With secrets.MULTILINE set to
```
ABC
DEF
GHI
```
the following is logged in debug mode:
```
2025-09-18T10:54:04.4656189Z expression '${{ secrets.MULTILINE }}' rewritten to 'format('{0}', secrets.MULTILINE)'
2025-09-18T10:54:04.4656426Z evaluating expression 'format('{0}', secrets.MULTILINE)'
2025-09-18T10:54:04.4656797Z expression 'format('{0}', secrets.MULTILINE)' evaluated to '%!t(string=ABC\nDEF\nGHI)'
```
Although it is displayed with \ followed by n, it is a single line entry displayed with the secret verbatim and must also be redacted.
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- bug fixes
- [PR](https://code.forgejo.org/forgejo/runner/pulls/1051): <!--number 1051 --><!--line 0 --><!--description Zml4KHNlY3VyaXR5KTogYSBtdWx0aWxpbmUgc2VjcmV0IG1heSBiZSBmb3VuZCBpbiBhIHNpbmdsZSBsb2cgZW50cnk=-->fix(security): a multiline secret may be found in a single log entry<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/1051
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
Additional logging to support #1044.
Manual testing only. Cases tested:
Cancel a job from Forgejo UI; this seems like the most likely missing piece in #1044 as two jobs were simultaneously marked as "Failed". There are codepaths in Forgejo that can set this state to both cancelled and failed, but the runner didn't provide log output indicating that's why a job was stopping:
```
time="2025-10-02T13:22:53-06:00" level=info msg="UpdateTask returned task result RESULT_CANCELLED for a task that was in local state RESULT_UNSPECIFIED - beginning local task termination" func="[ReportState]" file="[reporter.go:410]"
```
Host-based executor hits step timeout in exec, or, is cancelled. This occurred but only logged the `err` from `exec`, not the context error indicating whether it was a timeout or a cancellation:
```
[Test Action/job1] this step has been cancelled: ctx: context deadline exceeded, exec: RUN signal: killed
[Test Action/job1] this step has been cancelled: ctx: context canceled, exec: RUN signal: killed
```
Unable to `ReportState` due to Forgejo inaccessible. If the runner isn't able to update state to Forgejo a job could be considered a zombie; this would trigger one of the codepaths where the job would be marked as failed. If connectivity was later restored, then the runner could identify it was marked as failed and cancel the job context. (This combination doesn't seem likely, but, I think it's reasonable to consider these failures as warnings because there may be unexpected errors here that we're not aware of).
```
time="2025-10-02T13:27:19-06:00" level=warning msg="ReportState error: unavailable: 502 Bad Gateway" func="[RunDaemon]" file="[reporter.go:207]"
```
Runner shutdown logging; just changed up to `Info` level:
```
time="2025-10-02T13:31:36-06:00" level=info msg="forcing the jobs to shutdown" func="[Shutdown]" file="[poller.go:93]"
[Test Action/job1] ❌ Failure - Main sleep 120
[Test Action/job1] this step has been cancelled: ctx: context canceled, exec: RUN signal: killed
```
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- bug fixes
- [PR](https://code.forgejo.org/forgejo/runner/pulls/1048): <!--number 1048 --><!--line 0 --><!--description Zml4OiBpbXByb3ZlIGxvZ2dpbmcgdG8gZGlhZ25vc2UgbXlzdGVyeSBqb2IgdGVybWluYXRpb25z-->fix: improve logging to diagnose mystery job terminations<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/1048
Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
Resolvesforgejo/runner#1014
---
Manual testing can also be done using the [reproducer from the issue](https://code.forgejo.org/forgejo/runner/issues/1014#issuecomment-60694).
## Before
The first step of the local composite action sets the step result of the job to success which confuses Forgejo display.
## After
Forgejo displays the progress of the composite action in the step calling it.
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- bug fixes
- [PR](https://code.forgejo.org/forgejo/runner/pulls/1019): <!--number 1019 --><!--line 0 --><!--description Zml4OiBhIGNvbXBvc2l0ZSBhY3Rpb24gbXVzdCBub3QgY2hhbmdlIHRoZSByZXN1bHQgb2YgdGhlIGNhbGxpbmcgc3RlcCBiZWZvcmUgaXQgY29tcGxldGVz-->fix: a composite action must not change the result of the calling step before it completes<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/1019
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.code.forgejo.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
Fixes#994.
First commit ensures that the interpolateResults method is invoked before data is sent to the reporter. Second commit changes how data is sent to the reporter to include both the result and the job outputs.
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- bug fixes
- [PR](https://code.forgejo.org/forgejo/runner/pulls/995): <!--number 995 --><!--line 0 --><!--description Zml4OiBzZW5kIGpvYiBvdXRwdXRzICYgam9iIHJlc3VsdCB0byBGb3JnZWpvIGluIHN5bmMgd2l0aCBlYWNoIG90aGVy-->fix: send job outputs & job result to Forgejo in sync with each other<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/995
Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
- when the Forgejo instance stops a job because it runs for too long, it will be reported back as failed and it must be stopped, exactly as if it was canceled from the web UI by the user.
