows/publish-release.yml +++ b/.forgejo/workflows/publish-release.yml @@ -28,7 +28,7 @@ jobs: - uses: actions/checkout@v4 - name: copy & sign - uses: https://code.forgejo.org/forgejo/forgejo-build-publish/publish@v1 + uses: https://code.forgejo.org/forgejo/forgejo-build-publish/publish@v5 with: forgejo: ${{ secrets.FORGEJO }} from-owner: ${{ secrets.FROM_OWNER }} From 2bcc6d9b8f6577987b24866c2bab032a08a9ead8 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 15 Nov 2024 00:03:42 +0000 Subject: [PATCH 49/77] Update module google.golang.org/protobuf to v1.35.2 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 494dfd3..fc0600f 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/stretchr/testify v1.9.0 golang.org/x/term v0.26.0 golang.org/x/time v0.8.0 - google.golang.org/protobuf v1.35.1 + google.golang.org/protobuf v1.35.2 gopkg.in/yaml.v3 v3.0.1 gotest.tools/v3 v3.5.1 ) diff --git a/go.sum b/go.sum index c2b4f91..eb24110 100644 --- a/go.sum +++ b/go.sum @@ -314,8 +314,8 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b h1: google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc= google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk= google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= -google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= -google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= +google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= From b33e155709383ad77a3bbd73306e0ab643a3d35a Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Fri, 15 Nov 2024 22:33:36 +0100 Subject: [PATCH 50/77] fix: make container.docker_host default to - (part two) If --config is not specified, the default must also be "-" and not "" --- RELEASE-NOTES.md | 1 + internal/pkg/config/config.go | 4 ++++ internal/pkg/config/config_test.go | 1 + 3 files changed, 6 insertions(+) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index 01fcf39..2ced7f3 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -2,6 +2,7 @@ ## 5.0.0 +* Breaking change: the default configuration for `docker_host` is changed to [not mounting the docker server socket](https://code.forgejo.org/forgejo/runner/pulls/305) even when no configuration file is provided. * [Add job_level logging option to config](https://code.forgejo.org/forgejo/runner/pulls/299) to make the logging level of jobs configurable. Change default from "trace" to "info". * [Don't log job output when debug logging is not enabled](https://code.forgejo.org/forgejo/runner/pulls/303). This reduces the default amount of log output of the runner. diff --git a/internal/pkg/config/config.go b/internal/pkg/config/config.go index 5ab177d..60be651 100644 --- a/internal/pkg/config/config.go +++ b/internal/pkg/config/config.go @@ -153,6 +153,10 @@ func LoadDefault(file string) (*Config, error) { cfg.Runner.ReportInterval = time.Second } + if cfg.Container.DockerHost == "" { + cfg.Container.DockerHost = "-" + } + // although `container.network_mode` will be deprecated, but we have to be compatible with it for now. if cfg.Container.NetworkMode != "" && cfg.Container.Network == "" { log.Warn("You are trying to use deprecated configuration item of `container.network_mode`, please use `container.network` instead.") diff --git a/internal/pkg/config/config_test.go b/internal/pkg/config/config_test.go index af3ebf7..2f046c0 100644 --- a/internal/pkg/config/config_test.go +++ b/internal/pkg/config/config_test.go @@ -40,5 +40,6 @@ func TestDefaultSettings(t *testing.T) { config, err := LoadDefault("") assert.NoError(t, err) + assert.EqualValues(t, config.Container.DockerHost, "-") assert.EqualValues(t, config.Log.JobLevel, "info") } From 0876532ebef21a7fd17b583570c0c962e9ea58c9 Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Sat, 16 Nov 2024 09:38:48 +0100 Subject: [PATCH 51/77] chore(ci): wait for the Forgejo instance to start Do not try to access Forgejo before the 10 second delay imposed by the script creating the user. Upgrade Forgejo to use a recent version. --- .forgejo/workflows/test.