From 1139bb7d12ff7889694b24731707e153678ab960 Mon Sep 17 00:00:00 2001 From: s3lph Date: Tue, 14 Nov 2023 19:16:09 +0100 Subject: [PATCH 1/3] feat(docker): Add flag to enable IPv6 in auto-created networks --- internal/app/cmd/exec.go | 63 +++++++++++++------------ internal/app/run/runner.go | 45 +++++++++--------- internal/pkg/config/config.example.yaml | 3 ++ internal/pkg/config/config.go | 1 + 4 files changed, 60 insertions(+), 52 deletions(-) diff --git a/internal/app/cmd/exec.go b/internal/app/cmd/exec.go index 1092fac..8efc45f 100644 --- a/internal/app/cmd/exec.go +++ b/internal/app/cmd/exec.go @@ -58,6 +58,7 @@ type executeArgs struct { image string cacheHandler *artifactcache.Handler network string + enableIPv6 bool githubInstance string } @@ -378,36 +379,37 @@ func runExec(ctx context.Context, execArgs *executeArgs) func(cmd *cobra.Command // run the plan config := &runner.Config{ - Workdir: execArgs.Workdir(), - BindWorkdir: false, - ReuseContainers: false, - ForcePull: execArgs.forcePull, - ForceRebuild: execArgs.forceRebuild, - LogOutput: true, - JSONLogger: execArgs.jsonLogger, - Env: execArgs.LoadEnvs(), - Secrets: execArgs.LoadSecrets(), - InsecureSecrets: execArgs.insecureSecrets, - Privileged: execArgs.privileged, - UsernsMode: execArgs.usernsMode, - ContainerArchitecture: execArgs.containerArchitecture, - ContainerDaemonSocket: execArgs.containerDaemonSocket, - UseGitIgnore: execArgs.useGitIgnore, - GitHubInstance: execArgs.githubInstance, - ContainerCapAdd: execArgs.containerCapAdd, - ContainerCapDrop: execArgs.containerCapDrop, - ContainerOptions: execArgs.containerOptions, - AutoRemove: true, - ArtifactServerPath: execArgs.artifactServerPath, - ArtifactServerPort: execArgs.artifactServerPort, - ArtifactServerAddr: execArgs.artifactServerAddr, - NoSkipCheckout: execArgs.noSkipCheckout, - // PresetGitHubContext: preset, - // EventJSON: string(eventJSON), - ContainerNamePrefix: fmt.Sprintf("FORGEJO-ACTIONS-TASK-%s", eventName), - ContainerMaxLifetime: maxLifetime, - ContainerNetworkMode: container.NetworkMode(execArgs.network), - DefaultActionInstance: execArgs.defaultActionsURL, + Workdir: execArgs.Workdir(), + BindWorkdir: false, + ReuseContainers: false, + ForcePull: execArgs.forcePull, + ForceRebuild: execArgs.forceRebuild, + LogOutput: true, + JSONLogger: execArgs.jsonLogger, + Env: execArgs.LoadEnvs(), + Secrets: execArgs.LoadSecrets(), + InsecureSecrets: execArgs.insecureSecrets, + Privileged: execArgs.privileged, + UsernsMode: execArgs.usernsMode, + ContainerArchitecture: execArgs.containerArchitecture, + ContainerDaemonSocket: execArgs.containerDaemonSocket, + UseGitIgnore: execArgs.useGitIgnore, + GitHubInstance: execArgs.githubInstance, + ContainerCapAdd: execArgs.containerCapAdd, + ContainerCapDrop: execArgs.containerCapDrop, + ContainerOptions: execArgs.containerOptions, + AutoRemove: true, + ArtifactServerPath: execArgs.artifactServerPath, + ArtifactServerPort: execArgs.artifactServerPort, + ArtifactServerAddr: execArgs.artifactServerAddr, + NoSkipCheckout: execArgs.noSkipCheckout, + // PresetGitHubContext: preset, + // EventJSON: string(eventJSON), + ContainerNamePrefix: fmt.Sprintf("FORGEJO-ACTIONS-TASK-%s", eventName), + ContainerMaxLifetime: maxLifetime, + ContainerNetworkMode: container.NetworkMode(execArgs.network), + ContainerNetworkEnableIPv6: execArgs.enableIPv6, + DefaultActionInstance: execArgs.defaultActionsURL, PlatformPicker: func(_ []string) string { return execArgs.image }, @@ -486,6 +488,7 @@ func loadExecCmd(ctx context.Context) *cobra.Command { execCmd.PersistentFlags().BoolVarP(&execArg.dryrun, "dryrun", "n", false, "dryrun mode") execCmd.PersistentFlags().StringVarP(&execArg.image, "image", "i", "node:16-bullseye", "docker image to use") execCmd.PersistentFlags().StringVarP(&execArg.network, "network", "", "", "Specify the network to which the container will