Description
Background
Currently, the Registration Token
obtained in the UI becomes invalid immediately after registering a runner, making it impossible to reuse. However, it is annoying that not having reusbale annoying in some auto-scaling environments.
Here are some related issues::
- https://gitea.com/gitea/act_runner/issues/210
- Provide a programmable way to register a new action runner #23643
- Improve Config Management/Stateless Runner Deploy Workflows #23703
In fact, we already have related PRs that enable Gitea to provide the ability to generate Tokens via the command line or API:
- add CLI command to register runner tokens #23762
- Add API endpoint to get token for registering runners for repos #23761
But I believe it would be more convenient to have a reusable token. Of course, it would also be necessary to provide the ability to invalidate Tokens in real-time to prevent misuse.
Solution
-
Add the following fields to the table:
type ActionRunnerToken struct { ID int64 Token string `xorm:"UNIQUE"` IsActive bool // Omitting other fields // The following are the added fields: Type ActionRunnerTokenType ParentTokenID int64 Desc string } type ActionRunnerTokenType int const ( NormalRunnerToken ActionRunnerTokenType = iota ReusableRunnerToken )
-
In the UI, users can create
reusable tokens
and view them in a list. In the list, they can enable, disable, or delete tokens at any time.
-
When Gitea receives a runner registration request, it first checks if the token is a reusable token. If it is, a normal token is generated for the runner and returned. This normal token will be written to the
.runner
file. At the same time, the normal token inherits theowner_id
andrepo_id
from the reusable token and is stored in the database. -
As mentioned in this comment,we should also provide the ability to deregister runners:
It would also be great if there was a way to unregister act_runner as well, especially if you want them to be created and deleted dynamically, to avoid having unnecessary act_runner corpses in the database.
To achieve this, we need to add the following to the protocol buffer:
service RunnerService { // Deregister deregister new runner in server. rpc Deregister(DeregisterRequest) returns (DeregisterResponse) {} } message DeregisterRequest { int64 id = 1; string uuid = 2; string token = 3; // must be normal token in .runner file } message DeregisterResponse { Runner runner = 1; }
Benefits
- Creating a reusable token needs to be done in
Site Administration
,Repo Settings
, orOrg Settings
, defining the scope of runners that use this reusable token. This is consistent with the previous token logic. - The implementation is simple and does not affect the existing logic.