From f6d544b34912664ece08793216ede78a68417d57 Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Sun, 22 Feb 2026 17:18:58 -0800 Subject: [PATCH] Review runner config for v12 compatibility Compared forgejo-runner generate-config output between v6.3.1 and v12.7.0. Config is minimal and remains valid. Added shutdown_timeout: 3h for graceful pod termination. Marked review-runner-config-v12 Mikado card complete. Co-Authored-By: Claude Opus 4.6 --- .../manifests/forgejo-runner/configmap.yaml | 2 + .../review-runner-config-v12.md | 55 ++++++------------- 2 files changed, 18 insertions(+), 39 deletions(-) diff --git a/argocd/manifests/forgejo-runner/configmap.yaml b/argocd/manifests/forgejo-runner/configmap.yaml index 18d5448..3b0df5b 100644 --- a/argocd/manifests/forgejo-runner/configmap.yaml +++ b/argocd/manifests/forgejo-runner/configmap.yaml @@ -5,6 +5,7 @@ metadata: namespace: forgejo-runner data: config.yaml: | + # Reviewed against v12.7.0 defaults (2026-02-22) log: level: info @@ -12,6 +13,7 @@ data: file: /data/.runner capacity: 2 timeout: 3h + shutdown_timeout: 3h # Env vars injected into all job containers envs: DOCKER_HOST: tcp://127.0.0.1:2375 diff --git a/docs/how-to/forgejo-runner/review-runner-config-v12.md b/docs/how-to/forgejo-runner/review-runner-config-v12.md index 96a5ca7..63406e3 100644 --- a/docs/how-to/forgejo-runner/review-runner-config-v12.md +++ b/docs/how-to/forgejo-runner/review-runner-config-v12.md @@ -1,6 +1,5 @@ --- title: Review Runner Config for v12 -status: active modified: 2026-02-22 tags: - how-to @@ -12,48 +11,26 @@ tags: Compare the current runner ConfigMap against the v12.7.0 default config to identify new, changed, or deprecated keys. -## Background +## Findings -The runner config in `argocd/manifests/forgejo-runner/configmap.yaml` was written for v6.3.1. Six major versions may have introduced new config keys, changed defaults, or deprecated options. +Compared `forgejo-runner generate-config` output from v6.3.1 and v12.7.0. Our config is minimal and remains valid for v12. -## Current Config +### New sections in v12 (not adopted) -```yaml -log: - level: info -runner: - file: /data/.runner - capacity: 2 - timeout: 3h - envs: - DOCKER_HOST: tcp://127.0.0.1:2375 - TZ: America/Los_Angeles -container: - network: "host" - docker_host: tcp://127.0.0.1:2375 -``` - -## Steps - -1. Fetch the v12.7.0 example config: - ```fish - curl -L "https://code.forgejo.org/forgejo/runner/raw/tag/v12.7.0/.forgejo-runner.example.yaml" - ``` -2. Diff against our current config — note new sections/keys -3. Check the release notes for each major version (v7–v12) for config-related changes: - - v7.0: `FORGEJO_*` env vars (backward compat with `GITHUB_*`) - - v8.0: Default container image change - - v12.7: `server.connections` for multi-server polling; secret URLs; ephemeral mode -4. Decide which new keys to adopt (if any) and update the ConfigMap -5. Pay attention to `container.valid_volumes` and `container.options` (added in v6.x for security) — we may want to configure these - -## Key Areas to Check - -- **`container.valid_volumes`** — allowlist for volume mounts in job containers (security hardening from v6.x) -- **`container.options`** — allowlist for container options -- **`runner.envs`** — are `FORGEJO_*` vars needed alongside `GITHUB_*`? -- **Ephemeral mode** (v12.7) — one-shot runners that de-register after a job. Not needed now but worth noting. - **`server.connections`** — multi-server polling. Not needed (single Forgejo instance). +- **`cache.secret_url`** — load cache secret from file URL. Not needed. +- **`runner.report_retry`** — retry config for log uploads. Defaults are fine. + +### Changed semantics + +- **`container.docker_host`** — v12 supports `unix://` and `ssh://` URLs. Our explicit `tcp://127.0.0.1:2375` still correct for DinD sidecar. +- **`cache`** section restructured with proxy/server split and better docs. We don't configure cache, so defaults apply. + +### Config update applied + +Added `shutdown_timeout: 3h` to allow graceful job completion on pod termination (v12 default, was missing from our v6 config). Added review date comment. + +`container.valid_volumes` and `container.options` left empty — our jobs use host networking and don't mount volumes. Can harden later if needed. ## Related