ForgeJo on Mike Bell - Blog & Stuff

Using Goreleaser with ForgeJo

hello@mikebell.io (Mike Bell) — Sun, 12 Apr 2026 11:07:39 +0000

For my resound app I wanted a really nice release process (it is after all part of my job!). Resound is a cli go app built with Cobra and Viper, it takes the last RSS item and posts it to Mastodon, pretty simple. You can checkout the latest version here. I’m using goreleaser to build multiple architectures and then push them to my ForgeJo instance here’s how I did it because there are a lot of moving parts you have to put together in order to get it working.

tldr;
#

ForgeJo Action
#

- name: Run GoReleaser
uses: https://github.com/goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7
with:
# either 'goreleaser' (default) or 'goreleaser-pro'
distribution: goreleaser
# 'latest', 'nightly', or a semver
version: '~> v2'
args: release --clean
env:
GITEA_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Important part here is the make sure uses: uses the FQDN of the action and that your passing in GITEA_TOKEN from your repo secrets. I have the following token with these options scope to the repo:

write:package
write:repository

Note: this can probably be scoped even smaller.

.goreleaser.yaml
#

You can view the full version in the tldr above but here are the important parts:

release:
gitea:
owner: mikebell
name: resound
footer: >-

You have to set the owner and repo name under gitea in release. This tells goreleaser where to put the output.

gitea_urls:
api: https://code.remotelab.uk/api/v1
download: https://code.remotelab.uk

You then have to define your ForgeJo instance, goreleaser doesn’t officially support ForgeJo but the api is compatible with gitea.

force_token: gitea

I then had to force the token to gitea because goreleaser automatically tries to work out which forge your using and there’s already a GITHUB_TOKEN passed by default.

Once I had all this in place I can create a tag from either the ForgeJo UI or through git and my action will create the packages and upload them to a new release you can see 1.1.0 of resound here.

Hope this helps.

Thanks for reading via RSS!

Send me a message on Mastodon or email me

Tuning my renovate config

hello@mikebell.io (Mike Bell) — Fri, 10 Apr 2026 12:39:48 +0000

I took some time last night to finally tune my renovate setup. There were a few issues with it - none of it renovates or my tech stacks fault, just stuff I wasn’t too happy with and things that could be improved.

If your interested in my current working config here it is.

renovate.json to default.json
#

When I first setup up renovate I used renovate.json as my main config, not sure why. I’ve changed it to default.json which is recommended by the debug output in the workflow run. This also means I can have a renovate config for this specific repo, in the future I’ll be configure auto apply of patch level updates.

minimumReleaseAge
#

This is a work around for the Tofu provider registers, when a new release of the AWS provider is released it takes a bit to get into the tofu registry so I’ve set this to a day to prevent broken builds.

prCreation
#

This is set to not-pending this means renovate will wait till checks have passed before creating the PR, if they don’t exist then it creates the PR after 25 (odd default) hours see next.

prNotPendingHours
#

This is set to1 hour, I don’t need to wait 25 hours for the PR to be created if there are no checks, I think this is the lowest it will go.

dependencyDashboard
#

This is set to true. It creates an issue in each repo with the dependancy dashboard. I’m not sure I like it so will probably disable it moving forward.

Renovate config is really powerful and I’m only just scratching the surface with it. Hopefully this gives you a bit of an idea at what it can do and how you can shape it to your own requirements.

Thanks for reading via RSS!

Send me a message on Mastodon or email me

Building docker image with Forgejo Actions

hello@mikebell.io (Mike Bell) — Fri, 14 Feb 2025 20:29:52 +0000

aka how I nearly went crazy trying to figure out how to build docker images in Forgejo Actions.

With the default setup from here you can get up and running with foregjo actions but it won’t allow you to build docker images inside your workflows.

When I tried to build a docker image in a workflow I kept getting the following:

ERROR: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
::error::buildx failed with: ERROR: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

It’s quite a common error and something that should be easy to fix but when you throw docker-in-docker in to the mix it becomes way more complex.

To cut a long story short I found a comment with a link to this example which was confirmed to be working, after a few tweaks I came up with the docker compose below. I’ve removed the need to be running forgejo already (I have set in a separate compose) and updated the base image.

