mirror of https://code.forgejo.org/forgejo/runner.git synced 2025-08-16 18:01:34 +00:00

Forgejo runner - alpha release, should not be considered secure enough to deploy in production

renovation

Find a file

Renovate Bot 5285f39e6b Update module github.com/rhysd/actionlint to v1.7.7 (#791 ) This PR contains the following updates: \| Package \| Change \| Age \| Confidence \| \|---\|---\|---\|---\| \| [github.com/rhysd/actionlint](https://github.com/rhysd/actionlint) \| `v1.6.27` -> `v1.7.7` \| [![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2frhysd%2factionlint/v1.7.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2frhysd%2factionlint/v1.6.27/v1.7.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) \| --- ### Release Notes <details> <summary>rhysd/actionlint (github.com/rhysd/actionlint)</summary> ### [`v1.7.7`](https://github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v177---2025-01-19) [Compare Source](https://github.com/rhysd/actionlint/compare/v1.7.6...v1.7.7) - Support runner labels for [Linux arm64 hosted runners](https://github.blog/changelog/2025-01-16-linux-arm64-hosted-runners-now-available-for-free-in-public-repositories-public-preview/). ([#503](https://github.com/rhysd/actionlint/issues/503), [#504](https://github.com/rhysd/actionlint/issues/504), thanks [@martincostello](https://github.com/martincostello)) - `ubuntu-24.04-arm` - `ubuntu-22.04-arm` - Update Go dependencies to the latest. - Update the popular actions data set to the latest. - Add Linux arm64 job to the CI workflow. Now actionlint is tested on the platform. ([#507](https://github.com/rhysd/actionlint/issues/507), thanks [@cclauss](https://github.com/cclauss)) \[Changes]\[v1.7.7] <a id="v1.7.6"></a> ### [`v1.7.6`](https://github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v176---2025-01-04) [Compare Source](https://github.com/rhysd/actionlint/compare/v1.7.5...v1.7.6) - Using contexts at specific workflow keys is incorrectly reported as not allowed. Affected workflow keys are as follows. ([#495](https://github.com/rhysd/actionlint/issues/495), [#497](https://github.com/rhysd/actionlint/issues/497), [#498](https://github.com/rhysd/actionlint/issues/498), [#500](https://github.com/rhysd/actionlint/issues/500)) - `jobs.<job_id>.steps.with.args` - `jobs.<job_id>.steps.with.entrypoint` - `jobs.<job_id>.services.<service_id>.env` - Update Go dependencies to the latest. \[Changes]\[v1.7.6] <a id="v1.7.5"></a> ### [`v1.7.5`](https://github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v175---2024-12-28) [Compare Source](https://github.com/rhysd/actionlint/compare/v1.7.4...v1.7.5) - Strictly check available contexts in `${{ }}` placeholders following the ['Context availability' table](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/accessing-contextual-information-about-workflow-runs#context-availability) in the official document. - For example, `jobs.<job_id>.defaults.run.shell` allows `env` context but `shell` workflow keys in other places allow no context. ```yaml defaults: run: ``` ### ERROR: No context is available here ``` shell: ${{ env.SHELL }} jobs: test: runs-on: ubuntu-latest defaults: run: ``` ### OK: 'env' context is available here ``` shell: ${{ env.SHELL }} steps: - run: echo hello ``` ### ERROR: No context is available here ```` shell: ${{ env.SHELL}} ``` ```` - Check a string literal passed to `fromJSON()` call. This pattern is [popular](https://github.com/search?q=fromJSON%28%27+lang%3Ayaml\&type=code) to create array or object constants because GitHub Actions does not provide the literal syntax for them. See the [document](https://github.com/rhysd/actionlint/blob/main/docs/checks.md#contexts-and-built-in-functions) for more details. ([#464](https://github.com/rhysd/actionlint/issues/464)) ```yaml jobs: test: ``` ### ERROR: Key 'mac' does not exist in the object returned by the fromJSON() ``` runs-on: ${{ fromJSON('{"win":"windows-latest","linux":"ubuntul-latest"}')['mac'] }} steps: - run: echo This is a special branch! ``` ### ERROR: Broken JSON string passed to fromJSON. ``` if: contains(fromJSON('["main","release","dev"'), github.ref_name) ``` ```` - Allow passing command arguments to `-shellcheck` argument. ([#483](https://github.com/rhysd/actionlint/issues/483), thanks [@anuraaga](https://github.com/anuraaga)) - This