mirror of
https://gitea.com/gitea/act_runner.git
synced 2026-06-10 11:54:27 +02:00
8ad84cd96a00580e3136cc736be7ea02dd8b08f3
1665 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Renovate Bot
|
8ad84cd96a |
fix(deps): update module github.com/docker/cli to v29.5.3+incompatible (#1018)
Reviewed-on: https://gitea.com/gitea/runner/pulls/1018 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
Zettat123
|
0a2f28244d |
fix!: stop implicitly using DOCKER_USERNAME/DOCKER_PASSWORD secrets for image pulls (#1007)
## Background `DOCKER_USERNAME` and `DOCKER_PASSWORD` are commonly used by workflows as ordinary secrets for logging in to a private registry and pushing images. However, the runner also treated these secret names as implicit Docker pull credentials. These credentials carry no registry information, but they were attached to every pull unconditionally. As a result, a user who configured `DOCKER_USERNAME` / `DOCKER_PASSWORD` secrets for their private registry (e.g. to push images) would have those same credentials sent to Docker Hub when pulling a public image, causing the pull to fail with authentication failure. ## Changes - Stop using `DOCKER_USERNAME` and `DOCKER_PASSWORD` as implicit pull credentials for job containers. - Stop injecting `DOCKER_USERNAME` and `DOCKER_PASSWORD` as pull credentials for step containers. ## ⚠️ BREAKING ⚠️ This is a breaking change. Workflows or runner setups that previously relied on `DOCKER_USERNAME` and `DOCKER_PASSWORD` being implicitly used for Docker image pulls must migrate to an explicit authentication mechanism. Migration options: - For private job container images, use `container.credentials`: ```yaml jobs: build: container: image: registry.example.com/image:tag credentials: username: ${{ secrets.REGISTRY_USERNAME }} password: ${{ secrets.REGISTRY_PASSWORD }} ``` - For private service container images, use service `credentials`. - For private `uses: docker://...` or private Docker actions, configure Docker authentication in the runner environment before the job starts. For example, run `docker login` on the runner host. `DOCKER_USERNAME` and `DOCKER_PASSWORD` can still be used as ordinary workflow secrets, for example with `docker/login-action` before pushing images. --- Related: - Fixes #386 --------- Co-authored-by: Nicolas <bircni@icloud.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-on: https://gitea.com/gitea/runner/pulls/1007 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Zettat123 <39446+zettat123@noreply.gitea.com> Co-committed-by: Zettat123 <39446+zettat123@noreply.gitea.com> |
||
|
Renovate Bot
|
443b0e336c |
fix(deps): update module github.com/opencontainers/selinux to v1.15.1 (#1017)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) | `v1.15.0` → `v1.15.1` |  |  | --- ### Release Notes <details> <summary>opencontainers/selinux (github.com/opencontainers/selinux)</summary> ### [`v1.15.1`](https://github.com/opencontainers/selinux/releases/tag/v1.15.1) [Compare Source](https://github.com/opencontainers/selinux/compare/v1.15.0...v1.15.1) #### What's Changed - ReserveLabelV2: ignore labels without MCS by [@​kolyshkin](https://github.com/kolyshkin) in [#​272](https://github.com/opencontainers/selinux/pull/272) **Full Changelog**: <https://github.com/opencontainers/selinux/compare/v1.15.0...v1.15.1> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTEuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE5MS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> --------- Co-authored-by: Nicolas <bircni@icloud.com> Reviewed-on: https://gitea.com/gitea/runner/pulls/1017 Reviewed-by: Nicolas <bircni@icloud.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
Nicolas
|
53c4db6a4b |
feat: upload job summary when supported (#917)
- Add GitHub-style Actions **job summaries** support (writes to `GITHUB_STEP_SUMMARY` / `workflow/SUMMARY.md`) and render them in the run UI. - Gitea stores summaries internally (DB) and serves them in the run view payload. - `act_runner` uploads the summary **only when Gitea advertises support** (`X-Gitea-Actions-Capabilities: job-summary`), and warns on upload failures without failing the job. ## Compatibility - New Gitea + old runner: no upload → no summary shown (no behavior change) - New runner + old Gitea: capability not advertised → runner skips upload (no behavior change) ## Issue - Fixes go-gitea/gitea#23721 Reviewed-on: https://gitea.com/gitea/runner/pulls/917 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-by: Zettat123 <39446+zettat123@noreply.gitea.com> |
||
|
Zettat123
|
1073c8bfec |
fix: do not update cached actions with stale origin URL (#1014)
## Background Remote action cache directories can be keyed by the raw `uses` string. When Gitea's `DEFAULT_ACTIONS_URL` changes, the raw `uses` value may stay the same while the resolved clone URL changes. In that case, an existing cached clone can still point to the old `origin` URL. Reusing it may fetch from the wrong remote with credentials for the new resolved URL, causing action clone failures until the user manually clears `~/.cache/act`. ## Changes - Verify the cached clone's `origin` URL before reusing it in `CloneIfRequired`. - Remove the cached clone and re-clone when the existing `origin` is different from the requested URL. ## Related - Fixes #1010 Reviewed-on: https://gitea.com/gitea/runner/pulls/1014 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Zettat123 <39446+zettat123@noreply.gitea.com> Co-committed-by: Zettat123 <39446+zettat123@noreply.gitea.com> |
||
|
Renovate Bot
|
ff7d9ca8d0 |
fix(deps): update module golang.org/x/sys to v0.45.0 (#1012)
Reviewed-on: https://gitea.com/gitea/runner/pulls/1012 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
Renovate Bot
|
984b47c716 |
fix(deps): update module code.gitea.io/actions-proto-go to gitea.dev/actions-proto-go v0.5.0 (#1009)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | code.gitea.io/actions-proto-go | `v0.4.1` → `v0.5.0` |  |  | --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTEuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE5MS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> --------- Co-authored-by: Nicolas <bircni@icloud.com> Reviewed-on: https://gitea.com/gitea/runner/pulls/1009 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
Nicolas
|
c749e52bb7 |
fix(cleanup): kill Windows step process tree on cancel to avoid hang (#1011)
## Problem Cancelling a job on a Windows host runner can leave the spawned process tree running and hang the runner. When a step launches a shell that starts a child which in turn spawns further GUI/background processes, cancelling the job kills only the direct child (the default `exec.CommandContext` behaviour). The surviving descendants inherited the step's stdout/stderr pipe, so the read end never hit EOF and `cmd.Wait()` blocked forever. Because the step executor never returned: - the orphaned processes kept running (the cancelled work was not actually stopped), and - end-of-job cleanup (`Remove` → `terminateRunningProcesses`) was never reached, so the runner appeared to go offline / stop picking up jobs. `CREATE_NEW_PROCESS_GROUP` does not help here — it affects Ctrl-C signal delivery, not handle inheritance or tree termination. ## Fix - Assign each Windows step process to a **Job Object** immediately after `cmd.Start()`. Descendants created afterwards are automatically part of the job. - Override `cmd.Cancel` to `TerminateJobObject`, so cancellation kills the **entire descendant tree** atomically. This also closes the inherited pipe handles, so `cmd.Wait()` can return. - Set `cmd.WaitDelay` (10s) as a safety net: once the process has exited, Wait force-closes the pipes and returns rather than blocking forever — covering the case where the job-object setup fails (e.g. nested-job restrictions), in which we fall back to the previous single-process kill. - The Job Object is created **without** `JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE`, so closing the handle on normal completion does not kill legitimate background processes; the tree is only torn down on explicit cancel. Implemented behind `runtime.GOOS == "windows"` with a Windows-only `processKiller` (Job Object) and no-op stubs elsewhere, so non-Windows behaviour (default cancellation + `Setpgid`) is unchanged. ## Changes - `act/container/process_windows.go` — Job Object `processKiller` (create / assign / terminate). - `act/container/process_other.go` — no-op stubs (`//go:build !windows`). - `act/container/host_environment.go` — wire `cmd.Cancel` (tree kill) and `cmd.WaitDelay` into `exec()`. - `go.mod` / `go.sum` — promote `golang.org/x/sys` to a direct dependency. ## Testing I fully tested it already ## Notes Follow-up to the Windows leftover-process reaping in #996: that sweep now actually runs on cancellation because the step no longer hangs before reaching it. Reviewed-on: https://gitea.com/gitea/runner/pulls/1011 Reviewed-by: techknowlogick <9+techknowlogick@noreply.gitea.com>v1.0.8 |
||
