add test for ALT

Related to https://gitea.com/gitea/act/compare/v0.261.0...v0.261.1

Reviewed-on: https://gitea.com/gitea/act_runner/pulls/535

.editorconfig

@@ -0,0 +1,16 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+tab_width = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.{go}]
+indent_style = tab
+
+[Makefile]
+indent_style = tab

.gitattributes

@@ -0,0 +1 @@
+* text=auto eol=lf

.gitea/workflows/release-nightly.yml

@@ -1,22 +1,89 @@
-name: goreleaser
+name: release-nightly
 
 on:
   push:
     branches: [ main ]
+    tags:
+      - '*'
 
 jobs:
   goreleaser:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - uses: https://github.com/goreleaser/goreleaser-action@v4
+      - uses: actions/checkout@v4
         with:
-            distribution: goreleaser-pro
-            version: latest
-            args: release --nightly --clean
+          fetch-depth: 0 # all history for all branches and tags
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+      - name: goreleaser
+        uses: goreleaser/goreleaser-action@v5
+        with:
+          distribution: goreleaser-pro
+          version: latest
+          args: release --nightly
         env:
           GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
-          S3_BUCKET: ${{ secrets.S3_BUCKET }}
+          AWS_REGION: ${{ secrets.AWS_REGION }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           S3_REGION: ${{ secrets.AWS_REGION }}
-          AWS_KEY_ID: ${{ secrets.AWS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          S3_BUCKET: ${{ secrets.AWS_BUCKET }}
+          GORELEASER_FORCE_TOKEN: 'gitea'
+          GITEA_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  release-image:
+    runs-on: ubuntu-latest
+    container:
+      image: catthehacker/ubuntu:act-latest
+    env:
+      DOCKER_ORG: gitea
+      DOCKER_LATEST: nightly
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # all history for all branches and tags
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker BuildX
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Get Meta
+        id: meta
+        run: |
+          echo REPO_NAME=$(echo ${GITHUB_REPOSITORY} | awk -F"/" '{print $2}') >> $GITHUB_OUTPUT
+          echo REPO_VERSION=$(git describe --tags --always | sed 's/^v//') >> $GITHUB_OUTPUT
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: |
+            linux/amd64
+            linux/arm64
+          push: true
+          tags: |
+            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}
+
+      - name: Build and push dind-rootless
+        uses: docker/build-push-action@v5
+        env:
+          ACTIONS_RUNTIME_TOKEN: '' # See https://gitea.com/gitea/act_runner/issues/119
+        with:
+          context: .
+          file: ./Dockerfile.rootless
+          platforms: |
+            linux/amd64
+            linux/arm64
+          push: true
+          tags: |
+            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}-dind-rootless

.gitea/workflows/release-tag.yml

@@ -0,0 +1,98 @@
+name: release-tag
+
+on:
+  push:
+    tags:
+      - '*'
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # all history for all branches and tags
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+      - name: Import GPG key
+        id: import_gpg
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.PASSPHRASE }}
+          fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
+      - name: goreleaser
+        uses: goreleaser/goreleaser-action@v5
+        with:
+            distribution: goreleaser-pro
+            version: latest
+            args: release
+        env:
+          GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
+          AWS_REGION: ${{ secrets.AWS_REGION }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          S3_REGION: ${{ secrets.AWS_REGION }}
+          S3_BUCKET: ${{ secrets.AWS_BUCKET }}
+          GORELEASER_FORCE_TOKEN: 'gitea'
+          GITEA_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
+  release-image:
+    runs-on: ubuntu-latest
+    container:
+      image: catthehacker/ubuntu:act-latest
+    env:
+      DOCKER_ORG: gitea
+      DOCKER_LATEST: latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # all history for all branches and tags
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker BuildX
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Get Meta
+        id: meta
+        run: |
+          echo REPO_NAME=$(echo ${GITHUB_REPOSITORY} | awk -F"/" '{print $2}') >> $GITHUB_OUTPUT
+          echo REPO_VERSION=$(git describe --tags --always | sed 's/^v//') >> $GITHUB_OUTPUT
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: |
+            linux/amd64
+            linux/arm64
+          push: true
+          tags: |
+            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}
+            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}
+
+      - name: Build and push dind-rootless
+        uses: docker/build-push-action@v5
+        env:
+          ACTIONS_RUNTIME_TOKEN: '' # See https://gitea.com/gitea/act_runner/issues/119
+        with:
+          context: .
+          file: ./Dockerfile.rootless
+          platforms: |
+            linux/amd64
+            linux/arm64
+          push: true
+          tags: |
+            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}-dind-rootless
+            ${{ env.DOCKER_ORG }}/${{ steps.meta.outputs.REPO_NAME }}:${{ env.DOCKER_LATEST }}-dind-rootless

.gitea/workflows/test-alt.yml

@@ -0,0 +1,20 @@
+name: checks
+on:
+  - push
+  - pull_request
+
+jobs:
+  lint:
+    name: check and test
+    runs-on: alt-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+      - name: vet checks
+        run: make vet
+      - name: build
+        run: make build
+      - name: test
+        run: make test

.gitea/workflows/test.yml

@@ -1,23 +1,20 @@
 name: checks
-on: 
+on:
   - push
   - pull_request
 
-env:
-  GOPROXY: https://goproxy.io,direct
-
 jobs:
   lint:
     name: check and test
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/setup-go@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
         with:
-          go-version: 1.20
-      - uses: actions/checkout@v3
+          go-version-file: 'go.mod'
       - name: vet checks
         run: make vet
       - name: build
         run: make build
       - name: test
-        run: make test
+        run: make test

.gitignore

@@ -1,4 +1,14 @@
 act_runner
 .env
 .runner
-coverage.txt
+coverage.txt
+/gitea-vet
+/config.yaml
+
+# Jetbrains
+.idea
+# MS VSCode
+.vscode
+__debug_bin
+# gorelease binary folder
+dist

.golangci.yml

@@ -1,14 +1,11 @@
 linters:
   enable:
     - gosimple
-    - deadcode
     - typecheck
     - govet
     - errcheck
     - staticcheck
     - unused
-    - structcheck
-    - varcheck
     - dupl
     #- gocyclo # The cyclomatic complexety of a lot of functions is too high, we should refactor those another time.
     - gofmt
@@ -112,7 +109,6 @@ issues:
         - gocritic
     - linters:
         - unused
-        - deadcode
       text: "swagger"
     - path: contrib/pr/checkout.go
       linters:
@@ -154,9 +150,6 @@ issues:
     - path: cmd/dump.go
       linters:
         - dupl
-    - path: services/webhook/webhook.go
-      linters:
-        - structcheck
     - text: "commentFormatting: put a space between `//` and comment text"
       linters:
         - gocritic

.goreleaser.checksum.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -e
+
+if [ -z "$1" ]; then
+  echo "usage: $0 <path>"
+  exit 1
+fi
+
+SUM=$(shasum -a 256 "$1" | cut -d' ' -f1)
+BASENAME=$(basename "$1")
+echo -n "${SUM}  ${BASENAME}" > "$1".sha256

.goreleaser.yaml

@@ -14,8 +14,6 @@ builds:
   - amd64
   - arm
   - arm64
-  - s390x
-  - ppc64le
   goarm:
   - "5"
   - "6"
@@ -40,6 +38,8 @@ builds:
     - goos: windows
       goarch: arm
       goarm: "7"
+    - goos: windows
+      goarch: arm64
     - goos: freebsd
       goarch: ppc64le
     - goos: freebsd
@@ -53,14 +53,15 @@ builds:
     - goos: freebsd
       goarch: arm
       goarm: "7"
+    - goos: freebsd
+      goarch: arm64
   flags:
   - -trimpath
   ldflags:
-  - -s -w
+  - -s -w -X gitea.com/gitea/act_runner/internal/pkg/ver.version={{ .Summary }}
   binary: >-
     {{ .ProjectName }}-
-    {{- if .IsSnapshot }}{{ .Branch }}-
-    {{- else }}{{- .Version }}-{{ end }}
+    {{- .Version }}-
     {{- .Os }}-
     {{- if eq .Arch "amd64" }}amd64
     {{- else if eq .Arch "amd64_v1" }}amd64
@@ -68,6 +69,12 @@ builds:
     {{- else }}{{ .Arch }}{{ end }}
     {{- if .Arm }}-{{ .Arm }}{{ end }}
   no_unique_dist_dir: true
+  hooks:
+    post:
+      - cmd: xz -k -9 {{ .Path }}
+        dir: ./dist/
+      - cmd: sh .goreleaser.checksum.sh {{ .Path }}
+      - cmd: sh .goreleaser.checksum.sh {{ .Path }}.xz
 
 blobs:
   -
@@ -75,6 +82,9 @@ blobs:
     bucket: "{{ .Env.S3_BUCKET }}"
     region: "{{ .Env.S3_REGION }}"
     folder: "act_runner/{{.Version}}"
+    extra_files:
+      - glob: ./**.xz
+      - glob: ./**.sha256
 
 archives:
   - format: binary
@@ -83,10 +93,23 @@ archives:
 
 checksum:
   name_template: 'checksums.txt'
+  extra_files:
+      - glob: ./**.xz
 
 snapshot:
-  name_template: "{{ incpatch .Version }}"
+  name_template: "{{ .Branch }}-devel"
 
 nightly:
-  publish_release: false
-  name_template: "{{ .Branch }}"
+  name_template: "nightly"
+
+gitea_urls:
+  api: https://gitea.com/api/v1
+  download: https://gitea.com
+
+release:
+  extra_files:
+    - glob: ./**.xz
+    - glob: ./**.xz.sha256
+
+# yaml-language-server: $schema=https://goreleaser.com/static/schema-pro.json
+# vim: set ts=2 sw=2 tw=0 fo=cnqoj

Dockerfile

@@ -0,0 +1,16 @@
+FROM golang:1.21-alpine3.18 as builder
+# Do not remove `git` here, it is required for getting runner version when executing `make build`
+RUN apk add --no-cache make git
+
+COPY . /opt/src/act_runner
+WORKDIR /opt/src/act_runner
+
+RUN make clean && make build
+
+FROM alpine:3.18
+RUN apk add --no-cache git bash tini
+
+COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner
+COPY scripts/run.sh /opt/act/run.sh
+
+ENTRYPOINT ["/sbin/tini","--","/opt/act/run.sh"]

Dockerfile.rootless

@@ -0,0 +1,24 @@
+FROM golang:1.21-alpine3.18 as builder
+# Do not remove `git` here, it is required for getting runner version when executing `make build`
+RUN apk add --no-cache make git
+
+COPY . /opt/src/act_runner
+WORKDIR /opt/src/act_runner
+
+RUN make clean && make build
+
+FROM docker:dind-rootless
+USER root
+RUN apk add --no-cache \
+  git bash supervisor
+
+COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner
+COPY /scripts/supervisord.conf /etc/supervisord.conf
+COPY /scripts/run.sh /opt/act/run.sh
+COPY /scripts/rootless.sh /opt/act/rootless.sh
+
+RUN mkdir /data \
+    && chown rootless:rootless /data
+
+USER rootless
+ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]

Makefile

@@ -13,7 +13,13 @@ GXZ_PAGAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.10
 LINUX_ARCHS ?= linux/amd64,linux/arm64
 DARWIN_ARCHS ?= darwin-12/amd64,darwin-12/arm64
 WINDOWS_ARCHS ?= windows/amd64
-GOFILES := $(shell find . -type f -name "*.go" ! -name "generated.*")
+GO_FMT_FILES := $(shell find . -type f -name "*.go" ! -name "generated.*")
+GOFILES := $(shell find . -type f -name "*.go" -o -name "go.mod" ! -name "generated.*")
+
+DOCKER_IMAGE ?= gitea/act_runner
+DOCKER_TAG ?= nightly
+DOCKER_REF := $(DOCKER_IMAGE):$(DOCKER_TAG)
+DOCKER_ROOTLESS_REF := $(DOCKER_IMAGE):$(DOCKER_TAG)-dind-rootless
 
 ifneq ($(shell uname), Darwin)
 	EXTLDFLAGS = -extldflags "-static" $(null)
@@ -49,7 +55,7 @@ else
 	ifneq ($(DRONE_BRANCH),)
 		VERSION ?= $(subst release/v,,$(DRONE_BRANCH))
 	else
-		VERSION ?= master
+		VERSION ?= main
 	endif
 
 	STORED_VERSION=$(shell cat $(STORED_VERSION_FILE) 2>/dev/null)
@@ -60,8 +66,11 @@ else
 	endif
 endif
 
+GO_PACKAGES_TO_VET ?= $(filter-out gitea.com/gitea/act_runner/internal/pkg/client/mocks,$(shell $(GO) list ./...))
+
+
 TAGS ?=
-LDFLAGS ?= -X 'main.Version=$(VERSION)'
+LDFLAGS ?= -X "gitea.com/gitea/act_runner/internal/pkg/ver.version=v$(RELASE_VERSION)"
 
 all: build
 
@@ -69,17 +78,24 @@ fmt:
 	@hash gofumpt > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		$(GO) install mvdan.cc/gofumpt@latest; \
 	fi
-	$(GOFMT) -w $(GOFILES)
+	$(GOFMT) -w $(GO_FMT_FILES)
 
-vet:
-	$(GO) vet ./...
+.PHONY: go-check
+go-check:
+	$(eval MIN_GO_VERSION_STR := $(shell grep -Eo '^go\s+[0-9]+\.[0-9]+' go.mod | cut -d' ' -f2))
+	$(eval MIN_GO_VERSION := $(shell printf "%03d%03d" $(shell echo '$(MIN_GO_VERSION_STR)' | tr '.' ' ')))
+	$(eval GO_VERSION := $(shell printf "%03d%03d" $(shell $(GO) version | grep -Eo '[0-9]+\.[0-9]+' | tr '.' ' ');))
+	@if [ "$(GO_VERSION)" -lt "$(MIN_GO_VERSION)" ]; then \
+		echo "Act Runner requires Go $(MIN_GO_VERSION_STR) or greater to build. You can get it at https://go.dev/dl/"; \
+		exit 1; \
+	fi
 
 .PHONY: fmt-check
 fmt-check:
 	@hash gofumpt > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		$(GO) install mvdan.cc/gofumpt@latest; \
 	fi
-	@diff=$$($(GOFMT) -d $(GOFILES)); \
+	@diff=$$($(GOFMT) -d $(GO_FMT_FILES)); \
 	if [ -n "$$diff" ]; then \
 		echo "Please run 'make fmt' and commit the result:"; \
 		echo "$${diff}"; \
@@ -89,10 +105,16 @@ fmt-check:
 test: fmt-check
 	@$(GO) test -v -cover -coverprofile coverage.txt ./... && echo "\n==>\033[32m Ok\033[m\n" || exit 1
 
+.PHONY: vet
+vet:
+	@echo "Running go vet..."
+	@$(GO) build code.gitea.io/gitea-vet
+	@$(GO) vet -vettool=gitea-vet $(GO_PACKAGES_TO_VET)
+
 install: $(GOFILES)
 	$(GO) install -v -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)'
 
-build: $(EXECUTABLE)
+build: go-check $(EXECUTABLE)
 
 $(EXECUTABLE): $(GOFILES)
 	$(GO) build -v -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)' -o $@
@@ -142,6 +164,14 @@ release-check: | $(DIST_DIRS)
 release-compress: | $(DIST_DIRS)
 	cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "compressing $${file}" && $(GO) run $(GXZ_PAGAGE) -k -9 $${file}; done;
 
+.PHONY: docker
+docker:
+	if ! docker buildx version >/dev/null 2>&1; then \
+		ARG_DISABLE_CONTENT_TRUST=--disable-content-trust=false; \
+	fi; \
+	docker build $${ARG_DISABLE_CONTENT_TRUST} -t $(DOCKER_REF) .
+	docker build $${ARG_DISABLE_CONTENT_TRUST} -t $(DOCKER_ROOTLESS_REF) -f Dockerfile.rootless .
+
 clean:
 	$(GO) clean -x -i ./...
 	rm -rf coverage.txt $(EXECUTABLE) $(DIST)

README.md

@@ -1,19 +1,38 @@
 # act runner
 
-Act runner is a runner for Gitea based on [act](https://gitea.com/gitea/act).
+Act runner is a runner for Gitea based on [Gitea fork](https://gitea.com/gitea/act) of [act](https://github.com/nektos/act).
 
-## Prerequisites
+## Installation
 
-Docker Engine Community version is required. To install Docker CE, follow the official [install instructions](https://docs.docker.com/engine/install/).
+### Prerequisites
 
-## Quickstart
+Docker Engine Community version is required for docker mode. To install Docker CE, follow the official [install instructions](https://docs.docker.com/engine/install/).
 
-### Build
+### Download pre-built binary
+
+Visit [here](https://dl.gitea.com/act_runner/) and download the right version for your platform.
+
+### Build from source
 
 ```bash
 make build
 ```
 
