mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-27 10:20:39 +00:00
Backport #27844 by @nodiscc This documents running `act-runner` as a systemd service under a dedicated user account. Co-authored-by: nodiscc <nodiscc@gmail.com>
This commit is contained in:
parent
6637bbf510
commit
352906b448
1 changed files with 34 additions and 0 deletions
|
@ -268,6 +268,40 @@ The runner will fetch jobs from the Gitea instance and run them automatically.
|
|||
|
||||
Since act runner is still in development, it is recommended to check the latest version and upgrade it regularly.
|
||||
|
||||
## Systemd service
|
||||
|
||||
It is also possible to run act-runner as a [systemd](https://en.wikipedia.org/wiki/Systemd) service. Create an unprivileged `act_runner` user on your system, and the following file in `/etc/systemd/system/act_runner.service`. The paths in `ExecStart` and `WorkingDirectory` may need to be adjusted depending on where you installed the `act_runner` binary, its configuration file, and the home directory of the `act_runner` user.
|
||||
|
||||
```ini
|
||||
[Unit]
|
||||
Description=Gitea Actions runner
|
||||
Documentation=https://gitea.com/gitea/act_runner
|
||||
After=docker.service
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/local/bin/act_runner daemon --config /etc/act_runner/config.yaml
|
||||
ExecReload=/bin/kill -s HUP $MAINPID
|
||||
WorkingDirectory=/var/lib/act_runner
|
||||
TimeoutSec=0
|
||||
RestartSec=10
|
||||
Restart=always
|
||||
User=act_runner
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
```
|
||||
|
||||
Then:
|
||||
|
||||
```bash
|
||||
# load the new systemd unit file
|
||||
sudo systemctl daemon-reload
|
||||
# start the service and enable it at boot
|
||||
sudo systemctl enable act_runner --now
|
||||
```
|
||||
|
||||
If using Docker, the `act_runner` user should also be added to the `docker` group before starting the service. Keep in mind that this effectively gives `act_runner` root access to the system [[1]](https://docs.docker.com/engine/security/#docker-daemon-attack-surface).
|
||||
|
||||
## Configuration variable
|
||||
|
||||
You can create configuration variables on the user, organization and repository level.
|
||||
|
|
Loading…
Reference in a new issue