76bf87f472
The `setupShell` function would update the shell stored on the `Step` object, setting it to either a default value from the job, an expression evaluated in the context of the job, a default from the workflow, or finally falling back to bash or powershell defaults. Typically this would be fine -- although it would trigger the data race detector because the `Step` is a shared object between multiple concurrent matrix evaluations for the job.
In the *really quite unlikely* case that the `shell` field on a step or job referenced a matrix variable, this data race would actually trigger the shared step's `Shell` value to end up as "whichever one was evaluated last", causing the wrong shell to be used. The new `matrix-shell` test triggers this behavior, and fails without the associated code fix.
As a fix, the `Shell` field in `Step` is never mutated; instead only the value on non-shared `stepRun` instance is updated from `setupShellCommand`. `Shell` was renamed to `RawShell` as part of verifying all references were updated and it seemed to make sense to keep that name since it is a pre-evaluator value.
```
==================
WARNING: DATA RACE
Write at 0x00c00013e9b0 by goroutine 1470:
code.forgejo.org/forgejo/runner/v9/act/runner.(*stepRun).setupShell()
/.../forgejo-runner/act/runner/step_run.go:210 +0x8f2
code.forgejo.org/forgejo/runner/v9/act/common/git.FindGitRevision()
/.../forgejo-runner/act/common/git/git.go:58 +0xc4
code.forgejo.org/forgejo/runner/v9/act/model.(*GithubContext).SetSha()
/.../forgejo-runner/act/model/github_context.go:161 +0x6b5
code.forgejo.org/forgejo/runner/v9/act/runner.(*RunContext).getGithubContext()
/.../forgejo-runner/act/runner/run_context.go:1228 +0x26ca
...
Previous write at 0x00c00013e9b0 by goroutine 1469:
code.forgejo.org/forgejo/runner/v9/act/runner.(*stepRun).setupShell()
/.../forgejo-runner/act/runner/step_run.go:210 +0x8f2
code.forgejo.org/forgejo/runner/v9/act/common/git.FindGitRevision()
/.../forgejo-runner/act/common/git/git.go:58 +0xc4
code.forgejo.org/forgejo/runner/v9/act/model.(*GithubContext).SetSha()
/.../forgejo-runner/act/model/github_context.go:161 +0x6b5
code.forgejo.org/forgejo/runner/v9/act/runner.(*RunContext).getGithubContext()
/.../forgejo-runner/act/runner/run_context.go:1228 +0x26ca
...
==================
```
<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- bug fixes
- [PR](https://code.forgejo.org/forgejo/runner/pulls/865): <!--number 865 --><!--line 0 --><!--description Zml4OiBkYXRhIHJhY2UgY29uZGl0aW9uIGNhdXNpbmcgaW5jb3JyZWN0IGBzaGVsbGAgb24gYSB0YXNrIHN0ZXAgaWYgaXQgcmVmZXJlbmNlZCBhIG1hdHJpeCB2YXJpYWJsZQ==-->fix: data race condition causing incorrect `shell` on a task step if it referenced a matrix variable<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/865
Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
|
||
|---|---|---|
| .forgejo | ||
| .github/workflows | ||
| act | ||
| contrib | ||
| examples | ||
| internal | ||
| release-notes | ||
| testutils | ||
| .dockerignore | ||
| .editorconfig | ||
| .gitattributes | ||
| .gitignore | ||
| .golangci.yml | ||
| Dockerfile | ||
| go.mod | ||
| go.sum | ||
| LICENSE | ||
| main.go | ||
| Makefile | ||
| README.md | ||
| RELEASE-NOTES.md | ||
| renovate.json | ||
Forgejo Runner
A daemon that connects to a Forgejo instance and runs jobs for continuous integration. The installation and usage instructions are part of the Forgejo documentation.
Reporting bugs
When filing a bug in the issue tracker, it is very helpful to propose a pull request in the end-to-end tests repository that adds a reproducer. It will fail the CI and unambiguously demonstrate that the problem exists. In most cases it is enough to add a workflow (see the echo example). For more complicated cases it is also possible to add a runner config file as well as shell scripts to setup and teardown the test case (see the service example).
Sensitive security-related issues should be reported to security@forgejo.org using encryption.
License
The Forgejo runner source code is distributed under the terms of the following licenses:
- MIT for the most part.
- Apache 2 for parts found in the act/container directory.
Architectures & OS
The Forgejo runner is supported and tested on amd64 and arm64 (binaries and containers) on Operating Systems based on the Linux kernel.
Work may be in progress for other architectures and you can browse the corresponding issues to figure out how they make progress. If you are interested in helping them move forward, open an issue. The most challenging part is to setup and maintain a native runner long term. Once it is supported by Forgejo, the runner is expected to be available 24/7 which can be challenging. Otherwise debugging any architecture specific problem won't be possible.
Hacking
The Forgejo runner is a dependency of the setup-forgejo action. See the full dependency graph for a global view.
Building
- Install Go and
make(1) make build
The test workflow is a full example that builds the binary, runs the tests and launches the runner binary against a live Forgejo instance.
Generate mocks
make deps-toolsmake generate
If there are changes, commit them to the repository.
Local debug
The repositories are checked out in the same directory:
- runner: Forgejo runner
- setup-forgejo: setup-forgejo
Install dependencies
The dependencies are installed manually or with:
setup-forgejo/forgejo-dependencies.sh
Build the Forgejo runner
cd runner ; rm -f forgejo-runner ; make forgejo-runner
Launch Forgejo and the runner
A Forgejo instance is launched with:
cd setup-forgejo
./forgejo.sh setup
firefox $(cat forgejo-url)
The user is root with password admin1234. The runner is registered with:
cd setup-forgejo
docker exec --user 1000 forgejo forgejo actions generate-runner-token > forgejo-runner-token
../runner/forgejo-runner register --no-interactive --instance "$(cat forgejo-url)" --name runner --token $(cat forgejo-runner-token) --labels docker:docker://node:22-bookworm,self-hosted:host,lxc:lxc://debian:bookworm
And launched with:
cd setup-forgejo ; ../runner/forgejo-runner --config runner-config.yml daemon
Note that the runner-config.yml is required in that particular case
to configure the network in bridge mode, otherwise the runner will
create a network that cannot reach the forgejo instance.
Try a sample workflow
From the Forgejo web interface, create a repository and add the
following to .forgejo/workflows/try.yaml. It will launch the job and
the result can be observed from the actions tab.
on: [push]
jobs:
ls:
runs-on: docker
steps:
- uses: actions/checkout@v4
- run: |
ls ${{ github.workspace }}