From 35596a182b61992b1f4db5172a7982a055c55453 Mon Sep 17 00:00:00 2001 From: sillyguodong Date: Tue, 16 May 2023 14:46:59 +0800 Subject: [PATCH] Add configuration item of `container.network` (#184) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Close https://gitea.com/gitea/act_runner/issues/177 Related https://gitea.com/gitea/act/pulls/56 ### ⚠️ Breaking The `container.network_mode` is a deprecated configuration item. It may be removed after Gitea 1.20 released. Previously, if the value of `container.network_mode` is `bridge`, it means that `act_runner` will create a new network for job.But `bridge` is easily confused with the bridge network created by Docker by default. We recommand that using `container.network` to specify the network to which containers created by `act_runner` connect. ### 🆕 container.network The configuration file of `act_runner` add a new item of `contianer.network`. In `config.example.yaml`: ```yaml container: # Specifies the network to which the container will connect. # Could be host, bridge or the name of a custom network. # If it's empty, act_runner will create a network automatically. network: "" ``` As the comment in the example above says, the purpose of the `container.network` is specifying the network to which containers created by `act_runner` will connect. `container.network` accepts the following valid values: - `host`: All of containers (including job containers and service contianers) created by `act_runner` will be connected to the network named `host` which is created automatically by Docker. Containers will share the host’s network stack and all interfaces from the host will be available to these containers. - `bridge`: It is similar to `host`. All of containers created by `act_runner` will be connected to the network named `bridge` which is created automatically by Docker. All containers connected to the `bridge` (Perhaps there are containers that are not created by `act_runner`) are allowed to communicate with each other, while providing isolation from containers which are not connected to that `bridge` network. - ``: Please make sure that the `` network already exists firstly (`act_runner` does not detect whether the specified network exists currently. If not exists yet, will return error in the stage of `docker create`). All of containers created by `act_runner` will be connected to ``. After the job is executed, containers are removed and automatically disconnected from the ``. - empty: `act_runner` will create a new network for each job container and their service containers (if defined in workflow). So each job container and their service containers share a network environment, but are isolated from others container and the Docker host. Of course, these networks created by `act_runner` will be removed at last. ### Others - If you do not have special needs, we highly recommend that setting `container.network` to empty string (and do not use `container.network_mode` any more). Because the containers created by `act_runner` will connect to the networks that are created by itself. This point will provide better isolation. - If you set `contianer.network` to empty string or ``, we can be access to service containers by `:` in the steps of job. Because we added an alias to the service container when connecting to the network. Co-authored-by: Jason Song Reviewed-on: https://gitea.com/gitea/act_runner/pulls/184 Reviewed-by: Jason Song Co-authored-by: sillyguodong Co-committed-by: sillyguodong --- go.mod | 2 +- go.sum | 4 ++-- internal/app/cmd/exec.go | 3 ++- internal/app/run/runner.go | 3 ++- internal/pkg/config/config.example.yaml | 6 ++++-- internal/pkg/config/config.go | 20 ++++++++++++++++---- 6 files changed, 27 insertions(+), 11 deletions(-) diff --git a/go.mod b/go.mod index 4767a3f..81e43a2 100644 --- a/go.mod +++ b/go.mod @@ -87,4 +87,4 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect ) -replace github.com/nektos/act => gitea.com/gitea/act v0.245.1 +replace github.com/nektos/act => gitea.com/gitea/act v0.245.2-0.20230516060355-9283cfc9b166 diff --git a/go.sum b/go.sum index 07d59e9..4d8f638 100644 --- a/go.sum +++ b/go.sum @@ -2,8 +2,8 @@ code.gitea.io/actions-proto-go v0.2.1 h1:ToMN/8thz2q10TuCq8dL2d8mI+/pWpJcHCvG+TE code.gitea.io/actions-proto-go v0.2.1/go.mod h1:00ys5QDo1iHN1tHNvvddAcy2W/g+425hQya1cCSvq9A= code.gitea.io/gitea-vet v0.2.3-0.20230113022436-2b1561217fa5 h1:daBEK2GQeqGikJESctP5Cu1i33z5ztAD4kyQWiw185M= code.gitea.io/gitea-vet v0.2.3-0.20230113022436-2b1561217fa5/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFjGGfE= -gitea.com/gitea/act v0.245.1 h1:mibEHQzIn+2ehaxj3yC3AAFgegiEpC9MP1ZjjI6e3D8= -gitea.com/gitea/act v0.245.1/go.mod