GitHub - vegardit/docker-gitea-act-runner: Docker image based on debian:stable-slim to run Gitea's act_runner as a Docker container (original) (raw)

Build Status License Docker Pulls Docker Stars Contributor Covenant

  1. What is it?
  2. Usage
  3. License

What is it?

Multi-arch Docker image based on debian:stable-slim containing Gitea's Action Runner

Why not using Alpine Linux?

Usage

The docker image comes in three flavors:

Docker Run

Running from the command line:

Docker Compose

Example docker-compose.yml:

https://docs.docker.com/compose/compose-file/

services:
gitea_act_runner:
image: vegardit/gitea-act-runner:latest
#image: ghcr.io/vegardit/gitea-act-runner:latest
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock:rw
- /my/path/to/data/dir:/data:rw # the config file is located at /data/.runner and needs to survive container restarts
environment:
TZ: "Europe/Berlin"
# config parameters for initial runner registration:
GITEA_INSTANCE_URL: 'https://gitea.example.com' # required
GITEA_RUNNER_REGISTRATION_TOKEN_FILE: 'path/to/file' # one-time registration token, only required on first container start
# or: GITEA_RUNNER_REGISTRATION_TOKEN: ''

https://docs.docker.com/compose/compose-file/

services:
gitea_act_runner:
image: vegardit/gitea-act-runner:dind-latest
#image: ghcr.io/vegardit/gitea-act-runner:dind-latest
privileged: true
restart: always
volumes:
- /my/path/to/data/dir:/data:rw # the config file is located at /data/.runner and needs to survive container restarts
environment:
TZ: "Europe/Berlin"
# config parameters for initial runner registration:
GITEA_INSTANCE_URL: 'https://gitea.example.com' # required
GITEA_RUNNER_REGISTRATION_TOKEN_FILE: 'path/to/file' # one-time registration token, only required on first container start
# or: GITEA_RUNNER_REGISTRATION_TOKEN: ''

https://docs.docker.com/compose/compose-file/

services:
gitea_act_runner:
image: vegardit/gitea-act-runner:dind-rootless-latest
#image: ghcr.io/vegardit/gitea-act-runner:dind-rootless-latest
restart: always
security_opt:
- seccomp:unconfined
- apparmor:unconfined
- systempaths=unconfined
volumes:
- /my/path/to/data/dir:/data:rw # the config file is located at /data/.runner and needs to survive container restarts
environment:
TZ: "Europe/Berlin"
# config parameters for initial runner registration:
GITEA_INSTANCE_URL: 'https://gitea.example.com' # required
GITEA_RUNNER_REGISTRATION_TOKEN_FILE: 'path/to/file' # one-time registration token, only required on first container start
# or: GITEA_RUNNER_REGISTRATION_TOKEN: ''

Kubernetes Deployment

Example deployment for Kubernetes:

apiVersion: v1
kind: Secret
metadata:
name: gitea-runner-secret
type: Opaque
stringData:
registration-token: ""

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitea-runner-pvc
spec:
accessModes:

Notes for Kubernetes deployments:

Additional environment variables

The following environment variables can be specified to further configure the service.

Runner registration:

Name Default Value Description
GITEA_INSTANCE_INSECURE false If true don't verify the TLS certificate of the Gitea instance
GITEA_RUNNER_NAME If not specified the container's hostname is used
GITEA_RUNNER_EPHEMERAL false If true or 1, the runner will exit after completing a single job
GITEA_RUNNER_REGISTRATION_FILE /data/.runner The JSON file that holds the result from the runner registration with the Gitea instance
GITEA_RUNNER_REGISTRATION_TIMEOUT 30 In case of failure, registration is retried until this timeout in seconds is reached
GITEA_RUNNER_REGISTRATION_RETRY_INTERVAL 5 Wait period in seconds between registration retries

Runner runtime config:

Name Default Value Description
GITEA_RUNNER_CONFIG_TEMPLATE_FILE /opt/config.template.yaml Template to derive the effective config file from, see image/config.template.yaml
GITEA_RUNNER_UID 1000 The UID of the Gitea runner process
GITEA_RUNNER_GID 1000 The GID of the Gitea runner process
GITEA_RUNNER_LOG_EFFECTIVE_CONFIG false If set to true logs the effective YAML configuration to stdout during startup.

Runner config template variables

The following environment variables are referenced in the /opt/config.template.yaml file.

