mirror of
https://code.forgejo.org/forgejo/runner.git
synced 2025-10-15 19:42:06 +00:00
2bccbec3ae
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [code.forgejo.org/forgejo/runner](https://forgejo.org) ([source](https://code.forgejo.org/forgejo/runner)) | patch | `11.1.1` -> `11.1.2` | | [forgejo/runner](https://code.forgejo.org/forgejo/runner) | patch | `11.1.1` -> `11.1.2` | --- ### Release Notes <details> <summary>forgejo/runner (code.forgejo.org/forgejo/runner)</summary> ### [`v11.1.2`](https://code.forgejo.org/forgejo/runner/releases/tag/v11.1.2) [Compare Source](https://code.forgejo.org/forgejo/runner/compare/v11.1.1...v11.1.2) - [User guide](https://forgejo.org/docs/next/user/actions/overview/) - [Administrator guide](https://forgejo.org/docs/next/admin/actions/) - [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions) Release Notes *** <!--start release-notes-assistant--> <!--URL:https://code.forgejo.org/forgejo/runner--> - features - [PR](https://code.forgejo.org/forgejo/runner/pulls/1026): <!--number 1026 --><!--line 0 --><!--description ZmVhdDogc3VwcG9ydCBldmFsdWF0aW5nIHdvcmtmbG93LWxldmVsIGNvbmN1cnJlbmN5IGJsb2NrcyBpbiBqb2JwYXJzZXI=-->feat: support evaluating workflow-level concurrency blocks in jobparser<!--description--> - bug fixes - [PR](https://code.forgejo.org/forgejo/runner/pulls/1051): <!--number 1051 --><!--line 0 --><!--description Zml4KHNlY3VyaXR5KTogYSBtdWx0aWxpbmUgc2VjcmV0IG1heSBiZSBmb3VuZCBpbiBhIHNpbmdsZSBsb2cgZW50cnk=-->fix(security): a multiline secret may be found in a single log entry<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1048): <!--number 1048 --><!--line 0 --><!--description Zml4OiBpbXByb3ZlIGxvZ2dpbmcgdG8gZGlhZ25vc2UgbXlzdGVyeSBqb2IgdGVybWluYXRpb25z-->fix: improve logging to diagnose mystery job terminations<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1043): <!--number 1043 --><!--line 0 --><!--description Zml4OiBtb2RpZnlpbmcgYSBjYWNoZSBzZWNyZXQgZG9lcyBub3QgaW52YWxpZGF0ZSBjYWNoZWQgZW50cmllcw==-->fix: modifying a cache secret does not invalidate cached entries<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1040): <!--number 1040 --><!--line 0 --><!--description Zml4OiBhbGxvdyBHQyAmIGNhY2hlIG9wZXJhdGlvbnMgdG8gb3BlcmF0ZSBjb25jdXJyZW50bHk=-->fix: allow GC & cache operations to operate concurrently<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1037): <!--number 1037 --><!--line 0 --><!--description Zml4OiBkbyBub3QgYXR0ZW1wdCB0byBydW4gdGhlIExYQyBzdG9wIHNjcmlwdCB3aXRoIHNlbGYtaG9zdGVk-->fix: do not attempt to run the LXC stop script with self-hosted<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1031): <!--number 1031 --><!--line 0 --><!--description Zml4OiBldmVudC5wdWxsX3JlcXVlc3QuYWN0aW9uID09IGNsb3NlZCBjYW4gdXNlIHRoZSBjYWNoZSBvZiB0aGUgYmFzZSByZXBvc2l0b3J5-->fix: event.pull\_request.action == closed can use the cache of the base repository<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1027): <!--number 1027 --><!--line 0 --><!--description Zml4OiBDb3JyZWN0bHkgb3ZlcnJpZGUgdGhlIHZhbHVlIG9mIGBGb3JnZWpvLUNhY2hlLUhvc3RgIHdoZW4gQUNUSU9OU19DQUNIRV9VUkwgaXMgb3ZlcnJpZGRlbi4=-->fix: Correctly override the value of `Forgejo-Cache-Host` when ACTIONS\_CACHE\_URL is overridden.<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1019): <!--number 1019 --><!--line 0 --><!--description Zml4OiBhIGNvbXBvc2l0ZSBhY3Rpb24gbXVzdCBub3QgY2hhbmdlIHRoZSByZXN1bHQgb2YgdGhlIGNhbGxpbmcgc3RlcCBiZWZvcmUgaXQgY29tcGxldGVz-->fix: a composite action must not change the result of the calling step before it completes<!--description--> - other - [PR](https://code.forgejo.org/forgejo/runner/pulls/1033): <!