forgejo-runner

git clone git://git.lin.moe/forgejo-runner.git

 1# Copyright 2024 The Forgejo Authors.
 2# SPDX-License-Identifier: MIT
 3
 4#
 5# Create a secret with:
 6#
 7#   openssl rand -hex 20
 8#
 9# Replace all occurences of {SHARED_SECRET} below with the output.
10#
11# NOTE: a token obtained from the Forgejo web interface cannot be used
12#       as a shared secret.
13#
14# Replace {ROOT_PASSWORD} with a secure password
15#
16
17volumes:
18  docker_certs:
19
20services:
21
22  docker-in-docker:
23    image: code.forgejo.org/oci/docker:dind
24    hostname: docker  # Must set hostname as TLS certificates are only valid for docker or localhost
25    privileged: true
26    environment:
27      DOCKER_TLS_CERTDIR: /certs
28      DOCKER_HOST: docker-in-docker
29    volumes:
30      - docker_certs:/certs
31
32  forgejo:
33    image: codeberg.org/forgejo/forgejo:1.21
34    command: >-
35      bash -c '
36      /bin/s6-svscan /etc/s6 &
37      sleep 10 ;
38      su -c "forgejo forgejo-cli actions register --secret {SHARED_SECRET}" git ;
39      su -c "forgejo admin user create --admin --username root --password {ROOT_PASSWORD} --email root@example.com" git ;
40      sleep infinity
41      '
42    environment:
43      FORGEJO__security__INSTALL_LOCK: "true"
44      FORGEJO__log__LEVEL: "debug"
45      FORGEJO__repository__ENABLE_PUSH_CREATE_USER: "true"
46      FORGEJO__repository__DEFAULT_PUSH_CREATE_PRIVATE: "false"
47      FORGEJO__repository__DEFAULT_REPO_UNITS: "repo.code,repo.actions"
48    volumes:
49      - /srv/forgejo-data:/data
50    ports:
51      - 8080:3000
52
53  runner-register:
54    image: code.forgejo.org/forgejo/runner:3.4.1
55    links:
56      - docker-in-docker
57      - forgejo
58    environment:
59      DOCKER_HOST: tcp://docker-in-docker:2376
60    volumes:
61      - /srv/runner-data:/data
62    user: 0:0
63    command: >-
64      bash -ec '
65      while : ; do
66        forgejo-runner create-runner-file --connect --instance http://forgejo:3000 --name runner --secret {SHARED_SECRET} && break ;
67        sleep 1 ;
68      done ;
69      sed -i -e "s|\"labels\": null|\"labels\": [\"docker:docker://code.forgejo.org/oci/node:20-bookworm\", \"ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04\"]|" .runner ;
70      forgejo-runner generate-config > config.yml ;
71      sed -i -e "s|network: .*|network: host|" config.yml ;
72      sed -i -e "s|^  envs:$$|  envs:\n    DOCKER_HOST: tcp://docker:2376\n    DOCKER_TLS_VERIFY: 1\n    DOCKER_CERT_PATH: /certs/client|" config.yml ;
73      sed -i -e "s|^  options:|  options: -v /certs/client:/certs/client|" config.yml ;
74      sed -i -e "s|  valid_volumes: \[\]$$|  valid_volumes:\n    - /certs/client|" config.yml ;
75      chown -R 1000:1000 /data
76      '
77
78  runner-daemon:
79    image: code.forgejo.org/forgejo/runner:3.4.1
80    links:
81      - docker-in-docker
82      - forgejo
83    environment:
84      DOCKER_HOST: tcp://docker:2376
85      DOCKER_CERT_PATH: /certs/client
86      DOCKER_TLS_VERIFY: "1"
87    volumes:
88      - /srv/runner-data:/data
89      - docker_certs:/certs
90    command: >-
91      bash -c '
92      while : ; do test -w .runner && forgejo-runner --config config.yml daemon ; sleep 1 ; done
93      '