From 10dc6fb60df58358eff562f5eba73a25bf3bb047 Mon Sep 17 00:00:00 2001 From: m90 Date: Mon, 4 Sep 2023 04:12:07 +0000 Subject: [PATCH] Allow reading registration token from file (#350) When deploying the runner in a Docker Swarm setup, it can be useful to read the potentially sensitive token from a secret instead of having to pass it from an environment variable. Co-authored-by: Frederik Ring Reviewed-on: https://gitea.com/gitea/act_runner/pulls/350 Reviewed-by: Jason Song Reviewed-by: Lunny Xiao Co-authored-by: m90 Co-committed-by: m90 --- examples/docker-compose/README.md | 3 +++ scripts/run.sh | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/examples/docker-compose/README.md b/examples/docker-compose/README.md index c3b714c..9267111 100644 --- a/examples/docker-compose/README.md +++ b/examples/docker-compose/README.md @@ -16,5 +16,8 @@ - /var/run/docker.sock:/var/run/docker.sock environment: - GITEA_INSTANCE_URL= + # When using Docker Secrets, it's also possible to use + # GITEA_RUNNER_REGISTRATION_TOKEN_FILE to pass the location. + # The env var takes precedence - GITEA_RUNNER_REGISTRATION_TOKEN= ``` diff --git a/scripts/run.sh b/scripts/run.sh index d0154f0..49bde06 100755 --- a/scripts/run.sh +++ b/scripts/run.sh @@ -15,6 +15,11 @@ if [[ ! -z "${GITEA_RUNNER_LABELS}" ]]; then EXTRA_ARGS="${EXTRA_ARGS} --labels ${GITEA_RUNNER_LABELS}" fi +# In case no token is set, it's possible to read the token from a file, i.e. a Docker Secret +if [[ -z "${GITEA_RUNNER_REGISTRATION_TOKEN}" ]] && [[ -f "${GITEA_RUNNER_REGISTRATION_TOKEN_FILE}" ]]; then + GITEA_RUNNER_REGISTRATION_TOKEN=$(cat "${GITEA_RUNNER_REGISTRATION_TOKEN_FILE}") +fi + # Use the same ENV variable names as https://github.com/vegardit/docker-gitea-act-runner if [[ ! -s .runner ]]; then @@ -44,5 +49,6 @@ if [[ ! -s .runner ]]; then fi # Prevent reading the token from the act_runner process unset GITEA_RUNNER_REGISTRATION_TOKEN +unset GITEA_RUNNER_REGISTRATION_TOKEN_FILE act_runner daemon ${CONFIG_ARG}