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml index 42dd972..2b0a019 100644 --- a/.forgejo/workflows/test.yml +++ b/.forgejo/workflows/test.yml @@ -22,7 +22,7 @@ jobs: services: forgejo: - image: codeberg.org/forgejo/forgejo:1.21 + image: codeberg.org/forgejo/forgejo:9 env: FORGEJO__security__INSTALL_LOCK: "true" FORGEJO__log__LEVEL: "debug" @@ -55,7 +55,9 @@ jobs: run: | apt-get update -qq apt-get install -y -qq jq curl retry - retry --delay=1 --times=60 bash -c 'test $FORGEJO_ADMIN_USER = $(curl -sS http://$FORGEJO_ADMIN_USER:$FORGEJO_ADMIN_PASSWORD@$FORGEJO_HOST_PORT/api/v1/user | jq --raw-output .login)' + sleep 10 # matches the sleep 10 in the bootstrap of the Forgejo instance + # in case of a slow machine, give it time to bootstrap + retry --delay=10 --times=6 bash -c 'test $FORGEJO_ADMIN_USER = $(curl -sS http://$FORGEJO_ADMIN_USER:$FORGEJO_ADMIN_PASSWORD@$FORGEJO_HOST_PORT/api/v1/user | jq --raw-output .login)' - run: make FORGEJO_URL=http://$FORGEJO_HOST_PORT test From f1a9f798e5ea3c4fb673acb6e5e865beb661b999 Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Sat, 16 Nov 2024 12:30:03 +0100 Subject: [PATCH 52/77] fix: Update forgejo/forgejo-build-publish action to v5 Address the breaking changes. It is conveniently modeled after the use of the same action in the Forgejo release. https://codeberg.org/forgejo/forgejo/src/commit/6bab3c374c875b34408314c2ec680c30807ea2d3/.forgejo/workflows/publish-release.yml#L44-L60 --- .forgejo/workflows/publish-release.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml index 0ba5c1d..5f396b0 100644 --- a/.forgejo/workflows/publish-release.yml +++ b/.forgejo/workflows/publish-release.yml @@ -30,14 +30,17 @@ jobs: - name: copy & sign uses: https://code.forgejo.org/forgejo/forgejo-build-publish/publish@v5 with: - forgejo: ${{ secrets.FORGEJO }} + from-forgejo: ${{ secrets.FORGEJO }} + to-forgejo: ${{ secrets.FORGEJO }} from-owner: ${{ secrets.FROM_OWNER }} to-owner: ${{ secrets.TO_OWNER }} repo: "runner" ref-name: ${{ github.ref_name }} + sha: ${{ github.sha }} container-suffixes: " " - doer: ${{ secrets.DOER }} - token: ${{ secrets.TOKEN }} + from-token: ${{ secrets.TOKEN }} + to-doer: ${{ secrets.DOER }} + to-token: ${{ secrets.TOKEN }} gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} verbose: ${{ secrets.VERBOSE }} From 68b0850d27f37de6860765fea5e33eec8366031c Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Sat, 16 Nov 2024 14:23:52 +0100 Subject: [PATCH 53/77] chore(ci): do not run the docker-example when not needed If the organization is for release, integration or experimental, no need to run the docker example test. --- .forgejo/workflows/example-docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.forgejo/workflows/example-docker-compose.yml b/.forgejo/workflows/example-docker-compose.yml index f6abac9..3e1d4e9 100644 --- a/.forgejo/workflows/example-docker-compose.yml +++ b/.forgejo/workflows/example-docker-compose.yml @@ -7,6 +7,7 @@ on: jobs: example-docker-compose: + if: github.repository_owner != 'forgejo-integration' && github.repository_owner != 'forgejo-experimental' && github.repository_owner != 'forgejo-release' runs-on: self-hosted steps: - uses: actions/checkout@v4 From edd867dc167822c0d28cd90727a9a21120e3a6c1 Mon Sep 17 00:00:00 2001 From: Michael Kriese Date: Wed, 20 Nov 2024 10:50:07 +0100 Subject: [PATCH 54/77] ci: use our cached oci images --- .forgejo/workflows/cascade-setup-forgejo.yml | 2 ++ .forgejo/workflows/test.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.forgejo/workflows/cascade-setup-forgejo.yml b/.forgejo/workflows/cascade-setup-forgejo.yml index 6d94f01..c94ed7c 100644 --- a/.forgejo/workflows/cascade-setup-forgejo.yml +++ b/.forgejo/workflows/cascade-setup-forgejo.yml @@ -8,6 +8,8 @@ on: jobs: cascade: runs-on: docker + container: + image: 'code.forgejo.org/oci/node:20-bookworm' if: vars.CASCADE != 'no' steps: - uses: actions/cascading-pr@v1 diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml index 2b0a019..c4b7be1 100644 --- a/.forgejo/workflows/test.yml +++ b/.forgejo/workflows/test.yml @@ -19,6 +19,8 @@ jobs: name: build and test if: github.repository_owner != 'forgejo-integration' && github.repository_owner != 'forgejo-experimental' && github.repository_owner != 'forgejo-release' runs-on: docker + container: + image: 'code.forgejo.org/oci/node:20-bookworm' services: forgejo: From 96c59a3cd185f3207e41ee4c4786bc377dafc58a Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 20 Nov 2024 16:32:29 +0000 Subject: [PATCH 55/77] Update module code.forgejo.org/forgejo/act to v1.22.1 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index fc0600f..ac9023e 100644 --- a/go.mod +++ b/go.mod @@ -100,4 +100,4 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect ) -replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.22.0 +replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.22.1 diff --git a/go.sum