- add test coverage for Reporter.ReportState
- extract Reporter.Outputs output of Reporter.ReportState
Resolves https://code.forgejo.org/forgejo/runner/issues/980
---
Manual testing with a locally built Forgejo instance built to check every minute instead of every 30 minutes, with
```ini
[actions]
ENABLED = true
ENDLESS_TASK_TIMEOUT = 1m
```
and the following workflow:
```yaml
on: [push]
jobs:
test:
runs-on: docker
steps:
- run: sleep 60
- run: sleep 61
- run: sleep 62
```
waiting in front of the screen and watching the logs of the runner, I see it stops before `sleep 62` is complete.
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- bug fixes
- [PR](https://code.forgejo.org/forgejo/runner/pulls/986): <!--number 986 --><!--line 0 --><!--description Zml4OiBpZiB0aGUgRm9yZ2VqbyBpbnN0YW5jZSBmYWlsZWQgYSBqb2IsIGNhbmNlbCBpdA==-->fix: if the Forgejo instance failed a job, cancel it<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/986
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.code.forgejo.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
the license change from MIT to GPLv3+ is a breaking change
Refs forgejo/runner#773
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- other
- [PR](https://code.forgejo.org/forgejo/runner/pulls/940): <!--number 940 --><!--line 0 --><!--description Y2hvcmU6IGJ1bXAgdmVyc2lvbiB0byB2MTE=-->chore: bump version to v11<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/940
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
The result of a job can only be changed to FAILURE by the Close() function of the reporter under two conditions:
- If it is UNSPECIFIED
- If the context timeout
In all other cases it must be preserved. It is possible, for instance, for a job to be SKIPPED and be associated with an error message, e.g.
```
time="2025-08-20T21:02:07+02:00" level=trace msg="evaluating expression 'success()'" dryrun=false job="Test Action/job-1" jobID=job-1 matrix="map[]"
[Test Action/job-1] [DEBUG] evaluating expression 'success()'
time="2025-08-20T21:02:07+02:00" level=trace msg="expression 'success()' evaluated to 'true'" dryrun=false job="Test Action/job-1" jobID=job-1 matrix="map[]"
[Test Action/job-1] [DEBUG] expression 'success()' evaluated to 'true'
time="2025-08-20T21:02:07+02:00" level=trace msg="'runs-on' key not defined in Test Action/job-1" dryrun=false job="Test Action/job-1" jobID=job-1 matrix="map[]"
[Test Action/job-1] 'runs-on' key not defined in Test Action/job-1
[Test Action/job-1] [DEBUG] No steps found
```
Those errors show in the logs when a job is skipped, because the worflow is empty. But they are expected and to be ignored.
Refs forgejo/runner#895
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- bug fixes
- [PR](https://code.forgejo.org/forgejo/runner/pulls/896): <!--number 896 --><!--line 0 --><!--description Zml4OiBhbiBlcnJvciBmcm9tIGEgU0tJUFBFRCBqb2IgZG9lcyBub3QgdHJhbnNmb3JtIGl0IGludG8gYSBGQUlMVVJF-->fix: an error from a SKIPPED job does not transform it into a FAILURE<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/896
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.code.forgejo.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
- change the argument from string to error to differentiate
a timeout error
- when there is a timeout, display a message more descriptive than
"context deadline"
- always set the StoppedAt state value instead of only if the
result was unspecified: it is the last state update.
ctx & cancel are related and when cancel is called, the context is no
longer usable. Use the daemon context context to allow the reporter to
continue to operate and conclude the converation with the Forgejo
instance.
The daemon context is needed when the context of a job or the poller
is done. Otherwise it is no longer possible to send a conclusion
report to Forgejo, short of creating a context.Background() which
poses its own set of problems.
- WithDaemonContext is used to store the daemon context
- The poller uses the daemon context instead of context.Background
The other setting that asks you for a URL as input
does so while specifically stating it should have a
trailing slash. This commit adds similar
clarification to the other setting.
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- other
- [PR](https://code.forgejo.org/forgejo/runner/pulls/866): <!--number 866 --><!--line 0 --><!--description ZG9jczogQ2xhcmlmeSBhY3Rpb25zX2NhY2hlX3VybF9vcHRpb24gW3NraXAgY2FzY2FkZV0=-->docs: Clarify actions_cache_url_option [skip cascade]<!--description-->
<!--end release-notes-assistant-->
Co-authored-by: Shuroii <shuroii@local.local>
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/866
Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>
Co-authored-by: Shuroii <shuroii@noreply.code.forgejo.org>
Co-committed-by: Shuroii <shuroii@noreply.code.forgejo.org>
A multiline secret transformed into a single line by replacing with \ followed by n is also redacted.