h1:1ffiGQZAZCLuk9QEBDdbRuQj1GL4uAQk6GNNtcEnPmI= +gitea.com/gitea/act v0.245.2-0.20230516060355-9283cfc9b166 h1:hvyzFmxDmdSZBd8S2+r8VqPSK9eihTD2SrTBAvwgYsA= +gitea.com/gitea/act v0.245.2-0.20230516060355-9283cfc9b166/go.mod h1:1ffiGQZAZCLuk9QEBDdbRuQj1GL4uAQk6GNNtcEnPmI= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= diff --git a/internal/app/cmd/exec.go b/internal/app/cmd/exec.go index dbe3afa..16177fb 100644 --- a/internal/app/cmd/exec.go +++ b/internal/app/cmd/exec.go @@ -13,6 +13,7 @@ import ( "strings" "time" + "github.com/docker/docker/api/types/container" "github.com/joho/godotenv" "github.com/nektos/act/pkg/artifactcache" "github.com/nektos/act/pkg/artifacts" @@ -384,7 +385,7 @@ func runExec(ctx context.Context, execArgs *executeArgs) func(cmd *cobra.Command // EventJSON: string(eventJSON), ContainerNamePrefix: fmt.Sprintf("GITEA-ACTIONS-TASK-%s", eventName), ContainerMaxLifetime: maxLifetime, - ContainerNetworkMode: "bridge", + ContainerNetworkMode: container.NetworkMode("bridge"), DefaultActionInstance: execArgs.defaultActionsUrl, PlatformPicker: func(_ []string) string { return execArgs.image diff --git a/internal/app/run/runner.go b/internal/app/run/runner.go index c1442cf..b07e59c 100644 --- a/internal/app/run/runner.go +++ b/internal/app/run/runner.go @@ -13,6 +13,7 @@ import ( "time" runnerv1 "code.gitea.io/actions-proto-go/runner/v1" + "github.com/docker/docker/api/types/container" "github.com/nektos/act/pkg/artifactcache" "github.com/nektos/act/pkg/common" "github.com/nektos/act/pkg/model" @@ -190,7 +191,7 @@ func (r *Runner) run(ctx context.Context, task *runnerv1.Task, reporter *report. EventJSON: string(eventJSON), ContainerNamePrefix: fmt.Sprintf("GITEA-ACTIONS-TASK-%d", task.Id), ContainerMaxLifetime: maxLifetime, - ContainerNetworkMode: r.cfg.Container.NetworkMode, + ContainerNetworkMode: container.NetworkMode(r.cfg.Container.Network), ContainerOptions: r.cfg.Container.Options, Privileged: r.cfg.Container.Privileged, DefaultActionInstance: taskContext["gitea_default_actions_url"].GetStringValue(), diff --git a/internal/pkg/config/config.example.yaml b/internal/pkg/config/config.example.yaml index a3cc4b3..fbcdf57 100644 --- a/internal/pkg/config/config.example.yaml +++ b/internal/pkg/config/config.example.yaml @@ -42,8 +42,10 @@ cache: port: 0 container: - # Which network to use for the job containers. Could be bridge, host, none, or the name of a custom network. - network_mode: bridge + # Specifies the network to which the container will connect. + # Could be host, bridge or the name of a custom network. + # If it's empty, act_runner will create a network automatically. + network: "" # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker). privileged: false # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway). diff --git a/internal/pkg/config/config.go b/internal/pkg/config/config.go index 7cbcfc2..4edf1d6 100644 --- a/internal/pkg/config/config.go +++ b/internal/pkg/config/config.go @@ -10,6 +10,7 @@ import ( "time" "github.com/joho/godotenv" + log "github.com/sirupsen/logrus" "gopkg.in/yaml.v3" ) @@ -34,7 +35,8 @@ type Config struct { Port uint16 `yaml:"port"` } `yaml:"cache"` Container struct { - NetworkMode string `yaml:"network_mode"` + Network string `yaml:"network"` + NetworkMode string `yaml:"network_mode"` // Deprecated: use Network instead. Could be removed after Gitea 1.20 Privileged bool `yaml:"privileged"` Options string `yaml:"options"` WorkdirParent string `yaml:"workdir_parent"` @@ -92,9 +94,6 @@ func LoadDefault(file string) (*Config, error) { cfg.Cache.Dir = filepath.Join(home, ".cache", "actcache") } } - if cfg.Container.NetworkMode == "" { - cfg.Container.NetworkMode = "bridge" - } if cfg.Container.WorkdirParent == "" { cfg.Container.WorkdirParent = "workspace" } @@ -105,5 +104,18 @@ func LoadDefault(file string) (*Config, error) { cfg.Runner.FetchInterval = 2 * time.Second } + // although `container.network_mode` will be deprecated, but we have to be compatible with it for now. + if cfg.Container.NetworkMode != "" && cfg.Container.Network == "" { + log.Warn("You are trying to use deprecated configuration item of `container.network_mode`, please use `container.network` instead.") + if cfg.Container.NetworkMode == "bridge" { + // Previously, if the value of `container.network_mode` is `bridge`, we will create a new network for job. + // But “bridge” is easily confused with the bridge network created by Docker by default. + // So we set the value of `container.network` to empty string to make `act_runner` automatically create a new network for job. + cfg.Container.Network = "" + } else { + cfg.Container.Network = cfg.Container.NetworkMode + } + } + return cfg, nil }