diff --git a/forgejo-runner/Chart.yaml b/forgejo-runner/Chart.yaml index d24a138..5dce106 100644 --- a/forgejo-runner/Chart.yaml +++ b/forgejo-runner/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: forgejo-runner description: Deploy runner for an forgejo instance (default codeberg.org) type: application -version: 0.1.19 +version: 0.2.0 # renovate: image=code.forgejo.org/forgejo/runner appVersion: "3.4.1" maintainers: diff --git a/forgejo-runner/README.adoc b/forgejo-runner/README.adoc index f999f7c..80e91f7 100644 --- a/forgejo-runner/README.adoc +++ b/forgejo-runner/README.adoc @@ -2,7 +2,7 @@ = forgejo-runner -image::https://img.shields.io/badge/Version-0.1.19-informational?style=flat-square[Version: 0.1.19] +image::https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square[Version: 0.2.0] image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] image::https://img.shields.io/badge/AppVersion-3.4.1-informational?style=flat-square[AppVersion: 3.4.1] == Maintainers @@ -16,6 +16,38 @@ image::https://img.shields.io/badge/AppVersion-3.4.1-informational?style=flat-sq | |=== +== Accessing docker socket inside job containers + +To access the docker socket inside the job containers, the following example values may be used (see `values-dind-bypass.yaml`): + +[source,yaml] +---- +runner: + config: + create: true + existingSecret: "" + file: + log: + level: "info" + runner: + file: ".runner" + capacity: 1 + envs: + A_TEST_ENV_NAME_1: null + A_TEST_ENV_NAME_2: null + DOCKER_HOST: tcp://127.0.0.1:2376 + DOCKER_TLS_VERIFY: 1 + DOCKER_CERT_PATH: /certs/client + container: + network: host + enable_ipv6: false + privileged: false + options: -v /certs/client:/certs/client + valid_volumes: + - /certs/client + +---- + == Usage Helm must be installed and setup to your kubernetes cluster to use the charts. @@ -43,7 +75,131 @@ helm uninstall forgejo-runner-release == Values -.Values +.Values Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) +|=== +| Key | Type | Default | Description + +| runner.config.file.cache.dir +| string +| `""` +| The directory to store the cache data. If it's empty, the cache data will be stored in $HOME/.cache/actcache. + +| runner.config.file.cache.enabled +| bool +| `true` +| Enable cache server to use actions/cache. + +| runner.config.file.cache.external_server +| string +| `""` +| The external cache server URL. Valid only when enable is true. If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself. The URL should generally end with "/". + +| runner.config.file.cache.host +| string +| `""` +| The host of the cache server. It's not for the address to listen, but the address to connect from job containers. So 0.0.0.0 is a bad choice, leave it empty to detect automatically. + +| runner.config.file.cache.port +| int +| `0` +| The port of the cache server. 0 means to use a random available port. + +| runner.config.file.container.docker_host +| string +| `""` +| overrides the docker client host with the specified one. If it's empty, act_runner will find an available docker host automatically. If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers. If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work. + +| runner.config.file.container.enable_ipv6 +| bool +| `false` +| Whether to create networks with IPv6 enabled. Requires the Docker daemon to be set up accordingly. Only takes effect if "network" is set to "". + +| runner.config.file.container.force_pull +| bool +| `false` +| Pull docker image(s) even if already present + +| runner.config.file.container.network +| string +| `""` +| Specifies the network to which the container will connect. Could be host, bridge or the name of a custom network. If it's empty, create a network automatically. + +| runner.config.file.container.options +| string +| `nil` +| And other options to be used when the container is started (eg, `--add-host=my.forgejo.url:host-gateway`). + +| runner.config.file.container.privileged +| bool +| `false` +| And other options to be used when the container is started (eg, `--add-host=my.forgejo.url:host-gateway`). + +| runner.config.file.container.valid_volumes +| list +| `[]` +| Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob You can specify multiple volumes. If the sequence is empty, no volumes can be mounted. For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to: valid_volumes: - data - /src/*.json If you want to allow any volume, please use the following configuration: valid_volumes: - '**' + +| runner.config.file.container.workdir_parent +| string +| `nil` +| The parent directory of a job's working directory. If it's empty, /workspace will be used. + +| runner.config.file.host.workdir_parent +| string +| `nil` +| The parent directory of a job's working directory. If it's empty, $HOME/.cache/act/ will be used. + +| runner.config.file.log.level +| string +| `"info"` +| The level of logging, can be trace, debug, info, warn, error, fatal + +| runner.config.file.runner.capacity +| int +| `1` +| Execute how many tasks concurrently at the same time. + +| runner.config.file.runner.env_file +| string +| `".env"` +| Extra environment variables to run jobs from a file. It will be ignored if it's empty or the file doesn't exist. + +| runner.config.file.runner.envs +| object +| `{"A_TEST_ENV_NAME_1":"a_test_env_value_1","A_TEST_ENV_NAME_2":"a_test_env_value_2"}` +| Extra environment variables to run jobs. + +| runner.config.file.runner.fetch_interval +| string +| `"2s"` +| The interval for fetching the job from the Forgejo instance. + +| runner.config.file.runner.fetch_timeout +| string +| `"5s"` +| The timeout for fetching the job from the Forgejo instance. + +| runner.config.file.runner.file +| string +| `".runner"` +| Runner config which contains id and token of this runner (autogenerate with create) + +| runner.config.file.runner.insecure +| bool +| `false` +| Whether skip verifying the TLS certificate of the Forgejo instance. + +| runner.config.file.runner.labels +| list +| `[]` +| The labels of a runner are used to determine which jobs the runner can run, and how to run them. Like: ["macos-arm64:host", "ubuntu-latest:docker://node:16-bullseye", "ubuntu-22.04:docker://node:16-bullseye"] If it's empty when registering, it will ask for inputting labels. If it's empty when execute `deamon`, will use labels in `.runner` file. + +| runner.config.file.runner.timeout +| string +| `"3h"` +| The timeout for a job to be finished. Please note that the Forgejo instance also has a timeout (3h by default) for the job. So the job could be stopped by the Forgejo instance if it's timeout is shorter than this. +|=== +.Values Other Values |=== | Key | Type | Default | Description @@ -244,3 +400,4 @@ helm uninstall forgejo-runner-release |=== Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] + diff --git a/forgejo-runner/_docs.gotmpl b/forgejo-runner/_docs.gotmpl index e69de29..87225e0 100644 --- a/forgejo-runner/_docs.gotmpl +++ b/forgejo-runner/_docs.gotmpl @@ -0,0 +1,11 @@ +{{ define "chart.prerequirements" -}} +== Accessing docker socket inside job containers + +To access the docker socket inside the job containers, the following example values may be used (see `values-dind-bypass.yaml`): + +[source,yaml] +---- +{{ .Files.Get "values-dind-bypass.yaml" }} +---- +{{ end }} + diff --git a/forgejo-runner/templates/deployment.yaml b/forgejo-runner/templates/deployment.yaml index d150356..61166f4 100644 --- a/forgejo-runner/templates/deployment.yaml +++ b/forgejo-runner/templates/deployment.yaml @@ -56,7 +56,7 @@ spec: echo 'waiting for docker daemon...'; sleep 5; done - /bin/forgejo-runner daemon + /bin/forgejo-runner --config /etc/runner/config.yaml daemon resources: {{- toYaml .Values.resources | nindent 12 }} env: @@ -67,6 +67,8 @@ spec: - name: DOCKER_TLS_VERIFY value: "1" volumeMounts: + - name: runner-configfile + mountPath: /etc/runner - name: docker-certs mountPath: /certs - name: runner-data @@ -95,6 +97,9 @@ spec: - name: runner-config secret: secretName: {{ .Values.runner.config.existingSecret | default (print ( include "forgejo-runner.fullname" . ) "-config") | quote }} + - name: runner-configfile + secret: + secretName: {{ include "forgejo-runner.fullname" . }}-configfile {{- with .Values.volumes }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/forgejo-runner/templates/secrets.yaml b/forgejo-runner/templates/secrets.yaml new file mode 100644 index 0000000..ce511ab --- /dev/null +++ b/forgejo-runner/templates/secrets.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "forgejo-runner.fullname" . }}-configfile + labels: + {{- include "forgejo-runner.labels" . | nindent 4 }} + annotations: + config-hash: {{ toYaml .Values.runner.config.file | sha256sum }} +data: + config.yaml: {{ toYaml .Values.runner.config.file | b64enc }} diff --git a/forgejo-runner/values-dind-bypass.yaml b/forgejo-runner/values-dind-bypass.yaml new file mode 100644 index 0000000..17375a3 --- /dev/null +++ b/forgejo-runner/values-dind-bypass.yaml @@ -0,0 +1,23 @@ +runner: + config: + create: true + existingSecret: "" + file: + log: + level: "info" + runner: + file: ".runner" + capacity: 1 + envs: + A_TEST_ENV_NAME_1: null + A_TEST_ENV_NAME_2: null + DOCKER_HOST: tcp://127.0.0.1:2376 + DOCKER_TLS_VERIFY: 1 + DOCKER_CERT_PATH: /certs/client + container: + network: host + enable_ipv6: false + privileged: false + options: -v /certs/client:/certs/client + valid_volumes: + - /certs/client diff --git a/forgejo-runner/values.yaml b/forgejo-runner/values.yaml index 0f7e8bd..6e8cd1c 100644 --- a/forgejo-runner/values.yaml +++ b/forgejo-runner/values.yaml @@ -24,7 +24,118 @@ runner: instance: https://codeberg.org name: token: + # based on https://code.forgejo.org/forgejo/runner/commit/1139bb7d12ff7889694b24731707e153678ab960 + file: + log: + # -- The level of logging, can be trace, debug, info, warn, error, fatal + # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) + level: "info" + runner: + # -- Runner config which contains id