feat: add Forgejo Actions runner (act_runner) to docker-compose

Adds the act-runner service alongside Forgejo. It connects to the Podman socket proxy so CI jobs can build and run containers on the Pi. Also enables FORGEJO__actions__ENABLED on the Forgejo service. FORGEJO_RUNNER_TOKEN must be set in .env — obtain it from: Forgejo → Site Administration → Actions → Runners → Create new runner https://claude.ai/code/session_01FKCW3FDjNFj6jve4niMFXH
2026-03-27 13:33:00 +00:00 · 2026-03-27 13:33:00 +00:00 · 4ef77bf255
commit 4ef77bf255
parent fa12b80638
2 changed files with 26 additions and 0 deletions
--- a/infra/.env.example
+++ b/infra/.env.example
@ -15,6 +15,9 @@ POSTGRES_PASSWORD=changeme
 # Forgejo (optional — only needed if you add the forgejo service to docker-compose.yml).
 FORGEJO_DB_PASSWORD=changeme
 FORGEJO_DOMAIN=git.yourdomain.com
+# Actions runner registration token — obtain from Forgejo:
+#   Site Administration → Actions → Runners → Create new runner
+FORGEJO_RUNNER_TOKEN=

 # ── Backup (infra/backup.sh) ──────────────────────────────────────────────────
 # Local directory to store backup archives.
--- a/infra/docker-compose.yml
+++ b/infra/docker-compose.yml
@ -93,6 +93,8 @@ services:
      FORGEJO__server__SSH_DOMAIN: ${FORGEJO_DOMAIN}
      # Skip the first-run wizard — everything is configured via env vars above.
      FORGEJO__security__INSTALL_LOCK: "true"
+      # Enable Actions.
+      FORGEJO__actions__ENABLED: "true"
    volumes:
      - forgejo-data:/data
    depends_on:
@ -100,6 +102,26 @@ services:
    networks:
      - hiy-net

+  # ── Forgejo Actions runner ─────────────────────────────────────────────────
+  # Obtain FORGEJO_RUNNER_TOKEN from Forgejo:
+  #   Site Administration → Actions → Runners → Create new runner
+  act-runner:
+    image: code.forgejo.org/forgejo/act_runner:latest
+    restart: unless-stopped
+    environment:
+      FORGEJO_INSTANCE_URL: https://${FORGEJO_DOMAIN}
+      FORGEJO_RUNNER_REGISTRATION_TOKEN: ${FORGEJO_RUNNER_TOKEN}
+      FORGEJO_RUNNER_NAME: hiy-runner
+      # Give the runner access to Podman so CI jobs can build/run containers.
+      DOCKER_HOST: tcp://podman-proxy:2375
+    volumes:
+      - act-runner-data:/data
+    depends_on:
+      - forgejo
+      - podman-proxy
+    networks:
+      - hiy-net
+
  # ── Reverse proxy ─────────────────────────────────────────────────────────
  caddy:
    image: docker.io/library/caddy:2-alpine
@ -170,6 +192,7 @@ networks:
 volumes:
  hiy-data:
  forgejo-data:
+  act-runner-data:
  caddy-data:
  caddy-config:
  hiy-pg-data: