The result of a job can only be changed to FAILURE by the Close() function of the reporter under two conditions:
- If it is UNSPECIFIED
- If the context timeout
In all other cases it must be preserved. It is possible, for instance, for a job to be SKIPPED and be associated with an error message, e.g.
```
time="2025-08-20T21:02:07+02:00" level=trace msg="evaluating expression 'success()'" dryrun=false job="Test Action/job-1" jobID=job-1 matrix="map[]"
[Test Action/job-1] [DEBUG] evaluating expression 'success()'
time="2025-08-20T21:02:07+02:00" level=trace msg="expression 'success()' evaluated to 'true'" dryrun=false job="Test Action/job-1" jobID=job-1 matrix="map[]"
[Test Action/job-1] [DEBUG] expression 'success()' evaluated to 'true'
time="2025-08-20T21:02:07+02:00" level=trace msg="'runs-on' key not defined in Test Action/job-1" dryrun=false job="Test Action/job-1" jobID=job-1 matrix="map[]"
[Test Action/job-1] 'runs-on' key not defined in Test Action/job-1
[Test Action/job-1] [DEBUG] No steps found
```
Those errors show in the logs when a job is skipped, because the worflow is empty. But they are expected and to be ignored.
Refs forgejo/runner#895
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- bug fixes
- [PR](https://code.forgejo.org/forgejo/runner/pulls/896): <!--number 896 --><!--line 0 --><!--description Zml4OiBhbiBlcnJvciBmcm9tIGEgU0tJUFBFRCBqb2IgZG9lcyBub3QgdHJhbnNmb3JtIGl0IGludG8gYSBGQUlMVVJF-->fix: an error from a SKIPPED job does not transform it into a FAILURE<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/896
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.code.forgejo.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
- change the argument from string to error to differentiate
a timeout error
- when there is a timeout, display a message more descriptive than
"context deadline"
- always set the StoppedAt state value instead of only if the
result was unspecified: it is the last state update.
ctx & cancel are related and when cancel is called, the context is no
longer usable. Use the daemon context context to allow the reporter to
continue to operate and conclude the converation with the Forgejo
instance.
The daemon context is needed when the context of a job or the poller
is done. Otherwise it is no longer possible to send a conclusion
report to Forgejo, short of creating a context.Background() which
poses its own set of problems.
- WithDaemonContext is used to store the daemon context
- The poller uses the daemon context instead of context.Background
The other setting that asks you for a URL as input
does so while specifically stating it should have a
trailing slash. This commit adds similar
clarification to the other setting.
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- other
- [PR](https://code.forgejo.org/forgejo/runner/pulls/866): <!--number 866 --><!--line 0 --><!--description ZG9jczogQ2xhcmlmeSBhY3Rpb25zX2NhY2hlX3VybF9vcHRpb24gW3NraXAgY2FzY2FkZV0=-->docs: Clarify actions_cache_url_option [skip cascade]<!--description-->
<!--end release-notes-assistant-->
Co-authored-by: Shuroii <shuroii@local.local>
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/866
Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>
Co-authored-by: Shuroii <shuroii@noreply.code.forgejo.org>
Co-committed-by: Shuroii <shuroii@noreply.code.forgejo.org>
A multiline secret transformed into a single line by replacing with \ followed by n is also redacted.
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- bug fixes
- [PR](https://code.forgejo.org/forgejo/runner/pulls/845): <!--number 845 --><!--line 0 --><!--description Zml4KHNlY3VyaXR5KTogbXVsdGxpbmUgc2VjcmV0cyB0cml2aWFsbHkgdHJhbnNmb3JtZWQgYXJlIHJlZGFjdGVk-->fix(security): multline secrets trivially transformed are redacted<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/845
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.code.forgejo.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
[Raised on Forgejo](https://codeberg.org/forgejo/forgejo/issues/8803): when a runner is registered with spaces in the comma-separated label list, eg. ` "docker:docker://node:22-bookworm, self-hosted:host, lxc:lxc://debian:bookworm"`, the runner will currently get the labels `"docker"`, `" self-hosted"`, and `" lxc"` which causes unexpected confusion. Forgejo doesn't display the labels usefully, and targeting the runner with `runs-on` in an action would require an unexpected quoting (eg. `runs-on: " lxc"`).
As an alternative to fixing this in Forgejo's label display, two changes are present here:
- When registering labels via the CLI `--labels` option, or the interactive registering, automatically strip spaces around the commas in the comma-separated list.
- **Breaking**: During startup of the runner, label names that start/end with a space will be considered invalid, resulting in a logged error and the label being ignored:
```
WARN[2025-08-08T21:00:13-06:00] ignored invalid label " debian-latest:docker://node:current-bookworm" error="invalid label \" debian-latest\": starting or ending with a space is invalid"
```
This is a breaking change in behavior in the case that someone has registered a runner with spaces and modified their activities to use them after recognizing the problem. But I tend to think it's more likely that this change will *highlight* a misconfiguration and help someone fix it.
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- bug fixes
- [PR](https://code.forgejo.org/forgejo/runner/pulls/829): <!--number 829 --><!--line 0 --><!--description Zml4OiBwcmV2ZW50IHNwYWNlIHByZWZpeC9zdWZmaXggaW4gcnVubmVyIGxhYmVscw==-->fix: prevent space prefix/suffix in runner labels<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/829
Reviewed-by: Gusted <gusted@noreply.code.forgejo.org>
Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
It will be imported by Forgejo.
