From c0acd390b895fbf774fa07db452f9ebf1a9b85b9 Mon Sep 17 00:00:00 2001
From: merith-xyz <merith@merith.xyz>
Date: Thu, 26 Sep 2024 07:16:55 -0700
Subject: [PATCH 01/62] update tests file for PR-283

---
 .forgejo/workflows/example-docker-compose.yml | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/.forgejo/workflows/example-docker-compose.yml b/.forgejo/workflows/example-docker-compose.yml
index 4e2f547..6c6fe1d 100644
--- a/.forgejo/workflows/example-docker-compose.yml
+++ b/.forgejo/workflows/example-docker-compose.yml
@@ -39,8 +39,11 @@ jobs:
           # Launch Forgejo & the runner
           #
           $cli up -d
-          for delay in $(seq 60) ; do test -f /srv/runner-data/.runner && break ; sleep 30 ; done
-          test -f /srv/runner-data/.runner
+            for delay in $(seq 60) ; do
+            test -f ./forgejo-runner/runner.json && break
+            sleep 30
+            done
+          test -f ./forgejo-runner/runner.json
           #
           # Run the demo workflow
           #
@@ -56,11 +59,11 @@ jobs:
             grep --quiet "$success" /tmp/out && break
             grep --quiet "$failure" /tmp/out && break
             $cli ps --all
-            $cli logs --tail=20 runner-daemon demo-workflow
+            $cli logs --tail=20 forgejo-runner demo-workflow
             sleep 30
           done
           grep --quiet "$success" /tmp/out
-          $cli logs runner-daemon > /tmp/runner.log
+          $cli logs forgejo-runner > /tmp/runner.log
           grep --quiet 'Start image=code.forgejo.org/oci/node:20-bookworm' /tmp/runner.log
 
       - name: full docker compose logs

From 54b9c53136a2c1cc07cf4c2fce44d5f235b65415 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 1 Oct 2024 17:30:57 +0000
Subject: [PATCH 02/62] Update dependency go to v1.23.2

---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 07622ad..e6e13a2 100644
--- a/go.mod
+++ b/go.mod
@@ -2,7 +2,7 @@ module gitea.com/gitea/act_runner
 
 go 1.21.13
 
-toolchain go1.23.1
+toolchain go1.23.2
 
 require (
 	code.gitea.io/actions-proto-go v0.4.0

From 38e884d9731f889b78d46f9162175874862b1e6c Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sat, 5 Oct 2024 00:00:52 +0000
Subject: [PATCH 03/62] Update module golang.org/x/term to v0.25.0

---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index e6e13a2..84cd05b 100644
--- a/go.mod
+++ b/go.mod
@@ -17,7 +17,7 @@ require (
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.8.1
 	github.com/stretchr/testify v1.9.0
-	golang.org/x/term v0.24.0
+	golang.org/x/term v0.25.0
 	golang.org/x/time v0.6.0
 	google.golang.org/protobuf v1.34.2
 	gopkg.in/yaml.v3 v3.0.1
@@ -96,7 +96,7 @@ require (
 	golang.org/x/mod v0.13.0 // indirect
 	golang.org/x/net v0.23.0 // indirect
 	golang.org/x/sync v0.6.0 // indirect
-	golang.org/x/sys v0.25.0 // indirect
+	golang.org/x/sys v0.26.0 // indirect
 	golang.org/x/tools v0.14.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
diff --git a/go.sum b/go.sum
index 498a542..f874072 100644
--- a/go.sum
+++ b/go.sum
@@ -274,15 +274,15 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
-golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
+golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM=
-golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8=
+golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24=
+golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=

From 722c10968106a1bad4f1609867040380182ef40f Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 8 Oct 2024 00:01:47 +0000
Subject: [PATCH 04/62] Update module google.golang.org/protobuf to v1.35.1

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 84cd05b..8ad9c4e 100644
--- a/go.mod
+++ b/go.mod
@@ -19,7 +19,7 @@ require (
 	github.com/stretchr/testify v1.9.0
 	golang.org/x/term v0.25.0
 	golang.org/x/time v0.6.0
-	google.golang.org/protobuf v1.34.2
+	google.golang.org/protobuf v1.35.1
 	gopkg.in/yaml.v3 v3.0.1
 	gotest.tools/v3 v3.5.1
 )
diff --git a/go.sum b/go.sum
index f874072..e851de1 100644
--- a/go.sum
+++ b/go.sum
@@ -314,8 +314,8 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b h1:
 google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc=
 google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
 google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
-google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
-google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
+google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
+google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=

From 95ef0da0217188f5b483d21869c50469ddddb640 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 8 Oct 2024 04:31:39 +0000
Subject: [PATCH 05/62] Update module golang.org/x/time to v0.7.0

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 8ad9c4e..e5d85a9 100644
--- a/go.mod
+++ b/go.mod
@@ -18,7 +18,7 @@ require (
 	github.com/spf13/cobra v1.8.1
 	github.com/stretchr/testify v1.9.0
 	golang.org/x/term v0.25.0
-	golang.org/x/time v0.6.0
+	golang.org/x/time v0.7.0
 	google.golang.org/protobuf v1.35.1
 	gopkg.in/yaml.v3 v3.0.1
 	gotest.tools/v3 v3.5.1
diff --git a/go.sum b/go.sum
index e851de1..1ee3516 100644
--- a/go.sum
+++ b/go.sum
@@ -292,8 +292,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U=
-golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ=
+golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200325010219-a49f79bcc224/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=

From 20915dc1bf9378587bb2fa88664519b48c30d006 Mon Sep 17 00:00:00 2001
From: Kwonunn <kwonunnx@gmail.com>
Date: Sat, 19 Oct 2024 14:58:44 +0200
Subject: [PATCH 06/62] chore: add issue templates

---
 .forgejo/issue_template/bug-report.yaml      | 84 ++++++++++++++++++++
 .forgejo/issue_template/feature-request.yaml | 26 ++++++
 2 files changed, 110 insertions(+)
 create mode 100644 .forgejo/issue_template/bug-report.yaml
 create mode 100644 .forgejo/issue_template/feature-request.yaml

diff --git a/.forgejo/issue_template/bug-report.yaml b/.forgejo/issue_template/bug-report.yaml
new file mode 100644
index 0000000..414f4e4
--- /dev/null
+++ b/.forgejo/issue_template/bug-report.yaml
@@ -0,0 +1,84 @@
+name: 🐛 Bug Report
+description: Found something you weren't expecting? Report it here!
+title: "bug: "
+labels: ["Kind/Bug"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        **NOTE: If your issue is a security concern, please email <security@forgejo.org> (GPG: `A4676E79`) instead of opening a public issue.**
+  - type: markdown
+    attributes:
+      value: |
+        - Please speak English, as this is the language all maintainers can speak and write.
+        - Be as clear and concise as possible. A very verbose report is harder to interpret in a concrete way.
+        - Be civil, and follow the [Forgejo Code of Conduct](https://codeberg.org/forgejo/code-of-conduct).
+        - Take a moment to [check that your issue hasn't been reported before](https://code.forgejo.org/forgejo/runner/issues?q=&type=all&labels=19).
+  - type: dropdown
+    id: can-reproduce
+    attributes:
+      label: Can you reproduce the bug on the Forgejo test instance?
+      description: |
+        Please try reproducing your issue at https://dev.next.forgejo.org.
+        It is running the latest development branch and will confirm the problem is not already fixed.
+        If you can reproduce it, provide a URL in the description.
+      options:
+        - "Yes"
+        - "No"
+    validations:
+      required: true
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: |
+        Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see above).
+    validations:
+      required: true
+  - type: input
+    id: forgejo-ver
+    attributes:
+      label: Forgejo Version
+      description: Forgejo version (or commit reference) of your instance
+  - type: input
+    id: runner-ver
+    attributes:
+      label: Runner Version
+      description: Runner version (or commit reference) of the runner on your instance
+  - type: textarea
+    id: forgejo-run-info
+    attributes:
+      label: How are you running Forgejo?
+      description: |
+        Please include information on whether you built Forgejo yourself, used one of our downloads, or are using some other package.
+        Please also tell us how you are running Forgejo, e.g. if it is being run from a container, a command-line, systemd etc.
+        If you are using a package or systemd tell us what distribution you are using.
+    validations:
+      required: true
+  - type: textarea
+    id: runner-run-info
+    attributes:
+      label: How are you running the Runner?
+      description: |
+        Please include information on whether you built the Runner yourself, used one of our downloads, or are using some other package.
+        Please also tell us how you are running it, e.g. if it is being run from a container, a command-line, systemd etc.
+        If you are using a package or systemd tell us what distribution you are using.
+    validations:
+      required: true
+  - type: textarea
+    id: logs
+    attributes:
+      label: Logs
+      description: |
+        It's really important to provide pertinent logs. You must give us `DEBUG` level logs.
+        Please read https://forgejo.org/docs/latest/admin/logging-documentation/.
+
+        Please copy and paste your logs here, with any sensitive information (e.g. API keys) removed/hidden.
+        You can wrap your logs in `<details>...</details>` tags so it doesn't take up too much space in the issue.
+  - type: textarea
+    id: workflow
+    attributes:
+      label: Workflow file
+      description: |
+        If the bug occurs in a specific workflow, please provide an example workflow file.
+        If you have linked to a reproduction repository this won't be necessary.
diff --git a/.forgejo/issue_template/feature-request.yaml b/.forgejo/issue_template/feature-request.yaml
new file mode 100644
index 0000000..3daeafd
--- /dev/null
+++ b/.forgejo/issue_template/feature-request.yaml
@@ -0,0 +1,26 @@
+name: 💡 Feature Request
+description: Got an idea for an improvement to the Forgejo Runner? Suggest it here!
+title: "feat: "
+labels: ["Kind/Enhancement"]
+body:
+- type: markdown
+  attributes:
+    value: |
+      - Please speak English, as this is the language all maintainers can speak and write.
+      - Be as clear and concise as possible. A very verbose request is harder to interpret in a concrete way.
+      - Be civil, and follow the [Forgejo Code of Conduct](https://codeberg.org/forgejo/code-of-conduct).
+      - Please make sure you are using the latest release of the runner and take a moment to [check that your feature hasn't already been suggested](https://code.forgejo.org/forgejo/runner/issues?q=&type=all).
+- type: textarea
+  id: needs-benefits
+  attributes:
+    label: Needs and benefits
+    description: As concisely as possible, describe the benefits your feature request will provide or the problems it will try to solve.
+  validations:
+    required: true
+- type: textarea
+  id: description
+  attributes:
+    label: Feature Description
+    description: As concisely as possible, describe the feature you would like to see added or the changes you would like to see made to Forgejo.
+  validations:
+    required: true

From 5a4387dd00bf927a780ed295419a64c608960abb Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sun, 20 Oct 2024 00:00:48 +0000
Subject: [PATCH 07/62] Update module code.forgejo.org/forgejo/act to v1.21.4

