From 6980165781e142ab7b393976d89e3c4b658e2e40 Mon Sep 17 00:00:00 2001 From: zwanto Date: Sun, 7 Apr 2024 16:07:00 +0000 Subject: [PATCH] Fix for using docker inside runner's container (#175) #153 Co-authored-by: zwanto Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/175 Reviewed-by: earl-warren Co-authored-by: zwanto Co-committed-by: zwanto --- examples/docker-compose/README.md | 23 ++++++++++++---- .../docker-compose/compose-demo-workflow.yml | 3 +-- .../compose-forgejo-and-runner.yml | 26 ++++++++++++++----- 3 files changed, 38 insertions(+), 14 deletions(-) diff --git a/examples/docker-compose/README.md b/examples/docker-compose/README.md index 56b4e1e..08738c8 100644 --- a/examples/docker-compose/README.md +++ b/examples/docker-compose/README.md @@ -39,7 +39,7 @@ Creating docker-compose_docker-in-docker_1 ... done Creating docker-compose_forgejo_1 ... done Creating docker-compose_runner-register_1 ... done ... -docker-in-docker_1 | time="2023-08-24T10:22:15.023338461Z" level=warning msg="WARNING: API is accessible on http://0.0.0.0:2375 +docker-in-docker_1 | time="2023-08-24T10:22:15.023338461Z" level=warning msg="WARNING: API is accessible on http://0.0.0.0:2376 ... forgejo_1 | 2023/08/24 10:22:14 ...s/graceful/server.go:75:func1() [D] Starting server on tcp:0.0.0.0:3000 (PID: 19) ... @@ -58,12 +58,14 @@ To login the Forgejo instance: ## Tests workflow -The `compose-demo-workflow.yml` compose file runs a demo workflow to -verify the `Forgejo runner` can pick up a task from the Forgejo instance +The `compose-demo-workflow.yml` compose file runs two demo workflows: +* one to verify the `Forgejo runner` can pick up a task from the Forgejo instance and run it to completion. +* one to verify docker can be run inside the `Forgejo runner` container. -A new repository is created in root/test with the following workflow -in `.forgejo/workflows/demo.yml`: +A new repository is created in root/test with the following workflows: + +#### `.forgejo/workflows/demo.yml`: ```yaml on: [push] @@ -74,6 +76,17 @@ jobs: - run: echo All Good ``` +#### `.forgejo/workflows/demo_docker.yml` + +```yaml +on: [push] +jobs: + test_docker: + runs-on: ubuntu-22.04 + steps: + - run: docker info +``` + A wait loop expects the status of the check associated with the commit in Forgejo to show "success" to assert the workflow was run. diff --git a/examples/docker-compose/compose-demo-workflow.yml b/examples/docker-compose/compose-demo-workflow.yml index 4cc49bf..1466635 100644 --- a/examples/docker-compose/compose-demo-workflow.yml +++ b/examples/docker-compose/compose-demo-workflow.yml @@ -1,8 +1,6 @@ # Copyright 2023 The Forgejo Authors. # SPDX-License-Identifier: MIT -version: "3" - services: demo-workflow: @@ -20,6 +18,7 @@ services: git init --initial-branch=main ; mkdir -p .forgejo/workflows ; echo "{ on: [push], jobs: { test: { runs-on: docker, steps: [ {uses: actions/checkout@v4}, { run: echo All Good } ] } } }" > .forgejo/workflows/demo.yml ; + echo "{ on: [push], jobs: { test_docker: { runs-on: ubuntu-22.04, steps: [ { run: docker info } ] } } }" > .forgejo/workflows/demo_docker.yml ; git add . ; git config user.email root@example.com ; git config user.name username ; diff --git a/examples/docker-compose/compose-forgejo-and-runner.yml b/examples/docker-compose/compose-forgejo-and-runner.yml index e9e7c6b..1269a92 100644 --- a/examples/docker-compose/compose-forgejo-and-runner.yml +++ b/examples/docker-compose/compose-forgejo-and-runner.yml @@ -14,14 +14,20 @@ # Replace {ROOT_PASSWORD} with a secure password # -version: "3" +volumes: + docker_certs: services: docker-in-docker: image: docker:dind - privileged: true - command: [ "dockerd", "-H", "tcp://0.0.0.0:2375", "--tls=false" ] + hostname: docker # Must set hostname as TLS certificates are only valid for docker or localhost + privileged: true + environment: + DOCKER_TLS_CERTDIR: /certs + DOCKER_HOST: docker-in-docker + volumes: + - docker_certs:/certs forgejo: image: codeberg.org/forgejo/forgejo:1.21 @@ -29,7 +35,7 @@ services: bash -c ' /bin/s6-svscan /etc/s6 & sleep 10 ; - su -c "forgejo forgejo-cli actions register --secret {SHARED_SECRET} --labels docker --version 3.3.0" git ; + su -c "forgejo forgejo-cli actions register --secret {SHARED_SECRET} --labels docker,ubuntu-22.04 --version 3.3.0" git ; su -c "forgejo admin user create --admin --username root --password {ROOT_PASSWORD} --email root@example.com" git ; sleep infinity ' @@ -50,7 +56,7 @@ services: - docker-in-docker - forgejo environment: - DOCKER_HOST: tcp://docker-in-docker:2375 + DOCKER_HOST: tcp://docker-in-docker:2376 volumes: - /srv/runner-data:/data user: 0:0 @@ -60,9 +66,12 @@ services: forgejo-runner create-runner-file --connect --instance http://forgejo:3000 --name runner --secret {SHARED_SECRET} && break ; sleep 1 ; done ; + sed -i -e "s|\"labels\": null|\"labels\": [\"docker:docker://node:16-bullseye\", \"ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04\"]|" .runner ; forgejo-runner generate-config > config.yml ; sed -i -e "s|network: .*|network: host|" config.yml ; - sed -i -e "s|labels: \[\]|labels: \[\"docker:docker://alpine:3.18\"\]|" config.yml ; + sed -i -e "s|^ envs:$$| envs:\n DOCKER_HOST: tcp://docker:2376\n DOCKER_TLS_VERIFY: 1\n DOCKER_CERT_PATH: /certs/client|" config.yml ; + sed -i -e "s|^ options:| options: -v /certs/client:/certs/client|" config.yml ; + sed -i -e "s| valid_volumes: \[\]$$| valid_volumes:\n - /certs/client|" config.yml ; chown -R 1000:1000 /data ' @@ -72,10 +81,13 @@ services: - docker-in-docker - forgejo environment: - DOCKER_HOST: tcp://docker-in-docker:2375 + DOCKER_HOST: tcp://docker:2376 + DOCKER_CERT_PATH: /certs/client + DOCKER_TLS_VERIFY: "1" depends_on: runner-register: condition: service_completed_successfully volumes: - /srv/runner-data:/data + - docker_certs:/certs command: "forgejo-runner --config config.yml daemon"