is useful when you want to use alternative build of shellcheck like [go-shellcheck](https://github.com/wasilibs/go-shellcheck/). ```sh actionlint -shellcheck="go run github.com/wasilibs/go-shellcheck/cmd/shellcheck@latest" ``` - Support undocumented `repository_visibility`, `artifact_cache_size_limit`, `step_summary`, `output`, `state` properties in `github` context. ([#489](https://github.com/rhysd/actionlint/issues/489), thanks [@rasa](https://github.com/rasa) for adding `repository_visibility` property) - Remove `macos-12` runner label from known labels because it was [dropped](https://github.com/actions/runner-images/issues/10721) from GitHub-hosted runners on Dec. 3 and is no longer available. - Add `windows-2025` runner label to the known labels. The runner is in [public preview](https://github.blog/changelog/2024-12-19-windows-server-2025-is-now-in-public-preview/). ([#491](https://github.com/rhysd/actionlint/issues/491), thanks [@ericcornelissen](https://github.com/ericcornelissen)) - Add `black` to the list of colors for `branding.color` action metadata. ([#485](https://github.com/rhysd/actionlint/issues/485), thanks [@eifinger](https://github.com/eifinger)) - Add `table` to the list of icons for `branding.icon` action metadata. - Fix parsing escaped `{` in `format()` function call's first argument. - Fix the incorrect `join()` function overload. `join(s1: string, s2: string)` was wrongly accepted. - Update popular actions data set to the latest. - Add `download-artifact/v3-node20` to the data set. ([#468](https://github.com/rhysd/actionlint/issues/468)) - Fix missing the `reviewdog/action-hadolint@v1` action input. ([#487](https://github.com/rhysd/actionlint/issues/487), thanks [@mi-wada](https://github.com/mi-wada)) - Link to the documents of the stable version in actionlint `man` page and `-help` output. - Refactor `LintStdin()` API example and some unit tests. ([#472](https://github.com/rhysd/actionlint/issues/472), [#475](https://github.com/rhysd/actionlint/issues/475), thanks [@alexandear](https://github.com/alexandear)) - Improve the configuration example in `actionlint.yaml` document to explain glob patterns for `paths`. ([#481](https://github.com/rhysd/actionlint/issues/481)) [Changes][v1.7.5] <a id="v1.7.4"></a> ```` ### [`v1.7.4`](https://github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v174---2024-11-04) [Compare Source](https://github.com/rhysd/actionlint/compare/v1.7.3...v1.7.4) - Disallow the usage of popular actions that run on `node16` runner. The `node16` runner [will reach the end of life on November 12](https://github.blog/changelog/2024-09-25-end-of-life-for-actions-node16/). - In case of the error, please update your actions to the latest version so that they run on the latest `node20` runner. - If you're using self-hosted runner and you cannot upgrade your runner to `node20` soon, please consider to ignore the error by the `paths` configuration described below. - If you're using `actions/upload-artifact@v3` and `actions/download-artifact@v3` on GHES, please replace them with `actions/upload-artifact@v3-node20` and `actions/download-artifact@v3-node20`. ([#468](https://github.com/rhysd/actionlint/issues/468)) - Provide the configuration for ignoring errors by regular expressions in `actionlint.yml` (or `actionlint.yaml`). Please see the [document](https://github.com/rhysd/actionlint/blob/v1.7.4/docs/config.md) for more details. ([#217](https://github.com/rhysd/actionlint/issues/217), [#342](https://github.com/rhysd/actionlint/issues/342)) - The `paths` is a mapping from the file path glob pattern to the corresponding configuration. The `ignore` configuration is a list of regular expressions to match error messages (similar to the `-ignore` command line option). ```yaml paths: ``` ### This pattern matches any YAML file under the '.github/workflows/' directory. ``` .github/workflows/*/.yaml: ignore: ``` ### Ignore the specific error from shellcheck ``` - 'shellcheck reported issue in this script: SC2086:.+' ``` ### This pattern only matches '.github/workflows/release.yaml' file. ``` .github/workflows/release.yaml: ignore: ``` ### Ignore errors from the old runner check. This may be useful for (outdated) self-hosted runner environment. ```` - 'the runner of ".