docs: Improve README

.env.sample

@@ -10,5 +10,6 @@ RUNNER_CAPACITY=1
 
 RUNNER_TIMEOUT=3h
 
-# Set to 'host', to use the host network or any other. By using 'default', the runner gets configured to use the internal network of its own stack, so the action can access the docker
-#CONTAINER_NETWORK=default
+# Set to 'host', to use the host network. When left empty it creates a temporary
+# network for each container.
+#CONTAINER_NETWORK

README.md

@@ -4,6 +4,21 @@
 
 !! WARNING: This recipe should be used with great caution, since it has access to the docker daemon. We recommend running it in a seperate vm or host !!
 
+<!-- metadata -->
+* **Category**: Apps
+* **Status**: 5
+* **LICENSE**: [GPLv3-or-later](https://code.forgejo.org/forgejo/runner/src/branch/main/LICENSE)
+* **Maintainers**: [Klasse & Methode](https://klasse-methode.it) (@p4u1 @p4u1_f4u1:matrix.org)
+* **Repository**: [code.forgejo.org/forgejo/runner](https://code.forgejo.org/forgejo/runner)
+* **Documentation**: [forgejo.org/docs/next/admin/actions/](https://forgejo.org/docs/next/admin/actions/)
+* **Image**: [`runner`](https://code.forgejo.org/forgejo/-/packages/container/runner/11), 4, upstream
+* **Healthcheck**: No
+* **Backups**: no
+* **Email**: 0
+* **Tests**: 0
+* **SSO**: 0
+<!-- endmetadata -->
+
 ## Registering
 
 The forgejo runner needs to be registered at the forgejo instance. For that see the [official documentation](https://forgejo.org/docs/latest/admin/runner-installation/#standard-registration) on how to create a token.
@@ -19,23 +34,22 @@ To enable [caching](https://forgejo.org/docs/latest/admin/runner-installation/#c
 CACHE_ENABLED=true
 ```
 
-## Docker in Docker (in Docker)
+## Docker in Docker
 
-Per default, the action container has the ability to access the docker socket of the host machine via the socket proxy in this recipe. Keep this in mind, since this is a security concern!
+To give an action container the ability to create more docker containers (e.g. for tests) you need to set the container network to "host". This can be done in the `.env` file:
+```
+CONTAINER_NETWORK=host
+```
 
-If you don't set anything in the `CONTAINER_NETWORK` env, the runner is configured to their own dedicated network and so can't reach the docker socket proxy.
-
-If you set `CONTAINER_NETWORK` to `default`, the runner attaches the started containers to the internal network of this recipe, so the socket proxy can be reached (via it's dns name).
-
-This allows you to access the docker host at "tcp://socket-proxy:2375". See this part of an action workflow on how to access the docker host.
+This allows you to access the docker host at "tcp://0.0.0.0:2375". See this part of an action workflow on how to access the docker host.
 ```
 - name: Set up Docker Buildx
   uses: docker/setup-buildx-action@v3
   with:
-    endpoint: tcp://socket-proxy:2375
+    endpoint: tcp://0.0.0.0:2375
     platforms: linux/amd64
 - name: run api tests
   run: |
-    export DOCKER_HOST="tcp://socket-proxy:2375"
+    export DOCKER_HOST="tcp://0.0.0.0:2375"
       make test-api
 ```

abra.sh

@@ -1,4 +1,4 @@
-export RUNNER_CONF_VERSION=v9
+export RUNNER_CONF_VERSION=v8-b
 export ENTRYPOINT_VERSION=v9
 
 register_runner() {

compose.yml

@@ -2,7 +2,7 @@ version: '3.8'
 
 services:
   app:
-    image: 'code.forgejo.org/forgejo/runner:12.3.0'
+    image: 'code.forgejo.org/forgejo/runner:8.0.1'
     environment:
       - DOCKER_HOST=tcp://socket-proxy:2375
     configs:
@@ -15,7 +15,7 @@ services:
       - "data:/data"
     deploy:
       labels:
-        - "coop-cloud.${STACK_NAME}.version=5.0.0+12.3.0"
+        - "coop-cloud.${STACK_NAME}.version=2.0.0+8.0.1"
     networks:
       - internal
     ports:
@@ -23,7 +23,7 @@ services:
     entrypoint: /custom-entrypoint.sh
 
   socket-proxy:
-    image: lscr.io/linuxserver/socket-proxy:3.2.10
+    image: lscr.io/linuxserver/socket-proxy:3.2.3
     environment:
       - PROXY_READ_TIMEOUT=5000
       - ALLOW_START=1
@@ -57,13 +57,14 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock:ro
     networks:
       - internal
+    ports:
+      - "2375:2375"
 
 volumes:
   data:
 
 networks:
   internal:
-    attachable: true
 
 configs:
   runner_conf:

config.yml.tmpl

@@ -48,7 +48,7 @@ container:
   # Specifies the network to which the container will connect.
   # Could be host, bridge or the name of a custom network.
   # If it's empty, create a network automatically.
-  network: {{ if eq (env "CONTAINER_NETWORK") "default" }}{{ env "STACK_NAME" }}_internal{{ else }}{{ env "CONTAINER_NETWORK" }}{{ end }}
+  network: "{{ env "CONTAINER_NETWORK" }}"
   # Whether to create networks with IPv6 enabled. Requires the Docker daemon to be set up accordingly.
   # Only takes effect if "network" is set to "".
   enable_ipv6: false

entrypoint.sh.tmpl

@@ -3,6 +3,7 @@
 set -e
 
 mkdir -p /data
+touch /data/.runner
 mkdir -p /data/.cache
 
 # Wait for the runner to get registered before starting the forgejo-runner daemon.

release/3.0.0+11.1.2

@@ -1 +0,0 @@
-Fixed a typo in .env.sample and upgrade runner to v11

release/4.0.0+12.0.1

@@ -1 +0,0 @@
-The breaking change in forgejo-runner should not affect us. Making a major bump just in case

release/4.1.1+12.3.0

@@ -1 +0,0 @@
-Security: Remove Docker Socket binding + Chore: update to 12.3.0

release/5.0.0+12.3.0

@@ -1 +0,0 @@
-implement logic to set the stacks internal network for the action containers to support dind without a host port binding

renovate.json

@@ -1,6 +0,0 @@
-{
-  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": [
-    "config:recommended"
-  ]
-}