0
0
Fork 0
mirror of https://codeberg.org/forgejo/docs.git synced 2025-01-23 02:19:05 -05:00
forgejo-docs/admin/actions.md
2023-08-13 13:56:57 +01:00

5.3 KiB

layout title license
~/layouts/Markdown.astro Forgejo Actions CC-BY-SA-4.0

Forgejo Actions provides continuous integration driven from the files in the .forgejo/workflows directory of a repository. It is still experimental and disabled by default. It can be activated by adding the following to app.ini:

[actions]
ENABLED = true

Forgejo itself does not run the jobs, it relies on the Forgejo runner to do so.

Forgejo runner

Installation

Download the latest binary release and verify their signature:

$ wget -O forgejo-runner https://code.forgejo.org/forgejo/runner/releases/download/v2.0.3/forgejo-runner-amd64
$ chmod +x forgejo-runner
$ wget -O forgejo-runner.asc https://code.forgejo.org/forgejo/runner/releases/download/v2.0.3/forgejo-runner-amd64.asc
$ gpg --keyserver keys.openpgp.org --recv EB114F5E6C0DC2BCDD183550A4B61A2DC5923710
$ gpg --verify forgejo-runner.asc forgejo-runner
Good signature from "Forgejo <contact@forgejo.org>"
                aka "Forgejo Releases <release@forgejo.org>"

Docker

For jobs to run in containers, the Forgejo runner needs access to Docker.

LXC

For jobs to run in LXC containers, the Forgejo runner needs passwordless sudo access on a Debian GNU/Linux bookworm system where LXC is installed. The LXC helpers can be used as follows to create a suitable container:

$ git clone https://code.forgejo.org/forgejo/lxc-helpers
$ ./lxc-helpers/lxc-helpers.sh lxc_container_create myrunner
$ ./lxc-helpers/lxc-helpers.sh lxc_container_start myrunner

The Forgejo runner can then be installed and run within the myrunner container.

$ ./lxc-helpers/lxc-helpers.sh lxc_container_run bash
# apt-get install docker.io wget gnupg2
# wget -O forgejo-runner https://code.forgejo.org/forgejo/runner/releases/download/v2.0.3/forgejo-runner-amd64
...

Warning: LXC containers do not provide a level of security that makes them safe for potentially malicious users to run jobs. They provide an excellent isolation for jobs that may accidentally damage the system they run on.

Registration

The Forgejo runner needs to connect to a Forgejo instance and must register itself before doing so. It will be given permission to read the repositories and send back information to Forgejo such as the logs or its status. A special kind of token is needed and can be obtained from the Create new runner button:

  • in /admin/runners to gain access to all repositories.
  • in /org/{organization}/settings/actions/runners to gain access to all repositories within the organization.
  • in /{owner}/{repository}/settings/actions/runners to gain access to a single repository.

For instance, using a token obtained for a test repository from next.forgejo.org:

forgejo-runner register --no-interactive --token {TOKEN} --name runner --instance https://next.forgejo.org --labels ubuntu-latest:docker://node:16-buster,self-hosted
INFO Registering runner, arch=amd64, os=linux, version=2.0.3.
WARN Runner in user-mode.
DEBU Successfully pinged the Forgejo instance server
INFO Runner registered successfully.

It will create a .runner file that looks like:

{
  "WARNING": "This file is automatically generated. Do not edit.",
  "id": 6,
  "uuid": "fcd0095a-291c-420c-9de7-965e2ebaa3e8",
  "name": "runner",
  "token": "{TOKEN}",
  "address": "https://next.forgejo.org",
  "labels": ["ubuntu-latest:docker://node:16-buster", "self-hosted"]
}

Running

Once the Forgejo runner is successfully registered, it can be run from the directory in which the .runner file is found with:

$ forgejo-runner daemon
INFO[0000] Starting runner daemon

Adding the .forgejo/workflows/demo.yaml file to the test repository:

on: [push]
jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - run: echo All Good

Will send a job request to the Forgejo runner that will display logs such as:

...
INFO[2023-05-28T18:54:53+02:00] task 29 repo is earl-warren/test https://code.forgejo.org https://next.forgejo.org
...
[/test] [DEBUG] Working directory '/workspace/earl-warren/test'
| All Good
[/test]   ✅  Success - Main echo All Good

It will also show a similar output in the Actions tab of the repository.

If no Forgejo runner is available, Forgejo will wait for one to connect and submit the job as soon as it is available.

Job environment

The jobs defined in the files found in .forgejo/workflows specify the environment they need to run with runs-on. Each Forgejo runner declares, with the --labels option, which one they support so Forgejo knows to submit jobs accordingly. For instance if a job has:

runs-on: ubuntu-latest

the job will be submitted to a runner that registered with --labels ubuntu-latest:docker://node:16-buster.

Docker

If runs-on is matched to a label that contains docker://, the rest of it is interpreted as a container image. The runner will execute all the steps, as root, within a container created from that image.

LXC

If runs-on is self-hosted, the runner will execute all the steps, as root, within a Debian GNU/Linux bullseye LXC container.