+### Build a docker image
+
+```bash
+make docker
+```
+
+## Quickstart
+
+Actions are disabled by default, so you need to add the following to the configuration file of your Gitea instance to enable it: 
+  
+```ini
+[actions]
+ENABLED=true
+```
+
 ### Register
 
 ```bash
@@ -24,7 +43,7 @@ And you will be asked to input:
 
 1. Gitea instance URL, like `http://192.168.8.8:3000/`. You should use your gitea instance ROOT_URL as the instance argument
  and you should not use `localhost` or `127.0.0.1` as instance IP;
-2. Runner token, you can get it from `http://192.168.8.8:3000/admin/runners`;
+2. Runner token, you can get it from `http://192.168.8.8:3000/admin/actions/runners`;
 3. Runner name, you can just leave it blank;
 4. Runner labels, you can just leave it blank.
 
@@ -37,11 +56,11 @@ INFO Enter the Gitea instance URL (for example, https://gitea.com/):
 http://192.168.8.8:3000/
 INFO Enter the runner token:
 fe884e8027dc292970d4e0303fe82b14xxxxxxxx
-INFO Enter the runner name (if set empty, use hostname:Test.local ):
+INFO Enter the runner name (if set empty, use hostname: Test.local):
 
-INFO Enter the runner labels, leave blank to use the default labels (comma-separated, for example, self-hosted,ubuntu-20.04:docker://node:16-bullseye,ubuntu-18.04:docker://node:16-buster):
+INFO Enter the runner labels, leave blank to use the default labels (comma-separated, for example, ubuntu-latest:docker://gitea/runner-images:ubuntu-latest):
 
-INFO Registering runner, name=Test.local, instance=http://192.168.8.8:3000/, labels=[ubuntu-latest:docker://node:16-bullseye ubuntu-22.04:docker://node:16-bullseye ubuntu-20.04:docker://node:16-bullseye ubuntu-18.04:docker://node:16-buster].
+INFO Registering runner, name=Test.local, instance=http://192.168.8.8:3000/, labels=[ubuntu-latest:docker://gitea/runner-images:ubuntu-latest ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04 ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04].
 DEBU Successfully pinged the Gitea instance server
 INFO Runner registered successfully.
 ```
@@ -58,4 +77,32 @@ If the registry succeed, it will run immediately. Next time, you could run the r
 
 ```bash
 ./act_runner daemon
-```
+```
+
+### Run with docker
+
+```bash
+docker run -e GITEA_INSTANCE_URL=https://your_gitea.com -e GITEA_RUNNER_REGISTRATION_TOKEN=<your_token> -v /var/run/docker.sock:/var/run/docker.sock --name my_runner gitea/act_runner:nightly
+```
+
+### Configuration
+
+You can also configure the runner with a configuration file.
+The configuration file is a YAML file, you can generate a sample configuration file with `./act_runner generate-config`.
+
+```bash
+./act_runner generate-config > config.yaml
+```
+
+You can specify the configuration file path with `-c`/`--config` argument.
+
+```bash
+./act_runner -c config.yaml register # register with config file
+./act_runner -c config.yaml daemon # run with config file
+```
+
+You can read the latest version of the configuration file online at [config.example.yaml](internal/pkg/config/config.example.yaml).
+
+### Example Deployments
+
+Check out the [examples](examples) directory for sample deployment types.

build.go

@@ -0,0 +1,11 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+//go:build vendor
+
+package main
+
+import (
+	// for vet
+	_ "code.gitea.io/gitea-vet"
+)

cmd/cmd.go

@@ -1,63 +0,0 @@
-package cmd
-
-import (
-	"context"
-	"os"
-
-	"github.com/spf13/cobra"
-)
-
-const version = "0.1.5"
-
-type globalArgs struct {
-	EnvFile string
-}
-
-func Execute(ctx context.Context) {
-	// task := runtime.NewTask("gitea", 0, nil, nil)
-
-	var gArgs globalArgs
-
-	// ./act_runner
-	rootCmd := &cobra.Command{
-		Use:          "act [event name to run]\nIf no event name passed, will default to \"on: push\"",
-		Short:        "Run GitHub actions locally by specifying the event name (e.g. `push`) or an action name directly.",
-		Args:         cobra.MaximumNArgs(1),
-		Version:      version,
-		SilenceUsage: true,
-	}
-	rootCmd.PersistentFlags().StringVarP(&gArgs.EnvFile, "env-file", "", ".env", "Read in a file of environment variables.")
-
-	// ./act_runner register
-	var regArgs registerArgs
-	registerCmd := &cobra.Command{
-		Use:   "register",
-		Short: "Register a runner to the server",
-		Args:  cobra.MaximumNArgs(0),
-		RunE:  runRegister(ctx, &regArgs, gArgs.EnvFile), // must use a pointer to regArgs
-	}
-	registerCmd.Flags().BoolVar(&regArgs.NoInteractive, "no-interactive", false, "Disable interactive mode")
-	registerCmd.Flags().StringVar(&regArgs.InstanceAddr, "instance", "", "Gitea instance address")
-	registerCmd.Flags().BoolVar(&regArgs.Insecure, "insecure", false, "If check server's certificate if it's https protocol")
-	registerCmd.Flags().StringVar(&regArgs.Token, "token", "", "Runner token")
-	registerCmd.Flags().StringVar(&regArgs.RunnerName, "name", "", "Runner name")
-	registerCmd.Flags().StringVar(&regArgs.Labels, "labels", "", "Runner tags, comma separated")
-	rootCmd.AddCommand(registerCmd)
-
-	// ./act_runner daemon
-	daemonCmd := &cobra.Command{
-		Use:   "daemon",
-		Short: "Run as a runner daemon",
-		Args:  cobra.MaximumNArgs(1),
-		RunE:  runDaemon(ctx, gArgs.EnvFile),
-	}
-	// add all command
-	rootCmd.AddCommand(daemonCmd)
-
-	// hide completion command
-	rootCmd.CompletionOptions.HiddenDefaultCmd = true
-
-	if err := rootCmd.Execute(); err != nil {
-		os.Exit(1)
-	}
-}

cmd/daemon.go

@@ -1,112 +0,0 @@
-package cmd
-
-import (
-	"context"
-	"os"
-	"strings"
-
-	"gitea.com/gitea/act_runner/client"
-	"gitea.com/gitea/act_runner/config"
-	"gitea.com/gitea/act_runner/engine"
-	"gitea.com/gitea/act_runner/poller"
-	"gitea.com/gitea/act_runner/runtime"
-
-	"github.com/joho/godotenv"
-	"github.com/mattn/go-isatty"
-	log "github.com/sirupsen/logrus"
-	"github.com/spf13/cobra"
-	"golang.org/x/sync/errgroup"
-)
-
-func runDaemon(ctx context.Context, envFile string) func(cmd *cobra.Command, args []string) error {
-	return func(cmd *cobra.Command, args []string) error {
-		log.Infoln("Starting runner daemon")
-
-		_ = godotenv.Load(envFile)
-		cfg, err := config.FromEnviron()
-		if err != nil {
-			log.WithError(err).
-				Fatalln("invalid configuration")
-		}
-
-		initLogging(cfg)
-
-		// require docker if a runner label uses a docker backend
-		needsDocker := false
-		for _, l := range cfg.Runner.Labels {
-			splits := strings.SplitN(l, ":", 2)
-			if len(splits) == 2 && strings.HasPrefix(splits[1], "docker://") {
-				needsDocker = true
-				break
-			}
-		}
-
-		if needsDocker {
-			// try to connect to docker daemon
-			// if failed, exit with error
-			if err := engine.Start(ctx); err != nil {
-				log.WithError(err).Fatalln("failed to connect docker daemon engine")
-			}
-		}
-
-		var g errgroup.Group
-
-		cli := client.New(
-			cfg.Client.Address,
-			cfg.Client.Insecure,
-			cfg.Runner.UUID,
-			cfg.Runner.Token,
-		)
-
-		runner := &runtime.Runner{
-			Client:        cli,
-			Machine:       cfg.Runner.Name,
-			ForgeInstance: cfg.Client.Address,
-			Environ:       cfg.Runner.Environ,
-			Labels:        cfg.Runner.Labels,
-		}
-
-		poller := poller.New(
-			cli,
-			runner.Run,
-			cfg.Runner.Capacity,
-		)
-
-		g.Go(func() error {
-			l := log.WithField("capacity", cfg.Runner.Capacity).
-				WithField("endpoint", cfg.Client.Address).
-				WithField("os", cfg.Platform.OS).
-				WithField("arch", cfg.Platform.Arch)
-			l.Infoln("polling the remote server")
-
-			if err := poller.Poll(ctx); err != nil {
-				l.Errorf("poller error: %v", err)
-			}
-			poller.Wait()
-			return nil
-		})
-
-		err = g.Wait()
-		if err != nil {
-			log.WithError(err).
-				Errorln("shutting down the server")
-		}
-		return err
-	}
-}
-
-// initLogging setup the global logrus logger.
-func initLogging(cfg config.Config) {
-	isTerm := isatty.IsTerminal(os.Stdout.Fd())
-	log.SetFormatter(&log.TextFormatter{
-		DisableColors: !isTerm,
-		FullTimestamp: true,
-	})
-
-	if cfg.Debug {
-		log.SetLevel(log.DebugLevel)
-	}
-	if cfg.Trace {
-		log.SetLevel(log.TraceLevel)
-	}
-}

cmd/register_test.go

@@ -1,10 +0,0 @@
-package cmd
-
-import "testing"
-
-func TestValidateLabels(t *testing.T) {
-	labels := []string{"ubuntu-latest:docker://node:16-buster", "self-hosted"}
-	if err := validateLabels(labels); err != nil {
-		t.Errorf("validateLabels() error = %v", err)
-	}
-}

config/config.go

@@ -1,114 +0,0 @@
-package config
-
-import (
-	"encoding/json"
-	"io"
-	"os"
-	"runtime"
-	"strconv"
-
-	"gitea.com/gitea/act_runner/core"
-
-	"github.com/joho/godotenv"
-	"github.com/kelseyhightower/envconfig"
-)
-
-type (
-	// Config provides the system configuration.
-	Config struct {
-		Debug    bool `envconfig:"GITEA_DEBUG"`
-		Trace    bool `envconfig:"GITEA_TRACE"`
-		Client   Client
-		Runner   Runner
-		Platform Platform
-	}
-
-	Client struct {
-		Address  string `ignored:"true"`
-		Insecure bool
-	}
-
-	Runner struct {
-		UUID     string            `ignored:"true"`
-		Name     string            `envconfig:"GITEA_RUNNER_NAME"`
-		Token    string            `ignored:"true"`
-		Capacity int               `envconfig:"GITEA_RUNNER_CAPACITY" default:"1"`
-		File     string            `envconfig:"GITEA_RUNNER_FILE" default:".runner"`
-		Environ  map[string]string `envconfig:"GITEA_RUNNER_ENVIRON"`
-		EnvFile  string            `envconfig:"GITEA_RUNNER_ENV_FILE"`
-		Labels   []string          `envconfig:"GITEA_RUNNER_LABELS"`
-	}
-
-	Platform struct {
-		OS   string `envconfig:"GITEA_PLATFORM_OS"`
-		Arch string `envconfig:"GITEA_PLATFORM_ARCH"`
-	}
-)
-
-// FromEnviron returns the settings from the environment.
-func FromEnviron() (Config, error) {
-	cfg := Config{}
-	if err := envconfig.Process("", &cfg); err != nil {
-		return cfg, err
-	}
-
-	// check runner config exist
-	f, err := os.Stat(cfg.Runner.File)
-	if err == nil && !f.IsDir() {
-		jsonFile, _ := os.Open(cfg.Runner.File)
-		defer jsonFile.Close()
-		byteValue, _ := io.ReadAll(jsonFile)
-		var runner core.Runner
-		if err := json.Unmarshal(byteValue, &runner); err != nil {
-			return cfg, err
-		}
-		if runner.UUID != "" {
-			cfg.Runner.UUID = runner.UUID
-		}
-		if runner.Token != "" {
-			cfg.Runner.Token = runner.Token
-		}
-		if len(runner.Labels) != 0 {
-			cfg.Runner.Labels = runner.Labels
-		}
-		if runner.Address != "" {
-			cfg.Client.Address = runner.Address
-		}
-		if runner.Insecure != "" {
-			cfg.Client.Insecure, _ = strconv.ParseBool(runner.Insecure)
-		}
-	} else if err != nil {
-		return cfg, err
-	}
-
-	// runner config
-	if cfg.Runner.Environ == nil {
-		cfg.Runner.Environ = map[string]string{
-			"GITHUB_API_URL":    cfg.Client.Address + "/api/v1",
-			"GITHUB_SERVER_URL": cfg.Client.Address,
-		}
-	}
-	if cfg.Runner.Name == "" {
-		cfg.Runner.Name, _ = os.Hostname()
-	}
-
-	// platform config
-	if cfg.Platform.OS == "" {
-		cfg.Platform.OS = runtime.GOOS
-	}
-	if cfg.Platform.Arch == "" {
-		cfg.Platform.Arch = runtime.GOARCH
-	}
-
-	if file := cfg.Runner.EnvFile; file != "" {
-		envs, err := godotenv.Read(file)
-		if err != nil {
-			return cfg, err
-		}
-		for k, v := range envs {
-			cfg.Runner.Environ[k] = v
-		}
-	}
-
-	return cfg, nil
-}

core/runner.go

@@ -1,17 +0,0 @@
-package core
-
-const (
-	UUIDHeader  = "x-runner-uuid"
-	TokenHeader = "x-runner-token"
-)
-
-// Runner struct
-type Runner struct {
-	ID       int64    `json:"id"`
-	UUID     string   `json:"uuid"`
-	Name     string   `json:"name"`
-	Token    string   `json:"token"`
-	Address  string   `json:"address"`
-	Insecure string   `json:"insecure"`
-	Labels   []string `json:"labels"`
-}

engine/docker.go

@@ -1,37 +0,0 @@
-package engine
-
-import (
-	"context"
-
-	"github.com/docker/docker/client"
-)
-
-type Docker struct {
-	client   client.APIClient
-	hidePull bool
-}
-
-func New(opts ...Option) (*Docker, error) {
-	cli, err := client.NewClientWithOpts(client.FromEnv)
-	if err != nil {
-		return nil, err
-	}
-
-	srv := &Docker{
-		client: cli,
-	}
-
-	// Loop through each option
-	for _, opt := range opts {
-		// Call the option giving the instantiated
-		opt.Apply(srv)
-	}
-
-	return srv, nil
-}
-
-// Ping pings the Docker daemon.
-func (e *Docker) Ping(ctx context.Context) error {
-	_, err := e.client.Ping(ctx)
-	return err
-}

engine/engine.go

@@ -1,43 +0,0 @@
-package engine
-
-import (
-	"context"
-	"fmt"
-	"time"
-
-	log "github.com/sirupsen/logrus"
-)
-
-// Start start docker engine api loop
-func Start(ctx context.Context) error {
-	engine, err := New()
-	if err != nil {
-		return err
-	}
-
-	count := 0
-	for {
-		err := engine.Ping(ctx)
-		if err == context.Canceled {
-			break
-		}
-		select {
-		case <-ctx.Done():
-			return ctx.Err()
-		default:
-		}
-		if err != nil {
-			log.WithError(err).
-				Errorln("cannot ping the docker daemon")
-			count++
-			if count == 5 {
-				return fmt.Errorf("retry connect to docker daemon failed: %d times", count)
-			}
-			time.Sleep(time.Second)
-		} else {
-			log.Infoln("successfully ping the docker daemon")
-			break
-		}
-	}
-	return nil
-}

engine/options.go

@@ -1,30 +0,0 @@
-package engine
-
-import "github.com/docker/docker/client"
-
-// An Option configures a mutex.
-type Option interface {
-	Apply(*Docker)
-}
-
-// OptionFunc is a function that configure a value.
-type OptionFunc func(*Docker)
-
-// Apply calls f(option)
-func (f OptionFunc) Apply(docker *Docker) {
-	f(docker)
-}
-
-// WithClient set custom client
-func WithClient(c client.APIClient) Option {
-	return OptionFunc(func(q *Docker) {
-		q.client = c
-	})
-}
-
-// WithHidePull hide pull event.
-func WithHidePull(v bool) Option {
-	return OptionFunc(func(q *Docker) {
-		q.hidePull = v
-	})
-}

examples/README.md

@@ -0,0 +1,12 @@
+# Usage Examples for `act_runner`
+
+Welcome to our collection of usage and deployment examples specifically designed for Gitea setups. Whether you're a beginner or an experienced user, you'll find practical resources here that you can directly apply to enhance your Gitea experience. We encourage you to contribute your own insights and knowledge to make this collection even more comprehensive and valuable.
+
+| Section                     | Description                                                                                                                                                                                                                                                   |
+|-----------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| [`docker`](docker)              | This section provides you with scripts and instructions tailored for running containers on a workstation or server where Docker is installed. It simplifies the process of setting up and managing your Gitea deployment using Docker.                     |
+| [`docker-compose`](docker-compose) | In this section, you'll discover examples demonstrating how to utilize docker-compose to efficiently handle your Gitea deployments. It offers a straightforward approach to managing multiple containerized components of your Gitea setup.                 |
+| [`kubernetes`](kubernetes)     | If you're utilizing Kubernetes clusters for your infrastructure, this section is specifically designed for you. It presents examples and guidelines for configuring Gitea deployments within Kubernetes clusters, enabling you to leverage the scalability and flexibility of Kubernetes.   |
+| [`vm`](vm)                      | This section is dedicated to examples that assist you in setting up Gitea on virtual or physical servers. Whether you're working with virtual machines or physical hardware, you'll find helpful resources to guide you through the deployment process.                   |
+
+We hope these resources provide you with valuable insights and solutions for your Gitea setup. Feel free to explore, contribute, and adapt these examples to suit your specific requirements.

examples/docker-compose/README.md

@@ -0,0 +1,46 @@
+### Running `act_runner` using `docker-compose`
+
+```yml
+...
+  gitea:
+    image: gitea/gitea
+    ...
+
+  runner:
+    image: gitea/act_runner
+    restart: always
+    depends_on:
+      - gitea
+    volumes:
+      - ./data/act_runner:/data
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      - GITEA_INSTANCE_URL=<instance url>
+      # When using Docker Secrets, it's also possible to use
+      # GITEA_RUNNER_REGISTRATION_TOKEN_FILE to pass the location.
+      # The env var takes precedence.
+      # Needed only for the first start.
+      - GITEA_RUNNER_REGISTRATION_TOKEN=<registration token>
+```
+
+### Running `act_runner` using Docker-in-Docker (DIND) 
+
+```yml
+...
+  runner:
+    image: gitea/act_runner:latest-dind-rootless
+    restart: always
+    privileged: true
+    depends_on:
+      - gitea
+    volumes:
+      - ./data/act_runner:/data
+    environment:
+      - GITEA_INSTANCE_URL=<instance url>
+      - DOCKER_HOST=unix:///var/run/user/1000/docker.sock
+      # When using Docker Secrets, it's also possible to use
+      # GITEA_RUNNER_REGISTRATION_TOKEN_FILE to pass the location.
+      # The env var takes precedence.
+      # Needed only for the first start.
+      - GITEA_RUNNER_REGISTRATION_TOKEN=<registration token>
+```

examples/docker/README.md

@@ -0,0 +1,8 @@
+### Run `act_runner` in a Docker Container
+
+```sh
+docker run -e GITEA_INSTANCE_URL=http://192.168.8.18:3000 -e GITEA_RUNNER_REGISTRATION_TOKEN=<runner_token> -v /var/run/docker.sock:/var/run/docker.sock -v $PWD/data:/data --name my_runner gitea/act_runner:nightly
+```
+
+The `/data` directory inside the docker container contains the runner API keys after registration.
+It must be persisted, otherwise the runner would try to register again, using the same, now defunct registration token.

examples/kubernetes/README.md

@@ -0,0 +1,11 @@
+## Kubernetes Docker in Docker Deployment with `act_runner`
+
+NOTE: Docker in Docker (dind) requires elevated privileges on Kubernetes. The current way to achieve this is to set the pod `SecurityContext` to `privileged`. Keep in mind that this is a potential security issue that has the potential for a malicious application to break out of the container context.
+
+Files in this directory:
+
+- [`dind-docker.yaml`](dind-docker.yaml)
+  How to create a Deployment and Persistent Volume for Kubernetes to act as a runner. The Docker credentials are re-generated each time the pod connects and does not need to be persisted.
+
+- [`rootless-docker.yaml`](rootless-docker.yaml)
+  How to create a rootless Deployment and Persistent Volume for Kubernetes to act as a runner. The Docker credentials are re-generated each time the pod connects and does not need to be persisted.

examples/kubernetes/dind-docker.yaml

@@ -0,0 +1,78 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: act-runner-vol
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: standard
+---
+apiVersion: v1
+data:
+  token: << base64 encoded registration token >>
+kind: Secret
+metadata:
+  name: runner-secret
+type: Opaque
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: act-runner
+  name: act-runner
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: act-runner
+  strategy: {}
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: act-runner
+    spec:
+      restartPolicy: Always
+      volumes:
+      - name: docker-certs
+        emptyDir: {}
+      - name: runner-data
+        persistentVolumeClaim:
+          claimName: act-runner-vol
+      containers:
+      - name: runner
+        image: gitea/act_runner:nightly
+        command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- /opt/act/run.sh"]
+        env:
+        - name: DOCKER_HOST
+          value: tcp://localhost:2376
+        - name: DOCKER_CERT_PATH
+          value: /certs/client
+        - name: DOCKER_TLS_VERIFY
+          value: "1"
+        - name: GITEA_INSTANCE_URL
+          value: http://gitea-http.gitea.svc.cluster.local:3000
+        - name: GITEA_RUNNER_REGISTRATION_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: runner-secret
+              key: token
+        volumeMounts:
+        - name: docker-certs
+          mountPath: /certs
+        - name: runner-data
+          mountPath: /data
+      - name: daemon
+        image: docker:23.0.6-dind
+        env:
+        - name: DOCKER_TLS_CERTDIR
+          value: /certs
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - name: docker-certs
+          mountPath: /certs

examples/kubernetes/rootless-docker.yaml

@@ -0,0 +1,70 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: act-runner-vol
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: standard
+---
+apiVersion: v1
+data:
+  token: << runner registration token goes here >>
+kind: Secret
+metadata:
+  name: runner-secret
+type: Opaque
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: act-runner
+  name: act-runner
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: act-runner
+  strategy: {}
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: act-runner
+    spec:
+      restartPolicy: Always
+      volumes:
+      - name: runner-data
+        persistentVolumeClaim:
+          claimName: act-runner-vol
+      securityContext:
+        fsGroup: 1000
+      containers:
+      - name: runner
+        image: gitea/act_runner:nightly-dind-rootless
+        imagePullPolicy: Always
+        # command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- /opt/act/run.sh"]
+        env:
+        - name: DOCKER_HOST
+          value: tcp://localhost:2376
+        - name: DOCKER_CERT_PATH
+          value: /certs/client
+        - name: DOCKER_TLS_VERIFY
+          value: "1"
+        - name: GITEA_INSTANCE_URL
+          value: http://gitea-http.gitea.svc.cluster.local:3000
+        - name: GITEA_RUNNER_REGISTRATION_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: runner-secret
+              key: token
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - name: runner-data
+          mountPath: /data
+

examples/vm/README.md

@@ -0,0 +1,6 @@
+## `act_runner` on Virtual or Physical Servers
+
+Files in this directory:
+
+- [`rootless-docker.md`](rootless-docker.md)
+  How to set up a rootless docker implementation of the runner.

examples/vm/rootless-docker.md

@@ -0,0 +1,87 @@
+## Using Rootless Docker with`act_runner`
+
+Here is a simple example of how to set up `act_runner` with rootless Docker. It has been created with Debian, but other Linux should work the same way.
+
+Note: This procedure needs a real login shell -- using `sudo su` or other method of accessing the account will fail some of the steps below.
+
+As `root`:
+
+- Create a user to run both `docker` and `act_runner`. In this example, we use a non-privileged account called `rootless`.
+
+```bash
+ useradd -m rootless
+ passwd rootless
+```
+
+- Install [`docker-ce`](https://docs.docker.com/engine/install/)
+- (Recommended) Disable the system-wide Docker daemon
+
+     ``systemctl disable --now docker.service docker.socket``
+
+As the `rootless` user:
+
+- Follow the instructions for [enabling rootless mode](https://docs.docker.com/engine/security/rootless/)
+- Add the following lines to the `/home/rootless/.bashrc`:
+
+```bash
+ export XDG_RUNTIME_DIR=/home/rootless/.docker/run
+ export PATH=/home/rootless/bin:$PATH
+ export DOCKER_HOST=unix:///run/user/1001/docker.sock
+```
+
+- Reboot. Ensure that the Docker process is working.
+- Create a directory for saving `act_runner` data between restarts
+
+ `mkdir /home/rootless/act_runner`
+
+- Register the runner from the data directory
+
+```bash
+ cd /home/rootless/act_runner
+ act_runner register
+```
+
+- Generate a `act_runner` configuration file in the data directory. Edit the file to adjust for the system.
+
+```bash
+ act_runner generate-config >/home/rootless/act_runner/config
+```
+
+- Create a new user-level`systemd` unit file as `/home/rootless/.config/systemd/user/act_runner.service` with the following contents:
+
+```bash
+ Description=Gitea Actions runner
+ Documentation=https://gitea.com/gitea/act_runner
+ After=docker.service
+
+ [Service]
+ Environment=PATH=/home/rootless/bin:/sbin:/usr/sbin:/home/rootless/bin:/home/rootless/bin:/home/rootless/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+ Environment=DOCKER_HOST=unix:///run/user/1001/docker.sock
+ ExecStart=/usr/bin/act_runner daemon -c /home/rootless/act_runner/config
+ ExecReload=/bin/kill -s HUP $MAINPID
+ WorkingDirectory=/home/rootless/act_runner
+ TimeoutSec=0
+ RestartSec=2
+ Restart=always
+ StartLimitBurst=3
+ StartLimitInterval=60s
+ LimitNOFILE=infinity
+ LimitNPROC=infinity
+ LimitCORE=infinity
+ TasksMax=infinity
+ Delegate=yes
+ Type=notify
+ NotifyAccess=all
+ KillMode=mixed
+
+ [Install]
+ WantedBy=default.target
+```
+
+- Reboot
+
+After the system restarts, check that the`act_runner` is working and that the runner is connected to Gitea.
+
+````bash
+ systemctl --user status act_runner
+ journalctl --user -xeu act_runner

go.mod

@@ -1,80 +1,102 @@
 module gitea.com/gitea/act_runner
 
-go 1.18
+go 1.21
 
 require (
-	code.gitea.io/actions-proto-go v0.2.0
-	github.com/avast/retry-go/v4 v4.3.1
-	github.com/bufbuild/connect-go v1.3.1
-	github.com/docker/docker v20.10.21+incompatible
-	github.com/joho/godotenv v1.4.0
-	github.com/kelseyhightower/envconfig v1.4.0
-	github.com/mattn/go-isatty v0.0.16
-	github.com/nektos/act v0.0.0
-	github.com/sirupsen/logrus v1.9.0
-	github.com/spf13/cobra v1.6.1
-	golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde
-	google.golang.org/protobuf v1.28.1
+	code.gitea.io/actions-proto-go v0.4.0
+	code.gitea.io/gitea-vet v0.2.3
+	connectrpc.com/connect v1.15.0
+	github.com/avast/retry-go/v4 v4.5.1
+	github.com/docker/docker v25.0.3+incompatible
+	github.com/joho/godotenv v1.5.1
+	github.com/mattn/go-isatty v0.0.20
+	github.com/nektos/act v0.0.0 // will be replaced
+	github.com/sirupsen/logrus v1.9.3
+	github.com/spf13/cobra v1.8.0
+	github.com/stretchr/testify v1.9.0
+	golang.org/x/term v0.18.0
+	golang.org/x/time v0.5.0
+	google.golang.org/protobuf v1.33.0
+	gopkg.in/yaml.v3 v3.0.1
+	gotest.tools/v3 v3.5.1
 )
 
 require (
+	dario.cat/mergo v1.0.0 // indirect
+	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
 	github.com/Masterminds/semver v1.5.0 // indirect
-	github.com/Microsoft/go-winio v0.5.2 // indirect
-	github.com/Microsoft/hcsshim v0.9.3 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20220404123522-616f957b79ad // indirect
-	github.com/acomagu/bufpipe v1.0.3 // indirect
-	github.com/containerd/cgroups v1.0.3 // indirect
-	github.com/containerd/containerd v1.6.6 // indirect
-	github.com/creack/pty v1.1.18 // indirect
-	github.com/docker/cli v20.10.21+incompatible // indirect
-	github.com/docker/distribution v2.8.1+incompatible // indirect
-	github.com/docker/docker-credential-helpers v0.6.4 // indirect
-	github.com/docker/go-connections v0.4.0 // indirect
-	github.com/docker/go-units v0.4.0 // indirect
-	github.com/emirpasic/gods v1.12.0 // indirect
-	github.com/fatih/color v1.13.0 // indirect
-	github.com/go-git/gcfg v1.5.0 // indirect
-	github.com/go-git/go-billy/v5 v5.3.1 // indirect
-	github.com/go-git/go-git/v5 v5.4.2 // indirect
-	github.com/go-ini/ini v1.67.0 // indirect
+	github.com/Microsoft/go-winio v0.6.1 // indirect
+	github.com/ProtonMail/go-crypto v1.0.0 // indirect
+	github.com/cloudflare/circl v1.3.7 // indirect
+	github.com/containerd/containerd v1.7.13 // indirect
+	github.com/containerd/log v0.1.0 // indirect
+	github.com/creack/pty v1.1.21 // indirect
+	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/distribution/reference v0.5.0 // indirect
+	github.com/docker/cli v25.0.3+incompatible // indirect
+	github.com/docker/distribution v2.8.3+incompatible // indirect
+	github.com/docker/docker-credential-helpers v0.8.1 // indirect
+	github.com/docker/go-connections v0.5.0 // indirect
+	github.com/docker/go-units v0.5.0 // indirect
+	github.com/emirpasic/gods v1.18.1 // indirect
+	github.com/fatih/color v1.16.0 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
+	github.com/go-git/go-billy/v5 v5.5.0 // indirect
+	github.com/go-git/go-git/v5 v5.11.0 // indirect
+	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/imdario/mergo v0.3.13 // indirect
-	github.com/inconshreveable/mousetrap v1.0.1 // indirect
+	github.com/imdario/mergo v0.3.16 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/julienschmidt/httprouter v1.3.0 // indirect
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
+	github.com/klauspost/compress v1.17.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-runewidth v0.0.13 // indirect
-	github.com/mitchellh/go-homedir v1.1.0 // indirect
-	github.com/mitchellh/mapstructure v1.1.2 // indirect
-	github.com/moby/buildkit v0.10.6 // indirect
-	github.com/moby/sys/mount v0.3.1 // indirect
-	github.com/moby/sys/mountinfo v0.6.0 // indirect
+	github.com/mattn/go-runewidth v0.0.15 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/moby/buildkit v0.12.5 // indirect
+	github.com/moby/patternmatcher v0.6.0 // indirect
+	github.com/moby/sys/sequential v0.5.0 // indirect
+	github.com/moby/sys/user v0.1.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 // indirect
-	github.com/opencontainers/runc v1.1.2 // indirect
-	github.com/opencontainers/selinux v1.10.2 // indirect
+	github.com/opencontainers/image-spec v1.1.0 // indirect
+	github.com/opencontainers/selinux v1.11.0 // indirect
+	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/rhysd/actionlint v1.6.22 // indirect
-	github.com/rivo/uniseg v0.3.4 // indirect
-	github.com/robfig/cron v1.2.0 // indirect
-	github.com/sergi/go-diff v1.2.0 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/rhysd/actionlint v1.6.27 // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
+	github.com/robfig/cron/v3 v3.0.1 // indirect
+	github.com/sergi/go-diff v1.3.1 // indirect
+	github.com/skeema/knownhosts v1.2.1 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/xanzy/ssh-agent v0.3.1 // indirect
-	github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
+	github.com/stretchr/objx v0.5.2 // indirect
+	github.com/timshannon/bolthold v0.0.0-20231129192944-dca5178aa629 // indirect
+	github.com/xanzy/ssh-agent v0.3.3 // indirect
+	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
-	github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f // indirect
-	go.opencensus.io v0.23.0 // indirect
-	golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29 // indirect
-	golang.org/x/net v0.0.0-20220906165146-f3363e06e74c // indirect
-	golang.org/x/sys v0.0.0-20220818161305-2296e01440c6 // indirect
-	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
+	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
+	go.etcd.io/bbolt v1.3.9 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0 // indirect
+	go.opentelemetry.io/otel v1.23.1 // indirect
+	go.opentelemetry.io/otel/metric v1.23.1 // indirect
+	go.opentelemetry.io/otel/trace v1.23.1 // indirect
+	golang.org/x/crypto v0.19.0 // indirect
+	golang.org/x/mod v0.15.0 // indirect
+	golang.org/x/net v0.21.0 // indirect
+	golang.org/x/sync v0.6.0 // indirect
+	golang.org/x/sys v0.18.0 // indirect
+	golang.org/x/tools v0.18.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
-replace github.com/nektos/act => gitea.com/gitea/act v0.234.3-0.20230224062034-1252e551b867
+replace github.com/nektos/act => gitea.com/gitea/act v0.261.1

internal/app/cmd/cache-server.go

@@ -0,0 +1,69 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package cmd
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"os/signal"
+
+	"gitea.com/gitea/act_runner/internal/pkg/config"
+
+	"github.com/nektos/act/pkg/artifactcache"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+)
+
+type cacheServerArgs struct {
+	Dir  string
+	Host string
+	Port uint16
+}
+
+func runCacheServer(ctx context.Context, configFile *string, cacheArgs *cacheServerArgs) func(cmd *cobra.Command, args []string) error {
+	return func(cmd *cobra.Command, args []string) error {
+		cfg, err := config.LoadDefault(*configFile)
+		if err != nil {
+			return fmt.Errorf("invalid configuration: %w", err)
+		}
+
+		initLogging(cfg)
+
+		var (
+			dir  = cfg.Cache.Dir
+			host = cfg.Cache.Host
+			port = cfg.Cache.Port
+		)
+
+		// cacheArgs has higher priority
+		if cacheArgs.Dir != "" {
+			dir = cacheArgs.Dir
+		}
+		if cacheArgs.Host != "" {
+			host = cacheArgs.Host
+		}
+		if cacheArgs.Port != 0 {
+			port = cacheArgs.Port
+		}
+
+		cacheHandler, err := artifactcache.StartHandler(
+			dir,
+			host,
+			port,
+			log.StandardLogger().WithField("module", "cache_request"),
+		)
+		if err != nil {
+			return err
+		}
+
+		log.Infof("cache server is listening on %v", cacheHandler.ExternalURL())
+
+		c := make(chan os.Signal, 1)
+		signal.Notify(c, os.Interrupt)
+		<-c
+
+		return nil
+	}
+}

internal/app/cmd/cmd.go

@@ -0,0 +1,85 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package cmd
+
+import (
+	"context"
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+
+	"gitea.com/gitea/act_runner/internal/pkg/config"
+	"gitea.com/gitea/act_runner/internal/pkg/ver"
+)
+
+func Execute(ctx context.Context) {
+	// ./act_runner
+	rootCmd := &cobra.Command{
+		Use:          "act_runner [event name to run]\nIf no event name passed, will default to \"on: push\"",
+		Short:        "Run GitHub actions locally by specifying the event name (e.g. `push`) or an action name directly.",
+		Args:         cobra.MaximumNArgs(1),
+		Version:      ver.Version(),
+		SilenceUsage: true,
+	}
+	configFile := ""
+	rootCmd.PersistentFlags().StringVarP(&configFile, "config", "c", "", "Config file path")
+
+	// ./act_runner register
+	var regArgs registerArgs
+	registerCmd := &cobra.Command{
+		Use:   "register",
+		Short: "Register a runner to the server",
+		Args:  cobra.MaximumNArgs(0),
+		RunE:  runRegister(ctx, &regArgs, &configFile), // must use a pointer to regArgs
+	}
+	registerCmd.Flags().BoolVar(&regArgs.NoInteractive, "no-interactive", false, "Disable interactive mode")
+	registerCmd.Flags().StringVar(&regArgs.InstanceAddr, "instance", "", "Gitea instance address")
+	registerCmd.Flags().StringVar(&regArgs.Token, "token", "", "Runner token")
+	registerCmd.Flags().StringVar(&regArgs.RunnerName, "name", "", "Runner name")
+	registerCmd.Flags().StringVar(&regArgs.Labels, "labels", "", "Runner tags, comma separated")
+	rootCmd.AddCommand(registerCmd)
+
+	// ./act_runner daemon
+	daemonCmd := &cobra.Command{
+		Use:   "daemon",
+		Short: "Run as a runner daemon",
+		Args:  cobra.MaximumNArgs(1),
+		RunE:  runDaemon(ctx, &configFile),
+	}
+	rootCmd.AddCommand(daemonCmd)
+
+	// ./act_runner exec
+	rootCmd.AddCommand(loadExecCmd(ctx))
+
+	// ./act_runner config
+	rootCmd.AddCommand(&cobra.Command{
+		Use:   "generate-config",
+		Short: "Generate an example config file",
+		Args:  cobra.MaximumNArgs(0),
+		Run: func(_ *cobra.Command, _ []string) {
+			fmt.Printf("%s", config.Example)
+		},
+	})
+
+	// ./act_runner cache-server
+	var cacheArgs cacheServerArgs
+	cacheCmd := &cobra.Command{
+		Use:   "cache-server",
+		Short: "Start a cache server for the cache action",
+		Args:  cobra.MaximumNArgs(0),
+		RunE:  runCacheServer(ctx, &configFile, &cacheArgs),
+	}
+	cacheCmd.Flags().StringVarP(&cacheArgs.Dir, "dir", "d", "", "Cache directory")
+	cacheCmd.Flags().StringVarP(&cacheArgs.Host, "host", "s", "", "Host of the cache server")
+	cacheCmd.Flags().Uint16VarP(&cacheArgs.Port, "port", "p", 0, "Port of the cache server")
+	rootCmd.AddCommand(cacheCmd)
+
+	// hide completion command
+	rootCmd.CompletionOptions.HiddenDefaultCmd = true
+
+	if err := rootCmd.Execute(); err != nil {
+		os.Exit(1)
+	}
+}

internal/app/cmd/daemon.go

@@ -0,0 +1,200 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package cmd
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path"
+	"path/filepath"
+	"runtime"
+	"slices"
+	"strconv"
+	"strings"
+
+	"connectrpc.com/connect"
+	"github.com/mattn/go-isatty"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+
+	"gitea.com/gitea/act_runner/internal/app/poll"
+	"gitea.com/gitea/act_runner/internal/app/run"
+	"gitea.com/gitea/act_runner/internal/pkg/client"
+	"gitea.com/gitea/act_runner/internal/pkg/config"
+	"gitea.com/gitea/act_runner/internal/pkg/envcheck"
+	"gitea.com/gitea/act_runner/internal/pkg/labels"
+	"gitea.com/gitea/act_runner/internal/pkg/ver"
+)
+
+func runDaemon(ctx context.Context, configFile *string) func(cmd *cobra.Command, args []string) error {
+	return func(cmd *cobra.Command, args []string) error {
+		cfg, err := config.LoadDefault(*configFile)
+		if err != nil {
+			return fmt.Errorf("invalid configuration: %w", err)
+		}
+
+		initLogging(cfg)
+		log.Infoln("Starting runner daemon")
+
+		reg, err := config.LoadRegistration(cfg.Runner.File)
+		if os.IsNotExist(err) {
+			log.Error("registration file not found, please register the runner first")
+			return err
+		} else if err != nil {
+			return fmt.Errorf("failed to load registration file: %w", err)
+		}
+
+		lbls := reg.Labels
+		if len(cfg.Runner.Labels) > 0 {
+			lbls = cfg.Runner.Labels
+		}
+
+		ls := labels.Labels{}
+		for _, l := range lbls {
+			label, err := labels.Parse(l)
+			if err != nil {
+				log.WithError(err).Warnf("ignored invalid label %q", l)
+				continue
+			}
+			ls = append(ls, label)
+		}
+		if len(ls) == 0 {
+			log.Warn("no labels configured, runner may not be able to pick up jobs")
+		}
+
+		if ls.RequireDocker() {
+			dockerSocketPath, err := getDockerSocketPath(cfg.Container.DockerHost)
+			if err != nil {
+				return err
+			}
+			if err := envcheck.CheckIfDockerRunning(ctx, dockerSocketPath); err != nil {
+				return err
+			}
+			// if dockerSocketPath passes the check, override DOCKER_HOST with dockerSocketPath
+			os.Setenv("DOCKER_HOST", dockerSocketPath)
+			// empty cfg.Container.DockerHost means act_runner need to find an available docker host automatically
+			// and assign the path to cfg.Container.DockerHost
+			if cfg.Container.DockerHost == "" {
+				cfg.Container.DockerHost = dockerSocketPath
+			}
+			// check the scheme, if the scheme is not npipe or unix
+			// set cfg.Container.DockerHost to "-" because it can't be mounted to the job container
+			if protoIndex := strings.Index(cfg.Container.DockerHost, "://"); protoIndex != -1 {
+				scheme := cfg.Container.DockerHost[:protoIndex]
+				if !strings.EqualFold(scheme, "npipe") && !strings.EqualFold(scheme, "unix") {
+					cfg.Container.DockerHost = "-"
+				}
+			}
+		}
+
+		if !slices.Equal(reg.Labels, ls.ToStrings()) {
+			reg.Labels = ls.ToStrings()
+			if err := config.SaveRegistration(cfg.Runner.File, reg); err != nil {
+				return fmt.Errorf("failed to save runner config: %w", err)
+			}
+			log.Infof("labels updated to: %v", reg.Labels)
+		}
+
+		cli := client.New(
+			reg.Address,
+			cfg.Runner.Insecure,
+			reg.UUID,
+			reg.Token,
+			ver.Version(),
+		)
+
+		runner := run.NewRunner(cfg, reg, cli)
+
+		// declare the labels of the runner before fetching tasks
+		resp, err := runner.Declare(ctx, ls.Names())
+		if err != nil && connect.CodeOf(err) == connect.CodeUnimplemented {
+			log.Errorf("Your Gitea version is too old to support runner declare, please upgrade to v1.21 or later")
+			return err
+		} else if err != nil {
+			log.WithError(err).Error("fail to invoke Declare")
+			return err
+		} else {
+			log.Infof("runner: %s, with version: %s, with labels: %v, declare successfully",
+				resp.Msg.Runner.Name, resp.Msg.Runner.Version, resp.Msg.Runner.Labels)
+		}
+
+		poller := poll.New(cfg, cli, runner)
+
+		poller.Poll(ctx)
+
+		return nil
+	}
+}
+
+// initLogging setup the global logrus logger.
+func initLogging(cfg *config.Config) {
+	isTerm := isatty.IsTerminal(os.Stdout.Fd())
+	format := &log.TextFormatter{
+		DisableColors: !isTerm,
+		FullTimestamp: true,
+	}
+	log.SetFormatter(format)
+
+	if l := cfg.Log.Level; l != "" {
+		level, err := log.ParseLevel(l)
+		if err != nil {
+			log.WithError(err).
+				Errorf("invalid log level: %q", l)
+		}
+
+		// debug level
+		if level == log.DebugLevel {
+			log.SetReportCaller(true)
+			format.CallerPrettyfier = func(f *runtime.Frame) (string, string) {
+				// get function name
+				s := strings.Split(f.Function, ".")
+				funcname := "[" + s[len(s)-1] + "]"
+				// get file name and line number
+				_, filename := path.Split(f.File)
+				filename = "[" + filename + ":" + strconv.Itoa(f.Line) + "]"
+				return funcname, filename
+			}
+			log.SetFormatter(format)
+		}
+
+		if log.GetLevel() != level {
+			log.Infof("log level changed to %v", level)
+			log.SetLevel(level)
+		}
+	}
+}
+
+var commonSocketPaths = []string{
+	"/var/run/docker.sock",
+	"/run/podman/podman.sock",
+	"$HOME/.colima/docker.sock",
+	"$XDG_RUNTIME_DIR/docker.sock",
+	"$XDG_RUNTIME_DIR/podman/podman.sock",
+	`\\.\pipe\docker_engine`,
+	"$HOME/.docker/run/docker.sock",
+}
+
+func getDockerSocketPath(configDockerHost string) (string, error) {
+	// a `-` means don't mount the docker socket to job containers
+	if configDockerHost != "" && configDockerHost != "-" {
+		return configDockerHost, nil
+	}
+
+	socket, found := os.LookupEnv("DOCKER_HOST")
+	if found {
+		return socket, nil
+	}
+
+	for _, p := range commonSocketPaths {
+		if _, err := os.Lstat(os.ExpandEnv(p)); err == nil {
+			if strings.HasPrefix(p, `\\.\`) {
+				return "npipe://" + filepath.ToSlash(os.ExpandEnv(p)), nil
+			}
+			return "unix://" + filepath.ToSlash(os.ExpandEnv(p)), nil
+		}
+	}
+
+	return "", fmt.Errorf("daemon Docker Engine socket not found and docker_host config was invalid")
+}

internal/app/cmd/exec.go

@@ -0,0 +1,492 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// Copyright 2019 nektos
+// SPDX-License-Identifier: MIT
+
+package cmd
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api/types/container"
+	"github.com/joho/godotenv"
+	"github.com/nektos/act/pkg/artifactcache"
+	"github.com/nektos/act/pkg/artifacts"
+	"github.com/nektos/act/pkg/common"
+	"github.com/nektos/act/pkg/model"
+	"github.com/nektos/act/pkg/runner"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+	"golang.org/x/term"
+)
+
+type executeArgs struct {
+	runList               bool
+	job                   string
+	event                 string
