Timeout to wait for and optionally require docker always (#741 )

* do not require docker cli in the runner image for waiting for a sidecar dockerd * allow to specify that `:host` labels would also only be accepted if docker is reachable Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-on: https://gitea.com/gitea/act_runner/pulls/741 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Christopher Homberger <christopher.homberger@web.de> Co-committed-by: Christopher Homberger <christopher.homberger@web.de>
feat: support github mirror (#716 )
2025-09-05 13:52:09 +08:00 · 2025-08-28 17:28:08 +00:00 · 2025-08-28 16:57:01 +00:00 · 2025-08-22 23:49:20 +00:00 · 2025-08-21 23:56:32 +00:00 · 2025-08-21 17:47:26 +00:00
9 changed files with 110 additions and 62 deletions
--- a/.gitea/workflows/release-nightly.yml
+++ b/.gitea/workflows/release-nightly.yml
@ -1,10 +1,17 @@
+---
 name: release-nightly

 on:
+  workflow_dispatch:
  push:
-    branches: [main]
+    branches:
+      - 'main'
    tags:
-      - "*"
+      - '*'
+
+env:
+  DOCKER_ORG: gitea
+  DOCKER_LATEST: nightly

 jobs:
  goreleaser:
@ -12,7 +19,7 @@ jobs:
    steps:
      - uses: actions/checkout@v4
        with:
-          fetch-depth: 0 # all history for all branches and tags
+          fetch-depth: 0
      - uses: actions/setup-go@v5
        with:
          go-version-file: "go.mod"
@ -30,16 +37,22 @@ jobs:
          S3_BUCKET: ${{ secrets.AWS_BUCKET }}
          GORELEASER_FORCE_TOKEN: "gitea"
          GITEA_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
  release-image:
    runs-on: ubuntu-latest
-    container:
-      image: catthehacker/ubuntu:act-latest
-    env:
-      DOCKER_ORG: gitea
-      DOCKER_LATEST: nightly
+    strategy:
+      matrix:
+        variant:
+          - target: basic
+            tag_suffix: ""
+          - target: dind
+            tag_suffix: "-dind"
+          - target: dind-rootless
+            tag_suffix: "-dind-rootless"
+
    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 0 # all history for all branches and tags

@ -55,47 +68,18 @@ jobs:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

-      - name: Get Meta
-        id: meta
-        run: |
-          echo REPO_NAME=$(echo ${GITHUB_REPOSITORY} | awk -F"/" '{print $2}') >> $GITHUB_OUTPUT
-          echo REPO_VERSION=${GITHUB_REF_NAME#v} >> $GITHUB_OUTPUT
+      - name: Echo the tag
+        run: echo "${{ env.DOCKER_ORG }}/act_runner:nightly${{ matrix.variant.tag_suffix }}"

      - name: Build and push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
        with:
          context: .
          file: ./Dockerfile
-          target: basic
+          target: ${{ matrix.variant.target }}
          platforms: |
            linux/amd64
            linux/arm64
          push: true
          tags: |
-            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}
-
-      - name: Build and push dind
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: ./Dockerfile
-          target: dind
-          platforms: |
-            linux/amd64
-            linux/arm64
-          push: true
-          tags: |
-            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}-dind
-
-      - name: Build and push dind-rootless
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: ./Dockerfile
-          target: dind-rootless
-          platforms: |
-            linux/amd64
-            linux/arm64
-          push: true
-          tags: |
-            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}-dind-rootless
+            ${{ env.DOCKER_ORG }}/act_runner:nightly${{ matrix.variant.tag_suffix }}
--- a/18
+++ b/18
@ -1,3 +1,6 @@
+### BUILDER STAGE
+#
+#
 FROM golang:1.24-alpine AS builder

 # Do not remove `git` here, it is required for getting runner version when executing `make build`
@ -11,9 +14,12 @@ WORKDIR /opt/src/act_runner

 RUN make clean && make build

+### DIND VARIANT
+#
+#
 FROM docker:dind AS dind

-RUN apk add --no-cache s6 bash git
+RUN apk add --no-cache s6 bash git tzdata

 COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner
 COPY scripts/run.sh /usr/local/bin/run.sh
@ -23,10 +29,13 @@ VOLUME /data

