casjaysdevdocker/gitea
1
0
Fork 0
mirror of https://github.com/casjaysdevdocker/gitea synced 2026-05-24 15:28:44 -04:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

🐛 Fix act_runner token generation and gitea auto-install 🐛

Browse Source 
Runner registration was broken by three compounding bugs:
1. Token generated at script init time (before gitea was ready)
2. gitea CLI missing --work-path/--custom-path flags, writing fatal
log messages to stdout which got captured as the token value
3. Token assignment inside a piped subshell didn't propagate back
to the parent shell, leaving SYS_AUTH_TOKEN empty at runtime
4. INSTALL_LOCK=false in app.ini template caused gitea to start in
install-wizard mode, making generate-runner-token always fail
- rootfs/tmp/etc/gitea/app.ini: set INSTALL_LOCK=true so gitea
auto-initializes the SQLite DB on first run
- rootfs/usr/local/etc/docker/init.d/zz-act_runner.sh:
- defer SYS_AUTH_TOKEN: initialize to empty at global scope,
generate in __run_pre_execute_checks after gitea is confirmed up
- add --work-path/--custom-path to gitea CLI call; filter output
with grep -oE '[A-Za-z0-9]{20,}' to extract only the token
- guard token generation on INSTALL_LOCK=true in app.ini
- read token back from $CONF_DIR/tokens/system after the piped
__run_pre_execute_checks call returns (subshell escape)
Tested: fresh start registers all 5 runners with full 22-label set;
restart skips re-registration and reconnects all 5 daemons cleanly.

rootfs/tmp/etc/gitea/app.ini
rootfs/usr/local/etc/docker/init.d/zz-act_runner.sh
This commit is contained in:
casjay
2026-05-24 14:11:11 -04:00
parent 3a21cd6091
commit e8021e29e2
2 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rootfs/tmp/etc/gitea/app.ini
View File

@@ -187,7 +187,7 @@ MAX_DAYS = 1
ROOT_PATH = REPLACE_LOG_DIR
; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[security]
INSTALL_LOCK = false
INSTALL_LOCK = true
SECRET_KEY = REPLACE_SECRET_KEY
INTERNAL_TOKEN = REPLACE_GITEA_INTERNAL_TOKEN
PASSWORD_HASH_ALGO = argon2

12
rootfs/usr/local/etc/docker/init.d/zz-act_runner.sh
View File

@@ -128,7 +128,12 @@ __gen_auth_token() {
auth_token="$(<"$CONF_DIR/tokens/system")"
fi
auth_token="$(echo "$auth_token" | grep -vE '# |^$')"
auth_token="${auth_token:-$(gosu $user $gitea_bin --config "$conf_file" actions generate-runner-token 2>/dev/null | grep -vE '\.\.\.|# |^$')}"
if [ -z "$auth_token" ] && [ -n "$gitea_bin" ] && [ -n "$conf_file" ]; then
# Only attempt token generation if gitea is fully installed (INSTALL_LOCK = true)
if grep -qiE 'INSTALL_LOCK\s*=\s*true' "$conf_file" 2>/dev/null; then
auth_token="$(gosu $user $gitea_bin --config "$conf_file" --work-path /data/gitea --custom-path /config/gitea/custom actions generate-runner-token 2>/dev/null | grep -oE '[A-Za-z0-9]{20,}' | tail -n1)"
fi
fi
if [ -n "$auth_token" ]; then
exitCode=0
echo "$auth_token"
@@ -230,7 +235,7 @@ user_pass="${ACT_RUNNER_USER_PASS_WORD:-}" # normal user password
# - - - - - - - - - - - - - - - - - - - - - - - - -
# Additional predefined variables
GITEA_PORT="${GITEA_PORT:-80}"
SYS_AUTH_TOKEN="$(__gen_auth_token)"
SYS_AUTH_TOKEN=""
GITEA_USER="${GITEA_USER:-$SERVICE_USER}"
INSTANCE_HOSTNAME="${GITEA_HOSTNAME:-$HOSTNAME}"
RUNNERS_START="${RUNNERS_START:-5}"
@@ -334,6 +339,7 @@ __run_pre_execute_checks() {
[ -d "$CONF_DIR/reg" ] || mkdir -p "$CONF_DIR/reg"
[ -d "$DATA_DIR/cache" ] || mkdir -p "$DATA_DIR/cache"
[ -d "$CONF_DIR/tokens" ] || mkdir -p "$CONF_DIR/tokens"
SYS_AUTH_TOKEN="${SYS_AUTH_TOKEN:-$(__gen_auth_token)}"
if [ -f "$RUNNER_CONFIG_DEFAULT" ]; then
mkdir -p "$RUNNER_DEFAULT_HOME" "$TMP_DIR/runners/gitea"
[ -f "$RUNNER_DEFAULT_HOME/$RUNNER_CONFIG_NAME" ] || copy "$RUNNER_CONFIG_DEFAULT" "$RUNNER_DEFAULT_HOME/$RUNNER_CONFIG_NAME"
@@ -915,6 +921,8 @@ __fix_permissions "$SERVICE_USER" "$SERVICE_GROUP"
# - - - - - - - - - - - - - - - - - - - - - - - - -
#
__run_pre_execute_checks 2>/dev/stderr | tee -a -p "/data/logs/entrypoint.log" "/data/logs/init.txt" || return 20
# Token was set inside a subshell (pipe); read it back from the file written by __gen_auth_token
[ -z "$SYS_AUTH_TOKEN" ] && [ -s "$CONF_DIR/tokens/system" ] && SYS_AUTH_TOKEN="$(<"$CONF_DIR/tokens/system")"
# - - - - - - - - - - - - - - - - - - - - - - - - -
__run_start_script 2>>/dev/stderr | tee -p -a "/data/logs/entrypoint.log"
errorCode=${PIPESTATUS[0]}