connect") + execCmd.PersistentFlags().BoolVarP(&execArg.enableIPv6, "enable-ipv6", "6", false, "Create network with IPv6 enabled.") execCmd.PersistentFlags().StringVarP(&execArg.githubInstance, "gitea-instance", "", "", "Gitea instance to use.") return execCmd diff --git a/internal/app/run/runner.go b/internal/app/run/runner.go index 477fc93..0884c50 100644 --- a/internal/app/run/runner.go +++ b/internal/app/run/runner.go @@ -189,28 +189,29 @@ func (r *Runner) run(ctx context.Context, task *runnerv1.Task, reporter *report. BindWorkdir: false, ActionCacheDir: filepath.FromSlash(r.cfg.Host.WorkdirParent), - ReuseContainers: false, - ForcePull: r.cfg.Container.ForcePull, - ForceRebuild: false, - LogOutput: true, - JSONLogger: false, - Env: r.envs, - Secrets: task.Secrets, - GitHubInstance: strings.TrimSuffix(r.client.Address(), "/"), - AutoRemove: true, - NoSkipCheckout: true, - PresetGitHubContext: preset, - EventJSON: string(eventJSON), - ContainerNamePrefix: fmt.Sprintf("GITEA-ACTIONS-TASK-%d", task.Id), - ContainerMaxLifetime: maxLifetime, - ContainerNetworkMode: container.NetworkMode(r.cfg.Container.Network), - ContainerOptions: r.cfg.Container.Options, - ContainerDaemonSocket: r.cfg.Container.DockerHost, - Privileged: r.cfg.Container.Privileged, - DefaultActionInstance: taskContext["gitea_default_actions_url"].GetStringValue(), - PlatformPicker: r.labels.PickPlatform, - Vars: task.Vars, - ValidVolumes: r.cfg.Container.ValidVolumes, + ReuseContainers: false, + ForcePull: r.cfg.Container.ForcePull, + ForceRebuild: false, + LogOutput: true, + JSONLogger: false, + Env: r.envs, + Secrets: task.Secrets, + GitHubInstance: strings.TrimSuffix(r.client.Address(), "/"), + AutoRemove: true, + NoSkipCheckout: true, + PresetGitHubContext: preset, + EventJSON: string(eventJSON), + ContainerNamePrefix: fmt.Sprintf("GITEA-ACTIONS-TASK-%d", task.Id), + ContainerMaxLifetime: maxLifetime, + ContainerNetworkMode: container.NetworkMode(r.cfg.Container.Network), + ContainerNetworkEnableIPv6: r.cfg.Container.EnableIPv6, + ContainerOptions: r.cfg.Container.Options, + ContainerDaemonSocket: r.cfg.Container.DockerHost, + Privileged: r.cfg.Container.Privileged, + DefaultActionInstance: taskContext["gitea_default_actions_url"].GetStringValue(), + PlatformPicker: r.labels.PickPlatform, + Vars: task.Vars, + ValidVolumes: r.cfg.Container.ValidVolumes, } rr, err := runner.New(runnerConfig) diff --git a/internal/pkg/config/config.example.yaml b/internal/pkg/config/config.example.yaml index 5c185f2..54e49c0 100644 --- a/internal/pkg/config/config.example.yaml +++ b/internal/pkg/config/config.example.yaml @@ -58,6 +58,9 @@ container: # Could be host, bridge or the name of a custom network. # If it's empty, create a network automatically. network: "" + # Whether to create networks with IPv6 enabled. Requires the Docker daemon to be set up accordingly. + # Only takes effect if "network" is set to "". + enable_ipv6: false # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker). privileged: false # And other options to be used when the container is started (eg, --add-host=my.forgejo.url:host-gateway). diff --git a/internal/pkg/config/config.go b/internal/pkg/config/config.go index 46fd059..f0b12fd 100644 --- a/internal/pkg/config/config.go +++ b/internal/pkg/config/config.go @@ -45,6 +45,7 @@ type Cache struct { type Container struct { Network string `yaml:"network"` // Network specifies the network for the container. NetworkMode string `yaml:"network_mode"` // Deprecated: use Network instead. Could be removed after Gitea 1.20 + EnableIPv6 bool `yaml:"enable_ipv6"` // EnableIPv6 indicates whether the network is created with IPv6 enabled. Privileged bool `yaml:"privileged"` // Privileged indicates whether the container runs in privileged mode. Options string `yaml:"options"` // Options specifies additional options for the container. WorkdirParent string `yaml:"workdir_parent"` // WorkdirParent