+	workdir               string
+	workflowsPath         string
+	noWorkflowRecurse     bool
+	autodetectEvent       bool
+	forcePull             bool
+	forceRebuild          bool
+	jsonLogger            bool
+	envs                  []string
+	envfile               string
+	secrets               []string
+	defaultActionsURL     string
+	insecureSecrets       bool
+	privileged            bool
+	usernsMode            string
+	containerArchitecture string
+	containerDaemonSocket string
+	useGitIgnore          bool
+	containerCapAdd       []string
+	containerCapDrop      []string
+	containerOptions      string
+	artifactServerPath    string
+	artifactServerAddr    string
+	artifactServerPort    string
+	noSkipCheckout        bool
+	debug                 bool
+	dryrun                bool
+	image                 string
+	cacheHandler          *artifactcache.Handler
+	network               string
+	githubInstance        string
+}
+
+// WorkflowsPath returns path to workflow file(s)
+func (i *executeArgs) WorkflowsPath() string {
+	return i.resolve(i.workflowsPath)
+}
+
+// Envfile returns path to .env
+func (i *executeArgs) Envfile() string {
+	return i.resolve(i.envfile)
+}
+
+func (i *executeArgs) LoadSecrets() map[string]string {
+	s := make(map[string]string)
+	for _, secretPair := range i.secrets {
+		secretPairParts := strings.SplitN(secretPair, "=", 2)
+		secretPairParts[0] = strings.ToUpper(secretPairParts[0])
+		if strings.ToUpper(s[secretPairParts[0]]) == secretPairParts[0] {
+			log.Errorf("Secret %s is already defined (secrets are case insensitive)", secretPairParts[0])
+		}
+		if len(secretPairParts) == 2 {
+			s[secretPairParts[0]] = secretPairParts[1]
+		} else if env, ok := os.LookupEnv(secretPairParts[0]); ok && env != "" {
+			s[secretPairParts[0]] = env
+		} else {
+			fmt.Printf("Provide value for '%s': ", secretPairParts[0])
+			val, err := term.ReadPassword(int(os.Stdin.Fd()))
+			fmt.Println()
+			if err != nil {
+				log.Errorf("failed to read input: %v", err)
+				os.Exit(1)
+			}
+			s[secretPairParts[0]] = string(val)
+		}
+	}
+	return s
+}
+
+func readEnvs(path string, envs map[string]string) bool {
+	if _, err := os.Stat(path); err == nil {
+		env, err := godotenv.Read(path)
+		if err != nil {
+			log.Fatalf("Error loading from %s: %v", path, err)
+		}
+		for k, v := range env {
+			envs[k] = v
+		}
+		return true
+	}
+	return false
+}
+
+func (i *executeArgs) LoadEnvs() map[string]string {
+	envs := make(map[string]string)
+	if i.envs != nil {
+		for _, envVar := range i.envs {
+			e := strings.SplitN(envVar, `=`, 2)
+			if len(e) == 2 {
+				envs[e[0]] = e[1]
+			} else {
+				envs[e[0]] = ""
+			}
+		}
+	}
+	_ = readEnvs(i.Envfile(), envs)
+
+	envs["ACTIONS_CACHE_URL"] = i.cacheHandler.ExternalURL() + "/"
+
+	return envs
+}
+
+// Workdir returns path to workdir
+func (i *executeArgs) Workdir() string {
+	return i.resolve(".")
+}
+
+func (i *executeArgs) resolve(path string) string {
+	basedir, err := filepath.Abs(i.workdir)
+	if err != nil {
+		log.Fatal(err)
+	}
+	if path == "" {
+		return path
+	}
+	if !filepath.IsAbs(path) {
+		path = filepath.Join(basedir, path)
+	}
+	return path
+}
+
+func printList(plan *model.Plan) error {
+	type lineInfoDef struct {
+		jobID   string
+		jobName string
+		stage   string
+		wfName  string
+		wfFile  string
+		events  string
+	}
+	lineInfos := []lineInfoDef{}
+
+	header := lineInfoDef{
+		jobID:   "Job ID",
+		jobName: "Job name",
+		stage:   "Stage",
+		wfName:  "Workflow name",
+		wfFile:  "Workflow file",
+		events:  "Events",
+	}
+
+	jobs := map[string]bool{}
+	duplicateJobIDs := false
+
+	jobIDMaxWidth := len(header.jobID)
+	jobNameMaxWidth := len(header.jobName)
+	stageMaxWidth := len(header.stage)
+	wfNameMaxWidth := len(header.wfName)
+	wfFileMaxWidth := len(header.wfFile)
+	eventsMaxWidth := len(header.events)
+
+	for i, stage := range plan.Stages {
+		for _, r := range stage.Runs {
+			jobID := r.JobID
+			line := lineInfoDef{
+				jobID:   jobID,
+				jobName: r.String(),
+				stage:   strconv.Itoa(i),
+				wfName:  r.Workflow.Name,
+				wfFile:  r.Workflow.File,
+				events:  strings.Join(r.Workflow.On(), `,`),
+			}
+			if _, ok := jobs[jobID]; ok {
+				duplicateJobIDs = true
+			} else {
+				jobs[jobID] = true
+			}
+			lineInfos = append(lineInfos, line)
+			if jobIDMaxWidth < len(line.jobID) {
+				jobIDMaxWidth = len(line.jobID)
+			}
+			if jobNameMaxWidth < len(line.jobName) {
+				jobNameMaxWidth = len(line.jobName)
+			}
+			if stageMaxWidth < len(line.stage) {
+				stageMaxWidth = len(line.stage)
+			}
+			if wfNameMaxWidth < len(line.wfName) {
+				wfNameMaxWidth = len(line.wfName)
+			}
+			if wfFileMaxWidth < len(line.wfFile) {
+				wfFileMaxWidth = len(line.wfFile)
+			}
+			if eventsMaxWidth < len(line.events) {
+				eventsMaxWidth = len(line.events)
+			}
+		}
+	}
+
+	jobIDMaxWidth += 2
+	jobNameMaxWidth += 2
+	stageMaxWidth += 2
+	wfNameMaxWidth += 2
+	wfFileMaxWidth += 2
+
+	fmt.Printf("%*s%*s%*s%*s%*s%*s\n",
+		-stageMaxWidth, header.stage,
+		-jobIDMaxWidth, header.jobID,
+		-jobNameMaxWidth, header.jobName,
+		-wfNameMaxWidth, header.wfName,
+		-wfFileMaxWidth, header.wfFile,
+		-eventsMaxWidth, header.events,
+	)
+	for _, line := range lineInfos {
+		fmt.Printf("%*s%*s%*s%*s%*s%*s\n",
+			-stageMaxWidth, line.stage,
+			-jobIDMaxWidth, line.jobID,
+			-jobNameMaxWidth, line.jobName,
+			-wfNameMaxWidth, line.wfName,
+			-wfFileMaxWidth, line.wfFile,
+			-eventsMaxWidth, line.events,
+		)
+	}
+	if duplicateJobIDs {
+		fmt.Print("\nDetected multiple jobs with the same job name, use `-W` to specify the path to the specific workflow.\n")
+	}
+	return nil
+}
+
+func runExecList(ctx context.Context, planner model.WorkflowPlanner, execArgs *executeArgs) error {
+	// plan with filtered jobs - to be used for filtering only
+	var filterPlan *model.Plan
+
+	// Determine the event name to be filtered
+	var filterEventName string
+
+	if len(execArgs.event) > 0 {
+		log.Infof("Using chosed event for filtering: %s", execArgs.event)
+		filterEventName = execArgs.event
+	} else if execArgs.autodetectEvent {
+		// collect all events from loaded workflows
+		events := planner.GetEvents()
+
+		// set default event type to first event from many available
+		// this way user dont have to specify the event.
+		log.Infof("Using first detected workflow event for filtering: %s", events[0])
+
+		filterEventName = events[0]
+	}
+
+	var err error
+	if execArgs.job != "" {
+		log.Infof("Preparing plan with a job: %s", execArgs.job)
+		filterPlan, err = planner.PlanJob(execArgs.job)
+		if err != nil {
+			return err
+		}
+	} else if filterEventName != "" {
+		log.Infof("Preparing plan for a event: %s", filterEventName)
+		filterPlan, err = planner.PlanEvent(filterEventName)
+		if err != nil {
+			return err
+		}
+	} else {
+		log.Infof("Preparing plan with all jobs")
+		filterPlan, err = planner.PlanAll()
+		if err != nil {
+			return err
+		}
+	}
+
+	_ = printList(filterPlan)
+
+	return nil
+}
+
+func runExec(ctx context.Context, execArgs *executeArgs) func(cmd *cobra.Command, args []string) error {
+	return func(cmd *cobra.Command, args []string) error {
+		planner, err := model.NewWorkflowPlanner(execArgs.WorkflowsPath(), execArgs.noWorkflowRecurse)
+		if err != nil {
+			return err
+		}
+
+		if execArgs.runList {
+			return runExecList(ctx, planner, execArgs)
+		}
+
+		// plan with triggered jobs
+		var plan *model.Plan
+
+		// Determine the event name to be triggered
+		var eventName string
+
+		// collect all events from loaded workflows
+		events := planner.GetEvents()
+
+		if len(execArgs.event) > 0 {
+			log.Infof("Using chosed event for filtering: %s", execArgs.event)
+			eventName = execArgs.event
+		} else if len(events) == 1 && len(events[0]) > 0 {
+			log.Infof("Using the only detected workflow event: %s", events[0])
+			eventName = events[0]
+		} else if execArgs.autodetectEvent && len(events) > 0 && len(events[0]) > 0 {
+			// set default event type to first event from many available
+			// this way user dont have to specify the event.
+			log.Infof("Using first detected workflow event: %s", events[0])
+			eventName = events[0]
+		} else {
+			log.Infof("Using default workflow event: push")
+			eventName = "push"
+		}
+
+		// build the plan for this run
+		if execArgs.job != "" {
+			log.Infof("Planning job: %s", execArgs.job)
+			plan, err = planner.PlanJob(execArgs.job)
+			if err != nil {
+				return err
+			}
+		} else {
+			log.Infof("Planning jobs for event: %s", eventName)
+			plan, err = planner.PlanEvent(eventName)
+			if err != nil {
+				return err
+			}
+		}
+
+		maxLifetime := 3 * time.Hour
+		if deadline, ok := ctx.Deadline(); ok {
+			maxLifetime = time.Until(deadline)
+		}
+
+		// init a cache server
+		handler, err := artifactcache.StartHandler("", "", 0, log.StandardLogger().WithField("module", "cache_request"))
+		if err != nil {
+			return err
+		}
+		log.Infof("cache handler listens on: %v", handler.ExternalURL())
+		execArgs.cacheHandler = handler
+
+		if len(execArgs.artifactServerAddr) == 0 {
+			ip := common.GetOutboundIP()
+			if ip == nil {
+				return fmt.Errorf("unable to determine outbound IP address")
+			}
+			execArgs.artifactServerAddr = ip.String()
+		}
+
+		if len(execArgs.artifactServerPath) == 0 {
+			tempDir, err := os.MkdirTemp("", "gitea-act-")
+			if err != nil {
+				fmt.Println(err)
+			}
+			defer os.RemoveAll(tempDir)
+
+			execArgs.artifactServerPath = tempDir
+		}
+
+		// run the plan
+		config := &runner.Config{
+			Workdir:               execArgs.Workdir(),
+			BindWorkdir:           false,
+			ReuseContainers:       false,
+			ForcePull:             execArgs.forcePull,
+			ForceRebuild:          execArgs.forceRebuild,
+			LogOutput:             true,
+			JSONLogger:            execArgs.jsonLogger,
+			Env:                   execArgs.LoadEnvs(),
+			Secrets:               execArgs.LoadSecrets(),
+			InsecureSecrets:       execArgs.insecureSecrets,
+			Privileged:            execArgs.privileged,
+			UsernsMode:            execArgs.usernsMode,
+			ContainerArchitecture: execArgs.containerArchitecture,
+			ContainerDaemonSocket: execArgs.containerDaemonSocket,
+			UseGitIgnore:          execArgs.useGitIgnore,
+			GitHubInstance:        execArgs.githubInstance,
+			ContainerCapAdd:       execArgs.containerCapAdd,
+			ContainerCapDrop:      execArgs.containerCapDrop,
+			ContainerOptions:      execArgs.containerOptions,
+			AutoRemove:            true,
+			ArtifactServerPath:    execArgs.artifactServerPath,
+			ArtifactServerPort:    execArgs.artifactServerPort,
+			ArtifactServerAddr:    execArgs.artifactServerAddr,
+			NoSkipCheckout:        execArgs.noSkipCheckout,
+			// PresetGitHubContext:   preset,
+			// EventJSON:             string(eventJSON),
+			ContainerNamePrefix:   fmt.Sprintf("GITEA-ACTIONS-TASK-%s", eventName),
+			ContainerMaxLifetime:  maxLifetime,
+			ContainerNetworkMode:  container.NetworkMode(execArgs.network),
+			DefaultActionInstance: execArgs.defaultActionsURL,
+			PlatformPicker: func(_ []string) string {
+				return execArgs.image
+			},
+			ValidVolumes: []string{"**"}, // All volumes are allowed for `exec` command
+		}
+
+		config.Env["ACT_EXEC"] = "true"
+
+		if t := config.Secrets["GITEA_TOKEN"]; t != "" {
+			config.Token = t
+		} else if t := config.Secrets["GITHUB_TOKEN"]; t != "" {
+			config.Token = t
+		}
+
+		if !execArgs.debug {
+			logLevel := log.InfoLevel
+			config.JobLoggerLevel = &logLevel
+		}
+
+		r, err := runner.New(config)
+		if err != nil {
+			return err
+		}
+
+		artifactCancel := artifacts.Serve(ctx, execArgs.artifactServerPath, execArgs.artifactServerAddr, execArgs.artifactServerPort)
+		log.Debugf("artifacts server started at %s:%s", execArgs.artifactServerPath, execArgs.artifactServerPort)
+
+		ctx = common.WithDryrun(ctx, execArgs.dryrun)
+		executor := r.NewPlanExecutor(plan).Finally(func(ctx context.Context) error {
+			artifactCancel()
+			return nil
+		})
+
+		return executor(ctx)
+	}
+}
+
+func loadExecCmd(ctx context.Context) *cobra.Command {
+	execArg := executeArgs{}
+
+	execCmd := &cobra.Command{
+		Use:   "exec",
+		Short: "Run workflow locally.",
+		Args:  cobra.MaximumNArgs(20),
+		RunE:  runExec(ctx, &execArg),
+	}
+
+	execCmd.Flags().BoolVarP(&execArg.runList, "list", "l", false, "list workflows")
+	execCmd.Flags().StringVarP(&execArg.job, "job", "j", "", "run a specific job ID")
+	execCmd.Flags().StringVarP(&execArg.event, "event", "E", "", "run a event name")
+	execCmd.PersistentFlags().StringVarP(&execArg.workflowsPath, "workflows", "W", "./.gitea/workflows/", "path to workflow file(s)")
+	execCmd.PersistentFlags().StringVarP(&execArg.workdir, "directory", "C", ".", "working directory")
+	execCmd.PersistentFlags().BoolVarP(&execArg.noWorkflowRecurse, "no-recurse", "", false, "Flag to disable running workflows from subdirectories of specified path in '--workflows'/'-W' flag")
+	execCmd.Flags().BoolVarP(&execArg.autodetectEvent, "detect-event", "", false, "Use first event type from workflow as event that triggered the workflow")
+	execCmd.Flags().BoolVarP(&execArg.forcePull, "pull", "p", false, "pull docker image(s) even if already present")
+	execCmd.Flags().BoolVarP(&execArg.forceRebuild, "rebuild", "", false, "rebuild local action docker image(s) even if already present")
+	execCmd.PersistentFlags().BoolVar(&execArg.jsonLogger, "json", false, "Output logs in json format")
+	execCmd.Flags().StringArrayVarP(&execArg.envs, "env", "", []string{}, "env to make available to actions with optional value (e.g. --env myenv=foo or --env myenv)")
+	execCmd.PersistentFlags().StringVarP(&execArg.envfile, "env-file", "", ".env", "environment file to read and use as env in the containers")
+	execCmd.Flags().StringArrayVarP(&execArg.secrets, "secret", "s", []string{}, "secret to make available to actions with optional value (e.g. -s mysecret=foo or -s mysecret)")
+	execCmd.PersistentFlags().BoolVarP(&execArg.insecureSecrets, "insecure-secrets", "", false, "NOT RECOMMENDED! Doesn't hide secrets while printing logs.")
+	execCmd.Flags().BoolVar(&execArg.privileged, "privileged", false, "use privileged mode")
+	execCmd.Flags().StringVar(&execArg.usernsMode, "userns", "", "user namespace to use")
+	execCmd.PersistentFlags().StringVarP(&execArg.containerArchitecture, "container-architecture", "", "", "Architecture which should be used to run containers, e.g.: linux/amd64. If not specified, will use host default architecture. Requires Docker server API Version 1.41+. Ignored on earlier Docker server platforms.")
+	execCmd.PersistentFlags().StringVarP(&execArg.containerDaemonSocket, "container-daemon-socket", "", "/var/run/docker.sock", "Path to Docker daemon socket which will be mounted to containers")
+	execCmd.Flags().BoolVar(&execArg.useGitIgnore, "use-gitignore", true, "Controls whether paths specified in .gitignore should be copied into container")
+	execCmd.Flags().StringArrayVarP(&execArg.containerCapAdd, "container-cap-add", "", []string{}, "kernel capabilities to add to the workflow containers (e.g. --container-cap-add SYS_PTRACE)")
+	execCmd.Flags().StringArrayVarP(&execArg.containerCapDrop, "container-cap-drop", "", []string{}, "kernel capabilities to remove from the workflow containers (e.g. --container-cap-drop SYS_PTRACE)")
+	execCmd.Flags().StringVarP(&execArg.containerOptions, "container-opts", "", "", "container options")
+	execCmd.PersistentFlags().StringVarP(&execArg.artifactServerPath, "artifact-server-path", "", ".", "Defines the path where the artifact server stores uploads and retrieves downloads from. If not specified the artifact server will not start.")
+	execCmd.PersistentFlags().StringVarP(&execArg.artifactServerAddr, "artifact-server-addr", "", "", "Defines the address where the artifact server listens")
+	execCmd.PersistentFlags().StringVarP(&execArg.artifactServerPort, "artifact-server-port", "", "34567", "Defines the port where the artifact server listens (will only bind to localhost).")
+	execCmd.PersistentFlags().StringVarP(&execArg.defaultActionsURL, "default-actions-url", "", "https://github.com", "Defines the default url of action instance.")
+	execCmd.PersistentFlags().BoolVarP(&execArg.noSkipCheckout, "no-skip-checkout", "", false, "Do not skip actions/checkout")
+	execCmd.PersistentFlags().BoolVarP(&execArg.debug, "debug", "d", false, "enable debug log")
+	execCmd.PersistentFlags().BoolVarP(&execArg.dryrun, "dryrun", "n", false, "dryrun mode")
+	execCmd.PersistentFlags().StringVarP(&execArg.image, "image", "i", "gitea/runner-images:ubuntu-latest", "Docker image to use. Use \"-self-hosted\" to run directly on the host.")
+	execCmd.PersistentFlags().StringVarP(&execArg.network, "network", "", "", "Specify the network to which the container will connect")
+	execCmd.PersistentFlags().StringVarP(&execArg.githubInstance, "gitea-instance", "", "", "Gitea instance to use.")
+
+	return execCmd
+}

internal/app/cmd/register.go

@@ -1,3 +1,6 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
 package cmd
 
 import (
@@ -6,24 +9,25 @@ import (
 	"fmt"
 	"os"
 	"os/signal"
-	"runtime"
+	goruntime "runtime"
 	"strings"
 	"time"
 
 	pingv1 "code.gitea.io/actions-proto-go/ping/v1"
-	"gitea.com/gitea/act_runner/client"
-	"gitea.com/gitea/act_runner/config"
-	"gitea.com/gitea/act_runner/register"
-
-	"github.com/bufbuild/connect-go"
-	"github.com/joho/godotenv"
+	runnerv1 "code.gitea.io/actions-proto-go/runner/v1"
+	"connectrpc.com/connect"
 	"github.com/mattn/go-isatty"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
+
+	"gitea.com/gitea/act_runner/internal/pkg/client"
+	"gitea.com/gitea/act_runner/internal/pkg/config"
+	"gitea.com/gitea/act_runner/internal/pkg/labels"
+	"gitea.com/gitea/act_runner/internal/pkg/ver"
 )
 
 // runRegister registers a runner to the server
-func runRegister(ctx context.Context, regArgs *registerArgs, envFile string) func(*cobra.Command, []string) error {
+func runRegister(ctx context.Context, regArgs *registerArgs, configFile *string) func(*cobra.Command, []string) error {
 	return func(cmd *cobra.Command, args []string) error {
 		log.SetReportCaller(false)
 		isTerm := isatty.IsTerminal(os.Stdout.Fd())
@@ -34,7 +38,7 @@ func runRegister(ctx context.Context, regArgs *registerArgs, envFile string) fun
 		log.SetLevel(log.DebugLevel)
 
 		log.Infof("Registering runner, arch=%s, os=%s, version=%s.",
-			runtime.GOARCH, runtime.GOOS, version)
+			goruntime.GOARCH, goruntime.GOOS, ver.Version())
 
 		// runner always needs root permission
 		if os.Getuid() != 0 {
@@ -43,14 +47,13 @@ func runRegister(ctx context.Context, regArgs *registerArgs, envFile string) fun
 		}
 
 		if regArgs.NoInteractive {
-			if err := registerNoInteractive(envFile, regArgs); err != nil {
+			if err := registerNoInteractive(ctx, *configFile, regArgs); err != nil {
 				return err
 			}
 		} else {
 			go func() {
-				if err := registerInteractive(envFile); err != nil {
-					// log.Errorln(err)
-					os.Exit(2)
+				if err := registerInteractive(ctx, *configFile); err != nil {
+					log.Fatal(err)
 					return
 				}
 				os.Exit(0)
@@ -69,7 +72,6 @@ func runRegister(ctx context.Context, regArgs *registerArgs, envFile string) fun
 type registerArgs struct {
 	NoInteractive bool
 	InstanceAddr  string
-	Insecure      bool
 	Token         string
 	RunnerName    string
 	Labels        string
@@ -83,24 +85,22 @@ const (
 	StageInputInstance
 	StageInputToken
 	StageInputRunnerName
-	StageInputCustomLabels
+	StageInputLabels
 	StageWaitingForRegistration
 	StageExit
 )
 
 var defaultLabels = []string{
-	"ubuntu-latest:docker://node:16-bullseye",
-	"ubuntu-22.04:docker://node:16-bullseye", // There's no node:16-bookworm yet
-	"ubuntu-20.04:docker://node:16-bullseye",
-	"ubuntu-18.04:docker://node:16-buster",
+	"ubuntu-latest:docker://gitea/runner-images:ubuntu-latest",
+	"ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04",
+	"ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04",
 }
 
 type registerInputs struct {
 	InstanceAddr string
-	Insecure     bool
 	Token        string
 	RunnerName   string
-	CustomLabels []string
+	Labels       []string
 }
 
 func (r *registerInputs) validate() error {
@@ -110,25 +110,22 @@ func (r *registerInputs) validate() error {
 	if r.Token == "" {
 		return fmt.Errorf("token is empty")
 	}
-	if len(r.CustomLabels) > 0 {
-		return validateLabels(r.CustomLabels)
+	if len(r.Labels) > 0 {
+		return validateLabels(r.Labels)
 	}
 	return nil
 }
 
-func validateLabels(labels []string) error {
-	for _, label := range labels {
-		values := strings.SplitN(label, ":", 2)
-		if len(values) > 2 {
-			return fmt.Errorf("Invalid label: %s", label)
+func validateLabels(ls []string) error {
+	for _, label := range ls {
+		if _, err := labels.Parse(label); err != nil {
+			return err
 		}
-		// len(values) == 1, label for non docker execution environment
-		// TODO: validate value format, like docker://node:16-buster
 	}
 	return nil
 }
 
-func (r *registerInputs) assignToNext(stage registerStage, value string) registerStage {
