d2b39167a8
This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure) | `v2.3.0` -> `v2.4.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data [GHSA-2464-8j7c-4cjm](https://github.com/advisories/GHSA-2464-8j7c-4cjm) <details> <summary>More information</summary> #### Details ##### Summary Use of this library in a security-critical context may result in leaking sensitive information, if used to process sensitive fields. ##### Details OpenBao (and presumably HashiCorp Vault) have surfaced error messages from `mapstructure` as follows: |
||
|---|---|---|
| .forgejo | ||
| .github/workflows | ||
| act | ||
| contrib | ||
| examples | ||
| internal | ||
| release-notes | ||
| testutils | ||
| .dockerignore | ||
| .editorconfig | ||
| .gitattributes | ||
| .gitignore | ||
| .golangci.yml | ||
| Dockerfile | ||
| go.mod | ||
| go.sum | ||
| LICENSE | ||
| main.go | ||
| Makefile | ||
| README.md | ||
| RELEASE-NOTES.md | ||
| renovate.json | ||
Forgejo Runner
A daemon that connects to a Forgejo instance and runs jobs for continuous integration. The installation and usage instructions are part of the Forgejo documentation.
Reporting bugs
When filing a bug in the issue tracker, it is very helpful to propose a pull request in the end-to-end tests repository that adds a reproducer. It will fail the CI and unambiguously demonstrate that the problem exists. In most cases it is enough to add a workflow (see the echo example). For more complicated cases it is also possible to add a runner config file as well as shell scripts to setup and teardown the test case (see the service example).
Sensitive security-related issues should be reported to security@forgejo.org using encryption.
License
The Forgejo runner source code is distributed under the terms of the following licenses:
- MIT for the most part.
- Apache 2 for parts found in the act/container directory.
Architectures & OS
The Forgejo runner is supported and tested on amd64 and arm64 (binaries and containers) on Operating Systems based on the Linux kernel.
Work may be in progress for other architectures and you can browse the corresponding issues to figure out how they make progress. If you are interested in helping them move forward, open an issue. The most challenging part is to setup and maintain a native runner long term. Once it is supported by Forgejo, the runner is expected to be available 24/7 which can be challenging. Otherwise debugging any architecture specific problem won't be possible.
Hacking
The Forgejo runner is a dependency of the setup-forgejo action. See the full dependency graph for a global view.
Building
- Install Go and
make(1) make build
The test workflow is a full example that builds the binary, runs the tests and launches the runner binary against a live Forgejo instance.
Generate mocks
make deps-toolsmake generate
If there are changes, commit them to the repository.
Local debug
The repositories are checked out in the same directory:
- runner: Forgejo runner
- setup-forgejo: setup-forgejo
Install dependencies
The dependencies are installed manually or with:
setup-forgejo/forgejo-dependencies.sh
Build the Forgejo runner
cd runner ; rm -f forgejo-runner ; make forgejo-runner
Launch Forgejo and the runner
A Forgejo instance is launched with:
cd setup-forgejo
./forgejo.sh setup
firefox $(cat forgejo-url)
The user is root with password admin1234. The runner is registered with:
cd setup-forgejo
docker exec --user 1000 forgejo forgejo actions generate-runner-token > forgejo-runner-token
../runner/forgejo-runner register --no-interactive --instance "$(cat forgejo-url)" --name runner --token $(cat forgejo-runner-token) --labels docker:docker://node:22-bookworm,self-hosted:host,lxc:lxc://debian:bookworm
And launched with:
cd setup-forgejo ; ../runner/forgejo-runner --config runner-config.yml daemon
Note that the runner-config.yml is required in that particular case
to configure the network in bridge mode, otherwise the runner will
create a network that cannot reach the forgejo instance.
Try a sample workflow
From the Forgejo web interface, create a repository and add the
following to .forgejo/workflows/try.yaml. It will launch the job and
the result can be observed from the actions tab.
on: [push]
jobs:
ls:
runs-on: docker
steps:
- uses: actions/checkout@v4
- run: |
ls ${{ github.workspace }}