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- other
- [PR](https://code.forgejo.org/forgejo/runner/pulls/777): <!--number 777 --><!--line 0 --><!--description Y2hvcmU6IHRvIGFsbG93IHRoZSBydW5uZXIgdG8gYmUgaW1wb3J0ZWQsIHY5IG5lZWRzIHRvIGJlIGluIHRoZSBnbyBtb2R1bGU=-->chore: to allow the runner to be imported, v9 needs to be in the go module<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/777
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
keep it DRY
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner/-->
- other
- [PR](https://code.forgejo.org/forgejo/runner//pulls/759): <!--number 759 --><!--line 0 --><!--description Y2hvcmU6IGEgc2luZ2xlIHRlc3R1dGlscyBmb3IgYm90aCBhY3QgYW5kIHRoZSBydW5uZXI=-->chore: a single testutils for both act and the runner<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/759
Reviewed-by: fnetX <fnetx@noreply.code.forgejo.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
So that it can be used as a package. Not useful right away, but a precondition to merge the ACT repository into the runner repository.
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/747
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
testutils.MockVariable must be in a defer to restore the previous value.
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/701
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
So it does not panic if one is nil.
Closesforgejo/runner#146
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/684
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
go test -cover -coverprofile coverage.txt -v ./internal/pkg/report/...
go tool cover -html=coverage.txt -o coverage.html
xdg-open coverage.html
$ go run github.com/gregoryv/uncover/cmd/uncover@latest coverage.txt ReportLog
total: (statements) 100.0%
- do not try to mask a secret when a log line is received
- try to mask secrets before before sending a batch of log
lines to the Forgejo instance (every second)
- if masking a multiline secret needs more log lines to decide
if it needs to be masked, do not attempt to send anything to
the Forgejo instance, just wait until there are more log lines
Closesforgejo/runner#57
r.logOffset = ack
ack < r.logOffset+len(rows)
can be simplified as
len(rows) > 0
which is only false if there were no rows to send. It follows
that
if noMore && ack < r.logOffset+len(rows) {
is can be simplified as
if noMore {
is always true if rows were sent.
The intent was apparently to return on error and retry if only
part of the rows were sent but not all of them. To achieve that
the expression is replaced with:
if noMore && len(r.logRows) > 0 {
- the longest secret is masked first
- multiline secrets are masked before single line secrets
- O(multiline * log rows) to not degrade performances when there are
no multiline secrets
the context sent from the Forgejo instance is expected to have
gitea_default_actions_url
gitea_runtime_token
add support for
forgejo_default_actions_url
forgejo_runtime_token
as well so that future Forgejo versions can make the change.
--add-host name not work depending on the network mode chosen.
Closesforgejo/runner#213
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/630
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
- Forgejo (since v8, 38ea77ebbe) does not use the value of this header, it was [introduced in v1.20](371520d7ab).
- Older forgejo version than v8 handle it gracefully if this value is not sent.
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/496
Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
This is the forgejo-runner-side patch for a partial overhaul of the cache system to fix some access control issues with caches.
This code depends on changes in act which are being reviewed here: forgejo/act#107
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/502
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/503
Reviewed-by: Gusted <gusted@noreply.code.forgejo.org>
Co-authored-by: Kwonunn <kwonunnx@gmail.com>
Co-committed-by: Kwonunn <kwonunnx@gmail.com>
bufbuild/connect-go was archived with maintenance transferred to the
ConnectRPC organization. Gitea's protobuf library for actions now uses
the ConnectRPC dependency as of v0.4.0, removing the need to continue
using the dead package.
When receiving a signal (INT or TERM) wait for running jobs to
complete instead of terminating them right away.
The new shutdown_timeout configuration setting can be used to force
the termination after a grace delay. If not specified or zero it will
shutdown immediately, for backward compatibility. It will be the case
with existing configuration files or when a configuration file is not
specified.
The config.yml created with the generate-config subcommand will
however default shutdown_timeout to 3h (same as timeout) because it is
likely what a new admin would expect: shutting down waits for jobs to
complete and not abort them.
If a job is detected as skipped, its steps should also be `skipped`.
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-on: https://gitea.com/gitea/act_runner/pulls/500
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>
(cherry picked from commit 45270656dfb7a0c8b382df3a9e8a212dbe5615d8)
Needs https://github.com/go-gitea/gitea/pull/28885 to provide jwt if sent by server
Could fix#459, but that has not been verified.
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-on: https://gitea.com/gitea/act_runner/pulls/471
Reviewed-by: delvh <dev.lh@web.de>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Christopher Homberger <christopher.homberger@web.de>
Co-committed-by: Christopher Homberger <christopher.homberger@web.de>
(cherry picked from commit e6630e2e369f41fc9d9f9e570610611da18dda1d)
I accidently closed my previous PR #384
This PR replaces invalid UTF-8 character in a stream with `?` character. On Windows Server 2019 other characters are replaced by `?` as well so it's consistent.
fixes#452
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-on: https://gitea.com/gitea/act_runner/pulls/453
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: hakito <hakito@noreply.gitea.com>
Co-committed-by: hakito <hakito@noreply.gitea.com>
(cherry picked from commit daf52d0e628d2d57b9f50a2556e404a3f05c34aa)
