--- # Shared constants for all runner hosts. runner_user: gitea-runner runner_home: /home/gitea-runner # Base dir for app deploy targets. Each project deploys to / # (e.g. /opt/gatehouse-api), owned by the runner so the deploy job can write the # compose file there. Must match COMPOSE_DIR in the project's workflow files. app_base_dir: /opt gitea_instance: "https://source.hawkless.id.au" # Pinned act_runner release. Bump version + sha256 together. # Check latest: https://gitea.com/gitea/act_runner/releases # sha256 for act_runner--linux-amd64 is on the release page (act_runner--linux-amd64.sha256). act_runner_version: "1.0.8" act_runner_sha256: "027d726127bb67e191d57052fdb66e74ec7f76966f790a18727147fa2b8005e5" act_runner_binary: "gitea-runner-{{ act_runner_version }}-linux-amd64" act_runner_download_url: "https://gitea.com/gitea/runner/releases/download/v{{ act_runner_version }}/{{ act_runner_binary }}" # Node.js major version installed on the host executor. JS actions # (actions/checkout@v4, etc.) are run with `node`; without it act_runner # fails with "Cannot find: node in PATH". Bump this to change versions. node_major_version: "26" # Security scanners pre-installed on the host so workflow steps use the local # binary instead of writing to /usr/local/bin as the runner user ("Permission # denied"). gitleaks_version must match GITLEAKS_VERSION in pr-security-check.yml. trivy_version: "0.71.2" gitleaks_version: "8.30.1" # Docker CLI plugins. The engine ships without them, so `docker compose` (used by # deploy.sh) and `docker buildx` are missing — deploy.sh then fails with exit 125. # Installed as pinned binaries into the host cli-plugins dir; bump to upgrade. docker_compose_version: "5.1.4" docker_buildx_version: "0.35.0" # Registration tokens come from env vars named by each project's `token_env` # (e.g. RUNNER_TOKEN_GATEHOUSE_API). Export them on the control node before running. # Mint from: Gitea repo → Settings → Actions → Runners → Create new runner token.