From 0149acb7c0309ed819a73ffb58bc1c58f54c0d57 Mon Sep 17 00:00:00 2001 From: nodiscc Date: Mon, 30 Oct 2023 18:00:24 +0000 Subject: [PATCH 1/3] doc: actions/act-runner: document running as a systemd service --- .../content/usage/actions/act-runner.en-us.md | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/docs/content/usage/actions/act-runner.en-us.md b/docs/content/usage/actions/act-runner.en-us.md index e2915be365149..44e5d528f1818 100644 --- a/docs/content/usage/actions/act-runner.en-us.md +++ b/docs/content/usage/actions/act-runner.en-us.md @@ -262,6 +262,42 @@ The runner will fetch jobs from the Gitea instance and run them automatically. Since act runner is still in development, it is recommended to check the latest version and upgrade it regularly. + +## Systemd service + +It is also possible to run act-runner as a [systemd](https://en.wikipedia.org/wiki/Systemd) service. Create an unprivileged `act-runner` user on your system, and the following file in `/etc/systemd/system/act-runner.service`. The paths in `ExecStart` and `WorkingDirectory` may need to be adjusted depending on where you installed the `act-runner` binary, its configuration file, and the home directory of the `act-runner` user. + +```ini +[Unit] +Description=Gitea Actions runner +Documentation=https://gitea.com/gitea/act_runner +After=docker.service + +[Service] +ExecStart=/usr/local/bin/act-runner daemon --config /etc/act-runner/config.yaml +ExecReload=/bin/kill -s HUP $MAINPID +WorkingDirectory=/var/lib/act-runner +TimeoutSec=0 +RestartSec=10 +Restart=always +User=act-runner + +[Install] +WantedBy=multi-user.target +``` + +Then: + +```bash +# load the new systemd unit file +sudo systemctl daemon-reload +# start the service and enable it at boot +sudo systemctl enable act-runner --now +``` + +If using Docker, the `act-runner` user should also be added to the `docker` group before starting the service. Keep in mind that this effectively gives `act-runner` root access to the system [[1]](https://docs.docker.com/engine/security/#docker-daemon-attack-surface). + + ## Configuration variable You can create configuration variables on the user, organization and repository level. From 25fc117f3a9790701786e1894e1cb4d24dd702ca Mon Sep 17 00:00:00 2001 From: nodiscc Date: Mon, 30 Oct 2023 18:16:48 +0000 Subject: [PATCH 2/3] Fix lint-md warning MD012/no-multiple-blanks Multiple consecutive blank lines --- docs/content/usage/actions/act-runner.en-us.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/content/usage/actions/act-runner.en-us.md b/docs/content/usage/actions/act-runner.en-us.md index 44e5d528f1818..38eb59eafc0a0 100644 --- a/docs/content/usage/actions/act-runner.en-us.md +++ b/docs/content/usage/actions/act-runner.en-us.md @@ -262,7 +262,6 @@ The runner will fetch jobs from the Gitea instance and run them automatically. Since act runner is still in development, it is recommended to check the latest version and upgrade it regularly. - ## Systemd service It is also possible to run act-runner as a [systemd](https://en.wikipedia.org/wiki/Systemd) service. Create an unprivileged `act-runner` user on your system, and the following file in `/etc/systemd/system/act-runner.service`. The paths in `ExecStart` and `WorkingDirectory` may need to be adjusted depending on where you installed the `act-runner` binary, its configuration file, and the home directory of the `act-runner` user. @@ -297,7 +296,6 @@ sudo systemctl enable act-runner --now If using Docker, the `act-runner` user should also be added to the `docker` group before starting the service. Keep in mind that this effectively gives `act-runner` root access to the system [[1]](https://docs.docker.com/engine/security/#docker-daemon-attack-surface). - ## Configuration variable You can create configuration variables on the user, organization and repository level. From 7fef7173bb61ccfbf2b0c9964a783e7d597b82c2 Mon Sep 17 00:00:00 2001 From: nodiscc Date: Wed, 1 Nov 2023 14:47:15 +0000 Subject: [PATCH 3/3] doc: act-runner/systemd: use underscore in act_runner naming --- docs/content/usage/actions/act-runner.en-us.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/content/usage/actions/act-runner.en-us.md b/docs/content/usage/actions/act-runner.en-us.md index 38eb59eafc0a0..e6148df786e27 100644 --- a/docs/content/usage/actions/act-runner.en-us.md +++ b/docs/content/usage/actions/act-runner.en-us.md @@ -264,7 +264,7 @@ Since act runner is still in development, it is recommended to check the latest ## Systemd service -It is also possible to run act-runner as a [systemd](https://en.wikipedia.org/wiki/Systemd) service. Create an unprivileged `act-runner` user on your system, and the following file in `/etc/systemd/system/act-runner.service`. The paths in `ExecStart` and `WorkingDirectory` may need to be adjusted depending on where you installed the `act-runner` binary, its configuration file, and the home directory of the `act-runner` user. +It is also possible to run act-runner as a [systemd](https://en.wikipedia.org/wiki/Systemd) service. Create an unprivileged `act_runner` user on your system, and the following file in `/etc/systemd/system/act_runner.service`. The paths in `ExecStart` and `WorkingDirectory` may need to be adjusted depending on where you installed the `act_runner` binary, its configuration file, and the home directory of the `act_runner` user. ```ini [Unit] @@ -273,13 +273,13 @@ Documentation=https://gitea.com/gitea/act_runner After=docker.service [Service] -ExecStart=/usr/local/bin/act-runner daemon --config /etc/act-runner/config.yaml +ExecStart=/usr/local/bin/act_runner daemon --config /etc/act_runner/config.yaml ExecReload=/bin/kill -s HUP $MAINPID -WorkingDirectory=/var/lib/act-runner +WorkingDirectory=/var/lib/act_runner TimeoutSec=0 RestartSec=10 Restart=always -User=act-runner +User=act_runner [Install] WantedBy=multi-user.target @@ -291,10 +291,10 @@ Then: # load the new systemd unit file sudo systemctl daemon-reload # start the service and enable it at boot -sudo systemctl enable act-runner --now +sudo systemctl enable act_runner --now ``` -If using Docker, the `act-runner` user should also be added to the `docker` group before starting the service. Keep in mind that this effectively gives `act-runner` root access to the system [[1]](https://docs.docker.com/engine/security/#docker-daemon-attack-surface). +If using Docker, the `act_runner` user should also be added to the `docker` group before starting the service. Keep in mind that this effectively gives `act_runner` root access to the system [[1]](https://docs.docker.com/engine/security/#docker-daemon-attack-surface). ## Configuration variable