silverwind
|
f17b6b9fc3 |
fix(container): re-validate cached container id before reuse (#1003)
`containerReference.id` was cached from `Create()` and never re-validated, so a container torn down out-of-band (AutoRemove on an unexpected exit, daemon-side cleanup, sibling-job race in a parallel matrix) left a stale id behind. The next `Copy`/`Exec` then hit the daemon with that dead id and failed the otherwise-successful job with `Could not find the file /var/run/act/ in container <id>`. `find()` now `ContainerInspect`s the cached id and clears it only on a definitive `NotFound`; transient errors trust the cache so cleanup pipelines don't abort on a daemon blip. Operations that need a live container (`copyContent`/`copyDir`/`CopyTarStream`/`exec`/`GetContainerArchive`) fail fast with a clear `container "<name>" does not exist` instead of the daemon's generic empty-id error. --- This PR was written with the help of Claude Opus 4.7 --------- Co-authored-by: Nicolas <bircni@icloud.com> Reviewed-on: https://gitea.com/gitea/runner/pulls/1003 Reviewed-by: Nicolas <bircni@icloud.com> Co-authored-by: silverwind <2021+silverwind@noreply.gitea.com> Co-committed-by: silverwind <2021+silverwind@noreply.gitea.com>v1.0.7 |
||
Christopher Homberger
|
c7c4bd600a |
fix: support multiline secret masking (#1001)
* command logging exposes multiline secrets more often than before * duplicated add-mask command in reporter now handles this as well Closes #998 Co-authored-by: silverwind <2021+silverwind@noreply.gitea.com> Co-authored-by: silverwind <me@silverwind.io> Reviewed-on: https://gitea.com/gitea/runner/pulls/1001 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-by: silverwind <2021+silverwind@noreply.gitea.com> Co-authored-by: Christopher Homberger <christopher.homberger@web.de> Co-committed-by: Christopher Homberger <christopher.homberger@web.de> |
||
silverwind
|
abec931d98 |
fix: restore global docker config dir and socket env in tests (#1004)
`TestGetImagePullOptions` left docker/cli's process-global config dir pointed at `testdata/docker-pull-options` (which ships dummy `username:password` creds) via `config.SetDir`, without restoring it. Because that override is process-global, every later docker-gated test in the package then pulled with those creds — `TestDockerCopyToSymlinkPath`'s `alpine:latest` pull failed with `incorrect username or password` and broke CI. The workflow's `DOCKER_CONFIG` override can't mask this, since `SetDir` wins in-process. Restore `config.Dir()` with `t.Cleanup`, and isolate the socket tests' leaks of the exported `CommonSocketLocations` and `DOCKER_HOST` behind an `isolateSocketEnv` helper. Refs https://gitea.com/gitea/gitea.com/issues/83 --- This PR was written with the help of Claude Opus 4.8 Reviewed-on: https://gitea.com/gitea/runner/pulls/1004 Reviewed-by: Zettat123 <39446+zettat123@noreply.gitea.com> Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: silverwind <me@silverwind.io> Co-committed-by: silverwind <me@silverwind.io> |
||
|
silverwind
|
270ea41232 |
fix: matrix-job data races + outputs, leaner offline test suite (#994)
Running the full suite under `-race` (dropping `-short`) exposed pre-existing data races in parallel matrix-job execution, fixed by not sharing mutable state across combinations: - `containerDaemonSocket()`/`validVolumes()` derive per-job values instead of mutating shared `Config` - `getWorkflowSecrets` builds a fresh map, `rc.steps()` clones each step, and go-git workdir access is serialized - every write to a shared `Job`'s result/outputs runs under a per-`Job` lock, each combo interpolating outputs from a pristine snapshot (last wins, as on GitHub) ### Test suite - capability gates (docker / network / host-tools / Linux) replace the `-short` skips, and the suite runs offline via local fixtures (the artifact flow uses an in-process loopback server, only the docker-action force-pull needs the network) - drops redundant tests, adds a regression test for https://gitea.com/gitea/runner/issues/981 and a docker-in-docker harness (`make test-dind`) --- This PR was written with the help of Claude Opus 4.7 Reviewed-on: https://gitea.com/gitea/runner/pulls/994 Reviewed-by: Nicolas <bircni@icloud.com> Co-authored-by: silverwind <me@silverwind.io> Co-committed-by: silverwind <me@silverwind.io> |
||
|
Nicolas
|
0b9f251b6a |
fix: deliver cancel ack and reap leftover Windows job processes (#996)
## Summary - When Gitea cancels a job, the reporter cancels its own task context; the final Close() flush then aborted on that same cancelled context and Gitea never received the runner's acknowledgement (missing tail logs and final state). - On Windows the cancelled context also neutralised terminateRunningProcesses, leaving step grandchildren alive in the workspace, holding file handles, so the runner could no longer clean up and pick up new work. - Reporter.Close() now flushes on a detached, bounded context via a new rpcCtx() helper and configurable Runner.ReportCloseTimeout (default 10s). - terminateRunningProcesses now PowerShell-enumerates Win32_Process and taskkill /T /F's every process whose ExecutablePath or CommandLine references the job's workspace directories, on a detached context. - The daemon heartbeat loop still exits on <-r.ctx.Done(): the runner is intentionally seen as offline by Gitea during cleanup so it isn't handed a new task overlapping the in-progress teardown. ## Test plan - [x] go test ./internal/pkg/report/... ./act/container/ -run 'TestReporter_ServerCancelStillFlushesFinal|TestBuildWindowsWorkspaceKillScript' - [x] make fmt && make lint-go - 0 issues - [x] GOOS=windows go build ./... - clean - [x] Manual on a Windows runner: trigger a long-running workflow, cancel from Gitea UI; verify (a) the job ends with tail logs + cancelled state in Gitea, (b) workspace cleans up, (c) the runner picks up a new job without restart. Authored-by: bircni 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: silverwind <me@silverwind.io> Reviewed-on: https://gitea.com/gitea/runner/pulls/996 Reviewed-by: silverwind <2021+silverwind@noreply.gitea.com> |
||
|
Nicolas
|
273f6b4247 |
fix(reporter): respect configured log level for job log forwarding (#989)
## Summary - Non-raw_output log entries above the globally configured `log.level` are no longer forwarded to the Gitea job log output - Step output (`raw_output=true`) is always forwarded regardless of level — it is actual job stdout/stderr, not runner internals - State-machine fields (`stepResult`, `jobResult`) are always processed regardless of level, preserving correct tracking for skipped steps (whose `stepResult` is emitted at `DebugLevel` in `step.go`) - Extracts a `shouldAppendLogRow` helper to avoid repeating the combined `!duringSteps() && entry.Level <= log.GetLevel()` guard in three places ## Why not the approach in #677 PR #677 adds `if entry.Level != log.GetLevel() { return nil }` at the top of `Fire()`. That has two bugs: 1. Uses `!=` instead of `>`, so `Error`/`Fatal` entries are dropped when the configured level is `Warn` 2. Returns early before processing `stepResult`/`jobResult` state fields — skipped steps (whose `stepResult` is logged at `DebugLevel`) would never be marked complete This fix instead applies the level guard only at the `r.logRows` append sites, leaving state tracking unconditional. Relates to #409. Reviewed-on: https://gitea.com/gitea/runner/pulls/989 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> |
||
|
Renovate Bot
|
47ee45412a |
fix(deps): update module github.com/opencontainers/selinux to v1.15.0 (#990)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) | `v1.14.1` → `v1.15.0` |  |  | --- ### Release Notes <details> <summary>opencontainers/selinux (github.com/opencontainers/selinux)</summary> ### [`v1.15.0`](https://github.com/opencontainers/selinux/releases/tag/v1.15.0) [Compare Source](https://github.com/opencontainers/selinux/compare/v1.14.1...v1.15.0) This release adds a new function, SetProcessKind, which is to be used instead of KVMProcessLabel\[s] and InitProcessLabel\[s] in case the user only wants to change the type of the existing label, not generate a new one. It also fixes an CI issue and optimizes label.InitLabels for a few common cases. #### What's Changed - ci: set timeout for vm jobs by [@​kolyshkin](https://github.com/kolyshkin) in [#​270](https://github.com/opencontainers/selinux/pull/270) - label.InitLabels: optimize by [@​kolyshkin](https://github.com/kolyshkin) in [#​269](https://github.com/opencontainers/selinux/pull/269) - Add SetProcessKind by [@​kolyshkin](https://github.com/kolyshkin) in [#​271](https://github.com/opencontainers/selinux/pull/271) **Full Changelog**: <https://github.com/opencontainers/selinux/compare/v1.14.1...v1.15.0> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjE5MC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Reviewed-on: https://gitea.com/gitea/runner/pulls/990 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com>v1.0.6 |