+" action is too old to run on GitHub Actions' ``` ```` - This configuration was not implemented initially because I wanted to keep the configuration as minimal as possible. However, due to several requests for it, the configuration has now been added. - Untrusted inputs check is safely skipped inside specific function calls. ([#459](https://github.com/rhysd/actionlint/issues/459), thanks [@IlyaGulya](https://github.com/IlyaGulya)) - For example, the following step contains the untrusted input `github.head_ref`, but it is safe because it's passed to the `contains()` argument. ```yaml - run: echo "is_release_branch=${{ contains(github.head_ref, 'release') }}" >> "$GITHUB_OUTPUT" ``` - For more details, please read the [rule document](https://github.com/rhysd/actionlint/blob/v1.7.4/docs/checks.md#untrusted-inputs). - Recognize `gcr.io` and `gcr.dev` as the correct container registry hosts. ([#463](https://github.com/rhysd/actionlint/issues/463), thanks [@takaidohigasi](https://github.com/takaidohigasi)) - Note that it is recommended explicitly specifying the scheme like `docker://gcr.io/...`. - Remove `macos-x.0` runner labels which are no longer available. ([#452](https://github.com/rhysd/actionlint/issues/452)) - Disable shellcheck [`SC2043`](https://www.shellcheck.net/wiki/SC2043) rule because it can cause false positives on checking `run:`. ([#355](https://github.com/rhysd/actionlint/issues/355)) - The [rule document](https://github.com/rhysd/actionlint/blob/v1.7.4/docs/checks.md#check-shellcheck-integ) was updated as well. ([#466](https://github.com/rhysd/actionlint/issues/466), thanks [@risu729](https://github.com/risu729)) - Fix the error message was not deterministic when detecting cycles in `needs` dependencies. - Fix the check for `format()` function was not applied when the function name contains upper case like `Format()`. Note that function names in `${{ }}` placeholders are case-insensitive. - Update the popular actions data set to the latest. - This includes the [new `ref` and `commit` outputs](https://github.com/actions/checkout/pull/1180) of `actions/checkout`. - Add [`actions/cache/save`](https://github.com/actions/cache/tree/main/save) and [`actions/cache/restore`](https://github.com/actions/cache/tree/main/restore) to the popular actions data set. - Links in the [README.md](https://github.com/rhysd/actionlint/blob/main/README.md) now point to the document of the latest version tag instead of HEAD of `main` branch. - Add [`Linter.LintStdin`](https://pkg.go.dev/github.com/rhysd/actionlint#Linter.LintStdin) method dedicated to linting STDIN instead of handling STDIN in `Command`. - (Dev) Add new [`check-checks` script](https://github.com/rhysd/actionlint/tree/main/scripts/check-checks) to maintain the ['Checks' document](https://github.com/rhysd/actionlint/blob/main/docs/checks.md). It automatically updates the outputs and playground links for example inputs in the document. It also checks the document is up-to-date on CI. Please read the [document](https://github.com/rhysd/actionlint/blob/main/scripts/check-checks/README.md) for more details. [Documentation](https://github.com/rhysd/actionlint/tree/v1.7.4/docs) \[Changes]\[v1.7.4] <a id="v1.7.3"></a> ### [`v1.7.3`](https://github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v173---2024-09-29) [Compare Source](https://github.com/rhysd/actionlint/compare/v1.7.2...v1.7.3) - Remove `macos-11` runner labels because [macOS 11 runner was dropped on 6/28/2024](https://github.blog/changelog/2024-05-20-actions-upcoming-changes-to-github-hosted-macos-runners/#macos-11-deprecation-and-removal). ([#451](https://github.com/rhysd/actionlint/issues/451), thanks [@muzimuzhi](https://github.com/muzimuzhi)) - Support `macos-15`, `macos-15-large`, and `macos-15-xlarge` runner labels. The macOS 15 runner is not globally available yet, but [they are available in beta](https://github.com/actions/runner-images?tab=readme-ov-file#available-images). ([#453](https://github.com/rhysd/actionlint/issues/453), thanks [@muzimuzhi](https://github.com/muzimuzhi)) - Release artifact includes checksums for the released binaries. The file name is `actionlint_{version}_checksums.txt`. ([#449](https://github.com/rhysd/actionlint/issues/449)) - For example, the checksums for v1.7.3 can be found [here](https://github.com/rhysd/actionlint/releases/download/v1.7.3/actionlint_1.7.3_checksums.txt). - Fix `download-path` output is missing in `actions/download-artifact@v3` action. ([#442](https://github.com/rhysd/actionlint/issues/442)) - Note that the latest version `actions/download-artifact@v4` was not affected by this issue. - Support Go 1.23. [Documentation](https://github.com/rhysd/actionlint/blob/v1.7.3/docs/checks.md) \[Changes]\[v1.7.3] <a id="v1.7.2"></a> ### [`v1.7.2`](https://github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v172---2024-09-23) [Compare Source](https://github.com/rhysd/actionlint/compare/v1.7.1...v1.7.2) - Fix child processes to run in parallel. - Update the popular actions data set to the latest. ([#442](https://github.com/rhysd/actionlint/issues/442), [#445](https://github.com/rhysd/actionlint/issues/445), [#446](https://github.com/rhysd/actionlint/issues/446), [#447](https://github.com/rhysd/actionlint/issues/447), thanks [@maikelvdh](https://github.com/maikelvdh)) - Add support for checking branch filters on [`merge_group` event](https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#merge_group). ([#448](https://github.com/rhysd/actionlint/issues/448), thanks [@muzimuzhi](https://github.com/muzimuzhi)) - [The playground](https://rhysd.github.io/actionlint/) now supports both light and dark modes and automatically applies the system's theme. - Fix releasing a failure on making a new winget package. ([#438](https://github.com/rhysd/actionlint/issues/438), thanks [@vedantmgoyal9](https://github.com/vedantmgoyal9)) \[Changes]\[v1.7.2] <a id="v1.7.1"></a> ### [`v1.7.1`](https://github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v171---2024-05-28) [Compare Source](https://github.com/rhysd/actionlint/compare/v1.7.0...v1.7.1) - Support `ubuntu-24.04` runner label, which was [recently introduced as beta](https://github.blog/changelog/2024-05-14-github-hosted-runners-public-beta-of-ubuntu-24-04-is-now-available/). ([#425](https://github.com/rhysd/actionlint/issues/425), thanks [@bitcoin-tools](https://github.com/bitcoin-tools)) - Remove the support for `macos-10` runner label which was [officially dropped about 2 years ago](https://github.blog/changelog/2022-07-20-github-actions-the-macos-10-15-actions-runner-image-is-being-deprecated-and-will-be-removed-by-8-30-22/). - Remove the support for `windows-2016` runner label which was [officially dropped about 2 years ago](https://github.blog/changelog/2021-10-19-github-actions-the-windows-2016-runner-image-will-be-removed-from-github-hosted-runners-on-march-15-2022/). - Document URLs used in help output and links in the playground prefer specific version tag rather than `main` branch. For example, - Before: https://github.com/rhysd/actionlint/tree/main/docs - After: https://github.com/rhysd/actionlint/tree/v1.7.1/docs - Fix actionlint wrongly reports an error when using `ghcr.io` or `docker.io` at `image` field of action metadata file of Docker action without `docker://` scheme. ([#428](https://github.com/rhysd/actionlint/issues/428)) ```yaml runs: using: 'docker' ``` ### This should be OK ``` image: 'ghcr.io/user/repo:latest' ``` ``` - Fix checking `preactjs/compressed-size-action@v2` usage caused a false positive. ([#422](https://github.com/rhysd/actionlint/issues/422)) - Fix an error message when invalid escaping is found in globs. - The design of the [playground page](https://rhysd.github.io/actionlint/) is overhauled following the upgrade of bulma package to v1. - Current actionlint version is shown in the heading. - The color theme is changed to the official dark theme. - The list of useful links is added to the bottom of the page as 'Resources' section. [Changes][v1.7.1] <a id="v1.7.0"></a> ``` ### [`v1.7.0`](https://github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v170---2024-05-08) [Compare Source](https://github.com/rhysd/actionlint/compare/v1.6.27...v1.7.0) - From this version, actionlint starts to check action metadata file `action.yml` (or `action.yaml`). At this point, only very basic checks are implemented and contents of `steps:` are not checked yet. - It checks properties under `runs:` section (e.g. `main:` can be specified when it is a JavaScript action), `branding:` properties, and so on. ```yaml name: 'My action' author: '...' ``` ### ERROR: 