9252e5d667
Removed the rootless dockerfile as upon further investigation into how a `rootless` container works, the entrypoint that has been written fully accomodates that to reflect this the compose file has had the rootless config removed from it as it is no longer needed to test a seperate container image, added a debug echo function `decho` to the entrypoint, when `DEBUG=true` it will print "[entrypoint] message content" added a 10 second wait to the entrypoint to allow other services such as docker-in-docker and forgejo to finish launching before the runner is launched, this is bypassable by `SKIP_WAIT=true` applied several modifications requested by viceice,
88 lines
2.9 KiB
YAML
88 lines
2.9 KiB
YAML
# Copyright 2024 The Forgejo Authors.
|
|
# SPDX-License-Identifier: MIT
|
|
|
|
#
|
|
# Create a secret with:
|
|
#
|
|
# openssl rand -hex 20
|
|
#
|
|
# Replace all occurences of {SHARED_SECRET} below with the output.
|
|
#
|
|
# NOTE: a token obtained from the Forgejo web interface cannot be used
|
|
# as a shared secret.
|
|
#
|
|
# Replace ${RUNNER_TOKEN} with the token obtained from the Forgejo web interface.
|
|
#
|
|
|
|
networks:
|
|
forgejo:
|
|
|
|
volumes:
|
|
docker_certs:
|
|
|
|
services:
|
|
docker-in-docker:
|
|
image: code.forgejo.org/oci/docker:dind
|
|
# container_name: docker # Must set container_name to docker for both internal DNS and TLS to work
|
|
hostname: docker
|
|
privileged: true
|
|
networks:
|
|
- forgejo
|
|
environment:
|
|
DOCKER_TLS_CERTDIR: "/certs" # set to "" to disable the use of TLS, also manually update existing runner configs to use port 2375
|
|
volumes:
|
|
- docker_certs:/certs
|
|
|
|
forgejo:
|
|
image: codeberg.org/forgejo/forgejo:1.21
|
|
hostname: forgejo
|
|
networks:
|
|
- forgejo
|
|
volumes:
|
|
- ./forgejo:/data
|
|
ports:
|
|
- 8080:3000
|
|
command: >-
|
|
bash -c '
|
|
/bin/s6-svscan /etc/s6 &
|
|
sleep 10 ;
|
|
su -c "forgejo admin user create --admin --username root --password examplepassword --email root@example.com" git ;
|
|
su -c "forgejo forgejo-cli actions register --secret {SHARED_SECRET}" git ;
|
|
sleep infinity
|
|
'
|
|
|
|
# all values that have defaults listed are optional
|
|
# only FORGEJO_SECRET or RUNNER_TOKEN is required
|
|
# FORGEJO_URL is required if forgejo is in this compose file or docker network
|
|
forgejo-runner:
|
|
## TODO: Update image to the the release
|
|
## made from this PR: https://code.forgejo.org/forgejo/runner/pulls/283
|
|
|
|
# image: code.forgejo.org/forgejo/runner:3.4.1
|
|
build: ../../
|
|
# user: "1000" # set to run rootless, overrides RUNNER_USER and disables automatic file ownership
|
|
volumes:
|
|
- ./forgejo-runner:/data
|
|
- docker_certs:/certs
|
|
networks:
|
|
- forgejo
|
|
depends_on:
|
|
- docker-in-docker
|
|
- forgejo
|
|
environment:
|
|
CONFIG_FILE: config.yml # defaults to /data/config.yml
|
|
|
|
DOCKER_HOST: "docker" # defaults to docker
|
|
DOCKER_TLS_CERTDIR: "/certs/client" # defaults to /certs/client
|
|
DOCKER_TLS_VERIFY: "1" # defaults to 0, set to 1 to enable TLS
|
|
|
|
FORGEJO_URL: ${FORGEJO_URL} # defaults to http://forgejo:3000
|
|
FORGEJO_SECRET: "{SHARED_SECRET}" # shared secret, must match Forgejo's, overrides RUNNER_TOKEN
|
|
|
|
RUNNER_FILE: .runner # defaults to /data/runner.json
|
|
RUNNER_NAME: forgejo-runner # defaults to forgejo-runner, used for registration
|
|
RUNNER_TOKEN: "${RUNNER_TOKEN}"
|
|
RUNNER_USER: 1000 # defaults to 1000, allows for automatic file ownership
|
|
|
|
DEBUG: "true" # defaults to false, set to true to enable debug logging
|
|
SKIP_WAIT: "false" # defaults to false, set to true to skip the 10 second wait to allow for forgejo and docker-in-docker to start
|