||
|
silverwind
|
38b69bb214 |
chore: pin Docker base images to explicit versions (#992)
Pin floating image tags: - `golang` → `1.26-alpine3.23` - `docker` dind variants → `29.5.2` - `alpine` (basic stage + test fixture) → `3.23` `ubuntu:24.04` and `scratch` left unchanged (no more-specific tag). --- This PR was written with the help of Claude Opus 4.7 Reviewed-on: https://gitea.com/gitea/runner/pulls/992 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> |
||
|
Renovate Bot
|
1c62c0635f |
chore(deps): update actions/setup-node action to v6 (#991)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/setup-node](https://github.com/actions/setup-node) | action | major | `v4` → `v6` | --- ### Release Notes <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v6.4.0`](https://github.com/actions/setup-node/releases/tag/v6.4.0) [Compare Source](https://github.com/actions/setup-node/compare/v6.3.0...v6.4.0) #### What's Changed ##### Dependency updates: - Upgrade [@​actions](https://github.com/actions) dependencies by [@​Copilot](https://github.com/Copilot) in [#​1525](https://github.com/actions/setup-node/pull/1525) - Update Node.js versions in versions.yml and bump package to v6.4.0 by [@​priya-kinthali](https://github.com/priya-kinthali) in [#​1533](https://github.com/actions/setup-node/pull/1533) #### New Contributors - [@​Copilot](https://github.com/Copilot) made their first contribution in [#​1525](https://github.com/actions/setup-node/pull/1525) **Full Changelog**: <https://github.com/actions/setup-node/compare/v6...v6.4.0> ### [`v6.3.0`](https://github.com/actions/setup-node/releases/tag/v6.3.0) [Compare Source](https://github.com/actions/setup-node/compare/v6.2.0...v6.3.0) #### What's Changed ##### Enhancements: - Support parsing `devEngines` field by [@​susnux](https://github.com/susnux) in [#​1283](https://github.com/actions/setup-node/pull/1283) > When using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node. ##### Dependency updates: - Fix npm audit issues by [@​gowridurgad](https://github.com/gowridurgad) in [#​1491](https://github.com/actions/setup-node/pull/1491) - Replace uuid with crypto.randomUUID() by [@​trivikr](https://github.com/trivikr) in [#​1378](https://github.com/actions/setup-node/pull/1378) - Upgrade minimatch from 3.1.2 to 3.1.5 by [@​dependabot](https://github.com/dependabot) in [#​1498](https://github.com/actions/setup-node/pull/1498) ##### Bug fixes: - Remove hardcoded bearer for mirror-url [@​marco-ippolito](https://github.com/marco-ippolito) in [#​1467](https://github.com/actions/setup-node/pull/1467) - Scope test lockfiles by package manager and update cache tests by [@​gowridurgad](https://github.com/gowridurgad) in [#​1495](https://github.com/actions/setup-node/pull/1495) #### New Contributors - [@​susnux](https://github.com/susnux) made their first contribution in [#​1283](https://github.com/actions/setup-node/pull/1283) **Full Changelog**: <https://github.com/actions/setup-node/compare/v6...v6.3.0> ### [`v6.2.0`](https://github.com/actions/setup-node/releases/tag/v6.2.0) [Compare Source](https://github.com/actions/setup-node/compare/v6.1.0...v6.2.0) #### What's Changed ##### Documentation - Documentation update related to absence of Lockfile by [@​mahabaleshwars](https://github.com/mahabaleshwars) in [#​1454](https://github.com/actions/setup-node/pull/1454) - Correct mirror option typos by [@​MikeMcC399](https://github.com/MikeMcC399) in [#​1442](https://github.com/actions/setup-node/pull/1442) - Readme update on checkout version v6 by [@​deining](https://github.com/deining) in [#​1446](https://github.com/actions/setup-node/pull/1446) - Readme typo fixes [@​munyari](https://github.com/munyari) in [#​1226](https://github.com/actions/setup-node/pull/1226) - Advanced document update on checkout version v6 by [@​aparnajyothi-y](https://github.com/aparnajyothi-y) in [#​1468](https://github.com/actions/setup-node/pull/1468) ##### Dependency updates: - Upgrade [@​actions/cache](https://github.com/actions/cache) to v5.0.1 by [@​salmanmkc](https://github.com/salmanmkc) in [#​1449](https://github.com/actions/setup-node/pull/1449) #### New Contributors - [@​mahabaleshwars](https://github.com/mahabaleshwars) made their first contribution in [#​1454](https://github.com/actions/setup-node/pull/1454) - [@​MikeMcC399](https://github.com/MikeMcC399) made their first contribution in [#​1442](https://github.com/actions/setup-node/pull/1442) - [@​deining](https://github.com/deining) made their first contribution in [#​1446](https://github.com/actions/setup-node/pull/1446) - [@​munyari](https://github.com/munyari) made their first contribution in [#​1226](https://github.com/actions/setup-node/pull/1226) **Full Changelog**: <https://github.com/actions/setup-node/compare/v6...v6.2.0> ### [`v6.1.0`](https://github.com/actions/setup-node/releases/tag/v6.1.0) [Compare Source](https://github.com/actions/setup-node/compare/v6...v6.1.0) #### What's Changed ##### Enhancement: - Remove always-auth configuration handling by [@​priyagupta108](https://github.com/priyagupta108) in [#​1436](https://github.com/actions/setup-node/pull/1436) ##### Dependency updates: - Upgrade [@​actions/cache](https://github.com/actions/cache) from 4.0.3 to 4.1.0 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1384](https://github.com/actions/setup-node/pull/1384) - Upgrade actions/checkout from 5 to 6 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1439](https://github.com/actions/setup-node/pull/1439) - Upgrade js-yaml from 3.14.1 to 3.14.2 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1435](https://github.com/actions/setup-node/pull/1435) ##### Documentation update: - Add example for restore-only cache in documentation by [@​aparnajyothi-y](https://github.com/aparnajyothi-y) in [#​1419](https://github.com/actions/setup-node/pull/1419) **Full Changelog**: <https://github.com/actions/setup-node/compare/v6...v6.1.0> ### [`v6.0.0`](https://github.com/actions/setup-node/releases/tag/v6.0.0) [Compare Source](https://github.com/actions/setup-node/compare/v6...v6) #### What's Changed **Breaking Changes** - Limit automatic caching to npm, update workflows and documentation by [@​priyagupta108](https://github.com/priyagupta108) in [#​1374](https://github.com/actions/setup-node/pull/1374) **Dependency Upgrades** - Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1336](https://github.com/actions/setup-node/pull/1336) - Upgrade prettier from 2.8.8 to 3.6.2 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1334](https://github.com/actions/setup-node/pull/1334) - Upgrade actions/publish-action from 0.3.0 to 0.4.0 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1362](https://github.com/actions/setup-node/pull/1362) **Full Changelog**: <https://github.com/actions/setup-node/compare/v5...v6.0.0> ### [`v6`](https://github.com/actions/setup-node/compare/v5.0.0...v6) [Compare Source](https://github.com/actions/setup-node/compare/v5.0.0...v6) ### [`v5.0.0`](https://github.com/actions/setup-node/releases/tag/v5.0.0) [Compare Source](https://github.com/actions/setup-node/compare/v5.0.0...v5.0.0) #### What's Changed ##### Breaking Changes - Enhance caching in setup-node with automatic package manager detection by [@​priya-kinthali](https://github.com/priya-kinthali) in [#​1348](https://github.com/actions/setup-node/pull/1348) This update, introduces automatic caching when a valid `packageManager` field is present in your `package.json`. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set `package-manager-cache: false` ```yaml steps: - uses: actions/checkout@v5 - uses: actions/setup-node@v5 with: package-manager-cache: false ``` - Upgrade action to use node24 by [@​salmanmkc](https://github.com/salmanmkc) in [#​1325](https://github.com/actions/setup-node/pull/1325) Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. [See Release Notes](https://github.com/actions/runner/releases/tag/v2.327.1) ##### Dependency Upgrades - Upgrade [@​octokit/request-error](https://github.com/octokit/request-error) and [@​actions/github](https://github.com/actions/github) by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1227](https://github.com/actions/setup-node/pull/1227) - Upgrade uuid from 9.0.1 to 11.1.0 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1273](https://github.com/actions/setup-node/pull/1273) - Upgrade undici from 5.28.5 to 5.29.0 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1295](https://github.com/actions/setup-node/pull/1295) - Upgrade form-data to bring in fix for critical vulnerability by [@​gowridurgad](https://github.com/gowridurgad) in [#​1332](https://github.com/actions/setup-node/pull/1332) - Upgrade actions/checkout from 4 to 5 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1345](https://github.com/actions/setup-node/pull/1345) #### New Contributors - [@​priya-kinthali](https://github.com/priya-kinthali) made