This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [code.forgejo.org/forgejo/runner](https://forgejo.org) ([source](https://code.forgejo.org/forgejo/runner)) | major | `9.1.1` -> `11.0.0` |
| [forgejo/runner](https://code.forgejo.org/forgejo/runner) | major | `10.0.1` -> `11.0.0` |
---
### Release Notes
<details>
<summary>forgejo/runner (code.forgejo.org/forgejo/runner)</summary>
### [`v11.0.0`](https://code.forgejo.org/forgejo/runner/releases/tag/v11.0.0)
[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v10.0.1...v11.0.0)
- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)
Release Notes
The breaking change in this release is not technical, it is the change of the license which is now GPLv3-or-later.
- [PR](https://code.forgejo.org/forgejo/runner/pulls/773): <!--number 773 --><!--line 0 --><!--description Y2hvcmU6IGNoYW5nZSB0aGUgbGljZW5zZSB0byBHUEx2My1vci1sYXRlcg==-->chore: change the license to GPLv3-or-later<!--description-->
***
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- bug fixes
- [PR](https://code.forgejo.org/forgejo/runner/pulls/935): <!--number 935 --><!--line 0 --><!--description Zml4OiBzaHV0ZG93biB0aGUgcnVubmVyIHdoZW4gIHRoZSBjYWNoZSBmYWlscyB3aXRoIGEgbm9uIHJlY292ZXJhYmxlIGVycm9y-->fix: shutdown the runner when the cache fails with a non recoverable error<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/948): <!--number 948 --><!--line 0 --><!--description Zml4OiBhbHNvIGNhc2NhZGUgaWYgcnVuLSotdGVzdCBpcyBzZXQgd2hlbiB0aGUgUFIgaXMgb3Blbg==-->fix: also cascade if run-\*-test is set when the PR is open<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/946): <!--number 946 --><!--line 0 --><!--description Zml4OiBncmFjZWZ1bCBzaHV0ZG93biBvZiB0YXNrcyBiZWluZyBpbnRlcnJ1cHRlZCBieSBzaWduYWw=-->fix: graceful shutdown of tasks being interrupted by signal<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/943): <!--number 943 --><!--line 0 --><!--description Zml4OiBseGMtc3lzdGVtZCBleGFtcGxlOiBleHBvcnQgSU5QVVRTX1NFUklBTA==-->fix: lxc-systemd example: export INPUTS\_SERIAL<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/941): <!--number 941 --><!--line 0 --><!--description Zml4OiBhbGxvdyBpbnB1dHMgY29udGV4dCBpbiBhY3Rpb24gZGVmYXVsdHM=-->fix: allow inputs context in action defaults<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/931): <!--number 931 --><!--line 0 --><!--description Zml4OiBhbiBleHByZXNzaW9uIGluIHdpdGg6IGZvciBhIHJldXNhYmxlIHdvcmtmbG93IGNhbGwgY2FuIHVzZSBlbnY=-->fix: an expression in with: for a reusable workflow call can use env<!--description-->
- other
- [PR](https://code.forgejo.org/forgejo/runner/pulls/951): <!--number 951 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvdGltZSB0byB2MC4xMy4w-->Update module golang.org/x/time to v0.13.0<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/950): <!--number 950 --><!--line 0 --><!--description UmV2ZXJ0ICJmaXg6IGFsc28gY2FzY2FkZSBpZiBydW4tKi10ZXN0IGlzIHNldCB3aGVuIHRoZSBQUiBpcyBvcGVuICgjOTQ4KSI=-->Revert "fix: also cascade if run-\*-test is set when the PR is open ([#​948](https://github.com/forgejo/runner/issues/948))"<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/945): <!--number 945 --><!--line 0 --><!--description VXBkYXRlIGNvZGUuZm9yZ2Vqby5vcmcvZm9yZ2Vqby9mb3JnZWpvIERvY2tlciB0YWcgdG8gdjExLjAuNQ==-->Update code.forgejo.org/forgejo/forgejo Docker tag to v11.0.5<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/942): <!--number 942 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2RvY2tlci9kb2NrZXIgdG8gdjI4LjQuMCtpbmNvbXBhdGlibGU=-->Update module github.com/docker/docker to v28.4.0+incompatible<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/773): <!--number 773 --><!--line 0 --><!--description Y2hvcmU6IGNoYW5nZSB0aGUgbGljZW5zZSB0byBHUEx2My1vci1sYXRlcg==-->chore: change the license to GPLv3-or-later<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/940): <!--number 940 --><!--line 0 --><!--description Y2hvcmU6IGJ1bXAgdmVyc2lvbiB0byB2MTE=-->chore: bump version to v11<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/936): <!--number 936 --><!--line 0 --><!--description cmVmYWN0b3I6IHJlbW92ZSBkdXBsaWNhdGUgY29tcHV0ZU1hYyBmdW5jdGlvbg==-->refactor: remove duplicate computeMac function<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/938): <!