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index e5d85a9..d884b2a 100644
--- a/go.mod
+++ b/go.mod
@@ -102,4 +102,4 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
 
-replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.21.3
+replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.21.4
diff --git a/go.sum b/go.sum
index 1ee3516..6e719f7 100644
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,5 @@
-code.forgejo.org/forgejo/act v1.21.3 h1:EeJbrz0aar2QhIcBlOW5gjK1rjrQxcAvQSPpG/R1h5w=
-code.forgejo.org/forgejo/act v1.21.3/go.mod h1:+PcvJ9iv+NTFeJSh79ra9Jbk9l0vvyA9D9me5/dbxYM=
+code.forgejo.org/forgejo/act v1.21.4 h1:p/w1kQAC2BU43tB4vKicN/j0xCsMfeDULwCv5nUhHRM=
+code.forgejo.org/forgejo/act v1.21.4/go.mod h1:+PcvJ9iv+NTFeJSh79ra9Jbk9l0vvyA9D9me5/dbxYM=
 code.gitea.io/actions-proto-go v0.4.0 h1:OsPBPhodXuQnsspG1sQ4eRE1PeoZyofd7+i73zCwnsU=
 code.gitea.io/actions-proto-go v0.4.0/go.mod h1:mn7Wkqz6JbnTOHQpot3yDeHx+O5C9EGhMEE+htvHBas=
 code.gitea.io/gitea-vet v0.2.3 h1:gdFmm6WOTM65rE8FUBTRzeQZYzXePKSSB1+r574hWwI=

From 2b64f15543ca76ac09721c2bf898ffc2cd708eaa Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Tue, 29 Oct 2024 07:49:55 +0100
Subject: [PATCH 08/62] fix: make container.docker_host default to -

Otherwise containers will be running by default with a socket to the
docker host which is insecure. The default must be secure.
---
 RELEASE-NOTES.md                        |  4 +++-
 internal/pkg/config/config.example.yaml | 16 ++++++++--------
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
index c4d9db3..44084b3 100644
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@@ -1,7 +1,9 @@
 # Release Notes
 
-## 3.5.2
+## 4.0.0
 
+* Breaking change: fix the default configuration for `docker_host` is changed to [not mounting the docker server socket](https://code.forgejo.org/forgejo/runner/pulls/305).
+* [Remove debug information from the setup of a workflow](https://code.forgejo.org/forgejo/runner/pulls/297).
 * Fix [crash in some cases when the YAML structure is not as expected](https://code.forgejo.org/forgejo/runner/issues/267).
 
 ## 3.5.1
diff --git a/internal/pkg/config/config.example.yaml b/internal/pkg/config/config.example.yaml
index 32dfb68..88bc2c6 100644
--- a/internal/pkg/config/config.example.yaml
+++ b/internal/pkg/config/config.example.yaml
@@ -1,7 +1,7 @@
 # Example configuration file, it's safe to copy this as the default config file without any modification.
 
 # You don't have to copy this file to your instance,
-# just run `./act_runner generate-config > config.yaml` to generate a config file.
+# just run `forgejo-runner generate-config > config.yaml` to generate a config file.
 
 log:
   # The level of logging, can be trace, debug, info, warn, error, fatal
@@ -40,7 +40,7 @@ runner:
   # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
   # Like: ["macos-arm64:host", "ubuntu-latest:docker://node:20-bookworm", "ubuntu-22.04:docker://node:20-bookworm"]
   # If it's empty when registering, it will ask for inputting labels.
-  # If it's empty when execute `deamon`, will use labels in `.runner` file.
+  # If it's empty when executing the `daemon`, it will use labels in the `.runner` file.
   labels: []
 
 cache:
@@ -57,8 +57,8 @@ cache:
   # 0 means to use a random available port.
   port: 0
   # The external cache server URL. Valid only when enable is true.
-  # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
-  # The URL should generally end with "/".
+  # If it's specified, it will be used to set the ACTIONS_CACHE_URL environment variable. The URL should generally end with "/".
+  # Otherwise it will be set to the the URL of the internal cache server.
   external_server: ""
 
 container:
@@ -87,10 +87,10 @@ container:
   #   - '**'
   valid_volumes: []
   # overrides the docker client host with the specified one.
-  # If it's empty, act_runner will find an available docker host automatically.
-  # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
-  # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
-  docker_host: ""
+  # If "-", an available docker host will automatically be found.
+  # If empty, an available docker host will automatically be found and mounted in the job container (e.g. /var/run/docker.sock).
+  # Otherwise the specified docker host will be used and an error will be returned if it doesn't work.
+  docker_host: "-"
   # Pull docker image(s) even if already present
   force_pull: false
 

From 45fe0a6c667fd9a58c771b40ed0a86cd0ce24d53 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Fri, 1 Nov 2024 00:07:20 +0000
Subject: [PATCH 09/62] Update module code.forgejo.org/forgejo/act to v1.21.5

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index d884b2a..f8f6982 100644
--- a/go.mod
+++ b/go.mod
@@ -102,4 +102,4 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
 
-replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.21.4
+replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.21.5
diff --git a/go.sum b/go.sum
index 6e719f7..76d4a2c 100644
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,5 @@
-code.forgejo.org/forgejo/act v1.21.4 h1:p/w1kQAC2BU43tB4vKicN/j0xCsMfeDULwCv5nUhHRM=
-code.forgejo.org/forgejo/act v1.21.4/go.mod h1:+PcvJ9iv+NTFeJSh79ra9Jbk9l0vvyA9D9me5/dbxYM=
+code.forgejo.org/forgejo/act v1.21.5 h1:rWI+bhClocogdNwjRrM836rZYY7JBcHY3VUAwkYqEtw=
+code.forgejo.org/forgejo/act v1.21.5/go.mod h1:+PcvJ9iv+NTFeJSh79ra9Jbk9l0vvyA9D9me5/dbxYM=
 code.gitea.io/actions-proto-go v0.4.0 h1:OsPBPhodXuQnsspG1sQ4eRE1PeoZyofd7+i73zCwnsU=
 code.gitea.io/actions-proto-go v0.4.0/go.mod h1:mn7Wkqz6JbnTOHQpot3yDeHx+O5C9EGhMEE+htvHBas=
 code.gitea.io/gitea-vet v0.2.3 h1:gdFmm6WOTM65rE8FUBTRzeQZYzXePKSSB1+r574hWwI=

From 3f3601e46b10b12cc249ca14d68e3149a07dac7e Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Fri, 1 Nov 2024 06:18:24 +0100
Subject: [PATCH 10/62] chore(release-notes): version 4.0.1

---
 RELEASE-NOTES.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
index 44084b3..55a49f0 100644
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@@ -1,5 +1,9 @@
 # Release Notes
 
+## 4.0.1
+
+* Do not panic when [the number of arguments of a function evaluated in an expression is incorect](https://code.forgejo.org/forgejo/act/pulls/59/files).
+
 ## 4.0.0
 
 * Breaking change: fix the default configuration for `docker_host` is changed to [not mounting the docker server socket](https://code.forgejo.org/forgejo/runner/pulls/305).

From 71149e36fae163523d81f0cf23da3a64129e0f33 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thorben=20G=C3=BCnther?= <admin@xenrox.net>
Date: Sun, 20 Oct 2024 14:32:56 +0200
Subject: [PATCH 11/62] Add configurable logging level for jobs

This changes the default for JobLoggerLevel from "trace" to "info".

Closes #298
---
 internal/app/run/runner.go              | 9 +++++++++
 internal/pkg/config/config.example.yaml | 2 ++
 internal/pkg/config/config.go           | 6 +++++-
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/internal/app/run/runner.go b/internal/app/run/runner.go
index e8654b6..e774786 100644
--- a/internal/app/run/runner.go
+++ b/internal/app/run/runner.go
@@ -232,6 +232,15 @@ func (r *Runner) run(ctx context.Context, task *runnerv1.Task, reporter *report.
 		Inputs:                     inputs,
 	}
 
+	if r.cfg.Log.JobLevel != "" {
+		level, err := log.ParseLevel(r.cfg.Log.JobLevel)
+		if err != nil {
+			return err
+		}
+
+		runnerConfig.JobLoggerLevel = &level
+	}
+
 	rr, err := runner.New(runnerConfig)
 	if err != nil {
 		return err
diff --git a/internal/pkg/config/config.example.yaml b/internal/pkg/config/config.example.yaml
index 88bc2c6..20218ae 100644
--- a/internal/pkg/config/config.example.yaml
+++ b/internal/pkg/config/config.example.yaml
@@ -6,6 +6,8 @@
 log:
   # The level of logging, can be trace, debug, info, warn, error, fatal
   level: info
+  # The level of logging for jobs, can be trace, debug, info, earn, error, fatal
+  job_level: info
 
 runner:
   # Where to store the registration result.
diff --git a/internal/pkg/config/config.go b/internal/pkg/config/config.go
index a1536b3..5ab177d 100644
--- a/internal/pkg/config/config.go
+++ b/internal/pkg/config/config.go
@@ -16,7 +16,8 @@ import (
 
 // Log represents the configuration for logging.
 type Log struct {
-	Level string `yaml:"level"` // Level indicates the logging level.
+	Level    string `yaml:"level"`     // Level indicates the logging level.
+	JobLevel string `yaml:"job_level"` // JobLevel indicates the job logging level.
 }
 
 // Runner represents the configuration for the runner.
@@ -113,6 +114,9 @@ func LoadDefault(file string) (*Config, error) {
 	if cfg.Log.Level == "" {
 		cfg.Log.Level = "info"
 	}
+	if cfg.Log.JobLevel == "" {
+		cfg.Log.JobLevel = "info"
+	}
 	if cfg.Runner.File == "" {
 		cfg.Runner.File = ".runner"
 	}

From 846ff2a616634540c641729182429c93dd6b726e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thorben=20G=C3=BCnther?= <admin@xenrox.net>
Date: Wed, 30 Oct 2024 22:11:19 +0100
Subject: [PATCH 12/62] Add simple test

---
 internal/pkg/config/config_test.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/internal/pkg/config/config_test.go b/internal/pkg/config/config_test.go
index d2ddf2f..af3ebf7 100644
--- a/internal/pkg/config/config_test.go
+++ b/internal/pkg/config/config_test.go
@@ -35,3 +35,10 @@ func TestConfigTune(t *testing.T) {
 		assert.EqualValues(t, 2*time.Second, c.Runner.FetchInterval)
 	})
 }
+
+func TestDefaultSettings(t *testing.T) {
+	config, err := LoadDefault("")
+	assert.NoError(t, err)
+
+	assert.EqualValues(t, config.Log.JobLevel, "info")
+}

From 8b2242d893d405f87a5402bc595d69f45ec1680f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thorben=20G=C3=BCnther?= <admin@xenrox.net>
Date: Sat, 2 Nov 2024 20:32:13 +0100
Subject: [PATCH 13/62] Update release notes.

