Skip to content

forgejo-runner (FIX): support generated/unattended mode and configurable runner labels #1645

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
MickLesk merged 9 commits into from
Apr 30, 2026
Merged

forgejo-runner (FIX): support generated/unattended mode and configurable runner labels #1645

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
2145fac
fix(forgejo-runner): support generated/unattended mode and configurab…
WaffleThief123 Mar 30, 2026
cb9782d
fix(forgejo-runner): use COMMUNITY_SCRIPTS_URL for build.func sourcing
WaffleThief123 Mar 30, 2026
034a196
fix(forgejo-runner): use hostname command instead of $HOSTNAME variable
WaffleThief123 Mar 30, 2026
e949ed7
fix(forgejo-runner): cd to /root before runner registration
WaffleThief123 Mar 30, 2026
fb95fe9
fix(forgejo-runner): fail early when token missing in unattended mode
WaffleThief123 Mar 30, 2026
82ea3f2
fix(forgejo-runner): also require forgejo instance URL in unattended …
WaffleThief123 Mar 30, 2026
237c0b7
fix(forgejo-runner): only validate required vars when truly non-inter…
WaffleThief123 Mar 30, 2026
17b2229
fix(forgejo-runner): revert TTY check, gate on mode being explicitly set
WaffleThief123 Mar 30, 2026
72b1a64
fix(forgejo-runner): revert COMMUNITY_SCRIPTS_URL override per review
WaffleThief123 Apr 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions ct/forgejo-runner.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,12 @@ var_unprivileged="${var_unprivileged:-1}"
var_nesting="${var_nesting:-1}"
var_keyctl="${var_keyctl:-1}"

# App-specific variables (not in build.func whitelist)
# Export so they survive lxc-attach into the container
export var_forgejo_instance="${var_forgejo_instance:-}"
export var_forgejo_runner_token="${var_forgejo_runner_token:-}"
export var_runner_labels="${var_runner_labels:-}"

header_info "$APP"
variables
color
Expand Down Expand Up @@ -56,6 +62,20 @@ function update_script() {
exit
}

# Fail early if running unattended without required values
# mode is only set when the user explicitly passes it (automating);
# bare "bash -c $(curl ...)" leaves mode empty and shows the whiptail menu
if [[ -n "${mode:-}" ]]; then
if [[ -z "${var_forgejo_instance:-}" ]]; then
msg_error "var_forgejo_instance is required for unattended installs."
exit 1
fi
if [[ -z "${var_forgejo_runner_token:-}" ]]; then
msg_error "var_forgejo_runner_token is required for unattended installs."
exit 1
fi
fi

start
build_container
description
Expand Down
44 changes: 27 additions & 17 deletions install/forgejo-runner-install.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,19 +12,31 @@ setting_up_container
network_check
update_os

# Get required configuration with sensible fallbacks for unattended mode
# These will show a warning if defaults are used
var_forgejo_instance=$(prompt_input_required \
"Forgejo Instance URL:" \
"${var_forgejo_instance:-https://codeberg.org}" \
120 \
"var_forgejo_instance")
# Get required configuration — skip prompts if already set (generated/unattended mode)
if [[ -z "${var_forgejo_instance:-}" ]]; then
read -r -p "${TAB3}Forgejo Instance URL (e.g. https://codeberg.org): " var_forgejo_instance
var_forgejo_instance="${var_forgejo_instance:-https://codeberg.org}"
fi

var_forgejo_runner_token=$(prompt_input_required \
"Forgejo Runner Registration Token:" \
"${var_forgejo_runner_token:-REPLACE_WITH_YOUR_TOKEN}" \
120 \
"var_forgejo_runner_token")
if [[ -z "${var_forgejo_runner_token:-}" ]]; then
read -r -p "${TAB3}Forgejo Runner Registration Token: " var_forgejo_runner_token
fi

if [[ -z "${var_forgejo_runner_token:-}" ]]; then
msg_error "No runner registration token provided. Cannot continue."
exit 1
fi

# Runner labels — default is always included; additional labels are appended
DEFAULT_RUNNER_LABELS="linux-amd64:docker://node:22-bookworm"
if [[ -z "${var_runner_labels:-}" ]]; then
read -r -p "${TAB3}Additional runner labels (comma-separated, or leave blank for default only): " var_runner_labels
fi
if [[ -n "${var_runner_labels:-}" ]]; then
RUNNER_LABELS="${DEFAULT_RUNNER_LABELS},${var_runner_labels}"
else
RUNNER_LABELS="${DEFAULT_RUNNER_LABELS}"
fi
Comment on lines +35 to +39
Copy link
Copy Markdown
Member

