From f6f0acae0e69b8b4df4d75e31a22d944d81bb62d Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Sat, 11 Jan 2025 09:02:39 +0100
Subject: [PATCH] actions: verify runner config options for the container

- is not restricted to --volume (can use --env, etc.)
- --volume is sanitized with valid_volumes
---
 actions/actions.sh                            |  2 +-
 .../.forgejo/workflows/test.yml               | 12 ++++++++
 .../example-config-options/runner-config.yaml | 30 +++++++++++++++++++
 actions/example-config-options/setup.sh       |  3 ++
 actions/example-config-options/teardown.sh    |  1 +
 5 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 actions/example-config-options/.forgejo/workflows/test.yml
 create mode 100644 actions/example-config-options/runner-config.yaml
 create mode 100755 actions/example-config-options/setup.sh
 create mode 100755 actions/example-config-options/teardown.sh

diff --git a/actions/actions.sh b/actions/actions.sh
index 321524a..230f3b4 100755
--- a/actions/actions.sh
+++ b/actions/actions.sh
@@ -146,7 +146,7 @@ function test_actions() {
             done
         fi
 
-        for example in cache checkout service container expression local-action docker-action if if-fail push tag push-cancel artifacts pull-request context; do
+        for example in config-options cache checkout service container expression local-action docker-action if if-fail push tag push-cancel artifacts pull-request context; do
             run actions_verify_example $example
         done
 
diff --git a/actions/example-config-options/.forgejo/workflows/test.yml b/actions/example-config-options/.forgejo/workflows/test.yml
new file mode 100644
index 0000000..83b6b0a
--- /dev/null
+++ b/actions/example-config-options/.forgejo/workflows/test.yml
@@ -0,0 +1,12 @@
+on: [push]
+
+jobs:
+  test:
+    runs-on: docker
+    steps:
+    - run: |
+            test -f /srv/example-config-options-volume-valid
+    - run: |
+            ! test -f /srv/example-config-options-volume-invalid
+    - run: |
+            test "$FROB" = "NITZ"
diff --git a/actions/example-config-options/runner-config.yaml b/actions/example-config-options/runner-config.yaml
new file mode 100644
index 0000000..13b9b72
--- /dev/null
+++ b/actions/example-config-options/runner-config.yaml
@@ -0,0 +1,30 @@
+
+log:
+  level: debug
+
+runner:
+  file: .runner
+  capacity: 1
+  env_file: .env
+  timeout: 3h
+  insecure: false
+  fetch_timeout: 5s
+  fetch_interval: 2s
+  labels: ["docker:docker://code.forgejo.org/oci/node:20-bookworm"]
+
+cache:
+  enabled: false
+  dir: ""
+  host: ""
+  port: 0
+
+container:
+  network: ""
+  privileged: false
+  options: "--volume /srv/example-config-options-volume-valid:/srv/example-config-options-volume-valid --volume /srv/example-config-options-volume-invalid:/srv/example-config-options-volume-invalid --env FROB=NITZ"
+  workdir_parent:
+  valid_volumes: ["/srv/example-config-options-volume-valid"]
+  docker_host: ""
+
+host:
+  workdir_parent:
diff --git a/actions/example-config-options/setup.sh b/actions/example-config-options/setup.sh
new file mode 100755
index 0000000..d9f6ea9
--- /dev/null
+++ b/actions/example-config-options/setup.sh
@@ -0,0 +1,3 @@
+>/srv/example-config-options-volume-valid
+>/srv/example-config-options-volume-invalid
+FORGEJO_RUNNER_CONFIG=$EXAMPLE_DIR/runner-config.yaml forgejo-runner.sh reload
diff --git a/actions/example-config-options/teardown.sh b/actions/example-config-options/teardown.sh
new file mode 100755
index 0000000..b410c51
--- /dev/null
+++ b/actions/example-config-options/teardown.sh
@@ -0,0 +1 @@
+forgejo-runner.sh reload