+func (r *registerInputs) assignToNext(stage registerStage, value string, cfg *config.Config) registerStage {
 	// must set instance address and token.
 	// if empty, keep current stage.
 	if stage == StageInputInstance || stage == StageInputToken {
@@ -156,32 +153,50 @@ func (r *registerInputs) assignToNext(stage registerStage, value string) registe
 		return StageInputRunnerName
 	case StageInputRunnerName:
 		r.RunnerName = value
-		return StageInputCustomLabels
-	case StageInputCustomLabels:
-		r.CustomLabels = defaultLabels
+		// if there are some labels configured in config file, skip input labels stage
+		if len(cfg.Runner.Labels) > 0 {
+			ls := make([]string, 0, len(cfg.Runner.Labels))
+			for _, l := range cfg.Runner.Labels {
+				_, err := labels.Parse(l)
+				if err != nil {
+					log.WithError(err).Warnf("ignored invalid label %q", l)
+					continue
+				}
+				ls = append(ls, l)
+			}
+			if len(ls) == 0 {
+				log.Warn("no valid labels configured in config file, runner may not be able to pick up jobs")
+			}
+			r.Labels = ls
+			return StageWaitingForRegistration
+		}
+		return StageInputLabels
+	case StageInputLabels:
+		r.Labels = defaultLabels
 		if value != "" {
-			r.CustomLabels = strings.Split(value, ",")
+			r.Labels = strings.Split(value, ",")
 		}
 
-		if validateLabels(r.CustomLabels) != nil {
-			log.Infoln("Invalid labels, please input again, leave blank to use the default labels (for example, ubuntu-20.04:docker://node:16-bullseye,ubuntu-18.04:docker://node:16-buster)")
-			return StageInputCustomLabels
+		if validateLabels(r.Labels) != nil {
+			log.Infoln("Invalid labels, please input again, leave blank to use the default labels (for example, ubuntu-latest:docker://gitea/runner-images:ubuntu-latest)")
+			return StageInputLabels
 		}
 		return StageWaitingForRegistration
 	}
 	return StageUnknown
 }
 
-func registerInteractive(envFile string) error {
+func registerInteractive(ctx context.Context, configFile string) error {
 	var (
 		reader = bufio.NewReader(os.Stdin)
 		stage  = StageInputInstance
 		inputs = new(registerInputs)
 	)
 
-	// check if overwrite local config
-	_ = godotenv.Load(envFile)
-	cfg, _ := config.FromEnviron()
+	cfg, err := config.LoadDefault(configFile)
+	if err != nil {
+		return fmt.Errorf("failed to load config: %v", err)
+	}
 	if f, err := os.Stat(cfg.Runner.File); err == nil && !f.IsDir() {
 		stage = StageOverwriteLocalConfig
 	}
@@ -193,15 +208,14 @@ func registerInteractive(envFile string) error {
 		if err != nil {
 			return err
 		}
-		stage = inputs.assignToNext(stage, strings.TrimSpace(cmdString))
+		stage = inputs.assignToNext(stage, strings.TrimSpace(cmdString), cfg)
 
 		if stage == StageWaitingForRegistration {
-			log.Infof("Registering runner, name=%s, instance=%s, labels=%v.", inputs.RunnerName, inputs.InstanceAddr, inputs.CustomLabels)
-			if err := doRegister(&cfg, inputs); err != nil {
-				log.Errorf("Failed to register runner: %v", err)
-			} else {
-				log.Infof("Runner registered successfully.")
+			log.Infof("Registering runner, name=%s, instance=%s, labels=%v.", inputs.RunnerName, inputs.InstanceAddr, inputs.Labels)
+			if err := doRegister(ctx, cfg, inputs); err != nil {
+				return fmt.Errorf("Failed to register runner: %w", err)
 			}
+			log.Infof("Runner registered successfully.")
 			return nil
 		}
 
@@ -226,28 +240,38 @@ func printStageHelp(stage registerStage) {
 		log.Infoln("Enter the runner token:")
 	case StageInputRunnerName:
 		hostname, _ := os.Hostname()
-		log.Infof("Enter the runner name (if set empty, use hostname:%s ):\n", hostname)
-	case StageInputCustomLabels:
-		log.Infoln("Enter the runner labels, leave blank to use the default labels (comma-separated, for example, self-hosted,ubuntu-20.04:docker://node:16-bullseye,ubuntu-18.04:docker://node:16-buster):")
+		log.Infof("Enter the runner name (if set empty, use hostname: %s):\n", hostname)
+	case StageInputLabels:
+		log.Infoln("Enter the runner labels, leave blank to use the default labels (comma-separated, for example, ubuntu-latest:docker://gitea/runner-images:ubuntu-latest):")
 	case StageWaitingForRegistration:
 		log.Infoln("Waiting for registration...")
 	}
 }
 
-func registerNoInteractive(envFile string, regArgs *registerArgs) error {
-	_ = godotenv.Load(envFile)
-	cfg, _ := config.FromEnviron()
+func registerNoInteractive(ctx context.Context, configFile string, regArgs *registerArgs) error {
+	cfg, err := config.LoadDefault(configFile)
+	if err != nil {
+		return err
+	}
 	inputs := &registerInputs{
 		InstanceAddr: regArgs.InstanceAddr,
-		Insecure:     regArgs.Insecure,
 		Token:        regArgs.Token,
 		RunnerName:   regArgs.RunnerName,
-		CustomLabels: defaultLabels,
+		Labels:       defaultLabels,
 	}
 	regArgs.Labels = strings.TrimSpace(regArgs.Labels)
+	// command line flag.
 	if regArgs.Labels != "" {
-		inputs.CustomLabels = strings.Split(regArgs.Labels, ",")
+		inputs.Labels = strings.Split(regArgs.Labels, ",")
 	}
+	// specify labels in config file.
+	if len(cfg.Runner.Labels) > 0 {
+		if regArgs.Labels != "" {
+			log.Warn("Labels from command will be ignored, use labels defined in config file.")
+		}
+		inputs.Labels = cfg.Runner.Labels
+	}
+
 	if inputs.RunnerName == "" {
 		inputs.RunnerName, _ = os.Hostname()
 		log.Infof("Runner name is empty, use hostname '%s'.", inputs.RunnerName)
@@ -256,22 +280,21 @@ func registerNoInteractive(envFile string, regArgs *registerArgs) error {
 		log.WithError(err).Errorf("Invalid input, please re-run act command.")
 		return nil
 	}
-	if err := doRegister(&cfg, inputs); err != nil {
-		log.Errorf("Failed to register runner: %v", err)
-		return nil
+	if err := doRegister(ctx, cfg, inputs); err != nil {
+		return fmt.Errorf("Failed to register runner: %w", err)
 	}
 	log.Infof("Runner registered successfully.")
 	return nil
 }
 
-func doRegister(cfg *config.Config, inputs *registerInputs) error {
-	ctx := context.Background()
-
+func doRegister(ctx context.Context, cfg *config.Config, inputs *registerInputs) error {
 	// initial http client
 	cli := client.New(
 		inputs.InstanceAddr,
-		inputs.Insecure,
-		"", "",
+		cfg.Runner.Insecure,
+		"",
+		"",
+		ver.Version(),
 	)
 
 	for {
@@ -280,7 +303,7 @@ func doRegister(cfg *config.Config, inputs *registerInputs) error {
 		}))
 		select {
 		case <-ctx.Done():
-			return nil
+			return ctx.Err()
 		default:
 		}
 		if ctx.Err() != nil {
@@ -297,9 +320,38 @@ func doRegister(cfg *config.Config, inputs *registerInputs) error {
 		}
 	}
 
-	cfg.Runner.Name = inputs.RunnerName
-	cfg.Runner.Token = inputs.Token
-	cfg.Runner.Labels = inputs.CustomLabels
-	_, err := register.New(cli).Register(ctx, cfg.Runner)
-	return err
+	reg := &config.Registration{
+		Name:    inputs.RunnerName,
+		Token:   inputs.Token,
+		Address: inputs.InstanceAddr,
+		Labels:  inputs.Labels,
+	}
+
+	ls := make([]string, len(reg.Labels))
+	for i, v := range reg.Labels {
+		l, _ := labels.Parse(v)
+		ls[i] = l.Name
+	}
+	// register new runner.
+	resp, err := cli.Register(ctx, connect.NewRequest(&runnerv1.RegisterRequest{
+		Name:        reg.Name,
+		Token:       reg.Token,
+		Version:     ver.Version(),
+		AgentLabels: ls, // Could be removed after Gitea 1.20
+		Labels:      ls,
+	}))
+	if err != nil {
+		log.WithError(err).Error("poller: cannot register new runner")
+		return err
+	}
+
+	reg.ID = resp.Msg.Runner.Id
+	reg.UUID = resp.Msg.Runner.Uuid
+	reg.Name = resp.Msg.Runner.Name
+	reg.Token = resp.Msg.Runner.Token
+
+	if err := config.SaveRegistration(cfg.Runner.File, reg); err != nil {
+		return fmt.Errorf("failed to save runner config: %w", err)
+	}
+	return nil
 }

internal/app/poll/poller.go

@@ -0,0 +1,111 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package poll
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"sync"
+	"sync/atomic"
+
+	runnerv1 "code.gitea.io/actions-proto-go/runner/v1"
+	"connectrpc.com/connect"
+	log "github.com/sirupsen/logrus"
+	"golang.org/x/time/rate"
+
+	"gitea.com/gitea/act_runner/internal/app/run"
+	"gitea.com/gitea/act_runner/internal/pkg/client"
+	"gitea.com/gitea/act_runner/internal/pkg/config"
+)
+
+type Poller struct {
+	client       client.Client
+	runner       *run.Runner
+	cfg          *config.Config
+	tasksVersion atomic.Int64 // tasksVersion used to store the version of the last task fetched from the Gitea.
+}
+
+func New(cfg *config.Config, client client.Client, runner *run.Runner) *Poller {
+	return &Poller{
+		client: client,
+		runner: runner,
+		cfg:    cfg,
+	}
+}
+
+func (p *Poller) Poll(ctx context.Context) {
+	limiter := rate.NewLimiter(rate.Every(p.cfg.Runner.FetchInterval), 1)
+	wg := &sync.WaitGroup{}
+	for i := 0; i < p.cfg.Runner.Capacity; i++ {
+		wg.Add(1)
+		go p.poll(ctx, wg, limiter)
+	}
+	wg.Wait()
+}
+
+func (p *Poller) poll(ctx context.Context, wg *sync.WaitGroup, limiter *rate.Limiter) {
+	defer wg.Done()
+	for {
+		if err := limiter.Wait(ctx); err != nil {
+			if ctx.Err() != nil {
+				log.WithError(err).Debug("limiter wait failed")
+			}
+			return
+		}
+		task, ok := p.fetchTask(ctx)
+		if !ok {
+			continue
+		}
+		p.runTaskWithRecover(ctx, task)
+	}
+}
+
+func (p *Poller) runTaskWithRecover(ctx context.Context, task *runnerv1.Task) {
+	defer func() {
+		if r := recover(); r != nil {
+			err := fmt.Errorf("panic: %v", r)
+			log.WithError(err).Error("panic in runTaskWithRecover")
+		}
+	}()
+
+	if err := p.runner.Run(ctx, task); err != nil {
+		log.WithError(err).Error("failed to run task")
+	}
+}
+
+func (p *Poller) fetchTask(ctx context.Context) (*runnerv1.Task, bool) {
+	reqCtx, cancel := context.WithTimeout(ctx, p.cfg.Runner.FetchTimeout)
+	defer cancel()
+
+	// Load the version value that was in the cache when the request was sent.
+	v := p.tasksVersion.Load()
+	resp, err := p.client.FetchTask(reqCtx, connect.NewRequest(&runnerv1.FetchTaskRequest{
+		TasksVersion: v,
+	}))
+	if errors.Is(err, context.DeadlineExceeded) {
+		err = nil
+	}
+	if err != nil {
+		log.WithError(err).Error("failed to fetch task")
+		return nil, false
+	}
+
+	if resp == nil || resp.Msg == nil {
+		return nil, false
+	}
+
+	if resp.Msg.TasksVersion > v {
+		p.tasksVersion.CompareAndSwap(v, resp.Msg.TasksVersion)
+	}
+
+	if resp.Msg.Task == nil {
+		return nil, false
+	}
+
+	// got a task, set `tasksVersion` to zero to focre query db in next request.
+	p.tasksVersion.CompareAndSwap(resp.Msg.TasksVersion, 0)
+
+	return resp.Msg.Task, true
+}

internal/app/run/runner.go

@@ -0,0 +1,236 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package run
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"path/filepath"
+	"strings"
+	"sync"
+	"time"
+
+	runnerv1 "code.gitea.io/actions-proto-go/runner/v1"
+	"connectrpc.com/connect"
+	"github.com/docker/docker/api/types/container"
+	"github.com/nektos/act/pkg/artifactcache"
+	"github.com/nektos/act/pkg/common"
+	"github.com/nektos/act/pkg/model"
+	"github.com/nektos/act/pkg/runner"
+	log "github.com/sirupsen/logrus"
+
+	"gitea.com/gitea/act_runner/internal/pkg/client"
+	"gitea.com/gitea/act_runner/internal/pkg/config"
+	"gitea.com/gitea/act_runner/internal/pkg/labels"
+	"gitea.com/gitea/act_runner/internal/pkg/report"
+	"gitea.com/gitea/act_runner/internal/pkg/ver"
+)
+
+// Runner runs the pipeline.
+type Runner struct {
+	name string
+
+	cfg *config.Config
+
+	client client.Client
+	labels labels.Labels
+	envs   map[string]string
+
+	runningTasks sync.Map
+}
+
+func NewRunner(cfg *config.Config, reg *config.Registration, cli client.Client) *Runner {
+	ls := labels.Labels{}
+	for _, v := range reg.Labels {
+		if l, err := labels.Parse(v); err == nil {
+			ls = append(ls, l)
+		}
+	}
+	envs := make(map[string]string, len(cfg.Runner.Envs))
+	for k, v := range cfg.Runner.Envs {
+		envs[k] = v
+	}
+	if cfg.Cache.Enabled == nil || *cfg.Cache.Enabled {
+		if cfg.Cache.ExternalServer != "" {
+			envs["ACTIONS_CACHE_URL"] = cfg.Cache.ExternalServer
+		} else {
+			cacheHandler, err := artifactcache.StartHandler(
+				cfg.Cache.Dir,
+				cfg.Cache.Host,
+				cfg.Cache.Port,
+				log.StandardLogger().WithField("module", "cache_request"),
+			)
+			if err != nil {
+				log.Errorf("cannot init cache server, it will be disabled: %v", err)
+				// go on
+			} else {
+				envs["ACTIONS_CACHE_URL"] = cacheHandler.ExternalURL() + "/"
+			}
+		}
+	}
+
+	// set artifact gitea api
+	artifactGiteaAPI := strings.TrimSuffix(cli.Address(), "/") + "/api/actions_pipeline/"
+	envs["ACTIONS_RUNTIME_URL"] = artifactGiteaAPI
+	envs["ACTIONS_RESULTS_URL"] = strings.TrimSuffix(cli.Address(), "/")
+
+	// Set specific environments to distinguish between Gitea and GitHub
+	envs["GITEA_ACTIONS"] = "true"
+	envs["GITEA_ACTIONS_RUNNER_VERSION"] = ver.Version()
+
+	return &Runner{
+		name:   reg.Name,
+		cfg:    cfg,
+		client: cli,
+		labels: ls,
+		envs:   envs,
+	}
+}
+
+func (r *Runner) Run(ctx context.Context, task *runnerv1.Task) error {
+	if _, ok := r.runningTasks.Load(task.Id); ok {
+		return fmt.Errorf("task %d is already running", task.Id)
+	}
+	r.runningTasks.Store(task.Id, struct{}{})
+	defer r.runningTasks.Delete(task.Id)
+
+	ctx, cancel := context.WithTimeout(ctx, r.cfg.Runner.Timeout)
+	defer cancel()
+	reporter := report.NewReporter(ctx, cancel, r.client, task)
+	var runErr error
+	defer func() {
+		lastWords := ""
+		if runErr != nil {
+			lastWords = runErr.Error()
+		}
+		_ = reporter.Close(lastWords)
+	}()
+	reporter.RunDaemon()
+	runErr = r.run(ctx, task, reporter)
+
+	return nil
+}
+
+func (r *Runner) run(ctx context.Context, task *runnerv1.Task, reporter *report.Reporter) (err error) {
+	defer func() {
+		if r := recover(); r != nil {
+			err = fmt.Errorf("panic: %v", r)
+		}
+	}()
+
+	reporter.Logf("%s(version:%s) received task %v of job %v, be triggered by event: %s", r.name, ver.Version(), task.Id, task.Context.Fields["job"].GetStringValue(), task.Context.Fields["event_name"].GetStringValue())
+
+	workflow, jobID, err := generateWorkflow(task)
+	if err != nil {
+		return err
+	}
+
+	plan, err := model.CombineWorkflowPlanner(workflow).PlanJob(jobID)
+	if err != nil {
+		return err
+	}
+	job := workflow.GetJob(jobID)
+	reporter.ResetSteps(len(job.Steps))
+
+	taskContext := task.Context.Fields
+
+	log.Infof("task %v repo is %v %v %v", task.Id, taskContext["repository"].GetStringValue(),
+		taskContext["gitea_default_actions_url"].GetStringValue(),
+		r.client.Address())
+
+	preset := &model.GithubContext{
+		Event:           taskContext["event"].GetStructValue().AsMap(),
+		RunID:           taskContext["run_id"].GetStringValue(),
+		RunNumber:       taskContext["run_number"].GetStringValue(),
+		Actor:           taskContext["actor"].GetStringValue(),
+		Repository:      taskContext["repository"].GetStringValue(),
+		EventName:       taskContext["event_name"].GetStringValue(),
+		Sha:             taskContext["sha"].GetStringValue(),
+		Ref:             taskContext["ref"].GetStringValue(),
+		RefName:         taskContext["ref_name"].GetStringValue(),
+		RefType:         taskContext["ref_type"].GetStringValue(),
+		HeadRef:         taskContext["head_ref"].GetStringValue(),
+		BaseRef:         taskContext["base_ref"].GetStringValue(),
+		Token:           taskContext["token"].GetStringValue(),
+		RepositoryOwner: taskContext["repository_owner"].GetStringValue(),
+		RetentionDays:   taskContext["retention_days"].GetStringValue(),
+	}
+	if t := task.Secrets["GITEA_TOKEN"]; t != "" {
+		preset.Token = t
+	} else if t := task.Secrets["GITHUB_TOKEN"]; t != "" {
+		preset.Token = t
+	}
+
+	giteaRuntimeToken := taskContext["gitea_runtime_token"].GetStringValue()
+	if giteaRuntimeToken == "" {
+		// use task token to action api token for previous Gitea Server Versions
+		giteaRuntimeToken = preset.Token
+	}
+	r.envs["ACTIONS_RUNTIME_TOKEN"] = giteaRuntimeToken
+
+	eventJSON, err := json.Marshal(preset.Event)
+	if err != nil {
+		return err
+	}
+
+	maxLifetime := 3 * time.Hour
+	if deadline, ok := ctx.Deadline(); ok {
+		maxLifetime = time.Until(deadline)
+	}
+
+	runnerConfig := &runner.Config{
+		// On Linux, Workdir will be like "/<parent_directory>/<owner>/<repo>"
+		// On Windows, Workdir will be like "\<parent_directory>\<owner>\<repo>"
+		Workdir:        filepath.FromSlash(fmt.Sprintf("/%s/%s", strings.TrimLeft(r.cfg.Container.WorkdirParent, "/"), preset.Repository)),
+		BindWorkdir:    false,
+		ActionCacheDir: filepath.FromSlash(r.cfg.Host.WorkdirParent),
+
+		ReuseContainers:       false,
+		ForcePull:             r.cfg.Container.ForcePull,
+		ForceRebuild:          r.cfg.Container.ForceRebuild,
+		LogOutput:             true,
+		JSONLogger:            false,
+		Env:                   r.envs,
+		Secrets:               task.Secrets,
+		GitHubInstance:        strings.TrimSuffix(r.client.Address(), "/"),
+		AutoRemove:            true,
+		NoSkipCheckout:        true,
+		PresetGitHubContext:   preset,
+		EventJSON:             string(eventJSON),
+		ContainerNamePrefix:   fmt.Sprintf("GITEA-ACTIONS-TASK-%d", task.Id),
+		ContainerMaxLifetime:  maxLifetime,
+		ContainerNetworkMode:  container.NetworkMode(r.cfg.Container.Network),
+		ContainerOptions:      r.cfg.Container.Options,
+		ContainerDaemonSocket: r.cfg.Container.DockerHost,
+		Privileged:            r.cfg.Container.Privileged,
+		DefaultActionInstance: taskContext["gitea_default_actions_url"].GetStringValue(),
+		PlatformPicker:        r.labels.PickPlatform,
+		Vars:                  task.Vars,
+		ValidVolumes:          r.cfg.Container.ValidVolumes,
+		InsecureSkipTLS:       r.cfg.Runner.Insecure,
+	}
+
+	rr, err := runner.New(runnerConfig)
+	if err != nil {
+		return err
+	}
+	executor := rr.NewPlanExecutor(plan)
+
+	reporter.Logf("workflow prepared")
+
+	// add logger recorders
+	ctx = common.WithLoggerHook(ctx, reporter)
+
+	execErr := executor(ctx)
+	reporter.SetOutputs(job.Outputs)
+	return execErr
+}
+
+func (r *Runner) Declare(ctx context.Context, labels []string) (*connect.Response[runnerv1.DeclareResponse], error) {
+	return r.client.Declare(ctx, connect.NewRequest(&runnerv1.DeclareRequest{
+		Version: ver.Version(),
+		Labels:  labels,
+	}))
+}

internal/app/run/workflow.go

@@ -0,0 +1,54 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package run
+
+import (
+	"bytes"
+	"fmt"
+	"sort"
+	"strings"
+
+	runnerv1 "code.gitea.io/actions-proto-go/runner/v1"
+	"github.com/nektos/act/pkg/model"
+	"gopkg.in/yaml.v3"
+)
+
+func generateWorkflow(task *runnerv1.Task) (*model.Workflow, string, error) {
+	workflow, err := model.ReadWorkflow(bytes.NewReader(task.WorkflowPayload))
+	if err != nil {
+		return nil, "", err
+	}
+
+	jobIDs := workflow.GetJobIDs()
+	if len(jobIDs) != 1 {
+		return nil, "", fmt.Errorf("multiple jobs found: %v", jobIDs)
+	}
+	jobID := jobIDs[0]
+
+	needJobIDs := make([]string, 0, len(task.Needs))
+	for id, need := range task.Needs {
+		needJobIDs = append(needJobIDs, id)
+		needJob := &model.Job{
+			Outputs: need.Outputs,
+			Result:  strings.ToLower(strings.TrimPrefix(need.Result.String(), "RESULT_")),
+		}
+		workflow.Jobs[id] = needJob
+	}
+	sort.Strings(needJobIDs)
+
+	rawNeeds := yaml.Node{
+		Kind:    yaml.SequenceNode,
+		Content: make([]*yaml.Node, 0, len(needJobIDs)),
+	}
+	for _, id := range needJobIDs {
+		rawNeeds.Content = append(rawNeeds.Content, &yaml.Node{
+			Kind:  yaml.ScalarNode,
+			Value: id,
+		})
+	}
+
+	workflow.Jobs[jobID].RawNeeds = rawNeeds
+
+	return workflow, jobID, nil
+}

internal/app/run/workflow_test.go

@@ -0,0 +1,74 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package run
+
+import (
+	"testing"
+
+	runnerv1 "code.gitea.io/actions-proto-go/runner/v1"
+	"github.com/nektos/act/pkg/model"
+	"github.com/stretchr/testify/require"
+	"gotest.tools/v3/assert"
+)
+
+func Test_generateWorkflow(t *testing.T) {
+	type args struct {
+		task *runnerv1.Task
+	}
+	tests := []struct {
+		name    string
+		args    args
+		assert  func(t *testing.T, wf *model.Workflow)
+		want1   string
+		wantErr bool
+	}{
+		{
+			name: "has needs",
+			args: args{
+				task: &runnerv1.Task{
+					WorkflowPayload: []byte(`
+name: Build and deploy
+on: push
+
+jobs:
+  job9:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - run: ./deploy --build ${{ needs.job1.outputs.output1 }}
+      - run: ./deploy --build ${{ needs.job2.outputs.output2 }}
+`),
+					Needs: map[string]*runnerv1.TaskNeed{
+						"job1": {
+							Outputs: map[string]string{
+								"output1": "output1 value",
+							},
+							Result: runnerv1.Result_RESULT_SUCCESS,
+						},
+						"job2": {
+							Outputs: map[string]string{
+								"output2": "output2 value",
+							},
+							Result: runnerv1.Result_RESULT_SUCCESS,
+						},
+					},
+				},
+			},
+			assert: func(t *testing.T, wf *model.Workflow) {
+				assert.DeepEqual(t, wf.GetJob("job9").Needs(), []string{"job1", "job2"})
+			},
+			want1:   "job9",
+			wantErr: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, got1, err := generateWorkflow(tt.args.task)
+			require.NoError(t, err)
+			tt.assert(t, got)
+			assert.Equal(t, got1, tt.want1)
+		})
+	}
+}