 ENTRYPOINT ["s6-svscan","/etc/s6"]

+### DIND-ROOTLESS VARIANT
+#
+#
 FROM docker:dind-rootless AS dind-rootless

 USER root
-RUN apk add --no-cache s6 bash git
+RUN apk add --no-cache s6 bash git tzdata

 COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner
 COPY scripts/run.sh /usr/local/bin/run.sh
@ -41,8 +50,11 @@ ENV DOCKER_HOST=unix:///run/user/1000/docker.sock
 USER rootless
 ENTRYPOINT ["s6-svscan","/etc/s6"]

+### BASIC VARIANT
+#
+#
 FROM alpine AS basic
-RUN apk add --no-cache tini bash git
+RUN apk add --no-cache tini bash git tzdata

 COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner
 COPY scripts/run.sh /usr/local/bin/run.sh
--- a/go.mod
+++ b/go.mod
@ -98,6 +98,6 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )

-replace github.com/nektos/act => gitea.com/gitea/act v0.261.4
+replace github.com/nektos/act => gitea.com/gitea/act v0.261.7

 replace github.com/go-git/go-git/v5 => github.com/go-git/go-git/v5 v5.16.2
--- a/go.sum
+++ b/go.sum
@ -6,8 +6,8 @@ connectrpc.com/connect v1.16.2 h1:ybd6y+ls7GOlb7Bh5C8+ghA6SvCBajHwxssO2CGFjqE=
 connectrpc.com/connect v1.16.2/go.mod h1:n2kgwskMHXC+lVqb18wngEpF95ldBHXjZYJussz5FRc=
 dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
 dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
-gitea.com/gitea/act v0.261.4 h1:Tf9eLlvsYFtKcpuxlMvf9yT3g4Hshb2Beqw6C1STuH8=
-gitea.com/gitea/act v0.261.4/go.mod h1:Pg5C9kQY1CEA3QjthjhlrqOC/QOT5NyWNjOjRHw23Ok=
+gitea.com/gitea/act v0.261.7 h1:0tX0EdWo5uZUgsN/iJGyEAtagqYURrbOuWxyx+LV1Wk=
+gitea.com/gitea/act v0.261.7/go.mod h1:Pg5C9kQY1CEA3QjthjhlrqOC/QOT5NyWNjOjRHw23Ok=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
--- a/internal/app/cmd/daemon.go
+++ b/internal/app/cmd/daemon.go
@ -5,6 +5,7 @@ package cmd

 import (
 	"context"
+	"errors"
 	"fmt"
 	"os"
 	"path"
@ -13,6 +14,7 @@ import (
 	"slices"
 	"strconv"
 	"strings"
+	"time"

 	"connectrpc.com/connect"
 	"github.com/mattn/go-isatty"
@ -64,7 +66,34 @@ func runDaemon(ctx context.Context, daemArgs *daemonArgs, configFile *string) fu
 			log.Warn("no labels configured, runner may not be able to pick up jobs")
 		}

-		if ls.RequireDocker() {
+		if ls.RequireDocker() || cfg.Container.RequireDocker {
+			// Wait for dockerd be ready
+			if timeout := cfg.Container.DockerTimeout; timeout > 0 {
+				tctx, cancel := context.WithTimeout(ctx, timeout)
+				defer cancel()
+				keepRunning := true
+				for keepRunning {
+					dockerSocketPath, err := getDockerSocketPath(cfg.Container.DockerHost)
+					if err != nil {
+						log.Errorf("Failed to get socket path: %s", err.Error())
+					} else if err = envcheck.CheckIfDockerRunning(tctx, dockerSocketPath); errors.Is(err, context.Canceled) {
+						log.Infof("Docker wait timeout of %s expired", timeout.String())
+						break
+					} else if err != nil {
+						log.Errorf("Docker connection failed: %s", err.Error())
+					} else {
+						log.Infof("Docker is ready")
+						break
+					}
+					select {
+					case <-time.After(time.Second):
+					case <-tctx.Done():
+						log.Infof("Docker wait timeout of %s expired", timeout.String())
+						keepRunning = false
+					}
+				}
+			}
+			// Require dockerd be ready
 			dockerSocketPath, err := getDockerSocketPath(cfg.Container.DockerHost)
 			if err != nil {
 				return err
--- a/internal/app/cmd/register.go
+++ b/internal/app/cmd/register.go
@ -93,8 +93,8 @@ const (

