To prepare for a smooth merge in the runner codebase.
- run with --fix for gofumpt and golangci
- manual edits for
- disabling useless package naming warning
- rename variables that had underscore in their name
- remove trailing else at the end of a few functions
Reviewed-on: https://code.forgejo.org/forgejo/act/pulls/206
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
- prefer the lowercase version of the DNS name which is more common they are case insensitive anyway
- fix the inverted information when sanitation happens
Reviewed-on: https://code.forgejo.org/forgejo/act/pulls/197
Reviewed-by: msrd0 <msrd0@noreply.code.forgejo.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
For instance, the volume name derived from the workflow name may exceed the file system limit when the container name it is derived from is too long.
Fixesforgejo/runner#152
Reviewed-on: https://code.forgejo.org/forgejo/act/pulls/191
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
- s/[^A-Z0-9-]/_/g
- add a log line in case the name is sanitized
Closesforgejo/runner#226
---
It is breaking because it will fail jobs that rely on service names that contain characters that are sanitized
Reviewed-on: https://code.forgejo.org/forgejo/act/pulls/190
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
In the current implementation, the network will only be created and be scheduled to be deleted when there is a service:
```go
func (rc *RunContext) networkName() (string, bool) {
if len(rc.Run.Job().Services) > 0 || rc.Config.ContainerNetworkMode == "" {
return fmt.Sprintf("%s-%s-network", rc.jobContainerName(), rc.Run.JobID), true
}
return string(rc.Config.ContainerNetworkMode), false
}
```
Therefore it does not currently make a difference. However, in case the network creation logic changes and a network is created even if a service is not present, it would be incorrect not to delete it.
Reviewed-on: https://code.forgejo.org/forgejo/act/pulls/189
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
- do not override username and password when looping over services
- split prepareJobContainer out of startJobContainer
- split getNetworkName out as it is used by both
- add unit tests for prepareJobContainer
- make containre.NewContainer mockable
- add MockVariable helper
Closesforgejo/runner#575
---
Note to reviewers: do not show whitespace change, the refactor will show in a minimal way. When the fix is reverted the tests fail as follows:
```
Diff:
--- Expected
+++ Actual
@@ -81,4 +81,4 @@
Image: (string) (len=10) "some:image",
- Username: (string) (len=17) "containerusername",
- Password: (string) (len=17) "containerpassword",
+ Username: (string) (len=16) "service2username",
+ Password: (string) (len=16) "service2password",
Entrypoint: ([]string) (len=3) {
Test: TestStartJobContainer/Overlapping
```
Reviewed-on: https://code.forgejo.org/forgejo/act/pulls/181
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
- rc.getToolCache(ctx) is used to figure out RUNNER_TOOL_CACHE and returns RUNNER_TOOL_CACHE if it is found in the runner config, e.g.
```yaml
container:
env:
RUNNER_TOOL_CACHE: /srv/toolcache
```
- store the value in the new `toolCache` data member for containers, in the same way it is done for host
- GetRunnerContext for containers return `toolCache` instead of a hard coded string
- add integration test
Closesforgejo/runner#184
Reviewed-on: https://code.forgejo.org/forgejo/act/pulls/178
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
It is a breaking change because it changes how the shell is
determined.
Before, if `jobs.<job_id>.container.image` is set and the shell is not
specified, it defaults to `sh` instead of `bash`.
After, regardless of `jobs.<job_id>.container.image`, if the shell is
not specified, it defaults to `bash` if available, otherwise it
defaults to `sh`.
Rework the shell integration tests:
- Remove container specific tests because the special behavior related
to shell being set differently when a container image is present is
removed
- Modify the defaults test case to verify the fallback logic
- Use container images from code.forgejo.org to escape rate limiting
in the CI
- Add the missing node test
- Use
container:
image: code.forgejo.org/oci/node:22-bookworm
instead of
container: code.forgejo.org/oci/node:22-bookworm
because it silently failed to run (with no exit code)
- Prefer `-z "${BASH}"` because `-z ${BASH+x}` reads obscure
Closesforgejo/runner#150
- log job result as info not as debug
- add test
---
v6.4.0 regression introduced in 4880b091a2
It did not fail a test because the [original fix](https://code.forgejo.org/forgejo/act/pulls/67/files) has tests only for the case where a step is skipped, not when a job is skipped.