---
 RELEASE-NOTES.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
index 55a49f0..f899d14 100644
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@@ -1,5 +1,9 @@
 # Release Notes
 
+## 4.1.0
+
+* [Add job_level logging option to config](https://code.forgejo.org/forgejo/runner/pulls/299) to make the logging level of jobs configurable. Change default from "trace" to "info".
+
 ## 4.0.1
 
 * Do not panic when [the number of arguments of a function evaluated in an expression is incorect](https://code.forgejo.org/forgejo/act/pulls/59/files).

From 6c9959d7a96a7876f3c51f834f3a11d98eca621e Mon Sep 17 00:00:00 2001
From: Kwonunn <kwonunnx@gmail.com>
Date: Mon, 28 Oct 2024 08:58:35 +0100
Subject: [PATCH 14/62] Cherry-pick gitea act_runner #543

From: https://gitea.com/gitea/act_runner/commit/1735b26e66f8e81c526204c128f1bcfd7f578906

Don't log job output when debug logging is not enabled

We wanted the ability to disable outputting the logs from the individual job to the console. This changes the logging so that job logs are only output to the console whenever debug logging is enabled in `act_runner`, while still allowing the `Reporter` to receive these logs and forward them to Gitea when debug logging is not enabled.

Signed-off-by: Kwonunn <kwonunnx@gmail.com>
---
 internal/app/run/logging.go | 24 ++++++++++++++++++++++++
 internal/app/run/runner.go  |  4 ++++
 2 files changed, 28 insertions(+)
 create mode 100644 internal/app/run/logging.go

diff --git a/internal/app/run/logging.go b/internal/app/run/logging.go
new file mode 100644
index 0000000..d0e6d1c
--- /dev/null
+++ b/internal/app/run/logging.go
@@ -0,0 +1,24 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package run
+
+import (
+	"io"
+
+	log "github.com/sirupsen/logrus"
+)
+
+// NullLogger is used to create a new JobLogger to discard logs. This
+// will prevent these logs from being logged to the stdout, but
+// forward them to the Reporter via its hook.
+type NullLogger struct{}
+
+// WithJobLogger creates a new logrus.Logger that will discard all logs.
+func (n NullLogger) WithJobLogger() *log.Logger {
+	logger := log.New()
+	logger.SetOutput(io.Discard)
+	logger.SetLevel(log.TraceLevel)
+
+	return logger
+}
diff --git a/internal/app/run/runner.go b/internal/app/run/runner.go
index e774786..9eaf37e 100644
--- a/internal/app/run/runner.go
+++ b/internal/app/run/runner.go
@@ -252,6 +252,10 @@ func (r *Runner) run(ctx context.Context, task *runnerv1.Task, reporter *report.
 	// add logger recorders
 	ctx = common.WithLoggerHook(ctx, reporter)
 
+	if !log.IsLevelEnabled(log.DebugLevel) {
+		ctx = runner.WithJobLoggerFactory(ctx, NullLogger{})
+	}
+
 	execErr := executor(ctx)
 	reporter.SetOutputs(job.Outputs)
 	return execErr

From 0ba115ba6789411868fa92ec882470bc3307b664 Mon Sep 17 00:00:00 2001
From: Kwonunn <kwonunnx@gmail.com>
Date: Sun, 3 Nov 2024 15:10:54 +0100
Subject: [PATCH 15/62] Version bump and add release notes

---
 RELEASE-NOTES.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
index f899d14..01fcf39 100644
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@@ -1,8 +1,9 @@
 # Release Notes
 
-## 4.1.0
+## 5.0.0
 
 * [Add job_level logging option to config](https://code.forgejo.org/forgejo/runner/pulls/299) to make the logging level of jobs configurable. Change default from "trace" to "info".
+* [Don't log job output when debug logging is not enabled](https://code.forgejo.org/forgejo/runner/pulls/303). This reduces the default amount of log output of the runner.
 
 ## 4.0.1
 

From 0658d72b3f25a8d18fdf4e7da01a65fda6114273 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 6 Nov 2024 23:35:14 +0000
Subject: [PATCH 16/62] Update dependency go to v1.23.3

---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index f8f6982..28c3f2e 100644
--- a/go.mod
+++ b/go.mod
@@ -2,7 +2,7 @@ module gitea.com/gitea/act_runner
 
 go 1.21.13
 
-toolchain go1.23.2
+toolchain go1.23.3
 
 require (
 	code.gitea.io/actions-proto-go v0.4.0

From 228e0025657576ad666b4a2756b1e3f26743661c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Kro=CC=88ner?= <felix.kroener@gmx.de>
Date: Thu, 7 Nov 2024 07:30:12 +0000
Subject: [PATCH 17/62] Add support for windows build on GitHub (#312)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR adds a Windows build pipeline running on GitHub.
Currently it runs on the repository https://github.com/Crown0815/forgejo-runner-windows.

So far the build does not include tests, but I am working on a solution.
For the time being we can release the windows builds easily though.

Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/312
Co-authored-by: Felix Kröner <felix.kroener@gmx.de>
Co-committed-by: Felix Kröner <felix.kroener@gmx.de>
---
 .github/workflows/build-release.yml | 48 +++++++++++++++++++++++++++++
 .gitignore                          |  3 ++
 2 files changed, 51 insertions(+)
 create mode 100644 .github/workflows/build-release.yml

diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml
new file mode 100644
index 0000000..8086590
--- /dev/null
+++ b/.github/workflows/build-release.yml
@@ -0,0 +1,48 @@
+# This workflow will build a Windows binary for each architecture and upload it as an artifact.
+# If the push is a tag, it will create a release with the binaries attached.
+# This build is currently supported on https://github.com/Crown0815/forgejo-runner-windows
+
+name: Build release
+
+on:
+  push:
+    tags: 'v*'
+jobs:
+  build:
+    name: Build ${{matrix.architecture}}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        architecture: ['386', amd64, arm, arm64]
+    steps:
+      - uses: actions/checkout@v4
+      - name: Build for ${{matrix.architecture}}
+        run: |
+          env GOOS=windows GOARCH=${{matrix.architecture}} \
+          go build -o forgejo-runner-windows-${{matrix.architecture}}.exe
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: forgejo-runner-windows-${{matrix.architecture}}
+          path: forgejo-runner-windows-${{matrix.architecture}}.exe
+
+  release:
+    runs-on: ubuntu-latest
+    needs: build
+    if: github.event_name == 'push' && github.ref_type == 'tag'
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          path: .
+
+      - name: Create Release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ github.ref_name }}
+          files: forgejo-runner-windows-*/forgejo-runner-windows-*.exe
+          draft: false
+          prerelease: ${{ contains(github.ref, 'beta') || contains(github.ref, 'alpha') }}
+          token: ${{ secrets.RELEASE_TOKEN }}
+          fail_on_unmatched_files: true
+          body: See [original release notes](https://code.forgejo.org/forgejo/runner/releases/tag/${{ github.ref_name }}).
+
diff --git a/.gitignore b/.gitignore
index 3a3808c..57ec96d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,3 +12,6 @@ coverage.txt
 __debug_bin
 # gorelease binary folder
 dist
+
+# Jetbrains IDE
+.idea

From 9510276a99e87fbf60bdd8fc5b26003d5858f1ce Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Fri, 8 Nov 2024 00:05:20 +0000
Subject: [PATCH 18/62] Update module golang.org/x/term to v0.26.0

---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 28c3f2e..4f8f6c1 100644
--- a/go.mod
+++ b/go.mod
@@ -17,7 +17,7 @@ require (
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.8.1
 	github.com/stretchr/testify v1.9.0
-	golang.org/x/term v0.25.0
+	golang.org/x/term v0.26.0
 	golang.org/x/time v0.7.0
 	google.golang.org/protobuf v1.35.1
 	gopkg.in/yaml.v3 v3.0.1
@@ -96,7 +96,7 @@ require (
 	golang.org/x/mod v0.13.0 // indirect
 	golang.org/x/net v0.23.0 // indirect
 	golang.org/x/sync v0.6.0 // indirect
-	golang.org/x/sys v0.26.0 // indirect
+	golang.org/x/sys v0.27.0 // indirect
 	golang.org/x/tools v0.14.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
diff --git a/go.sum b/go.sum
index 76d4a2c..5b7a1f8 100644
--- a/go.sum
+++ b/go.sum
@@ -274,15 +274,15 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
-golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
+golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24=
-golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
+golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU=
+golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=

From 4a57d4acf9acae45e0dea50e39c86d5777cbe322 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Fri, 8 Nov 2024 07:54:54 +0000
Subject: [PATCH 19/62] Update module golang.org/x/time to v0.8.0

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 4f8f6c1..9969f26 100644
--- a/go.mod
+++ b/go.mod
@@ -18,7 +18,7 @@ require (
 	github.com/spf13/cobra v1.8.1
 	github.com/stretchr/testify v1.9.0
 	golang.org/x/term v0.26.0
-	golang.org/x/time v0.7.0
+	golang.org/x/time v0.8.0
 	google.golang.org/protobuf v1.35.1
 	gopkg.in/yaml.v3 v3.0.1
 	gotest.tools/v3 v3.5.1
diff --git a/go.sum b/go.sum
index 5b7a1f8..290783c 100644
--- a/go.sum
+++ b/go.sum
@@ -292,8 +292,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ=
-golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg=
+golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200325010219-a49f79bcc224/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=

From f6626f09d562fb62a2b6202ef08f3a44c23a9697 Mon Sep 17 00:00:00 2001
From: Michael Kriese <michael.kriese@visualon.de>
Date: Fri, 8 Nov 2024 09:53:52 +0100
Subject: [PATCH 20/62] fix: dockerfile casing typo

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 50f1965..a5c1daf 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/tonistiigi/xx AS xx
 
-FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.21-alpine3.19 as build-env
+FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.21-alpine3.19 AS build-env
 
 #
 # Transparently cross compile for the target platform

From 0fb825f8e7f45777aa974a4f9f87b1ae96fa68a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Kro=CC=88ner?= <felix.kroener@gmx.de>
Date: Sun, 10 Nov 2024 13:39:26 +0100
Subject: [PATCH 21/62] ci: Include version number in windows runner build

---
 .github/workflows/build-release.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml
index 8086590..4524591 100644
--- a/.github/workflows/build-release.yml
+++ b/.github/workflows/build-release.yml
@@ -19,7 +19,9 @@ jobs:
       - name: Build for ${{matrix.architecture}}
         run: |
           env GOOS=windows GOARCH=${{matrix.architecture}} \
-          go build -o forgejo-runner-windows-${{matrix.architecture}}.exe
+          go build \
+            -ldflags "-s -w -X gitea.com/gitea/act_runner/internal/pkg/ver.version=${{ github.ref_name }}" \
+            -o forgejo-runner-windows-${{matrix.architecture}}.exe
 
       - uses: actions/upload-artifact@v4
         with:

From c97e4d1fe394bb9427ce22acaa5dca2db7fdbffa Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 12 Nov 2024 00:08:54 +0000
Subject: [PATCH 22/62] Update module code.forgejo.org/forgejo/act to v1.22.0

