From f19795615c2590ab827191ef2d9096d1ba610cb3 Mon Sep 17 00:00:00 2001
From: Erich Blume <blume.erich@gmail.com>
Date: Sun, 25 Jan 2026 18:06:33 -0800
Subject: [PATCH] Simplify forgejo-runner to job execution image

- Remove daemon entrypoint (host runner handles daemon)
- Add Node.js 20.x for GitHub Actions compatibility
- Keep Docker CLI for container builds
- Switch workflow back to ubuntu-latest (host runner)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .forgejo/workflows/build-container.yaml |  2 +-
 .github/actionlint.yaml                 |  1 +
 containers/forgejo-runner/Dockerfile    | 51 +++++++------------------
 containers/forgejo-runner/config.yaml   | 25 ------------
 containers/forgejo-runner/entrypoint.sh | 36 -----------------
 5 files changed, 16 insertions(+), 99 deletions(-)
 delete mode 100644 containers/forgejo-runner/config.yaml
 delete mode 100644 containers/forgejo-runner/entrypoint.sh

diff --git a/.forgejo/workflows/build-container.yaml b/.forgejo/workflows/build-container.yaml
index 8ccf48f..6ed1be8 100644
--- a/.forgejo/workflows/build-container.yaml
+++ b/.forgejo/workflows/build-container.yaml
@@ -15,7 +15,7 @@ on:
 
 jobs:
   build:
-    runs-on: docker
+    runs-on: ubuntu-latest
     steps:
       - name: Parse tag
         id: parse
diff --git a/.github/actionlint.yaml b/.github/actionlint.yaml
index 0735751..0f274ef 100644
--- a/.github/actionlint.yaml
+++ b/.github/actionlint.yaml
@@ -1,3 +1,4 @@
 self-hosted-runner:
   labels:
+    - ubuntu-latest
     - docker
diff --git a/containers/forgejo-runner/Dockerfile b/containers/forgejo-runner/Dockerfile
index 0f8addb..dcdcc78 100644
--- a/containers/forgejo-runner/Dockerfile
+++ b/containers/forgejo-runner/Dockerfile
@@ -1,26 +1,15 @@
-# Forgejo Actions Runner - Containerized
+# Forgejo Actions Job Execution Image
 #
-# A containerized runner capable of building containers via Docker socket mount.
-# Part of the runner ratcheting plan (Phase 1+).
+# This image is used as the job execution environment for Forgejo Actions.
+# The host runner daemon creates containers from this image to run workflow steps.
 #
-# Build:
-#   docker build -t registry.ops.eblu.me/blumeops/forgejo-runner:v1.0.0 .
+# Includes: Node.js (for GitHub Actions), Docker CLI, git, and common CI tools.
 #
-# Run (Phase 1 - Docker on indri):
-#   docker run -d \
-#     --name forgejo-runner \
-#     -v /var/run/docker.sock:/var/run/docker.sock \
-#     -e FORGEJO_URL=https://forge.ops.eblu.me \
-#     -e RUNNER_TOKEN=<token> \
-#     -e RUNNER_NAME=indri-docker-runner \
-#     registry.ops.eblu.me/blumeops/forgejo-runner:v1.0.0
-#
-# The runner registers itself on first start and persists state in /data.
+# Usage: Configure runner with label like:
+#   docker:docker://registry.ops.eblu.me/blumeops/forgejo-runner:latest
 
 FROM debian:bookworm-slim
 
-# Forgejo runner version - check https://code.forgejo.org/forgejo/runner/releases
-ARG RUNNER_VERSION=6.3.1
 ARG TARGETARCH
 
 # Install base dependencies
@@ -34,7 +23,12 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     xz-utils \
     && rm -rf /var/lib/apt/lists/*
 
-# Install Docker CLI (not daemon - we mount the socket)
+# Install Node.js 20.x (required for actions/checkout@v4 and other GitHub Actions)
+RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
+    && apt-get install -y --no-install-recommends nodejs \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install Docker CLI (for container builds - daemon accessed via socket mount)
 RUN install -m 0755 -d /etc/apt/keyrings \
     && curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc \
     && chmod a+r /etc/apt/keyrings/docker.asc \
@@ -43,22 +37,5 @@ RUN install -m 0755 -d /etc/apt/keyrings \
     && apt-get install -y --no-install-recommends docker-ce-cli \
     && rm -rf /var/lib/apt/lists/*
 
