docs: Improve README

2025-10-04 11:13:15 +02:00
13 changed files with 35 additions and 37 deletions
--- a/.env.sample
+++ b/.env.sample
@ -3,14 +3,13 @@ RECIPE=forgejo-runner
 # The level of logging, can be trace, debug, info, warn, error, fatal
 LOG_LEVEL=info
 # Enable or disable caching. For the cache to work, the actions containers need to be able to access the runner via network, so make sure to set CONTAINER_NETWORK accordingly.
 CACHE_ENABLED=false
 CACHE_HOST="app"
 # Defines the number of concrurrent tasks to be run
 RUNNER_CAPACITY=1
 RUNNER_TIMEOUT=3h
-# Set to 'host', to use the host network or any other. By using 'default', the runner gets configured to use the internal network of its own stack, so the action can access the docker socket proxy.
+# Set to 'host', to use the host network. When left empty it creates a temporary
-#CONTAINER_NETWORK=default
+# network for each container.
 #CONTAINER_NETWORK
--- a/README.md
+++ b/README.md
@ -4,6 +4,21 @@
 !! WARNING: This recipe should be used with great caution, since it has access to the docker daemon. We recommend running it in a seperate vm or host !!
 <!-- metadata -->
 * **Category**: Apps
 * **Status**: 5
 * **LICENSE**: [GPLv3-or-later](https://code.forgejo.org/forgejo/runner/src/branch/main/LICENSE)
 * **Maintainers**: [Klasse & Methode](https://klasse-methode.it) (@p4u1 @p4u1_f4u1:matrix.org)
 * **Repository**: [code.forgejo.org/forgejo/runner](https://code.forgejo.org/forgejo/runner)
 * **Documentation**: [forgejo.org/docs/next/admin/actions/](https://forgejo.org/docs/next/admin/actions/)
 * **Image**: [`runner`](https://code.forgejo.org/forgejo/-/packages/container/runner/11), 4, upstream
 * **Healthcheck**: No
 * **Backups**: no
 * **Email**: 0
 * **Tests**: 0
 * **SSO**: 0
 <!-- endmetadata -->
 ## Registering
 The forgejo runner needs to be registered at the forgejo instance. For that see the [official documentation](https://forgejo.org/docs/latest/admin/runner-installation/#standard-registration) on how to create a token.
@ -17,29 +32,24 @@ abra app cmd --chaos <app> app register_runner <host> <name> <token>
 To enable [caching](https://forgejo.org/docs/latest/admin/runner-installation/#cache-configuration) set `CACHE_ENABLED` to `true`:
 ```
 CACHE_ENABLED=true
 CACHE_HOST="app"
 ```
-If you want to use the caching of the runner itself, you have to specify "app" as the `CACHE_HOST` and make sure to use the  `default` in `CONTAINER_NETWORK` (see below), so the actions containers can access the runner.
+## Docker in Docker
 To give an action container the ability to create more docker containers (e.g. for tests) you need to set the container network to "host". This can be done in the `.env` file:
 ```
 CONTAINER_NETWORK=host
 ```
-## Docker in Docker (in Docker)
+This allows you to access the docker host at "tcp://0.0.0.0:2375". See this part of an action workflow on how to access the docker host.
 Per default, the action container has the ability to access the docker socket of the host machine via the socket proxy in this recipe. Keep this in mind, since this is a security concern!
 If you don't set anything in the `CONTAINER_NETWORK` env, the runner is configured to their own dedicated network and so can't reach the docker socket proxy.
 If you set `CONTAINER_NETWORK` to `default`, the runner attaches the started containers to the internal network of this recipe, so the socket proxy can be reached (via it's dns name).
 This allows you to access the docker host at "tcp://socket-proxy:2375". See this part of an action workflow on how to access the docker host.