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 9969f26..379967e 100644
--- a/go.mod
+++ b/go.mod
@@ -102,4 +102,4 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
 
-replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.21.5
+replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.22.0
diff --git a/go.sum b/go.sum
index 290783c..c2b4f91 100644
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,5 @@
-code.forgejo.org/forgejo/act v1.21.5 h1:rWI+bhClocogdNwjRrM836rZYY7JBcHY3VUAwkYqEtw=
-code.forgejo.org/forgejo/act v1.21.5/go.mod h1:+PcvJ9iv+NTFeJSh79ra9Jbk9l0vvyA9D9me5/dbxYM=
+code.forgejo.org/forgejo/act v1.22.0 h1:NbUf0+vQ48+ddwe4zVkINqnxKYl/to+NUvW7iisPA60=
+code.forgejo.org/forgejo/act v1.22.0/go.mod h1:+PcvJ9iv+NTFeJSh79ra9Jbk9l0vvyA9D9me5/dbxYM=
 code.gitea.io/actions-proto-go v0.4.0 h1:OsPBPhodXuQnsspG1sQ4eRE1PeoZyofd7+i73zCwnsU=
 code.gitea.io/actions-proto-go v0.4.0/go.mod h1:mn7Wkqz6JbnTOHQpot3yDeHx+O5C9EGhMEE+htvHBas=
 code.gitea.io/gitea-vet v0.2.3 h1:gdFmm6WOTM65rE8FUBTRzeQZYzXePKSSB1+r574hWwI=

From 7696c1b72acacbc47d35e5b2b5926febb095b4cb Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 12 Nov 2024 09:35:59 +0000
Subject: [PATCH 23/62] Update actions/checkout action to v4

---
 .forgejo/workflows/build-release-integration.yml | 2 +-
 .forgejo/workflows/build-release.yml             | 2 +-
 .forgejo/workflows/publish-release.yml           | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml
index 7f92218..6dc496f 100644
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@@ -19,7 +19,7 @@ jobs:
     runs-on: self-hosted
     if: github.repository_owner != 'forgejo-integration' && github.repository_owner != 'forgejo-release'
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - id: forgejo
         uses: https://code.forgejo.org/actions/setup-forgejo@v1
diff --git a/.forgejo/workflows/build-release.yml b/.forgejo/workflows/build-release.yml
index 162befb..534f476 100644
--- a/.forgejo/workflows/build-release.yml
+++ b/.forgejo/workflows/build-release.yml
@@ -20,7 +20,7 @@ jobs:
     # root is used for testing, allow it
     if: secrets.ROLE == 'forgejo-integration' || github.repository_owner == 'root'
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Increase the verbosity when there are no secrets
         id: verbose
diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml
index 35d8662..0d332d2 100644
--- a/.forgejo/workflows/publish-release.yml
+++ b/.forgejo/workflows/publish-release.yml
@@ -24,7 +24,7 @@ jobs:
     runs-on: self-hosted
     if: secrets.DOER != '' && secrets.FORGEJO != '' && secrets.TO_OWNER != '' && secrets.FROM_OWNER != '' && secrets.TOKEN != ''
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: copy & sign
         uses: https://code.forgejo.org/forgejo/forgejo-build-publish/publish@v1

From 65c9651b1bfced50069d39591d891391ac9f57ea Mon Sep 17 00:00:00 2001
From: Michael Kriese <michael.kriese@visualon.de>
Date: Tue, 12 Nov 2024 10:48:52 +0100
Subject: [PATCH 24/62] ci: don't run on renovate branches

They are run on PR. Save some ci time (~6min)
---
 .forgejo/workflows/build-release-integration.yml | 2 ++
 .forgejo/workflows/build-release.yml             | 3 ++-
 .forgejo/workflows/publish-release.yml           | 3 ++-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml
index 7f92218..15a3f70 100644
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@@ -7,6 +7,8 @@ on:
       - Dockerfile
       - .forgejo/workflows/build-release.yml
       - .forgejo/workflows/build-release-integration.yml
+    branches-ignore:
+      - renovate/** # they are build via PR
   pull_request:
     paths:
       - go.mod
diff --git a/.forgejo/workflows/build-release.yml b/.forgejo/workflows/build-release.yml
index 162befb..5c2f952 100644
--- a/.forgejo/workflows/build-release.yml
+++ b/.forgejo/workflows/build-release.yml
@@ -12,7 +12,8 @@ name: Build release
 
 on:
   push:
-    tags: 'v*'
+    tags:
+    - 'v*'
 
 jobs:
   release:
diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml
index 35d8662..683533d 100644
--- a/.forgejo/workflows/publish-release.yml
+++ b/.forgejo/workflows/publish-release.yml
@@ -17,7 +17,8 @@ name: publish
 
 on:
   push:
-    tags: 'v*'
+    tags:
+      - 'v*'
 
 jobs:
   publish:

From 0aed67ae6902e8d295aca6abba0d9c10fd0280a8 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 12 Nov 2024 10:05:45 +0000
Subject: [PATCH 25/62] Update actions/setup-go action to v5

---
 .forgejo/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml
index 677ab68..1864e57 100644
--- a/.forgejo/workflows/test.yml
+++ b/.forgejo/workflows/test.yml
@@ -36,7 +36,7 @@ jobs:
           - ${{ env.FORGEJO_SCRIPT }}
 
     steps:
-      - uses: actions/setup-go@v3
+      - uses: actions/setup-go@v5
         with:
           go-version: '1.21'
 

From 4ddd8a4ce8f03424c09789b57db9ce623f2edab5 Mon Sep 17 00:00:00 2001
From: Michael Kriese <michael.kriese@visualon.de>
Date: Tue, 12 Nov 2024 11:48:32 +0100
Subject: [PATCH 26/62] ci: use `go-version-file`

---
 .forgejo/workflows/test.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml
index 1864e57..19d79b7 100644
--- a/.forgejo/workflows/test.yml
+++ b/.forgejo/workflows/test.yml
@@ -11,7 +11,7 @@ env:
   FORGEJO_ADMIN_PASSWORD: 'admin1234'
   FORGEJO_RUNNER_SECRET: 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
   FORGEJO_SCRIPT: |
-    /bin/s6-svscan /etc/s6 & sleep 10 ; su -c "forgejo admin user create --admin --username $FORGEJO_ADMIN_USER --password $FORGEJO_ADMIN_PASSWORD --email root@example.com" git && su -c "forgejo forgejo-cli actions register --labels docker --name therunner --secret $FORGEJO_RUNNER_SECRET" git && sleep infinity  
+    /bin/s6-svscan /etc/s6 & sleep 10 ; su -c "forgejo admin user create --admin --username $FORGEJO_ADMIN_USER --password $FORGEJO_ADMIN_PASSWORD --email root@example.com" git && su -c "forgejo forgejo-cli actions register --labels docker --name therunner --secret $FORGEJO_RUNNER_SECRET" git && sleep infinity
   GOPROXY: https://goproxy.io,direct
 
 jobs:
@@ -36,11 +36,11 @@ jobs:
           - ${{ env.FORGEJO_SCRIPT }}
 
     steps:
+      - uses: actions/checkout@v4
+
       - uses: actions/setup-go@v5
         with:
-          go-version: '1.21'
-
-      - uses: actions/checkout@v4
+          go-version-file: go.mod
 
       - run: make vet
 

From f4fc4c0247baee2014f036bba1368cf7394abdb6 Mon Sep 17 00:00:00 2001
From: Michael Kriese <michael.kriese@visualon.de>
Date: Tue, 12 Nov 2024 11:52:18 +0100
Subject: [PATCH 27/62] test: unpin docker compose

---
 .forgejo/workflows/example-docker-compose.yml | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/.forgejo/workflows/example-docker-compose.yml b/.forgejo/workflows/example-docker-compose.yml
index 4e2f547..f6abac9 100644
--- a/.forgejo/workflows/example-docker-compose.yml
+++ b/.forgejo/workflows/example-docker-compose.yml
@@ -20,12 +20,8 @@ jobs:
           curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
           echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
           apt-get update -qq
-          apt-get install -qq -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin=2.20.2-1~debian.11~bullseye
+          apt-get install -qq -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
           docker version
-          #
-          # docker compose is prone to non backward compatible changes, pin it
-          #
-          apt-get install -qq -y docker-compose-plugin=2.20.2-1~debian.11~bullseye
           docker compose version
 
       - name: run the example

From 342141df3a98ae41fc5a67f2b5c36b48e2de4313 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 12 Nov 2024 11:41:45 +0000
Subject: [PATCH 28/62] Update golang packages to v1.22

---
 Dockerfile | 2 +-
 go.mod     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index a5c1daf..70c59ca 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/tonistiigi/xx AS xx
 
-FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.21-alpine3.19 AS build-env
+FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.22-alpine3.19 AS build-env
 
 #
 # Transparently cross compile for the target platform
diff --git a/go.mod b/go.mod
index 379967e..ddd6cef 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module gitea.com/gitea/act_runner
 
-go 1.21.13
+go 1.22.9
 
 toolchain go1.23.3
 

From c9f8bb68879afcff4d6b8d553af5c3f9c7f4f35f Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 12 Nov 2024 13:01:01 +0000
Subject: [PATCH 29/62] Update code.forgejo.org/oci/alpine Docker tag to v3.20

---
 Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 70c59ca..4196e7c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/tonistiigi/xx AS xx
 
-FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.22-alpine3.19 AS build-env
+FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.22-alpine3.20 AS build-env
 
 #
 # Transparently cross compile for the target platform
@@ -19,7 +19,7 @@ WORKDIR /srv
 
 RUN make clean && make build
 
-FROM code.forgejo.org/oci/alpine:3.19
+FROM code.forgejo.org/oci/alpine:3.20
 ARG RELEASE_VERSION
 RUN apk add --no-cache git bash
 

From b4aba5f688d4e261dba19100e24ceba71179d0f0 Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Tue, 12 Nov 2024 14:08:44 +0100
Subject: [PATCH 30/62] tests: it make take time for Forgejo to come up

---
 .forgejo/workflows/test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml
index 19d79b7..42dd972 100644
--- a/.forgejo/workflows/test.yml
+++ b/.forgejo/workflows/test.yml
@@ -54,8 +54,8 @@ jobs:
       - name: check the forgejo server is responding
         run: |
           apt-get update -qq
-          apt-get install -y -qq jq curl
-          test $FORGEJO_ADMIN_USER = $(curl -sS http://$FORGEJO_ADMIN_USER:$FORGEJO_ADMIN_PASSWORD@$FORGEJO_HOST_PORT/api/v1/user | jq --raw-output .login)
+          apt-get install -y -qq jq curl retry
+          retry --delay=1 --times=60 bash -c 'test $FORGEJO_ADMIN_USER = $(curl -sS http://$FORGEJO_ADMIN_USER:$FORGEJO_ADMIN_PASSWORD@$FORGEJO_HOST_PORT/api/v1/user | jq --raw-output .login)'
 