'description' section is missing ``` branding: ``` ### ERROR: Invalid icon name ``` icon: dog runs: ``` ### ERROR: Node.js runtime version is too old ``` using: 'node12' ``` ### ERROR: The source file being run by this action does not exist ``` main: 'this-file-does-not-exist.js' ``` ### ERROR: 'env' configuration is only allowed for Docker actions ```` env: SOME_VAR: SOME_VALUE ``` ```` - actionlint still focuses on checking workflow files. So there is no way to directly specify `action.yml` as an argument of `actionlint` command. actionlint checks all local actions which are used by given workflows. If you want to use actionlint for your action development, prepare a test/example workflow which uses your action, and check it with actionlint instead. - Checks for `steps:` contents are planned to be implemented. Since several differences are expected between `steps:` in workflow file and `steps:` in action metadata file (e.g. available contexts), the implementation is delayed to later version. And the current implementation of action metadata parser is ad hoc. I'm planning a large refactorying and breaking changes Go API around it are expected. - Add `runner.environment` property. ([#412](https://github.com/rhysd/actionlint/issues/412)) ```yaml - run: echo 'Run by GitHub-hosted runner' if: runner.environment == 'github-hosted' ``` - Using outdated popular actions is now detected at error. See [the document](https://github.com/rhysd/actionlint/blob/main/docs/checks.md#detect-outdated-popular-actions) for more details. - Here 'outdated' means actions which use runtimes no longer supported by GitHub-hosted runners such as `node12`. ```yaml ``` ### ERROR: actions/checkout@v2 is using the outdated runner 'node12' ```` - uses: actions/checkout@v2 ``` ```` - Support `attestations` permission which was [recently added to GitHub Actions as beta](https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds). ([#418](https://github.com/rhysd/actionlint/issues/418), thanks [@bdehamer](https://github.com/bdehamer)) ```yaml permissions: id-token: write contents: read attestations: write ``` - Check comparison expressions more strictly. Arbitrary types of operands can be compared as [the official document](https://docs.github.com/en/actions/learn-github-actions/expressions#operators) explains. However, comparisons between some types are actually meaningless because the values are converted to numbers implicitly. actionlint catches such meaningless comparisons as errors. Please see [the check document](https://github.com/rhysd/actionlint/blob/main/docs/checks.md#check-comparison-types) for more details. ```yaml on: workflow_call: inputs: timeout: type: boolean jobs: test: runs-on: ubuntu-latest steps: - run: echo 'called!' ``` ### ERROR: Comparing string to object is always evaluated to false ``` if: ${{ github.event == 'workflow_call' }} - run: echo 'timeout is too long' ``` ### ERROR: Comparing boolean value with `>` doesn't make sense ``` if: ${{ inputs.timeout > 60 }} ``` ```` - Follow the update that `macos-latest` is now an alias to `macos-14` runner. - Support a custom python shell by `pyflakes` rule. - Add workaround actionlint reports that `dorny/paths-filter`'s `predicate-quantifier` input is not defined. ([#416](https://github.com/rhysd/actionlint/issues/416)) - Fix the type of a conditional expression by comparison operators is wider than expected by implementing type narrowing. ([#384](https://github.com/rhysd/actionlint/issues/384)) - For example, the type of following expression should be `number` but it was actually `string \| number` and actionlint complained that `timeout-minutes` must take a number value. ```yaml timeout-minutes: ${{ env.FOO && 10 \|\| 60 }} ``` - Fix `${{ }}` placeholder is not available at `jobs.