Closesforgejo/runner#660
Reviewed-on: https://code.forgejo.org/forgejo/act/pulls/172
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
https://github.com/nektos/act/pull/2372
+ fix: make node tool non volatile
Currently downgrading node via setup-node can break later actions
+ fix it and lookup on startup
+ fix problems
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Reviewed-on: https://code.forgejo.org/forgejo/act/pulls/168
Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>
Co-authored-by: Andrii Chyrva <andrii.s.chyrva@hotmail.com>
Co-committed-by: Andrii Chyrva <andrii.s.chyrva@hotmail.com>
- upgrade to golangci-lint@v1.62.2
- make it renovate friendly
- remove most frequent lint check that are not of consequence (unused
args, etc.)
- fix remaining lint errors
- add renovate custom manager to update the Makefile variable
In the context of Forgejo the act-toolcache must not be mounted
otherwise independent workflows will race against each other when
writing to it. For instance if a setup-go action is run at the same
time as another, there is a probability that they both write the same
file at the same time, which could lead to a truncated or invalid
content.
The comment that introduced this change suggests it was motivated by a
border case by which the image would be empty. It is however unclear
why it should have any impact on how the network name is determined.
The hunk is reverted.
https://github.com/nektos/act/pull/1949/files#r1315163582
Implements one part of forgejo/runner#119. The other part is a corresponding PR in forgejo/runner: forgejo/runner#120.
Reviewed-on: https://code.forgejo.org/forgejo/act/pulls/24
Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>
Co-authored-by: s3lph <codeberg@s3lph.me>
Co-committed-by: s3lph <codeberg@s3lph.me>
Since the start script may create LXC templates that are shared, they
may race against each other when running for the first time. A lock
global to the host needs to be used to guarantee that does not happen.
act PR https://github.com/nektos/act/pull/1682
* shell script to start the LXC container
* create and destroy a LXC container
* run commands with lxc-attach
* expose additional devices for docker & libvirt to work
* install node 16 & git for checkout to work
[FORGEJO] start/stop lxc working directory is /tmp
[FORGEJO] use lxc-helpers to create/destroy containers
[FORGEJO] do not setup LXC
(cherry picked from commit 5b94ff3226848791b93e72d2e0f0ee4bba29a989)
Conflicts:
pkg/container/host_environment.go
Conflicts:
pkg/container/host_environment.go
[FORGJEO] upgrade to node20
The toolcache on GitHub Actions need to be in
/opt/hostedtoolcache. This is the case for all
environment variables set by act, but it's not the
case for the volume mounted into the container.
Co-authored-by: Björn Brauer <zaubernerd@zaubernerd.de>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Move the logging back up a level to fix a minor logging issue introduced in #2088
`RunContext`s for composite actions have dummy/blank `Job`s with no `runs-on`,
meaning their calls to `withGithubEnv` would result in an inaccurate log message
complaining that `'runs-on' key not defined in ...`
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
* Support array expressions in runs-on
* Simplify appproach to use EvaluateYamlNode, fix case-sensitivity bug
---------
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
* Support services (#42)
Removed createSimpleContainerName and AutoRemove flag
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/42
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services options (#45)
Reviewed-on: https://gitea.com/gitea/act/pulls/45
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support intepolation for `env` of `services` (#47)
Reviewed-on: https://gitea.com/gitea/act/pulls/47
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services `credentials` (#51)
If a service's image is from a container registry requires authentication, `act_runner` will need `credentials` to pull the image, see [documentation](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idcredentials).