--number 938 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2RvY2tlci9jbGkgdG8gdjI4LjQuMCtpbmNvbXBhdGlibGU=-->Update module github.com/docker/cli to v28.4.0+incompatible<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/934): <!--number 934 --><!--line 0 --><!--description Y2hvcmU6IHJlZmFjdG9yIGFjdC9hcnRpZmFjdGNhY2hlIEhhbmRsZXIgdG8gYW4gaW50ZXJmYWNl-->chore: refactor act/artifactcache Handler to an interface<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/933): <!--number 933 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjQuNw==-->Update dependency go to v1.24.7<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/932): <!--number 932 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3NwZjEzL3BmbGFnIHRvIHYxLjAuMTA=-->Update module github.com/spf13/pflag to v1.0.10<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/930): <!--number 930 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3NwZjEzL2NvYnJhIHRvIHYxLjEwLjE=-->Update module github.com/spf13/cobra to v1.10.1<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/928): <!--number 928 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9ydW5uZXIgdG8gdjEw-->Update dependency forgejo/runner to v10<!--description-->
<!--end release-notes-assistant-->
### [`v10.0.1`](https://code.forgejo.org/forgejo/runner/releases/tag/v10.0.1)
[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v10.0.0...v10.0.1)
- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)
Release Notes
***
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- bug fixes
- [PR](https://code.forgejo.org/forgejo/runner/pulls/927): <!--number 927 --><!--line 0 --><!--description Zml4OiBwdWxsX3JlcXVlc3RfdGFyZ2V0IGV2ZW50cyBjYW4gc2hhcmUgdGhlIGNhY2hlIG9mIHRoZSByZXBvc2l0b3J5-->fix: pull\_request\_target events can share the cache of the repository<!--description-->
<!--end release-notes-assistant-->
### [`v10.0.0`](https://code.forgejo.org/forgejo/runner/releases/tag/v10.0.0)
[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v9.1.1...v10.0.0)
> **Warning** Upgrade to v10.0.1 instead. A regression was found on `pull_request_target` events and is fixed in the [v10.0.1 release](https://code.forgejo.org/forgejo/runner/releases/tag/v10.0.1).
- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)
Release Notes
- [PR](https://code.forgejo.org/forgejo/runner/pulls/925): <!--number 925 --><!--line 0 --><!--description Zml4KHNlY3VyaXR5KTogcHJldmVudCBvbjogcHVsbF9yZXF1ZXN0IGFjdGlvbnMgZnJvbSBtdXRhdGluZyBjYWNoZXMgb2Ygb3RoZXIgd29ya2Zsb3cgZXZlbnRz-->fix(security): prevent on: pull\_request actions from mutating caches of other workflow events<!--description-->
forgej-runner currently creates a safer execution environment for workflows triggered by pull requests by denying those workflows access to the repository's secrets, preventing pull requests from compromising the confidentiality of the secrets.
Workflows do have access to write to the action cache, which is shared with future workflow executions, including executions that may have access to repository secrets. This was assumed safe as the cache is a "write-once" operation based upon the cache key; if an execution writes to that cache, it will be read by other workflows only if a matching key parameter is provided, and it can not be modified again. These assumptions were identified as weak security practices with known workarounds.
It is possible for a malicious pull request to mutate the shared cache and embed untrusted artifacts, which may later be executed in workflow executions with access to secrets, risking the confidentiality of those secrets.
In order to eliminate this risk, workflows executing with the `pull_request` and `pull_request_target` events have their write operations to the cache isolated to future workflow executions from the same pull request. They can continue to read from the shared cache if applicable.
If using an external cache server configuration, both the cache server and other instances of the runner must be running the same software version. The recommended upgrade procedure in this configuration is to bring all runners offline, upgrade the cache server to the latest release and bring it online, and then bring all other runners online.
