Skip to content

Commit

Permalink
doc: actions/act-runner: document running as a systemd service (#27844)…
Browse files Browse the repository at this point in the history
… (#27866)

Backport #27844 by @nodiscc

This documents running `act-runner` as a systemd service under a
dedicated user account.

Co-authored-by: nodiscc <nodiscc@gmail.com>
  • Loading branch information
GiteaBot and nodiscc authored Nov 1, 2023
1 parent 6637bbf commit 352906b
Showing 1 changed file with 34 additions and 0 deletions.
34 changes: 34 additions & 0 deletions docs/content/usage/actions/act-runner.en-us.md
Original file line number Diff line number Diff line change
Expand Up @@ -268,6 +268,40 @@ The runner will fetch jobs from the Gitea instance and run them automatically.

Since act runner is still in development, it is recommended to check the latest version and upgrade it regularly.

## Systemd service

It is also possible to run act-runner as a [systemd](https://en.wikipedia.org/wiki/Systemd) service. Create an unprivileged `act_runner` user on your system, and the following file in `/etc/systemd/system/act_runner.service`. The paths in `ExecStart` and `WorkingDirectory` may need to be adjusted depending on where you installed the `act_runner` binary, its configuration file, and the home directory of the `act_runner` user.

```ini
[Unit]
Description=Gitea Actions runner
Documentation=https://gitea.com/gitea/act_runner
After=docker.service
[Service]
ExecStart=/usr/local/bin/act_runner daemon --config /etc/act_runner/config.yaml
ExecReload=/bin/kill -s HUP $MAINPID
WorkingDirectory=/var/lib/act_runner
TimeoutSec=0
RestartSec=10
Restart=always
User=act_runner
[Install]
WantedBy=multi-user.target
```

Then:

```bash
# load the new systemd unit file
sudo systemctl daemon-reload
# start the service and enable it at boot
sudo systemctl enable act_runner --now
```

If using Docker, the `act_runner` user should also be added to the `docker` group before starting the service. Keep in mind that this effectively gives `act_runner` root access to the system [[1]](https://docs.docker.com/engine/security/#docker-daemon-attack-surface).

## Configuration variable

You can create configuration variables on the user, organization and repository level.
Expand Down

0 comments on commit 352906b

Please sign in to comment.