<job_id>.services`. ([#402](https://github.com/rhysd/actionlint/issues/402)) ```yaml jobs: test: services: ${{ fromJSON('...') }} runs-on: ubuntu-latest steps: - run: ... ```` - Do not check outputs of `google-github-actions/get-secretmanager-secrets` because this action sets outputs dynamically. ([#404](https://github.com/rhysd/actionlint/issues/404)) - Fix `defaults.run` is ignored on detecting the shell used in `run:`. ([#409](https://github.com/rhysd/actionlint/issues/409)) ```yaml defaults: run: shell: pwsh jobs: test: runs-on: ubuntu-latest steps: ``` ### This was wrongly detected as bash script ``` - run: $Env:FOO = "FOO" ``` ```` - Fix parsing a syntax error reported from pyflakes when checking a Python script in `run:`. ([#411](https://github.com/rhysd/actionlint/issues/411)) ```yaml - run: print( shell: python ```` - Skip checking `exclude:` items in `matrix:` when they are constructed from `${{ }}` dynamically. ([#414](https://github.com/rhysd/actionlint/issues/414)) ```yaml matrix: foo: ['a', 'b'] exclude: ``` ### actionlint complained this value didn't exist in matrix combinations ``` - foo: ${{ env.EXCLUDE_FOO }} ``` ```` - Fix checking `exclude:` items when `${{ }}` is used in nested arrays at matrix items. ```yaml matrix: foo: - ["${{ fromJSON('...') }}"] exclude: ### actionlint complained this value didn't match to any matrix combinations - foo: ['foo'] ```` - Update popular actions data set. New major versions are added and the following actions are newly added. - `peaceiris/actions-hugo` - `actions/attest-build-provenance` - `actions/add-to-project` - `octokit/graphql-action` - Update Go dependencies to the latest. - Reduce the size of `actionlint` executable by removing redundant data from popular actions data set. - x86\_64 executable binary size was reduced from 6.9MB to 6.7MB (2.9% smaller). - Wasm binary size was reduced from 9.4MB to 8.9MB (5.3% smaller). - Describe how to [integrate actionlint to Pulsar Edit](https://web.pulsar-edit.dev/packages/linter-github-actions) in [the document](https://github.com/rhysd/actionlint/blob/main/docs/usage.md#pulsar-edit). ([#408](https://github.com/rhysd/actionlint/issues/408), thanks [@mschuchard](https://github.com/mschuchard)) - Update outdated action versions in the usage document. ([#413](https://github.com/rhysd/actionlint/issues/413), thanks [@naglis](https://github.com/naglis)) \[Changes]\[v1.7.0] <a id="v1.6.27"></a> </details> --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS40My41IiwidXBkYXRlZEluVmVyIjoiNDEuNDMuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/791 Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org> Co-authored-by: Renovate Bot <bot@kriese.eu> Co-committed-by: Renovate Bot <bot@kriese.eu>		2025-08-02 17:56:34 +00:00
.forgejo	chore: the release link to RELEASE-NOTES.md is no longer needed (take 2) (#789 )	2025-08-02 11:37:51 +00:00
act	fix: vars context is allowed in default values of action inputs (#786 )	2025-08-02 06:38:42 +00:00
contrib	Restore `contrib/forgejo-runner.service` (#772 )	2025-07-30 22:16:05 +00:00
examples	feat: add an LXC based example of docker/build-push-action usage (#781 )	2025-08-01 14:04:02 +00:00
internal	chore: to allow the runner to be imported, v9 needs to be in the go module (#777 )	2025-07-31 10:35:11 +00:00
release-notes	feat: add the runner validate subcommand (#757 )	2025-07-31 05:37:12 +00:00
testutils	feat: add the runner validate subcommand (#757 )	2025-07-31 05:37:12 +00:00
.dockerignore	[FORGEJO] build forgejo-runner	2023-08-23 14:44:47 +02:00
.editorconfig	Add .editorconfig and .gitattributes (#186 )	2023-05-13 23:51:22 +08:00
.gitattributes	Add .editorconfig and .gitattributes (#186 )	2023-05-13 23:51:22 +08:00
.gitignore	chore: remove unused code and comments including gitea	2025-07-03 18:58:11 +02:00
.golangci.yml	chore: disable package name checks for revive [skip cascade] (#750 )	2025-07-28 12:26:08 +00:00
Dockerfile	Update data.forgejo.org/oci/alpine Docker tag to v3.22 (#616 )	2025-06-18 05:43:57 +00:00
go.mod	Update module github.com/rhysd/actionlint to v1.7.7 (#791 )	2025-08-02 17:56:34 +00:00
go.sum	Update module github.com/rhysd/actionlint to v1.7.7 (#791 )	2025-08-02 17:56:34 +00:00
LICENSE	chore: update LICENSE year	2025-07-03 18:58:11 +02:00
main.go	chore: to allow the runner to be imported, v9 needs to be in the go module (#777 )	2025-07-31 10:35:11 +00:00
Makefile	chore: to allow the runner to be imported, v9 needs to be in the go module (#777 )	2025-07-31 10:35:11 +00:00
README.md	feat(security): recommend security issues are reported to security@forgejo.org (#768 )	2025-07-31 05:36:34 +00:00
RELEASE-NOTES.md	chore: release notes are now published together with the release (#775 )	2025-07-31 08:02:20 +00:00
renovate.json	chore(renovate): ignore all test data	2025-07-31 10:01:23 +02:00