- [PR](https://code.forgejo.org/forgejo/runner/pulls/924): <!--number 924 --><!--line 0 --><!--description Zml4KHNlY3VyaXR5KTogZW5zdXJlIHVuaXF1ZSBuYW1lcyBmb3IgY29udGFpbmVyIGltYWdlcyBjcmVhdGVkIGJ5IGFjdGlvbnM=-->fix(security): ensure unique names for container images created by actions<!--description-->
Without this fix, when a workflow ran a local [docker action](https://forgejo.org/docs/next/user/actions/actions/#docker-actions) (e.g. the [example in the end-to-end tests](8f920b4b7a/actions/example-force-rebuild/.forgejo/workflows/test.yml)), it used an image tag that could collide with other workflows that happen to use the same name. The workaround for older runner versions is to set [`[container].force_rebuild: true`](https://forgejo.org/docs/next/admin/actions/runner-installation/#configuration) in the runner configuration file.
***
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- bug fixes
- [PR](https://code.forgejo.org/forgejo/runner/pulls/925): <!--number 925 --><!--line 0 --><!--description Zml4KHNlY3VyaXR5KTogcHJldmVudCBvbjogcHVsbF9yZXF1ZXN0IGFjdGlvbnMgZnJvbSBtdXRhdGluZyBjYWNoZXMgb2Ygb3RoZXIgd29ya2Zsb3cgZXZlbnRz-->fix(security): prevent on: pull\_request actions from mutating caches of other workflow events<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/924): <!--number 924 --><!--line 0 --><!--description Zml4KHNlY3VyaXR5KTogZW5zdXJlIHVuaXF1ZSBuYW1lcyBmb3IgY29udGFpbmVyIGltYWdlcyBjcmVhdGVkIGJ5IGFjdGlvbnM=-->fix(security): ensure unique names for container images created by actions<!--description-->
- other
- [PR](https://code.forgejo.org/forgejo/runner/pulls/921): <!--number 921 --><!--line 0 --><!--description VXBkYXRlIGNvZGUuZm9yZ2Vqby5vcmcvZm9yZ2Vqby9mb3JnZWpvIERvY2tlciB0YWcgdG8gdjExLjAuNA==-->Update code.forgejo.org/forgejo/forgejo Docker tag to v11.0.4<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/922): <!--number 922 --><!--line 0 --><!--description Y2hvcmU6IGV4cGxhaW4gdGhlIGRpZmZlcmVuY2UgYmV0d2VlbiBgam9iX2xldmVsYCBhbmQgYGxldmVsYA==-->chore: explain the difference between `job_level` and `level`<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/917): <!--number 917 --><!--line 0 --><!--description Y2hvcmU6IGFkZCByZW1pbmRlciBvZiBob3cgdG8gcnVuIGEgbG9jYWwgdGVzdA==-->chore: add reminder of how to run a local test<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/919): <!--number 919 --><!--line 0 --><!--description Y2hvcmU6IHVuaWZ5IGNhc2NhZGUtc2V0dXAtZm9yZ2VqbyB3aXRoIGNhc2NhZGUtZm9yZ2Vqbw==-->chore: unify cascade-setup-forgejo with cascade-forgejo<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/873): <!--number 873 --><!--line 0 --><!--description Y2hvcmU6IHJlbW92ZSBgZ2l0aHViLmNvbS9wa2cvZXJyb3JzYA==-->chore: remove `github.com/pkg/errors`<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/915): <!--number 915 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3N0cmV0Y2hyL3Rlc3RpZnkgdG8gdjEuMTEuMQ==-->Update module github.com/stretchr/testify to v1.11.1<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/914): <!--number 914 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb29nbGUuZ29sYW5nLm9yZy9wcm90b2J1ZiB0byB2MS4zNi44-->Update module google.golang.org/protobuf to v1.36.8<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/907): <!--number 907 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnby5ldGNkLmlvL2Jib2x0IHRvIHYxLjQuMw==-->Update module go.etcd.io/bbolt to v1.4.3<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/906): <!--number 906 --><!--line 0 --><!--description dGVzdDogcmVtb3ZlIGludGVybmFsIHRpbWVvdXQgaW4gVGVzdFJ1bm5lckNhY2hlQ29uZmlndXJhdGlvbg==-->test: remove internal timeout in TestRunnerCacheConfiguration<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/902): <!