fix(deps): update module connectrpc.com/connect to v1.20.0 (#985)

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [connectrpc.com/connect](https://github.com/connectrpc/connect-go) | `v1.19.2` → `v1.20.0` | ![age](https://developer.mend.io/api/mc/badges/age/go/connectrpc.com%2fconnect/v1.20.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/connectrpc.com%2fconnect/v1.19.2/v1.20.0?slim=true) |

---

### Release Notes

<details>
<summary>connectrpc/connect-go (connectrpc.com/connect)</summary>

### [`v1.20.0`](https://github.com/connectrpc/connect-go/releases/tag/v1.20.0)

[Compare Source](https://github.com/connectrpc/connect-go/compare/v1.19.2...v1.20.0)

#### What's Changed

##### Other changes

- Bump minimum supported Go version to 1.25 by [@&#8203;jonbodner-buf](https://github.com/jonbodner-buf) in [#&#8203;922](https://github.com/connectrpc/connect-go/issues/922)
- Update Unary-Get query parameter order to match spec recommendation by [@&#8203;oliversun9](https://github.com/oliversun9) in [#&#8203;926](https://github.com/connectrpc/connect-go/issues/926)

#### New Contributors

- [@&#8203;jonbodner-buf](https://github.com/jonbodner-buf) made their first contribution in [#&#8203;922](https://github.com/connectrpc/connect-go/issues/922)

**Full Changelog**: <https://github.com/connectrpc/connect-go/compare/v1.19.2...v1.20.0>

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xODYuMSIsInVwZGF0ZWRJblZlciI6IjQzLjE4Ni4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Reviewed-on: https://gitea.com/gitea/runner/pulls/985
Reviewed-by: silverwind <2021+silverwind@noreply.gitea.com>
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>

act/common/git/git.go

@@ -243,47 +243,50 @@ type NewGitCloneExecutorInput struct {
 	InsecureSkipTLS bool
 }
 
-// CloneIfRequired ...
+// CloneIfRequired returns the repository and a boolean indicating whether an existing local clone was reused.
-func CloneIfRequired(ctx context.Context, refName plumbing.ReferenceName, input NewGitCloneExecutorInput, logger log.FieldLogger) (*git.Repository, error) {
+func CloneIfRequired(ctx context.Context, refName plumbing.ReferenceName, input NewGitCloneExecutorInput, logger log.FieldLogger) (*git.Repository, bool, error) {
 	r, err := git.PlainOpen(input.Dir)
-	if err != nil {
+	if err == nil {
-		var progressWriter io.Writer
+		// Reuse existing clone
-		if isatty.IsTerminal(os.Stdout.Fd()) || isatty.IsCygwinTerminal(os.Stdout.Fd()) {
+		return r, true, nil
-			if entry, ok := logger.(*log.Entry); ok {
+	}
-				progressWriter = entry.WriterLevel(log.DebugLevel)
-			} else if lgr, ok := logger.(*log.Logger); ok {
-				progressWriter = lgr.WriterLevel(log.DebugLevel)
-			} else {
-				log.Errorf("Unable to get writer from logger (type=%T)", logger)
-				progressWriter = os.Stdout
-			}
-		}
 
-		cloneOptions := git.CloneOptions{
+	var progressWriter io.Writer
-			URL:      input.URL,
+	if isatty.IsTerminal(os.Stdout.Fd()) || isatty.IsCygwinTerminal(os.Stdout.Fd()) {
-			Progress: progressWriter,
+		if entry, ok := logger.(*log.Entry); ok {
-
+			progressWriter = entry.WriterLevel(log.DebugLevel)
-			InsecureSkipTLS: input.InsecureSkipTLS, // For Gitea
+		} else if lgr, ok := logger.(*log.Logger); ok {
-		}
+			progressWriter = lgr.WriterLevel(log.DebugLevel)
-		if input.Token != "" {
+		} else {
-			cloneOptions.Auth = &http.BasicAuth{
+			log.Errorf("Unable to get writer from logger (type=%T)", logger)
-				Username: "token",
+			progressWriter = os.Stdout
-				Password: input.Token,
-			}
-		}
-
-		r, err = git.PlainCloneContext(ctx, input.Dir, false, &cloneOptions)
-		if err != nil {
-			logger.Errorf("Unable to clone %v %s: %v", input.URL, refName, err)
-			return nil, err
-		}
-
-		if err = os.Chmod(input.Dir, 0o755); err != nil {
-			return nil, err
 		}
 	}
 
