wurzel/fruitbasket
9
1
Fork 0
Code Issues 5 Pull requests Packages Projects Releases Wiki Activity

forgejo: set up a runner #90

Closed
rouven.seifert wants to merge 0 commits from forgejo-runner into main
pull from: forgejo-runner
merge into: wurzel:main
Conversation 4 Commits - Files changed -
rouven.seifert commented 2024-04-11 15:35:22 +02:00
Owner
Copy link

Inital runner configuration stacked together from docs and nix defaults.
Needs review whether it works this way:

Docker

  • Docker is installed on the host
  • We may need to add the user git to the docker group or run docker in rootless mode.

Native

  • Enables Nix actions and automatic building of the config on every push (actual deploy is still manually but could be automated too)
  • Security implications?
Inital runner configuration stacked together from docs and nix defaults. Needs review whether it works this way: ### Docker - Docker is installed on the host - We may need to add the user `git` to the `docker` group or run docker in rootless mode. ### Native - Enables Nix actions and automatic building of the config on every push (actual deploy is still manually but could be automated too) - Security implications?
rouven.seifert self-assigned this 2024-04-11 15:35:23 +02:00
fugi was assigned by rouven.seifert 2024-04-11 15:35:23 +02:00
rouven.seifert added 1 commit 2024-04-11 15:35:23 +02:00
rouven.seifert changed title from IP: forgejo: initial runner configuration to WIP: forgejo: initial runner configuration 2024-04-11 15:41:00 +02:00
rouven.seifert changed title from WIP: forgejo: initial runner configuration to WIP: forgejo: set up a runner 2024-04-11 15:49:29 +02:00
fugi commented 2024-04-11 17:12:25 +02:00
Owner
Copy link
  • We may need to add the user git to the docker group or run docker in rootless mode.

Seems like the runner has its own user. I'm a bit torn about adding it to the docker group as that basically means root access, which could be bad if someone manages to exploit the runner itself.

Maybe it would be best to stick it in a (micro) VM?

> - We may need to add the user `git` to the `docker` group or run docker in rootless mode. Seems like the runner has its own user. I'm a bit torn about adding it to the `docker` group as that basically means root access, which could be bad if someone manages to exploit the runner itself. Maybe it would be best to stick it in a (micro) VM?
rouven.seifert commented 2024-04-11 17:25:33 +02:00
Author
Owner
Copy link

Maybe it would be best to stick it in a (micro) VM?

It's worth a try. This would also allow the native mode in a nice sandbox.

Systemd containers probably aren't suitable as I'm not sure if they can even run docker containers.

> Maybe it would be best to stick it in a (micro) VM? It's worth a try. This would also allow the native mode in a nice sandbox. Systemd containers probably aren't suitable as I'm not sure if they can even run docker containers.
rouven.seifert force-pushed forgejo-runner from a94ec1eab8 to df66ad3870 2024-06-03 12:13:54 +02:00 Compare
rouven.seifert added 2 commits 2024-06-03 12:15:31 +02:00
rouven.seifert added 1 commit 2024-06-03 12:17:48 +02:00
rouven.seifert changed title from WIP: forgejo: set up a runner to forgejo: set up a runner 2024-06-03 12:17:54 +02:00
rouven.seifert requested review from fugi 2024-06-03 12:18:10 +02:00
rouven.seifert commented 2024-06-03 12:18:31 +02:00
Author
Owner
Copy link

Setup without native. Don't have time to set up microvms currently

Setup without native. Don't have time to set up microvms currently
fugi approved these changes 2024-06-04 10:35:55 +02:00
jonas.gaffke force-pushed forgejo-runner from 4fdca3ba1a to f54d5fd867 2024-09-03 11:24:43 +02:00 Compare
jonas.gaffke commented 2024-09-03 11:28:54 +02:00
Owner
Copy link

merged

merged
jonas.gaffke closed this pull request 2024-09-03 11:28:54 +02:00
rouven.seifert deleted branch forgejo-runner 2024-09-04 09:29:59 +02:00

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No reviewers
fugi
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
rouven.seifert
fugi
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: wurzel/fruitbasket#90
No description provided.
Delete branch "forgejo-runner"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?