b/go.sum index eb24110..c9d4241 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -code.forgejo.org/forgejo/act v1.22.0 h1:NbUf0+vQ48+ddwe4zVkINqnxKYl/to+NUvW7iisPA60= -code.forgejo.org/forgejo/act v1.22.0/go.mod h1:+PcvJ9iv+NTFeJSh79ra9Jbk9l0vvyA9D9me5/dbxYM= +code.forgejo.org/forgejo/act v1.22.1 h1:9ynGQEXxJ/2/gtzPm6anDsF64eZw9wU4+mDBY9rNlpw= +code.forgejo.org/forgejo/act v1.22.1/go.mod h1:+PcvJ9iv+NTFeJSh79ra9Jbk9l0vvyA9D9me5/dbxYM= code.gitea.io/actions-proto-go v0.4.0 h1:OsPBPhodXuQnsspG1sQ4eRE1PeoZyofd7+i73zCwnsU= code.gitea.io/actions-proto-go v0.4.0/go.mod h1:mn7Wkqz6JbnTOHQpot3yDeHx+O5C9EGhMEE+htvHBas= code.gitea.io/gitea-vet v0.2.3 h1:gdFmm6WOTM65rE8FUBTRzeQZYzXePKSSB1+r574hWwI= From 5889426664adb3197dfb8840ea8b6d77c28b63f9 Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Wed, 20 Nov 2024 16:44:23 +0000 Subject: [PATCH 56/77] chore(docs): 5.0.1 release notes --- RELEASE-NOTES.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index 2ced7f3..b3cb4ea 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -1,5 +1,9 @@ # Release Notes +## 5.0.1 + +* Security: the `/opt/hostedtoolcache` directory is now unique to each job instead of being shared to avoid a risk of corruption. It is still advertised in the `RUNNER_TOOL_CACHE` environment variable. Custom container images can be built to pre-populate this directory with frequently used tools and some actions (such as `setup-go`) will benefit from that. + ## 5.0.0 * Breaking change: the default configuration for `docker_host` is changed to [not mounting the docker server socket](https://code.forgejo.org/forgejo/runner/pulls/305) even when no configuration file is provided. From aca528a7f7238015965eb720572dbf2c79e6c64e Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Thu, 21 Nov 2024 13:05:50 +0000 Subject: [PATCH 57/77] chore(docs): 5.0.2 release notes --- RELEASE-NOTES.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index b3cb4ea..1b8320e 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -1,5 +1,9 @@ # Release Notes +## 5.0.2 + +* Fixes a regression that was introduced in version 5.0.0 by which [skipped jobs were marked as failed instead](https://code.forgejo.org/forgejo/act/pulls/67). The workaround is to change the job log level to debug `[log].job_level: debug`. + ## 5.0.1 * Security: the `/opt/hostedtoolcache` directory is now unique to each job instead of being shared to avoid a risk of corruption. It is still advertised in the `RUNNER_TOOL_CACHE` environment variable. Custom container images can be built to pre-populate this directory with frequently used tools and some actions (such as `setup-go`) will benefit from that. From 35d655c27e33e0bea6b11abe7c0e71b61e596630 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 21 Nov 2024 13:55:00 +0000 Subject: [PATCH 58/77] Update module code.forgejo.org/forgejo/act to v1.22.2 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ac9023e..37f7cb1 100644 --- a/go.mod +++ b/go.mod @@ -100,4 +100,4 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect ) -replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.22.1 +replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.22.2 diff --git a/go.sum b/go.sum index c9d4241..8610db8 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -code.forgejo.org/forgejo/act v1.22.1 h1:9ynGQEXxJ/2/gtzPm6anDsF64eZw9wU4+mDBY9rNlpw= -code.forgejo.org/forgejo/act v1.22.1/go.mod h1:+PcvJ9iv+NTFeJSh79ra9Jbk9l0vvyA9D9me5/dbxYM= +code.forgejo.org/forgejo/act v1.22.2 h1:gcHugOaLCtZvLnw070MiCjwVLKoSTVomd8waGsYQHKg= +code.forgejo.org/forgejo/act v1.22.2/go.mod h1:+PcvJ9iv+NTFeJSh79ra9Jbk9l0vvyA9D9me5/dbxYM= code.gitea.io/actions-proto-go v0.4.0 h1:OsPBPhodXuQnsspG1sQ4eRE1PeoZyofd7+i73zCwnsU= code.gitea.io/actions-proto-go v0.4.0/go.mod h1:mn7Wkqz6JbnTOHQpot3yDeHx+O5C9EGhMEE+htvHBas= code.gitea.io/gitea-vet v0.2.3 h1:gdFmm6WOTM65rE8FUBTRzeQZYzXePKSSB1+r574hWwI= From 90ff9370c421d9912b342d75e9c6c67fb1859d29 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 24 Nov 2024 00:02:30 +0000 Subject: [PATCH 59/77] Update module github.com/stretchr/testify to v1.10.0 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 37f7cb1..601f766 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/nektos/act v0.2.49 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.8.1 - github.com/stretchr/testify v1.9.0 + github.com/stretchr/testify v1.10.0 golang.org/x/term v0.26.0 golang.org/x/time v0.8.0 google.golang.org/protobuf v1.35.2 diff --git a/go.sum