and token of this runner (autogenerate with create) + # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) + file: ".runner" + # -- Execute how many tasks concurrently at the same time. + # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) + capacity: 1 + # -- Extra environment variables to run jobs. + # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) + envs: + A_TEST_ENV_NAME_1: a_test_env_value_1 + A_TEST_ENV_NAME_2: a_test_env_value_2 + # -- Extra environment variables to run jobs from a file. + # It will be ignored if it's empty or the file doesn't exist. + # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) + env_file: .env + # -- The timeout for a job to be finished. + # Please note that the Forgejo instance also has a timeout (3h by default) for the job. + # So the job could be stopped by the Forgejo instance if it's timeout is shorter than this. + # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) + timeout: 3h + # -- Whether skip verifying the TLS certificate of the Forgejo instance. + # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) + insecure: false + # -- The timeout for fetching the job from the Forgejo instance. + # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) + fetch_timeout: 5s + # -- The interval for fetching the job from the Forgejo instance. + # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) + fetch_interval: 2s + # -- The labels of a runner are used to determine which jobs the runner can run, and how to run them. + # Like: ["macos-arm64:host", "ubuntu-latest:docker://node:16-bullseye", "ubuntu-22.04:docker://node:16-bullseye"] + # If it's empty when registering, it will ask for inputting labels. + # If it's empty when execute `deamon`, will use labels in `.runner` file. + # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) + labels: [] + cache: + # -- Enable cache server to use actions/cache. + # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) + enabled: true + # -- The directory to store the cache data. + # If it's empty, the cache data will be stored in $HOME/.cache/actcache. + # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) + dir: "" + # -- The host of the cache server. + # It's not for the address to listen, but the address to connect from job containers. + # So 0.0.0.0 is a bad choice, leave it empty to detect automatically. + # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) + host: "" + # -- The port of the cache server. + # 0 means to use a random available port. + # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) + port: 0 + # -- The external cache server URL. Valid only when enable is true. + # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself. + # The URL should generally end with "/". + # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) + external_server: "" + + container: + # -- Specifies the network to which the container will connect. + # Could be host, bridge or the name of a custom network. + # If it's empty, create a network automatically. + # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) + network: "" + # -- Whether to create networks with IPv6 enabled. Requires the Docker daemon to be set up accordingly. + # Only takes effect if "network" is set to "". + # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) + enable_ipv6: false + # -- And other options to be used when the container is started (eg, `--add-host=my.forgejo.url:host-gateway`). + # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) + privileged: false + # -- And other options to be used when the container is started (eg, `--add-host=my.forgejo.url:host-gateway`). + # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) + options: + # -- The parent directory of a job's working directory. + # If it's empty, /workspace will be used. + # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) + workdir_parent: + # -- Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob + # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted. + # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to: + # valid_volumes: + # - data + # - /src/*.json + # If you want to allow any volume, please use the following configuration: + # valid_volumes: + # - '**' + # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) + valid_volumes: [] + # -- overrides the docker client host with the specified one. + # If it's empty, act_runner will find an available docker host automatically. + # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers. + # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work. + # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) + docker_host: "" + # -- Pull docker image(s) even if already present + # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) + force_pull: false + + host: + # -- The parent directory of a job's working directory. + # If it's empty, $HOME/.cache/act/ will be used. + # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml) + workdir_parent: dind: image: registry: docker.io