Merge branch 'main' into nin/token-file

Added environment variable `RUNNER_STATE_FILE` to let users specify
where `run.sh` looks for the runner JSON file. Defaults to ``.runner``
to preserve the original behavior.

Addresses issue #368. It's not my preferred solution but it's the least invasive one I can think of.

I'm happy to make any changes you want.

I didn't see an appropriate place to reference the change in the documentation. I will add documentation wherever you think is appropriate.

To test this I did the following:
* Built an image with the `make docker` command and pushed it to my private registry.
* Added that private image as the image in my existing docker stack that was exhibiting the behavior described in #368.
* Added the RUNNER_STATE_FILE environment variable pointing to the runner JSON file set in my `config.yml` (``/data/runner.json`` in this case).
* Configured a new runner in gitea and added the token as an environment variable in the stack config.
* Deployed the stack and verified the new runner was recognized (in the idle state).
* Force updated the runner service to restart the container.
* Verified the same runner was still recognized in gitea (in the idle state) once it was back up and running.

Here is the relevant config. It's stored as a template so I've left the things that would normally be redacted as they are in the template.

```
    runner:
     image: hub.hax.in.net/haxwithaxe/act_runner:dev1
      networks:
        - swarm-net
      environment:
       RUNNER_STATE_FILE: /data/runner.json
        CONFIG_FILE: /data/config.yml
        GITEA_INSTANCE_URL: "https://git_gitea"
        GITEA_RUNNER_REGISTRATION_TOKEN: "{{ git_runner_reg_token }}"
        GITEA_RUNNER_NAME: "git_runner"
      volumes:
        - runner_data:/data
        - /var/run/docker.sock:/var/run/docker.sock
```

`runner_data` is a glusterfs subvolume

Thanks for creating this gitea specific fork. Apart from the issue this pull request addresses it works so well I don't have to think about it once it's set up.

Co-authored-by: haxwithaxe <spam@haxwithaxe.net>
Reviewed-on: https://gitea.com/gitea/act_runner/pulls/377
Co-authored-by: haxwithaxe <haxwithaxe@noreply.gitea.com>
Co-committed-by: haxwithaxe <haxwithaxe@noreply.gitea.com>

examples/docker-compose/README.md

@@ -18,6 +18,29 @@
       - GITEA_INSTANCE_URL=<instance url>
       # When using Docker Secrets, it's also possible to use
       # GITEA_RUNNER_REGISTRATION_TOKEN_FILE to pass the location.
-      # The env var takes precedence
+      # The env var takes precedence.
+      # Needed only for the first start.
+      - GITEA_RUNNER_REGISTRATION_TOKEN=<registration token>
+```
+
+### Running `act_runner` using Docker-in-Docker (DIND) 
+
+```yml
+...
+  runner:
+    image: gitea/act_runner:latest-dind-rootless
+    restart: always
+    privileged: true
+    depends_on:
+      - gitea
+    volumes:
+      - ./data/act_runner:/data
+    environment:
+      - GITEA_INSTANCE_URL=<instance url>
+      - DOCKER_HOST=unix:///var/run/user/1000/docker.sock
+      # When using Docker Secrets, it's also possible to use
+      # GITEA_RUNNER_REGISTRATION_TOKEN_FILE to pass the location.
+      # The env var takes precedence.
+      # Needed only for the first start.
       - GITEA_RUNNER_REGISTRATION_TOKEN=<registration token>
 ```

examples/kubernetes/rootless-docker.yaml

@@ -41,6 +41,8 @@ spec:
       - name: runner-data
         persistentVolumeClaim:
           claimName: act-runner-vol
+      securityContext:
+        fsGroup: 1000
       containers:
       - name: runner
         image: gitea/act_runner:nightly-dind-rootless

internal/app/cmd/cmd.go

@@ -37,6 +37,7 @@ func Execute(ctx context.Context) {
 	registerCmd.Flags().BoolVar(&regArgs.NoInteractive, "no-interactive", false, "Disable interactive mode")
 	registerCmd.Flags().StringVar(&regArgs.InstanceAddr, "instance", "", "Gitea instance address")
 	registerCmd.Flags().StringVar(&regArgs.Token, "token", "", "Runner token")
+	registerCmd.Flags().StringVar(&regArgs.TokenFile, "token-file", "", "Path to a file containing the runner token")
 	registerCmd.Flags().StringVar(&regArgs.RunnerName, "name", "", "Runner name")
 	registerCmd.Flags().StringVar(&regArgs.Labels, "labels", "", "Runner tags, comma separated")
 	rootCmd.AddCommand(registerCmd)

internal/app/cmd/register.go

@@ -73,6 +73,7 @@ type registerArgs struct {
 	NoInteractive bool
 	InstanceAddr  string
 	Token         string
+	TokenFile     string
 	RunnerName    string
 	Labels        string
 }
@@ -250,13 +251,26 @@ func printStageHelp(stage registerStage) {
 }
 
 func registerNoInteractive(ctx context.Context, configFile string, regArgs *registerArgs) error {
+	var token string
 	cfg, err := config.LoadDefault(configFile)
 	if err != nil {
 		return err
 	}
+	if regArgs.Token == "" && regArgs.TokenFile == "" {
+		return fmt.Errorf("Missing Token argument. token or token-file should be set.")
+	}
+	if regArgs.TokenFile != "" {
+		token_bytes, err := os.ReadFile(regArgs.TokenFile)
+		if err != nil {
+			return fmt.Errorf("Cannot read the token file: %s", regArgs.TokenFile, err)
+		}
+		token = string(token_bytes)
+	} else {
+		token = regArgs.Token
+	}
 	inputs := &registerInputs{
 		InstanceAddr: regArgs.InstanceAddr,
-		Token:        regArgs.Token,
+		Token:        token,
 		RunnerName:   regArgs.RunnerName,
 		Labels:       defaultLabels,
 	}

scripts/run.sh

@@ -6,6 +6,8 @@ fi
 
 cd /data
 
+RUNNER_STATE_FILE=${RUNNER_STATE_FILE:-'.runner'}
+
 CONFIG_ARG=""
 if [[ ! -z "${CONFIG_FILE}" ]]; then
   CONFIG_ARG="--config ${CONFIG_FILE}"
@@ -21,8 +23,9 @@ if [[ -z "${GITEA_RUNNER_REGISTRATION_TOKEN}" ]] && [[ -f "${GITEA_RUNNER_REGIST
 fi
 
 # Use the same ENV variable names as https://github.com/vegardit/docker-gitea-act-runner
+test -f "$RUNNER_STATE_FILE" || echo "$RUNNER_STATE_FILE is missing or not a regular file"
 
-if [[ ! -s .runner ]]; then
+if [[ ! -s "$RUNNER_STATE_FILE" ]]; then
   try=$((try + 1))
   success=0