fc1240060e
Before migrating to v8.0.0 with schema validation, existing workflows can be verified to pass with `forgejo-runner exec`. Refs forgejo/act#170 Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/693 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Co-authored-by: Earl Warren <contact@earl-warren.org> Co-committed-by: Earl Warren <contact@earl-warren.org>
13 KiB
13 KiB
Release Notes
8.0.0 (not published yet)
- Breaking change: workflows files go through a schema validation and will not run if they do not pass. Some existing workflows may have syntax errors that did not prevent them from running with versions 7.0.0 and below but they will no longer work with versions 8.0.0 and above.
Existing workflows can be verified and fixed before upgrading by using
forgejo-runner exec --workflows path-to-the-workflow. For instance in a workflow whereruins-onwas typed by mistake instead ofruns-on:
If the error is not immediately obvious, please file an issue with a copy of the failed workflow and revert to using version 7.0.0 until it is resolved.$ forgejo-runner exec --event unknown --workflows ../forgejo/.forgejo/workflows/build-release.yml Error: workflow is not valid. 'build-release.yml': Line: 32 Column 5: Failed to match job-factory: Line: 32 Column 5: Unknown Property ruins-on Line: 32 Column 5: Failed to match workflow-job: Line: 32 Column 5: Unknown Property ruins-on Line: 35 Column 5: Unknown Property steps Forgejo Actions YAML Schema validation error - Breaking change: in the absence of a label or a label, default to
docker://node:22-bookworminstead ofdocker://node:20-bullseyeorhost. If thelxcscheme is set with no argument, it defaults tolxc://debian:bookworminstead oflxc://debian:bullseye. - Breaking change: bash fallback to sh if it is not available. It will use
bashinstead ofshwhen a container image is explicitly specified in the step. If a workflow depens on that behavior, it will need to be modified to explictly set the shell tosh. - secrets that contain multiple lines are masked from the output.
7.0.0
- Breaking change: forgejo-runner exec --forgejo-instance replaces --gitea-instance.
- fix a v6.4.0 regression that fail a job when if: false.
- forge.FORGEJO_* can be used instead of github.GITHUB_*, e.g.
forge.FORGEJO_REPOSITORYis the same asgithub.GITHUB_REPOSITORY. TheGITHUB_*environment variables are preserved indefinitely for backward compatibiliy with existing workflows and actions. - support for forgejo-runner exec --var.
- do not force WORKING_DIR in service containers.
- remove the local action cache if the remote has changed, e.g. when DEFAULT_ACTIONS_URL is modified in the forgejo configuration.
6.4.0
Do not use, it contains a regression fixed in 7.0.0.
- Update code.forgejo.org/forgejo/act to v1.26.0. This brings several security updates, as well as offline action caching.
- Remove unused x-runner-version header.
- Upgrade lxc-systemd using a URL instead of a version.
- Correctly use HTTP proxy if insecure is true.
- Update golang.org/x/crypto to a version that is not susceptible to DOS attack.
- Update golang.org/x/net to a version with several security fixes.
6.3.1
- Fixed an issue which caused data races and timeouts in certain cases, which would cause cache storing and retrieval to fail.
6.3.0
- Caches are now correctly scoped to repositories. Require authentication for cache requests, and set up cache proxy to provide authentication transparently and automatically.
6.2.2
- LXC systemd service unit example script learned how to upgrade.
6.2.1
6.2.0
- The
container.optionsallows--hostname.
6.1.0
- Add
[container].force_rebuildconfig option to force rebuilding of local docker images, even if they are already present. - Add new
--one-jobflag to execute a previously configured runner, execute one task if it exists and exit. Motivation here
6.0.1
- Fixes a regression that was introduced in version 6.0.0 by which the
[container].optionsconfig file setting was ignored.
6.0.0
- Security: the container options a job is allowed to specify are limited to a predefined allow list.
5.0.4
- Define FORGEJO_TOKEN as an alias to GITHUB_TOKEN
5.0.3
- Fixes a regression that was introduced in version 5.0.0 by which it was no longer possible to mount the docker socket in each container by specifying
[container].docker_host = "". This is now implemented when[container].docker_host = "automount"is specified.
5.0.2
- Fixes a regression that was introduced in version 5.0.0 by which skipped jobs were marked as failed instead. The workaround is to change the job log level to debug
[log].job_level: debug.