b/go.sum index 8610db8..91aa38a 100644 --- a/go.sum +++ b/go.sum @@ -186,8 +186,8 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= -github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/timshannon/bolthold v0.0.0-20210913165410-232392fc8a6a h1:oIi7H/bwFUYKYhzKbHc+3MvHRWqhQwXVB4LweLMiVy0= github.com/timshannon/bolthold v0.0.0-20210913165410-232392fc8a6a/go.mod h1:iSvujNDmpZ6eQX+bg/0X3lF7LEmZ8N77g2a/J/+Zt2U= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= From 279faefa0828619322c3ff1ed3c2dd0db8fb138d Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Wed, 27 Nov 2024 00:28:35 +0000 Subject: [PATCH 60/77] fix: [container].docker_host = "" is now "automount" The empty string is always replaced with "-" and there no longer is any way to specify that the docker socket is to be mounted in the container automatically. The "automount" value is introduced as a replacement. https://code.forgejo.org/forgejo/act/pulls/67 and https://code.forgejo.org/forgejo/runner/pulls/305 introduced this regression. --- RELEASE-NOTES.md | 4 ++++ internal/app/cmd/daemon.go | 7 ++----- internal/pkg/config/config.example.yaml | 4 ++-- internal/pkg/envcheck/docker.go | 5 +---- 4 files changed, 9 insertions(+), 11 deletions(-) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index 1b8320e..743b78a 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -1,5 +1,9 @@ # Release Notes +## 5.0.3 + +* [Fixes a regression](https://code.forgejo.org/forgejo/runner/pulls/354) that was introduced in version 5.0.0 by which it was no longer possible to mount the docker socket in each container by specifying `[container].docker_host = ""`. This is now implemented when `[container].docker_host = "automount"` is specified. + ## 5.0.2 * Fixes a regression that was introduced in version 5.0.0 by which [skipped jobs were marked as failed instead](https://code.forgejo.org/forgejo/act/pulls/67). The workaround is to change the job log level to debug `[log].job_level: debug`. diff --git a/internal/app/cmd/daemon.go b/internal/app/cmd/daemon.go index a613546..a02f36d 100644 --- a/internal/app/cmd/daemon.go +++ b/internal/app/cmd/daemon.go @@ -73,11 +73,8 @@ func runDaemon(ctx context.Context, configFile *string) func(cmd *cobra.Command, if err := envcheck.CheckIfDockerRunning(ctx, dockerSocketPath); err != nil { return err } - // if dockerSocketPath passes the check, override DOCKER_HOST with dockerSocketPath os.Setenv("DOCKER_HOST", dockerSocketPath) - // empty cfg.Container.DockerHost means act_runner need to find an available docker host automatically - // and assign the path to cfg.Container.DockerHost - if cfg.Container.DockerHost == "" { + if cfg.Container.DockerHost == "automount" { cfg.Container.DockerHost = dockerSocketPath } // check the scheme, if the scheme is not npipe or unix @@ -186,7 +183,7 @@ var commonSocketPaths = []string{ func getDockerSocketPath(configDockerHost string) (string, error) { // a `-` means don't mount the docker socket to job containers - if configDockerHost != "" && configDockerHost != "-" { + if configDockerHost != "automount" && configDockerHost != "-" { return configDockerHost, nil } diff --git a/internal/pkg/config/config.example.yaml b/internal/pkg/config/config.example.yaml index 20218ae..dbdf46e 100644 --- a/internal/pkg/config/config.example.yaml +++ b/internal/pkg/config/config.example.yaml @@ -89,8 +89,8 @@ container: # - '**' valid_volumes: [] # overrides the docker client host with the specified one. - # If "-", an available docker host will automatically be found. - # If empty, an available docker host will automatically be found and mounted in the job container (e.g. /var/run/docker.sock). + # If "-" or "", an available docker host will automatically be found. + # If "automount", an available docker host will automatically be found and mounted in the job container (e.g. /var/run/docker.sock). # Otherwise the specified docker host will be used and an error will be returned if it doesn't work. docker_host: "-" # Pull docker image(s) even if already present diff --git a/internal/pkg/envcheck/docker.go b/internal/pkg/envcheck/docker.go index f115bc7..cb9c901 100644 --- a/internal/pkg/envcheck/docker.go +++ b/internal/pkg/envcheck/docker.go @@ -13,10 +13,7 @@ import ( func CheckIfDockerRunning(ctx context.Context, configDockerHost string) error { opts := []client.Opt{ client.FromEnv, - } - - if configDockerHost != "" { - opts = append(opts, client.WithHost(configDockerHost)) + client.WithHost(configDockerHost), } cli, err := client.NewClientWithOpts(opts...) From 055854d1d74476989bd4af8315625ec88a6835d1 Mon Sep 17 00:00:00 2001 From: Michael Kriese Date: Wed, 4 Dec 2024 10:12:38 +0100 Subject: [PATCH 61/77] build: use go toolchain --- .forgejo/workflows/test.yml | 10 ++++++++++ go.mod | 4 +++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml index c4b7be1..c2e278e 100644 --- a/.forgejo/workflows/test.yml +++ b/.forgejo/workflows/test.yml @@ -44,6 +44,16 @@ jobs: with: go-version-file: go.mod + - name: validate go version + run: | + set -ex + toolchain=$(grep -oP '(?