diff --git a/README.md b/README.md index 3ffef22..577f471 100644 --- a/README.md +++ b/README.md @@ -129,6 +129,13 @@ GITEA_RUNNER_CONFIG_TEMPLATE_FILE|`/opt/config.template.yaml`|Template to derive GITEA_RUNNER_UID|`1000`|The UID of the Gitea runner process GITEA_RUNNER_GID|`1000`|The GID of the Gitea runner process GITEA_RUNNER_LOG_EFFECTIVE_CONFIG|`false`|If set to true logs the effective YAML configuration to stdout during startup. + +#### Runner config template variables + +The following environment variables are referenced in the `/opt/config.template.yaml` file. + +Name|Default Value|Description +----|-------------|----------- GITEA_RUNNER_LOG_LEVEL|`info`|The level of logging, can be trace, debug, info, warn, error, fatal GITEA_RUNNER_ENV_FILE|`/data/.env`|Extra environment variables to run jobs from a file GITEA_RUNNER_FETCH_TIMEOUT|`5s`|The timeout for fetching the job from the Gitea instance @@ -137,11 +144,12 @@ GITEA_RUNNER_MAX_PARALLEL_JOBS|`1`|Maximum number of concurrently executed jobs GITEA_RUNNER_JOB_CONTAINER_DOCKER_HOST|``|If empty, the available docker host is located automatically. If set to `-`, the available docker host is located automatically, but the docker host won't be mounted to the job containers. If it's any other value, the specified docker host will be used. GITEA_RUNNER_JOB_CONTAINER_NETWORK|`bridge`|Docker network to use with job containers. Can be `bridge`, `host`, `none`, or the name of a custom network GITEA_RUNNER_JOB_CONTAINER_PRIVILEGED|`false`|Whether to run jobs in containers with privileged mode which is required for **Docker-in-Docker** aka **dind** -GITEA_RUNNER_JOB_CONTAINER_OPTIONS|`none`|Additional container launch options (eg, --add-host=my.gitea.url:host-gateway) +GITEA_RUNNER_JOB_CONTAINER_OPTIONS|``|Additional container launch options (eg, --add-host=my.gitea.url:host-gateway) GITEA_RUNNER_JOB_CONTAINER_WORKDIR_PARENT|`/workspace`|The parent directory of a job's working directory. GITEA_RUNNER_JOB_TIMEOUT|`3h`|The maximum time a job can run before it is cancelled -GITEA_RUNNER_ENV_VAR_**N**_NAME|`none`|Name of the **N**-th extra environment variable to be passed to Job containers, e.g. `GITEA_RUNNER_ENV_VAR_1_NAME=MY_AUTH_TOKEN` +GITEA_RUNNER_ENV_VAR_**N**_NAME|``|Name of the **N**-th extra environment variable to be passed to Job containers, e.g. `GITEA_RUNNER_ENV_VAR_1_NAME=MY_AUTH_TOKEN` GITEA_RUNNER_ENV_VAR_**N**_VALUE|``|Value of the **N**-th extra environment variable to be passed to Job containers, e.g. `GITEA_RUNNER_ENV_VAR_1_VALUE=SGVsbG8gbXkgZnJpZW5kIQ==` +GITEA_RUNNER_VALID_VOLUME_**N**|``|Volumes (including bind mounts) that are allowed to be mounted into job containers. [Glob syntax](https://github.com/gobwas/glob) is supported, e.g. `GITEA_RUNNER_VALID_VOLUME_1=/src/*.json` GITEA_RUNNER_ACTION_CACHE_DIR|`/data/cache/actions`|Path to cache cloned actions #### Embedded cache server: diff --git a/image/config.template.yaml b/image/config.template.yaml index efac6fe..acf6fd7 100644 --- a/image/config.template.yaml +++ b/image/config.template.yaml @@ -65,6 +65,25 @@ container: # The parent directory of a job's working directory. # If it's empty, /workspace will be used. workdir_parent: ${GITEA_RUNNER_JOB_CONTAINER_WORKDIR_PARENT:-/workspace} + # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob + # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted. + # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to: + # valid_volumes: + # - data + # - /src/*.json + # If you want to allow any volume, please use the following configuration: + # valid_volumes: + # - '**' + valid_volumes: + - '${GITEA_RUNNER_VALID_VOLUME_1:-/dev/null}' # GITEA_RUNNER_VALID_VOLUME_1 + - '${GITEA_RUNNER_VALID_VOLUME_2:-/dev/null}' # GITEA_RUNNER_VALID_VOLUME_2 + - '${GITEA_RUNNER_VALID_VOLUME_3:-/dev/null}' # GITEA_RUNNER_VALID_VOLUME_3 + - '${GITEA_RUNNER_VALID_VOLUME_4:-/dev/null}' # GITEA_RUNNER_VALID_VOLUME_4 + - '${GITEA_RUNNER_VALID_VOLUME_5:-/dev/null}' # GITEA_RUNNER_VALID_VOLUME_5 + - '${GITEA_RUNNER_VALID_VOLUME_6:-/dev/null}' # GITEA_RUNNER_VALID_VOLUME_6 + - '${GITEA_RUNNER_VALID_VOLUME_7:-/dev/null}' # GITEA_RUNNER_VALID_VOLUME_7 + - '${GITEA_RUNNER_VALID_VOLUME_8:-/dev/null}' # GITEA_RUNNER_VALID_VOLUME_8 + - '${GITEA_RUNNER_VALID_VOLUME_9:-/dev/null}' # GITEA_RUNNER_VALID_VOLUME_9 # overrides the docker client host with the specified one. # If it's empty, act_runner will find an available docker host automatically. # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.