upgrade to yaml v4 rc.3 because action lint depends on rc.3

upgrade act
Upgrade yaml
2026-03-28 09:45:04 +01:00 · 2026-03-27 21:20:59 -07:00 · 2026-03-27 20:43:49 -07:00 · 2026-03-27 20:20:09 -07:00 · 2026-03-26 20:07:22 +00:00 · 2026-03-03 10:15:06 +00:00
6 changed files with 58 additions and 42 deletions
--- a/.gitea/workflows/release-tag.yml
+++ b/.gitea/workflows/release-tag.yml
@@ -39,6 +39,15 @@ jobs:
          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
  release-image:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        variant:
          - target: basic
            tag_suffix: ""
          - target: dind
            tag_suffix: "-dind"
          - target: dind-rootless
            tag_suffix: "-dind-rootless"
    container:
      image: catthehacker/ubuntu:act-latest
    env:
@@ -62,50 +71,33 @@ jobs:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
-      - name: Get Meta
+      - name: Repo Meta
-        id: meta
+        id: repo_meta
        run: |
          echo REPO_NAME=$(echo ${GITHUB_REPOSITORY} | awk -F"/" '{print $2}') >> $GITHUB_OUTPUT
-          echo REPO_VERSION=${GITHUB_REF_NAME#v} >> $GITHUB_OUTPUT
+
      - name: "Docker meta"
        id: docker_meta
        uses: https://github.com/docker/metadata-action@v5
        with:
          images: |
            ${{ env.DOCKER_ORG }}/${{ steps.repo_meta.outputs.REPO_NAME }}
          tags: |
            type=semver,pattern={{major}}.{{minor}}.{{patch}}
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}
          flavor: |
            latest=true
            suffix=${{ matrix.variant.tag_suffix }},onlatest=true
      - name: Build and push
        uses: docker/build-push-action@v6
        with:
          context: .
          file: ./Dockerfile
-          target: basic
+          target: ${{ matrix.variant.target }}
          platforms: |
            linux/amd64
            linux/arm64
          push: true
-          tags: |
+          tags: ${{ steps.docker_meta.outputs.tags }}
            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}
            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}
      - name: Build and push dind
        uses: docker/build-push-action@v6
        with:
          context: .
          file: ./Dockerfile
          target: dind
          platforms: |
            linux/amd64
            linux/arm64
          push: true
          tags: |
            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}-dind
            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}-dind
      - name: Build and push dind-rootless
        uses: docker/build-push-action@v6
        with:
          context: .
          file: ./Dockerfile
          target: dind-rootless
          platforms: |
            linux/amd64
            linux/arm64
          push: true
          tags: |
            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}-dind-rootless
            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}-dind-rootless
--- a/go.mod
+++ b/go.mod
@@ -14,6 +14,7 @@ require (
 	github.com/sirupsen/logrus v1.9.4
 	github.com/spf13/cobra v1.10.2
 	github.com/stretchr/testify v1.11.1
 	go.yaml.in/yaml/v4 v4.0.0-rc.3
 	golang.org/x/term v0.40.0
 	golang.org/x/time v0.14.0
 	google.golang.org/protobuf v1.36.11
@@ -21,8 +22,6 @@ require (
 	gotest.tools/v3 v3.5.2
 )
 require go.yaml.in/yaml/v4 v4.0.0-rc.3
 require (
 	cyphar.com/go-pathrs v0.2.3 // indirect
 	dario.cat/mergo v1.0.2 // indirect
@@ -110,7 +109,7 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
-replace github.com/nektos/act => gitea.com/gitea/act v0.261.8
+replace github.com/nektos/act => gitea.com/gitea/act v0.261.10
 // Remove after github.com/docker/distribution is updated to support distribution/reference v0.6.0
 // (pulled in via moby/buildkit, breaks on undefined: reference.SplitHostname)
--- a/go.sum
+++ b/go.sum
@@ -8,8 +8,8 @@ cyphar.com/go-pathrs v0.2.3 h1:0pH8gep37wB0BgaXrEaN1OtZhUMeS7VvaejSr6i822o=
 cyphar.com/go-pathrs v0.2.3/go.mod h1:y8f1EMG7r+hCuFf/rXsKqMJrJAUoADZGNh5/vZPKcGc=
 dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8=
 dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA=
-gitea.com/gitea/act v0.261.8 h1:rUWB5GOZOubfe2VteKb7XP3HRIbcW3UUmfh7bVAgQcA=
+gitea.com/gitea/act v0.261.10 h1:ndwbtuMXXz1dpYF2iwY1/PkgKNETo4jmPXfinTZt8cs=
-gitea.com/gitea/act v0.261.8/go.mod h1:lTp4136rwbZiZS3ZVQeHCvd4qRAZ7LYeiRBqOSdMY/4=
+gitea.com/gitea/act v0.261.10/go.mod h1:oIkqQHvU0lfuIWwcpqa4FmU+t3prA89tgkuHUTsrI2c=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
 github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
--- a/internal/app/run/runner.go
+++ b/internal/app/run/runner.go
@@ -8,6 +8,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"maps"
 	"os"
 	"path/filepath"
 	"strings"
 	"sync"
@@ -154,6 +155,7 @@ func (r *Runner) run(ctx context.Context, task *runnerv1.Task, reporter *report.