-	return r, nil
+	cloneOptions := git.CloneOptions{
+		URL:      input.URL,
+		Progress: progressWriter,
+
+		InsecureSkipTLS: input.InsecureSkipTLS, // For Gitea
+	}
+	if input.Token != "" {
+		cloneOptions.Auth = &http.BasicAuth{
+			Username: "token",
+			Password: input.Token,
+		}
+	}
+
+	r, err = git.PlainCloneContext(ctx, input.Dir, false, &cloneOptions)
+	if err != nil {
+		logger.Errorf("Unable to clone %v %s: %v", input.URL, refName, err)
+		return nil, false, err
+	}
+
+	if err = os.Chmod(input.Dir, 0o755); err != nil {
+		return nil, false, err
+	}
+
+	return r, false, nil
 }
 
 func gitOptions(token string) (fetchOptions git.FetchOptions, pullOptions git.PullOptions) {
@@ -313,7 +316,7 @@ func NewGitCloneExecutor(input NewGitCloneExecutorInput) common.Executor {
 		defer AcquireCloneLock(input.Dir)()
 
 		refName := plumbing.ReferenceName("refs/heads/" + input.Ref)
-		r, err := CloneIfRequired(ctx, refName, input, logger)
+		r, reused, err := CloneIfRequired(ctx, refName, input, logger)
 		if err != nil {
 			return err
 		}
@@ -338,10 +341,10 @@ func NewGitCloneExecutor(input NewGitCloneExecutorInput) common.Executor {
 		var hash *plumbing.Hash
 		rev := plumbing.Revision(input.Ref)
 		if hash, err = r.ResolveRevision(rev); err != nil {
+			// ResolveRevision returns a nil hash on error, and a branch ref legitimately fails
+			// here (no local refs/heads/<ref>); the duck-typing below resolves it.
 			logger.Errorf("Unable to resolve %s: %v", input.Ref, err)
-		}
+		} else if hash.String() != input.Ref && strings.HasPrefix(hash.String(), input.Ref) {
-
-		if hash.String() != input.Ref && strings.HasPrefix(hash.String(), input.Ref) {
 			return &Error{
 				err:    ErrShortRef,
 				commit: hash.String(),
@@ -392,12 +395,18 @@ func NewGitCloneExecutor(input NewGitCloneExecutorInput) common.Executor {
 				return err
 			}
 		}
+
+		reusedMsg := ""
+
 		if !isOfflineMode {
 			if err = w.Pull(&pullOptions); err != nil && err != git.NoErrAlreadyUpToDate {
 				logger.Debugf("Unable to pull %s: %v", refName, err)
 			}
+		} else if reused {
+			reusedMsg = " (reused in offline mode)"
 		}
-		logger.Debugf("Cloned %s to %s", input.URL, input.Dir)
+
+		logger.Debugf("Cloned %s to %s%s", input.URL, input.Dir, reusedMsg)
 
 		if hash.String() != input.Ref && refType == "branch" {
 			logger.Debugf("Provided ref is not a sha. Updating branch ref after pull")

act/common/git/git_test.go

@@ -279,6 +279,54 @@ func TestGitCloneExecutorNonFastForwardRef(t *testing.T) {
 	assert.Equal(t, "second", strings.TrimSpace(string(out)), "working tree should be at the latest commit")
 }
 
