cal/claude-memory
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

store: Gitea Actions runner can't clone self-hosted composite actions - auth + cache fix

Browse Source
This commit is contained in:
Cal Corum 2026-02-18 11:59:33 -06:00
parent 90c1120101
commit b62ead55fe
1 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
graph/solutions/gitea-actions-runner-cant-clone-self-hosted-composite-action-53328f.md Normal file
View File

@ -0,0 +1,29 @@
---
id: 53328fc9-796a-47b7-81ae-fc57c9b3a202
type: solution
title: "Gitea Actions runner can't clone self-hosted composite actions - auth + cache fix"
tags: [gitea, ci-cd, actions, runner, authentication, composite-actions, troubleshooting, docker, homelab, lxc-225]
importance: 0.9
confidence: 0.8
created: "2026-02-18T17:59:33.367259+00:00"
updated: "2026-02-18T17:59:33.367259+00:00"
---
Problem: Gitea Actions runner fails to clone composite actions from cal/gitea-actions with 'authentication required: Unauthorized'. Three root causes found and fixed:
1. **Repo was private**: tea repos create defaults to private. Fixed by making public via API PATCH to /api/v1/repos/cal/gitea-actions with {private: false}.
2. **REQUIRE_SIGNIN_VIEW = true**: Even with public repos, Gitea's app.ini had REQUIRE_SIGNIN_VIEW=true in /etc/gitea/app.ini on LXC 225, which blocks unauthenticated git clone for ALL repos including public ones. Rather than disabling this (user preference), solved by adding .netrc authentication to the runner.
3. **Runner clone cache**: Failed clone attempts are cached at /root/.cache/act/<hash> in the runner container. Must manually clear: docker exec gitea-runner rm -rf /root/.cache/act/<hash>
Solution: Created /etc/gitea/runner-netrc on LXC 225 with machine entries for both git.manticorum.com and 10.10.0.225 using the Gitea API token. Recreated the runner container with:
- -v /etc/gitea/runner-netrc:/root/.netrc:ro (authentication for cloning)
- -v /etc/gitea/runner-config.yaml:/config.yaml:ro (container options)
- daemon --config /config.yaml
The runner config.yaml also sets container.options: --add-host=git.manticorum.com:host-gateway for job containers that need to reach the Gitea instance.
Key insight: The runner clones action repos in its OWN container (cached at /root/.cache/act/), not in the job containers. So .netrc on the runner container is what matters for action repo authentication. The container.options --add-host is for job container steps that need Gitea access.
Runner details: gitea/act_runner:latest on LXC 225 (10.10.0.225), connects to Gitea at http://10.10.0.225:3000 internally.