 		Event:           taskContext["event"].GetStructValue().AsMap(),
 		RunID:           taskContext["run_id"].GetStringValue(),
 		RunNumber:       taskContext["run_number"].GetStringValue(),
 		RunAttempt:      taskContext["run_attempt"].GetStringValue(),
 		Actor:           taskContext["actor"].GetStringValue(),
 		Repository:      taskContext["repository"].GetStringValue(),
 		EventName:       taskContext["event_name"].GetStringValue(),
@@ -196,11 +198,18 @@ func (r *Runner) run(ctx context.Context, task *runnerv1.Task, reporter *report.
 		maxLifetime = time.Until(deadline)
 	}
 	workdirParent := strings.TrimLeft(r.cfg.Container.WorkdirParent, "/")
 	if r.cfg.Container.BindWorkdir {
 		// Append the task ID to isolate concurrent jobs from the same repo.
 		workdirParent = fmt.Sprintf("%s/%d", workdirParent, task.Id)
 	}
 	workdir := filepath.FromSlash(fmt.Sprintf("/%s/%s", workdirParent, preset.Repository))
 	runnerConfig := &runner.Config{
 		// On Linux, Workdir will be like "/<parent_directory>/<owner>/<repo>"
 		// On Windows, Workdir will be like "\<parent_directory>\<owner>\<repo>"
-		Workdir:        filepath.FromSlash(fmt.Sprintf("/%s/%s", strings.TrimLeft(r.cfg.Container.WorkdirParent, "/"), preset.Repository)),
+		Workdir:        workdir,
-		BindWorkdir:    false,
+		BindWorkdir:    r.cfg.Container.BindWorkdir,
 		ActionCacheDir: filepath.FromSlash(r.cfg.Host.WorkdirParent),
 		ReuseContainers:       false,
@@ -245,6 +254,15 @@ func (r *Runner) run(ctx context.Context, task *runnerv1.Task, reporter *report.
 	execErr := executor(ctx)
 	reporter.SetOutputs(job.Outputs)
 	if r.cfg.Container.BindWorkdir {
 		// Remove the entire task-specific directory (e.g. /workspace/<task_id>).
 		taskDir := filepath.FromSlash("/" + workdirParent)
 		if err := os.RemoveAll(taskDir); err != nil {
 			log.Warnf("failed to clean up workspace %s: %v", taskDir, err)
 		}
 	}
 	return execErr
 }
--- a/internal/pkg/config/config.example.yaml
+++ b/internal/pkg/config/config.example.yaml
@@ -103,6 +103,12 @@ container:
  require_docker: false
  # Timeout to wait for the docker daemon to be reachable, if docker is required by require_docker or act_runner
  docker_timeout: 0s
  # Bind the workspace to the host filesystem instead of using Docker volumes.
  # This is required for Docker-in-Docker (DinD) setups when jobs use docker compose
  # with bind mounts (e.g., ".:/app"), as volume-based workspaces are not accessible
  # from the DinD daemon's filesystem. When enabled, ensure the workspace parent
  # directory is also mounted into the runner container and listed in valid_volumes.
  bind_workdir: false
 host:
