document the secret and how it is different from the token

2023-09-04 18:19:15 +02:00 · 2023-09-04 18:19:15 +02:00 · a379783994
parent b1bfa4968e
commit a379783994
4 changed files with 34 additions and 12 deletions
--- a/.forgejo/workflows/example-docker-compose.yml
+++ b/.forgejo/workflows/example-docker-compose.yml
@ -28,6 +28,8 @@ jobs:
        run: |
          set -x
          cd examples/docker-compose
          secret=$(openssl rand -hex 20)
          sed -i -e "s/{SHARED_SECRET}/$secret/" compose-forgejo-and-runner.yml
          cli="docker compose -f compose-forgejo-and-runner.yml -f compose-demo-workflow.yml"
          #
          # Launch
--- a/examples/docker-compose/README.md
+++ b/examples/docker-compose/README.md
@ -8,6 +8,20 @@ used by the `Forgejo runner` to execute the workflows.
 ### Running
 Create a shared secret with:
 ```sh
 openssl rand -hex 20
 ```
 Replace all occurences of {SHARED_SECRET} in
 [compose-forgejo-and-runner.yml](compose-forgejo-and-runner.yml).
 > **NOTE:** a token obtained from the Forgejo web interface cannot be used as a shared secret.
 Replace {ROOT_PASSWORD} with a secure password in
 [compose-forgejo-and-runner.yml](compose-forgejo-and-runner.yml).
 ```sh
 docker-compose -f compose-forgejo-and-runner.yml up
 Creating docker-compose_docker-in-docker_1 ... done
@ -27,17 +41,10 @@ To login the Forgejo instance:
 * URL: http://0.0.0.0:8080
 * user: root
-* password: admin1234
+* password: {ROOT_PASSWORD}
 `Forgejo Actions` is enabled by default when creating a repository.
 ### Security
 This is a demo and **must not be used in production** because:
 * the runner secret is hardcoded
 * the admin password is hardcoded to admin1234
 ## Tests workflow
 The `compose-demo-workflow.yml` compose file runs a demo workflow to
--- a/examples/docker-compose/compose-demo-workflow.yml
+++ b/examples/docker-compose/compose-demo-workflow.yml
@ -25,7 +25,7 @@ services:
      git config user.name username ;
      git commit -m 'demo' ;
      while : ; do
-        git push --set-upstream --force http://root:admin1234@forgejo:3000/root/test main && break ;
+        git push --set-upstream --force http://root:{ROOT_PASSWORD}@forgejo:3000/root/test main && break ;
        sleep 5 ;
      done ;
      sha=`git rev-parse HEAD` ;
--- a/examples/docker-compose/compose-forgejo-and-runner.yml
+++ b/examples/docker-compose/compose-forgejo-and-runner.yml
@ -1,6 +1,19 @@
 # Copyright 2023 The Forgejo Authors.
 # SPDX-License-Identifier: MIT
 #
 # Create a secret with:
 #
 #   openssl rand -hex 20
 #
 # Replace all occurences of {SHARED_SECRET} below with the output.
 #
 # NOTE: a token obtained from the Forgejo web interface cannot be used
 #       as a shared secret.
 #
 # Replace {ROOT_PASSWORD} with a secure password
 #
 version: "3"
 services:
@ -16,8 +29,8 @@ services:
      bash -c '
      /bin/s6-svscan /etc/s6 &
      sleep 10 ;
-      su -c "forgejo forgejo-cli actions register --secret e3359786173a7aeb3818c19637479c5dbd7c5abb --labels docker --version 3.0.0" git ;
+      su -c "forgejo forgejo-cli actions register --secret {SHARED_SECRET} --labels docker --version 3.0.0" git ;
-      su -c "forgejo admin user create --admin --username root --password admin1234 --email root@example.com" git ;
+      su -c "forgejo admin user create --admin --username root --password {ROOT_PASSWORD} --email root@example.com" git ;
      sleep infinity
      '
    environment:
@ -45,7 +58,7 @@ services:
    command: >-
      bash -c '
      while : ; do
-        forgejo-runner create-runner-file --instance http://forgejo:3000 --name runner --secret e3359786173a7aeb3818c19637479c5dbd7c5abb && break ;
+        forgejo-runner create-runner-file --instance http://forgejo:3000 --name runner --secret {SHARED_SECRET} && break ;
        sleep 1 ;
      done ;
      forgejo-runner generate-config > config.yml ;