--number 902 --><!--line 0 --><!--description Y2hvcmU6IHNraXAgdGVzdHMgdGhhdCByZXF1aXJlIEZvcmdlam8gaWYgaXQgaXMgbm90IGF2YWlsYWJsZQ==-->chore: skip tests that require Forgejo if it is not available<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/903): <!--number 903 --><!--line 0 --><!--description Y2hvcmU6IHJld29yayB0aGUgUkVBRE1F-->chore: rework the README<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/904): <!--number 904 --><!--line 0 --><!--description VXBkYXRlIGdpdGh1Yi5jb20vZ28tdmlwZXIvbWFwc3RydWN0dXJlL3YyIChpbmRpcmVjdCkgdG8gdjIuNC4wIFtTRUNVUklUWV0=-->Update github.com/go-viper/mapstructure/v2 (indirect) to v2.4.0 \[SECURITY]<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/900): <!--number 900 --><!--line 0 --><!--description Y2hvcmU6IHJlbW92ZSBUZXN0UnVuQ29udGV4dF9HZXRHaXRIdWJDb250ZXh0-->chore: remove TestRunContext\_GetGitHubContext<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/899): <!--number 899 --><!--line 0 --><!--description Y2hvcmU6IGRvIG5vdCBmb3JjZSBHT1BST1hZ-->chore: do not force GOPROXY<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/890): <!--number 890 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3Zla3RyYS9tb2NrZXJ5L3YyIHRvIHYyLjUzLjU=-->Update module github.com/vektra/mockery/v2 to v2.53.5<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/893): <!--number 893 --><!--line 0 --><!--description Y2hvcmU6IGZpeCAuUEhPTlkgbGludCB0YXJnZXRz-->chore: fix .PHONY lint targets<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/898): <!--number 898 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9ydW5uZXIgdG8gdjkuMS4x-->Update dependency forgejo/runner to v9.1.1<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/897): <!--number 897 --><!--line 0 --><!--description VXBkYXRlIGNvZGUuZm9yZ2Vqby5vcmcvZm9yZ2Vqby9ydW5uZXIgRG9ja2VyIHRhZyB0byB2OS4xLjE=-->Update code.forgejo.org/forgejo/runner Docker tag to v9.1.1<!--description-->
<!--end release-notes-assistant-->
</details>
---
### Configuration
📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny45IiwidXBkYXRlZEluVmVyIjoiNDEuOTcuOSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiS2luZC9EZXBlbmRlbmN5VXBkYXRlIiwicnVuLWVuZC10by1lbmQtdGVzdHMiXX0=-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/975
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
When a new pull request is opened and has no labels, the release notes
assistant will not be called and it will look like the event was
missed.
Most of the time the label will be set when the pull request is open
and that will fire two runs. However, the release notes assistant is
idempotent and that will just make one extra run in the CI that is a
noop.
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- other
- [PR](https://code.forgejo.org/forgejo/runner/pulls/964): <!--number 964 --><!--line 0 --><!--description Y2hvcmU6IGNhbGwgdGhlIHJlbGVhc2Ugbm90ZXMgYXNzaXN0YW50IHdoZW4gb3BlbmluZyBhIG5ldyBwdWxsIHJlcXVlc3Q=-->chore: call the release notes assistant when opening a new pull request<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/964
Reviewed-by: Gusted <gusted@noreply.code.forgejo.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
I had the case that an already registered runner was losing it's labels due to a race condition (I think): the compose file was restarted, the runner came up but 10 seconds later, the labels were reset:
>If the command is run without --labels, they will be reset, and the runner won’t set them back until it is restarted. The --keep-labels option can be used to preserve the existing labels.
