Michael Grote
b0214bdb9a
https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html Reviewed-on: #274 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de>
27 lines
857 B
Django/Jinja
27 lines
857 B
Django/Jinja
---
|
|
# https://gitea.com/gitea/act_runner/src/branch/main/examples/docker-compose
|
|
services:
|
|
runner:
|
|
container_name: act-runner
|
|
image: gitea/act_runner:0.2.11
|
|
restart: unless-stopped
|
|
pull_policy: missing
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: "2"
|
|
memory: "512M"
|
|
security_opt:
|
|
- no-new-privileges=true
|
|
volumes:
|
|
- act_runner_data:/data
|
|
- ./config.yml:/config.yml
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
environment:
|
|
GITEA_INSTANCE_URL: https://git.mgrote.net
|
|
GITEA_RUNNER_REGISTRATION_TOKEN: "{{ lookup('viczem.keepass.keepass', 'forgejo/gitea_act_runner_token', 'password') }}" # only used on first start, https://git.mgrote.net/admin/actions/runners
|
|
GITEA_RUNNER_NAME: "docker10-act-runner"
|
|
CONFIG_FILE: /config.yml
|
|
|
|
volumes:
|
|
act_runner_data:
|