internal/pkg/client/client.go

@@ -1,3 +1,6 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
 package client
 
 import (
@@ -6,6 +9,8 @@ import (
 )
 
 // A Client manages communication with the runner.
+//
+//go:generate mockery --name Client
 type Client interface {
 	pingv1connect.PingServiceClient
 	runnerv1connect.RunnerServiceClient

internal/pkg/client/header.go

@@ -0,0 +1,11 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package client
+
+const (
+	UUIDHeader  = "x-runner-uuid"
+	TokenHeader = "x-runner-token"
+	// Deprecated: could be removed after Gitea 1.20 released
+	VersionHeader = "x-runner-version"
+)

internal/pkg/client/http.go

@@ -1,3 +1,6 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
 package client
 
 import (
@@ -8,11 +11,10 @@ import (
 
 	"code.gitea.io/actions-proto-go/ping/v1/pingv1connect"
 	"code.gitea.io/actions-proto-go/runner/v1/runnerv1connect"
-	"gitea.com/gitea/act_runner/core"
-	"github.com/bufbuild/connect-go"
+	"connectrpc.com/connect"
 )
 
-func getHttpClient(endpoint string, insecure bool) *http.Client {
+func getHTTPClient(endpoint string, insecure bool) *http.Client {
 	if strings.HasPrefix(endpoint, "https://") && insecure {
 		return &http.Client{
 			Transport: &http.Transport{
@@ -26,16 +28,20 @@ func getHttpClient(endpoint string, insecure bool) *http.Client {
 }
 
 // New returns a new runner client.
-func New(endpoint string, insecure bool, uuid, token string, opts ...connect.ClientOption) *HTTPClient {
+func New(endpoint string, insecure bool, uuid, token, version string, opts ...connect.ClientOption) *HTTPClient {
 	baseURL := strings.TrimRight(endpoint, "/") + "/api/actions"
 
 	opts = append(opts, connect.WithInterceptors(connect.UnaryInterceptorFunc(func(next connect.UnaryFunc) connect.UnaryFunc {
 		return func(ctx context.Context, req connect.AnyRequest) (connect.AnyResponse, error) {
 			if uuid != "" {
-				req.Header().Set(core.UUIDHeader, uuid)
+				req.Header().Set(UUIDHeader, uuid)
 			}
 			if token != "" {
-				req.Header().Set(core.TokenHeader, token)
+				req.Header().Set(TokenHeader, token)
+			}
+			// TODO: version will be removed from request header after Gitea 1.20 released.
+			if version != "" {
+				req.Header().Set(VersionHeader, version)
 			}
 			return next(ctx, req)
 		}
@@ -43,12 +49,12 @@ func New(endpoint string, insecure bool, uuid, token string, opts ...connect.Cli
 
 	return &HTTPClient{
 		PingServiceClient: pingv1connect.NewPingServiceClient(
-			getHttpClient(endpoint, insecure),
+			getHTTPClient(endpoint, insecure),
 			baseURL,
 			opts...,
 		),
 		RunnerServiceClient: runnerv1connect.NewRunnerServiceClient(
-			getHttpClient(endpoint, insecure),
+			getHTTPClient(endpoint, insecure),
 			baseURL,
 			opts...,
 		),

internal/pkg/client/mocks/Client.go

@@ -0,0 +1,251 @@
+// Code generated by mockery v2.42.1. DO NOT EDIT.
+
+package mocks
+
+import (
+	context "context"
+
+	connect "connectrpc.com/connect"
+
+	mock "github.com/stretchr/testify/mock"
+
+	pingv1 "code.gitea.io/actions-proto-go/ping/v1"
+
+	runnerv1 "code.gitea.io/actions-proto-go/runner/v1"
+)
+
+// Client is an autogenerated mock type for the Client type
+type Client struct {
+	mock.Mock
+}
+
+// Address provides a mock function with given fields:
+func (_m *Client) Address() string {
+	ret := _m.Called()
+
+	if len(ret) == 0 {
+		panic("no return value specified for Address")
+	}
+
+	var r0 string
+	if rf, ok := ret.Get(0).(func() string); ok {
+		r0 = rf()
+	} else {
+		r0 = ret.Get(0).(string)
+	}
+
+	return r0
+}
+
+// Declare provides a mock function with given fields: _a0, _a1
+func (_m *Client) Declare(_a0 context.Context, _a1 *connect.Request[runnerv1.DeclareRequest]) (*connect.Response[runnerv1.DeclareResponse], error) {
+	ret := _m.Called(_a0, _a1)
+
+	if len(ret) == 0 {
+		panic("no return value specified for Declare")
+	}
+
+	var r0 *connect.Response[runnerv1.DeclareResponse]
+	var r1 error
+	if rf, ok := ret.Get(0).(func(context.Context, *connect.Request[runnerv1.DeclareRequest]) (*connect.Response[runnerv1.DeclareResponse], error)); ok {
+		return rf(_a0, _a1)
+	}
+	if rf, ok := ret.Get(0).(func(context.Context, *connect.Request[runnerv1.DeclareRequest]) *connect.Response[runnerv1.DeclareResponse]); ok {
+		r0 = rf(_a0, _a1)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*connect.Response[runnerv1.DeclareResponse])
+		}
+	}
+
+	if rf, ok := ret.Get(1).(func(context.Context, *connect.Request[runnerv1.DeclareRequest]) error); ok {
+		r1 = rf(_a0, _a1)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
+// FetchTask provides a mock function with given fields: _a0, _a1
+func (_m *Client) FetchTask(_a0 context.Context, _a1 *connect.Request[runnerv1.FetchTaskRequest]) (*connect.Response[runnerv1.FetchTaskResponse], error) {
+	ret := _m.Called(_a0, _a1)
+
+	if len(ret) == 0 {
+		panic("no return value specified for FetchTask")
+	}
+
+	var r0 *connect.Response[runnerv1.FetchTaskResponse]
+	var r1 error
+	if rf, ok := ret.Get(0).(func(context.Context, *connect.Request[runnerv1.FetchTaskRequest]) (*connect.Response[runnerv1.FetchTaskResponse], error)); ok {
+		return rf(_a0, _a1)
+	}
+	if rf, ok := ret.Get(0).(func(context.Context, *connect.Request[runnerv1.FetchTaskRequest]) *connect.Response[runnerv1.FetchTaskResponse]); ok {
+		r0 = rf(_a0, _a1)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*connect.Response[runnerv1.FetchTaskResponse])
+		}
+	}
+
+	if rf, ok := ret.Get(1).(func(context.Context, *connect.Request[runnerv1.FetchTaskRequest]) error); ok {
+		r1 = rf(_a0, _a1)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
+// Insecure provides a mock function with given fields:
+func (_m *Client) Insecure() bool {
+	ret := _m.Called()
+
+	if len(ret) == 0 {
+		panic("no return value specified for Insecure")
+	}
+
+	var r0 bool
+	if rf, ok := ret.Get(0).(func() bool); ok {
+		r0 = rf()
+	} else {
+		r0 = ret.Get(0).(bool)
+	}
+
+	return r0
+}
+
+// Ping provides a mock function with given fields: _a0, _a1
+func (_m *Client) Ping(_a0 context.Context, _a1 *connect.Request[pingv1.PingRequest]) (*connect.Response[pingv1.PingResponse], error) {
+	ret := _m.Called(_a0, _a1)
+
+	if len(ret) == 0 {
+		panic("no return value specified for Ping")
+	}
+
+	var r0 *connect.Response[pingv1.PingResponse]
+	var r1 error
+	if rf, ok := ret.Get(0).(func(context.Context, *connect.Request[pingv1.PingRequest]) (*connect.Response[pingv1.PingResponse], error)); ok {
+		return rf(_a0, _a1)
+	}
+	if rf, ok := ret.Get(0).(func(context.Context, *connect.Request[pingv1.PingRequest]) *connect.Response[pingv1.PingResponse]); ok {
+		r0 = rf(_a0, _a1)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*connect.Response[pingv1.PingResponse])
+		}
+	}
+
+	if rf, ok := ret.Get(1).(func(context.Context, *connect.Request[pingv1.PingRequest]) error); ok {
+		r1 = rf(_a0, _a1)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
+// Register provides a mock function with given fields: _a0, _a1
+func (_m *Client) Register(_a0 context.Context, _a1 *connect.Request[runnerv1.RegisterRequest]) (*connect.Response[runnerv1.RegisterResponse], error) {
+	ret := _m.Called(_a0, _a1)
+
+	if len(ret) == 0 {
+		panic("no return value specified for Register")
+	}
+
+	var r0 *connect.Response[runnerv1.RegisterResponse]
+	var r1 error
+	if rf, ok := ret.Get(0).(func(context.Context, *connect.Request[runnerv1.RegisterRequest]) (*connect.Response[runnerv1.RegisterResponse], error)); ok {
+		return rf(_a0, _a1)
+	}
+	if rf, ok := ret.Get(0).(func(context.Context, *connect.Request[runnerv1.RegisterRequest]) *connect.Response[runnerv1.RegisterResponse]); ok {
+		r0 = rf(_a0, _a1)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*connect.Response[runnerv1.RegisterResponse])
+		}
+	}
+
+	if rf, ok := ret.Get(1).(func(context.Context, *connect.Request[runnerv1.RegisterRequest]) error); ok {
+		r1 = rf(_a0, _a1)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
+// UpdateLog provides a mock function with given fields: _a0, _a1
+func (_m *Client) UpdateLog(_a0 context.Context, _a1 *connect.Request[runnerv1.UpdateLogRequest]) (*connect.Response[runnerv1.UpdateLogResponse], error) {
+	ret := _m.Called(_a0, _a1)
+
+	if len(ret) == 0 {
+		panic("no return value specified for UpdateLog")
+	}
+
+	var r0 *connect.Response[runnerv1.UpdateLogResponse]
+	var r1 error
+	if rf, ok := ret.Get(0).(func(context.Context, *connect.Request[runnerv1.UpdateLogRequest]) (*connect.Response[runnerv1.UpdateLogResponse], error)); ok {
+		return rf(_a0, _a1)
+	}
+	if rf, ok := ret.Get(0).(func(context.Context, *connect.Request[runnerv1.UpdateLogRequest]) *connect.Response[runnerv1.UpdateLogResponse]); ok {
+		r0 = rf(_a0, _a1)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*connect.Response[runnerv1.UpdateLogResponse])
+		}
+	}
+
+	if rf, ok := ret.Get(1).(func(context.Context, *connect.Request[runnerv1.UpdateLogRequest]) error); ok {
+		r1 = rf(_a0, _a1)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
+// UpdateTask provides a mock function with given fields: _a0, _a1
+func (_m *Client) UpdateTask(_a0 context.Context, _a1 *connect.Request[runnerv1.UpdateTaskRequest]) (*connect.Response[runnerv1.UpdateTaskResponse], error) {
+	ret := _m.Called(_a0, _a1)
+
+	if len(ret) == 0 {
+		panic("no return value specified for UpdateTask")
+	}
+
+	var r0 *connect.Response[runnerv1.UpdateTaskResponse]
+	var r1 error
+	if rf, ok := ret.Get(0).(func(context.Context, *connect.Request[runnerv1.UpdateTaskRequest]) (*connect.Response[runnerv1.UpdateTaskResponse], error)); ok {
+		return rf(_a0, _a1)
+	}
+	if rf, ok := ret.Get(0).(func(context.Context, *connect.Request[runnerv1.UpdateTaskRequest]) *connect.Response[runnerv1.UpdateTaskResponse]); ok {
+		r0 = rf(_a0, _a1)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*connect.Response[runnerv1.UpdateTaskResponse])
+		}
+	}
+
+	if rf, ok := ret.Get(1).(func(context.Context, *connect.Request[runnerv1.UpdateTaskRequest]) error); ok {
+		r1 = rf(_a0, _a1)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
+// NewClient creates a new instance of Client. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
+// The first argument is typically a *testing.T value.
+func NewClient(t interface {
+	mock.TestingT
+	Cleanup(func())
+},
+) *Client {
+	mock := &Client{}
+	mock.Mock.Test(t)
+
+	t.Cleanup(func() { mock.AssertExpectations(t) })
+
+	return mock
+}

internal/pkg/config/config.example.yaml

@@ -0,0 +1,98 @@
+# Example configuration file, it's safe to copy this as the default config file without any modification.
+
+# You don't have to copy this file to your instance,
+# just run `./act_runner generate-config > config.yaml` to generate a config file.
+
+log:
+  # The level of logging, can be trace, debug, info, warn, error, fatal
+  level: info
+
+runner:
+  # Where to store the registration result.
+  file: .runner
+  # Execute how many tasks concurrently at the same time.
+  capacity: 1
+  # Extra environment variables to run jobs.
+  envs:
+    A_TEST_ENV_NAME_1: a_test_env_value_1
+    A_TEST_ENV_NAME_2: a_test_env_value_2
+  # Extra environment variables to run jobs from a file.
+  # It will be ignored if it's empty or the file doesn't exist.
+  env_file: .env
+  # The timeout for a job to be finished.
+  # Please note that the Gitea instance also has a timeout (3h by default) for the job.
+  # So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
+  timeout: 3h
+  # Whether skip verifying the TLS certificate of the Gitea instance.
+  insecure: false
+  # The timeout for fetching the job from the Gitea instance.
+  fetch_timeout: 5s
+  # The interval for fetching the job from the Gitea instance.
+  fetch_interval: 2s
+  # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
+  # Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
+  # Find more images provided by Gitea at https://gitea.com/gitea/runner-images .
+  # If it's empty when registering, it will ask for inputting labels.
+  # If it's empty when execute `daemon`, will use labels in `.runner` file.
+  labels:
+    - "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
+    - "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
+    - "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"
+
+cache:
+  # Enable cache server to use actions/cache.
+  enabled: true
+  # The directory to store the cache data.
+  # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
+  dir: ""
+  # The host of the cache server.
+  # It's not for the address to listen, but the address to connect from job containers.
+  # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
+  host: ""
+  # The port of the cache server.
+  # 0 means to use a random available port.
+  port: 0
+  # The external cache server URL. Valid only when enable is true.
+  # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
+  # The URL should generally end with "/".
+  external_server: ""
+
+container:
+  # Specifies the network to which the container will connect.
+  # Could be host, bridge or the name of a custom network.
+  # If it's empty, act_runner will create a network automatically.
+  network: ""
+  # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
+  privileged: false
+  # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
+  options:
+  # The parent directory of a job's working directory.
+  # NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically. 
+  # If the path starts with '/', the '/' will be trimmed.
+  # For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir
+  # If it's empty, /workspace will be used.
+  workdir_parent:
+  # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
+  # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
+  # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
+  # valid_volumes:
+  #   - data
+  #   - /src/*.json
+  # If you want to allow any volume, please use the following configuration:
+  # valid_volumes:
+  #   - '**'
+  valid_volumes: []
+  # overrides the docker client host with the specified one.
+  # If it's empty, act_runner will find an available docker host automatically.
+  # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
+  # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
+  docker_host: ""
+  # Pull docker image(s) even if already present
+  force_pull: true
+  # Rebuild docker image(s) even if already present
+  force_rebuild: false
+
+host:
+  # The parent directory of a job's working directory.
+  # If it's empty, $HOME/.cache/act/ will be used.
+  workdir_parent:

internal/pkg/config/config.go

@@ -0,0 +1,151 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package config
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"time"
+
+	"github.com/joho/godotenv"
+	log "github.com/sirupsen/logrus"
+	"gopkg.in/yaml.v3"
+)
+
+// Log represents the configuration for logging.
+type Log struct {
+	Level string `yaml:"level"` // Level indicates the logging level.
+}
+
+// Runner represents the configuration for the runner.
+type Runner struct {
+	File          string            `yaml:"file"`           // File specifies the file path for the runner.
+	Capacity      int               `yaml:"capacity"`       // Capacity specifies the capacity of the runner.
+	Envs          map[string]string `yaml:"envs"`           // Envs stores environment variables for the runner.
+	EnvFile       string            `yaml:"env_file"`       // EnvFile specifies the path to the file containing environment variables for the runner.
+	Timeout       time.Duration     `yaml:"timeout"`        // Timeout specifies the duration for runner timeout.
+	Insecure      bool              `yaml:"insecure"`       // Insecure indicates whether the runner operates in an insecure mode.
+	FetchTimeout  time.Duration     `yaml:"fetch_timeout"`  // FetchTimeout specifies the timeout duration for fetching resources.
+	FetchInterval time.Duration     `yaml:"fetch_interval"` // FetchInterval specifies the interval duration for fetching resources.
+	Labels        []string          `yaml:"labels"`         // Labels specify the labels of the runner. Labels are declared on each startup
+}
+
+// Cache represents the configuration for caching.
+type Cache struct {
+	Enabled        *bool  `yaml:"enabled"`         // Enabled indicates whether caching is enabled. It is a pointer to distinguish between false and not set. If not set, it will be true.
+	Dir            string `yaml:"dir"`             // Dir specifies the directory path for caching.
+	Host           string `yaml:"host"`            // Host specifies the caching host.
+	Port           uint16 `yaml:"port"`            // Port specifies the caching port.
+	ExternalServer string `yaml:"external_server"` // ExternalServer specifies the URL of external cache server
+}
+
+// Container represents the configuration for the container.
+type Container struct {
+	Network       string   `yaml:"network"`        // Network specifies the network for the container.
+	NetworkMode   string   `yaml:"network_mode"`   // Deprecated: use Network instead. Could be removed after Gitea 1.20
+	Privileged    bool     `yaml:"privileged"`     // Privileged indicates whether the container runs in privileged mode.
+	Options       string   `yaml:"options"`        // Options specifies additional options for the container.
+	WorkdirParent string   `yaml:"workdir_parent"` // WorkdirParent specifies the parent directory for the container's working directory.
+	ValidVolumes  []string `yaml:"valid_volumes"`  // ValidVolumes specifies the volumes (including bind mounts) can be mounted to containers.
+	DockerHost    string   `yaml:"docker_host"`    // DockerHost specifies the Docker host. It overrides the value specified in environment variable DOCKER_HOST.
+	ForcePull     bool     `yaml:"force_pull"`     // Pull docker image(s) even if already present
+	ForceRebuild  bool     `yaml:"force_rebuild"`  // Rebuild docker image(s) even if already present
+}
+
+// Host represents the configuration for the host.
+type Host struct {
+	WorkdirParent string `yaml:"workdir_parent"` // WorkdirParent specifies the parent directory for the host's working directory.
+}
+
+// Config represents the overall configuration.
+type Config struct {
+	Log       Log       `yaml:"log"`       // Log represents the configuration for logging.
+	Runner    Runner    `yaml:"runner"`    // Runner represents the configuration for the runner.
+	Cache     Cache     `yaml:"cache"`     // Cache represents the configuration for caching.
+	Container Container `yaml:"container"` // Container represents the configuration for the container.
+	Host      Host      `yaml:"host"`      // Host represents the configuration for the host.
+}
+
+// LoadDefault returns the default configuration.
+// If file is not empty, it will be used to load the configuration.
+func LoadDefault(file string) (*Config, error) {
+	cfg := &Config{}
+	if file != "" {
+		content, err := os.ReadFile(file)
+		if err != nil {
+			return nil, fmt.Errorf("open config file %q: %w", file, err)
+		}
+		if err := yaml.Unmarshal(content, cfg); err != nil {
+			return nil, fmt.Errorf("parse config file %q: %w", file, err)
+		}
+	}
+	compatibleWithOldEnvs(file != "", cfg)
+
+	if cfg.Runner.EnvFile != "" {
+		if stat, err := os.Stat(cfg.Runner.EnvFile); err == nil && !stat.IsDir() {
+			envs, err := godotenv.Read(cfg.Runner.EnvFile)
+			if err != nil {
+				return nil, fmt.Errorf("read env file %q: %w", cfg.Runner.EnvFile, err)
+			}
+			if cfg.Runner.Envs == nil {
+				cfg.Runner.Envs = map[string]string{}
+			}
+			for k, v := range envs {
+				cfg.Runner.Envs[k] = v
+			}
+		}
+	}
+
+	if cfg.Log.Level == "" {
+		cfg.Log.Level = "info"
+	}
+	if cfg.Runner.File == "" {
+		cfg.Runner.File = ".runner"
+	}
+	if cfg.Runner.Capacity <= 0 {
+		cfg.Runner.Capacity = 1
+	}
+	if cfg.Runner.Timeout <= 0 {
+		cfg.Runner.Timeout = 3 * time.Hour
+	}
+	if cfg.Cache.Enabled == nil {
+		b := true
+		cfg.Cache.Enabled = &b
+	}
+	if *cfg.Cache.Enabled {
+		if cfg.Cache.Dir == "" {
+			home, _ := os.UserHomeDir()
+			cfg.Cache.Dir = filepath.Join(home, ".cache", "actcache")
+		}
+	}
+	if cfg.Container.WorkdirParent == "" {
+		cfg.Container.WorkdirParent = "workspace"
+	}
+	if cfg.Host.WorkdirParent == "" {
+		home, _ := os.UserHomeDir()
+		cfg.Host.WorkdirParent = filepath.Join(home, ".cache", "act")
+	}
+	if cfg.Runner.FetchTimeout <= 0 {
+		cfg.Runner.FetchTimeout = 5 * time.Second
+	}
+	if cfg.Runner.FetchInterval <= 0 {
+		cfg.Runner.FetchInterval = 2 * time.Second
+	}
+
+	// although `container.network_mode` will be deprecated, but we have to be compatible with it for now.
+	if cfg.Container.NetworkMode != "" && cfg.Container.Network == "" {
+		log.Warn("You are trying to use deprecated configuration item of `container.network_mode`, please use `container.network` instead.")
+		if cfg.Container.NetworkMode == "bridge" {
+			// Previously, if the value of `container.network_mode` is `bridge`, we will create a new network for job.
+			// But “bridge” is easily confused with the bridge network created by Docker by default.