-# Install forgejo-runner
-RUN ARCH=$(case "${TARGETARCH}" in "amd64") echo "amd64";; "arm64") echo "arm64";; *) echo "amd64";; esac) \
-    && curl -fsSL "https://code.forgejo.org/forgejo/runner/releases/download/v${RUNNER_VERSION}/forgejo-runner-${RUNNER_VERSION}-linux-${ARCH}.xz" -o /tmp/runner.xz \
-    && xz -d /tmp/runner.xz \
-    && mv /tmp/runner /usr/local/bin/forgejo-runner \
-    && chmod +x /usr/local/bin/forgejo-runner
-
-# Create data directory for runner state
-RUN mkdir -p /data
-WORKDIR /data
-
-# Copy entrypoint script
-COPY entrypoint.sh /entrypoint.sh
-RUN chmod +x /entrypoint.sh
-
-# Copy runner config template
-COPY config.yaml /etc/forgejo-runner/config.yaml
-
-ENTRYPOINT ["/entrypoint.sh"]
+# Default to bash
+CMD ["/bin/bash"]
diff --git a/containers/forgejo-runner/config.yaml b/containers/forgejo-runner/config.yaml
deleted file mode 100644
index 60ad82e..0000000
--- a/containers/forgejo-runner/config.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-# Forgejo Runner configuration
-# See: https://forgejo.org/docs/latest/admin/actions/#configuration
-
-log:
-  level: info
-
-runner:
-  file: /data/.runner
-  capacity: 2
-  timeout: 3h
-  # Fetch task interval
-  fetch_timeout: 5s
-  fetch_interval: 2s
-
-container:
-  # Use host network so containers can reach services on the host
-  # (e.g., registry.ops.eblu.me resolves to host's Tailscale IP)
-  network: host
-  # Don't use privileged mode by default
-  privileged: false
-  # Mount docker socket for container builds
-  options: -v /var/run/docker.sock:/var/run/docker.sock
-  # Valid volumes that can be mounted
-  valid_volumes:
-    - /var/run/docker.sock
diff --git a/containers/forgejo-runner/entrypoint.sh b/containers/forgejo-runner/entrypoint.sh
deleted file mode 100644
index 9977ce9..0000000
--- a/containers/forgejo-runner/entrypoint.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/bash
-# Forgejo Runner entrypoint script
-#
-# Registers the runner on first start, then runs the daemon.
-# State is persisted in /data so restarts don't re-register.
-
-set -e
-
-# Required environment variables
-: "${FORGEJO_URL:?FORGEJO_URL is required (e.g., https://forge.ops.eblu.me)}"
-: "${RUNNER_TOKEN:?RUNNER_TOKEN is required (from Forgejo admin > Actions > Runners)}"
-
-# Optional environment variables with defaults
-RUNNER_NAME="${RUNNER_NAME:-forgejo-runner}"
-RUNNER_LABELS="${RUNNER_LABELS:-docker:docker://debian:bookworm-slim}"
-
-# Registration file indicates runner is already registered
-RUNNER_FILE="/data/.runner"
-
-# Register if not already registered
-if [ ! -f "$RUNNER_FILE" ]; then
-    echo "Registering runner '${RUNNER_NAME}' with ${FORGEJO_URL}..."
-    forgejo-runner register \
-        --instance "${FORGEJO_URL}" \
-        --token "${RUNNER_TOKEN}" \
-        --name "${RUNNER_NAME}" \
-        --labels "${RUNNER_LABELS}" \
-        --no-interactive
-    echo "Registration complete."
-else
-    echo "Runner already registered, skipping registration."
-fi
-
-# Start the runner daemon
-echo "Starting forgejo-runner daemon..."
-exec forgejo-runner daemon --config /etc/forgejo-runner/config.yaml