infra/.env.example

@@ -15,6 +15,9 @@ POSTGRES_PASSWORD=changeme
 # Forgejo (optional — only needed if you add the forgejo service to docker-compose.yml).
 FORGEJO_DB_PASSWORD=changeme
 FORGEJO_DOMAIN=git.yourdomain.com
+# Actions runner registration token — obtain from Forgejo:
+#   Site Administration → Actions → Runners → Create new runner
+FORGEJO_RUNNER_TOKEN=
 
 # ── Backup (infra/backup.sh) ──────────────────────────────────────────────────
 # Local directory to store backup archives.

infra/docker-compose.yml

@@ -93,6 +93,8 @@ services:
       FORGEJO__server__SSH_DOMAIN: ${FORGEJO_DOMAIN}
       # Skip the first-run wizard — everything is configured via env vars above.
       FORGEJO__security__INSTALL_LOCK: "true"
+      # Enable Actions.
+      FORGEJO__actions__ENABLED: "true"
     volumes:
       - forgejo-data:/data
     depends_on:
@@ -100,6 +102,26 @@ services:
     networks:
       - hiy-net
 
+  # ── Forgejo Actions runner ─────────────────────────────────────────────────
+  # Obtain FORGEJO_RUNNER_TOKEN from Forgejo:
+  #   Site Administration → Actions → Runners → Create new runner
+  act-runner:
+    image: code.forgejo.org/forgejo/act_runner:latest
+    restart: unless-stopped
+    environment:
+      FORGEJO_INSTANCE_URL: https://${FORGEJO_DOMAIN}
+      FORGEJO_RUNNER_REGISTRATION_TOKEN: ${FORGEJO_RUNNER_TOKEN}
+      FORGEJO_RUNNER_NAME: hiy-runner
+      # Give the runner access to Podman so CI jobs can build/run containers.
+      DOCKER_HOST: tcp://podman-proxy:2375
+    volumes:
+      - act-runner-data:/data
+    depends_on:
+      - forgejo
+      - podman-proxy
+    networks:
+      - hiy-net
+
   # ── Reverse proxy ─────────────────────────────────────────────────────────
   caddy:
     image: docker.io/library/caddy:2-alpine
@@ -170,6 +192,7 @@ networks:
 volumes:
   hiy-data:
   forgejo-data:
+  act-runner-data:
   caddy-data:
   caddy-config:
   hiy-pg-data: