5.3 KiB
layout | title | license |
---|---|---|
~/layouts/Markdown.astro | Forgejo Actions | CC-BY-SA-4.0 |
Forgejo Actions
provides continuous integration driven from the files in the .forgejo/workflows
directory of a repository. It is still experimental and disabled by default. It can be activated by adding the following to app.ini
:
[actions]
ENABLED = true
Forgejo
itself does not run the jobs, it relies on the Forgejo runner to do so.
Forgejo runner
Installation
Download the latest binary release and verify their signature:
$ wget -O forgejo-runner https://code.forgejo.org/forgejo/runner/releases/download/v2.0.3/forgejo-runner-amd64
$ chmod +x forgejo-runner
$ wget -O forgejo-runner.asc https://code.forgejo.org/forgejo/runner/releases/download/v2.0.3/forgejo-runner-amd64.asc
$ gpg --keyserver keys.openpgp.org --recv EB114F5E6C0DC2BCDD183550A4B61A2DC5923710
$ gpg --verify forgejo-runner.asc forgejo-runner
Good signature from "Forgejo <contact@forgejo.org>"
aka "Forgejo Releases <release@forgejo.org>"
Docker
For jobs to run in containers, the Forgejo runner
needs access to Docker.
LXC
For jobs to run in LXC containers, the Forgejo runner
needs passwordless sudo access on a Debian GNU/Linux bookworm system where LXC is installed. The LXC helpers can be used as follows to create a suitable container:
$ git clone https://code.forgejo.org/forgejo/lxc-helpers
$ ./lxc-helpers/lxc-helpers.sh lxc_container_create myrunner
$ ./lxc-helpers/lxc-helpers.sh lxc_container_start myrunner
The Forgejo runner
can then be installed and run within the myrunner
container.
$ ./lxc-helpers/lxc-helpers.sh lxc_container_run bash
# apt-get install docker.io wget gnupg2
# wget -O forgejo-runner https://code.forgejo.org/forgejo/runner/releases/download/v2.0.3/forgejo-runner-amd64
...
Warning: LXC containers do not provide a level of security that makes them safe for potentially malicious users to run jobs. They provide an excellent isolation for jobs that may accidentally damage the system they run on.
Registration
The Forgejo runner
needs to connect to a Forgejo
instance and must register itself before doing so. It will be given permission to read the repositories and send back information to Forgejo
such as the logs or its status. A special kind of token is needed and can be obtained from the Create new runner
button:
- in
/admin/runners
to gain access to all repositories. - in
/org/{organization}/settings/actions/runners
to gain access to all repositories within the organization. - in
/{owner}/{repository}/settings/actions/runners
to gain access to a single repository.
For instance, using a token obtained for a test repository from next.forgejo.org
:
forgejo-runner register --no-interactive --token {TOKEN} --name runner --instance https://next.forgejo.org --labels ubuntu-latest:docker://node:16-buster,self-hosted
INFO Registering runner, arch=amd64, os=linux, version=2.0.3.
WARN Runner in user-mode.
DEBU Successfully pinged the Forgejo instance server
INFO Runner registered successfully.
It will create a .runner
file that looks like:
{
"WARNING": "This file is automatically generated. Do not edit.",
"id": 6,
"uuid": "fcd0095a-291c-420c-9de7-965e2ebaa3e8",
"name": "runner",
"token": "{TOKEN}",
"address": "https://next.forgejo.org",
"labels": ["ubuntu-latest:docker://node:16-buster", "self-hosted"]
}
Running
Once the Forgejo runner
is successfully registered, it can be run from the directory in which the .runner
file is found with:
$ forgejo-runner daemon
INFO[0000] Starting runner daemon
Adding the .forgejo/workflows/demo.yaml
file to the test repository:
on: [push]
jobs:
test:
runs-on: ubuntu-latest
steps:
- run: echo All Good
Will send a job request to the Forgejo runner
that will display logs such as:
...
INFO[2023-05-28T18:54:53+02:00] task 29 repo is earl-warren/test https://code.forgejo.org https://next.forgejo.org
...
[/test] [DEBUG] Working directory '/workspace/earl-warren/test'
| All Good
[/test] ✅ Success - Main echo All Good
It will also show a similar output in the Actions
tab of the repository.
If no Forgejo runner
is available, Forgejo
will wait for one to connect and submit the job as soon as it is available.
Job environment
The jobs defined in the files found in .forgejo/workflows
specify the environment they need to run with runs-on
. Each Forgejo runner
declares, with the --labels
option, which one they support so Forgejo
knows to submit jobs accordingly. For instance if a job has:
runs-on: ubuntu-latest
the job will be submitted to a runner that registered with --labels ubuntu-latest:docker://node:16-buster
.
Docker
If runs-on
is matched to a label that contains docker://
, the rest of it is interpreted as a container image. The runner will execute all the steps, as root, within a container created from that image.
LXC
If runs-on
is self-hosted
, the runner will execute all the steps, as root, within a Debian GNU/Linux bullseye LXC container.