Merge branch 'main' into nin/token-file

2025-12-19 12:34:47 +00:00 · 2024-09-12 03:24:18 +00:00 · 2023-10-15 23:23:44 +00:00 · 2023-10-15 23:20:03 +00:00 · 2023-09-25 13:23:50 +02:00
11 changed files with 36 additions and 39 deletions
--- a/.gitea/workflows/release-nightly.yml
+++ b/.gitea/workflows/release-nightly.yml
@@ -17,9 +17,10 @@ jobs:
        with:
          go-version-file: "go.mod"
      - name: goreleaser
-        uses: goreleaser/goreleaser-action@v6
+        uses: goreleaser/goreleaser-action@v5
        with:
          distribution: goreleaser-pro
+          version: latest
          args: release --nightly
        env:
          GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
--- a/.gitea/workflows/release-tag.yml
+++ b/.gitea/workflows/release-tag.yml
@@ -23,9 +23,10 @@ jobs:
          passphrase: ${{ secrets.PASSPHRASE }}
          fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
      - name: goreleaser
-        uses: goreleaser/goreleaser-action@v6
+        uses: goreleaser/goreleaser-action@v5
        with:
          distribution: goreleaser-pro
+          version: latest
          args: release
        env:
          GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -1,5 +1,3 @@
-version: 2
-
 before:
  hooks:
    - go mod tidy
@@ -83,7 +81,7 @@ blobs:
    provider: s3
    bucket: "{{ .Env.S3_BUCKET }}"
    region: "{{ .Env.S3_REGION }}"
-    directory: "act_runner/{{.Version}}"
+    folder: "act_runner/{{.Version}}"
    extra_files:
      - glob: ./**.xz
      - glob: ./**.sha256
@@ -99,10 +97,10 @@ checksum:
      - glob: ./**.xz

 snapshot:
-  version_template: "{{ .Branch }}-devel"
+  name_template: "{{ .Branch }}-devel"

 nightly:
-  version_template: "nightly"
+  name_template: "nightly"

 gitea_urls:
  api: https://gitea.com/api/v1
--- a/4
+++ b/4
@@ -1,4 +1,4 @@
-FROM golang:1.23-alpine AS builder
+FROM golang:1.21-alpine3.18 as builder
 # Do not remove `git` here, it is required for getting runner version when executing `make build`
 RUN apk add --no-cache make git

@@ -7,7 +7,7 @@ WORKDIR /opt/src/act_runner

 RUN make clean && make build

-FROM alpine
+FROM alpine:3.18
 RUN apk add --no-cache git bash tini

 COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@@ -1,4 +1,4 @@
-FROM golang:1.23-alpine AS builder
+FROM golang:1.21-alpine3.18 as builder
 # Do not remove `git` here, it is required for getting runner version when executing `make build`
 RUN apk add --no-cache make git

--- a/examples/docker-compose/README.md
+++ b/examples/docker-compose/README.md
@@ -5,22 +5,12 @@
  gitea:
    image: gitea/gitea
    ...
-    healthcheck:
-      # checks availability of Gitea's front-end with curl
-      test: ["CMD", "curl", "-f", "<instance_url>"]
-      interval: 10s
-      retries: 3
-      start_period: 30s
-      timeout: 10s

  runner:
    image: gitea/act_runner
    restart: always
    depends_on:
-      gitea:
-        # required so runner can attach to gitea, see "healthcheck"
-        condition: service_healthy 
-        restart: true
+      - gitea
    volumes:
      - ./data/act_runner:/data
      - /var/run/docker.sock:/var/run/docker.sock
--- a/examples/vm/rootless-docker.md
+++ b/examples/vm/rootless-docker.md
@@ -11,7 +11,6 @@ As `root`:
 ```bash
 useradd -m rootless
 passwd rootless
- apt-get install -y uidmap # Not mentioned but needed for docker rootless.
 ```

 - Install [`docker-ce`](https://docs.docker.com/engine/install/)
@@ -22,19 +21,12 @@ As `root`:
 As the `rootless` user:

 - Follow the instructions for [enabling rootless mode](https://docs.docker.com/engine/security/rootless/)
- Add the following line to the `/home/rootless/.bashrc`:
-
-```bash
-for f in ./.bashrc.d/*.bash; do echo "Processing $f file..."; . "$f"; done
-```
-
- Create the .bashrc.d directory `mkdir ~/.bashrc.d`
- Add the following lines to the `/home/rootless/.bashrc.d/rootless-docker.bash`:
+- Add the following lines to the `/home/rootless/.bashrc`:

 ```bash
 export XDG_RUNTIME_DIR=/home/rootless/.docker/run
 export PATH=/home/rootless/bin:$PATH
-export DOCKER_HOST=unix:///run/user/$(id -u)/docker.sock
+ export DOCKER_HOST=unix:///run/user/1001/docker.sock
 ```

