# Gitea

## Gitea Actions

Gitea Actions is enabled by setting:

- `GITEA__actions__ENABLED=true`

## Runner service

The repository includes a dedicated Gitea Actions runner service named:

- `gitea-runner`

The runner uses Docker through the existing Docker socket proxy:

- `DOCKER_HOST=tcp://docker-socket-proxy:2375`

The runner intentionally **does not** mount:

- `/var/run/docker.sock`

## Registration token

Generate a runner registration token from the Gitea UI:

- Site Administration → Actions → Runners
- or Repo → Settings → Actions → Runners

Put the token in your env/secrets file:

- `GITEA_RUNNER_REGISTRATION_TOKEN=...`

## Start the runner

- `./services-up.sh --profile gitea up -d gitea-runner`
- or `./services-up.sh --profile all up -d gitea-runner`

## Logs

- `docker logs -f gitea-runner`

## Labels

Common workflow label:

- `runs-on: ubuntu-latest`

This should match the configured labels, for example:

- `GITEA_RUNNER_LABELS=ubuntu-latest:docker://node:20-bookworm,...`

## Security note

The runner can control Docker through `docker-socket-proxy`. This is safer than mounting the raw Docker socket directly, but workflows still have meaningful control over Docker. Only trusted repositories/users should be allowed to run workflows on this runner.