       - run: make FORGEJO_URL=http://$FORGEJO_HOST_PORT test
 

From 830df0d128cdda72db83f65588be9d3504606b02 Mon Sep 17 00:00:00 2001
From: Michael Kriese <michael.kriese@visualon.de>
Date: Tue, 12 Nov 2024 15:14:00 +0100
Subject: [PATCH 31/62] chore(renovate): only one PR at a time

---
 renovate.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/renovate.json b/renovate.json
index 31da118..75f587d 100644
--- a/renovate.json
+++ b/renovate.json
@@ -1,6 +1,7 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "extends": ["local>forgejo/renovate-config"],
+  "prConcurrentLimit": 1,
   "packageRules": [
     {
       "description": "Disable nektos/act, it's replaced",

From a0df63fe705d5b19078f5037e0c7be1fba65f072 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 12 Nov 2024 15:31:26 +0000
Subject: [PATCH 32/62] Update golang packages to v1.23

---
 Dockerfile | 2 +-
 go.mod     | 4 +---
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 4196e7c..6acc805 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/tonistiigi/xx AS xx
 
-FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.22-alpine3.20 AS build-env
+FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.23-alpine3.20 AS build-env
 
 #
 # Transparently cross compile for the target platform
diff --git a/go.mod b/go.mod
index ddd6cef..494dfd3 100644
--- a/go.mod
+++ b/go.mod
@@ -1,8 +1,6 @@
 module gitea.com/gitea/act_runner
 
-go 1.22.9
-
-toolchain go1.23.3
+go 1.23.3
 
 require (
 	code.gitea.io/actions-proto-go v0.4.0

From 355ec955329699dea63ea907339a20a8e2345e1f Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 12 Nov 2024 15:31:31 +0000
Subject: [PATCH 33/62] Update forgejo/forgejo-build-publish action to v5

---
 .forgejo/workflows/publish-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml
index af7c174..0ba5c1d 100644
--- a/.forgejo/workflows/publish-release.yml
+++ b/.forgejo/workflows/publish-release.yml
@@ -28,7 +28,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: copy & sign
-        uses: https://code.forgejo.org/forgejo/forgejo-build-publish/publish@v1
+        uses: https://code.forgejo.org/forgejo/forgejo-build-publish/publish@v5
         with:
           forgejo: ${{ secrets.FORGEJO }}
           from-owner: ${{ secrets.FROM_OWNER }}

From 2bcc6d9b8f6577987b24866c2bab032a08a9ead8 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Fri, 15 Nov 2024 00:03:42 +0000
Subject: [PATCH 34/62] Update module google.golang.org/protobuf to v1.35.2

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 494dfd3..fc0600f 100644
--- a/go.mod
+++ b/go.mod
@@ -17,7 +17,7 @@ require (
 	github.com/stretchr/testify v1.9.0
 	golang.org/x/term v0.26.0
 	golang.org/x/time v0.8.0
-	google.golang.org/protobuf v1.35.1
+	google.golang.org/protobuf v1.35.2
 	gopkg.in/yaml.v3 v3.0.1
 	gotest.tools/v3 v3.5.1
 )
diff --git a/go.sum b/go.sum
index c2b4f91..eb24110 100644
--- a/go.sum
+++ b/go.sum
@@ -314,8 +314,8 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b h1:
 google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc=
 google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
 google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
-google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
-google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io=
+google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=

From b33e155709383ad77a3bbd73306e0ab643a3d35a Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Fri, 15 Nov 2024 22:33:36 +0100
Subject: [PATCH 35/62] fix: make container.docker_host default to - (part two)

If --config is not specified, the default must also be "-" and not ""
---
 RELEASE-NOTES.md                   | 1 +
 internal/pkg/config/config.go      | 4 ++++
 internal/pkg/config/config_test.go | 1 +
 3 files changed, 6 insertions(+)

diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
index 01fcf39..2ced7f3 100644
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@@ -2,6 +2,7 @@
 
 ## 5.0.0
 
+* Breaking change: the default configuration for `docker_host` is changed to [not mounting the docker server socket](https://code.forgejo.org/forgejo/runner/pulls/305) even when no configuration file is provided.
 * [Add job_level logging option to config](https://code.forgejo.org/forgejo/runner/pulls/299) to make the logging level of jobs configurable. Change default from "trace" to "info".
 * [Don't log job output when debug logging is not enabled](https://code.forgejo.org/forgejo/runner/pulls/303). This reduces the default amount of log output of the runner.
 
diff --git a/internal/pkg/config/config.go b/internal/pkg/config/config.go
index 5ab177d..60be651 100644
--- a/internal/pkg/config/config.go
+++ b/internal/pkg/config/config.go
@@ -153,6 +153,10 @@ func LoadDefault(file string) (*Config, error) {
 		cfg.Runner.ReportInterval = time.Second
 	}
 
+	if cfg.Container.DockerHost == "" {
+		cfg.Container.DockerHost = "-"
+	}
+
 	// although `container.network_mode` will be deprecated, but we have to be compatible with it for now.
 	if cfg.Container.NetworkMode != "" && cfg.Container.Network == "" {
 		log.Warn("You are trying to use deprecated configuration item of `container.network_mode`, please use `container.network` instead.")
diff --git a/internal/pkg/config/config_test.go b/internal/pkg/config/config_test.go
index af3ebf7..2f046c0 100644
--- a/internal/pkg/config/config_test.go
+++ b/internal/pkg/config/config_test.go
@@ -40,5 +40,6 @@ func TestDefaultSettings(t *testing.T) {
 	config, err := LoadDefault("")
 	assert.NoError(t, err)
 
+	assert.EqualValues(t, config.Container.DockerHost, "-")
 	assert.EqualValues(t, config.Log.JobLevel, "info")
 }

From 0876532ebef21a7fd17b583570c0c962e9ea58c9 Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Sat, 16 Nov 2024 09:38:48 +0100
Subject: [PATCH 36/62] chore(ci): wait for the Forgejo instance to start

Do not try to access Forgejo before the 10 second delay imposed by
the script creating the user.

Upgrade Forgejo to use a recent version.
---
 .forgejo/workflows/test.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml
index 42dd972..2b0a019 100644
--- a/.forgejo/workflows/test.yml
+++ b/.forgejo/workflows/test.yml
@@ -22,7 +22,7 @@ jobs:
 
     services:
       forgejo:
-        image: codeberg.org/forgejo/forgejo:1.21
+        image: codeberg.org/forgejo/forgejo:9
         env:
           FORGEJO__security__INSTALL_LOCK: "true"
           FORGEJO__log__LEVEL: "debug"
@@ -55,7 +55,9 @@ jobs:
         run: |
           apt-get update -qq
           apt-get install -y -qq jq curl retry
-          retry --delay=1 --times=60 bash -c 'test $FORGEJO_ADMIN_USER = $(curl -sS http://$FORGEJO_ADMIN_USER:$FORGEJO_ADMIN_PASSWORD@$FORGEJO_HOST_PORT/api/v1/user | jq --raw-output .login)'
+          sleep 10 # matches the sleep 10 in the bootstrap of the Forgejo instance
+          # in case of a slow machine, give it time to bootstrap
+          retry --delay=10 --times=6 bash -c 'test $FORGEJO_ADMIN_USER = $(curl -sS http://$FORGEJO_ADMIN_USER:$FORGEJO_ADMIN_PASSWORD@$FORGEJO_HOST_PORT/api/v1/user | jq --raw-output .login)'
 
       - run: make FORGEJO_URL=http://$FORGEJO_HOST_PORT test
 

From f1a9f798e5ea3c4fb673acb6e5e865beb661b999 Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Sat, 16 Nov 2024 12:30:03 +0100
Subject: [PATCH 37/62] fix: Update forgejo/forgejo-build-publish action to v5

Address the breaking changes. It is conveniently modeled after
the use of the same action in the Forgejo release.

https://codeberg.org/forgejo/forgejo/src/commit/6bab3c374c875b34408314c2ec680c30807ea2d3/.forgejo/workflows/publish-release.yml#L44-L60
---
 .forgejo/workflows/publish-release.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml
index 0ba5c1d..5f396b0 100644
--- a/.forgejo/workflows/publish-release.yml
+++ b/.forgejo/workflows/publish-release.yml
@@ -30,14 +30,17 @@ jobs:
       - name: copy & sign
         uses: https://code.forgejo.org/forgejo/forgejo-build-publish/publish@v5
         with:
-          forgejo: ${{ secrets.FORGEJO }}
+          from-forgejo: ${{ secrets.FORGEJO }}
+          to-forgejo: ${{ secrets.FORGEJO }}
           from-owner: ${{ secrets.FROM_OWNER }}
           to-owner: ${{ secrets.TO_OWNER }}
           repo: "runner"
           ref-name: ${{ github.ref_name }}
+          sha: ${{ github.sha }}
           container-suffixes: " "
-          doer: ${{ secrets.DOER }}
-          token: ${{ secrets.TOKEN }}
+          from-token: ${{ secrets.TOKEN }}
+          to-doer: ${{ secrets.DOER }}
+          to-token: ${{ secrets.TOKEN }}
           gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
           gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
           verbose: ${{ secrets.VERBOSE }}

From 68b0850d27f37de6860765fea5e33eec8366031c Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Sat, 16 Nov 2024 14:23:52 +0100
Subject: [PATCH 38/62] chore(ci): do not run the docker-example when not
 needed

If the organization is for release, integration or experimental, no
need to run the docker example test.
---
 .forgejo/workflows/example-docker-compose.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.forgejo/workflows/example-docker-compose.yml b/.forgejo/workflows/example-docker-compose.yml
index f6abac9..3e1d4e9 100644
--- a/.forgejo/workflows/example-docker-compose.yml
+++ b/.forgejo/workflows/example-docker-compose.yml
@@ -7,6 +7,7 @@ on:
 
 jobs:
   example-docker-compose:
+    if: github.repository_owner != 'forgejo-integration' && github.repository_owner != 'forgejo-experimental' && github.repository_owner != 'forgejo-release'
     runs-on: self-hosted
     steps:
       - uses: actions/checkout@v4

From edd867dc167822c0d28cd90727a9a21120e3a6c1 Mon Sep 17 00:00:00 2001
From: Michael Kriese <michael.kriese@visualon.de>
Date: Wed, 20 Nov 2024 10:50:07 +0100
Subject: [PATCH 39/62] ci: use our cached oci images