I always started all services in the compose file at once, so I never got the idea to restart the runner alone and the runner logs actually always said that the labels where there:
> ... with labels: [docker-cli node-bookworm], declared successfully
Signed-off-by: jankatins <jankatins@noreply.code.forgejo.org>
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- bug fixes
- [PR](https://code.forgejo.org/forgejo/runner/pulls/965): <!--number 965 --><!--line 0 --><!--description Zml4OiBBbGxvdyB0aGUgcnVubmVyIHRvIGtlZXAgaXQncyBsYWJlbHM=-->fix: Allow the runner to keep it's labels<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/965
Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>
Co-authored-by: jankatins <jankatins@noreply.code.forgejo.org>
Co-committed-by: jankatins <jankatins@noreply.code.forgejo.org>
Testing
- after merge
- open a pull request with the tags run-end-to-end-test and run-forgejo-test set
- verify both workflow run instead of being skipped
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- bug fixes
- [PR](https://code.forgejo.org/forgejo/runner/pulls/948): <!--number 948 --><!--line 0 --><!--description Zml4OiBhbHNvIGNhc2NhZGUgaWYgcnVuLSotdGVzdCBpcyBzZXQgd2hlbiB0aGUgUFIgaXMgb3Blbg==-->fix: also cascade if run-*-test is set when the PR is open<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/948
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.code.forgejo.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [code.forgejo.org/forgejo/forgejo](https://forgejo.org) ([source](https://codeberg.org/forgejo/forgejo)) | patch | `11.0.4` -> `11.0.5` |
---
### Release Notes
<details>
<summary>forgejo/forgejo (code.forgejo.org/forgejo/forgejo)</summary>
### [`v11.0.5`](https://codeberg.org/forgejo/forgejo/releases/tag/v11.0.5)
[Compare Source](https://codeberg.org/forgejo/forgejo/compare/v11.0.4...v11.0.5)
See <https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/11.0.5.md>
</details>
---
### Configuration
📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45MS4yIiwidXBkYXRlZEluVmVyIjoiNDEuOTEuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiS2luZC9DaG9yZSIsInJ1bi1lbmQtdG8tZW5kLXRlc3RzIl19-->
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- other
- [PR](https://code.forgejo.org/forgejo/runner/pulls/945): <!--number 945 --><!--line 0 --><!--description VXBkYXRlIGNvZGUuZm9yZ2Vqby5vcmcvZm9yZ2Vqby9mb3JnZWpvIERvY2tlciB0YWcgdG8gdjExLjAuNQ==-->Update code.forgejo.org/forgejo/forgejo Docker tag to v11.0.5<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/945
Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
otherwise it will not be set when copy/pasting the following commands
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- bug fixes
- [PR](https://code.forgejo.org/forgejo/runner/pulls/943): <!--number 943 --><!--line 0 --><!--description Zml4OiBseGMtc3lzdGVtZCBleGFtcGxlOiBleHBvcnQgSU5QVVRTX1NFUklBTA==-->fix: lxc-systemd example: export INPUTS_SERIAL<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/943
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
- create the caches interface and matching cachesImpl
- move the cache logic out of handler
- openDB
- readCache
- useCache
- gcCache
- access to the storage struct
- serve
- commit
- exist
- write
- add getCaches / setCaches to the handler interface so it can be
used by tests. The caches test should be implemented independently
in the future but this is a different kind of cleanup.
- no functional change, minimal refactor
- responseFatalJSON(w, r, err) replaces responseJSON(w, r, 500, err)
and calls fatal() when the following fail because they are
not recoverable. There may be other non-recoverable errors but
it is difficult to be 100% sure they cannot be engineered by the
caller of the API for DoS purposes.
- openDB
- findCache
- cache.Repo != repo
- wrap errors in
- openDB() - it was missing
- readCache() - it was missing
- useCache() - it was missing
- findCache() - some had identical messages
- in gc
- replace logger.Warnf with h.fatal
- differentiate errors that have identical messages
- call fatal if openDB fails instead of returning
in case of an error that is not recoverable (e.g. failing to open the
bolthold database), the cache can call fatal() to log the error and
send a TERM signal that will gracefully shutdown the daemon.
the license change from MIT to GPLv3+ is a breaking change
Refs forgejo/runner#773
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- other
- [PR](https://code.forgejo.org/forgejo/runner/pulls/940): <!--number 940 --><!--line 0 --><!--description Y2hvcmU6IGJ1bXAgdmVyc2lvbiB0byB2MTE=-->chore: bump version to v11<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/940
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
It was raised during embargo review of #925 that there are two implementations of `computeMac`; this PR fixes that.
As all the tests for `computeMac` were in the `artifactcache` package, it made more sense to keep the method there. That required reversing the dependency `artifactcache->cacheproxy` package dependency -- it makes more sense to me for the proxy to depend on the cache, rather than vice-versa.
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- other
- [PR](https://code.forgejo.org/forgejo/runner/pulls/936): <!--number 936 --><!--line 0 --><!--description cmVmYWN0b3I6IHJlbW92ZSBkdXBsaWNhdGUgY29tcHV0ZU1hYyBmdW5jdGlvbg==-->refactor: remove duplicate computeMac function<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/936
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
- the Handler struct becomes handler (lowercase)
- the Handler interface is defined to be the existing methods
- isClosed() is added and used only in tests
- setgcAt() is added and used only in tests
---
This is to allow mocking the Handler interface for testing.
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- other
- [PR](https://code.forgejo.org/forgejo/runner/pulls/934): <!--number 934 --><!--line 0 --><!--description Y2hvcmU6IHJlZmFjdG9yIGFjdC9hcnRpZmFjdGNhY2hlIEhhbmRsZXIgdG8gYW4gaW50ZXJmYWNl-->chore: refactor act/artifactcache Handler to an interface<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/934
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.code.forgejo.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
The Forgejo runner is part of the Forgejo project. The licensing
agreement in the governance repository reads like this:
> Forgejo accepts contributions compatible with the GPLv3-or-later license.
