Actions in docker container

Actions
1

So, I started out with a simple act_runner running directly on host. It would pick up new jobs, spin up a bullseye container and do its thing. So that worked greate.

Since we have some ssl-rewrites on our network I figured that I would rebuild the bullseye image with our certificate, just to improve some things (like being able to register a host to FQN instead of ip:port). Did that, re-registered the act_runner and it would use this new image now. This also worked flawlessly. The act_runner would pick jobs up, start the custom bullseye container and process the job to completion.

Now, I also wanted the act_runners to start up at boot and thought to use docker here as well. So I built an image based on the act_runner:latest one, with only our certs added. So act_runner is currently dockerized, and it picks up jobs alright. But, it does look like when it does pick up a job, it processes it directly on its own docker container, instead of spinning up the bullseye one, so we get errors about node and ssh etc… missing of course.

Have we understood it correctly that it is possible to have a dockerized act_runner starting docker containers and running jobs on them?

Our Dockerfile for custom bullseye and act_runner both look like this:

FROM node:16-bullseye (or gitea/act_runner:latest)

ADD ca-certificates /usr/local/share/ca-certificates

RUN update-ca-certificates

This is our act_runner compose file:

version: "3.8"
services:
  runner:
    image: our-instance.com/org-name/custom-act_runner:latest
    restart: unless-stopped
    environment:
      CONFIG_FILE: /config.yaml
      GITEA_INSTANCE_URL: https://our-instance.com
      GITEA_RUNNER_REGISTRATION_TOKEN: a-token
      GITEA_RUNNER_NAME: dir-watcher-service
      GITEA_RUNNER_LABELS: ubuntu-22.04:docker://our-instance.com/org-name/custom-bullseye-16
    volumes:
      - ./config.yaml:/config.yaml
      - ./data:/data
      - /var/run/docker.sock:/var/run/docker.sock

None of us here is very knowledgeable at Gitea or Docker so I’m sure we’ve simply done something naive, but thought it would be good to ask just in case we’ve hit some weird wall.