---
# Shared constants for all runner hosts.
runner_user: gitea-runner
runner_home: /home/gitea-runner

gitea_instance: "https://source.hawkless.id.au"

# Pinned act_runner release. Bump version + sha256 together.
# Check latest: https://gitea.com/gitea/act_runner/releases
# sha256 for act_runner-<version>-linux-amd64 is on the release page (act_runner-<version>-linux-amd64.sha256).
act_runner_version: "1.0.8"
act_runner_sha256: "027d726127bb67e191d57052fdb66e74ec7f76966f790a18727147fa2b8005e5"
act_runner_binary: "gitea-runner-{{ act_runner_version }}-linux-amd64"
act_runner_download_url: "https://gitea.com/gitea/runner/releases/download/v{{ act_runner_version }}/{{ act_runner_binary }}"

# Node.js major version installed on the host executor. JS actions
# (actions/checkout@v4, etc.) are run with `node`; without it act_runner
# fails with "Cannot find: node in PATH". Bump this to change versions.
node_major_version: "26"

# Security scanners pre-installed on the host so workflow steps use the local
# binary instead of writing to /usr/local/bin as the runner user ("Permission
# denied"). gitleaks_version must match GITLEAKS_VERSION in pr-security-check.yml.
trivy_version: "0.71.2"
gitleaks_version: "8.30.1"

# Registration tokens come from env vars named by each project's `token_env`
# (e.g. RUNNER_TOKEN_GATEHOUSE_API). Export them on the control node before running.
# Mint from: Gitea repo → Settings → Actions → Runners → Create new runner token.