--number 1033 --><!--line 0 --><!--description Y2hvcmU6IHRlc3Q6IGV4ZXJjaXNlIGNvbnRleHRzIGluIG1hdHJpeCB3aGVuIHZhbGlkYXRpbmcgd29ya2Zsb3dz-->chore: test: exercise contexts in matrix when validating workflows<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1029): <!--number 1029 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb25uZWN0cnBjLmNvbS9jb25uZWN0IHRvIHYxLjE5LjA=-->Update module connectrpc.com/connect to v1.19.0<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1025): <!--number 1025 --><!--line 0 --><!--description Y2hvcmU6IGZpeCB0eXBvIGluIHRoZSBkb2N1bWVudGF0aW9u-->chore: fix typo in the documentation<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1023): <!--number 1023 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvbGFuZ2NpL2dvbGFuZ2NpLWxpbnQvdjIvY21kL2dvbGFuZ2NpLWxpbnQgdG8gdjIuNS4w-->Update module github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.5.0<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1022): <!--number 1022 --><!--line 0 --><!--description VXBkYXRlIGNvZGUuZm9yZ2Vqby5vcmcvZm9yZ2Vqby9mb3JnZWpvIERvY2tlciB0YWcgdG8gdjExLjAuNg==-->Update code.forgejo.org/forgejo/forgejo Docker tag to v11.0.6<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1020): <!--number 1020 --><!--line 0 --><!--description Y2hvcmU6IHVwZ3JhZGUgTFhDIGV4YW1wbGUgdG8gRGViaWFuIEdOVS9MaW51eCB0cml4aWU=-->chore: upgrade LXC example to Debian GNU/Linux trixie<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1021): <!--number 1021 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzLjAuNA==-->Update <https://data.forgejo.org/actions/setup-forgejo> action to v3.0.4<!--description--> - [PR](https://code.forgejo.org/forgejo/runner/pulls/1018): <!--number 1018 --><!--line 0 --><!--description VXBkYXRlIGZvcmdlam8tcnVubmVyIHRvIHYxMS4xLjE=-->Update forgejo-runner to v11.1.1<!--description--> <!--end release-notes-assistant--> </details> --- ### Configuration 📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xMzEuOSIsInVwZGF0ZWRJblZlciI6IjQxLjEzMS45IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJLaW5kL0RlcGVuZGVuY3lVcGRhdGUiLCJydW4tZW5kLXRvLWVuZC10ZXN0cyJdfQ==--> Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/1055 Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org> Co-authored-by: Renovate Bot <bot@kriese.eu> Co-committed-by: Renovate Bot <bot@kriese.eu> |
||
|---|---|---|
| .. | ||
| forgejo-runner-service.sh | ||
| README.md | ||
forgejo-runner-service.sh installs a Forgejo runner within an LXC container and runs it from a systemd service.
Quickstart
- Install:
sudo wget -O /usr/local/bin/forgejo-runner-service.sh https://code.forgejo.org/forgejo/runner/raw/branch/main/examples/lxc-systemd/forgejo-runner-service.sh && sudo chmod +x /usr/local/bin/forgejo-runner-service.sh - Obtain a runner registration token ($TOKEN)
- Choose a serial number that is not already in use in
/etc/forgejo-runner - Create a runner
export INPUTS_SERIAL=30 ; INPUTS_TOKEN=$TOKEN INPUTS_FORGEJO=https://code.forgejo.org forgejo-runner-service.sh - Start
systemctl enable --now forgejo-runner@$INPUTS_SERIAL - Monitor with:
systemctl status forgejo-runner@$INPUTS_SERIALtail --follow=name /var/log/forgejo-runner/$INPUTS_SERIAL.log
Installation or upgrade
Installation
sudo wget -O /usr/local/bin/forgejo-runner-service.sh https://code.forgejo.org/forgejo/runner/raw/branch/main/examples/lxc-systemd/forgejo-runner-service.sh && sudo chmod +x /usr/local/bin/forgejo-runner-service.sh
Upgrade
Warning
runners will not be upgraded immediately, the upgrade will happen when they restart (at
$INPUTS_LIFETIMEintervals).
