From c2056d4cd4f5c82d97fd42ca39c5d6e940fede18 Mon Sep 17 00:00:00 2001
From: Jeremie Fraeys <jfaeys@gmail.com>
Date: Tue, 20 Jan 2026 17:09:17 -0500
Subject: [PATCH] fix(forgejo-runner): validate label executor scheme
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Set default runner label to 'self-hosted:docker://…'\n- Add an early assert to fail fast when labels use an invalid executor scheme
---
 roles/forgejo_runner/defaults/main.yml | 2 +-
 roles/forgejo_runner/tasks/main.yml    | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/roles/forgejo_runner/defaults/main.yml b/roles/forgejo_runner/defaults/main.yml
index 37c5e03..0d5ac00 100644
--- a/roles/forgejo_runner/defaults/main.yml
+++ b/roles/forgejo_runner/defaults/main.yml
@@ -2,4 +2,4 @@
 forgejo_runner_force_reregister: false
 
 forgejo_runner_labels:
-  - docker:docker://ghcr.io/catthehacker/ubuntu:act-22.04
\ No newline at end of file
+  - self-hosted:docker://ghcr.io/catthehacker/ubuntu:act-22.04
\ No newline at end of file
diff --git a/roles/forgejo_runner/tasks/main.yml b/roles/forgejo_runner/tasks/main.yml
index 1a9a9db..602a6d4 100644
--- a/roles/forgejo_runner/tasks/main.yml
+++ b/roles/forgejo_runner/tasks/main.yml
@@ -8,6 +8,15 @@
   set_fact:
     forgejo_runner_labels_csv: "{{ forgejo_runner_labels | join(',') }}"
 
+- name: Fail if Forgejo runner labels have an invalid executor scheme
+  assert:
+    that:
+      - item is match('^[^:]+:(docker|host|shell)://')
+    fail_msg: >-
+      Invalid Forgejo runner label '{{ item }}'.
+      Expected format like '<label>:docker://<image>' (e.g. 'self-hosted:docker://ghcr.io/catthehacker/ubuntu:act-22.04').
+  loop: "{{ forgejo_runner_labels }}"
+
 - name: Fail if Forgejo runner registration token is missing
   fail:
     msg: "FORGEJO_RUNNER_REGISTRATION_TOKEN is required"