 var defaultLabels = []string{
 	"ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest",
+	"ubuntu-24.04:docker://docker.gitea.com/runner-images:ubuntu-24.04",
 	"ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04",
-	"ubuntu-20.04:docker://docker.gitea.com/runner-images:ubuntu-20.04",
 }

 type registerInputs struct {
--- a/internal/app/run/runner.go
+++ b/internal/app/run/runner.go
@ -113,6 +113,17 @@ func (r *Runner) Run(ctx context.Context, task *runnerv1.Task) error {
 	return nil
 }

+// getDefaultActionsURL
+// when DEFAULT_ACTIONS_URL == "https://github.com" and GithubMirror is not blank,
+// it should be set to GithubMirror first.
+func (r *Runner) getDefaultActionsURL(ctx context.Context, task *runnerv1.Task) string {
+	giteaDefaultActionsURL := task.Context.Fields["gitea_default_actions_url"].GetStringValue()
+	if giteaDefaultActionsURL == "https://github.com" && r.cfg.Runner.GithubMirror != "" {
+		return r.cfg.Runner.GithubMirror
+	}
+	return giteaDefaultActionsURL
+}
+
 func (r *Runner) run(ctx context.Context, task *runnerv1.Task, reporter *report.Reporter) (err error) {
 	defer func() {
 		if r := recover(); r != nil {
@ -137,7 +148,7 @@ func (r *Runner) run(ctx context.Context, task *runnerv1.Task, reporter *report.
 	taskContext := task.Context.Fields

 	log.Infof("task %v repo is %v %v %v", task.Id, taskContext["repository"].GetStringValue(),
-		taskContext["gitea_default_actions_url"].GetStringValue(),
+		r.getDefaultActionsURL(ctx, task),
 		r.client.Address())

 	preset := &model.GithubContext{
@ -211,7 +222,7 @@ func (r *Runner) run(ctx context.Context, task *runnerv1.Task, reporter *report.
 		ContainerOptions:      r.cfg.Container.Options,
 		ContainerDaemonSocket: r.cfg.Container.DockerHost,
 		Privileged:            r.cfg.Container.Privileged,
-		DefaultActionInstance: taskContext["gitea_default_actions_url"].GetStringValue(),
+		DefaultActionInstance: r.getDefaultActionsURL(ctx, task),
 		PlatformPicker:        r.labels.PickPlatform,
 		Vars:                  task.Vars,
 		ValidVolumes:          r.cfg.Container.ValidVolumes,
--- a/internal/pkg/config/config.example.yaml
+++ b/internal/pkg/config/config.example.yaml
@ -32,6 +32,11 @@ runner:
  fetch_timeout: 5s
  # The interval for fetching the job from the Gitea instance.
  fetch_interval: 2s
+  # The github_mirror of a runner is used to specify the mirror address of the github that pulls the action repository.
+  # It works when something like `uses: actions/checkout@v4` is used and DEFAULT_ACTIONS_URL is set to github,
+  # and github_mirror is not empty. In this case,
+  # it replaces https://github.com with the value here, which is useful for some special network environments.
+  github_mirror: ''
  # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
  # Like: "macos-arm64:host" or "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest"
  # Find more images provided by Gitea at https://gitea.com/docker.gitea.com/runner-images .
@ -94,6 +99,10 @@ container:
  force_pull: true
  # Rebuild docker image(s) even if already present
  force_rebuild: false
+  # Always require a reachable docker daemon, even if not required by act_runner
+  require_docker: false
+  # Timeout to wait for the docker daemon to be reachable, if docker is required by require_docker or act_runner
+  docker_timeout: 0s

 host:
  # The parent directory of a job's working directory.
--- a/internal/pkg/config/config.go
+++ b/internal/pkg/config/config.go
@ -31,6 +31,7 @@ type Runner struct {
 	FetchTimeout    time.Duration     `yaml:"fetch_timeout"`    // FetchTimeout specifies the timeout duration for fetching resources.
 	FetchInterval   time.Duration     `yaml:"fetch_interval"`   // FetchInterval specifies the interval duration for fetching resources.
 	Labels          []string          `yaml:"labels"`           // Labels specify the labels of the runner. Labels are declared on each startup
+	GithubMirror    string            `yaml:"github_mirror"`    // GithubMirror defines what mirrors should be used when using github
 }

