From 44f45570059b8ea3096d78943a67fc220848f74b Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Mon, 20 Oct 2025 15:18:52 +0000 Subject: [PATCH 1/4] chore(ci): use code.forgejo.org/oci/alpine:latest (#1100) The current AWS outage revealed one location still using docker.io instead of the code.forgejo.org mirror: ``` 2025-10-20T09:22:44.6442259Z [actions-with-environment-and-context-tests/check] [DEBUG] Head "https://registry-1.docker.io/v2/library/alpine/manifests/3": received unexpected HTTP status: 503 Service Unavailable ``` https://code.forgejo.org/forgejo/runner/actions/runs/11442/jobs/2/attempt/3#jobstep-5-56398 - other - [PR](https://code.forgejo.org/forgejo/runner/pulls/1100): chore(ci): use code.forgejo.org/oci/alpine:latest Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/1100 Reviewed-by: Michael Kriese Co-authored-by: Earl Warren Co-committed-by: Earl Warren --- .../actions-environment-and-context-tests/docker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/act/runner/testdata/actions-environment-and-context-tests/docker/Dockerfile b/act/runner/testdata/actions-environment-and-context-tests/docker/Dockerfile index bd8fcb22..f50a50da 100644 --- a/act/runner/testdata/actions-environment-and-context-tests/docker/Dockerfile +++ b/act/runner/testdata/actions-environment-and-context-tests/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3 +FROM code.forgejo.org/oci/alpine:latest COPY entrypoint.sh /entrypoint.sh From 8034eaaabbe44cbd79a3b04e75d05b2db06c4a4e Mon Sep 17 00:00:00 2001 From: cascading-pr Date: Mon, 20 Oct 2025 21:03:14 +0000 Subject: [PATCH 2/4] fix: lxc_exists_and_apt_not_old must be in a transaction (#1104) cascading-pr from https://code.forgejo.org/forgejo/lxc-helpers/pulls/52 - bug fixes - [PR](https://code.forgejo.org/forgejo/runner/pulls/1104): fix: lxc_exists_and_apt_not_old must be in a transaction Co-authored-by: cascading-pr Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/1104 Reviewed-by: limiting-factor Co-authored-by: cascading-pr Co-committed-by: cascading-pr --- act/runner/lxc-helpers-lib.sh | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/act/runner/lxc-helpers-lib.sh b/act/runner/lxc-helpers-lib.sh index 3f1d997a..4d3b959a 100755 --- a/act/runner/lxc-helpers-lib.sh +++ b/act/runner/lxc-helpers-lib.sh @@ -385,11 +385,13 @@ function lxc_running() { function lxc_build_template_release() { local name="$(lxc_template_release)" + lxc_transaction_begin $name + if lxc_exists_and_apt_not_old $name; then + lxc_transaction_unlock return fi - lxc_transaction_begin $name local draft=$(lxc_transaction_draft_name) $LXC_SUDO lxc-create --name $draft --template debian -- --release=$LXC_CONTAINER_RELEASE echo 'lxc.apparmor.profile = unconfined' | $LXC_SUDO tee -a $(lxc_config $draft) @@ -405,15 +407,16 @@ function lxc_build_template() { local name="$1" local newname="$2" - if lxc_exists_and_apt_not_old $newname; then - return - fi - if test "$name" = "$(lxc_template_release)"; then lxc_build_template_release fi lxc_transaction_begin $name + if lxc_exists_and_apt_not_old $newname; then + lxc_transaction_unlock + return + fi + local draft=$(lxc_transaction_draft_name) if ! $LXC_SUDO lxc-copy --name=$name --newname=$draft; then echo lxc-copy --name=$name --newname=$draft failed From 403489591e7f722e789233c7090ee972cbaff542 Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Mon, 20 Oct 2025 21:05:05 +0000 Subject: [PATCH 3/4] Revert "chore(cleanup): lxc-helpers does not need a global lock (#1047)" (#1103) This