> The license under which Forgejo is distributed will be changed upon the acceptance of such contributions.
The first step is to update the LICENSE file to reflect that
decision. The individual copyright notice of each source file will be
updated when and if relevant. If a change is made that is eligible for
copyright, the author may decide change the copyright notice from MIT
or Apache 2 to GPLv3-or-later.
Refs licensing agreement 6eb522282f/AGREEMENTS.md (licensing)
Refs blog post about the licensing agreement https://forgejo.org/2024-08-gpl/
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- other
- [PR](https://code.forgejo.org/forgejo/runner/pulls/773): <!--number 773 --><!--line 0 --><!--description Y2hvcmU6IGNoYW5nZSB0aGUgbGljZW5zZSB0byBHUEx2My1vci1sYXRlcg==-->chore: change the license to GPLv3-or-later<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/773
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Gusted <gusted@noreply.code.forgejo.org>
Reviewed-by: Beowulf <beowulf@noreply.code.forgejo.org>
Reviewed-by: pat-s <pat-s@noreply.code.forgejo.org>
Reviewed-by: fnetX <fnetx@noreply.code.forgejo.org>
Reviewed-by: 0ko <0ko@noreply.code.forgejo.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [go](https://go.dev/) ([source](https://github.com/golang/go)) | toolchain | patch | `1.24.6` -> `1.24.7` |
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45MS4yIiwidXBkYXRlZEluVmVyIjoiNDEuOTEuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiS2luZC9DaG9yZSIsInJ1bi1lbmQtdG8tZW5kLXRlc3RzIl19-->
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- other
- [PR](https://code.forgejo.org/forgejo/runner/pulls/933): <!--number 933 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjQuNw==-->Update dependency go to v1.24.7<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/933
Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [forgejo/runner](https://code.forgejo.org/forgejo/runner) | major | `9.1.1` -> `10.0.1` |
---
### Release Notes
<details>
<summary>forgejo/runner (forgejo/runner)</summary>
### [`v10.0.1`](https://code.forgejo.org/forgejo/runner/releases/tag/v10.0.1)
[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v10.0.0...v10.0.1)
- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)
Release Notes
***
### [`v10.0.0`](https://code.forgejo.org/forgejo/runner/releases/tag/v10.0.0)
[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v9.1.1...v10.0.0)
> **Warning** Upgrade to v10.0.1 instead. A regression was found on `pull_request_target` events and is fixed in the [v10.0.1 release](https://code.forgejo.org/forgejo/runner/releases/tag/v10.0.1).
- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)
Release Notes
- [PR](https://code.forgejo.org/forgejo/runner/pulls/925): <!--number 925 --><!--line 0 --><!--description Zml4KHNlY3VyaXR5KTogcHJldmVudCBvbjogcHVsbF9yZXF1ZXN0IGFjdGlvbnMgZnJvbSBtdXRhdGluZyBjYWNoZXMgb2Ygb3RoZXIgd29ya2Zsb3cgZXZlbnRz-->fix(security): prevent on: pull\_request actions from mutating caches of other workflow events<!--description-->
forgej-runner currently creates a safer execution environment for workflows triggered by pull requests by denying those workflows access to the repository's secrets, preventing pull requests from compromising the confidentiality of the secrets.
Workflows do have access to write to the action cache, which is shared with future workflow executions, including executions that may have access to repository secrets. This was assumed safe as the cache is a "write-once" operation based upon the cache key; if an execution writes to that cache, it will be read by other workflows only if a matching key parameter is provided, and it can not be modified again. These assumptions were identified as weak security practices with known workarounds.
It is possible for a malicious pull request to mutate the shared cache and embed untrusted artifacts, which may later be executed in workflow executions with access to secrets, risking the confidentiality of those secrets.
In order to eliminate this risk, workflows executing with the `pull_request` and `pull_request_target` events have their write operations to the cache isolated to future workflow executions from the same pull request. They can continue to read from the shared cache if applicable.
If using an external cache server configuration, both the cache server and other instances of the runner must be running the same software version. The recommended upgrade procedure in this configuration is to bring all runners offline, upgrade the cache server to the latest release and bring it online, and then bring all other runners online.
