Allow reading registration token from file (#350)
When deploying the runner in a Docker Swarm setup, it can be useful to read the potentially sensitive token from a secret instead of having to pass it from an environment variable. Co-authored-by: Frederik Ring <frederik.ring@gmail.com> Reviewed-on: https://gitea.com/gitea/act_runner/pulls/350 Reviewed-by: Jason Song <i@wolfogre.com> Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: m90 <m90@noreply.gitea.com> Co-committed-by: m90 <m90@noreply.gitea.com>
This commit is contained in:
parent
ed35b09b8f
commit
10dc6fb60d
2 changed files with 9 additions and 0 deletions
|
@ -16,5 +16,8 @@
|
|||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
environment:
|
||||
- GITEA_INSTANCE_URL=<instance url>
|
||||
# When using Docker Secrets, it's also possible to use
|
||||
# GITEA_RUNNER_REGISTRATION_TOKEN_FILE to pass the location.
|
||||
# The env var takes precedence
|
||||
- GITEA_RUNNER_REGISTRATION_TOKEN=<registration token>
|
||||
```
|
||||
|
|
|
@ -15,6 +15,11 @@ if [[ ! -z "${GITEA_RUNNER_LABELS}" ]]; then
|
|||
EXTRA_ARGS="${EXTRA_ARGS} --labels ${GITEA_RUNNER_LABELS}"
|
||||
fi
|
||||
|
||||
# In case no token is set, it's possible to read the token from a file, i.e. a Docker Secret
|
||||
if [[ -z "${GITEA_RUNNER_REGISTRATION_TOKEN}" ]] && [[ -f "${GITEA_RUNNER_REGISTRATION_TOKEN_FILE}" ]]; then
|
||||
GITEA_RUNNER_REGISTRATION_TOKEN=$(cat "${GITEA_RUNNER_REGISTRATION_TOKEN_FILE}")
|
||||
fi
|
||||
|
||||
# Use the same ENV variable names as https://github.com/vegardit/docker-gitea-act-runner
|
||||
|
||||
if [[ ! -s .runner ]]; then
|
||||
|
@ -44,5 +49,6 @@ if [[ ! -s .runner ]]; then
|
|||
fi
|
||||
# Prevent reading the token from the act_runner process
|
||||
unset GITEA_RUNNER_REGISTRATION_TOKEN
|
||||
unset GITEA_RUNNER_REGISTRATION_TOKEN_FILE
|
||||
|
||||
act_runner daemon ${CONFIG_ARG}
|
||||
|
|
Loading…
Reference in a new issue