Name Default Value Description
GITEA_RUNNER_LABELS Comma-separated list of labels in the format of label[:schema[:args]].If not specified the following labels are usedubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latestubuntu-24.04:docker://ghcr.io/catthehacker/ubuntu:act-24.04ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04ubuntu-20.04:docker://ghcr.io/catthehacker/ubuntu:act-20.04
GITEA_RUNNER_LOG_LEVEL info The level of logging, can be trace, debug, info, warn, error, fatal
GITEA_RUNNER_ENV_FILE /data/.env Extra environment variables to run jobs from a file
GITEA_RUNNER_FETCH_TIMEOUT 5s The timeout for fetching the job from the Gitea instance
GITEA_RUNNER_FETCH_INTERVAL 2s The interval for fetching the job from the Gitea instance
GITEA_RUNNER_FETCH_INTERVAL_MAX 2s The maximum interval for fetching jobs when the runner backs off while idle. Set to 0 or the same value as GITEA_RUNNER_FETCH_INTERVAL to disable backoff
GITEA_RUNNER_WORKDIR_CLEANUP_AGE 24h While idle, remove stale bind-workdir task directories older than this duration. Set to 0 to disable workdir cleanup
GITEA_RUNNER_IDLE_CLEANUP_INTERVAL 10m How often the runner checks for stale bind-workdir task directories while idle. Set to 0 to disable workdir cleanup
GITEA_RUNNER_LOG_REPORT_INTERVAL 5s The base interval for sending buffered job logs to the Gitea instance
GITEA_RUNNER_LOG_MAX_LATENCY 3s The maximum time a buffered log line can wait before it is sent. Must be less than GITEA_RUNNER_LOG_REPORT_INTERVAL to have an effect
GITEA_RUNNER_BATCH_SIZE 100 Flush job logs immediately when the buffer reaches this number of rows
GITEA_RUNNER_STATE_REPORT_INTERVAL 5s The interval for reporting job state to the Gitea instance
GITEA_RUNNER_GITHUB_MIRROR Base URL to use instead of https://github.com when fetching GitHub Actions.
GITEA_RUNNER_MAX_PARALLEL_JOBS 1 Maximum number of concurrently executed jobs
GITEA_RUNNER_JOB_CONTAINER_DOCKER_HOST If empty, the available docker host is located automatically. If set to -, the available docker host is located automatically, but the docker host won't be mounted to the job containers. If it's any other value, the specified docker host will be used.
GITEA_RUNNER_JOB_CONTAINER_NETWORK bridge Docker network to use with job containers. Can be bridge, host, none, or the name of a custom network
GITEA_RUNNER_JOB_CONTAINER_PRIVILEGED false Whether to run jobs in containers with privileged mode which is required for Docker-in-Docker aka dind
GITEA_RUNNER_JOB_CONTAINER_OPTIONS Additional container launch options (eg, --add-host=my.gitea.url:host-gateway)
GITEA_RUNNER_JOB_CONTAINER_WORKDIR_PARENT /workspace The parent directory of a job's working directory
GITEA_RUNNER_JOB_CONTAINER_FORCE_PULL true Pull docker image(s) even if already present
GITEA_RUNNER_JOB_CONTAINER_FORCE_REBUILD false Rebuild docker image(s) even if already present
GITEA_RUNNER_JOB_REQUIRE_DOCKER false Always require a reachable Docker daemon, even if the runner does not require one for the selected job
GITEA_RUNNER_JOB_CONTAINER_TIMEOUT 0s Timeout for waiting until the Docker daemon is reachable when Docker is required
GITEA_RUNNER_JOB_CONTAINER_BIND_WORKDIR false Bind the workspace to the host filesystem instead of using Docker volumes. This is required for DinD jobs that use Docker Compose with bind mounts
GITEA_RUNNER_JOB_TIMEOUT 3h The maximum time a job can run before it is cancelled
GITEA_RUNNER_SHUTDOWN_TIMEOUT 0s The timeout for the runner to wait for running jobs to finish when shutting down
GITEA_RUNNER_ENV_VAR_N_NAME Name of the N-th extra environment variable to be passed to Job containers, e.g. GITEA_RUNNER_ENV_VAR_1_NAME=MY_AUTH_TOKEN
GITEA_RUNNER_ENV_VAR_N_VALUE Value of the N-th extra environment variable to be passed to Job containers, e.g. GITEA_RUNNER_ENV_VAR_1_VALUE=SGVsbG8gbXkgZnJpZW5kIQ==
GITEA_RUNNER_VALID_VOLUME_N Volumes (including bind mounts) that are allowed to be mounted into job containers. Glob syntax is supported, e.g. GITEA_RUNNER_VALID_VOLUME_1=/src/*.json
GITEA_RUNNER_HOST_WORKDIR_PARENT /data/cache/actions The parent directory of a job's working directory. (Path to cache cloned actions)

Embedded cache server:

Name Default Value Description
ACT_CACHE_SERVER_ENABLED true Enable the use of an embedded or external cache server with actions/cache in jobs
ACT_CACHE_SERVER_EXTERNAL_URL URL to an external cache server. If specified, Gitea Runner will use this URL as the ACTIONS_CACHE_URL instead of starting an embedded server. The URL should end with "/".
ACT_CACHE_SERVER_EXTERNAL_SECRET Shared secret between this runner and an external gitea-runner cache-server. Required when ACT_CACHE_SERVER_EXTERNAL_URL is set
ACT_CACHE_SERVER_DIR /data/cache/server The directory to store the cache data
ACT_CACHE_SERVER_HOST The IP address or hostname via which the job containers can reach the cache server. Leave empty for automatic detection
ACT_CACHE_SERVER_PORT 0 The TCP port of the cache server. 0 means to use a random, available port

Metrics:

Name Default Value Description
GITEA_RUNNER_METRICS_ENABLED false Enable the Prometheus metrics endpoint
GITEA_RUNNER_METRICS_ADDR 127.0.0.1:9101 Listen address for the metrics HTTP server. Use an externally reachable address only when the port is protected

License

All files in this repository are released under the Apache License 2.0.

Individual files contain the following tag instead of the full license text:

SPDX-License-Identifier: Apache-2.0

This enables machine processing of license information based on the SPDX License Identifiers that are available here: https://spdx.org/licenses/.