chore: publish 5.1.0+12.3.0 release

fix caching with the new container network approach
chore: publish 5.0.0+12.3.0 release
2026-01-05 15:48:32 +01:00 · 2026-01-05 15:44:08 +01:00 · 2026-01-01 17:41:05 +01:00 · 2026-01-01 17:35:00 +01:00
6 changed files with 23 additions and 14 deletions
--- a/.env.sample
+++ b/.env.sample
@ -3,13 +3,14 @@ RECIPE=forgejo-runner
 # The level of logging, can be trace, debug, info, warn, error, fatal
 LOG_LEVEL=info

+# Enable or disable caching. For the cache to work, the actions containers need to be able to access the runner via network, so make sure to set CONTAINER_NETWORK accordingly.
 CACHE_ENABLED=false
+CACHE_HOST="app"

 # Defines the number of concrurrent tasks to be run
 RUNNER_CAPACITY=1

 RUNNER_TIMEOUT=3h

-# Set to 'host', to use the host network. When left empty it creates a temporary
-# network for each container.
-#CONTAINER_NETWORK
+# Set to 'host', to use the host network or any other. By using 'default', the runner gets configured to use the internal network of its own stack, so the action can access the docker socket proxy.
+#CONTAINER_NETWORK=default
--- a/README.md
+++ b/README.md
@ -17,24 +17,29 @@ abra app cmd --chaos <app> app register_runner <host> <name> <token>
 To enable [caching](https://forgejo.org/docs/latest/admin/runner-installation/#cache-configuration) set `CACHE_ENABLED` to `true`:
 ```
 CACHE_ENABLED=true
+CACHE_HOST="app"
 ```

-## Docker in Docker
+If you want to use the caching of the runner itself, you have to specify "app" as the `CACHE_HOST` and make sure to use the  `default` in `CONTAINER_NETWORK` (see below), so the actions containers can access the runner.

-To give an action container the ability to create more docker containers (e.g. for tests) you need to set the container network to "host". This can be done in the `.env` file:
-```
-CONTAINER_NETWORK=host
-```

-This allows you to access the docker host at "tcp://0.0.0.0:2375". See this part of an action workflow on how to access the docker host.
+## Docker in Docker (in Docker)
+
+Per default, the action container has the ability to access the docker socket of the host machine via the socket proxy in this recipe. Keep this in mind, since this is a security concern!
+
+If you don't set anything in the `CONTAINER_NETWORK` env, the runner is configured to their own dedicated network and so can't reach the docker socket proxy.
+
+If you set `CONTAINER_NETWORK` to `default`, the runner attaches the started containers to the internal network of this recipe, so the socket proxy can be reached (via it's dns name).
+
+This allows you to access the docker host at "tcp://socket-proxy:2375". See this part of an action workflow on how to access the docker host.
 ```
 - name: Set up Docker Buildx
  uses: docker/setup-buildx-action@v3
  with:
-    endpoint: tcp://0.0.0.0:2375
+    endpoint: tcp://socket-proxy:2375
    platforms: linux/amd64
 - name: run api tests
  run: |
-    export DOCKER_HOST="tcp://0.0.0.0:2375"
+    export DOCKER_HOST="tcp://socket-proxy:2375"
      make test-api
 ```
--- a/compose.yml
+++ b/compose.yml
@ -15,7 +15,7 @@ services:
      - "data:/data"
    deploy:
      labels:
-        - "coop-cloud.${STACK_NAME}.version=4.1.1+12.3.0"
+        - "coop-cloud.${STACK_NAME}.version=5.1.0+12.3.0"
    networks:
      - internal
    ports:
@ -63,6 +63,7 @@ volumes:

 networks:
  internal:
+    attachable: true

 configs:
  runner_conf:
--- a/config.yml.tmpl
+++ b/config.yml.tmpl
@ -39,7 +39,7 @@ cache:
  # The host of the cache server.
  # It's not for the address to listen, but the address to connect from job containers.
  # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
-  host: ""
+  host: "{{ env "CACHE_HOST" }}"
  # The port of the cache server.
  # 0 means to use a random available port.
  port: 44847
@ -48,7 +48,7 @@ container:
  # Specifies the network to which the container will connect.
  # Could be host, bridge or the name of a custom network.
  # If it's empty, create a network automatically.
-  network: "{{ env "CONTAINER_NETWORK" }}"
+  network: {{ if eq (env "CONTAINER_NETWORK") "default" }}{{ env "STACK_NAME" }}_internal{{ else }}{{ env "CONTAINER_NETWORK" }}{{ end }}
  # Whether to create networks with IPv6 enabled. Requires the Docker daemon to be set up accordingly.
  # Only takes effect if "network" is set to "".
  enable_ipv6: false
--- a/release/5.0.0+12.3.0
+++ b/release/5.0.0+12.3.0
@ -0,0 +1 @@
+implement logic to set the stacks internal network for the action containers to support dind without a host port binding
--- a/release/5.1.0+12.3.0
+++ b/release/5.1.0+12.3.0
@ -0,0 +1 @@
+fix caching with the new container network approach
Author	SHA1	Message	Date
Apfelwurm	11ac9a5442	chore: publish 5.1.0+12.3.0 release	2026-01-05 15:48:32 +01:00
Apfelwurm	a3bcc9b764	fix caching with the new container network approach	2026-01-05 15:44:08 +01:00
Apfelwurm	e499c8e6ce	chore: publish 5.0.0+12.3.0 release	2026-01-01 17:41:05 +01:00
Apfelwurm	b28775251b	implement logic to set the stacks internal network for the action containers to support dind without a host port binding	2026-01-01 17:35:00 +01:00
				`@ -0,0 +1 @@`
				`implement logic to set the stacks internal network for the action containers to support dind without a host port binding`
				`@ -0,0 +1 @@`
				`fix caching with the new container network approach`