---
 .forgejo/workflows/cascade-setup-forgejo.yml | 2 ++
 .forgejo/workflows/test.yml                  | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/.forgejo/workflows/cascade-setup-forgejo.yml b/.forgejo/workflows/cascade-setup-forgejo.yml
index 6d94f01..c94ed7c 100644
--- a/.forgejo/workflows/cascade-setup-forgejo.yml
+++ b/.forgejo/workflows/cascade-setup-forgejo.yml
@@ -8,6 +8,8 @@ on:
 jobs:
   cascade:
     runs-on: docker
+    container:
+      image: 'code.forgejo.org/oci/node:20-bookworm'
     if: vars.CASCADE != 'no'
     steps:
       - uses: actions/cascading-pr@v1
diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml
index 2b0a019..c4b7be1 100644
--- a/.forgejo/workflows/test.yml
+++ b/.forgejo/workflows/test.yml
@@ -19,6 +19,8 @@ jobs:
     name: build and test
     if: github.repository_owner != 'forgejo-integration' && github.repository_owner != 'forgejo-experimental' && github.repository_owner != 'forgejo-release'
     runs-on: docker
+    container:
+      image: 'code.forgejo.org/oci/node:20-bookworm'
 
     services:
       forgejo:

From 96c59a3cd185f3207e41ee4c4786bc377dafc58a Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 20 Nov 2024 16:32:29 +0000
Subject: [PATCH 40/62] Update module code.forgejo.org/forgejo/act to v1.22.1

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index fc0600f..ac9023e 100644
--- a/go.mod
+++ b/go.mod
@@ -100,4 +100,4 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
 
-replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.22.0
+replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.22.1
diff --git a/go.sum b/go.sum
index eb24110..c9d4241 100644
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,5 @@
-code.forgejo.org/forgejo/act v1.22.0 h1:NbUf0+vQ48+ddwe4zVkINqnxKYl/to+NUvW7iisPA60=
-code.forgejo.org/forgejo/act v1.22.0/go.mod h1:+PcvJ9iv+NTFeJSh79ra9Jbk9l0vvyA9D9me5/dbxYM=
+code.forgejo.org/forgejo/act v1.22.1 h1:9ynGQEXxJ/2/gtzPm6anDsF64eZw9wU4+mDBY9rNlpw=
+code.forgejo.org/forgejo/act v1.22.1/go.mod h1:+PcvJ9iv+NTFeJSh79ra9Jbk9l0vvyA9D9me5/dbxYM=
 code.gitea.io/actions-proto-go v0.4.0 h1:OsPBPhodXuQnsspG1sQ4eRE1PeoZyofd7+i73zCwnsU=
 code.gitea.io/actions-proto-go v0.4.0/go.mod h1:mn7Wkqz6JbnTOHQpot3yDeHx+O5C9EGhMEE+htvHBas=
 code.gitea.io/gitea-vet v0.2.3 h1:gdFmm6WOTM65rE8FUBTRzeQZYzXePKSSB1+r574hWwI=

From 5889426664adb3197dfb8840ea8b6d77c28b63f9 Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Wed, 20 Nov 2024 16:44:23 +0000
Subject: [PATCH 41/62] chore(docs): 5.0.1 release notes

---
 RELEASE-NOTES.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
index 2ced7f3..b3cb4ea 100644
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@@ -1,5 +1,9 @@
 # Release Notes
 
+## 5.0.1
+
+* Security: the `/opt/hostedtoolcache` directory is now unique to each job instead of being shared to avoid a risk of corruption. It is still advertised in the `RUNNER_TOOL_CACHE` environment variable. Custom container images can be built to pre-populate this directory with frequently used tools and some actions (such as `setup-go`) will benefit from that.
+
 ## 5.0.0
 
 * Breaking change: the default configuration for `docker_host` is changed to [not mounting the docker server socket](https://code.forgejo.org/forgejo/runner/pulls/305) even when no configuration file is provided.

From aca528a7f7238015965eb720572dbf2c79e6c64e Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Thu, 21 Nov 2024 13:05:50 +0000
Subject: [PATCH 42/62] chore(docs): 5.0.2 release notes

---
 RELEASE-NOTES.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
index b3cb4ea..1b8320e 100644
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@@ -1,5 +1,9 @@
 # Release Notes
 
+## 5.0.2
+
+* Fixes a regression that was introduced in version 5.0.0 by which [skipped jobs were marked as failed instead](https://code.forgejo.org/forgejo/act/pulls/67). The workaround is to change the job log level to debug `[log].job_level: debug`.
+
 ## 5.0.1
 
 * Security: the `/opt/hostedtoolcache` directory is now unique to each job instead of being shared to avoid a risk of corruption. It is still advertised in the `RUNNER_TOOL_CACHE` environment variable. Custom container images can be built to pre-populate this directory with frequently used tools and some actions (such as `setup-go`) will benefit from that.

From 35d655c27e33e0bea6b11abe7c0e71b61e596630 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 21 Nov 2024 13:55:00 +0000
Subject: [PATCH 43/62] Update module code.forgejo.org/forgejo/act to v1.22.2

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index ac9023e..37f7cb1 100644
--- a/go.mod
+++ b/go.mod
@@ -100,4 +100,4 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
 
-replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.22.1
+replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.22.2
diff --git a/go.sum b/go.sum
index c9d4241..8610db8 100644
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,5 @@
-code.forgejo.org/forgejo/act v1.22.1 h1:9ynGQEXxJ/2/gtzPm6anDsF64eZw9wU4+mDBY9rNlpw=
-code.forgejo.org/forgejo/act v1.22.1/go.mod h1:+PcvJ9iv+NTFeJSh79ra9Jbk9l0vvyA9D9me5/dbxYM=
+code.forgejo.org/forgejo/act v1.22.2 h1:gcHugOaLCtZvLnw070MiCjwVLKoSTVomd8waGsYQHKg=
+code.forgejo.org/forgejo/act v1.22.2/go.mod h1:+PcvJ9iv+NTFeJSh79ra9Jbk9l0vvyA9D9me5/dbxYM=
 code.gitea.io/actions-proto-go v0.4.0 h1:OsPBPhodXuQnsspG1sQ4eRE1PeoZyofd7+i73zCwnsU=
 code.gitea.io/actions-proto-go v0.4.0/go.mod h1:mn7Wkqz6JbnTOHQpot3yDeHx+O5C9EGhMEE+htvHBas=
 code.gitea.io/gitea-vet v0.2.3 h1:gdFmm6WOTM65rE8FUBTRzeQZYzXePKSSB1+r574hWwI=

From 90ff9370c421d9912b342d75e9c6c67fb1859d29 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sun, 24 Nov 2024 00:02:30 +0000
Subject: [PATCH 44/62] Update module github.com/stretchr/testify to v1.10.0

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 37f7cb1..601f766 100644
--- a/go.mod
+++ b/go.mod
@@ -14,7 +14,7 @@ require (
 	github.com/nektos/act v0.2.49
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.8.1
-	github.com/stretchr/testify v1.9.0
+	github.com/stretchr/testify v1.10.0
 	golang.org/x/term v0.26.0
 	golang.org/x/time v0.8.0
 	google.golang.org/protobuf v1.35.2
diff --git a/go.sum b/go.sum
index 8610db8..91aa38a 100644
--- a/go.sum
+++ b/go.sum
@@ -186,8 +186,8 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/timshannon/bolthold v0.0.0-20210913165410-232392fc8a6a h1:oIi7H/bwFUYKYhzKbHc+3MvHRWqhQwXVB4LweLMiVy0=
 github.com/timshannon/bolthold v0.0.0-20210913165410-232392fc8a6a/go.mod h1:iSvujNDmpZ6eQX+bg/0X3lF7LEmZ8N77g2a/J/+Zt2U=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=

From 279faefa0828619322c3ff1ed3c2dd0db8fb138d Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Wed, 27 Nov 2024 00:28:35 +0000
Subject: [PATCH 45/62] fix: [container].docker_host = "" is now "automount"

The empty string is always replaced with "-" and there no longer is
any way to specify that the docker socket is to be mounted in the
container automatically.

The "automount" value is introduced as a replacement.

https://code.forgejo.org/forgejo/act/pulls/67 and
https://code.forgejo.org/forgejo/runner/pulls/305 introduced this regression.
---
 RELEASE-NOTES.md                        | 4 ++++
 internal/app/cmd/daemon.go              | 7 ++-----
 internal/pkg/config/config.example.yaml | 4 ++--
 internal/pkg/envcheck/docker.go         | 5 +----
 4 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
index 1b8320e..743b78a 100644
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@@ -1,5 +1,9 @@
 # Release Notes
 
+## 5.0.3
+
+* [Fixes a regression](https://code.forgejo.org/forgejo/runner/pulls/354) that was introduced in version 5.0.0 by which it was no longer possible to mount the docker socket in each container by specifying `[container].docker_host = ""`. This is now implemented when `[container].docker_host = "automount"` is specified.
+
 ## 5.0.2
 
 * Fixes a regression that was introduced in version 5.0.0 by which [skipped jobs were marked as failed instead](https://code.forgejo.org/forgejo/act/pulls/67). The workaround is to change the job log level to debug `[log].job_level: debug`.
diff --git a/internal/app/cmd/daemon.go b/internal/app/cmd/daemon.go
index a613546..a02f36d 100644
--- a/internal/app/cmd/daemon.go
+++ b/internal/app/cmd/daemon.go
@@ -73,11 +73,8 @@ func runDaemon(ctx context.Context, configFile *string) func(cmd *cobra.Command,
 			if err := envcheck.CheckIfDockerRunning(ctx, dockerSocketPath); err != nil {
 				return err
 			}
-			// if dockerSocketPath passes the check, override DOCKER_HOST with dockerSocketPath
 			os.Setenv("DOCKER_HOST", dockerSocketPath)
-			// empty cfg.Container.DockerHost means act_runner need to find an available docker host automatically
-			// and assign the path to cfg.Container.DockerHost
-			if cfg.Container.DockerHost == "" {
+			if cfg.Container.DockerHost == "automount" {
 				cfg.Container.DockerHost = dockerSocketPath
 			}
 			// check the scheme, if the scheme is not npipe or unix
@@ -186,7 +183,7 @@ var commonSocketPaths = []string{
 
 func getDockerSocketPath(configDockerHost string) (string, error) {
 	// a `-` means don't mount the docker socket to job containers
-	if configDockerHost != "" && configDockerHost != "-" {
+	if configDockerHost != "automount" && configDockerHost != "-" {
 		return configDockerHost, nil
 	}
 
diff --git a/internal/pkg/config/config.example.yaml b/internal/pkg/config/config.example.yaml
index 20218ae..dbdf46e 100644
--- a/internal/pkg/config/config.example.yaml
+++ b/internal/pkg/config/config.example.yaml
@@ -89,8 +89,8 @@ container:
   #   - '**'
   valid_volumes: []
   # overrides the docker client host with the specified one.
-  # If "-", an available docker host will automatically be found.
-  # If empty, an available docker host will automatically be found and mounted in the job container (e.g. /var/run/docker.sock).
+  # If "-" or "", an available docker host will automatically be found.
+  # If "automount", an available docker host will automatically be found and mounted in the job container (e.g. /var/run/docker.sock).
   # Otherwise the specified docker host will be used and an error will be returned if it doesn't work.
   docker_host: "-"
   # Pull docker image(s) even if already present
diff --git a/internal/pkg/envcheck/docker.go b/internal/pkg/envcheck/docker.go
index f115bc7..cb9c901 100644
--- a/internal/pkg/envcheck/docker.go
+++ b/internal/pkg/envcheck/docker.go
@@ -13,10 +13,7 @@ import (
 func CheckIfDockerRunning(ctx context.Context, configDockerHost string) error {
 	opts := []client.Opt{
 		client.FromEnv,
-	}
-
-	if configDockerHost != "" {
-		opts = append(opts, client.WithHost(configDockerHost))
+		client.WithHost(configDockerHost),
 	}
 
 	cli, err := client.NewClientWithOpts(opts...)