<=toolchain ).+' go.mod) + version=$(go version | cut -d' ' -f3) + if [ "$toolchain" != "$version" ]; then + echo "go version mismatch: $toolchain <> $version" + exit 1 + fi + - run: make vet - run: make build diff --git a/go.mod b/go.mod index 601f766..148bfe2 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,8 @@ module gitea.com/gitea/act_runner -go 1.23.3 +go 1.23 + +toolchain go1.23.3 require ( code.gitea.io/actions-proto-go v0.4.0 From 7f22a720ad04fbc02e9b4c679458147f7951cf27 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 4 Dec 2024 11:31:26 +0000 Subject: [PATCH 62/77] Update dependency go to v1.23.4 --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 148bfe2..643f771 100644 --- a/go.mod +++ b/go.mod @@ -2,7 +2,7 @@ module gitea.com/gitea/act_runner go 1.23 -toolchain go1.23.3 +toolchain go1.23.4 require ( code.gitea.io/actions-proto-go v0.4.0 From b34efbce8b256bceaa192032834983f2ae529af9 Mon Sep 17 00:00:00 2001 From: Michael Kriese Date: Wed, 4 Dec 2024 10:18:57 +0100 Subject: [PATCH 63/77] ci: use new ci image --- .forgejo/workflows/test.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml index c2e278e..044451c 100644 --- a/.forgejo/workflows/test.yml +++ b/.forgejo/workflows/test.yml @@ -20,7 +20,7 @@ jobs: if: github.repository_owner != 'forgejo-integration' && github.repository_owner != 'forgejo-experimental' && github.repository_owner != 'forgejo-release' runs-on: docker container: - image: 'code.forgejo.org/oci/node:20-bookworm' + image: 'code.forgejo.org/oci/ci:1' services: forgejo: @@ -65,8 +65,6 @@ jobs: - name: check the forgejo server is responding run: | - apt-get update -qq - apt-get install -y -qq jq curl retry sleep 10 # matches the sleep 10 in the bootstrap of the Forgejo instance # in case of a slow machine, give it time to bootstrap retry --delay=10 --times=6 bash -c 'test $FORGEJO_ADMIN_USER = $(curl -sS http://$FORGEJO_ADMIN_USER:$FORGEJO_ADMIN_PASSWORD@$FORGEJO_HOST_PORT/api/v1/user | jq --raw-output .login)' From 79f6adc4d2d4105651cc0945fbaca4bc2993a7d5 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 7 Dec 2024 00:01:14 +0000 Subject: [PATCH 64/77] Update module github.com/docker/docker to v25.0.7+incompatible --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 643f771..1aa2380 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( code.gitea.io/gitea-vet v0.2.3 connectrpc.com/connect v1.17.0 github.com/avast/retry-go/v4 v4.6.0 - github.com/docker/docker v25.0.6+incompatible + github.com/docker/docker v25.0.7+incompatible github.com/google/uuid v1.6.0 github.com/joho/godotenv v1.5.1 github.com/mattn/go-isatty v0.0.20 diff --git a/go.sum b/go.sum index 91aa38a..d5b6f95 100644 --- a/go.sum +++ b/go.sum @@ -51,8 +51,8 @@ github.com/docker/cli v25.0.3+incompatible h1:KLeNs7zws74oFuVhgZQ5ONGZiXUUdgsdy6 github.com/docker/cli v25.0.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v25.0.6+incompatible h1:5cPwbwriIcsua2REJe8HqQV+6WlWc1byg2QSXzBxBGg= -github.com/docker/docker v25.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v25.0.7+incompatible h1:PQhcun5/OF7p0mZlDu3ud9APyyJi01R6/7hrBymWhhQ= +github.com/docker/docker v25.0.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8= github.com/docker/docker-credential-helpers v0.8.0/go.mod h1:UGFXcuoQ5TxPiB54nHOZ32AWRqQdECoh/Mg0AlEYb40= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= From 191259d7c33631f7821c3156a95aefdffbf45575 Mon Sep 17 00:00:00 2001 From: Michael Kriese Date: Sat, 7 Dec 2024 14:23:22 +0100 Subject: [PATCH 65/77] ci: pin setup forgejo action --- .forgejo/workflows/build-release-integration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml index b7de0ea..034722f 100644 --- a/.forgejo/workflows/build-release-integration.yml +++ b/.forgejo/workflows/build-release-integration.yml @@ -24,7 +24,7 @@ jobs: - uses: actions/checkout@v4 - id: forgejo - uses: https://code.forgejo.org/actions/setup-forgejo@v1 + uses: https://code.forgejo.org/actions/setup-forgejo@v1.0.0 with: user: root password: admin1234 From 81422b4515a6d8d4ae566c06636fd112448b5282 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 7 Dec 2024 15:00:54 +0000 Subject: [PATCH 66/77] Update actions/setup-forgejo action to v2 --- .forgejo/workflows/build-release-integration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml index 034722f..8531129 100644 --- a/.forgejo/workflows/build-release-integration.yml +++ b/.forgejo/workflows/build-release-integration.yml @@ -24,7 +24,7 @@ jobs: - uses: actions/checkout@v4 - id: forgejo - uses: https://code.forgejo.org/actions/setup-forgejo@v1.0.0 + uses: https://code.forgejo.org/actions/setup-forgejo@v2.0.4 with: user: root password: admin1234 From f351e7a7b10c4326befd6069e9f9be561581d1ec Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 9 Dec 2024 14:31:33 +0000 Subject: [PATCH 67/77] Update dependency forgejo-lxc to v12 --- .forgejo/workflows/build-release-integration.yml | 2 +- .forgejo/workflows/build-release.yml | 2 +- .forgejo/workflows/example-docker-compose.yml | 2 +- .forgejo/workflows/publish-release.yml | 2 +- .forgejo/workflows/test.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml index 8531129..79dd00c 100644 --- a/.forgejo/workflows/build-release-integration.yml +++ b/.forgejo/workflows/build-release-integration.yml @@ -18,7 +18,7 @@ on: jobs: release-simulation: - runs-on: self-hosted + runs-on: lxc-bookworm if: github.repository_owner != 'forgejo-integration' && github.repository_owner != 'forgejo-release' steps: - uses: actions/checkout@v4 diff --git a/.forgejo/workflows/build-release.yml b/.forgejo/workflows/build-release.yml index 16ab9c6..8bbfd1b 100644 --- a/.forgejo/workflows/build-release.yml +++ b/.forgejo/workflows/build-release.yml @@ -17,7 +17,7 @@ on: jobs: release: - runs-on: self-hosted + runs-on: lxc-bookworm # root is used for testing, allow it if: secrets.ROLE == 'forgejo-integration' || github.repository_owner == 'root' steps: diff --git a/.forgejo/workflows/example-docker-compose.yml b/.forgejo/workflows/example-docker-compose.yml index 3e1d4e9..6e017db 100644 --- a/.forgejo/workflows/example-docker-compose.yml +++ b/.forgejo/workflows/example-docker-compose.yml @@ -8,7 +8,7 @@ on: jobs: example-docker-compose: if: github.repository_owner != 'forgejo-integration' && github.repository_owner != 'forgejo-experimental' && github.repository_owner != 'forgejo-release' - runs-on: self-hosted + runs-on: lxc-bookworm steps: - uses: actions/checkout@v4 diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml index 5f396b0..eca38a8 100644 --- a/.forgejo/workflows/publish-release.yml +++ b/.forgejo/workflows/publish-release.yml @@ -22,7 +22,7 @@ on: jobs: publish: - runs-on: self-hosted + runs-on: lxc-bookworm if: secrets.DOER != '' && secrets.FORGEJO != '' && secrets.TO_OWNER != '' && secrets.FROM_OWNER != '' && secrets.TOKEN != '' steps: - uses: actions/checkout@v4 diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml index 044451c..f2c3be1 100644 --- a/.forgejo/workflows/test.yml +++ b/.forgejo/workflows/test.yml @@ -75,7 +75,7 @@ jobs: needs: [build-and-tests] name: runner exec tests if: github.repository_owner != 'forgejo-integration' && github.repository_owner != 'forgejo-experimental' && github.repository_owner != 'forgejo-release' - runs-on: self-hosted + runs-on: lxc-bookworm steps: From a2ce5d9f8b88486225b7075d7233f83aa50f4c93 Mon Sep 17 00:00:00 2001 From: Otto Richter Date: Sun, 8 Dec 2024 13:22:52 +0100 Subject: [PATCH 68/77] Rebrand container prefix to Forgejo --- internal/app/run/runner.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/app/run/runner.go b/internal/app/run/runner.go index 9eaf37e..c0f59e9 100644 --- a/internal/app/run/runner.go +++ b/internal/app/run/runner.go @@ -217,7 +217,7 @@ func (r *Runner) run(ctx context.Context, task *runnerv1.Task, reporter *report. NoSkipCheckout: true, PresetGitHubContext: preset, EventJSON: string(eventJSON), - ContainerNamePrefix: fmt.Sprintf("GITEA-ACTIONS-TASK-%d", task.Id), + ContainerNamePrefix: fmt.Sprintf("FORGEJO-ACTIONS-TASK-%d", task.Id), ContainerMaxLifetime: maxLifetime, ContainerNetworkMode: container.NetworkMode(r.cfg.Container.Network), ContainerNetworkEnableIPv6: r.cfg.Container.EnableIPv6, From 3068bebfcb53513aaa089597493902f1291cb8ce Mon Sep 17 00:00:00 2001 From: xtex Date: Fri, 13 Dec 2024 20:24:01 +0800 Subject: [PATCH 