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- bug fixes
- [PR](https://code.forgejo.org/forgejo/runner/pulls/845): <!--number 845 --><!--line 0 --><!--description Zml4KHNlY3VyaXR5KTogbXVsdGxpbmUgc2VjcmV0cyB0cml2aWFsbHkgdHJhbnNmb3JtZWQgYXJlIHJlZGFjdGVk-->fix(security): multline secrets trivially transformed are redacted<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/845
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.code.forgejo.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
[Raised on Forgejo](https://codeberg.org/forgejo/forgejo/issues/8803): when a runner is registered with spaces in the comma-separated label list, eg. ` "docker:docker://node:22-bookworm, self-hosted:host, lxc:lxc://debian:bookworm"`, the runner will currently get the labels `"docker"`, `" self-hosted"`, and `" lxc"` which causes unexpected confusion. Forgejo doesn't display the labels usefully, and targeting the runner with `runs-on` in an action would require an unexpected quoting (eg. `runs-on: " lxc"`).
As an alternative to fixing this in Forgejo's label display, two changes are present here:
- When registering labels via the CLI `--labels` option, or the interactive registering, automatically strip spaces around the commas in the comma-separated list.
- **Breaking**: During startup of the runner, label names that start/end with a space will be considered invalid, resulting in a logged error and the label being ignored:
```
WARN[2025-08-08T21:00:13-06:00] ignored invalid label " debian-latest:docker://node:current-bookworm" error="invalid label \" debian-latest\": starting or ending with a space is invalid"
```
This is a breaking change in behavior in the case that someone has registered a runner with spaces and modified their activities to use them after recognizing the problem. But I tend to think it's more likely that this change will *highlight* a misconfiguration and help someone fix it.
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- bug fixes
- [PR](https://code.forgejo.org/forgejo/runner/pulls/829): <!--number 829 --><!--line 0 --><!--description Zml4OiBwcmV2ZW50IHNwYWNlIHByZWZpeC9zdWZmaXggaW4gcnVubmVyIGxhYmVscw==-->fix: prevent space prefix/suffix in runner labels<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/829
Reviewed-by: Gusted <gusted@noreply.code.forgejo.org>
Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
It will be imported by Forgejo.
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- other
- [PR](https://code.forgejo.org/forgejo/runner/pulls/777): <!--number 777 --><!--line 0 --><!--description Y2hvcmU6IHRvIGFsbG93IHRoZSBydW5uZXIgdG8gYmUgaW1wb3J0ZWQsIHY5IG5lZWRzIHRvIGJlIGluIHRoZSBnbyBtb2R1bGU=-->chore: to allow the runner to be imported, v9 needs to be in the go module<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/777
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
keep it DRY
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner/-->
- other
- [PR](https://code.forgejo.org/forgejo/runner//pulls/759): <!--number 759 --><!--line 0 --><!--description Y2hvcmU6IGEgc2luZ2xlIHRlc3R1dGlscyBmb3IgYm90aCBhY3QgYW5kIHRoZSBydW5uZXI=-->chore: a single testutils for both act and the runner<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/759
Reviewed-by: fnetX <fnetx@noreply.code.forgejo.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
So that it can be used as a package. Not useful right away, but a precondition to merge the ACT repository into the runner repository.
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/747
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
testutils.MockVariable must be in a defer to restore the previous value.
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/701
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
So it does not panic if one is nil.
Closesforgejo/runner#146
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/684
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
go test -cover -coverprofile coverage.txt -v ./internal/pkg/report/...
go tool cover -html=coverage.txt -o coverage.html
xdg-open coverage.html
$ go run github.com/gregoryv/uncover/cmd/uncover@latest coverage.txt ReportLog
total: (statements) 100.0%
- do not try to mask a secret when a log line is received
- try to mask secrets before before sending a batch of log
lines to the Forgejo instance (every second)
- if masking a multiline secret needs more log lines to decide
if it needs to be masked, do not attempt to send anything to
the Forgejo instance, just wait until there are more log lines
Closesforgejo/runner#57
r.logOffset = ack
ack < r.logOffset+len(rows)
can be simplified as
len(rows) > 0
which is only false if there were no rows to send. It follows
that
if noMore && ack < r.logOffset+len(rows) {
is can be simplified as
if noMore {
is always true if rows were sent.
The intent was apparently to return on error and retry if only
part of the rows were sent but not all of them. To achieve that
the expression is replaced with:
if noMore && len(r.logRows) > 0 {
- the longest secret is masked first
- multiline secrets are masked before single line secrets
- O(multiline * log rows) to not degrade performances when there are
no multiline secrets
the context sent from the Forgejo instance is expected to have
gitea_default_actions_url
gitea_runtime_token
add support for
forgejo_default_actions_url
forgejo_runtime_token
as well so that future Forgejo versions can make the change.
--add-host name not work depending on the network mode chosen.
Closesforgejo/runner#213
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/630
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
- Forgejo (since v8, 38ea77ebbe) does not use the value of this header, it was [introduced in v1.20](371520d7ab).
- Older forgejo version than v8 handle it gracefully if this value is not sent.
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/496
Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
This is the forgejo-runner-side patch for a partial overhaul of the cache system to fix some access control issues with caches.
This code depends on changes in act which are being reviewed here: forgejo/act#107
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/502
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/503
Reviewed-by: Gusted <gusted@noreply.code.forgejo.org>
Co-authored-by: Kwonunn <kwonunnx@gmail.com>
Co-committed-by: Kwonunn <kwonunnx@gmail.com>