their first contribution in [#​1348](https://github.com/actions/setup-node/pull/1348) - [@​salmanmkc](https://github.com/salmanmkc) made their first contribution in [#​1325](https://github.com/actions/setup-node/pull/1325) **Full Changelog**: <https://github.com/actions/setup-node/compare/v4...v5.0.0> ### [`v5`](https://github.com/actions/setup-node/compare/v4.4.0...v5.0.0) [Compare Source](https://github.com/actions/setup-node/compare/v4.4.0...v5.0.0) ### [`v4.4.0`](https://github.com/actions/setup-node/releases/tag/v4.4.0) [Compare Source](https://github.com/actions/setup-node/compare/v4.3.0...v4.4.0) #### What's Changed ##### Bug fixes: - Make eslint-compact matcher compatible with Stylelint by [@​FloEdelmann](https://github.com/FloEdelmann) in [#​98](https://github.com/actions/setup-node/pull/98) - Add support for indented eslint output by [@​fregante](https://github.com/fregante) in [#​1245](https://github.com/actions/setup-node/pull/1245) ##### Enhancement: - Support private mirrors by [@​marco-ippolito](https://github.com/marco-ippolito) in [#​1240](https://github.com/actions/setup-node/pull/1240) ##### Dependency update: - Upgrade [@​action/cache](https://github.com/action/cache) from 4.0.2 to 4.0.3 by [@​aparnajyothi-y](https://github.com/aparnajyothi-y) in [#​1262](https://github.com/actions/setup-node/pull/1262) #### New Contributors - [@​FloEdelmann](https://github.com/FloEdelmann) made their first contribution in [#​98](https://github.com/actions/setup-node/pull/98) - [@​fregante](https://github.com/fregante) made their first contribution in [#​1245](https://github.com/actions/setup-node/pull/1245) - [@​marco-ippolito](https://github.com/marco-ippolito) made their first contribution in [#​1240](https://github.com/actions/setup-node/pull/1240) **Full Changelog**: <https://github.com/actions/setup-node/compare/v4...v4.4.0> ### [`v4.3.0`](https://github.com/actions/setup-node/releases/tag/v4.3.0) [Compare Source](https://github.com/actions/setup-node/compare/v4.2.0...v4.3.0) #### What's Changed ##### Dependency updates - Upgrade [@​actions/glob](https://github.com/actions/glob) from 0.4.0 to 0.5.0 by [@​dependabot](https://github.com/dependabot) in [#​1200](https://github.com/actions/setup-node/pull/1200) - Upgrade [@​action/cache](https://github.com/action/cache) from 4.0.0 to 4.0.2 by [@​gowridurgad](https://github.com/gowridurgad) in [#​1251](https://github.com/actions/setup-node/pull/1251) - Upgrade [@​vercel/ncc](https://github.com/vercel/ncc) from 0.38.1 to 0.38.3 by [@​dependabot](https://github.com/dependabot) in [#​1203](https://github.com/actions/setup-node/pull/1203) - Upgrade [@​actions/tool-cache](https://github.com/actions/tool-cache) from 2.0.1 to 2.0.2 by [@​dependabot](https://github.com/dependabot) in [#​1220](https://github.com/actions/setup-node/pull/1220) #### New Contributors - [@​gowridurgad](https://github.com/gowridurgad) made their first contribution in [#​1251](https://github.com/actions/setup-node/pull/1251) **Full Changelog**: <https://github.com/actions/setup-node/compare/v4...v4.3.0> ### [`v4.2.0`](https://github.com/actions/setup-node/releases/tag/v4.2.0) [Compare Source](https://github.com/actions/setup-node/compare/v4.1.0...v4.2.0) #### What's Changed - Enhance workflows and upgrade publish-actions from 0.2.2 to 0.3.0 by [@​aparnajyothi-y](https://github.com/aparnajyothi-y) in [#​1174](https://github.com/actions/setup-node/pull/1174) - Add recommended permissions section to readme by [@​benwells](https://github.com/benwells) in [#​1193](https://github.com/actions/setup-node/pull/1193) - Configure Dependabot settings by [@​HarithaVattikuti](https://github.com/HarithaVattikuti) in [#​1192](https://github.com/actions/setup-node/pull/1192) - Upgrade `@actions/cache` to `^4.0.0` by [@​priyagupta108](https://github.com/priyagupta108) in [#​1191](https://github.com/actions/setup-node/pull/1191) - Upgrade pnpm/action-setup from 2 to 4 by [@​dependabot](https://github.com/dependabot) in [#​1194](https://github.com/actions/setup-node/pull/1194) - Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by [@​dependabot](https://github.com/dependabot) in [#​1195](https://github.com/actions/setup-node/pull/1195) - Upgrade semver from 7.6.0 to 7.6.3 by [@​dependabot](https://github.com/dependabot) in [#​1196](https://github.com/actions/setup-node/pull/1196) - Upgrade [@​types/jest](https://github.com/types/jest) from 29.5.12 to 29.5.14 by [@​dependabot](https://github.com/dependabot) in [#​1201](https://github.com/actions/setup-node/pull/1201) - Upgrade undici from 5.28.4 to 5.28.5 by [@​dependabot](https://github.com/dependabot) in [#​1205](https://github.com/actions/setup-node/pull/1205) #### New Contributors - [@​benwells](https://github.com/benwells) made their first contribution in [#​1193](https://github.com/actions/setup-node/pull/1193) **Full Changelog**: <https://github.com/actions/setup-node/compare/v4...v4.2.0> ### [`v4.1.0`](https://github.com/actions/setup-node/releases/tag/v4.1.0) [Compare Source](https://github.com/actions/setup-node/compare/v4.0.4...v4.1.0) #### What's Changed - Resolve High Security Alerts by upgrading Dependencies by [@​aparnajyothi-y](https://github.com/aparnajyothi-y) in [#​1132](https://github.com/actions/setup-node/pull/1132) - Upgrade IA Publish by [@​Jcambass](https://github.com/Jcambass) in [#​1134](https://github.com/actions/setup-node/pull/1134) - Revise `isGhes` logic by [@​jww3](https://github.com/jww3) in [#​1148](https://github.com/actions/setup-node/pull/1148) - Add architecture to cache key by [@​pengx17](https://github.com/pengx17) in [#​843](https://github.com/actions/setup-node/pull/843) This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format. #### New Contributors - [@​jww3](https://github.com/jww3) made their first contribution in [#​1148](https://github.com/actions/setup-node/pull/1148) - [@​pengx17](https://github.com/pengx17) made their first contribution in [#​843](https://github.com/actions/setup-node/pull/843) **Full Changelog**: <https://github.com/actions/setup-node/compare/v4...v4.1.0> ### [`v4.0.4`](https://github.com/actions/setup-node/releases/tag/v4.0.4) [Compare Source](https://github.com/actions/setup-node/compare/v4.0.3...v4.0.4) #### What's Changed - Add workflow file for publishing releases to immutable action package by [@​Jcambass](https://github.com/Jcambass) in [#​1125](https://github.com/actions/setup-node/pull/1125) - Enhance Windows ARM64 Setup and Update micromatch Dependency by [@​priyagupta108](https://github.com/priyagupta108) in [#​1126](https://github.com/actions/setup-node/pull/1126) ##### Documentation changes: - Documentation update in the README file by [@​suyashgaonkar](https://github.com/suyashgaonkar) in [#​1106](https://github.com/actions/setup-node/pull/1106) - Correct invalid 'lts' version string reference by [@​fulldecent](https://github.com/fulldecent) in [#​1124](https://github.com/actions/setup-node/pull/1124) #### New Contributors - [@​suyashgaonkar](https://github.com/suyashgaonkar) made their first contribution in [#​1106](https://github.com/actions/setup-node/pull/1106) - [@​priyagupta108](https://github.com/priyagupta108) made their first contribution in [#​1126](https://github.com/actions/setup-node/pull/1126) - [@​Jcambass](https://github.com/Jcambass) made their first contribution in [#​1125](https://github.com/actions/setup-node/pull/1125) - [@​fulldecent](https://github.com/fulldecent) made their first contribution in [#​1124](https://github.com/actions/setup-node/pull/1124) **Full Changelog**: <https://github.com/actions/setup-node/compare/v4...v4.0.4> ### [`v4.0.3`](https://github.com/actions/setup-node/releases/tag/v4.0.3) [Compare Source](https://github.com/actions/setup-node/compare/v4.0.2...v4.0.3) #### What's Changed ##### Bug fixes: - Fix macos latest check failures by [@​HarithaVattikuti](https://github.com/HarithaVattikuti) in [#​1041](https://github.com/actions/setup-node/pull/1041) ##### Documentation changes: - Documentation update to update default Node version to 20 by [@​bengreeley](https://github.com/bengreeley) in [#​949](https://github.com/actions/setup-node/pull/949) ##### Dependency updates: - Bump undici from 5.26.5 to 5.28.3 by [@​dependabot](https://github.com/dependabot) in [#​965](https://github.com/actions/setup-node/pull/965) - Bump braces from 3.0.2 to 3.0.3 and other dependency updates by [@​dependabot](https://github.com/dependabot) in [#​1087](https://github.com/actions/setup-node/pull/1087) #### New Contributors - [@​bengreeley](https://github.com/bengreeley) made their first contribution in [#​949](https://github.com/actions/setup-node/pull/949) - [@​HarithaVattikuti](https://github.com/HarithaVattikuti) made their first contribution in [#​1041](https://github.com/actions/setup-node/pull/1041) **Full Changelog**: <https://github.com/actions/setup-node/compare/v4...v4.0.3> ### [`v4.0.2`](https://github.com/actions/setup-node/releases/tag/v4.0.2) [Compare