69/77] feat: use FORGEJO_TOKEN as runtime token Link: https://codeberg.org/forgejo/forgejo/pulls/6199 --- internal/app/cmd/exec.go | 4 +++- internal/app/run/runner.go | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/internal/app/cmd/exec.go b/internal/app/cmd/exec.go index 3e111fe..ea1718b 100644 --- a/internal/app/cmd/exec.go +++ b/internal/app/cmd/exec.go @@ -418,7 +418,9 @@ func runExec(ctx context.Context, execArgs *executeArgs) func(cmd *cobra.Command config.Env["ACT_EXEC"] = "true" - if t := config.Secrets["GITEA_TOKEN"]; t != "" { + if t := config.Secrets["FORGEJO_TOKEN"]; t != "" { + config.Token = t + } else if t := config.Secrets["GITEA_TOKEN"]; t != "" { config.Token = t } else if t := config.Secrets["GITHUB_TOKEN"]; t != "" { config.Token = t diff --git a/internal/app/run/runner.go b/internal/app/run/runner.go index 9eaf37e..29a78dd 100644 --- a/internal/app/run/runner.go +++ b/internal/app/run/runner.go @@ -168,7 +168,9 @@ func (r *Runner) run(ctx context.Context, task *runnerv1.Task, reporter *report. RepositoryOwner: taskContext["repository_owner"].GetStringValue(), RetentionDays: taskContext["retention_days"].GetStringValue(), } - if t := task.Secrets["GITEA_TOKEN"]; t != "" { + if t := task.Secrets["FORGEJO_TOKEN"]; t != "" { + preset.Token = t + } else if t := task.Secrets["GITEA_TOKEN"]; t != "" { preset.Token = t } else if t := task.Secrets["GITHUB_TOKEN"]; t != "" { preset.Token = t From 477e9499977674320a2b41474eeeb0ecd19a8124 Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Fri, 13 Dec 2024 18:30:49 +0100 Subject: [PATCH 70/77] chore(release): fix the link to the release notes --- .forgejo/workflows/publish-release.yml | 3 ++- RELEASE-NOTES.md | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml index eca38a8..031205c 100644 --- a/.forgejo/workflows/publish-release.yml +++ b/.forgejo/workflows/publish-release.yml @@ -28,13 +28,14 @@ jobs: - uses: actions/checkout@v4 - name: copy & sign - uses: https://code.forgejo.org/forgejo/forgejo-build-publish/publish@v5 + uses: https://code.forgejo.org/forgejo/forgejo-build-publish/publish@v5.2.0 with: from-forgejo: ${{ secrets.FORGEJO }} to-forgejo: ${{ secrets.FORGEJO }} from-owner: ${{ secrets.FROM_OWNER }} to-owner: ${{ secrets.TO_OWNER }} repo: "runner" + release-notes: "See https://code.forgejo.org/forgejo/runner/src/branch/main/RELEASE-NOTES.md#{ANCHOR}" ref-name: ${{ github.ref_name }} sha: ${{ github.sha }} container-suffixes: " " diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index 743b78a..e7f7ae4 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -1,5 +1,9 @@ # Release Notes +## 5.0.4 + +* Define FORGEJO_TOKEN as an alias to GITHUB_TOKEN + ## 5.0.3 * [Fixes a regression](https://code.forgejo.org/forgejo/runner/pulls/354) that was introduced in version 5.0.0 by which it was no longer possible to mount the docker socket in each container by specifying `[container].docker_host = ""`. This is now implemented when `[container].docker_host = "automount"` is specified. From 24210fe55d62ab4aca03b467c62bd6dd18c50e4a Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 17 Dec 2024 00:02:07 +0000 Subject: [PATCH 71/77] Update module google.golang.org/protobuf to v1.36.0 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 1aa2380..b61dfd9 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/stretchr/testify v1.10.0 golang.org/x/term v0.26.0 golang.org/x/time v0.8.0 - google.golang.org/protobuf v1.35.2 + google.golang.org/protobuf v1.36.0 gopkg.in/yaml.v3 v3.0.1 gotest.tools/v3 v3.5.1 ) diff --git a/go.sum b/go.sum index d5b6f95..8925559 100644 --- a/go.sum +++ b/go.sum @@ -314,8 +314,8 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b h1: google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc= google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk= google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= -google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= -google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.0 h1:mjIs9gYtt56AzC4ZaffQuh88TZurBGhIJMBZGSxNerQ= +google.golang.org/protobuf v1.36.0/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= From bfc83035a63b516801c50e0aeac92a607afdbbd5 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 17 Dec 2024 06:32:58 +0000 Subject: [PATCH 72/77] Update forgejo/forgejo-build-publish action to v5.2.1 --- .forgejo/workflows/publish-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml index 031205c..a8f5f6a 100644 --- a/.forgejo/workflows/publish-release.yml +++ b/.forgejo/workflows/publish-release.yml @@ -28,7 +28,7 @@ jobs: - uses: actions/checkout@v4 - name: copy & sign - uses: https://code.forgejo.org/forgejo/forgejo-build-publish/publish@v5.2.0 + uses: https://code.forgejo.org/forgejo/forgejo-build-publish/publish@v5.2.1 with: from-forgejo: ${{ secrets.FORGEJO }} to-forgejo: ${{ secrets.FORGEJO }} From 521e3f11888e71d3b2598024b3ffa91c33ce6b19 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 17 Dec 2024 08:00:55 +0000 Subject: [PATCH 73/77] Replace actions/cascading-pr action with actions/cascading-pr v1.0.1 --- .forgejo/workflows/cascade-setup-forgejo.