- [PR](https://code.forgejo.org/forgejo/runner/pulls/924): <!--number 924 --><!--line 0 --><!--description Zml4KHNlY3VyaXR5KTogZW5zdXJlIHVuaXF1ZSBuYW1lcyBmb3IgY29udGFpbmVyIGltYWdlcyBjcmVhdGVkIGJ5IGFjdGlvbnM=-->fix(security): ensure unique names for container images created by actions<!--description-->
Without this fix, when a workflow ran a local [docker action](https://forgejo.org/docs/next/user/actions/actions/#docker-actions) (e.g. the [example in the end-to-end tests](8f920b4b7a/actions/example-force-rebuild/.forgejo/workflows/test.yml)), it used an image tag that could collide with other workflows that happen to use the same name. The workaround for older runner versions is to set [`[container].force_rebuild: true`](https://forgejo.org/docs/next/admin/actions/runner-installation/#configuration) in the runner configuration file.
***
<!--URL:https://code.forgejo.org/forgejo/runner-->
- bug fixes
- [PR](https://code.forgejo.org/forgejo/runner/pulls/925): <!--number 925 --><!--line 0 --><!--description Zml4KHNlY3VyaXR5KTogcHJldmVudCBvbjogcHVsbF9yZXF1ZXN0IGFjdGlvbnMgZnJvbSBtdXRhdGluZyBjYWNoZXMgb2Ygb3RoZXIgd29ya2Zsb3cgZXZlbnRz-->fix(security): prevent on: pull\_request actions from mutating caches of other workflow events<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/924): <!--number 924 --><!--line 0 --><!--description Zml4KHNlY3VyaXR5KTogZW5zdXJlIHVuaXF1ZSBuYW1lcyBmb3IgY29udGFpbmVyIGltYWdlcyBjcmVhdGVkIGJ5IGFjdGlvbnM=-->fix(security): ensure unique names for container images created by actions<!--description-->
- other
- [PR](https://code.forgejo.org/forgejo/runner/pulls/921): <!--number 921 --><!--line 0 --><!--description VXBkYXRlIGNvZGUuZm9yZ2Vqby5vcmcvZm9yZ2Vqby9mb3JnZWpvIERvY2tlciB0YWcgdG8gdjExLjAuNA==-->Update code.forgejo.org/forgejo/forgejo Docker tag to v11.0.4<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/922): <!--number 922 --><!--line 0 --><!--description Y2hvcmU6IGV4cGxhaW4gdGhlIGRpZmZlcmVuY2UgYmV0d2VlbiBgam9iX2xldmVsYCBhbmQgYGxldmVsYA==-->chore: explain the difference between `job_level` and `level`<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/917): <!--number 917 --><!--line 0 --><!--description Y2hvcmU6IGFkZCByZW1pbmRlciBvZiBob3cgdG8gcnVuIGEgbG9jYWwgdGVzdA==-->chore: add reminder of how to run a local test<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/919): <!--number 919 --><!--line 0 --><!--description Y2hvcmU6IHVuaWZ5IGNhc2NhZGUtc2V0dXAtZm9yZ2VqbyB3aXRoIGNhc2NhZGUtZm9yZ2Vqbw==-->chore: unify cascade-setup-forgejo with cascade-forgejo<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/873): <!--number 873 --><!--line 0 --><!--description Y2hvcmU6IHJlbW92ZSBgZ2l0aHViLmNvbS9wa2cvZXJyb3JzYA==-->chore: remove `github.com/pkg/errors`<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/915): <!--number 915 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3N0cmV0Y2hyL3Rlc3RpZnkgdG8gdjEuMTEuMQ==-->Update module github.com/stretchr/testify to v1.11.1<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/914): <!--number 914 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb29nbGUuZ29sYW5nLm9yZy9wcm90b2J1ZiB0byB2MS4zNi44-->Update module google.golang.org/protobuf to v1.36.8<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/907): <!--number 907 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnby5ldGNkLmlvL2Jib2x0IHRvIHYxLjQuMw==-->Update module go.etcd.io/bbolt to v1.4.3<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/906): <!--number 906 --><!--line 0 --><!--description dGVzdDogcmVtb3ZlIGludGVybmFsIHRpbWVvdXQgaW4gVGVzdFJ1bm5lckNhY2hlQ29uZmlndXJhdGlvbg==-->test: remove internal timeout in TestRunnerCacheConfiguration<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/902): <!--number 902 --><!--line 0 --><!--description Y2hvcmU6IHNraXAgdGVzdHMgdGhhdCByZXF1aXJlIEZvcmdlam8gaWYgaXQgaXMgbm90IGF2YWlsYWJsZQ==-->chore: skip tests that require Forgejo if it is not available<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/903): <!--number 903 --><!--line 0 --><!