Source](https://github.com/actions/setup-node/compare/v4.0.1...v4.0.2) #### What's Changed - Add support for `volta.extends` by [@​ThisIsManta](https://github.com/ThisIsManta) in [#​921](https://github.com/actions/setup-node/pull/921) - Add support for arm64 Windows by [@​dmitry-shibanov](https://github.com/dmitry-shibanov) in [#​927](https://github.com/actions/setup-node/pull/927) #### New Contributors - [@​ThisIsManta](https://github.com/ThisIsManta) made their first contribution in [#​921](https://github.com/actions/setup-node/pull/921) **Full Changelog**: <https://github.com/actions/setup-node/compare/v4.0.1...v4.0.2> ### [`v4.0.1`](https://github.com/actions/setup-node/releases/tag/v4.0.1) [Compare Source](https://github.com/actions/setup-node/compare/v4...v4.0.1) #### What's Changed - Ignore engines in Yarn 1 e2e-cache tests by [@​trivikr](https://github.com/trivikr) in [#​882](https://github.com/actions/setup-node/pull/882) - Update setup-node references in the README.md file to setup-node\@​v4 by [@​jwetzell](https://github.com/jwetzell) in [#​884](https://github.com/actions/setup-node/pull/884) - Update reusable workflows to use Node.js v20 by [@​MaksimZhukov](https://github.com/MaksimZhukov) in [#​889](https://github.com/actions/setup-node/pull/889) - Add fix for cache to resolve slow post action step by [@​aparnajyothi-y](https://github.com/aparnajyothi-y) in [#​917](https://github.com/actions/setup-node/pull/917) - Fix README.md by [@​takayamaki](https://github.com/takayamaki) in [#​898](https://github.com/actions/setup-node/pull/898) - Add `package.json` to `node-version-file` list of examples. by [@​TWiStErRob](https://github.com/TWiStErRob) in [#​879](https://github.com/actions/setup-node/pull/879) - Fix node-version-file interprets entire package.json as a version by [@​NullVoxPopuli](https://github.com/NullVoxPopuli) in [#​865](https://github.com/actions/setup-node/pull/865) #### New Contributors - [@​trivikr](https://github.com/trivikr) made their first contribution in [#​882](https://github.com/actions/setup-node/pull/882) - [@​jwetzell](https://github.com/jwetzell) made their first contribution in [#​884](https://github.com/actions/setup-node/pull/884) - [@​aparnajyothi-y](https://github.com/aparnajyothi-y) made their first contribution in [#​917](https://github.com/actions/setup-node/pull/917) - [@​takayamaki](https://github.com/takayamaki) made their first contribution in [#​898](https://github.com/actions/setup-node/pull/898) - [@​TWiStErRob](https://github.com/TWiStErRob) made their first contribution in [#​879](https://github.com/actions/setup-node/pull/879) - [@​NullVoxPopuli](https://github.com/NullVoxPopuli) made their first contribution in [#​865](https://github.com/actions/setup-node/pull/865) **Full Changelog**: <https://github.com/actions/setup-node/compare/v4...v4.0.1> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjE5MC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Reviewed-on: https://gitea.com/gitea/runner/pulls/991 Reviewed-by: silverwind <2021+silverwind@noreply.gitea.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
silverwind
|
0e0c54b272 |
test: make TestRunEvent integration suite runnable locally (#987)
The `TestRunEvent*` integration tests are skipped in CI (`make test` runs `-short`), which hid several breakages that make them fail when run locally: - `runTest` built the runner `Config` without `ContainerMaxLifetime`, so the job container ran `/bin/sleep 0` and exited immediately — every step failed with "container is not running". Set it to 1h. - The root `.gitignore`'s unscoped `.env` and `dist` rules shadowed fixtures under `testdata/`. Anchored `dist` → `/dist` (the goreleaser output) and un-ignored `testdata/secrets/.env`. - Added the missing `testdata/secrets/.env` fixture for `TestRunEventSecrets`. - The `node24` local action referenced a `dist/index.js` bundle that was never committed (and was gitignored). Made the fixture self-contained (dependency-free ESM, `main: index.js`) so it runs without an `ncc` build. If you'd rather keep the `@actions/core`-based action and commit the built bundle instead, happy to switch. Network-dependent subtests (remote `uses:`/composite actions) are out of scope. --- This PR was written with the help of Claude Opus 4.7 --------- Co-authored-by: Nicolas <bircni@icloud.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-on: https://gitea.com/gitea/runner/pulls/987 Reviewed-by: Nicolas <bircni@icloud.com> Co-authored-by: silverwind <me@silverwind.io> Co-committed-by: silverwind <me@silverwind.io> |
||
|
Nicolas
|
d6fbe75721 |
ci: add PR title linting against Conventional Commits (#988)
Lint PR titles Reviewed-on: https://gitea.com/gitea/runner/pulls/988 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> |
||
|
silverwind
|
b30204aa94 |
fix: clean up job network and container when container start fails (#986)
The teardown that removes a job's per-job network and container runs as a `Finally` on the step pipeline in `newJobExecutor`, which only executes after a successful start. When the start itself fails (e.g. a `docker cp` error from a buggy daemon), that `Finally` is skipped, so the network and container leak until Docker's address pool is exhausted and later jobs can no longer create networks. This tears them down in `startContainer` when the start returns an error, reusing the existing `cleanUpJobContainer` teardown. Exposed by the daemon regression in https://gitea.com/gitea/runner/issues/981, where every failed `docker cp` leaked a per-job network. --- This PR was written with the help of Claude Opus 4.7 Reviewed-on: https://gitea.com/gitea/runner/pulls/986 Reviewed-by: Nicolas <bircni@icloud.com> Co-authored-by: silverwind <me@silverwind.io> Co-committed-by: silverwind <me@silverwind.io> |
||
|
Renovate Bot
|
7b5ebe9618 |
fix(deps): update module connectrpc.com/connect to v1.20.0 (#985)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [connectrpc.com/connect](https://github.com/connectrpc/connect-go) | `v1.19.2` → `v1.20.0` |  |  | --- ### Release Notes <details> <summary>connectrpc/connect-go (connectrpc.com/connect)</summary> ### [`v1.20.0`](https://github.com/connectrpc/connect-go/releases/tag/v1.20.0) [Compare Source](https://github.com/connectrpc/connect-go/compare/v1.19.2...v1.20.0) #### What's Changed ##### Other changes - Bump minimum supported Go version to 1.25 by [@​jonbodner-buf](https://github.com/jonbodner-buf) in [#​922](https://github.com/connectrpc/connect-go/issues/922) - Update Unary-Get query parameter order to match spec recommendation by [@​oliversun9](https://github.com/oliversun9) in [#​926](https://github.com/connectrpc/connect-go/issues/926) #### New Contributors - [@​jonbodner-buf](https://github.com/jonbodner-buf) made their first contribution in [#​922](https://github.com/connectrpc/connect-go/issues/922) **Full Changelog**: <https://github.com/connectrpc/connect-go/compare/v1.19.2...v1.20.0> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xODYuMSIsInVwZGF0ZWRJblZlciI6IjQzLjE4Ni4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Reviewed-on: https://gitea.com/gitea/runner/pulls/985 Reviewed-by: silverwind <2021+silverwind@noreply.gitea.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com>v1.0.5 |
||
|
Nicolas
|
4317662a38 |
update docker cli to v29.5.2 (#984)
Fixes #981 Reviewed-on: https://gitea.com/gitea/runner/pulls/984 Reviewed-by: Zettat123 <39446+zettat123@noreply.gitea.com> Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Nicolas <bircni@icloud.com> Co-committed-by: Nicolas <bircni@icloud.com> |
||
Vi
|
2208e7ec63 |
feat: add cache.offline_mode to reuse cached actions (#966)
Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: silverwind <2021+silverwind@noreply.gitea.com> Co-authored-by: TKaxv_7S <56359+tkaxv_7s@noreply.gitea.com> Co-authored-by: techknowlogick <techknowlogick@noreply.gitea.com> Co-authored-by: TKaxv_7S <954067342@qq.com> Co-authored-by: TKaxv_7S <tkaxv_7s@noreply.gitea.com> Reviewed-on: https://gitea.com/gitea/runner/pulls/966 Reviewed-by: Nicolas <bircni@icloud.com> Reviewed-by: silverwind <2021+silverwind@noreply.gitea.com> Co-authored-by: Vi <w11b@ya.ru> Co-committed-by: Vi <w11b@ya.ru> |
||
|
silverwind
|
fab9714f9a |
Remove stale Gitea 1.20 compatibility shims (#978)
The runner already enforces Gitea v1.21+ (see the `connect.CodeUnimplemented` check in `daemon.go`), so several shims kept for v1.20 compatibility have been dead since 2023: - `compatibleWithOldEnvs` — the `GITEA_DEBUG`, `GITEA_TRACE`, `GITEA_RUNNER_CAPACITY`, `GITEA_RUNNER_FILE`, `GITEA_RUNNER_ENVIRON`, `GITEA_RUNNER_ENV_FILE` env vars (superseded by the config file) - `VersionHeader` (`x-runner-version`) and the `version` param of `client.New` - `AgentLabels` field in `RegisterRequest` (replaced by `Labels`) Also replaces a verbose `strings.TrimRightFunc` closure with `strings.TrimRight(s, "\r\n")` in the log row parser. --- This PR was written with the help of Claude Opus 4.7 --------- Co-authored-by: Nicolas <bircni@icloud.com> Reviewed-on: https://gitea.com/gitea/runner/pulls/978 Reviewed-by: Nicolas <bircni@icloud.com> Co-authored-by: silverwind <me@silverwind.io> Co-committed-by: silverwind <me@silverwind.io> |