+func TestGitCloneExecutorOfflineMode(t *testing.T) {
+	gitConfig()
+
+	// Build a local "remote" with a single commit on main.
+	remoteDir := t.TempDir()
+	require.NoError(t, gitCmd("init", "--bare", "--initial-branch=main", remoteDir))
+	workDir := t.TempDir()
+	require.NoError(t, gitCmd("clone", remoteDir, workDir))
+	require.NoError(t, gitCmd("-C", workDir, "checkout", "-b", "main"))
+	require.NoError(t, gitCmd("-C", workDir, "commit", "--allow-empty", "-m", "initial"))
+	require.NoError(t, gitCmd("-C", workDir, "push", "-u", "origin", "main"))
+
+	// Prime the cache with an online clone of main.
+	cacheDir := t.TempDir()
+	require.NoError(t, NewGitCloneExecutor(NewGitCloneExecutorInput{
+		URL: remoteDir,
+		Ref: "main",
+		Dir: cacheDir,
+	})(context.Background()))
+
+	t.Run("cached branch resolves without fetching", func(t *testing.T) {
+		// Offline reuse of a cached branch must succeed even though ResolveRevision(input.Ref)
+		// finds no local refs/heads/<ref>.
+		err := NewGitCloneExecutor(NewGitCloneExecutorInput{
+			URL:         remoteDir,
+			Ref:         "main",
+			Dir:         cacheDir,
+			OfflineMode: true,
+		})(context.Background())
+		require.NoError(t, err)
+
+		out, err := exec.Command("git", "-C", cacheDir, "log", "--oneline", "-1", "--format=%s").Output()
+		require.NoError(t, err)
+		assert.Equal(t, "initial", strings.TrimSpace(string(out)))
+	})
+
+	t.Run("unresolvable cached ref returns error", func(t *testing.T) {
+		// The ref was never cached; offline mode cannot resolve it and must return an error.
+		err := NewGitCloneExecutor(NewGitCloneExecutorInput{
+			URL:         remoteDir,
+			Ref:         "never-fetched",
+			Dir:         cacheDir,
+			OfflineMode: true,
+		})(context.Background())
+		require.Error(t, err)
+	})
+}
+
 func gitConfig() {
 	if os.Getenv("GITHUB_ACTIONS") == "true" {
 		var err error

act/runner/reusable_workflow.go

@@ -308,6 +308,11 @@ func getGitCloneToken(conf *Config, cloneURL string) string {
 // 1. cloneURL is from the same Gitea instance that the runner is registered to
 // 2. the cloneURL does not have basic auth embedded
 func shouldCloneURLUseToken(instanceURL, cloneURL string) bool {
+	if !strings.HasPrefix(instanceURL, "http://") &&
+		!strings.HasPrefix(instanceURL, "https://") {
+		instanceURL = "https://" + instanceURL
+	}
+
 	u1, err1 := url.Parse(instanceURL)
 	u2, err2 := url.Parse(cloneURL)
 	if err1 != nil || err2 != nil {

act/runner/reusable_workflow_test.go

@@ -123,6 +123,65 @@ func TestNewReusableWorkflowExecutorHoldsCloneLock(t *testing.T) {
 	}
 }
 
+func TestGetGitCloneTokenWithSchemalessGiteaInstance(t *testing.T) {
+	conf := &Config{
+		GitHubInstance: "gitea.example.net",
+		Secrets: map[string]string{
+			"GITEA_TOKEN": "token-value",
+		},
+	}
+
+	token := getGitCloneToken(conf, "https://gitea.example.net/actions/tools")
+
+	require.Equal(t, "token-value", token)
+}
+
+func TestShouldCloneURLUseToken(t *testing.T) {
+	tests := []struct {
+		name        string
+		instanceURL string
+		cloneURL    string
+		want        bool
+	}{
+		{
+			name:        "same host with schemaless instance",
+			instanceURL: "gitea.example.net",
+			cloneURL:    "https://gitea.example.net/actions/tools",
+			want:        true,
+		},
+		{
+			name:        "same host with schemaless instance and port",
+			instanceURL: "gitea.example.net:3000",
+			cloneURL:    "https://gitea.example.net:3000/actions/tools",
+			want:        true,
+		},
+		{
+			name:        "different host",
+			instanceURL: "gitea.example.net",
+			cloneURL:    "https://github.com/actions/tools",
+			want:        false,
+		},
+		{
+			name:        "embedded basic auth",
+			instanceURL: "gitea.example.net",
+			cloneURL:    "https://user:pass@gitea.example.net/actions/tools",
+			want:        false,
+		},
+		{
+			name:        "invalid clone URL",
+			instanceURL: "gitea.example.net",
+			cloneURL:    "://gitea.example.net/actions/tools",
+			want:        false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			require.Equal(t, tt.want, shouldCloneURLUseToken(tt.instanceURL, tt.cloneURL))
+		})
+	}
+}
+
 func gitMust(t *testing.T, dir string, args ...string) {
 	t.Helper()
 	cmd := exec.Command("git", args...)