 ```
 - name: Set up Docker Buildx
  uses: docker/setup-buildx-action@v3
  with:
-    endpoint: tcp://socket-proxy:2375
+    endpoint: tcp://0.0.0.0:2375
    platforms: linux/amd64
 - name: run api tests
  run: |
-    export DOCKER_HOST="tcp://socket-proxy:2375"
+    export DOCKER_HOST="tcp://0.0.0.0:2375"
      make test-api
 ```
--- a/abra.sh
+++ b/abra.sh
@ -1,4 +1,4 @@
-export RUNNER_CONF_VERSION=v9
+export RUNNER_CONF_VERSION=v8-b
 export ENTRYPOINT_VERSION=v9
 register_runner() {
--- a/compose.yml
+++ b/compose.yml
@ -2,7 +2,7 @@ version: '3.8'
 services:
  app:
-    image: 'code.forgejo.org/forgejo/runner:12.3.0'
+    image: 'code.forgejo.org/forgejo/runner:8.0.1'
    environment:
      - DOCKER_HOST=tcp://socket-proxy:2375
    configs:
@ -15,7 +15,7 @@ services:
      - "data:/data"
    deploy:
      labels:
-        - "coop-cloud.${STACK_NAME}.version=5.2.0+12.3.0"
+        - "coop-cloud.${STACK_NAME}.version=2.0.0+8.0.1"
    networks:
      - internal
    ports:
@ -23,7 +23,7 @@ services:
    entrypoint: /custom-entrypoint.sh
  socket-proxy:
-    image: lscr.io/linuxserver/socket-proxy:3.2.10
+    image: lscr.io/linuxserver/socket-proxy:3.2.3
    environment:
      - PROXY_READ_TIMEOUT=5000
      - ALLOW_START=1
@ -57,13 +57,14 @@ services:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - internal
    ports:
      - "2375:2375"
 volumes:
  data:
 networks:
  internal:
    attachable: true
 configs:
  runner_conf:
--- a/config.yml.tmpl
+++ b/config.yml.tmpl
@ -9,7 +9,6 @@ runner:
  capacity: {{ env "RUNNER_CAPACITY" }}
  # Extra environment variables to run jobs.
  envs:
    RUNNER_NETWORK_NAME: {{ if eq (env "CONTAINER_NETWORK") "default" }}{{ env "STACK_NAME" }}_internal{{ else }}{{ env "CONTAINER_NETWORK" }}{{ end }}
    # A_TEST_ENV_NAME_1: a_test_env_value_1
    # A_TEST_ENV_NAME_2: a_test_env_value_2
  # Extra environment variables to run jobs from a file.
@ -40,7 +39,7 @@ cache:
  # The host of the cache server.
  # It's not for the address to listen, but the address to connect from job containers.
  # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
-  host: "{{ env "CACHE_HOST" }}"
+  host: ""
  # The port of the cache server.
  # 0 means to use a random available port.
  port: 44847
@ -49,7 +48,7 @@ container:
  # Specifies the network to which the container will connect.
  # Could be host, bridge or the name of a custom network.
  # If it's empty, create a network automatically.
-  network: {{ if eq (env "CONTAINER_NETWORK") "default" }}{{ env "STACK_NAME" }}_internal{{ else }}{{ env "CONTAINER_NETWORK" }}{{ end }}
+  network: "{{ env "CONTAINER_NETWORK" }}"
  # Whether to create networks with IPv6 enabled. Requires the Docker daemon to be set up accordingly.
  # Only takes effect if "network" is set to "".
  enable_ipv6: false
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@ -3,6 +3,7 @@
 set -e
 mkdir -p /data
 touch /data/.runner
 mkdir -p /data/.cache
 # Wait for the runner to get registered before starting the forgejo-runner daemon.
--- a/release/3.0.0+11.1.2
+++ b/release/3.0.0+11.1.2
@ -1 +0,0 @@
 Fixed a typo in .env.sample and upgrade runner to v11
--- a/release/4.0.0+12.0.1
+++ b/release/4.0.0+12.0.1
@ -1 +0,0 @@
 The breaking change in forgejo-runner should not affect us. Making a major bump just in case
--- a/release/4.1.1+12.3.0
+++ b/release/4.1.1+12.3.0
@ -1 +0,0 @@
 Security: Remove Docker Socket binding + Chore: update to 12.3.0
--- a/release/5.0.0+12.3.0
+++ b/release/5.0.0+12.3.0
@ -1 +0,0 @@
 implement logic to set the stacks internal network for the action containers to support dind without a host port binding
--- a/release/5.1.0+12.3.0
+++ b/release/5.1.0+12.3.0
@ -1 +0,0 @@
 fix caching with the new container network approach
--- a/release/5.2.0+12.3.0
+++ b/release/5.2.0+12.3.0
@ -1 +0,0 @@
 add RUNNER_NETWORK_NAME env to the runner
--- a/renovate.json
+++ b/renovate.json
@ -1,6 +0,0 @@
 {
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": [
    "config:recommended"
  ]
 }
		`@ -1 +0,0 @@`
			`Fixed a typo in .env.sample and upgrade runner to v11`
		`@ -1 +0,0 @@`
			`The breaking change in forgejo-runner should not affect us. Making a major bump just in case`
		`@ -1 +0,0 @@`
			`Security: Remove Docker Socket binding + Chore: update to 12.3.0`
		`@ -1 +0,0 @@`
			`implement logic to set the stacks internal network for the action containers to support dind without a host port binding`
		`@ -1 +0,0 @@`
			`fix caching with the new container network approach`