README.md

Forgejo Runner

WARNING: this is alpha release quality code and should not be considered secure enough to deploy in production.

A daemon that connects to a Forgejo instance and runs jobs for continuous integration. The installation and usage instructions are part of the Forgejo documentation.

Reporting bugs

When filing a bug in the issue tracker, it is very helpful to propose a pull request in the end-to-end tests repository that adds a reproducer. It will fail the CI and unambiguously demonstrate that the problem exists. In most cases it is enough to add a workflow (see the echo example). For more complicated cases it is also possible to add a runner config file as well as shell scripts to setup and teardown the test case (see the service example).

Sensitive security-related issues should be reported to security@forgejo.org using encryption.

Architectures & OS

The Forgejo runner is supported and tested on amd64 and arm64 (binaries and containers) on Operating Systems based on the Linux kernel.

Work may be in progress for other architectures and you can browse the corresponding issues to figure out how they make progress. If you are interested in helping them move forward, open an issue. The most challenging part is to setup and maintain a native runner long term. Once it is supported by Forgejo, the runner is expected to be available 24/7 which can be challenging. Otherwise debugging any architecture specific problem won't be possible.

Hacking

The Forgejo runner is a dependency of the setup-forgejo action. See the full dependency graph for a global view.

Building

Install Go and make(1)
make build

The test workflow is a full example that builds the binary, runs the tests and launches the runner binary against a live Forgejo instance.

Generate mocks

make deps-tools
make generate

If there are changes, commit them to the repository.

Local debug

The repositories are checked out in the same directory:

runner: Forgejo runner
setup-forgejo: setup-forgejo

Install dependencies

The dependencies are installed manually or with:

setup-forgejo/forgejo-dependencies.sh

Build the Forgejo runner

cd runner ; rm -f forgejo-runner ; make forgejo-runner

Launch Forgejo and the runner

A Forgejo instance is launched with:

cd setup-forgejo
./forgejo.sh setup
firefox $(cat forgejo-url)

The user is root with password admin1234. The runner is registered with:

cd setup-forgejo
docker exec --user 1000 forgejo forgejo actions generate-runner-token > forgejo-runner-token
../runner/forgejo-runner register --no-interactive --instance "$(cat forgejo-url)" --name runner --token $(cat forgejo-runner-token) --labels docker:docker://node:22-bookworm,self-hosted:host,lxc:lxc://debian:bookworm

And launched with:

cd setup-forgejo ; ../runner/forgejo-runner --config runner-config.yml daemon

Note that the runner-config.yml is required in that particular case to configure the network in bridge mode, otherwise the runner will create a network that cannot reach the forgejo instance.

Try a sample workflow

From the Forgejo web interface, create a repository and add the following to .forgejo/workflows/try.yaml. It will launch the job and the result can be observed from the actions tab.

on: [push]
jobs:
  ls:
    runs-on: docker
    steps:
      - uses: actions/checkout@v4
      - run: |
          ls ${{ github.workspace }}