act/runner/runner.go

@@ -30,7 +30,7 @@ type Config struct {
 	Actor                              string                       // the user that triggered the event
 	Workdir                            string                       // path to working directory
 	ActionCacheDir                     string                       // path used for caching action contents
-	ActionOfflineMode                  bool                         // when offline, use caching action contents
+	ActionOfflineMode                  bool                         // when offline, use cached action contents
 	BindWorkdir                        bool                         // bind the workdir to the job container
 	EventName                          string                       // name of event to run
 	EventPath                          string                       // path to JSON file to use for event.json in containers

go.mod

@@ -4,17 +4,17 @@ go 1.26.0
 
 require (
 	code.gitea.io/actions-proto-go v0.4.1
-	connectrpc.com/connect v1.19.2
+	connectrpc.com/connect v1.20.0
 	dario.cat/mergo v1.0.2
 	github.com/Masterminds/semver v1.5.0
 	github.com/avast/retry-go/v5 v5.0.0
 	github.com/containerd/errdefs v1.0.0
 	github.com/creack/pty v1.1.24
 	github.com/distribution/reference v0.6.0
-	github.com/docker/cli v29.5.0+incompatible
+	github.com/docker/cli v29.5.2+incompatible
 	github.com/docker/go-connections v0.7.0
 	github.com/go-git/go-billy/v5 v5.9.0
-	github.com/go-git/go-git/v5 v5.19.0
+	github.com/go-git/go-git/v5 v5.19.1
 	github.com/gobwas/glob v0.2.3
 	github.com/google/go-cmp v0.7.0
 	github.com/joho/godotenv v1.5.1

go.sum

@@ -2,6 +2,8 @@ code.gitea.io/actions-proto-go v0.4.1 h1:l0EYhjsgpUe/1VABo2eK7zcoNX2W44WOnb0MSLr
 code.gitea.io/actions-proto-go v0.4.1/go.mod h1:mn7Wkqz6JbnTOHQpot3yDeHx+O5C9EGhMEE+htvHBas=
 connectrpc.com/connect v1.19.2 h1:McQ83FGdzL+t60peksi0gXC7MQ/iLKgLduAnThbM0mo=
 connectrpc.com/connect v1.19.2/go.mod h1:tN20fjdGlewnSFeZxLKb0xwIZ6ozc3OQs2hTXy4du9w=
+connectrpc.com/connect v1.20.0 h1:6TNDAB+WeNd2uolWNlYczB5E0KNNaVMNUEx8JEUsPmQ=
+connectrpc.com/connect v1.20.0/go.mod h1:A2ygJrukXwWy32vkCAAHNVguZrqZ+jeZ9rGRnGR4dN4=
 cyphar.com/go-pathrs v0.2.3 h1:0pH8gep37wB0BgaXrEaN1OtZhUMeS7VvaejSr6i822o=
 cyphar.com/go-pathrs v0.2.3/go.mod h1:y8f1EMG7r+hCuFf/rXsKqMJrJAUoADZGNh5/vZPKcGc=
 dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8=
@@ -47,10 +49,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
-github.com/docker/cli v29.4.3+incompatible h1:u+UliYm2J/rYrIh2FqHQg32neRG8GjbvNuwQRTzGspU=
+github.com/docker/cli v29.5.2+incompatible h1:ubykJ1Y8LmNRGJ2BuMQ0kHOt/RO1YzGNswqWMJgivuQ=
-github.com/docker/cli v29.4.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v29.5.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/cli v29.5.0+incompatible h1:FPUvKJoKpeP4Njz8NrQdeUN8o247P7ndTiILtaP5/l4=
-github.com/docker/cli v29.5.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/docker-credential-helpers v0.9.6 h1:cT2PbRPSlnMmNTfT2TDMXRyQ1KMWHG7xoTLBcn1ZNv0=
 github.com/docker/docker-credential-helpers v0.9.6/go.mod h1:v1S+hepowrQXITkEfw6o4+BMbGot02wiKpzWhGUZK6c=
 github.com/docker/go-connections v0.7.0 h1:6SsRfJddP22WMrCkj19x9WKjEDTB+ahsdiGYf0mN39c=
@@ -73,8 +73,8 @@ github.com/go-git/go-billy/v5 v5.9.0 h1:jItGXszUDRtR/AlferWPTMN4j38BQ88XnXKbilmm
 github.com/go-git/go-billy/v5 v5.9.0/go.mod h1:jCnQMLj9eUgGU7+ludSTYoZL/GGmii14RxKFj7ROgHw=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
-github.com/go-git/go-git/v5 v5.19.0 h1:+WkVUQZSy/F1Gb13udrMKjIM2PrzsNfDKFSfo5tkMtc=
+github.com/go-git/go-git/v5 v5.19.1 h1:nX27AnaU43/K5bKktKwgBmR9lawoYVe1Ckg0rgzzN00=
-github.com/go-git/go-git/v5 v5.19.0/go.mod h1:Pb1v0c7/g8aGQJwx9Us09W85yGoyvSwuhEGMH7zjDKQ=
+github.com/go-git/go-git/v5 v5.19.1/go.mod h1:Pb1v0c7/g8aGQJwx9Us09W85yGoyvSwuhEGMH7zjDKQ=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
 github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=

