diff options
Diffstat (limited to 'scripts')
-rwxr-xr-x | scripts/rootless.sh | 9 | ||||
-rwxr-xr-x | scripts/run.sh | 48 | ||||
-rw-r--r-- | scripts/supervisord.conf | 13 | ||||
-rw-r--r-- | scripts/systemd.md | 67 |
4 files changed, 137 insertions, 0 deletions
diff --git a/scripts/rootless.sh b/scripts/rootless.sh new file mode 100755 index 0000000..310a03b --- /dev/null +++ b/scripts/rootless.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash + +# wait for docker daemon +while ! nc -z localhost 2376 </dev/null; do + echo 'waiting for docker daemon...' + sleep 5 +done + +. /opt/act/run.sh diff --git a/scripts/run.sh b/scripts/run.sh new file mode 100755 index 0000000..89626b4 --- /dev/null +++ b/scripts/run.sh @@ -0,0 +1,48 @@ +#!/usr/bin/env bash + +if [[ ! -d /data ]]; then + mkdir -p /data +fi + +cd /data + +CONFIG_ARG="" +if [[ ! -z "${CONFIG_FILE}" ]]; then + CONFIG_ARG="--config ${CONFIG_FILE}" +fi +EXTRA_ARGS="" +if [[ ! -z "${GITEA_RUNNER_LABELS}" ]]; then + EXTRA_ARGS="${EXTRA_ARGS} --labels ${GITEA_RUNNER_LABELS}" +fi + +# Use the same ENV variable names as https://github.com/vegardit/docker-gitea-act-runner + +if [[ ! -s .runner ]]; then + try=$((try + 1)) + success=0 + + # The point of this loop is to make it simple, when running both forgejo-runner and gitea in docker, + # for the forgejo-runner to wait a moment for gitea to become available before erroring out. Within + # the context of a single docker-compose, something similar could be done via healthchecks, but + # this is more flexible. + while [[ $success -eq 0 ]] && [[ $try -lt ${GITEA_MAX_REG_ATTEMPTS:-10} ]]; do + forgejo-runner register \ + --instance "${GITEA_INSTANCE_URL}" \ + --token "${GITEA_RUNNER_REGISTRATION_TOKEN}" \ + --name "${GITEA_RUNNER_NAME:-`hostname`}" \ + ${CONFIG_ARG} ${EXTRA_ARGS} --no-interactive 2>&1 | tee /tmp/reg.log + + cat /tmp/reg.log | grep 'Runner registered successfully' > /dev/null + if [[ $? -eq 0 ]]; then + echo "SUCCESS" + success=1 + else + echo "Waiting to retry ..." + sleep 5 + fi + done +fi +# Prevent reading the token from the forgejo-runner process +unset GITEA_RUNNER_REGISTRATION_TOKEN + +forgejo-runner daemon ${CONFIG_ARG} diff --git a/scripts/supervisord.conf b/scripts/supervisord.conf new file mode 100644 index 0000000..8c45f5b --- /dev/null +++ b/scripts/supervisord.conf @@ -0,0 +1,13 @@ +[supervisord] +nodaemon=true +logfile=/dev/null +logfile_maxbytes=0 + +[program:dockerd] +command=/usr/local/bin/dockerd-entrypoint.sh + +[program:act_runner] +stdout_logfile=/dev/fd/1 +stdout_logfile_maxbytes=0 +redirect_stderr=true +command=/opt/act/rootless.sh diff --git a/scripts/systemd.md b/scripts/systemd.md new file mode 100644 index 0000000..089dd61 --- /dev/null +++ b/scripts/systemd.md @@ -0,0 +1,67 @@ +# Forgejo Runner with systemd User Services + +It is possible to use systemd's user services together with +[podman](https://podman.io/) to run `forgejo-runner` using a normal user +account without any privileges and automatically start on boot. + +This was last tested on Fedora 39 on 2024-02-19, but should work elsewhere as +well. + +Place the `forgejo-runner` binary in `/usr/local/bin/forgejo-runner` and make +sure it can be executed (`chmod +x /usr/local/bin/forgejo-runner`). + +Install and enable `podman` as a user service: + +```bash +$ sudo dnf -y install podman +``` + +You *may* need to reboot your system after installing `podman` as it +modifies some system configuration(s) that may need to be activated. Without +rebooting the system my runner errored out when trying to set firewall rules, a +reboot fixed it. + +Enable `podman` as a user service: + +``` +$ systemctl --user start podman.socket +$ systemctl --user enable podman.socket +``` + +Make sure processes remain after your user account logs out: + +```bash +$ loginctl enable-linger +``` + +Create the file `/etc/systemd/user/forgejo-runner.service` with the following +content: + +``` +[Unit] +Description=Forgejo Runner + +[Service] +Type=simple +ExecStart=/usr/local/bin/forgejo-runner daemon +Restart=on-failure + +[Install] +WantedBy=default.target +``` + +Now activate it as a user service: + +```bash +$ systemctl --user daemon-reload +$ systemctl --user start forgejo-runner +$ systemctl --user enable forgejo-runner +``` + +To see/follow the log of `forgejo-runner`: + +```bash +$ journalctl -f -t forgejo-runner +``` + +If you reboot your system, all should come back automatically. |