eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions

Upgrade forgejo-runner 12.7.0 → 12.7.3, add service card

Browse source 
Patch upgrade picks up idempotent FetchTask API, offline registration
fix, cloudflare/circl security dep update, and custom gRPC user-agent.
No config defaults changed.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Erich Blume 2026-03-30 16:31:06 -07:00
commit 1e391f96bb
6 changed files with 62 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
argocd/manifests/forgejo-runner/config.yaml
View file

@ -1,4 +1,4 @@
# Reviewed against v12.7.0 defaults (2026-02-22)
# Reviewed against v12.7.3 defaults (2026-03-30)
log:
level: info

2
argocd/manifests/forgejo-runner/kustomization.yaml
View file

@ -10,7 +10,7 @@ resources:
images:
- name: code.forgejo.org/forgejo/runner
newTag: "12.7.0"
newTag: "12.7.3"
- name: docker
newTag: 27-dind

1
docs/changelog.d/+forgejo-runner-12.7.3.infra.md Normal file
View file

@ -0,0 +1 @@
Upgrade forgejo-runner from 12.7.0 to 12.7.3 (bug fixes, security dep update). Add service reference card.

56
docs/reference/services/forgejo-runner.md Normal file
View file

@ -0,0 +1,56 @@
---
title: Forgejo Runner
modified: 2026-03-30
last-reviewed: 2026-03-30
tags:
- service
- ci-cd
---
# Forgejo Runner
Forgejo Actions runner daemon for CI/CD job execution. Runs as a Kubernetes pod on [[indri]] (minikube) with a Docker-in-Docker sidecar.
## Quick Reference
| Property | Value |
|----------|-------|
| **Namespace** | `forgejo-runner` |
| **ArgoCD App** | `forgejo-runner` |
| **Runner Name** | `k8s-runner` |
| **Labels** | `k8s` |
| **Capacity** | 2 concurrent jobs |
| **Timeout** | 3h |
| **Forgejo Instance** | https://forge.ops.eblu.me |
| **Image** | `code.forgejo.org/forgejo/runner` (see `argocd/manifests/forgejo-runner/kustomization.yaml` for current tag) |
| **DinD Sidecar** | `docker:27-dind` |
## Architecture
The pod runs two containers:
1. **runner** - The Forgejo runner daemon. Registers with the forge on first start, then polls for jobs. Talks to DinD via `tcp://localhost:2375`.
2. **dind** - Docker-in-Docker sidecar (privileged). Provides the Docker daemon for job container execution. Uses a registry mirror at `host.minikube.internal:5050` ([[zot]]).
Runner state (`/data/.runner`) is stored in an `emptyDir` volume, so re-registration happens on pod restart. The registration token comes from 1Password via [[external-secrets]].
## Job Execution Image
The actual container image used to run workflow steps is set via `RUNNER_LABELS` in the deployment, not in the runner config. This image is tracked separately as `runner-job-image` in `service-versions.yaml`. See [[build-container-image]] for how it's built.
## Network
Jobs run with `network: "host"` to share the DinD network namespace. This gives job containers access to the same DNS and network as the pod, including cluster-internal services.
## Credentials
| Secret | Source | Purpose |
|--------|--------|---------|
| `RUNNER_TOKEN` | 1Password ("Forgejo Secrets" → `runner_reg`) | Runner registration with forge |
## Related
- [[forgejo]] - The forge this runner connects to
- [[argocd]] - Deployment mechanism
- [[zot]] - Registry mirror for job image pulls
- [[build-container-image]] - How container images are built via this runner

1
docs/reference/services/forgejo.md
View file

@ -161,6 +161,7 @@ Forgejo hosts pull mirrors of external repositories (GitHub, etc.) for supply ch
## Related
- [[forgejo-runner]] - k8s CI/CD runner (minikube on indri)
- [[argocd]] - Uses Forgejo as git source
- [[authentik]] - OIDC identity provider
- [[zot]] - Container registry for built images

4
service-versions.yaml
View file

@ -234,8 +234,8 @@ services:
- name: forgejo-runner
type: argocd
last-reviewed: 2026-02-22
current-version: "12.7.0"
last-reviewed: 2026-03-30
current-version: "12.7.3"
upstream-source: https://code.forgejo.org/forgejo/runner/releases
notes: >-
Runner daemon version (code.forgejo.org/forgejo/runner). Job execution