internal/app/cmd/daemon.go

@@ -132,7 +132,6 @@ func runDaemon(ctx context.Context, daemArgs *daemonArgs, configFile *string) fu
 			cfg.Runner.Insecure,
 			reg.UUID,
 			reg.Token,
-			ver.Version(),
 		)
 
 		runner := run.NewRunner(cfg, reg, cli)

internal/app/cmd/register.go

@@ -325,7 +325,6 @@ func doRegister(ctx context.Context, cfg *config.Config, inputs *registerInputs)
 		cfg.Runner.Insecure,
 		"",
 		"",
-		ver.Version(),
 	)
 
 	for {
@@ -366,12 +365,11 @@ func doRegister(ctx context.Context, cfg *config.Config, inputs *registerInputs)
 	}
 	// register new runner.
 	resp, err := cli.Register(ctx, connect.NewRequest(&runnerv1.RegisterRequest{
-		Name:        reg.Name,
+		Name:      reg.Name,
-		Token:       reg.Token,
+		Token:     reg.Token,
-		Version:     ver.Version(),
+		Version:   ver.Version(),
-		AgentLabels: ls, // Could be removed after Gitea 1.20
+		Labels:    ls,
-		Labels:      ls,
+		Ephemeral: reg.Ephemeral,
-		Ephemeral:   reg.Ephemeral,
 	}))
 	if err != nil {
 		log.WithError(err).Error("poller: cannot register new runner")

internal/app/run/runner.go

@@ -344,10 +344,11 @@ func (r *Runner) run(ctx context.Context, task *runnerv1.Task, reporter *report.
 	runnerConfig := &runner.Config{
 		// On Linux, Workdir will be like "/<parent_directory>/<owner>/<repo>"
 		// On Windows, Workdir will be like "\<parent_directory>\<owner>\<repo>"
-		Workdir:        workdir,
+		Workdir:           workdir,
-		BindWorkdir:    r.cfg.Container.BindWorkdir,
+		BindWorkdir:       r.cfg.Container.BindWorkdir,
-		ActionCacheDir: filepath.FromSlash(r.cfg.Host.WorkdirParent),
+		ActionCacheDir:    filepath.FromSlash(r.cfg.Host.WorkdirParent),
-		AllocatePTY:    r.cfg.Runner.AllocatePTY,
+		AllocatePTY:       r.cfg.Runner.AllocatePTY,
+		ActionOfflineMode: r.cfg.Cache.OfflineMode,
 
 		ReuseContainers:       false,
 		ForcePull:             r.cfg.Container.ForcePull,

internal/pkg/client/header.go

@@ -6,6 +6,4 @@ package client
 const (
 	UUIDHeader  = "x-runner-uuid"
 	TokenHeader = "x-runner-token"
-	// Deprecated: could be removed after Gitea 1.20 released
-	VersionHeader = "x-runner-version"
 )

internal/pkg/client/http.go

@@ -31,7 +31,7 @@ func getHTTPClient(endpoint string, insecure bool) *http.Client {
 }
 
 // New returns a new runner client.
-func New(endpoint string, insecure bool, uuid, token, version string, opts ...connect.ClientOption) *HTTPClient {
+func New(endpoint string, insecure bool, uuid, token string, opts ...connect.ClientOption) *HTTPClient {
 	baseURL := strings.TrimRight(endpoint, "/") + "/api/actions"
 
 	opts = append(opts, connect.WithInterceptors(connect.UnaryInterceptorFunc(func(next connect.UnaryFunc) connect.UnaryFunc {
@@ -42,10 +42,6 @@ func New(endpoint string, insecure bool, uuid, token, version string, opts ...co
 			if token != "" {
 				req.Header().Set(TokenHeader, token)
 			}
-			// TODO: version will be removed from request header after Gitea 1.20 released.
-			if version != "" {
-				req.Header().Set(VersionHeader, version)
-			}
 			return next(ctx, req)
 		}
 	})))

internal/pkg/config/config.example.yaml

@@ -102,6 +102,9 @@ cache:
   # (or `gitea-runner cache-server`) is in use: the runner pre-registers each job's ACTIONS_RUNTIME_TOKEN with the
   # cache-server, and the cache-server enforces bearer auth + per-repo cache isolation.
   external_secret: ""
+  # When true, reuse a cached action instead of fetching from the remote on every job. Note: a moved tag
+  # (e.g. a re-tagged "v6") or an updated branch stays at the cached commit until its cache entry is removed.
+  offline_mode: false
 
 container:
   # Specifies the network to which the container will connect.

