beatz174-bit
56 lines
1.3 KiB
Markdown
56 lines
1.3 KiB
Markdown
# Gitea
|
|
|
|
## Gitea Actions
|
|
|
|
Gitea Actions is enabled by setting:
|
|
|
|
- `GITEA__actions__ENABLED=true`
|
|
|
|
## Runner service
|
|
|
|
The repository includes a dedicated Gitea Actions runner service named:
|
|
|
|
- `gitea-runner`
|
|
|
|
The runner uses Docker through the existing Docker socket proxy:
|
|
|
|
- `DOCKER_HOST=tcp://docker-socket-proxy:2375`
|
|
|
|
The runner intentionally **does not** mount:
|
|
|
|
- `/var/run/docker.sock`
|
|
|
|
## Registration token
|
|
|
|
Generate a runner registration token from the Gitea UI:
|
|
|
|
- Site Administration → Actions → Runners
|
|
- or Repo → Settings → Actions → Runners
|
|
|
|
Put the token in your env/secrets file:
|
|
|
|
- `GITEA_RUNNER_REGISTRATION_TOKEN=...`
|
|
|
|
## Start the runner
|
|
|
|
- `./services-up.sh --profile gitea up -d gitea-runner`
|
|
- or `./services-up.sh --profile all up -d gitea-runner`
|
|
|
|
## Logs
|
|
|
|
- `docker logs -f gitea-runner`
|
|
|
|
## Labels
|
|
|
|
Common workflow label:
|
|
|
|
- `runs-on: ubuntu-latest`
|
|
|
|
This should match the configured labels, for example:
|
|
|
|
- `GITEA_RUNNER_LABELS=ubuntu-latest:docker://node:20-bookworm,...`
|
|
|
|
## Security note
|
|
|
|
The runner can control Docker through `docker-socket-proxy`. This is safer than mounting the raw Docker socket directly, but workflows still have meaningful control over Docker. Only trusted repositories/users should be allowed to run workflows on this runner.
|