specifies the parent directory for the container's working directory. From 863fb9c760e7f0d7dec9081295f7a99212dd2854 Mon Sep 17 00:00:00 2001 From: s3lph Date: Wed, 15 Nov 2023 00:36:40 +0100 Subject: [PATCH 2/3] chore: update forgejo/act to v1.17.0 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 74f62b4..b84659b 100644 --- a/go.mod +++ b/go.mod @@ -93,4 +93,4 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect ) -replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.16.0 +replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.17.0 diff --git a/go.sum b/go.sum index 2520661..1ebe8a9 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -code.forgejo.org/forgejo/act v1.16.0 h1:PmyGkws5faSuBxisT01DC08FQd9Ia3b+0cqM8gDh6F8= -code.forgejo.org/forgejo/act v1.16.0/go.mod h1:YthlRq0FUQIzgfJ3ZWvCvVq3I3VsC9s2NYQ9b2Uxccs= +code.forgejo.org/forgejo/act v1.17.0 h1:iMxW0HUsWix3SWIzI1MbL+xVe6aEypd8UeFIVfmMKmo= +code.forgejo.org/forgejo/act v1.17.0/go.mod h1:YthlRq0FUQIzgfJ3ZWvCvVq3I3VsC9s2NYQ9b2Uxccs= code.gitea.io/actions-proto-go v0.3.1 h1:PMyiQtBKb8dNnpEO2R5rcZdXSis+UQZVo/SciMtR1aU= code.gitea.io/actions-proto-go v0.3.1/go.mod h1:00ys5QDo1iHN1tHNvvddAcy2W/g+425hQya1cCSvq9A= code.gitea.io/gitea-vet v0.2.3-0.20230113022436-2b1561217fa5 h1:daBEK2GQeqGikJESctP5Cu1i33z5ztAD4kyQWiw185M= From 7db5a7f8d9a0d4304aa889b90a75e49f1d6f7c91 Mon Sep 17 00:00:00 2001 From: s3lph Date: Wed, 15 Nov 2023 01:10:02 +0100 Subject: [PATCH 3/3] chore: make fmt --- internal/app/cmd/exec.go | 48 ++++++++++++++++++++-------------------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/internal/app/cmd/exec.go b/internal/app/cmd/exec.go index 8efc45f..ffd932c 100644 --- a/internal/app/cmd/exec.go +++ b/internal/app/cmd/exec.go @@ -379,30 +379,30 @@ func runExec(ctx context.Context, execArgs *executeArgs) func(cmd *cobra.Command // run the plan config := &runner.Config{ - Workdir: execArgs.Workdir(), - BindWorkdir: false, - ReuseContainers: false, - ForcePull: execArgs.forcePull, - ForceRebuild: execArgs.forceRebuild, - LogOutput: true, - JSONLogger: execArgs.jsonLogger, - Env: execArgs.LoadEnvs(), - Secrets: execArgs.LoadSecrets(), - InsecureSecrets: execArgs.insecureSecrets, - Privileged: execArgs.privileged, - UsernsMode: execArgs.usernsMode, - ContainerArchitecture: execArgs.containerArchitecture, - ContainerDaemonSocket: execArgs.containerDaemonSocket, - UseGitIgnore: execArgs.useGitIgnore, - GitHubInstance: execArgs.githubInstance, - ContainerCapAdd: execArgs.containerCapAdd, - ContainerCapDrop: execArgs.containerCapDrop, - ContainerOptions: execArgs.containerOptions, - AutoRemove: true, - ArtifactServerPath: execArgs.artifactServerPath, - ArtifactServerPort: execArgs.artifactServerPort, - ArtifactServerAddr: execArgs.artifactServerAddr, - NoSkipCheckout: execArgs.noSkipCheckout, + Workdir: execArgs.Workdir(), + BindWorkdir: false, + ReuseContainers: false, + ForcePull: execArgs.forcePull, + ForceRebuild: execArgs.forceRebuild, + LogOutput: true, + JSONLogger: execArgs.jsonLogger, + Env: execArgs.LoadEnvs(), + Secrets: execArgs.LoadSecrets(), + InsecureSecrets: execArgs.insecureSecrets, + Privileged: execArgs.privileged, + UsernsMode: execArgs.usernsMode, + ContainerArchitecture: execArgs.containerArchitecture, + ContainerDaemonSocket: execArgs.containerDaemonSocket, + UseGitIgnore: execArgs.useGitIgnore, + GitHubInstance: execArgs.githubInstance, + ContainerCapAdd: execArgs.containerCapAdd, + ContainerCapDrop: execArgs.containerCapDrop, + ContainerOptions: execArgs.containerOptions, + AutoRemove: true, + ArtifactServerPath: execArgs.artifactServerPath, + ArtifactServerPort: execArgs.artifactServerPort, + ArtifactServerAddr: execArgs.artifactServerAddr, + NoSkipCheckout: execArgs.noSkipCheckout, // PresetGitHubContext: preset, // EventJSON: string(eventJSON), ContainerNamePrefix: fmt.Sprintf("FORGEJO-ACTIONS-TASK-%s", eventName),