ci: pin actions to node20-safe tags + runner sock pass-through #8

Merged

s8n merged 1 commit from feat/runner-fix-docker-sock-and-node20 into main

2026-05-06 13:47:20 +01:00

Author	SHA1	Message	Date
claude-veilor-bot	73c2c68e32	ci: pin actions to node20-safe tags + runner sock pass-through Some checks failed Lint / Kickstart syntax (pull_request) Failing after 0s Details Lint / Shell scripts (pull_request) Failing after 0s Details Lint / No personal/onyx leaks (pull_request) Failing after 0s Details forgejo-runner v6.4.0 ships a node20 javascript engine. v4.2+ of actions/checkout and v2.0.5+ of softprops/action-gh-release moved to node24, which the runner refuses to exec. Pin both to last node20 release. Pairs with a runner-side config change (separately deployed on nullstone /home/docker/forgejo-runner/conf/config.yaml) that adds `-v /var/run/docker.sock:/var/run/docker.sock` to per-job container options + whitelists the socket via valid_volumes — without that addnab/docker-run-action@v3 inside the catthehacker/ubuntu job container can't reach the docker engine. - actions/checkout v4 -> v4.1.7 - softprops/action-gh-release v2 -> v2.0.4 - addnab/docker-run-action v3 unchanged (composite/docker, no node) - ludeeus/action-shellcheck@master unchanged (docker-based) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-06 10:50:15 +01:00

Author

SHA1

Message

Date

claude-veilor-bot

73c2c68e32

ci: pin actions to node20-safe tags + runner sock pass-through

Lint / Kickstart syntax (pull_request) Failing after 0s

Details

Lint / Shell scripts (pull_request) Failing after 0s

Details

Lint / No personal/onyx leaks (pull_request) Failing after 0s

Details

forgejo-runner v6.4.0 ships a node20 javascript engine. v4.2+ of
actions/checkout and v2.0.5+ of softprops/action-gh-release moved to
node24, which the runner refuses to exec. Pin both to last node20
release.

Pairs with a runner-side config change (separately deployed on
nullstone /home/docker/forgejo-runner/conf/config.yaml) that adds
`-v /var/run/docker.sock:/var/run/docker.sock` to per-job container
options + whitelists the socket via valid_volumes — without that
addnab/docker-run-action@v3 inside the catthehacker/ubuntu job
container can't reach the docker engine.

- actions/checkout v4 -> v4.1.7
- softprops/action-gh-release v2 -> v2.0.4
- addnab/docker-run-action v3 unchanged (composite/docker, no node)
- ludeeus/action-shellcheck@master unchanged (docker-based)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-06 10:50:15 +01:00