Currently, `act_runner` incorrectly uses the `credentials` of `containers` to pull services' images and the `credentials` of services won't be used, see the related code: ba7ef95f06/pkg/runner/run_context.go (L228-L269)
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/51
Reviewed-by: Jason Song <i@wolfogre.com>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Add ContainerMaxLifetime and ContainerNetworkMode options
from: 1d92791718
* Fix container network issue (#56)
Follow: https://gitea.com/gitea/act_runner/pulls/184
Close https://gitea.com/gitea/act_runner/issues/177
- `act` create new networks only if the value of `NeedCreateNetwork` is true, and remove these networks at last. `NeedCreateNetwork` is passed by `act_runner`. 'NeedCreateNetwork' is true only if `container.network` in the configuration file of the `act_runner` is empty.
- In the `docker create` phase, specify the network to which containers will connect. Because, if not specify , container will connect to `bridge` network which is created automatically by Docker.
- If the network is user defined network ( the value of `container.network` is empty or `<custom-network>`. Because, the network created by `act` is also user defined network.), will also specify alias by `--network-alias`. The alias of service is `<service-id>`. So we can be access service container by `<service-id>:<port>` in the steps of job.
- Won't try to `docker network connect ` network after `docker start` any more.
- Because on the one hand, `docker network connect` applies only to user defined networks, if try to `docker network connect host <container-name>` will return error.
- On the other hand, we just specify network in the stage of `docker create`, the same effect can be achieved.
- Won't try to remove containers and networks berfore the stage of `docker start`, because the name of these containers and netwoks won't be repeat.
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/56
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>
* Check volumes (#60)
This PR adds a `ValidVolumes` config. Users can specify the volumes (including bind mounts) that can be mounted to containers by this config.
Options related to volumes:
- [jobs.<job_id>.container.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idcontainervolumes)
- [jobs.<job_id>.services.<service_id>.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idvolumes)
In addition, volumes specified by `options` will also be checked.
Currently, the following default volumes (see f78a6206d3/pkg/runner/run_context.go (L116-L166)) will be added to `ValidVolumes`:
- `act-toolcache`
- `<container-name>` and `<container-name>-env`
- `/var/run/docker.sock` (We need to add a new configuration to control whether the docker daemon can be mounted)
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/60
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Remove ContainerMaxLifetime; fix lint
* Remove unused ValidVolumes
* Remove ConnectToNetwork
* Add docker stubs
* Close docker clients to prevent file descriptor leaks
* Fix the error when removing network in self-hosted mode (#69)
Fixes https://gitea.com/gitea/act_runner/issues/255
Reviewed-on: https://gitea.com/gitea/act/pulls/69
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Move service container and network cleanup to rc.cleanUpJobContainer
* Add --network flag; default to host if not using service containers or set explicitly
* Correctly close executor to prevent fd leak
* Revert to tail instead of full path
* fix network duplication
* backport networkingConfig for aliaes
* don't hardcode netMode host
* Convert services test to table driven tests
* Add failing tests for services
* Expose service container ports onto the host
* Set container network mode in artifacts server test to host mode
* Log container network mode when creating/starting a container
* fix: Correctly handle ContainerNetworkMode
* fix: missing service container network
* Always remove service containers
Although we usually keep containers running if the workflow errored
(unless `--rm` is given) in order to facilitate debugging and we have
a flag (`--reuse`) to always keep containers running in order to speed
up repeated `act` invocations, I believe that these should only apply
to job containers and not service containers, because changing the
network settings on a service container requires re-creating it anyway.
* Remove networks only if no active endpoints exist
* Ensure job containers are stopped before starting a new job
* fix: go build -tags WITHOUT_DOCKER
---------
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: ZauberNerd <zaubernerd@zaubernerd.de>
From the Go docs:
"For a nil slice, the number of iterations is 0" [1]
Therefore, an additional nil check for `job.RunsOn()` before the loop is
unnecessary because `job.RunsOn()` returns a `[]string`.
[1]: https://go.dev/ref/spec#For_range
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* throw if `uses` is invalid
* update JobType to return error
* lint
* put //nolint:dupl on wrong test
* update error message to remove end punctuation
* lint
* update remote job type check
* move if statement
* rm nolint:dupl ... we'll see how that goes
---------
Co-authored-by: Casey Lee <cplee@nektos.com>