reverts commit 996ac343ee155a4b47d89a6bf1854feb1c04fdb2. The lock is still needed to guard against the following scenario. https://code.forgejo.org/forgejo/runner/src/commit/d92a892ecebb7d5d362f252c487635c1fb9a4c6e/act/runner/run_context.go#L225-L236 - two or more jobs start - one of them creates the act template (`lxc_build_template $(lxc_template_release) $name`) - lxc-helpers now has transactions and they won't race against each other - once it is built all jobs will then try to install node in the container that was just built and race against each other with a global lock only the first one will build and populate the act template. The other will then do nothing because it already exists. The bug can trivially be reproduced with: ```yaml on: pull_request: jobs: test1: runs-on: lxc steps: - run: echo OK1 test2: runs-on: lxc steps: - run: echo OK2 test3: runs-on: lxc steps: - run: echo OK3 ``` - other - [PR](https://code.forgejo.org/forgejo/runner/pulls/1103): Revert "chore(cleanup): lxc-helpers does not need a global lock (#1047)" Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/1103 Reviewed-by: Michael Kriese Reviewed-by: limiting-factor Co-authored-by: Earl Warren Co-committed-by: Earl Warren --- act/runner/run_context.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/act/runner/run_context.go b/act/runner/run_context.go index 9e4c2981..dd72ff09 100644 --- a/act/runner/run_context.go +++ b/act/runner/run_context.go @@ -193,6 +193,8 @@ var lxcHelpers string var startTemplate = template.Must(template.New("start").Parse(`#!/bin/bash -e +exec 5<>/tmp/forgejo-runner-lxc.lock ; flock --timeout 21600 5 + LXC_CONTAINER_CONFIG="{{.Config}}" LXC_CONTAINER_RELEASE="{{.Release}}" From aab9e2281972615c7301dc3dc87fa9c085f91302 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 21 Oct 2025 03:21:33 +0000 Subject: [PATCH 4/4] Update dependency forgejo/lxc-helpers to v1.1.3 (#1106) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [forgejo/lxc-helpers](https://code.forgejo.org/forgejo/lxc-helpers) | patch | `1.1.1` -> `1.1.3` | --- ### Release Notes
forgejo/lxc-helpers (forgejo/lxc-helpers) ### [`v1.1.3`](https://code.forgejo.org/forgejo/lxc-helpers/compare/v1.1.2...v1.1.3) [Compare Source](https://code.forgejo.org/forgejo/lxc-helpers/compare/v1.1.2...v1.1.3) ### [`v1.1.2`](https://code.forgejo.org/forgejo/lxc-helpers/compare/v1.1.1...v1.1.2) [Compare Source](https://code.forgejo.org/forgejo/lxc-helpers/compare/v1.1.1...v1.1.2)
--- ### Configuration 📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/1106 Reviewed-by: Mathieu Fenniak Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- examples/lxc-systemd/forgejo-runner-service.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/lxc-systemd/forgejo-runner-service.sh b/examples/lxc-systemd/forgejo-runner-service.sh index e949f3de..370d5fff 100755 --- a/examples/lxc-systemd/forgejo-runner-service.sh +++ b/examples/lxc-systemd/forgejo-runner-service.sh @@ -20,7 +20,7 @@ trap "rm -fr $TMPDIR" EXIT : ${INPUTS_TOKEN:=} : ${INPUTS_FORGEJO:=https://code.forgejo.org} : ${INPUTS_LIFETIME:=7d} -DEFAULT_LXC_HELPERS_VERSION=1.1.1 # renovate: datasource=forgejo-tags depName=forgejo/lxc-helpers +DEFAULT_LXC_HELPERS_VERSION=1.1.3 # renovate: datasource=forgejo-tags depName=forgejo/lxc-helpers : ${INPUTS_LXC_HELPERS_VERSION:=$DEFAULT_LXC_HELPERS_VERSION} DEFAULT_RUNNER_VERSION=11.1.2 # renovate: datasource=forgejo-releases depName=forgejo/runner : ${INPUTS_RUNNER_VERSION:=$DEFAULT_RUNNER_VERSION}