+			// So we set the value of `container.network` to empty string to make `act_runner` automatically create a new network for job.
+			cfg.Container.Network = ""
+		} else {
+			cfg.Container.Network = cfg.Container.NetworkMode
+		}
+	}
+
+	return cfg, nil
+}

internal/pkg/config/deprecated.go

@@ -0,0 +1,62 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package config
+
+import (
+	"os"
+	"strconv"
+	"strings"
+
+	log "github.com/sirupsen/logrus"
+)
+
+// Deprecated: could be removed in the future. TODO: remove it when Gitea 1.20.0 is released.
+// Be compatible with old envs.
+func compatibleWithOldEnvs(fileUsed bool, cfg *Config) {
+	handleEnv := func(key string) (string, bool) {
+		if v, ok := os.LookupEnv(key); ok {
+			if fileUsed {
+				log.Warnf("env %s has been ignored because config file is used", key)
+				return "", false
+			}
+			log.Warnf("env %s will be deprecated, please use config file instead", key)
+			return v, true
+		}
+		return "", false
+	}
+
+	if v, ok := handleEnv("GITEA_DEBUG"); ok {
+		if b, _ := strconv.ParseBool(v); b {
+			cfg.Log.Level = "debug"
+		}
+	}
+	if v, ok := handleEnv("GITEA_TRACE"); ok {
+		if b, _ := strconv.ParseBool(v); b {
+			cfg.Log.Level = "trace"
+		}
+	}
+	if v, ok := handleEnv("GITEA_RUNNER_CAPACITY"); ok {
+		if i, _ := strconv.Atoi(v); i > 0 {
+			cfg.Runner.Capacity = i
+		}
+	}
+	if v, ok := handleEnv("GITEA_RUNNER_FILE"); ok {
+		cfg.Runner.File = v
+	}
+	if v, ok := handleEnv("GITEA_RUNNER_ENVIRON"); ok {
+		splits := strings.Split(v, ",")
+		if cfg.Runner.Envs == nil {
+			cfg.Runner.Envs = map[string]string{}
+		}
+		for _, split := range splits {
+			kv := strings.SplitN(split, ":", 2)
+			if len(kv) == 2 && kv[0] != "" {
+				cfg.Runner.Envs[kv[0]] = kv[1]
+			}
+		}
+	}
+	if v, ok := handleEnv("GITEA_RUNNER_ENV_FILE"); ok {
+		cfg.Runner.EnvFile = v
+	}
+}

internal/pkg/config/embed.go

@@ -0,0 +1,9 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package config
+
+import _ "embed"
+
+//go:embed config.example.yaml
+var Example []byte

internal/pkg/config/registration.go

@@ -0,0 +1,54 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package config
+
+import (
+	"encoding/json"
+	"os"
+)
+
+const registrationWarning = "This file is automatically generated by act-runner. Do not edit it manually unless you know what you are doing. Removing this file will cause act runner to re-register as a new runner."
+
+// Registration is the registration information for a runner
+type Registration struct {
+	Warning string `json:"WARNING"` // Warning message to display, it's always the registrationWarning constant
+
+	ID      int64    `json:"id"`
+	UUID    string   `json:"uuid"`
+	Name    string   `json:"name"`
+	Token   string   `json:"token"`
+	Address string   `json:"address"`
+	Labels  []string `json:"labels"`
+}
+
+func LoadRegistration(file string) (*Registration, error) {
+	f, err := os.Open(file)
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	var reg Registration
+	if err := json.NewDecoder(f).Decode(&reg); err != nil {
+		return nil, err
+	}
+
+	reg.Warning = ""
+
+	return &reg, nil
+}
+
+func SaveRegistration(file string, reg *Registration) error {
+	f, err := os.Create(file)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+
+	reg.Warning = registrationWarning
+
+	enc := json.NewEncoder(f)
+	enc.SetIndent("", "  ")
+	return enc.Encode(reg)
+}

internal/pkg/envcheck/doc.go

@@ -0,0 +1,5 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+// Package envcheck provides a simple way to check if the environment is ready to run jobs.
+package envcheck

internal/pkg/envcheck/docker.go

@@ -0,0 +1,34 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package envcheck
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/docker/docker/client"
+)
+
+func CheckIfDockerRunning(ctx context.Context, configDockerHost string) error {
+	opts := []client.Opt{
+		client.FromEnv,
+	}
+
+	if configDockerHost != "" {
+		opts = append(opts, client.WithHost(configDockerHost))
+	}
+
+	cli, err := client.NewClientWithOpts(opts...)
+	if err != nil {
+		return err
+	}
+	defer cli.Close()
+
+	_, err = cli.Ping(ctx)
+	if err != nil {
+		return fmt.Errorf("cannot ping the docker daemon, is it running? %w", err)
+	}
+
+	return nil
+}

internal/pkg/labels/labels.go

@@ -0,0 +1,106 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package labels
+
+import (
+	"fmt"
+	"strings"
+)
+
+const (
+	SchemeHost   = "host"
+	SchemeDocker = "docker"
+)
+
+type Label struct {
+	Name   string
+	Schema string
+	Arg    string
+}
+
+func Parse(str string) (*Label, error) {
+	splits := strings.SplitN(str, ":", 3)
+	label := &Label{
+		Name:   splits[0],
+		Schema: "host",
+		Arg:    "",
+	}
+	if len(splits) >= 2 {
+		label.Schema = splits[1]
+	}
+	if len(splits) >= 3 {
+		label.Arg = splits[2]
+	}
+	if label.Schema != SchemeHost && label.Schema != SchemeDocker {
+		return nil, fmt.Errorf("unsupported schema: %s", label.Schema)
+	}
+	return label, nil
+}
+
+type Labels []*Label
+
+func (l Labels) RequireDocker() bool {
+	for _, label := range l {
+		if label.Schema == SchemeDocker {
+			return true
+		}
+	}
+	return false
+}
+
+func (l Labels) PickPlatform(runsOn []string) string {
+	platforms := make(map[string]string, len(l))
+	for _, label := range l {
+		switch label.Schema {
+		case SchemeDocker:
+			// "//" will be ignored
+			platforms[label.Name] = strings.TrimPrefix(label.Arg, "//")
+		case SchemeHost:
+			platforms[label.Name] = "-self-hosted"
+		default:
+			// It should not happen, because Parse has checked it.
+			continue
+		}
+	}
+	for _, v := range runsOn {
+		if v, ok := platforms[v]; ok {
+			return v
+		}
+	}
+
+	// TODO: support multiple labels
+	// like:
+	//   ["ubuntu-22.04"] => "ubuntu:22.04"
+	//   ["with-gpu"] => "linux:with-gpu"
+	//   ["ubuntu-22.04", "with-gpu"] => "ubuntu:22.04_with-gpu"
+
+	// return default.
+	// So the runner receives a task with a label that the runner doesn't have,
+	// it happens when the user have edited the label of the runner in the web UI.
+	// TODO: it may be not correct, what if the runner is used as host mode only?
+	return "gitea/runner-images:ubuntu-latest"
+}
+
+func (l Labels) Names() []string {
+	names := make([]string, 0, len(l))
+	for _, label := range l {
+		names = append(names, label.Name)
+	}
+	return names
+}
+
+func (l Labels) ToStrings() []string {
+	ls := make([]string, 0, len(l))
+	for _, label := range l {
+		lbl := label.Name
+		if label.Schema != "" {
+			lbl += ":" + label.Schema
+			if label.Arg != "" {
+				lbl += ":" + label.Arg
+			}
+		}
+		ls = append(ls, lbl)
+	}
+	return ls
+}

internal/pkg/labels/labels_test.go

@@ -0,0 +1,63 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package labels
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	"gotest.tools/v3/assert"
+)
+
+func TestParse(t *testing.T) {
+	tests := []struct {
+		args    string
+		want    *Label
+		wantErr bool
+	}{
+		{
+			args: "ubuntu:docker://node:18",
+			want: &Label{
+				Name:   "ubuntu",
+				Schema: "docker",
+				Arg:    "//node:18",
+			},
+			wantErr: false,
+		},
+		{
+			args: "ubuntu:host",
+			want: &Label{
+				Name:   "ubuntu",
+				Schema: "host",
+				Arg:    "",
+			},
+			wantErr: false,
+		},
+		{
+			args: "ubuntu",
+			want: &Label{
+				Name:   "ubuntu",
+				Schema: "host",
+				Arg:    "",
+			},
+			wantErr: false,
+		},
+		{
+			args:    "ubuntu:vm:ubuntu-18.04",
+			want:    nil,
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.args, func(t *testing.T) {
+			got, err := Parse(tt.args)
+			if tt.wantErr {
+				require.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+			assert.DeepEqual(t, got, tt.want)
+		})
+	}
+}

internal/pkg/report/reporter.go

@@ -1,20 +1,24 @@
-package runtime
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package report
 
 import (
 	"context"
 	"fmt"
+	"regexp"
 	"strings"
 	"sync"
 	"time"
 
 	runnerv1 "code.gitea.io/actions-proto-go/runner/v1"
-	"gitea.com/gitea/act_runner/client"
-
-	retry "github.com/avast/retry-go/v4"
-	"github.com/bufbuild/connect-go"
+	"connectrpc.com/connect"
+	"github.com/avast/retry-go/v4"
 	log "github.com/sirupsen/logrus"
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"gitea.com/gitea/act_runner/internal/pkg/client"
 )
 
 type Reporter struct {
@@ -28,8 +32,14 @@ type Reporter struct {
 	logOffset   int
 	logRows     []*runnerv1.LogRow
 	logReplacer *strings.Replacer
-	state       *runnerv1.TaskState
-	stateM      sync.RWMutex
+	oldnew      []string
+
+	state   *runnerv1.TaskState
+	stateMu sync.RWMutex
+	outputs sync.Map
+
+	debugOutputEnabled  bool
+	stopCommandEndToken string
 }
 
 func NewReporter(ctx context.Context, cancel context.CancelFunc, client client.Client, task *runnerv1.Task) *Reporter {
@@ -37,24 +47,34 @@ func NewReporter(ctx context.Context, cancel context.CancelFunc, client client.C
 	if v := task.Context.Fields["token"].GetStringValue(); v != "" {
 		oldnew = append(oldnew, v, "***")
 	}
+	if v := task.Context.Fields["gitea_runtime_token"].GetStringValue(); v != "" {
+		oldnew = append(oldnew, v, "***")
+	}
 	for _, v := range task.Secrets {
 		oldnew = append(oldnew, v, "***")
 	}
 
-	return &Reporter{
+	rv := &Reporter{
 		ctx:         ctx,
 		cancel:      cancel,
 		client:      client,
+		oldnew:      oldnew,
 		logReplacer: strings.NewReplacer(oldnew...),
 		state: &runnerv1.TaskState{
 			Id: task.Id,
 		},
 	}
+
+	if task.Secrets["ACTIONS_STEP_DEBUG"] == "true" {
+		rv.debugOutputEnabled = true
+	}
+
+	return rv
 }
 
 func (r *Reporter) ResetSteps(l int) {
-	r.stateM.Lock()
-	defer r.stateM.Unlock()
+	r.stateMu.Lock()
+	defer r.stateMu.Unlock()
 	for i := 0; i < l; i++ {
 		r.state.Steps = append(r.state.Steps, &runnerv1.StepState{
 			Id: int64(i),
@@ -66,9 +86,16 @@ func (r *Reporter) Levels() []log.Level {
 	return log.AllLevels
 }
 
+func appendIfNotNil[T any](s []*T, v *T) []*T {
+	if v != nil {
+		return append(s, v)
+	}
+	return s
+}
+
 func (r *Reporter) Fire(entry *log.Entry) error {
-	r.stateM.Lock()
-	defer r.stateM.Unlock()
+	r.stateMu.Lock()
+	defer r.stateMu.Unlock()
 
 	log.WithFields(entry.Data).Trace(entry.Message)
 
@@ -87,25 +114,28 @@ func (r *Reporter) Fire(entry *log.Entry) error {
 				for _, s := range r.state.Steps {
 					if s.Result == runnerv1.Result_RESULT_UNSPECIFIED {
 						s.Result = runnerv1.Result_RESULT_CANCELLED
+						if jobResult == runnerv1.Result_RESULT_SKIPPED {
+							s.Result = runnerv1.Result_RESULT_SKIPPED
+						}
 					}
 				}
 			}
 		}
 		if !r.duringSteps() {
-			r.logRows = append(r.logRows, r.parseLogRow(entry))
+			r.logRows = appendIfNotNil(r.logRows, r.parseLogRow(entry))
 		}
 		return nil
 	}
 
 	var step *runnerv1.StepState
 	if v, ok := entry.Data["stepNumber"]; ok {
-		if v, ok := v.(int); ok {
+		if v, ok := v.(int); ok && len(r.state.Steps) > v {
 			step = r.state.Steps[v]
 		}
 	}
 	if step == nil {
 		if !r.duringSteps() {
-			r.logRows = append(r.logRows, r.parseLogRow(entry))
+			r.logRows = appendIfNotNil(r.logRows, r.parseLogRow(entry))
 		}
 		return nil
 	}
@@ -115,14 +145,16 @@ func (r *Reporter) Fire(entry *log.Entry) error {
 	}
 	if v, ok := entry.Data["raw_output"]; ok {
 		if rawOutput, ok := v.(bool); ok && rawOutput {
-			if step.LogLength == 0 {
-				step.LogIndex = int64(r.logOffset + len(r.logRows))
+			if row := r.parseLogRow(entry); row != nil {
+				if step.LogLength == 0 {
+					step.LogIndex = int64(r.logOffset + len(r.logRows))
+				}
+				step.LogLength++
+				r.logRows = append(r.logRows, row)
 			}
-			step.LogLength++
-			r.logRows = append(r.logRows, r.parseLogRow(entry))
 		}
 	} else if !r.duringSteps() {
-		r.logRows = append(r.logRows, r.parseLogRow(entry))
+		r.logRows = appendIfNotNil(r.logRows, r.parseLogRow(entry))
 	}
 	if v, ok := entry.Data["stepResult"]; ok {
 		if stepResult, ok := r.parseResult(v); ok {
@@ -152,9 +184,13 @@ func (r *Reporter) RunDaemon() {
 }
 
 func (r *Reporter) Logf(format string, a ...interface{}) {
-	r.stateM.Lock()
-	defer r.stateM.Unlock()
+	r.stateMu.Lock()
+	defer r.stateMu.Unlock()
 
+	r.logf(format, a...)
+}
+
+func (r *Reporter) logf(format string, a ...interface{}) {
 	if !r.duringSteps() {
 		r.logRows = append(r.logRows, &runnerv1.LogRow{
 			Time:    timestamppb.Now(),
@@ -163,10 +199,30 @@ func (r *Reporter) Logf(format string, a ...interface{}) {
 	}
 }
 
+func (r *Reporter) SetOutputs(outputs map[string]string) {
+	r.stateMu.Lock()
+	defer r.stateMu.Unlock()
+
+	for k, v := range outputs {
+		if len(k) > 255 {
+			r.logf("ignore output because the key is too long: %q", k)
+			continue
+		}
+		if l := len(v); l > 1024*1024 {
+			log.Println("ignore output because the value is too long:", k, l)
+			r.logf("ignore output because the value %q is too long: %d", k, l)
+		}
+		if _, ok := r.outputs.Load(k); ok {
+			continue
+		}
+		r.outputs.Store(k, v)
+	}
+}
+
 func (r *Reporter) Close(lastWords string) error {
 	r.closed = true
 
-	r.stateM.Lock()
+	r.stateMu.Lock()
 	if r.state.Result == runnerv1.Result_RESULT_UNSPECIFIED {
 		if lastWords == "" {
 			lastWords = "Early termination"
@@ -176,18 +232,19 @@ func (r *Reporter) Close(lastWords string) error {
 				v.Result = runnerv1.Result_RESULT_CANCELLED
 			}
 		}
+		r.state.Result = runnerv1.Result_RESULT_FAILURE
 		r.logRows = append(r.logRows, &runnerv1.LogRow{
 			Time:    timestamppb.Now(),
 			Content: lastWords,
 		})
-		return nil
+		r.state.StoppedAt = timestamppb.Now()
 	} else if lastWords != "" {
 		r.logRows = append(r.logRows, &runnerv1.LogRow{
 			Time:    timestamppb.Now(),
 			Content: lastWords,
 		})
 	}
-	r.stateM.Unlock()
+	r.stateMu.Unlock()
 
 	return retry.Do(func() error {
 		if err := r.ReportLog(true); err != nil {
@@ -201,9 +258,9 @@ func (r *Reporter) ReportLog(noMore bool) error {
 	r.clientM.Lock()
 	defer r.clientM.Unlock()
 
-	r.stateM.RLock()
+	r.stateMu.RLock()
 	rows := r.logRows
-	r.stateM.RUnlock()
+	r.stateMu.RUnlock()
 
 	resp, err := r.client.UpdateLog(r.ctx, connect.NewRequest(&runnerv1.UpdateLogRequest{
 		TaskId: r.state.Id,
@@ -220,10 +277,10 @@ func (r *Reporter) ReportLog(noMore bool) error {
 		return fmt.Errorf("submitted logs are lost")
 	}
 
-	r.stateM.Lock()
+	r.stateMu.Lock()
 	r.logRows = r.logRows[ack-r.logOffset:]
 	r.logOffset = ack
-	r.stateM.Unlock()
+	r.stateMu.Unlock()
 
 	if noMore && ack < r.logOffset+len(rows) {
 		return fmt.Errorf("not all logs are submitted")
@@ -236,21 +293,45 @@ func (r *Reporter) ReportState() error {
 	r.clientM.Lock()
 	defer r.clientM.Unlock()
 
-	r.stateM.RLock()
+	r.stateMu.RLock()
 	state := proto.Clone(r.state).(*runnerv1.TaskState)
-	r.stateM.RUnlock()
+	r.stateMu.RUnlock()
+
+	outputs := make(map[string]string)
+	r.outputs.Range(func(k, v interface{}) bool {
+		if val, ok := v.(string); ok {
+			outputs[k.(string)] = val
+		}
+		return true
+	})
 
 	resp, err := r.client.UpdateTask(r.ctx, connect.NewRequest(&runnerv1.UpdateTaskRequest{
-		State: state,
+		State:   state,
+		Outputs: outputs,
 	}))
 	if err != nil {
 		return err
 	}
 
+	for _, k := range resp.Msg.SentOutputs {
+		r.outputs.Store(k, struct{}{})
+	}
+
 	if resp.Msg.State != nil && resp.Msg.State.Result == runnerv1.Result_RESULT_CANCELLED {
 		r.cancel()
 	}
 
+	var noSent []string
+	r.outputs.Range(func(k, v interface{}) bool {
+		if _, ok := v.(string); ok {
+			noSent = append(noSent, k.(string))
+		}
+		return true
+	})
+	if len(noSent) > 0 {
+		return fmt.Errorf("there are still outputs that have not been sent: %v", noSent)
+	}
+
 	return nil
 }
 
@@ -284,11 +365,70 @@ func (r *Reporter) parseResult(result interface{}) (runnerv1.Result, bool) {
 	return ret, ok
 }
 
+var cmdRegex = regexp.MustCompile(`^::([^ :]+)( .*)?::(.*)$`)
+
+func (r *Reporter) handleCommand(originalContent, command, parameters, value string) *string {
+	if r.stopCommandEndToken != "" && command != r.stopCommandEndToken {
+		return &originalContent
+	}
+
+	switch command {
+	case "add-mask":
+		r.addMask(value)
+		return nil
+	case "debug":
+		if r.debugOutputEnabled {
+			return &value
+		}
+		return nil
+
+	case "notice":
+		// Not implemented yet, so just return the original content.
+		return &originalContent
+	case "warning":
+		// Not implemented yet, so just return the original content.
+		return &originalContent
+	case "error":
+		// Not implemented yet, so just return the original content.
+		return &originalContent
+	case "group":
+		// Returning the original content, because I think the frontend
+		// will use it when rendering the output.
+		return &originalContent
+	case "endgroup":
+		// Ditto
+		return &originalContent
+	case "stop-commands":
+		r.stopCommandEndToken = value
+		return nil
+	case r.stopCommandEndToken:
+		r.stopCommandEndToken = ""
+		return nil
+	}
+	return &originalContent
+}
+
 func (r *Reporter) parseLogRow(entry *log.Entry) *runnerv1.LogRow {
 	content := strings.TrimRightFunc(entry.Message, func(r rune) bool { return r == '\r' || r == '\n' })
+
+	matches := cmdRegex.FindStringSubmatch(content)
+	if matches != nil {
+		if output := r.handleCommand(content, matches[1], matches[2], matches[3]); output != nil {
+			content = *output
+		} else {
+			return nil
+		}
+	}
+
 	content = r.logReplacer.Replace(content)
+
 	return &runnerv1.LogRow{
 		Time:    timestamppb.New(entry.Time),
-		Content: content,
+		Content: strings.ToValidUTF8(content, "?"),
 	}
 }
+
+func (r *Reporter) addMask(msg string) {
+	r.oldnew = append(r.oldnew, msg, "***")
+	r.logReplacer = strings.NewReplacer(r.oldnew...)
+}

internal/pkg/report/reporter_test.go

@@ -0,0 +1,197 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package report
+
+import (
+	"context"
+	"strings"
+	"testing"
+
+	runnerv1 "code.gitea.io/actions-proto-go/runner/v1"
+	connect_go "connectrpc.com/connect"
+	log "github.com/sirupsen/logrus"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/mock"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/types/known/structpb"
+
+	"gitea.com/gitea/act_runner/internal/pkg/client/mocks"
+)
+
+func TestReporter_parseLogRow(t *testing.T) {
+	tests := []struct {
+		name               string
+		debugOutputEnabled bool
+		args               []string
+		want               []string
+	}{
+		{
+			"No command", false,
+			[]string{"Hello, world!"},
+			[]string{"Hello, world!"},
+		},
+		{
+			"Add-mask", false,
+			[]string{
+				"foo mysecret bar",
+				"::add-mask::mysecret",
+				"foo mysecret bar",
+			},
+			[]string{
+				"foo mysecret bar",
+				"<nil>",
+				"foo *** bar",
+			},
+		},
+		{
+			"Debug enabled", true,
+			[]string{
+				"::debug::GitHub Actions runtime token access controls",
+			},
+			[]string{
+				"GitHub Actions runtime token access controls",
+			},
+		},
+		{
+			"Debug not enabled", false,
+			[]string{
+				"::debug::GitHub Actions runtime token access controls",
+			},
+			[]string{
+				"<nil>",
+			},
+		},
+		{
+			"notice", false,
+			[]string{
+				"::notice file=file.name,line=42,endLine=48,title=Cool Title::Gosh, that's not going to work",
+			},
+			[]string{
+				"::notice file=file.name,line=42,endLine=48,title=Cool Title::Gosh, that's not going to work",
+			},
+		},
+		{
+			"warning", false,
+			[]string{
+				"::warning file=file.name,line=42,endLine=48,title=Cool Title::Gosh, that's not going to work",
+			},
+			[]string{
+				"::warning file=file.name,line=42,endLine=48,title=Cool Title::Gosh, that's not going to work",
+			},
+		},
+		{
+			"error", false,
+			[]string{
+				"::error file=file.name,line=42,endLine=48,title=Cool Title::Gosh, that's not going to work",
+			},
+			[]string{
+				"::error file=file.name,line=42,endLine=48,title=Cool Title::Gosh, that's not going to work",
+			},
+		},
+		{
+			"group", false,
+			[]string{
+				"::group::",
+				"::endgroup::",
+			},
+			[]string{
+				"::group::",
+				"::endgroup::",
+			},
+		},
+		{
+			"stop-commands", false,
+			[]string{
+				"::add-mask::foo",
+				"::stop-commands::myverycoolstoptoken",
+				"::add-mask::bar",
+				"::debug::Stuff",
+				"myverycoolstoptoken",
+				"::add-mask::baz",
+				"::myverycoolstoptoken::",
+				"::add-mask::wibble",
+				"foo bar baz wibble",
+			},
+			[]string{
+				"<nil>",
+				"<nil>",
+				"::add-mask::bar",
+				"::debug::Stuff",
+				"myverycoolstoptoken",
+				"::add-mask::baz",
+				"<nil>",
+				"<nil>",
+				"*** bar baz ***",
+			},
+		},
+		{
+			"unknown command", false,
+			[]string{
+				"::set-mask::foo",
+			},
+			[]string{
+				"::set-mask::foo",
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			r := &Reporter{
+				logReplacer:        strings.NewReplacer(),
+				debugOutputEnabled: tt.debugOutputEnabled,
+			}
+			for idx, arg := range tt.args {
+				rv := r.parseLogRow(&log.Entry{Message: arg})
+				got := "<nil>"
+
+				if rv != nil {
+					got = rv.Content
+				}
+
+				assert.Equal(t, tt.want[idx], got)
+			}
+		})
+	}
+}
+
+func TestReporter_Fire(t *testing.T) {
+	t.Run("ignore command lines", func(t *testing.T) {
+		client := mocks.NewClient(t)