 // Cache represents the configuration for caching.
@ -44,15 +45,17 @@ type Cache struct {

 // Container represents the configuration for the container.
 type Container struct {
-	Network       string   `yaml:"network"`        // Network specifies the network for the container.
-	NetworkMode   string   `yaml:"network_mode"`   // Deprecated: use Network instead. Could be removed after Gitea 1.20
-	Privileged    bool     `yaml:"privileged"`     // Privileged indicates whether the container runs in privileged mode.
-	Options       string   `yaml:"options"`        // Options specifies additional options for the container.
-	WorkdirParent string   `yaml:"workdir_parent"` // WorkdirParent specifies the parent directory for the container's working directory.
-	ValidVolumes  []string `yaml:"valid_volumes"`  // ValidVolumes specifies the volumes (including bind mounts) can be mounted to containers.
-	DockerHost    string   `yaml:"docker_host"`    // DockerHost specifies the Docker host. It overrides the value specified in environment variable DOCKER_HOST.
-	ForcePull     bool     `yaml:"force_pull"`     // Pull docker image(s) even if already present
-	ForceRebuild  bool     `yaml:"force_rebuild"`  // Rebuild docker image(s) even if already present
+	Network       string        `yaml:"network"`        // Network specifies the network for the container.
+	NetworkMode   string        `yaml:"network_mode"`   // Deprecated: use Network instead. Could be removed after Gitea 1.20
+	Privileged    bool          `yaml:"privileged"`     // Privileged indicates whether the container runs in privileged mode.
+	Options       string        `yaml:"options"`        // Options specifies additional options for the container.
+	WorkdirParent string        `yaml:"workdir_parent"` // WorkdirParent specifies the parent directory for the container's working directory.
+	ValidVolumes  []string      `yaml:"valid_volumes"`  // ValidVolumes specifies the volumes (including bind mounts) can be mounted to containers.
+	DockerHost    string        `yaml:"docker_host"`    // DockerHost specifies the Docker host. It overrides the value specified in environment variable DOCKER_HOST.
+	ForcePull     bool          `yaml:"force_pull"`     // Pull docker image(s) even if already present
+	ForceRebuild  bool          `yaml:"force_rebuild"`  // Rebuild docker image(s) even if already present
+	RequireDocker bool          `yaml:"require_docker"` // Always require a reachable docker daemon, even if not required by act_runner
+	DockerTimeout time.Duration `yaml:"docker_timeout"` // Timeout to wait for the docker daemon to be reachable, if docker is required by require_docker or act_runner
 }