The following will be upgraded:
forgejo-runner-service.shwill replace itself with the script found at the provided URL (e.g.https://code.forgejo.org/forgejo/runner/src/tag/v6.3.1/examples/lxc-systemd/forgejo-runner-service.sh)lxc-helpers*.shwill be replaced with the version pinned inforgejo-runner-service.shforgejo-runner-X.Y.Zwill default to the version hardcoded inforgejo-runner-service.sh
Example:
forgejo-runner-service.sh upgrade https://code.forgejo.org/forgejo/runner/src/tag/v6.3.1/examples/lxc-systemd/forgejo-runner-service.sh
Description
- Each runner is assigned a unique serial number (
$INPUTS_SERIAL) - The configuration is in
/etc/forgejo-runner/$INPUTS_SERIAL - The environment variables are in
/etc/forgejo-runner/$INPUTS_SERIAL/env - The cache is in
/var/lib/forgejo-runner/runner-$INPUTS_SERIAL - The systemd service unit is
forgejo-runner@$INPUTS_SERIAL - The logs of the runner daemon are in
/var/log/forgejo-runner/$INPUTS_SERIAL.log
How it works
- Creating a runner (for instance with
INPUTS_SERIAL=30 INPUTS_TOKEN=$TOKEN INPUTS_FORGEJO=https://code.forgejo.org forgejo-runner-service.sh) will:- use
$INPUTS_TOKENto register on$INPUTS_FORGEJOand save the result in the/etc/forgejo-runner/$INPUTS_SERIAL/.runnerfile - generate a default configuration file in the
/etc/forgejo-runner/$INPUTS_SERIAL/config.ymlfile which can then be manually edited
- use
- Each runner is launched in a dedicated LXC container named
runner-$INPUTS_SERIAL-lxcwith the following bind mounts:/etc/forgejo-runner/$INPUTS_SERIAL/var/lib/forgejo-runner/runner-$INPUTS_SERIAL/.cache/actcache
systemctl start forgejo-runner@$INPUTS_SERIALwill do the following when it starts and every$INPUTS_LIFETIMEinterval after that:- attempt to gracefully stop (SIGTERM) the runner, waiting for all jobs to complete
- forcibly kill the runner if it does not stop within 6h
- shutdown the LXC container and delete it (the volumes bind mounted are preserved)
- create a brand new LXC container (with the specified
$INPUTS_LXC_CONFIG) - install and run a Forgejo runner daemon in the LXC container using
/etc/forgejo-runner/$INPUTS_SERIAL/config.yml - redirect the output of the runner to
/var/log/forgejo-runner/$INPUTS_SERIAL.log
systemctl stop forgejo-runner@$INPUTS_SERIALwill stop the runner but keep the LXC container running
Creation
The creation of a new runner is driven by the following environment variables:
INPUTS_SERIAL: unique number in the range[10-100](check/etc/forgejo-runner)INPUTS_TOKEN: a runner registration token obtained from the web UIINPUTS_FORGEJO: the Forgejo instance from whichINPUTS_TOKENwas obtained (e.g. https://code.forgejo.org)INPUTS_RUNNER_VERSION: the version of the Forgejo runner as found in https://code.forgejo.org/forgejo/runner/releases (e.g. 9.0.2)INPUTS_LXC_CONFIG: the value of the--configargument of lxc-helpers used when creating the LXC container for the runner (e.g.docker)INPUTS_LIFETIME: the LXC container is re-created when its lifetime expires (e.g. 7d)
Hacking
- An existing LXC configuration will not be modified. If
lxc-lsexists, it is assumed that LXC is configured and ready to be used. - Migrating an existing runner:
serial=10 mkdir /etc/forgejo-runner/$serial cp .runner config.yml /etc/forgejo-runner/$serial INPUTS_SERIAL=$serial INPUTS_FORGEJO=https://code.forgejo.org forgejo-runner-service.sh systemctl status forgejo-runner@$serial - Set debug by adding
VERBOSE=truein/etc/forgejo-runner/$INPUTS_SERIAL/env
Use a specific version of the Forgejo runner
The goal is that a LXC container uses a version of the Forgejo runner that is different from the default. It needs to be installed and pinned.
- Install:
INPUTS_RUNNER_VERSION=9.0.2 forgejo-runner-service.sh install_runner - Pin the version in
/etc/forgejo-runner/N/env(e.g.INPUTS_RUNNER_VERSION=9.0.2)