+		client.On("UpdateLog", mock.Anything, mock.Anything).Return(func(_ context.Context, req *connect_go.Request[runnerv1.UpdateLogRequest]) (*connect_go.Response[runnerv1.UpdateLogResponse], error) {
+			t.Logf("Received UpdateLog: %s", req.Msg.String())
+			return connect_go.NewResponse(&runnerv1.UpdateLogResponse{
+				AckIndex: req.Msg.Index + int64(len(req.Msg.Rows)),
+			}), nil
+		})
+		client.On("UpdateTask", mock.Anything, mock.Anything).Return(func(_ context.Context, req *connect_go.Request[runnerv1.UpdateTaskRequest]) (*connect_go.Response[runnerv1.UpdateTaskResponse], error) {
+			t.Logf("Received UpdateTask: %s", req.Msg.String())
+			return connect_go.NewResponse(&runnerv1.UpdateTaskResponse{}), nil
+		})
+		ctx, cancel := context.WithCancel(context.Background())
+		taskCtx, err := structpb.NewStruct(map[string]interface{}{})
+		require.NoError(t, err)
+		reporter := NewReporter(ctx, cancel, client, &runnerv1.Task{
+			Context: taskCtx,
+		})
+		defer func() {
+			assert.NoError(t, reporter.Close(""))
+		}()
+		reporter.ResetSteps(5)
+
+		dataStep0 := map[string]interface{}{
+			"stage":      "Main",
+			"stepNumber": 0,
+			"raw_output": true,
+		}
+
+		assert.NoError(t, reporter.Fire(&log.Entry{Message: "regular log line", Data: dataStep0}))
+		assert.NoError(t, reporter.Fire(&log.Entry{Message: "::debug::debug log line", Data: dataStep0}))
+		assert.NoError(t, reporter.Fire(&log.Entry{Message: "regular log line", Data: dataStep0}))
+		assert.NoError(t, reporter.Fire(&log.Entry{Message: "::debug::debug log line", Data: dataStep0}))
+		assert.NoError(t, reporter.Fire(&log.Entry{Message: "::debug::debug log line", Data: dataStep0}))
+		assert.NoError(t, reporter.Fire(&log.Entry{Message: "regular log line", Data: dataStep0}))
+
+		assert.Equal(t, int64(3), reporter.state.Steps[0].LogLength)
+	})
+}

internal/pkg/ver/version.go

@@ -0,0 +1,11 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package ver
+
+// go build -ldflags "-X gitea.com/gitea/act_runner/internal/pkg/ver.version=1.2.3"
+var version = "dev"
+
+func Version() string {
+	return version
+}

main.go

@@ -1,34 +1,19 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
 package main
 
 import (
 	"context"
-	"os"
 	"os/signal"
 	"syscall"
 
-	"gitea.com/gitea/act_runner/cmd"
+	"gitea.com/gitea/act_runner/internal/app/cmd"
 )
 
-func withContextFunc(ctx context.Context, f func()) context.Context {
-	ctx, cancel := context.WithCancel(ctx)
-	go func() {
-		c := make(chan os.Signal, 1)
-		signal.Notify(c, syscall.SIGINT, syscall.SIGTERM)
-		defer signal.Stop(c)
-
-		select {
-		case <-ctx.Done():
-		case <-c:
-			cancel()
-			f()
-		}
-	}()
-
-	return ctx
-}
-
 func main() {
-	ctx := withContextFunc(context.Background(), func() {})
+	ctx, stop := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
+	defer stop()
 	// run the command
 	cmd.Execute(ctx)
 }

poller/metric.go

@@ -1,33 +0,0 @@
-package poller
-
-import "sync/atomic"
-
-// Metric interface
-type Metric interface {
-	IncBusyWorker() int64
-	DecBusyWorker() int64
-	BusyWorkers() int64
-}
-
-var _ Metric = (*metric)(nil)
-
-type metric struct {
-	busyWorkers int64
-}
-
-// NewMetric for default metric structure
-func NewMetric() Metric {
-	return &metric{}
-}
-
-func (m *metric) IncBusyWorker() int64 {
-	return atomic.AddInt64(&m.busyWorkers, 1)
-}
-
-func (m *metric) DecBusyWorker() int64 {
-	return atomic.AddInt64(&m.busyWorkers, -1)
-}
-
-func (m *metric) BusyWorkers() int64 {
-	return atomic.LoadInt64(&m.busyWorkers)
-}

poller/poller.go

@@ -1,146 +0,0 @@
-package poller
-
-import (
-	"context"
-	"errors"
-	"sync"
-	"time"
-
-	runnerv1 "code.gitea.io/actions-proto-go/runner/v1"
-	"gitea.com/gitea/act_runner/client"
-
-	"github.com/bufbuild/connect-go"
-	log "github.com/sirupsen/logrus"
-)
-
-var ErrDataLock = errors.New("Data Lock Error")
-
-func New(cli client.Client, dispatch func(context.Context, *runnerv1.Task) error, workerNum int) *Poller {
-	return &Poller{
-		Client:       cli,
-		Dispatch:     dispatch,
-		routineGroup: newRoutineGroup(),
-		metric:       &metric{},
-		workerNum:    workerNum,
-		ready:        make(chan struct{}, 1),
-	}
-}
-
-type Poller struct {
-	Client   client.Client
-	Dispatch func(context.Context, *runnerv1.Task) error
-
-	sync.Mutex
-	routineGroup *routineGroup
-	metric       *metric
-	ready        chan struct{}
-	workerNum    int
-}
-
-func (p *Poller) schedule() {
-	p.Lock()
-	defer p.Unlock()
-	if int(p.metric.BusyWorkers()) >= p.workerNum {
-		return
-	}
-
-	select {
-	case p.ready <- struct{}{}:
-	default:
-	}
-}
-
-func (p *Poller) Wait() {
-	p.routineGroup.Wait()
-}
-
-func (p *Poller) Poll(ctx context.Context) error {
-	l := log.WithField("func", "Poll")
-
-	for {
-		// check worker number
-		p.schedule()
-
-		select {
-		// wait worker ready
-		case <-p.ready:
-		case <-ctx.Done():
-			return nil
-		}
-	LOOP:
-		for {
-			select {
-			case <-ctx.Done():
-				break LOOP
-			default:
-				task, err := p.pollTask(ctx)
-				if task == nil || err != nil {
-					if err != nil {
-						l.Errorf("can't find the task: %v", err.Error())
-					}
-					time.Sleep(5 * time.Second)
-					break
-				}
-
-				p.metric.IncBusyWorker()
-				p.routineGroup.Run(func() {
-					defer p.schedule()
-					defer p.metric.DecBusyWorker()
-					if err := p.dispatchTask(ctx, task); err != nil {
-						l.Errorf("execute task: %v", err.Error())
-					}
-				})
-				break LOOP
-			}
-		}
-	}
-}
-
-func (p *Poller) pollTask(ctx context.Context) (*runnerv1.Task, error) {
-	l := log.WithField("func", "pollTask")
-	l.Info("poller: request stage from remote server")
-
-	reqCtx, cancel := context.WithTimeout(ctx, 5*time.Second)
-	defer cancel()
-
-	// request a new build stage for execution from the central
-	// build server.
-	resp, err := p.Client.FetchTask(reqCtx, connect.NewRequest(&runnerv1.FetchTaskRequest{}))
-	if err == context.Canceled || err == context.DeadlineExceeded {
-		l.WithError(err).Trace("poller: no stage returned")
-		return nil, nil
-	}
-
-	if err != nil && err == ErrDataLock {
-		l.WithError(err).Info("task accepted by another runner")
-		return nil, nil
-	}
-
-	if err != nil {
-		l.WithError(err).Error("cannot accept task")
-		return nil, err
-	}
-
-	// exit if a nil or empty stage is returned from the system
-	// and allow the runner to retry.
-	if resp.Msg.Task == nil || resp.Msg.Task.Id == 0 {
-		return nil, nil
-	}
-
-	return resp.Msg.Task, nil
-}
-
-func (p *Poller) dispatchTask(ctx context.Context, task *runnerv1.Task) error {
-	l := log.WithField("func", "dispatchTask")
-	defer func() {
-		e := recover()
-		if e != nil {
-			l.Errorf("panic error: %v", e)
-		}
-	}()
-
-	runCtx, cancel := context.WithTimeout(ctx, time.Hour)
-	defer cancel()
-
-	return p.Dispatch(runCtx, task)
-}

poller/thread.go

@@ -1,24 +0,0 @@
-package poller
-
-import "sync"
-
-type routineGroup struct {
-	waitGroup sync.WaitGroup
-}
-
-func newRoutineGroup() *routineGroup {
-	return new(routineGroup)
-}
-
-func (g *routineGroup) Run(fn func()) {
-	g.waitGroup.Add(1)
-
-	go func() {
-		defer g.waitGroup.Done()
-		fn()
-	}()
-}
-
-func (g *routineGroup) Wait() {
-	g.waitGroup.Wait()
-}

register/register.go

@@ -1,63 +0,0 @@
-package register
-
-import (
-	"context"
-	"encoding/json"
-	"os"
-	"strconv"
-	"strings"
-
-	runnerv1 "code.gitea.io/actions-proto-go/runner/v1"
-	"gitea.com/gitea/act_runner/client"
-	"gitea.com/gitea/act_runner/config"
-	"gitea.com/gitea/act_runner/core"
-
-	"github.com/bufbuild/connect-go"
-	log "github.com/sirupsen/logrus"
-)
-
-func New(cli client.Client) *Register {
-	return &Register{
-		Client: cli,
-	}
-}
-
-type Register struct {
-	Client client.Client
-}
-
-func (p *Register) Register(ctx context.Context, cfg config.Runner) (*core.Runner, error) {
-	labels := make([]string, len(cfg.Labels))
-	for i, v := range cfg.Labels {
-		labels[i] = strings.SplitN(v, ":", 2)[0]
-	}
-	// register new runner.
-	resp, err := p.Client.Register(ctx, connect.NewRequest(&runnerv1.RegisterRequest{
-		Name:        cfg.Name,
-		Token:       cfg.Token,
-		AgentLabels: labels,
-	}))
-	if err != nil {
-		log.WithError(err).Error("poller: cannot register new runner")
-		return nil, err
-	}
-
-	data := &core.Runner{
-		ID:       resp.Msg.Runner.Id,
-		UUID:     resp.Msg.Runner.Uuid,
-		Name:     resp.Msg.Runner.Name,
-		Token:    resp.Msg.Runner.Token,
-		Address:  p.Client.Address(),
-		Insecure: strconv.FormatBool(p.Client.Insecure()),
-		Labels:   cfg.Labels,
-	}
-
-	file, err := json.MarshalIndent(data, "", "  ")
-	if err != nil {
-		log.WithError(err).Error("poller: cannot marshal the json input")
-		return data, err
-	}
-
-	// store runner config in .runner file
-	return data, os.WriteFile(cfg.File, file, 0o644)
-}

renovate.json5

@@ -0,0 +1,6 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "local>gitea/renovate-config"
+  ]
+}

runtime/runtime.go

@@ -1,64 +0,0 @@
-package runtime
-
-import (
-	"context"
-	"strings"
-
-	runnerv1 "code.gitea.io/actions-proto-go/runner/v1"
-	"gitea.com/gitea/act_runner/client"
-)
-
-// Runner runs the pipeline.
-type Runner struct {
-	Machine       string
-	ForgeInstance string
-	Environ       map[string]string
-	Client        client.Client
-	Labels        []string
-}
-
-// Run runs the pipeline stage.
-func (s *Runner) Run(ctx context.Context, task *runnerv1.Task) error {
-	return NewTask(s.ForgeInstance, task.Id, s.Client, s.Environ, s.platformPicker).Run(ctx, task)
-}
-
-func (s *Runner) platformPicker(labels []string) string {
-	// "ubuntu-18.04:docker://node:16-buster"
-	// "self-hosted"
-
-	platforms := make(map[string]string, len(labels))
-	for _, l := range s.Labels {
-		// "ubuntu-18.04:docker://node:16-buster"
-		splits := strings.SplitN(l, ":", 2)
-		if len(splits) == 1 {
-			// identifier for non docker execution environment
-			platforms[splits[0]] = "-self-hosted"
-			continue
-		}
-		// ["ubuntu-18.04", "docker://node:16-buster"]
-		k, v := splits[0], splits[1]
-
-		if prefix := "docker://"; !strings.HasPrefix(v, prefix) {
-			continue
-		} else {
-			v = strings.TrimPrefix(v, prefix)
-		}
-		// ubuntu-18.04 => node:16-buster
-		platforms[k] = v
-	}
-
-	for _, label := range labels {
-		if v, ok := platforms[label]; ok {
-			return v
-		}
-	}
-
-	// TODO: support multiple labels
-	// like:
-	//   ["ubuntu-22.04"] => "ubuntu:22.04"
-	//   ["with-gpu"] => "linux:with-gpu"
-	//   ["ubuntu-22.04", "with-gpu"] => "ubuntu:22.04_with-gpu"
-
-	// return default
-	return "node:16-bullseye"
-}

runtime/task.go

@@ -1,265 +0,0 @@
-package runtime
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"fmt"
-	"os"
-	"path/filepath"
-	"sync"
-	"time"
-
-	runnerv1 "code.gitea.io/actions-proto-go/runner/v1"
-	"gitea.com/gitea/act_runner/client"
-
-	"github.com/nektos/act/pkg/artifacts"
-	"github.com/nektos/act/pkg/common"
-	"github.com/nektos/act/pkg/model"
-	"github.com/nektos/act/pkg/runner"
-	log "github.com/sirupsen/logrus"
-)
-
-var globalTaskMap sync.Map
-
-type TaskInput struct {
-	repoDirectory string
-	// actor         string
-	// workdir string
-	// workflowsPath         string
-	// autodetectEvent       bool
-	// eventPath       string
-	// reuseContainers bool
-	// bindWorkdir     bool
-	// secrets         []string
-	envs map[string]string
-	// platforms       []string
-	// dryrun       bool
-	forcePull    bool
-	forceRebuild bool
-	// noOutput     bool
-	// envfile         string
-	// secretfile            string
-	insecureSecrets bool
-	// defaultBranch         string
-	privileged            bool
-	usernsMode            string
-	containerArchitecture string
-	containerDaemonSocket string
-	// noWorkflowRecurse     bool
-	useGitIgnore     bool
-	containerCapAdd  []string
-	containerCapDrop []string
-	// autoRemove         bool
-	artifactServerPath string
-	artifactServerPort string
-	jsonLogger         bool
-	// noSkipCheckout     bool
-	// remoteName            string
-
-	EnvFile string
-
-	containerNetworkMode string
-}
-
-type Task struct {
-	BuildID int64
-	Input   *TaskInput
-
-	client         client.Client
-	log            *log.Entry
-	platformPicker func([]string) string
-}
-
-// NewTask creates a new task
-func NewTask(forgeInstance string, buildID int64, client client.Client, runnerEnvs map[string]string, picker func([]string) string) *Task {
-	task := &Task{
-		Input: &TaskInput{
-			envs:                 runnerEnvs,
-			containerNetworkMode: "bridge", // TODO should be configurable
-		},
-		BuildID: buildID,
-
-		client:         client,
-		log:            log.WithField("buildID", buildID),
-		platformPicker: picker,
-	}
-	task.Input.repoDirectory, _ = os.Getwd()
-	return task
-}
-
-// getWorkflowsPath return the workflows directory, it will try .gitea first and then fallback to .github
-func getWorkflowsPath(dir string) (string, error) {
-	p := filepath.Join(dir, ".gitea/workflows")
-	_, err := os.Stat(p)
-	if err != nil {
-		if !os.IsNotExist(err) {
-			return "", err
-		}
-		return filepath.Join(dir, ".github/workflows"), nil
-	}
-	return p, nil
-}
-
-func getToken(task *runnerv1.Task) string {
-	token := task.Secrets["GITHUB_TOKEN"]
-	if task.Secrets["GITEA_TOKEN"] != "" {
-		token = task.Secrets["GITEA_TOKEN"]
-	}
-	if task.Context.Fields["token"].GetStringValue() != "" {
-		token = task.Context.Fields["token"].GetStringValue()
-	}
-	return token
-}
-
-func (t *Task) Run(ctx context.Context, task *runnerv1.Task) (lastErr error) {
-	ctx, cancel := context.WithCancel(ctx)
-	defer cancel()
-	_, exist := globalTaskMap.Load(task.Id)
-	if exist {
-		return fmt.Errorf("task %d already exists", task.Id)
-	}
-
-	// set task ve to global map
-	// when task is done or canceled, it will be removed from the map
-	globalTaskMap.Store(task.Id, t)
-	defer globalTaskMap.Delete(task.Id)
-
-	lastWords := ""
-	reporter := NewReporter(ctx, cancel, t.client, task)
-	defer func() {
-		// set the job to failed on an error return value
-		if lastErr != nil {
-			reporter.Fire(&log.Entry{
-				Data: log.Fields{
-					"jobResult": "failure",
-				},
-			})
-		}
-		_ = reporter.Close(lastWords)
-	}()
-	reporter.RunDaemon()
-
-	reporter.Logf("received task %v of job %v", task.Id, task.Context.Fields["job"].GetStringValue())
-
-	workflowsPath, err := getWorkflowsPath(t.Input.repoDirectory)
-	if err != nil {
-		lastWords = err.Error()
-		return err
-	}
-	t.log.Debugf("workflows path: %s", workflowsPath)
-
-	workflow, err := model.ReadWorkflow(bytes.NewReader(task.WorkflowPayload))
-	if err != nil {
-		lastWords = err.Error()
-		return err
-	}
-
-	var plan *model.Plan
-	jobIDs := workflow.GetJobIDs()
-	if len(jobIDs) != 1 {
-		err := fmt.Errorf("multiple jobs found: %v", jobIDs)
-		lastWords = err.Error()
-		return err
-	}
-	jobID := jobIDs[0]
-	plan = model.CombineWorkflowPlanner(workflow).PlanJob(jobID)
-	job := workflow.GetJob(jobID)
-	reporter.ResetSteps(len(job.Steps))
-
-	log.Infof("plan: %+v", plan.Stages[0].Runs)
-
-	token := getToken(task)
-	dataContext := task.Context.Fields
-
-	log.Infof("task %v repo is %v %v %v", task.Id, dataContext["repository"].GetStringValue(),
-		dataContext["gitea_default_actions_url"].GetStringValue(),
-		t.client.Address())
-
-	preset := &model.GithubContext{
-		Event:           dataContext["event"].GetStructValue().AsMap(),
-		RunID:           dataContext["run_id"].GetStringValue(),
-		RunNumber:       dataContext["run_number"].GetStringValue(),
-		Actor:           dataContext["actor"].GetStringValue(),
-		Repository:      dataContext["repository"].GetStringValue(),
-		EventName:       dataContext["event_name"].GetStringValue(),
-		Sha:             dataContext["sha"].GetStringValue(),
-		Ref:             dataContext["ref"].GetStringValue(),
-		RefName:         dataContext["ref_name"].GetStringValue(),
-		RefType:         dataContext["ref_type"].GetStringValue(),
-		HeadRef:         dataContext["head_ref"].GetStringValue(),
-		BaseRef:         dataContext["base_ref"].GetStringValue(),
-		Token:           token,
-		RepositoryOwner: dataContext["repository_owner"].GetStringValue(),
-		RetentionDays:   dataContext["retention_days"].GetStringValue(),
-	}
-	eventJSON, err := json.Marshal(preset.Event)
-	if err != nil {
-		lastWords = err.Error()
-		return err
-	}
-
-	maxLifetime := 3 * time.Hour
-	if deadline, ok := ctx.Deadline(); ok {
-		maxLifetime = time.Until(deadline)
-	}
-
-	input := t.Input
-	config := &runner.Config{
-		Workdir:               "/" + preset.Repository,
-		BindWorkdir:           false,
-		ReuseContainers:       false,
-		ForcePull:             input.forcePull,
-		ForceRebuild:          input.forceRebuild,
-		LogOutput:             true,
-		JSONLogger:            input.jsonLogger,
-		Env:                   input.envs,
-		Secrets:               task.Secrets,
-		InsecureSecrets:       input.insecureSecrets,
-		Privileged:            input.privileged,
-		UsernsMode:            input.usernsMode,
-		ContainerArchitecture: input.containerArchitecture,
-		ContainerDaemonSocket: input.containerDaemonSocket,
-		UseGitIgnore:          input.useGitIgnore,
-		GitHubInstance:        t.client.Address(),
-		ContainerCapAdd:       input.containerCapAdd,
-		ContainerCapDrop:      input.containerCapDrop,
-		AutoRemove:            true,
-		ArtifactServerPath:    input.artifactServerPath,
-		ArtifactServerPort:    input.artifactServerPort,
-		NoSkipCheckout:        true,
-		PresetGitHubContext:   preset,
-		EventJSON:             string(eventJSON),
-		ContainerNamePrefix:   fmt.Sprintf("GITEA-ACTIONS-TASK-%d", task.Id),
-		ContainerMaxLifetime:  maxLifetime,
-		ContainerNetworkMode:  input.containerNetworkMode,
-		DefaultActionInstance: dataContext["gitea_default_actions_url"].GetStringValue(),
-		PlatformPicker:        t.platformPicker,
-	}
-	r, err := runner.New(config)
-	if err != nil {
-		lastWords = err.Error()
-		return err
-	}
-
-	artifactCancel := artifacts.Serve(ctx, input.artifactServerPath, input.artifactServerPort)
-	t.log.Debugf("artifacts server started at %s:%s", input.artifactServerPath, input.artifactServerPort)
-
-	executor := r.NewPlanExecutor(plan).Finally(func(ctx context.Context) error {
-		artifactCancel()
-		return nil
-	})
-
-	t.log.Infof("workflow prepared")
-	reporter.Logf("workflow prepared")
-
-	// add logger recorders
-	ctx = common.WithLoggerHook(ctx, reporter)
-
-	if err := executor(ctx); err != nil {
-		lastWords = err.Error()
-		return err
-	}
-
-	return nil
-}

scripts/rootless.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+# wait for docker daemon
+while ! nc -z localhost 2376 </dev/null; do
+  echo 'waiting for docker daemon...'
+  sleep 5
+done
+
+. /opt/act/run.sh

scripts/run.sh

@@ -0,0 +1,57 @@
+#!/usr/bin/env bash
+
+if [[ ! -d /data ]]; then
+  mkdir -p /data
+fi
+
+cd /data
+
+RUNNER_STATE_FILE=${RUNNER_STATE_FILE:-'.runner'}
+
+CONFIG_ARG=""
+if [[ ! -z "${CONFIG_FILE}" ]]; then
+  CONFIG_ARG="--config ${CONFIG_FILE}"
+fi
+EXTRA_ARGS=""
+if [[ ! -z "${GITEA_RUNNER_LABELS}" ]]; then
+  EXTRA_ARGS="${EXTRA_ARGS} --labels ${GITEA_RUNNER_LABELS}"
+fi
+
+# In case no token is set, it's possible to read the token from a file, i.e. a Docker Secret
+if [[ -z "${GITEA_RUNNER_REGISTRATION_TOKEN}" ]] && [[ -f "${GITEA_RUNNER_REGISTRATION_TOKEN_FILE}" ]]; then
+  GITEA_RUNNER_REGISTRATION_TOKEN=$(cat "${GITEA_RUNNER_REGISTRATION_TOKEN_FILE}")
+fi
+
+# Use the same ENV variable names as https://github.com/vegardit/docker-gitea-act-runner
+test -f "$RUNNER_STATE_FILE" || echo "$RUNNER_STATE_FILE is missing or not a regular file"
+
+if [[ ! -s "$RUNNER_STATE_FILE" ]]; then
+  try=$((try + 1))
+  success=0
+
+  # The point of this loop is to make it simple, when running both act_runner and gitea in docker,
+  # for the act_runner to wait a moment for gitea to become available before erroring out.  Within
+  # the context of a single docker-compose, something similar could be done via healthchecks, but
+  # this is more flexible.
+  while [[ $success -eq 0 ]] && [[ $try -lt ${GITEA_MAX_REG_ATTEMPTS:-10} ]]; do
+    act_runner register \
+      --instance "${GITEA_INSTANCE_URL}" \
+      --token    "${GITEA_RUNNER_REGISTRATION_TOKEN}" \
+      --name     "${GITEA_RUNNER_NAME:-`hostname`}" \
+      ${CONFIG_ARG} ${EXTRA_ARGS} --no-interactive 2>&1 | tee /tmp/reg.log
+
+    cat /tmp/reg.log | grep 'Runner registered successfully' > /dev/null
+    if [[ $? -eq 0 ]]; then
+      echo "SUCCESS"
+      success=1
+    else
+      echo "Waiting to retry ..."
+      sleep 5
+    fi
+  done
+fi
+# Prevent reading the token from the act_runner process
+unset GITEA_RUNNER_REGISTRATION_TOKEN
+unset GITEA_RUNNER_REGISTRATION_TOKEN_FILE
+
+act_runner daemon ${CONFIG_ARG}

scripts/supervisord.conf

@@ -0,0 +1,17 @@
+[supervisord]
+nodaemon=true
+logfile=/dev/null
+logfile_maxbytes=0
+
+[program:dockerd]
+command=/usr/local/bin/dockerd-entrypoint.sh
+
+[program:act_runner]
+stdout_logfile=/dev/fd/1
+stdout_logfile_maxbytes=0
+redirect_stderr=true
+command=/opt/act/rootless.sh
+
+[eventlistener:processes]
+command=bash -c "echo READY && read line && kill -SIGQUIT $PPID"
+events=PROCESS_STATE_STOPPED,PROCESS_STATE_EXITED,PROCESS_STATE_FATAL