From 055854d1d74476989bd4af8315625ec88a6835d1 Mon Sep 17 00:00:00 2001
From: Michael Kriese <michael.kriese@visualon.de>
Date: Wed, 4 Dec 2024 10:12:38 +0100
Subject: [PATCH 46/62] build: use go toolchain

---
 .forgejo/workflows/test.yml | 10 ++++++++++
 go.mod                      |  4 +++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml
index c4b7be1..c2e278e 100644
--- a/.forgejo/workflows/test.yml
+++ b/.forgejo/workflows/test.yml
@@ -44,6 +44,16 @@ jobs:
         with:
           go-version-file: go.mod
 
+      - name: validate go version
+        run: |
+          set -ex
+          toolchain=$(grep -oP '(?<=toolchain ).+' go.mod)
+          version=$(go version | cut -d' ' -f3)
+          if [ "$toolchain" != "$version" ]; then
+            echo "go version mismatch: $toolchain <> $version"
+            exit 1
+          fi
+
       - run: make vet
 
       - run: make build
diff --git a/go.mod b/go.mod
index 601f766..148bfe2 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,8 @@
 module gitea.com/gitea/act_runner
 
-go 1.23.3
+go 1.23
+
+toolchain go1.23.3
 
 require (
 	code.gitea.io/actions-proto-go v0.4.0

From 7f22a720ad04fbc02e9b4c679458147f7951cf27 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 4 Dec 2024 11:31:26 +0000
Subject: [PATCH 47/62] Update dependency go to v1.23.4

---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 148bfe2..643f771 100644
--- a/go.mod
+++ b/go.mod
@@ -2,7 +2,7 @@ module gitea.com/gitea/act_runner
 
 go 1.23
 
-toolchain go1.23.3
+toolchain go1.23.4
 
 require (
 	code.gitea.io/actions-proto-go v0.4.0

From b34efbce8b256bceaa192032834983f2ae529af9 Mon Sep 17 00:00:00 2001
From: Michael Kriese <michael.kriese@visualon.de>
Date: Wed, 4 Dec 2024 10:18:57 +0100
Subject: [PATCH 48/62] ci: use new ci image

---
 .forgejo/workflows/test.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml
index c2e278e..044451c 100644
--- a/.forgejo/workflows/test.yml
+++ b/.forgejo/workflows/test.yml
@@ -20,7 +20,7 @@ jobs:
     if: github.repository_owner != 'forgejo-integration' && github.repository_owner != 'forgejo-experimental' && github.repository_owner != 'forgejo-release'
     runs-on: docker
     container:
-      image: 'code.forgejo.org/oci/node:20-bookworm'
+      image: 'code.forgejo.org/oci/ci:1'
 
     services:
       forgejo:
@@ -65,8 +65,6 @@ jobs:
 
       - name: check the forgejo server is responding
         run: |
-          apt-get update -qq
-          apt-get install -y -qq jq curl retry
           sleep 10 # matches the sleep 10 in the bootstrap of the Forgejo instance
           # in case of a slow machine, give it time to bootstrap
           retry --delay=10 --times=6 bash -c 'test $FORGEJO_ADMIN_USER = $(curl -sS http://$FORGEJO_ADMIN_USER:$FORGEJO_ADMIN_PASSWORD@$FORGEJO_HOST_PORT/api/v1/user | jq --raw-output .login)'

From 79f6adc4d2d4105651cc0945fbaca4bc2993a7d5 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sat, 7 Dec 2024 00:01:14 +0000
Subject: [PATCH 49/62] Update module github.com/docker/docker to
 v25.0.7+incompatible

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 643f771..1aa2380 100644
--- a/go.mod
+++ b/go.mod
@@ -9,7 +9,7 @@ require (
 	code.gitea.io/gitea-vet v0.2.3
 	connectrpc.com/connect v1.17.0
 	github.com/avast/retry-go/v4 v4.6.0
-	github.com/docker/docker v25.0.6+incompatible
+	github.com/docker/docker v25.0.7+incompatible
 	github.com/google/uuid v1.6.0
 	github.com/joho/godotenv v1.5.1
 	github.com/mattn/go-isatty v0.0.20
diff --git a/go.sum b/go.sum
index 91aa38a..d5b6f95 100644
--- a/go.sum
+++ b/go.sum
@@ -51,8 +51,8 @@ github.com/docker/cli v25.0.3+incompatible h1:KLeNs7zws74oFuVhgZQ5ONGZiXUUdgsdy6
 github.com/docker/cli v25.0.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v25.0.6+incompatible h1:5cPwbwriIcsua2REJe8HqQV+6WlWc1byg2QSXzBxBGg=
-github.com/docker/docker v25.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v25.0.7+incompatible h1:PQhcun5/OF7p0mZlDu3ud9APyyJi01R6/7hrBymWhhQ=
+github.com/docker/docker v25.0.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8=
 github.com/docker/docker-credential-helpers v0.8.0/go.mod h1:UGFXcuoQ5TxPiB54nHOZ32AWRqQdECoh/Mg0AlEYb40=
 github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=

From 191259d7c33631f7821c3156a95aefdffbf45575 Mon Sep 17 00:00:00 2001
From: Michael Kriese <michael.kriese@visualon.de>
Date: Sat, 7 Dec 2024 14:23:22 +0100
Subject: [PATCH 50/62] ci: pin setup forgejo action

---
 .forgejo/workflows/build-release-integration.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml
index b7de0ea..034722f 100644
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@@ -24,7 +24,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - id: forgejo
-        uses: https://code.forgejo.org/actions/setup-forgejo@v1
+        uses: https://code.forgejo.org/actions/setup-forgejo@v1.0.0
         with:
           user: root
           password: admin1234

From 81422b4515a6d8d4ae566c06636fd112448b5282 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sat, 7 Dec 2024 15:00:54 +0000
Subject: [PATCH 51/62] Update actions/setup-forgejo action to v2

---
 .forgejo/workflows/build-release-integration.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml
index 034722f..8531129 100644
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@@ -24,7 +24,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - id: forgejo
-        uses: https://code.forgejo.org/actions/setup-forgejo@v1.0.0
+        uses: https://code.forgejo.org/actions/setup-forgejo@v2.0.4
         with:
           user: root
           password: admin1234

From f351e7a7b10c4326befd6069e9f9be561581d1ec Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 9 Dec 2024 14:31:33 +0000
Subject: [PATCH 52/62] Update dependency forgejo-lxc to v12

---
 .forgejo/workflows/build-release-integration.yml | 2 +-
 .forgejo/workflows/build-release.yml             | 2 +-
 .forgejo/workflows/example-docker-compose.yml    | 2 +-
 .forgejo/workflows/publish-release.yml           | 2 +-
 .forgejo/workflows/test.yml                      | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml
index 8531129..79dd00c 100644
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@@ -18,7 +18,7 @@ on:
 
 jobs:
   release-simulation:
-    runs-on: self-hosted
+    runs-on: lxc-bookworm
     if: github.repository_owner != 'forgejo-integration' && github.repository_owner != 'forgejo-release'
     steps:
       - uses: actions/checkout@v4
diff --git a/.forgejo/workflows/build-release.yml b/.forgejo/workflows/build-release.yml
index 16ab9c6..8bbfd1b 100644
--- a/.forgejo/workflows/build-release.yml
+++ b/.forgejo/workflows/build-release.yml
@@ -17,7 +17,7 @@ on:
 
 jobs:
   release:
-    runs-on: self-hosted
+    runs-on: lxc-bookworm
     # root is used for testing, allow it
     if: secrets.ROLE == 'forgejo-integration' || github.repository_owner == 'root'
     steps:
diff --git a/.forgejo/workflows/example-docker-compose.yml b/.forgejo/workflows/example-docker-compose.yml
index 3e1d4e9..6e017db 100644
--- a/.forgejo/workflows/example-docker-compose.yml
+++ b/.forgejo/workflows/example-docker-compose.yml
@@ -8,7 +8,7 @@ on:
 jobs:
   example-docker-compose:
     if: github.repository_owner != 'forgejo-integration' && github.repository_owner != 'forgejo-experimental' && github.repository_owner != 'forgejo-release'
-    runs-on: self-hosted
+    runs-on: lxc-bookworm
     steps:
       - uses: actions/checkout@v4
 
diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml
index 5f396b0..eca38a8 100644
--- a/.forgejo/workflows/publish-release.yml
+++ b/.forgejo/workflows/publish-release.yml
@@ -22,7 +22,7 @@ on:
 
 jobs:
   publish:
-    runs-on: self-hosted
+    runs-on: lxc-bookworm
     if: secrets.DOER != '' && secrets.FORGEJO != '' && secrets.TO_OWNER != '' && secrets.FROM_OWNER != '' && secrets.TOKEN != ''
     steps:
       - uses: actions/checkout@v4
diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml
index 044451c..f2c3be1 100644
--- a/.forgejo/workflows/test.yml
+++ b/.forgejo/workflows/test.yml
@@ -75,7 +75,7 @@ jobs:
     needs: [build-and-tests]
     name: runner exec tests
     if: github.repository_owner != 'forgejo-integration' && github.repository_owner != 'forgejo-experimental' && github.repository_owner != 'forgejo-release'
-    runs-on: self-hosted
+    runs-on: lxc-bookworm
 
     steps:
 

From a2ce5d9f8b88486225b7075d7233f83aa50f4c93 Mon Sep 17 00:00:00 2001
From: Otto Richter <git@otto.splvs.net>
Date: Sun, 8 Dec 2024 13:22:52 +0100
Subject: [PATCH 53/62] Rebrand container prefix to Forgejo

---
 internal/app/run/runner.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/app/run/runner.go b/internal/app/run/runner.go
index 9eaf37e..c0f59e9 100644
--- a/internal/app/run/runner.go
+++ b/internal/app/run/runner.go
@@ -217,7 +217,7 @@ func (r *Runner) run(ctx context.Context, task *runnerv1.Task, reporter *report.
 		NoSkipCheckout:             true,
 		PresetGitHubContext:        preset,
 		EventJSON:                  string(eventJSON),
-		ContainerNamePrefix:        fmt.Sprintf("GITEA-ACTIONS-TASK-%d", task.Id),
+		ContainerNamePrefix:        fmt.Sprintf("FORGEJO-ACTIONS-TASK-%d", task.Id),
 		ContainerMaxLifetime:       maxLifetime,
 		ContainerNetworkMode:       container.NetworkMode(r.cfg.Container.Network),
 		ContainerNetworkEnableIPv6: r.cfg.Container.EnableIPv6,

