2026-04-13 21:31:35 +02:00
|
|
|
log:
|
|
|
|
|
level: debug
|
|
|
|
|
job_level: info
|
|
|
|
|
|
|
|
|
|
runner:
|
|
|
|
|
file: .runner
|
|
|
|
|
capacity: 1
|
|
|
|
|
timeout: 3h
|
|
|
|
|
insecure: false
|
|
|
|
|
fetch_timeout: 5s
|
|
|
|
|
fetch_interval: 2s
|
|
|
|
|
report_interval: 1s
|
docs: sync README roadmap, runner-setup, and ops/ to today's reality
A lot moved since the last docs sweep. Catching everything up in one
batch so a newcomer (or future us) reading the repo isn't lied to.
**README.md roadmap:**
- Walking-skeleton live ISO: upgraded from "screens 1-3 work
end-to-end" to "install runs to completion on a VM and the installed
system logs in and runs `docker ps` without sudo".
- 26.0-alpha release: dropped the "deferred" note — its blocker
(archinstall not completing) is gone; just needs a re-tag when we
like the installer copy.
- Added an explicit "ISO-build in CI" line for the new
`.forgejo/workflows/build-iso.yml`.
- Split the old "mDNS + local CA" item: mDNS is live (hostname baked
in, avahi/nss-mdns in the image), HTTPS via local CA still open.
- Noted post-install reboot button, progress bar, archinstall 4.x
schema work, console welcome, custom_commands docker group join in
the wizard milestone bullet.
**docs/runner-setup.md:**
- Full rewrite for the docker-outside-of-docker architecture we
actually run now (was still describing the DinD sidecar setup).
- Documents the `/data` symlink on the host that makes host-mode
`-v /data/…:/work` resolve — the non-obvious piece that took the
longest to nail down today.
- Describes the two runtime modes (`ubuntu-latest:docker://…` for CI,
`self-hosted:host` for build-iso) and why each exists.
- Adds the `upload-artifact@v3` pin note — v4+ fails on Forgejo with
`GHESNotSupportedError`.
**ops/forgejo-runner/compose.yml + config.yml:**
- Compose now matches what's actually running: DooD (no DinD sidecar),
runs as root so apk can install nodejs + docker-cli at startup,
/var/run/docker.sock bind-mounted.
- Config gets the three explicit label mappings and DooD
`docker_host` + `valid_volumes`.
**.forgejo/workflows/build-iso.yml:**
- Added `paths-ignore` for docs/website/*.md so doc-only commits don't
kick off 5-min ISO rebuilds. Code + ISO overlay changes still
trigger.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-14 19:28:33 +02:00
|
|
|
# Label mappings decide how each `runs-on:` value is executed. The
|
|
|
|
|
# `:host` suffix means "run steps directly in the runner container"
|
|
|
|
|
# (no wrapping job container). build-iso uses `runs-on: self-hosted`
|
|
|
|
|
# because its `docker run -v $REPO_ROOT:/work` needs host-visible
|
|
|
|
|
# paths — nested containers would put the workspace in a namespace
|
|
|
|
|
# host docker can't see.
|
|
|
|
|
labels:
|
|
|
|
|
- "ubuntu-latest:docker://catthehacker/ubuntu:act-latest"
|
|
|
|
|
- "docker:docker://catthehacker/ubuntu:act-latest"
|
|
|
|
|
- "self-hosted:host"
|
2026-04-13 21:31:35 +02:00
|
|
|
|
|
|
|
|
cache:
|
|
|
|
|
enabled: true
|
|
|
|
|
dir: ""
|
|
|
|
|
host: ""
|
|
|
|
|
port: 0
|
|
|
|
|
proxy_port: 0
|
|
|
|
|
|
|
|
|
|
container:
|
|
|
|
|
network: ""
|
|
|
|
|
privileged: false
|
docs: sync README roadmap, runner-setup, and ops/ to today's reality
A lot moved since the last docs sweep. Catching everything up in one
batch so a newcomer (or future us) reading the repo isn't lied to.
**README.md roadmap:**
- Walking-skeleton live ISO: upgraded from "screens 1-3 work
end-to-end" to "install runs to completion on a VM and the installed
system logs in and runs `docker ps` without sudo".
- 26.0-alpha release: dropped the "deferred" note — its blocker
(archinstall not completing) is gone; just needs a re-tag when we
like the installer copy.
- Added an explicit "ISO-build in CI" line for the new
`.forgejo/workflows/build-iso.yml`.
- Split the old "mDNS + local CA" item: mDNS is live (hostname baked
in, avahi/nss-mdns in the image), HTTPS via local CA still open.
- Noted post-install reboot button, progress bar, archinstall 4.x
schema work, console welcome, custom_commands docker group join in
the wizard milestone bullet.
**docs/runner-setup.md:**
- Full rewrite for the docker-outside-of-docker architecture we
actually run now (was still describing the DinD sidecar setup).
- Documents the `/data` symlink on the host that makes host-mode
`-v /data/…:/work` resolve — the non-obvious piece that took the
longest to nail down today.
- Describes the two runtime modes (`ubuntu-latest:docker://…` for CI,
`self-hosted:host` for build-iso) and why each exists.
- Adds the `upload-artifact@v3` pin note — v4+ fails on Forgejo with
`GHESNotSupportedError`.
**ops/forgejo-runner/compose.yml + config.yml:**
- Compose now matches what's actually running: DooD (no DinD sidecar),
runs as root so apk can install nodejs + docker-cli at startup,
/var/run/docker.sock bind-mounted.
- Config gets the three explicit label mappings and DooD
`docker_host` + `valid_volumes`.
**.forgejo/workflows/build-iso.yml:**
- Added `paths-ignore` for docs/website/*.md so doc-only commits don't
kick off 5-min ISO rebuilds. Code + ISO overlay changes still
trigger.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-14 19:28:33 +02:00
|
|
|
# Docker-outside-of-docker: runner and all job containers share the
|
|
|
|
|
# host's docker daemon via the unix socket. valid_volumes whitelists
|
|
|
|
|
# the socket so it can be mounted into job containers (the runner
|
|
|
|
|
# handles this automatically — don't also mount it from a workflow
|
|
|
|
|
# or you'll get "duplicate mount point").
|
|
|
|
|
valid_volumes:
|
|
|
|
|
- "/var/run/docker.sock"
|
|
|
|
|
docker_host: "unix:///var/run/docker.sock"
|
2026-04-13 21:31:35 +02:00
|
|
|
force_pull: false
|
|
|
|
|
|
|
|
|
|
host:
|
|
|
|
|
workdir_parent:
|