Review runner config for v12 compatibility

Compared forgejo-runner generate-config output between v6.3.1 and v12.7.0.
Config is minimal and remains valid. Added shutdown_timeout: 3h for graceful
pod termination. Marked review-runner-config-v12 Mikado card complete.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

argocd/manifests/forgejo-runner/configmap.yaml

@@ -5,6 +5,7 @@ metadata:
   namespace: forgejo-runner
 data:
   config.yaml: |
+    # Reviewed against v12.7.0 defaults (2026-02-22)
     log:
       level: info
 
@@ -12,6 +13,7 @@ data:
       file: /data/.runner
       capacity: 2
       timeout: 3h
+      shutdown_timeout: 3h
       # Env vars injected into all job containers
       envs:
         DOCKER_HOST: tcp://127.0.0.1:2375

docs/how-to/forgejo-runner/review-runner-config-v12.md

@@ -1,6 +1,5 @@
 ---
 title: Review Runner Config for v12
-status: active
 modified: 2026-02-22
 tags:
   - how-to
@@ -12,48 +11,26 @@ tags:
 
 Compare the current runner ConfigMap against the v12.7.0 default config to identify new, changed, or deprecated keys.
 
-## Background
+## Findings
 
-The runner config in `argocd/manifests/forgejo-runner/configmap.yaml` was written for v6.3.1. Six major versions may have introduced new config keys, changed defaults, or deprecated options.
+Compared `forgejo-runner generate-config` output from v6.3.1 and v12.7.0. Our config is minimal and remains valid for v12.
 
-## Current Config
+### New sections in v12 (not adopted)
 
-```yaml
-log:
-  level: info
-runner:
-  file: /data/.runner
-  capacity: 2
-  timeout: 3h
-  envs:
-    DOCKER_HOST: tcp://127.0.0.1:2375
-    TZ: America/Los_Angeles
-container:
-  network: "host"
-  docker_host: tcp://127.0.0.1:2375
-```
-
-## Steps
-
-1. Fetch the v12.7.0 example config:
-   ```fish
-   curl -L "https://code.forgejo.org/forgejo/runner/raw/tag/v12.7.0/.forgejo-runner.example.yaml"
-   ```
-2. Diff against our current config — note new sections/keys
-3. Check the release notes for each major version (v7–v12) for config-related changes:
-   - v7.0: `FORGEJO_*` env vars (backward compat with `GITHUB_*`)
-   - v8.0: Default container image change
-   - v12.7: `server.connections` for multi-server polling; secret URLs; ephemeral mode
-4. Decide which new keys to adopt (if any) and update the ConfigMap
-5. Pay attention to `container.valid_volumes` and `container.options` (added in v6.x for security) — we may want to configure these
-
-## Key Areas to Check
-
-- **`container.valid_volumes`** — allowlist for volume mounts in job containers (security hardening from v6.x)
-- **`container.options`** — allowlist for container options
-- **`runner.envs`** — are `FORGEJO_*` vars needed alongside `GITHUB_*`?
-- **Ephemeral mode** (v12.7) — one-shot runners that de-register after a job. Not needed now but worth noting.
 - **`server.connections`** — multi-server polling. Not needed (single Forgejo instance).
+- **`cache.secret_url`** — load cache secret from file URL. Not needed.
+- **`runner.report_retry`** — retry config for log uploads. Defaults are fine.
+
+### Changed semantics
+
+- **`container.docker_host`** — v12 supports `unix://` and `ssh://` URLs. Our explicit `tcp://127.0.0.1:2375` still correct for DinD sidecar.
+- **`cache`** section restructured with proxy/server split and better docs. We don't configure cache, so defaults apply.
+
+### Config update applied
+
+Added `shutdown_timeout: 3h` to allow graceful job completion on pod termination (v12 default, was missing from our v6 config). Added review date comment.
+
+`container.valid_volumes` and `container.options` left empty — our jobs use host networking and don't mount volumes. Can harden later if needed.
 
 ## Related