Use DOCKER_SOCKET_PROXY_HOST for gitea-runner Docker host
This commit is contained in:
beatz174-bit
@@ -0,0 +1,55 @@
|
||||
# Gitea
|
||||
|
||||
## Gitea Actions
|
||||
|
||||
Gitea Actions is enabled by setting:
|
||||
|
||||
- `GITEA__actions__ENABLED=true`
|
||||
|
||||
## Runner service
|
||||
|
||||
The repository includes a dedicated Gitea Actions runner service named:
|
||||
|
||||
- `gitea-runner`
|
||||
|
||||
The runner uses Docker through the existing Docker socket proxy:
|
||||
|
||||
- `DOCKER_HOST=tcp://docker-socket-proxy:2375`
|
||||
|
||||
The runner intentionally **does not** mount:
|
||||
|
||||
- `/var/run/docker.sock`
|
||||
|
||||
## Registration token
|
||||
|
||||
Generate a runner registration token from the Gitea UI:
|
||||
|
||||
- Site Administration → Actions → Runners
|
||||
- or Repo → Settings → Actions → Runners
|
||||
|
||||
Put the token in your env/secrets file:
|
||||
|
||||
- `GITEA_RUNNER_REGISTRATION_TOKEN=...`
|
||||
|
||||
## Start the runner
|
||||
|
||||
- `./services-up.sh --profile gitea up -d gitea-runner`
|
||||
- or `./services-up.sh --profile all up -d gitea-runner`
|
||||
|
||||
## Logs
|
||||
|
||||
- `docker logs -f gitea-runner`
|
||||
|
||||
## Labels
|
||||
|
||||
Common workflow label:
|
||||
|
||||
- `runs-on: ubuntu-latest`
|
||||
|
||||
This should match the configured labels, for example:
|
||||
|
||||
- `GITEA_RUNNER_LABELS=ubuntu-latest:docker://node:20-bookworm,...`
|
||||
|
||||
## Security note
|
||||
|
||||
The runner can control Docker through `docker-socket-proxy`. This is safer than mounting the raw Docker socket directly, but workflows still have meaningful control over Docker. Only trusted repositories/users should be allowed to run workflows on this runner.
|
||||
Reference in New Issue
Block a user