5.0.1
- Security: the
/opt/hostedtoolcachedirectory is now unique to each job instead of being shared to avoid a risk of corruption. It is still advertised in theRUNNER_TOOL_CACHEenvironment variable. Custom container images can be built to pre-populate this directory with frequently used tools and some actions (such assetup-go) will benefit from that.
5.0.0
- Breaking change: the default configuration for
docker_hostis changed to not mounting the docker server socket even when no configuration file is provided. - Add job_level logging option to config to make the logging level of jobs configurable. Change default from "trace" to "info".
- Don't log job output when debug logging is not enabled. This reduces the default amount of log output of the runner.
4.0.1
- Do not panic when the number of arguments of a function evaluated in an expression is incorect.
4.0.0
- Breaking change: fix the default configuration for
docker_hostis changed to not mounting the docker server socket. - Remove debug information from the setup of a workflow.
- Fix crash in some cases when the YAML structure is not as expected.
3.5.1
- Fix CVE-2024-24557
- Add report_interval option to config to allow setting the interval of status and log reports
3.5.0
- Allow graceful shutdowns: when receiving a signal (INT or TERM) wait for running jobs to complete (up to shutdown_timeout).
- Fix label declaration: Runner in daemon mode now takes labels found in config.yml into account when declaration was successful.
- Fix the docker compose example to workaround the race on labels.
- Fix the kubernetes dind example.
- Rewrite ::group:: and ::endgroup:: commands like github.
- Added opencontainers labels to the image
- Upgrade the default container to node:20
3.4.1
- Fixes a regression introduced in 3.4.0 by which a job with no image explicitly set would be bound to the host network instead of a custom network (empty string in the configuration file).
3.4.0
Although this version is able to run actions/upload-artifact@v4 and actions/download-artifact@v4, these actions will fail because it does not run against GitHub.com. A fork of those two actions with this check disabled is made available at:
- https://code.forgejo.org/forgejo/upload-artifact/src/tag/v4
- https://code.forgejo.org/forgejo/download-artifact/src/tag/v4
and they can be used as shown in an example from the end-to-end test suite.
- When running against codeberg.org, the default poll frequency is 30s instead of 2s.
- Fix compatibility issue with actions/{upload,download}-artifact@v4.
- Upgrade ACT v1.20.0 which brings:
[container].optionsfrom the config file is exposed in containers created by the workflows- the expressions in the value of
jobs.<job-id>.runs-onare evaluated - fix a bug causing the evaluated expression of
jobs.<job-id>.runs-onto fail if it was an array - mount
act-toolcache:/opt/hostedtoolcacheinstead ofact-toolcache:/toolcache - a few improvements to the readability of the error messages displayed in the logs
amd64can be used instead ofx86_64andarm64intead ofaarch64when specifying the architecture- fixed YAML parsing bugs preventing dispatch workflows to be parsed correctly
- add support for
runs-on.labelswhich is equivalent toruns-onfollowed by a list of labels - the expressions in the service
portsandvolumesvalues are evaluated - network aliases are only supported when the network is user specified, not when it is provided by the runner
- If
[runner].insecureis true in the configuration, insecure cloning actions is allowed
3.3.0
- Support IPv6 with addresses from a private range and NAT for docker:// with --enable-ipv6 and [container].enable_ipv6 lxc:// always
3.2.0
- Support LXC container capabilities via
lxc:lxc://debian:bookworm:k8sorlxc:lxc://debian:bookworm:docker lxc k8s - Update ACT v1.16.0 to resolve a race condition when bootstraping LXC templates
3.1.0
The self-hosted label that was hardwired to be a LXC container
running debian:bullseye was reworked and documented (user guide and admin guide).
There now are two different schemes: lxc:// for LXC containers and
host:// for running directly on the host.
- Support the
host://scheme for running directly on the host. - Support the
lxc://scheme in labels - Update code.forgejo.org/forgejo/act v1.14.0 to implement both self-hosted and LXC schemes
3.0.3
- Update code.forgejo.org/forgejo/act v1.13.0 to keep up with github.com/nektos/act
3.0.2
- Update code.forgejo.org/forgejo/act v1.12.0 to upgrade the node installed in the LXC container to node20
3.0.1
- Update code.forgejo.org/forgejo/act v1.11.0 to resolve a bug preventing actions based on node20 from running, such as checkout@v4.
3.0.0
- Publish a rootless OCI image
- Refactor the release process
2.5.0
2.4.0
2.3.0
- Add support for offline registration.