@CrazyWolf13 CrazyWolf13 Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can't you do something like this?

var_keyctl="${var_keyctl:-1}"

Copy link
Copy Markdown
Contributor Author

@WaffleThief123 WaffleThief123 Apr 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That pattern works for var_forgejo_instance since it has a sensible default (https://codeberg.org), and that's already how ct/forgejo-runner.sh declares it at the top of the file. But it doesn't work for the other two:

  • var_forgejo_runner_token has no sensible default. Every install needs a unique secret from the user's Forgejo instance. The previous code used REPLACE_WITH_YOUR_TOKEN as a fallback, but that just delays failure: the runner registration call rejects it and the install dies mid-way with a confusing auth error.

  • var_runner_labels is opt-in extra labels appended to a default. Using ${var_runner_labels:-} silently would skip the interactive prompt entirely for users running the script the normal way (bash -c "$(curl …ct/forgejo-runner.sh)").

The read -r -p block is what gives the interactive UX. Happy to swap to a helper if there's a preferred one. prompt_input_required was the original choice, but it returns a fallback string on timeout or non-TTY rather than failing, which is what landed us with the broken REPLACE_WITH_YOUR_TOKEN behavior.


export FORGEJO_INSTANCE="$var_forgejo_instance"
export FORGEJO_RUNNER_TOKEN="$var_forgejo_runner_token"
Expand All @@ -48,11 +60,12 @@ msg_ok "Installed Forgejo Runner"

msg_info "Registering Forgejo Runner"
export DOCKER_HOST="unix:///run/podman/podman.sock"
cd /root
Copy link
Copy Markdown
Member

@CrazyWolf13 CrazyWolf13 Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why is this needed now?

Copy link
Copy Markdown
Contributor Author

@WaffleThief123 WaffleThief123 Apr 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

forgejo-runner register writes the resulting .runner config file to the current working directory, and the systemd unit we generate a few lines later runs the daemon with WorkingDirectory=/root. Without the cd, the config lands wherever build.func or install.func left CWD (varies by phase, typically not /root), the daemon can't find it on start, and the runner sits idle. cd /root aligns the register step with the service's working dir. We can always change the workdir, but generally if you need to drop into a worker shell, you're likely doing it to modify your .runner config, so keeping it right where the user drops into is my opinionated choice. I am open to a --config /root/.runner flag instead if you prefer that, but I think that adds additional noise.

forgejo-runner register \
--instance "$FORGEJO_INSTANCE" \
--token "$FORGEJO_RUNNER_TOKEN" \
--name "$HOSTNAME" \
--labels "linux-amd64:docker://node:20-bookworm" \
--name "$(hostname)" \
Copy link
Copy Markdown
Member

@CrazyWolf13 CrazyWolf13 Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think hostname var is set by our core funcs, why does this need changing?

Copy link
Copy Markdown
Contributor Author

@WaffleThief123 WaffleThief123 Apr 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is set by core funcs, and that's the problem. misc/core.func:114 does this:

HOSTNAME="${TAB}🏠${TAB}${CL}"

It's clobbering the bash builtin $HOSTNAME (which Bash normally sets to the system hostname) with a decorative emoji used elsewhere as a label icon. So --name "$HOSTNAME" was registering every runner with literal "🏠" wrapped in tab and color escape codes, which is also why duplicate runner names showed up upon re-running the install. $(hostname) calls the system command and bypasses the shadowed variable.

--labels "$RUNNER_LABELS" \
--no-interactive
msg_ok "Registered Forgejo Runner"

Expand All @@ -79,9 +92,6 @@ EOF
systemctl enable -q --now forgejo-runner
msg_ok "Created Services"

# Show warning if any required values used fallbacks
show_missing_values_warning
Copy link
Copy Markdown
Member

@CrazyWolf13 CrazyWolf13 Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why?

Copy link
Copy Markdown
Contributor Author

@WaffleThief123 WaffleThief123 Apr 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That call only fired the warning if MISSING_REQUIRED_VALUES had entries, which only happened when prompt_input_required returned a fallback string. Now that the install hard-fails up top when the token is missing (and we don't accept fake fallbacks like REPLACE_WITH_YOUR_TOKEN anymore), MISSING_REQUIRED_VALUES is always empty by the time we reach that line, so the call is a no-op. I removed it for clarity, but it's harmless if you'd rather leave it in.


motd_ssh
customize
cleanup_lxc
Loading