cal/claude-memory
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
dc1d8d815c
claude-memory/graph/solutions/gitea-actions-runner-cant-clone-self-hosted-composite-action-53328f.md
Cal Corum d2365d7db2 relate: 53328fc9 --BUILDS_ON--> f4683542
2026-02-18 12:00:00 -06:00

2.5 KiB
Raw Blame History

id type title tags importance confidence created updated relations
53328fc9-796a-47b7-81ae-fc57c9b3a202 solution Gitea Actions runner can't clone self-hosted composite actions - auth + cache fix
gitea
ci-cd
actions
runner
authentication
composite-actions
troubleshooting
docker
homelab
lxc-225
0.9 0.8 2026-02-18T17:59:33.367259+00:00 2026-02-18T18:00:00.224832+00:00
target type direction strength context
48ad98e0-6903-40d9-b398-37d02efdc5e7 REQUIRES outgoing 0.8 Solution requires this runner configuration to work
target type direction strength context
f4683542-eb76-4397-9e84-673c86a05904 BUILDS_ON outgoing 0.8 Extends original runner troubleshooting with auth for composite actions

Problem: Gitea Actions runner fails to clone composite actions from cal/gitea-actions with 'authentication required: Unauthorized'. Three root causes found and fixed:

  1. Repo was private: tea repos create defaults to private. Fixed by making public via API PATCH to /api/v1/repos/cal/gitea-actions with {private: false}.

  2. REQUIRE_SIGNIN_VIEW = true: Even with public repos, Gitea's app.ini had REQUIRE_SIGNIN_VIEW=true in /etc/gitea/app.ini on LXC 225, which blocks unauthenticated git clone for ALL repos including public ones. Rather than disabling this (user preference), solved by adding .netrc authentication to the runner.

  3. Runner clone cache: Failed clone attempts are cached at /root/.cache/act/ in the runner container. Must manually clear: docker exec gitea-runner rm -rf /root/.cache/act/

Solution: Created /etc/gitea/runner-netrc on LXC 225 with machine entries for both git.manticorum.com and 10.10.0.225 using the Gitea API token. Recreated the runner container with:

  • -v /etc/gitea/runner-netrc:/root/.netrc:ro (authentication for cloning)
  • -v /etc/gitea/runner-config.yaml:/config.yaml:ro (container options)
  • daemon --config /config.yaml

The runner config.yaml also sets container.options: --add-host=git.manticorum.com:host-gateway for job containers that need to reach the Gitea instance.

Key insight: The runner clones action repos in its OWN container (cached at /root/.cache/act/), not in the job containers. So .netrc on the runner container is what matters for action repo authentication. The container.options --add-host is for job container steps that need Gitea access.

Runner details: gitea/act_runner:latest on LXC 225 (10.10.0.225), connects to Gitea at http://10.10.0.225:3000 internally.