  # The parent directory of a job's working directory.
--- a/internal/pkg/config/config.go
+++ b/internal/pkg/config/config.go
@@ -57,6 +57,7 @@ type Container struct {
 	ForceRebuild  bool          `yaml:"force_rebuild"`  // Rebuild docker image(s) even if already present
 	RequireDocker bool          `yaml:"require_docker"` // Always require a reachable docker daemon, even if not required by act_runner
 	DockerTimeout time.Duration `yaml:"docker_timeout"` // Timeout to wait for the docker daemon to be reachable, if docker is required by require_docker or act_runner
 	BindWorkdir   bool          `yaml:"bind_workdir"`   // BindWorkdir binds the workspace to the host filesystem instead of using Docker volumes. Required for DinD when jobs use docker compose with bind mounts.
 }
 // Host represents the configuration for the host.
Author	SHA1	Message	Date
Lunny Xiao	3451fdd861	upgrade to yaml v4 rc.3 because action lint depends on rc.3	2026-03-27 21:20:59 -07:00
Lunny Xiao	09905db9ae	upgrade act	2026-03-27 20:43:49 -07:00
Lunny Xiao	c92963c030	Upgrade yaml	2026-03-27 20:20:09 -07:00
Zettat123	505907eb2a	Add `run_attempt` to context (#632 ) Blocked by https://gitea.com/gitea/act/pulls/126 Fix https://github.com/go-gitea/gitea/issues/33135 --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-on: https://gitea.com/gitea/act_runner/pulls/632 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Zettat123 <zettat123@gmail.com> Co-committed-by: Zettat123 <zettat123@gmail.com>	2026-03-26 20:07:22 +00:00
silverwind	9933ea0d92	feat: add configurable bind_workdir option with workspace cleanup for DinD setups (#810 ) ## Summary Adds a `container.bind_workdir` config option that exposes the nektos/act `BindWorkdir` setting. When enabled, workspaces are bind-mounted from the host filesystem instead of Docker volumes, which is required for DinD setups where jobs use `docker compose` with bind mounts (e.g. `.:/app`). Each job gets an isolated workspace at `/workspace/<task_id>/<owner>/<repo>` to prevent concurrent jobs from the same repo interfering with each other. The task directory is cleaned up after job execution. ### Configuration ```yaml container: bind_workdir: true ``` When using this with DinD, also mount the workspace parent into the runner container and add it to `valid_volumes`: ```yaml container: valid_volumes: - /workspace/** ``` This PR was authored by Claude (AI assistant) Reviewed-on: https://gitea.com/gitea/act_runner/pulls/810 Reviewed-by: ChristopherHX <38043+christopherhx@noreply.gitea.com> Co-authored-by: silverwind <me@silverwind.io> Co-committed-by: silverwind <me@silverwind.io>	2026-03-03 10:15:06 +00:00
RoboMagus	5dd5436169	Semver tags for Docker images (#720 ) The main Gitea docker image is already distributed with proper semver tags, such that users can pin to e.g. the minor version and still pull in patch releases. This is something that has been lacking on the act runner images. This PR expands the docker image tag versioning strategy such that when `v0.2.13` is released the following image tags are produced: Basic: - `0` - `0.2` - `0.2.13` - `latest` DinD: - `0-dind` - `0.2-dind` - `0.2.13-dind` - `latest-dind` DinD-Rootless: - `0-dind-rootless` - `0.2-dind-rootless` - `0.2.13-dind-rootless` - `latest-dind-rootless` To verify the `docker/metadata-action` produces the expected results in a Gitea workflow environment I've executed a release workflow. Results can be seen in [this run](https://gitea.com/RoboMagus/gitea_act_runner/actions/runs/14). (Note though that as the repository name of my fork changed from `act_runner` to `gitea_act_runner` this is reflected in the produced docker tags in this test run!) --------- Co-authored-by: RoboMagus <68224306+RoboMagus@users.noreply.github.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@noreply.gitea.com> Reviewed-on: https://gitea.com/gitea/act_runner/pulls/720 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: RoboMagus <robomagus@noreply.gitea.com> Co-committed-by: RoboMagus <robomagus@noreply.gitea.com>	2026-02-25 19:09:53 +00:00