||
|
Renovate Bot
|
10475db58a |
fix(deps): update module github.com/docker/cli to v29.5.1+incompatible (#979)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/docker/cli](https://github.com/docker/cli) | `v29.5.0+incompatible` → `v29.5.1+incompatible` |  |  | --- ### Release Notes <details> <summary>docker/cli (github.com/docker/cli)</summary> ### [`v29.5.1+incompatible`](https://github.com/docker/cli/compare/v29.5.0...v29.5.1) [Compare Source](https://github.com/docker/cli/compare/v29.5.0...v29.5.1) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xODIuMSIsInVwZGF0ZWRJblZlciI6IjQzLjE4Mi4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Reviewed-on: https://gitea.com/gitea/runner/pulls/979 Reviewed-by: silverwind <2021+silverwind@noreply.gitea.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
Renovate Bot
|
9e738c203c |
fix(deps): update module github.com/go-git/go-git/v5 to v5.19.1 (#980)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `v5.19.0` → `v5.19.1` |  |  | --- ### Release Notes <details> <summary>go-git/go-git (github.com/go-git/go-git/v5)</summary> ### [`v5.19.1`](https://github.com/go-git/go-git/releases/tag/v5.19.1) [Compare Source](https://github.com/go-git/go-git/compare/v5.19.0...v5.19.1) #### What's Changed - v5: plumbing: transport/ssh, Shell-quote path by [@​hiddeco](https://github.com/hiddeco) in [#​2068](https://github.com/go-git/go-git/pull/2068) - v5: git: submodule, Fix relative URL resolution by [@​hiddeco](https://github.com/hiddeco) in [#​2070](https://github.com/go-git/go-git/pull/2070) - v5: git: submodule, canonical remote for relative URLs by [@​hiddeco](https://github.com/hiddeco) in [#​2074](https://github.com/go-git/go-git/pull/2074) - v5: git: submodule, error on remote without URLs by [@​hiddeco](https://github.com/hiddeco) in [#​2078](https://github.com/go-git/go-git/pull/2078) - v5: plumbing: format/idxfile, Validate offset64 indices by [@​hiddeco](https://github.com/hiddeco) in [#​2084](https://github.com/go-git/go-git/pull/2084) - v5: \*: Reject malformed variable-length integers by [@​hiddeco](https://github.com/hiddeco) in [#​2092](https://github.com/go-git/go-git/pull/2092) - v5: plumbing: format/packfile, Tighten delta validation by [@​hiddeco](https://github.com/hiddeco) in [#​2091](https://github.com/go-git/go-git/pull/2091) - v5: Add `worktreeFilesystem` wrapper for worktree and hardening by [@​hiddeco](https://github.com/hiddeco) in [#​2100](https://github.com/go-git/go-git/pull/2100) - v5: config: validate submodule names by [@​hiddeco](https://github.com/hiddeco) in [#​2082](https://github.com/go-git/go-git/pull/2082) - build: Update module github.com/go-git/go-git/v5 to v5.19.0 \[SECURITY] (releases/v5.x) by [@​go-git-renovate](https://github.com/go-git-renovate)\[bot] in [#​2111](https://github.com/go-git/go-git/pull/2111) - v5: git: Allow MkdirAll on worktree-root paths by [@​hiddeco](https://github.com/hiddeco) in [#​2117](https://github.com/go-git/go-git/pull/2117) - v5: git: Stop validating symlink target paths by [@​pjbgf](https://github.com/pjbgf) in [#​2116](https://github.com/go-git/go-git/pull/2116) - v5: plumbing: format decoder input bounds and contracts by [@​hiddeco](https://github.com/hiddeco) in [#​2125](https://github.com/go-git/go-git/pull/2125) - plumbing: format/packfile, cap delta chain depth in parser by [@​pjbgf](https://github.com/pjbgf) in [#​2137](https://github.com/go-git/go-git/pull/2137) **Full Changelog**: <https://github.com/go-git/go-git/compare/v5.19.0...v5.19.1> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xODIuMSIsInVwZGF0ZWRJblZlciI6IjQzLjE4Mi4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Reviewed-on: https://gitea.com/gitea/runner/pulls/980 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
Nicolas
|
6023928876 |
Fix token use with schemaless Gitea instance (#977)
Fixes #973 ## Summary - Normalize schemaless `--gitea-instance` values before comparing clone URL hosts - Add regression tests for `GITEA_TOKEN` use with private action/reusable workflow clones on the same instance --------- Co-authored-by: silverwind <2021+silverwind@noreply.gitea.com> Co-authored-by: silverwind <me@silverwind.io> Reviewed-on: https://gitea.com/gitea/runner/pulls/977 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-by: silverwind <2021+silverwind@noreply.gitea.com> Co-authored-by: Nicolas <bircni@icloud.com> Co-committed-by: Nicolas <bircni@icloud.com>v1.0.4 |
||
|
silverwind
|
014ce438c1 |
Add OCI source and version labels to images (#975)
Adds `org.opencontainers.image.source` and `org.opencontainers.image.version` labels to all three image variants (`basic`, `dind`, `dind-rootless`). - `source` lets tools like renovate retrieve release notes from the source repo. - `version` exposes the build version on the image itself. Both `release-tag` and `release-nightly` workflows pass `VERSION` as a build arg so the label reflects the actual git tag (or `git describe` output for nightly). --- This PR was written with the help of Claude Opus 4.7 --------- Reviewed-on: https://gitea.com/gitea/runner/pulls/975 Reviewed-by: Nicolas <bircni@icloud.com> Co-authored-by: silverwind <me@silverwind.io> Co-committed-by: silverwind <me@silverwind.io> |
||
Jacob Alberty
|
cf7e29c10d |
fix(parse_env_file): support env-file lines larger than 64 KiB (#974)
My builds kept flaking out with errors like `invalid format delimiter 'ghadelimiter_...' not found before end of file` or just strange failures in the complete job. After some digging I found an issue in `parseEnvFile` and have tested this fix against the test case presented.
- `parseEnvFile` reads `$GITHUB_ENV` / `$GITHUB_OUTPUT` with a `bufio.Scanner` using the default 64 KiB token size, and never checks `s.Err()`.
- Any action that writes a multi-line value with a single line >64 KiB silently aborts the scan with `bufio.ErrTooLong`, which surfaces as the misleading `"invalid format delimiter
'ghadelimiter_…' not found before end of file"`.
- Real-world trigger: `docker/build-push-action`'s `metadata` output embeds the full `GITHUB_EVENT_PATH` payload via buildx provenance; a long PR description (e.g. a Renovate dependency
table) puts the body field on one JSON-escaped line well past 64 KiB.
- Raise the scanner buffer to 1 MiB so realistic outputs parse.
### Reproduction
Test this in an action. This removes the `docker/build-push-action` aspect and reproduces it directly.
```yaml
jobs:
repro:
runs-on: ubuntu-latest
steps:
- id: big
run: |
{
echo 'value<<EOF'
head -c 70000 /dev/urandom | base64 -w0
echo
echo 'EOF'
} >> "$GITHUB_OUTPUT"
```
---------
Co-authored-by: Nicolas <bircni@icloud.com>
Co-authored-by: silverwind <me@silverwind.io>
Reviewed-on: https://gitea.com/gitea/runner/pulls/974
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: silverwind <2021+silverwind@noreply.gitea.com>
Co-authored-by: Jacob Alberty <jacob.alberty@gmail.com>
Co-committed-by: Jacob Alberty <jacob.alberty@gmail.com>
|
||
|
Nicolas
|
8a99506fed |
Fix host cleanup, volume allowlist, cache upload, and action host edge cases (#970)
## Summary - prevent host-mode execution from deleting caller-owned workdirs - harden `valid_volumes` checks against `..` and symlink escapes - return immediately after artifact cache upload write failures - default implicit remote action clone hosts to `GitHubInstance`/`github.com` Authored with assistance from OpenAI Codex GPT-5. --------- Co-authored-by: silverwind <me@silverwind.io> Reviewed-on: https://gitea.com/gitea/runner/pulls/970 Reviewed-by: silverwind <2021+silverwind@noreply.gitea.com> |
||
|
silverwind
|
5873b8b054 |
Remove dead code from act/ (#971)
Removes code that whole-program reachability analysis (`deadcode` from `golang.org/x/tools`) confirmed unreachable, plus the `act/workflowpattern` package which no file outside its own directory imports.
- `act/common/draw.go` — CLI box-drawing helpers left over from nektos/act's dropped CLI
- `act/common/file.go` — `CopyFile`/`CopyDir` package-level helpers (container types have their own `CopyDir` methods, kept)
- `act/common/executor.go` — `Warning` type and `Warningf`. The `case Warning:` arm in `(Executor).Then`'s type switch was dead too (no code ever constructed a `Warning`); the switch is replaced with `if err != nil { return err }`
- `act/lookpath/env.go` — `LookPath` no-arg wrapper and `defaultEnv` struct. Only `LookPath2(file, env)` was used externally; the `Env` interface is kept
- `act/runner/action_cache_offline_mode.go` — `GoGitActionCacheOfflineMode` wrapper, never instantiated
- `act/workflowpattern/` — entire package, never imported
Net `-943` lines.