 - Reboot. Ensure that the Docker process is working.
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module gitea.com/gitea/act_runner

-go 1.23
+go 1.22

 require (
 	code.gitea.io/actions-proto-go v0.4.0
@@ -98,4 +98,4 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )

-replace github.com/nektos/act => gitea.com/gitea/act v0.261.3
+replace github.com/nektos/act => gitea.com/gitea/act v0.261.1
--- a/go.sum
+++ b/go.sum
@@ -6,8 +6,8 @@ connectrpc.com/connect v1.16.2 h1:ybd6y+ls7GOlb7Bh5C8+ghA6SvCBajHwxssO2CGFjqE=
 connectrpc.com/connect v1.16.2/go.mod h1:n2kgwskMHXC+lVqb18wngEpF95ldBHXjZYJussz5FRc=
 dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
 dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
-gitea.com/gitea/act v0.261.3 h1:BhiYpGJQKGq0XMYYICCYAN4KnsEWHyLbA6dxhZwFcV4=
-gitea.com/gitea/act v0.261.3/go.mod h1:Pg5C9kQY1CEA3QjthjhlrqOC/QOT5NyWNjOjRHw23Ok=
+gitea.com/gitea/act v0.261.1 h1:iACWLc/k8wct9fCF2WdYKqn2Hxx6NjW9zbOP79HF4H4=
+gitea.com/gitea/act v0.261.1/go.mod h1:Pg5C9kQY1CEA3QjthjhlrqOC/QOT5NyWNjOjRHw23Ok=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
--- a/internal/app/cmd/cmd.go
+++ b/internal/app/cmd/cmd.go
@@ -37,6 +37,7 @@ func Execute(ctx context.Context) {
 	registerCmd.Flags().BoolVar(&regArgs.NoInteractive, "no-interactive", false, "Disable interactive mode")
 	registerCmd.Flags().StringVar(&regArgs.InstanceAddr, "instance", "", "Gitea instance address")
 	registerCmd.Flags().StringVar(&regArgs.Token, "token", "", "Runner token")
+	registerCmd.Flags().StringVar(&regArgs.TokenFile, "token-file", "", "Path to a file containing the runner token")
 	registerCmd.Flags().StringVar(&regArgs.RunnerName, "name", "", "Runner name")
 	registerCmd.Flags().StringVar(&regArgs.Labels, "labels", "", "Runner tags, comma separated")
 	rootCmd.AddCommand(registerCmd)
--- a/internal/app/cmd/register.go
+++ b/internal/app/cmd/register.go
@@ -73,6 +73,7 @@ type registerArgs struct {
 	NoInteractive bool
 	InstanceAddr  string
 	Token         string
+	TokenFile     string
 	RunnerName    string
 	Labels        string
 }
@@ -249,13 +250,26 @@ func printStageHelp(stage registerStage) {
 }

 func registerNoInteractive(ctx context.Context, configFile string, regArgs *registerArgs) error {
+	var token string
 	cfg, err := config.LoadDefault(configFile)
 	if err != nil {
 		return err
 	}
+	if regArgs.Token == "" && regArgs.TokenFile == "" {
+		return fmt.Errorf("Missing Token argument. token or token-file should be set.")
+	}
+	if regArgs.TokenFile != "" {
+		token_bytes, err := os.ReadFile(regArgs.TokenFile)
+		if err != nil {
+			return fmt.Errorf("Cannot read the token file: %s", regArgs.TokenFile, err)
+		}
+		token = string(token_bytes)
+	} else {
+		token = regArgs.Token
+	}
 	inputs := &registerInputs{
 		InstanceAddr: regArgs.InstanceAddr,
-		Token:        regArgs.Token,
+		Token:        token,
 		RunnerName:   regArgs.RunnerName,
 		Labels:       defaultLabels,
 	}
Author	SHA1	Message	Date
techknowlogick	ec452cab09	Merge branch 'main' into nin/token-file	2024-09-12 03:24:18 +00:00
techknowlogick	ac5c25b19e	Merge branch 'main' into nin/token-file	2023-10-15 23:23:44 +00:00
techknowlogick	d7f0a906cb	Merge branch 'main' into nin/token-file	2023-10-15 23:20:03 +00:00
Félix Baylac Jacqué	c7f39de3a8	Register: add --token-file flag At the moment, the only way to pass the secret Gitea token to the runner CLI is directly through a CLI parameter. That's an issue on a multi-user system where the CLI parameters are world-readable through /proc/PID/cmdline. On a Linux system, there's sadly no way to hide the cmdline parameters. We usually go around this limitation by storing the secrets in a file and protect it through tight ACL rules. Adding a way to inject the secret token via a file during the register command. As a nice side-effect, this improves the systemd integration by allowing us to directly use the LoadCredential mechanism.	2023-09-25 13:23:50 +02:00