From 3068bebfcb53513aaa089597493902f1291cb8ce Mon Sep 17 00:00:00 2001
From: xtex <xtexchooser@duck.com>
Date: Fri, 13 Dec 2024 20:24:01 +0800
Subject: [PATCH 54/62] feat: use FORGEJO_TOKEN as runtime token

Link: https://codeberg.org/forgejo/forgejo/pulls/6199
---
 internal/app/cmd/exec.go   | 4 +++-
 internal/app/run/runner.go | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/internal/app/cmd/exec.go b/internal/app/cmd/exec.go
index 3e111fe..ea1718b 100644
--- a/internal/app/cmd/exec.go
+++ b/internal/app/cmd/exec.go
@@ -418,7 +418,9 @@ func runExec(ctx context.Context, execArgs *executeArgs) func(cmd *cobra.Command
 
 		config.Env["ACT_EXEC"] = "true"
 
-		if t := config.Secrets["GITEA_TOKEN"]; t != "" {
+		if t := config.Secrets["FORGEJO_TOKEN"]; t != "" {
+			config.Token = t
+		} else if t := config.Secrets["GITEA_TOKEN"]; t != "" {
 			config.Token = t
 		} else if t := config.Secrets["GITHUB_TOKEN"]; t != "" {
 			config.Token = t
diff --git a/internal/app/run/runner.go b/internal/app/run/runner.go
index 9eaf37e..29a78dd 100644
--- a/internal/app/run/runner.go
+++ b/internal/app/run/runner.go
@@ -168,7 +168,9 @@ func (r *Runner) run(ctx context.Context, task *runnerv1.Task, reporter *report.
 		RepositoryOwner: taskContext["repository_owner"].GetStringValue(),
 		RetentionDays:   taskContext["retention_days"].GetStringValue(),
 	}
-	if t := task.Secrets["GITEA_TOKEN"]; t != "" {
+	if t := task.Secrets["FORGEJO_TOKEN"]; t != "" {
+		preset.Token = t
+	} else if t := task.Secrets["GITEA_TOKEN"]; t != "" {
 		preset.Token = t
 	} else if t := task.Secrets["GITHUB_TOKEN"]; t != "" {
 		preset.Token = t

From 477e9499977674320a2b41474eeeb0ecd19a8124 Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Fri, 13 Dec 2024 18:30:49 +0100
Subject: [PATCH 55/62] chore(release): fix the link to the release notes

---
 .forgejo/workflows/publish-release.yml | 3 ++-
 RELEASE-NOTES.md                       | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml
index eca38a8..031205c 100644
--- a/.forgejo/workflows/publish-release.yml
+++ b/.forgejo/workflows/publish-release.yml
@@ -28,13 +28,14 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: copy & sign
-        uses: https://code.forgejo.org/forgejo/forgejo-build-publish/publish@v5
+        uses: https://code.forgejo.org/forgejo/forgejo-build-publish/publish@v5.2.0
         with:
           from-forgejo: ${{ secrets.FORGEJO }}
           to-forgejo: ${{ secrets.FORGEJO }}
           from-owner: ${{ secrets.FROM_OWNER }}
           to-owner: ${{ secrets.TO_OWNER }}
           repo: "runner"
+          release-notes: "See https://code.forgejo.org/forgejo/runner/src/branch/main/RELEASE-NOTES.md#{ANCHOR}"
           ref-name: ${{ github.ref_name }}
           sha: ${{ github.sha }}
           container-suffixes: " "
diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
index 743b78a..e7f7ae4 100644
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@@ -1,5 +1,9 @@
 # Release Notes
 
+## 5.0.4
+
+* Define FORGEJO_TOKEN as an alias to GITHUB_TOKEN
+
 ## 5.0.3
 
 * [Fixes a regression](https://code.forgejo.org/forgejo/runner/pulls/354) that was introduced in version 5.0.0 by which it was no longer possible to mount the docker socket in each container by specifying `[container].docker_host = ""`. This is now implemented when `[container].docker_host = "automount"` is specified.

From 24210fe55d62ab4aca03b467c62bd6dd18c50e4a Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 17 Dec 2024 00:02:07 +0000
Subject: [PATCH 56/62] Update module google.golang.org/protobuf to v1.36.0

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 1aa2380..b61dfd9 100644
--- a/go.mod
+++ b/go.mod
@@ -19,7 +19,7 @@ require (
 	github.com/stretchr/testify v1.10.0
 	golang.org/x/term v0.26.0
 	golang.org/x/time v0.8.0
-	google.golang.org/protobuf v1.35.2
+	google.golang.org/protobuf v1.36.0
 	gopkg.in/yaml.v3 v3.0.1
 	gotest.tools/v3 v3.5.1
 )
diff --git a/go.sum b/go.sum
index d5b6f95..8925559 100644
--- a/go.sum
+++ b/go.sum
@@ -314,8 +314,8 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b h1:
 google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc=
 google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
 google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
-google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io=
-google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.0 h1:mjIs9gYtt56AzC4ZaffQuh88TZurBGhIJMBZGSxNerQ=
+google.golang.org/protobuf v1.36.0/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=

From bfc83035a63b516801c50e0aeac92a607afdbbd5 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 17 Dec 2024 06:32:58 +0000
Subject: [PATCH 57/62] Update forgejo/forgejo-build-publish action to v5.2.1

---
 .forgejo/workflows/publish-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml
index 031205c..a8f5f6a 100644
--- a/.forgejo/workflows/publish-release.yml
+++ b/.forgejo/workflows/publish-release.yml
@@ -28,7 +28,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: copy & sign
-        uses: https://code.forgejo.org/forgejo/forgejo-build-publish/publish@v5.2.0
+        uses: https://code.forgejo.org/forgejo/forgejo-build-publish/publish@v5.2.1
         with:
           from-forgejo: ${{ secrets.FORGEJO }}
           to-forgejo: ${{ secrets.FORGEJO }}

From 521e3f11888e71d3b2598024b3ffa91c33ce6b19 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 17 Dec 2024 08:00:55 +0000
Subject: [PATCH 58/62] Replace actions/cascading-pr action with
 actions/cascading-pr v1.0.1

---
 .forgejo/workflows/cascade-setup-forgejo.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/cascade-setup-forgejo.yml b/.forgejo/workflows/cascade-setup-forgejo.yml
index c94ed7c..7692775 100644
--- a/.forgejo/workflows/cascade-setup-forgejo.yml
+++ b/.forgejo/workflows/cascade-setup-forgejo.yml
@@ -12,7 +12,7 @@ jobs:
       image: 'code.forgejo.org/oci/node:20-bookworm'
     if: vars.CASCADE != 'no'
     steps:
-      - uses: actions/cascading-pr@v1
+      - uses: actions/cascading-pr@v1.0.1
         with:
           origin-url: ${{ env.GITHUB_SERVER_URL }}
           origin-repo: forgejo/runner

From 44227666bab0f55af926b104db140a08d5e9e1d4 Mon Sep 17 00:00:00 2001
From: viceice <michael.kriese@gmx.de>
Date: Tue, 17 Dec 2024 08:17:29 +0000
Subject: [PATCH 59/62] ci: add explicit url

Signed-off-by: viceice <michael.kriese@gmx.de>
---
 .forgejo/workflows/cascade-setup-forgejo.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/cascade-setup-forgejo.yml b/.forgejo/workflows/cascade-setup-forgejo.yml
index 7692775..d03510f 100644
--- a/.forgejo/workflows/cascade-setup-forgejo.yml
+++ b/.forgejo/workflows/cascade-setup-forgejo.yml
@@ -12,7 +12,7 @@ jobs:
       image: 'code.forgejo.org/oci/node:20-bookworm'
     if: vars.CASCADE != 'no'
     steps:
-      - uses: actions/cascading-pr@v1.0.1
+      - uses: https://code.forgejo.org/actions/cascading-pr@v1.0.1
         with:
           origin-url: ${{ env.GITHUB_SERVER_URL }}
           origin-repo: forgejo/runner

From 6901b83a9dd8f78633f0c4852430401517dc2372 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 17 Dec 2024 14:31:19 +0000
Subject: [PATCH 60/62] Update actions/cascading-pr action to v2

---
 .forgejo/workflows/cascade-setup-forgejo.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/cascade-setup-forgejo.yml b/.forgejo/workflows/cascade-setup-forgejo.yml
index d03510f..d44897a 100644
--- a/.forgejo/workflows/cascade-setup-forgejo.yml
+++ b/.forgejo/workflows/cascade-setup-forgejo.yml
@@ -12,7 +12,7 @@ jobs:
       image: 'code.forgejo.org/oci/node:20-bookworm'
     if: vars.CASCADE != 'no'
     steps:
-      - uses: https://code.forgejo.org/actions/cascading-pr@v1.0.1
+      - uses: https://code.forgejo.org/actions/cascading-pr@v2.2.0
         with:
           origin-url: ${{ env.GITHUB_SERVER_URL }}
           origin-repo: forgejo/runner

From b5ce1ccb8a0d18cf0c428cf387cf85780e844deb Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 24 Dec 2024 00:02:25 +0000
Subject: [PATCH 61/62] Update module google.golang.org/protobuf to v1.36.1

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index b61dfd9..6ec34f0 100644
--- a/go.mod
+++ b/go.mod
@@ -19,7 +19,7 @@ require (
 	github.com/stretchr/testify v1.10.0
 	golang.org/x/term v0.26.0
 	golang.org/x/time v0.8.0
-	google.golang.org/protobuf v1.36.0
+	google.golang.org/protobuf v1.36.1
 	gopkg.in/yaml.v3 v3.0.1
 	gotest.tools/v3 v3.5.1
 )
diff --git a/go.sum b/go.sum
index 8925559..0a3fea8 100644
--- a/go.sum
+++ b/go.sum
@@ -314,8 +314,8 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b h1:
 google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc=
 google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
 google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
-google.golang.org/protobuf v1.36.0 h1:mjIs9gYtt56AzC4ZaffQuh88TZurBGhIJMBZGSxNerQ=
-google.golang.org/protobuf v1.36.0/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk=
+google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=

From 6d10f57eaa71217f7e091efc2f5e8d71b994a3bd Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Fri, 27 Dec 2024 13:07:42 +0100
Subject: [PATCH 62/62] chore(docs): 6.0.0 release notes

---
 RELEASE-NOTES.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
index e7f7ae4..b28f9ad 100644
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@@ -1,5 +1,9 @@
 # Release Notes
 
+## 6.0.0
+
+* Security: the container options a job is allowed to specify are limited to a [predefined allow list](https://forgejo.org/docs/next/user/actions/#jobsjob_idcontaineroptions).
+
 ## 5.0.4
 
 * Define FORGEJO_TOKEN as an alias to GITHUB_TOKEN