internal/pkg/config/config.go

@@ -52,6 +52,7 @@ type Cache struct {
 	Port           uint16 `yaml:"port"`            // Port specifies the caching port.
 	ExternalServer string `yaml:"external_server"` // ExternalServer specifies the URL of external cache server
 	ExternalSecret string `yaml:"external_secret"` // ExternalSecret is a shared secret between this runner and an external gitea-runner cache-server, enabling per-job ACTIONS_RUNTIME_TOKEN authentication and repo scoping over the network. Leave empty to keep the legacy unauthenticated behavior.
+	OfflineMode    bool   `yaml:"offline_mode"`    // OfflineMode reuses a cached action without fetching from the remote; a moved tag or branch stays at the cached commit until the cache entry is removed.
 }
 
 // Container represents the configuration for the container.
@@ -109,7 +110,6 @@ func LoadDefault(file string) (*Config, error) {
 			return nil, fmt.Errorf("parse config file %q for defaults metadata: %w", file, err)
 		}
 	}
-	compatibleWithOldEnvs(file != "", cfg)
 
 	if cfg.Runner.EnvFile != "" {
 		if stat, err := os.Stat(cfg.Runner.EnvFile); err == nil && !stat.IsDir() {

internal/pkg/config/deprecated.go

@@ -1,62 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package config
-
-import (
-	"os"
-	"strconv"
-	"strings"
-
-	log "github.com/sirupsen/logrus"
-)
-
-// Deprecated: could be removed in the future. TODO: remove it when Gitea 1.20.0 is released.
-// Be compatible with old envs.
-func compatibleWithOldEnvs(fileUsed bool, cfg *Config) {
-	handleEnv := func(key string) (string, bool) {
-		if v, ok := os.LookupEnv(key); ok {
-			if fileUsed {
-				log.Warnf("env %s has been ignored because config file is used", key)
-				return "", false
-			}
-			log.Warnf("env %s will be deprecated, please use config file instead", key)
-			return v, true
-		}
-		return "", false
-	}
-
-	if v, ok := handleEnv("GITEA_DEBUG"); ok {
-		if b, _ := strconv.ParseBool(v); b {
-			cfg.Log.Level = "debug"
-		}
-	}
-	if v, ok := handleEnv("GITEA_TRACE"); ok {
-		if b, _ := strconv.ParseBool(v); b {
-			cfg.Log.Level = "trace"
-		}
-	}
-	if v, ok := handleEnv("GITEA_RUNNER_CAPACITY"); ok {
-		if i, _ := strconv.Atoi(v); i > 0 {
-			cfg.Runner.Capacity = i
-		}
-	}
-	if v, ok := handleEnv("GITEA_RUNNER_FILE"); ok {
-		cfg.Runner.File = v
-	}
-	if v, ok := handleEnv("GITEA_RUNNER_ENVIRON"); ok {
-		splits := strings.Split(v, ",")
-		if cfg.Runner.Envs == nil {
-			cfg.Runner.Envs = map[string]string{}
-		}
-		for _, split := range splits {
-			kv := strings.SplitN(split, ":", 2)
-			if len(kv) == 2 && kv[0] != "" {
-				cfg.Runner.Envs[kv[0]] = kv[1]
-			}
-		}
-	}
-	if v, ok := handleEnv("GITEA_RUNNER_ENV_FILE"); ok {
-		cfg.Runner.EnvFile = v
-	}
-}

internal/pkg/report/reporter.go

@@ -639,7 +639,7 @@ func (r *Reporter) handleCommand(originalContent, command, value string) *string
 }
 
 func (r *Reporter) parseLogRow(entry *log.Entry) *runnerv1.LogRow {
-	content := strings.TrimRightFunc(entry.Message, func(r rune) bool { return r == '\r' || r == '\n' })
+	content := strings.TrimRight(entry.Message, "\r\n")
 
 	matches := cmdRegex.FindStringSubmatch(content)
 	if matches != nil {