---
This PR was written with the help of Claude Opus 4.7
---------
Co-authored-by: Nicolas <bircni@icloud.com>
Reviewed-on: https://gitea.com/gitea/runner/pulls/971
Reviewed-by: Nicolas <bircni@icloud.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-committed-by: silverwind <me@silverwind.io>
|
||
Lunny Xiao
|
5464d33eef |
fix: Return if executors length is zero in ParallelExecutor (#960)
It displayed an unused log and start an unused go routine. We should check the executors number before continue. ``` INFO[2026-05-12T21:01:04-07:00] Running job with maxParallel=1 for 1 matrix combinations INFO[2026-05-12T21:01:04-07:00] NewParallelExecutor: Creating 1 workers for 1 executors INFO[2026-05-12T21:01:04-07:00] NewParallelExecutor: Creating 1 workers for 0 executors INFO[2026-05-12T21:01:04-07:00] NewParallelExecutor: Creating 1 workers for 0 executors ``` Reviewed-on: https://gitea.com/gitea/runner/pulls/960 Reviewed-by: silverwind <2021+silverwind@noreply.gitea.com> Reviewed-by: Nicolas <bircni@icloud.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-committed-by: Lunny Xiao <xiaolunwen@gmail.com> |
||
|
silverwind
|
3c5f03ff8f |
feat: make pseudo-TTY allocation opt-in (#961)
Fixes #956. Pseudo-TTY allocation is now an explicit, runner-wide opt-in via `runner.allocate_pty`, applied to both host and docker backends. Default is off, matching GitHub `actions/runner`. ```yaml runner: allocate_pty: false # default ``` **Before:** the host backend hardcoded `if true /* allocate Terminal */` and the docker backend used `term.IsTerminal(os.Stdout.Fd())`. As a result, `docker build` (and other TTY-aware tools) saw a TTY and emitted cursor-control redraw frames that flooded captured logs with thousands of duplicate-looking progress lines — only on host-mode runners in production, and on docker-mode runners when the daemon happened to be launched from a shell rather than a service. **After:** both backends consult `Config.AllocatePTY`. The `term.IsTerminal` heuristic is gone, so behavior no longer depends on whether the daemon has a controlling terminal. **Reproduction:** running `docker build` through `HostEnvironment.Exec` with output captured to a buffer: | | Before (`if true`) | After (`AllocatePTY=false`) | |---|---:|---:| | bytes captured | 18,167 | 1,048 | | ANSI CSI sequences | 556 | 0 | | cursor-up `\e[1A` | 181 | 0 | **Side fix:** `ptyWriter.AutoStop` is now `atomic.Bool`. The field is written from the exec goroutine after `cmd.Wait()` and read from the `copyPtyOutput` goroutine via `ptyWriter.Write`; existing tests never tripped the race detector because their commands produced no output before exit. The new host-mode test does. --- This PR was written with the help of Claude Opus 4.7 --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Nicolas <bircni@icloud.com> Reviewed-on: https://gitea.com/gitea/runner/pulls/961 Reviewed-by: Nicolas <bircni@icloud.com> Co-authored-by: silverwind <2021+silverwind@noreply.gitea.com> Co-committed-by: silverwind <2021+silverwind@noreply.gitea.com> |
||
|
Renovate Bot
|
880e9755d9 |
chore(deps): update workflow dependencies (major) (#968)
Reviewed-on: https://gitea.com/gitea/runner/pulls/968 Reviewed-by: silverwind <2021+silverwind@noreply.gitea.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
Renovate Bot
|
8d7cf48a6f |
fix(deps): update module github.com/docker/cli to v29.5.0+incompatible (#969)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/docker/cli](https://github.com/docker/cli) | `v29.4.3+incompatible` → `v29.5.0+incompatible` |  |  | --- ### Release Notes <details> <summary>docker/cli (github.com/docker/cli)</summary> ### [`v29.5.0+incompatible`](https://github.com/docker/cli/compare/v29.4.3...v29.5.0) [Compare Source](https://github.com/docker/cli/compare/v29.4.3...v29.5.0) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNzkuNCIsInVwZGF0ZWRJblZlciI6IjQzLjE3OS40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Reviewed-on: https://gitea.com/gitea/runner/pulls/969 Reviewed-by: silverwind <2021+silverwind@noreply.gitea.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
Renovate Bot
|
f23605c614 |
chore(deps): update workflow dependencies (major) (#967)
Reviewed-on: https://gitea.com/gitea/runner/pulls/967 Reviewed-by: techknowlogick <9+techknowlogick@noreply.gitea.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
thisisqasim
|
00b7fec80f |
Simplify kubernetes dind example allowing for default docker config in workflows (#709)
With this docker clients in workflows can connect on the default socket without needing to change DOCKER_HOST. Startup probe also removes the need for custom shell command. Co-authored-by: silverwind <me@silverwind.io> Reviewed-on: https://gitea.com/gitea/runner/pulls/709 Co-authored-by: thisisqasim <40013+thisisqasim@noreply.gitea.com> Co-committed-by: thisisqasim <40013+thisisqasim@noreply.gitea.com> |
||
|
silverwind
|
dda5841af8 |
chore(deps): bump retry-go, golangci-lint, govulncheck (#965)
Bumps `github.com/avast/retry-go` v4.7.0 -> v5.0.0, `golangci-lint` v2.11.4 -> v2.12.2 (aligns with gitea/gitea), and pins `govulncheck` to v1.3.0. - `retry-go` v5 replaces the package-level `retry.Do(fn, opts...)` with a builder API `retry.New(opts...).Do(fn)`. The single call site in `internal/pkg/report/reporter.go` was migrated. - `golangci-lint` v2.12.2 surfaces three new findings in `act/` (modernize/slicesbackward, govet/inline): one backward loop now uses `slices.Backward`, and the deprecated `reflect.Ptr` alias is replaced with `reflect.Pointer`. - `go.mod`: the two direct-`require` blocks are merged into one, and a stray `gopkg.in/yaml.v3 // indirect` is moved into the indirect block. Purely cosmetic; `go.sum` is unchanged. --- This PR was written with the help of Claude Opus 4.7 Reviewed-on: https://gitea.com/gitea/runner/pulls/965 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: silverwind <me@silverwind.io> Co-committed-by: silverwind <me@silverwind.io> |
||
|
silverwind
|
32bed52686 |
fix(deps): bump docker deps, switch to moby/moby (#943)
Fixes: https://gitea.com/gitea/runner/issues/859 Migration approach mirrors [actions-oss/act-cli#154](https://github.com/actions-oss/act-cli/pull/154). ### Dependency changes - `github.com/docker/docker` v25.0.15 → **removed** (v29 doesn't exist as docker/docker; the project moved to moby/moby) - `github.com/docker/cli` v25.0.7 → v29.4.3 - `github.com/docker/go-connections` v0.6.0 → v0.7.0 - `github.com/docker/docker-credential-helpers` v0.9.5 → v0.9.6 - `github.com/moby/go-archive` added at v0.2.0 - `github.com/moby/moby/api` added at v1.54.2 - `github.com/moby/moby/client` added at v0.4.1 - `github.com/moby/buildkit` removed (only used `dockerignore.ReadAll`, swapped for `moby/patternmatcher/ignorefile.ReadAll` directly) - `github.com/containerd/errdefs` v0.3.0 → v1.0.0 ### Migration - v28: type aliases moved to their subpackages (`types.{Container,Image,Network,Exec}*` → `container/image/network/...`); deprecated APIs replaced (`ImageInspectWithRaw`, `client.IsErrNotFound`, `archive.CanonicalTarNameForPath`, `opts.ValidateMACAddress`, `ListOpts.GetAll`) - v29: structural client redesign — every `cli.X(ctx, ...)` call switched to options-everywhere/Result-typed signatures, `ContainerExec*` → `Exec*`, `ContainerWait` returns a struct with `Result`/`Error` channels, `Tty`→`TTY`, `Copy*Container` takes options struct, `client.NewClientWithOpts` → `client.New`. `pkg/stdcopy` moved to `moby/moby/api/pkg/stdcopy`. The vendored copy of `cli/command/container/opts.go` was refreshed from cli v29 (now uses `netip.Addr` for IPs, port-set conversion helpers). A small local `parsePlatform` helper centralises the `os/arch[/variant]` parsing previously inlined into multiple call sites. ### Behaviour preservation The migration introduced several behavioural shifts vs the v25 client; all were caught in review and reverted/fixed in follow-up commits: - `GetDockerClient`: cli v29's `Ping(NegotiateAPIVersion: true)` returns errors that the old `NegotiateAPIVersion` silently swallowed. Restored best-effort behaviour (warn-log + continue) so daemons with blocked `_ping` or API < 1.40 keep working. The SSH-helper `client.New` call no longer inherits `client.FromEnv`, matching the old `NewClientWithOpts(WithHost, WithDialContext)` so `DOCKER_API_VERSION`/`DOCKER_TLS_VERIFY` don't leak into the SSH-tunneled client - `parsePlatform`: malformed input now returns an explicit error instead of silently dropping to "no platform constraint" and pulling the host-default architecture. Single-segment (`"linux"`), 4+-segment (`"linux/arm/v7/extra"`), and trailing-slash (`"linux/arm/"`) inputs are all rejected - `LoadDockerAuthConfig`/`LoadDockerAuthConfigs`: `config.LoadDefaultConfigFile(nil)` panics on a malformed config file (it does `fmt.Fprintln` on the nil `io.Writer`). Switched to `config.Load(config.Dir())` so load errors reach the logger and the panic path is gone. Restored the old behaviour of returning `config.Load` and `GetAuthConfig` errors to the caller (the v29 refactor had silently downgraded them to warn-only). A `reference.ParseNormalizedNamed` failure on the image string falls through to the `docker.io` default rather than aborting, since the old string-based hostname extraction was infallible Test assertions also updated for two upstream error-message string shifts (`go-connections` port-range parser; `cli/opts` envfile BOM check). Added unit-test coverage for the new `parsePlatform` helper, locking in the intentional limits (single-segment, 4+-segment, and trailing-slash platforms rejected). --- This PR was written with the help of Claude Opus 4.7 Reviewed-on: https://gitea.com/gitea/runner/pulls/943 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: silverwind <me@silverwind.io> Co-committed-by: silverwind <me@silverwind.io> |
||
|
Lunny Xiao
|
a7e972d8de |
fix: respect proxy env vars in runner client (#962)