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/cascade-setup-forgejo.yml b/.forgejo/workflows/cascade-setup-forgejo.yml index c94ed7c..7692775 100644 --- a/.forgejo/workflows/cascade-setup-forgejo.yml +++ b/.forgejo/workflows/cascade-setup-forgejo.yml @@ -12,7 +12,7 @@ jobs: image: 'code.forgejo.org/oci/node:20-bookworm' if: vars.CASCADE != 'no' steps: - - uses: actions/cascading-pr@v1 + - uses: actions/cascading-pr@v1.0.1 with: origin-url: ${{ env.GITHUB_SERVER_URL }} origin-repo: forgejo/runner From 44227666bab0f55af926b104db140a08d5e9e1d4 Mon Sep 17 00:00:00 2001 From: viceice Date: Tue, 17 Dec 2024 08:17:29 +0000 Subject: [PATCH 74/77] ci: add explicit url Signed-off-by: viceice --- .forgejo/workflows/cascade-setup-forgejo.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/cascade-setup-forgejo.yml b/.forgejo/workflows/cascade-setup-forgejo.yml index 7692775..d03510f 100644 --- a/.forgejo/workflows/cascade-setup-forgejo.yml +++ b/.forgejo/workflows/cascade-setup-forgejo.yml @@ -12,7 +12,7 @@ jobs: image: 'code.forgejo.org/oci/node:20-bookworm' if: vars.CASCADE != 'no' steps: - - uses: actions/cascading-pr@v1.0.1 + - uses: https://code.forgejo.org/actions/cascading-pr@v1.0.1 with: origin-url: ${{ env.GITHUB_SERVER_URL }} origin-repo: forgejo/runner From 6901b83a9dd8f78633f0c4852430401517dc2372 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 17 Dec 2024 14:31:19 +0000 Subject: [PATCH 75/77] Update actions/cascading-pr action to v2 --- .forgejo/workflows/cascade-setup-forgejo.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/cascade-setup-forgejo.yml b/.forgejo/workflows/cascade-setup-forgejo.yml index d03510f..d44897a 100644 --- a/.forgejo/workflows/cascade-setup-forgejo.yml +++ b/.forgejo/workflows/cascade-setup-forgejo.yml @@ -12,7 +12,7 @@ jobs: image: 'code.forgejo.org/oci/node:20-bookworm' if: vars.CASCADE != 'no' steps: - - uses: https://code.forgejo.org/actions/cascading-pr@v1.0.1 + - uses: https://code.forgejo.org/actions/cascading-pr@v2.2.0 with: origin-url: ${{ env.GITHUB_SERVER_URL }} origin-repo: forgejo/runner From b5ce1ccb8a0d18cf0c428cf387cf85780e844deb Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 24 Dec 2024 00:02:25 +0000 Subject: [PATCH 76/77] Update module google.golang.org/protobuf to v1.36.1 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index b61dfd9..6ec34f0 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/stretchr/testify v1.10.0 golang.org/x/term v0.26.0 golang.org/x/time v0.8.0 - google.golang.org/protobuf v1.36.0 + google.golang.org/protobuf v1.36.1 gopkg.in/yaml.v3 v3.0.1 gotest.tools/v3 v3.5.1 ) diff --git a/go.sum b/go.sum index 8925559..0a3fea8 100644 --- a/go.sum +++ b/go.sum @@ -314,8 +314,8 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b h1: google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc= google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk= google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= -google.golang.org/protobuf v1.36.0 h1:mjIs9gYtt56AzC4ZaffQuh88TZurBGhIJMBZGSxNerQ= -google.golang.org/protobuf v1.36.0/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= +google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= From 6d10f57eaa71217f7e091efc2f5e8d71b994a3bd Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Fri, 27 Dec 2024 13:07:42 +0100 Subject: [PATCH 77/77] chore(docs): 6.0.0 release notes --- RELEASE-NOTES.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index e7f7ae4..b28f9ad 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -1,5 +1,9 @@ # Release Notes +## 6.0.0 + +* Security: the container options a job is allowed to specify are limited to a [predefined allow list](https://forgejo.org/docs/next/user/actions/#jobsjob_idcontaineroptions). + ## 5.0.4 * Define FORGEJO_TOKEN as an alias to GITHUB_TOKEN