# Copyright 2024 The Forgejo Authors.
# SPDX-License-Identifier: MIT
#
# Create a secret with:
#
# openssl rand -hex 20
#
# Replace all occurences of {SHARED_SECRET} below with the output.
#
# NOTE: a token obtained from the Forgejo web interface cannot be used
# as a shared secret.
#
# Replace {ROOT_PASSWORD} with a secure password
#
volumes:
docker_certs:
services:
docker-in-docker:
image: code.forgejo.org/oci/docker:dind
hostname: docker # Must set hostname as TLS certificates are only valid for docker or localhost
privileged: true
environment:
DOCKER_TLS_CERTDIR: /certs
DOCKER_HOST: docker-in-docker
volumes:
- docker_certs:/certs
restart: unless-stopped
runner-register:
image: code.forgejo.org/forgejo/runner:6.2.2
links:
- docker-in-docker
environment:
DOCKER_HOST: tcp://docker-in-docker:2376
volumes:
- ./data:/data
user: 0:0
command: >-
bash -ec '
while : ; do
forgejo-runner create-runner-file --connect --instance https://code.remotelab.uk --name runner --secret {SHARED_SECRET} && break ;
sleep 1 ;
done ;
sed -i -e "s|\"labels\": null|\"labels\": [\"docker-cli:docker://code.forgejo.org/oci/docker:cli\",\"node-bookworm:docker://code.forgejo.org/oci/node:20-bookworm\"]|" .runner ;
forgejo-runner generate-config > config.yml ;
sed -i -e "s| level: info| level: debug|" config.yml ;
sed -i -e "s|network: .*|network: host|" config.yml ;
sed -i -e "s|^ envs:$$| envs:\n DOCKER_HOST: tcp://docker:2376\n DOCKER_TLS_VERIFY: 1\n DOCKER_CERT_PATH: /certs/client|" config.yml ;
sed -i -e "s|^ options:| options: -v /certs/client:/certs/client|" config.yml ;
sed -i -e "s| valid_volumes: \[\]$$| valid_volumes:\n - /certs/client|" config.yml ;
chown -R 1000:1000 /data
'
runner-daemon:
image: code.forgejo.org/forgejo/runner:6.2.2
links:
- docker-in-docker
environment:
DOCKER_HOST: tcp://docker:2376
DOCKER_CERT_PATH: /certs/client
DOCKER_TLS_VERIFY: "1"
volumes:
- ./data:/data
- docker_certs:/certs
restart: 'unless-stopped'
command: >-
bash -c '
while : ; do test -w .runner && forgejo-runner --config config.yml daemon ; sleep 1 ; done
'

Hopefully this helps anyone else who comes across this issue.

Thanks for reading via RSS!

Send me a message on Mastodon or email me

Adding custom runners to Forgejo

hello@mikebell.io (Mike Bell) — Mon, 10 Feb 2025 20:42:52 +0000

This is one of those problems that now that I get it it really shouldn’t have been so hard. Like everything with development and homelabbing documentation is key.

Huge thanks to:

without their toots on Mastodon I wouldn’t have been able to grok and actually get things working.

Now that I have my forgejo instance up and running I’m in the process of migrating all my github repos to my own git forge. As part of the move I needed to setup forgejos runners so that I can run actions on the many private infrastructure repos I have.

Setting up the runners is super simple the forgejo documentation is pretty easy to understand and after following this.

What wasn’t clear was how to add in custom images so that I could tailor the runners how I wanted. My ultimate goal here was to have a runner that had the same functionality I was used to with Github runners. It turns out it’s really simple, if you follow the OCI installation method then you should have a file called .runner this lives in the data directory you defined in your docker-compose.yml.

Your runner file has a section called labels this is where you add the images you want to use. See my example below:

{
"WARNING": "This file is automatically generated by act-runner. Do not edit it manually unless you know what you are doing. Removing this file will cause act runner to re-register as a new runner.",
"id": 1,
"uuid": "",
"name": "remotelab",
"token": "",
"address": "https://code.remotelab.uk",
"labels": [
"docker:docker://node:20-bullseye",
"ubuntu-act-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"
]
}

When you restart the runner you should see you have the ubuntu-act-latest label available for your actions.

caththehackers images are great but they don’t have the aws cli installed which is a hard requirement for me since I manage a lot of AWS infrastructure with terraform 100% via gitops. To fix this I quickly hacked together a docker file to add in the cli tool:

FROM ghcr.io/catthehacker/ubuntu:act-latest
RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
RUN unzip awscliv2.zip && ./aws/install

As a quick and dirty hack I pushed this up manually to forgejo (it fully supports docker images and provides a registry as well!). I can now reference that image inside my .runner file.

You can then reference this in your action:

jobs:
configure-aws:
runs-on: ubuntu-act-latest

I still have a few things to tidy up:

Automate building my custom image
Migrate all repos to forgejo
Migrate to OpenTofu

Thanks for reading via RSS!

Send me a message on Mastodon or email me

ForgeJo on Mike Bell - Blog & Stuff

Using Goreleaser with ForgeJo

tldr; #

ForgeJo Action #

.goreleaser.yaml #

Tuning my renovate config

renovate.json to default.json #

minimumReleaseAge #

prCreation #

prNotPendingHours #

dependencyDashboard #

Building docker image with Forgejo Actions

Adding custom runners to Forgejo

tldr;
#

ForgeJo Action
#

.goreleaser.yaml
#

renovate.json to default.json
#

minimumReleaseAge
#

prCreation
#

prNotPendingHours
#

dependencyDashboard
#