 // Host represents the configuration for the host.
Author	SHA1	Message	Date
Christopher Homberger	8920c4a170	Timeout to wait for and optionally require docker always (#741 ) * do not require docker cli in the runner image for waiting for a sidecar dockerd * allow to specify that `:host` labels would also only be accepted if docker is reachable Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-on: https://gitea.com/gitea/act_runner/pulls/741 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Christopher Homberger <christopher.homberger@web.de> Co-committed-by: Christopher Homberger <christopher.homberger@web.de>	2025-08-28 17:28:08 +00:00
Akkuman	bbf9d7e90f	feat: support github mirror (#716 ) ref: https://github.com/go-gitea/gitea/issues/34858 when github_mirror='https://ghfast.top/https://github.com' it will clone from the github mirror However, there is an exception: because the cache is hashed using the string, if the same cache has been used before, it will still be pulled from github, only for the newly deployed act_ruuner In the following two scenarios, it will solve the problem encountered: 1. some github mirror is https://xxx.com/https://github.com/actions/checkout@v4, it will report error `Expected format {org}/{repo}[/path]@ref. Actual ‘https://xxx.com/https://github.com/actions/checkout@v4’ Input string was not in a correct format` 2. If I use an action that has a dependency on another action, even if I configure the url of the action I want to use, the action that the action introduces will still pull from github. for example `02882cc2d9/action.yml (L127-L132)` Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-on: https://gitea.com/gitea/act_runner/pulls/716 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Akkuman <akkumans@qq.com> Co-committed-by: Akkuman <akkumans@qq.com>	2025-08-28 16:57:01 +00:00
Daan Selen	46f471a900	refac(workflow): use matrix to compile different docker images (#740 ) I have made this to speed up and make it more robust. The matrix executes the jobs in parallel, doing some things perhaps double. But making overall management easier due to the simple defined variables at the top of the matrix declaration. Co-authored-by: Daan Selen <dselen@systemec.nl> Reviewed-on: https://gitea.com/gitea/act_runner/pulls/740 Reviewed-by: techknowlogick <techknowlogick@noreply.gitea.com> Co-authored-by: Daan Selen <dselen@nerthus.nl> Co-committed-by: Daan Selen <dselen@nerthus.nl>	2025-08-22 23:49:20 +00:00
DaanSelen	aa28f8d99c	feat(docker): add TZ env variable working (#738 ) Relevant: https://gitea.com/gitea/act_runner/issues/735 See my example below, `edit` is my PR, `non-edit` is the origin/main. ``` dselen@N-DESKTOP1:~/development/act_runner$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE runner edit b12322f8c3f0 26 seconds ago 43.5MB runner non-edit e5593ad32c16 34 minutes ago 43.1MB dselen@N-DESKTOP1:~/development/act_runner$ docker run -d -e TZ=Europe/Amsterdam runner:non-edit 5f26979515f461a2a7e342aa586d7b91224d2d3c3dcf1ed0c1e7293ff00645a4 dselen@N-DESKTOP1:~/development/act_runner$ docker run -d -e TZ=Europe/Amsterdam runner:edit 9cc5fc6b364cf07776d97c6c60c03f23372eb2c93c7da8d3d80f4f6dc2a6b10e dselen@N-DESKTOP1:~/development/act_runner$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 9cc5fc6b364c runner:edit "/sbin/tini -- run.sh" 2 seconds ago Up 2 seconds serene_bardeen 5f26979515f4 runner:non-edit "/sbin/tini -- run.sh" 5 seconds ago Up 5 seconds jovial_euler dselen@N-DESKTOP1:~/development/act_runner$ docker exec -it jovial_euler bash 5f26979515f4:/# date Thu Aug 21 16:40:35 UTC 2025 dselen@N-DESKTOP1:~/development/act_runner$ docker exec -it serene_bardeen bash 9cc5fc6b364c:/# date Thu Aug 21 18:40:42 CEST 2025 ``` I do not see why this would not be acceptable, its only 400KB Regards. Reviewed-on: https://gitea.com/gitea/act_runner/pulls/738 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-by: ChristopherHX <christopherhx@noreply.gitea.com> Co-authored-by: DaanSelen <daanselen@noreply.gitea.com> Co-committed-by: DaanSelen <daanselen@noreply.gitea.com>	2025-08-21 23:56:32 +00:00
Christopher Homberger	6a7e18b124	Allow node24 actions (#737 ) * `node` Tool is used regardless of this change * upgrade images with `node` = `node24` if required * actions/checkout@v5 now passing validation Fixes #729 Reviewed-on: https://gitea.com/gitea/act_runner/pulls/737 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Christopher Homberger <christopher.homberger@web.de> Co-committed-by: Christopher Homberger <christopher.homberger@web.de>	2025-08-21 17:47:26 +00:00
telackey	53329c46ff	Add ubuntu-24.04 label to defaults. (#724 ) Simple change to include ubuntu-24.04 in the default list. While ubuntu-latest already points to the same image (at this time) it is appropriate to have it by version as well. Co-authored-by: techknowlogick <techknowlogick@gitea.com> Reviewed-on: https://gitea.com/gitea/act_runner/pulls/724 Co-authored-by: telackey <telackey@noreply.gitea.com> Co-committed-by: telackey <telackey@noreply.gitea.com>	2025-07-22 14:47:30 +00:00