--description Y2hvcmU6IHJld29yayB0aGUgUkVBRE1F-->chore: rework the README<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/904): <!--number 904 --><!--line 0 --><!--description VXBkYXRlIGdpdGh1Yi5jb20vZ28tdmlwZXIvbWFwc3RydWN0dXJlL3YyIChpbmRpcmVjdCkgdG8gdjIuNC4wIFtTRUNVUklUWV0=-->Update github.com/go-viper/mapstructure/v2 (indirect) to v2.4.0 \[SECURITY]<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/900): <!--number 900 --><!--line 0 --><!--description Y2hvcmU6IHJlbW92ZSBUZXN0UnVuQ29udGV4dF9HZXRHaXRIdWJDb250ZXh0-->chore: remove TestRunContext\_GetGitHubContext<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/899): <!--number 899 --><!--line 0 --><!--description Y2hvcmU6IGRvIG5vdCBmb3JjZSBHT1BST1hZ-->chore: do not force GOPROXY<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/890): <!--number 890 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3Zla3RyYS9tb2NrZXJ5L3YyIHRvIHYyLjUzLjU=-->Update module github.com/vektra/mockery/v2 to v2.53.5<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/893): <!--number 893 --><!--line 0 --><!--description Y2hvcmU6IGZpeCAuUEhPTlkgbGludCB0YXJnZXRz-->chore: fix .PHONY lint targets<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/898): <!--number 898 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9ydW5uZXIgdG8gdjkuMS4x-->Update dependency forgejo/runner to v9.1.1<!--description-->
- [PR](https://code.forgejo.org/forgejo/runner/pulls/897): <!--number 897 --><!--line 0 --><!--description VXBkYXRlIGNvZGUuZm9yZ2Vqby5vcmcvZm9yZ2Vqby9ydW5uZXIgRG9ja2VyIHRhZyB0byB2OS4xLjE=-->Update code.forgejo.org/forgejo/runner Docker tag to v9.1.1<!--description-->
<!--end release-notes-assistant-->
</details>
---
### Configuration
📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45MS4yIiwidXBkYXRlZEluVmVyIjoiNDEuOTEuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiS2luZC9DaG9yZSIsInJ1bi1lbmQtdG8tZW5kLXRlc3RzIl19-->
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- other
- [PR](https://code.forgejo.org/forgejo/runner/pulls/928): <!--number 928 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9ydW5uZXIgdG8gdjEw-->Update dependency forgejo/runner to v10<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/928
Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
This is a regression introduced in v10.0.0 by which a pull_request_target event would fail because it attemps to set an isolation key, as if it was a pull request originating from a fork.
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- bug fixes
- [PR](https://code.forgejo.org/forgejo/runner/pulls/927): <!--number 927 --><!--line 0 --><!--description Zml4OiBwdWxsX3JlcXVlc3RfdGFyZ2V0IGV2ZW50cyBjYW4gc2hhcmUgdGhlIGNhY2hlIG9mIHRoZSByZXBvc2l0b3J5-->fix: pull_request_target events can share the cache of the repository<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/927
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.code.forgejo.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [code.forgejo.org/forgejo/forgejo](https://forgejo.org) ([source](https://codeberg.org/forgejo/forgejo)) | patch | `11.0.3` -> `11.0.4` |
---
### Release Notes
<details>
<summary>forgejo/forgejo (code.forgejo.org/forgejo/forgejo)</summary>
### [`v11.0.4`](https://codeberg.org/forgejo/forgejo/releases/tag/v11.0.4)
[Compare Source](https://codeberg.org/forgejo/forgejo/compare/v11.0.3...v11.0.4)
See <https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/11.0.4.md>
</details>
---
### Configuration
📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS44Mi4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjkxLjIiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbIktpbmQvQ2hvcmUiLCJydW4tZW5kLXRvLWVuZC10ZXN0cyJdfQ==-->
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- other
- [PR](https://code.forgejo.org/forgejo/runner/pulls/921): <!--number 921 --><!--line 0 --><!--description VXBkYXRlIGNvZGUuZm9yZ2Vqby5vcmcvZm9yZ2Vqby9mb3JnZWpvIERvY2tlciB0YWcgdG8gdjExLjAuNA==-->Update code.forgejo.org/forgejo/forgejo Docker tag to v11.0.4<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/921
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