Fixes #957. ## Why The runner builds a custom `http.Transport` for its RPC client. From first principles, once we stop using the default transport we also stop inheriting its default proxy resolution behavior, so `HTTP_PROXY`/`HTTPS_PROXY` are ignored unless we wire that behavior back explicitly. ## What - set `Proxy: http.ProxyFromEnvironment` on the custom transport - add a regression test that verifies `getHTTPClient` honors proxy environment variables Reviewed-on: https://gitea.com/gitea/runner/pulls/962 Reviewed-by: ChristopherHX <38043+christopherhx@noreply.gitea.com> |
||
|
Lunny Xiao
|
763b38ece3 |
fix: isolate per-task runner envs (#959)
## Summary - clone the runner environment map for each task before injecting runtime and OIDC tokens - keep the shared base environment immutable so concurrent jobs cannot hit `concurrent map writes` - add a unit test covering task-local env cloning Fixes #958 --------- Co-authored-by: Nicolas <bircni@icloud.com> Reviewed-on: https://gitea.com/gitea/runner/pulls/959 Reviewed-by: Nicolas <bircni@icloud.com>v1.0.3 |
||
|
Renovate Bot
|
a1f13cb970 |
fix(deps): update module github.com/opencontainers/selinux to v1.14.1 (#955)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) | `v1.14.0` → `v1.14.1` |  |  | --- > ⚠️ **Warning** > > Some dependencies could not be looked up. Check the [Dependency Dashboard](issues/856) for more information. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNzAuMjAiLCJ1cGRhdGVkSW5WZXIiOiI0My4xNzAuMjAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbXX0=--> Reviewed-on: https://gitea.com/gitea/runner/pulls/955 Reviewed-by: silverwind <2021+silverwind@noreply.gitea.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
silverwind
|
1e3ab0c40a |
fix(deps): update mergo to v1.0.2 (now dario.cat/mergo) (#954)
At v1.0.0 the `github.com/imdario/mergo` module was relocated to `dario.cat/mergo`, so a plain version bump (as in https://gitea.com/gitea/runner/pulls/951) leaves the import path pointing at the old, unmaintained location. This PR updates the import in `act/container/docker_run.go` and adjusts `go.mod` accordingly. The public API (`mergo.Merge`, `mergo.WithOverride`, `mergo.WithAppendSlice`) is unchanged. Supersedes https://gitea.com/gitea/runner/pulls/951. --- This PR was written with the help of Claude Opus 4.7 Reviewed-on: https://gitea.com/gitea/runner/pulls/954 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: silverwind <me@silverwind.io> Co-committed-by: silverwind <me@silverwind.io> |
||
|
silverwind
|
295eecb9af |
fix: ensure dbfs_data is cleaned up after task completion (#952)
Fixes #950. After #819, the daemon flushes logs eagerly on the job-result entry (via the `stateNotify` path), so `Close()` typically runs `ReportLog(true)` with an empty buffer. Gitea's `UpdateLog` handler short-circuits on `len(Rows)==0` before honoring `NoMore`, so the final request never runs `TransferLogs` and `dbfs_data` rows leak. The server-side short-circuit is latent since the original Actions implementation in 2023; #819 made it deterministically reachable. Workaround: inject a sentinel row in `Close()` after the daemon has exited so the final `UpdateLog` always carries at least one row. Done after the daemon waits so the sentinel can't be flushed before `ReportLog(true)` reads it. https://github.com/go-gitea/gitea/pull/37631 drops the empty-rows short-circuit when `NoMore=true`; that would work with or without this PR. Reviewed-on: https://gitea.com/gitea/runner/pulls/952 Reviewed-by: Nicolas <bircni@icloud.com> Reviewed-by: Zettat123 <39446+zettat123@noreply.gitea.com> Co-authored-by: silverwind <me@silverwind.io> Co-committed-by: silverwind <me@silverwind.io> |
||
Zettat123
|
ef6ca957b5 |
fix(artifactcache): preserve cache key case to stop redundant uploads (#947)
## Summary `artifactcache.Handler` was lowercasing cache keys before storing and returning them. This caused actions like `actions/setup-go` to treat every restore as a partial hit and re-upload the cache on every job run. Similar issue: [act#2497](https://github.com/nektos/act/issues/2497) ## Root Cause These actions build cache keys that include `RUNNER_OS` (e.g. `setup-go-Linux-x64-...` See [setup-go/cache-restore.ts]( |
||
|
Renovate Bot
|
8088df52b9 |
fix(deps): update module golang.org/x/term to v0.43.0 (#948)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [golang.org/x/term](https://pkg.go.dev/golang.org/x/term) | [`v0.42.0` → `v0.43.0`](https://cs.opensource.google/go/x/term/+/refs/tags/v0.42.0...refs/tags/v0.43.0) |  |  | --- > ⚠️ **Warning** > > Some dependencies could not be looked up. Check the [Dependency Dashboard](issues/856) for more information. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNjkuNCIsInVwZGF0ZWRJblZlciI6IjQzLjE2OS40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Reviewed-on: https://gitea.com/gitea/runner/pulls/948 Reviewed-by: silverwind <2021+silverwind@noreply.gitea.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
Nicolas
|
3ea7d39690 |
fix: overwrite read-only files when copying action directories (#942)
## Summary
- `CopyCollector.WriteFile` now removes any existing destination file
before writing, handling read-only modes (e.g. git pack files at
`0444`) that cause `EACCES`/`ERROR_ACCESS_DENIED` on macOS and Windows.
- Added `O_TRUNC` to the `OpenFile` flags as a safety net.
## Root cause
When a composite action with a post step runs on a host runner,
`runPostStep` calls `maybeCopyToActionDir`, which re-copies the action
into `miscpath/act/actions/<name>/`. The first copy (main step) writes
`.git/objects/pack/*.idx` at the destination with mode `0444` (as set
by go-git). The second copy (post step) calls
`os.OpenFile(dest, O_CREATE|O_WRONLY, …)` on that existing `0444` file,
which fails immediately:
- macOS: `open <path>: permission denied`
- Windows: `open <path>: Access is denied`
Fixes: https://gitea.com/gitea/runner/issues/941
Fixes: https://gitea.com/gitea/runner/issues/876
---------
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: silverwind <2021+silverwind@noreply.gitea.com>
Reviewed-on: https://gitea.com/gitea/runner/pulls/942
Reviewed-by: silverwind <2021+silverwind@noreply.gitea.com>
Co-authored-by: Nicolas <bircni@icloud.com>
Co-committed-by: Nicolas <bircni@icloud.com>
v1.0.2
|
||
Schallbert
|
861d351845 |
add apparmor=rootlesskit in security_opt (#937)
paste depends_on chain from socket-runner-setup to runner-dind-setup add apparmor=rootlesscit in security_opt add explanations for elevated privileges --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: silverwind <2021+silverwind@noreply.gitea.com> Reviewed-on: https://gitea.com/gitea/runner/pulls/937 Reviewed-by: silverwind <2021+silverwind@noreply.gitea.com> Co-authored-by: Schallbert <schallbert@mailbox.org> Co-committed-by: Schallbert <schallbert@mailbox.org> |
||
|
silverwind
|
cce8543d06 |
fix: serialize action-cache reads to prevent worktree race (#938)
`NewGitCloneExecutor` holds a per-directory mutex while it `git checkout --force`s a remote action into the shared `<ActionCacheDir>/<UsesHash>`, but four read sites ran unlocked: - `maybeCopyToActionDir`'s tar walk via `JobContainer.CopyDir` - `prepareActionExecutor`'s `readAction` parse of `action.yml` - `newReusableWorkflowExecutor`'s `model.NewWorkflowPlanner` after `cloneRemoteReusableWorkflow` released its lock - `execAsDocker` when `ActionCache == nil`: `docker build` walks `contextDir` for the daemon-side build context When two matrix jobs share a `uses:`, a read interleaved with a peer's checkout produces partial state — observed as `Cannot find module .../dist/index.js` and `setup-uv` failing on a half-written `action.yml`. Exports `acquireCloneLock` as `AcquireCloneLock` and takes it at all four sites. `container.ImageExistsLocally` / `NewDockerBuildExecutor` and `model.NewWorkflowPlanner` are indirected through package-level vars so the docker-action build path and the reusable-workflow read site are testable without a real daemon, mirroring `ContainerNewContainer`. Three regression tests cover the higher-risk sites (`maybeCopyToActionDir`, `execAsDocker`, `newReusableWorkflowExecutor`); each fails if its `AcquireCloneLock` is removed. Subsumed by https://gitea.com/gitea/runner/pulls/814 once that lands. Related: https://gitea.com/gitea/runner/pulls/930 --- This PR was written with the help of Claude Opus 4.7 --------- Co-authored-by: Nicolas <bircni@icloud.com> Reviewed-on: https://gitea.com/gitea/runner/pulls/938 Reviewed-by: Nicolas <bircni@icloud.com> Reviewed-by: Zettat123 <39446+zettat123@noreply.gitea.com> Co-authored-by: silverwind <me@silverwind.io> Co-committed-by: silverwind <me@silverwind.io> |
||
|
silverwind
|
75643645f0 |
feat: remove emojis from runner logging, add Starting job container group (#940)
Aligns runner log output more closely with `actions/runner`: - Strip the whale, rocket, cloud, construction, chequered-flag, and exclamation-mark glyphs from log lines and drop the now-unused `logPrefix` constant. - Reword `no outputs used step '%s'` → `No outputs registered for step '%s'` (the original was ungrammatical and inaccurate — it fires when `set-output` references an unknown step ID). - Wrap the docker pull/network/create/start phase of job container startup in a `::group::Starting job container` / `::endgroup::` collapsible section, mirroring `actions/runner`. Since act drives Docker through the SDK rather than the CLI, we can't echo `##[command]/usr/bin/docker create ...` lines verbatim — instead the helper emits a summary inside the group: ``` ::group::Starting job container image: <image> name: <container-name> network: <network-name> ::endgroup:: ``` - Extracted the emit into a `printStartJobContainerGroup` helper (parallel to `printRunActionHeader` in `step_run.go`) and added a golden-style test `TestPrintStartJobContainerGroupGolden`. - Drive-by: replace two remaining literal `"raw_output"` strings in `run_context.go` with the existing `rawOutputField` constant. Closes #935 --- This PR was written with the help of Claude Opus 4.7 Reviewed-on: https://gitea.com/gitea/runner/pulls/940 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: silverwind <me@silverwind.io> Co-committed-by: silverwind <me@silverwind.io> |