IMPORTANT NOTE: you should be aware that anyone with the ability to modify code run under a CI job in the host Gitea (this includes anyone with commit rights; anyone with the ability to modify any dependency; anyone with the ability to modify dependent components such as base container images) CAN POTENTIALLY COMPROMISE (hack, take over, steal data from) the machine hosting a runner. Proceed with caution.
Gitea publishes binary releases of [gitea/act_runner](https://gitea.com/gitea/act_runner/releases) for many platform and architectures, which can be used to deploy new action runners simply.
> Note: Runners can be registered globally for an entire Gitea instance, for a specific organization, or for a single repo. This example registers globally.
Before executing the runner, first obtain a registration token by visiting http://gitea.local:3000/admin/actions/runners, clicking the 'Create new Runner' button, and copying the displayed
registration token, for example, `FTyMBkcK9ErmD0wm8LfBzfXOUUlQA7dBJF6BB64Z`.
### Runner Registration and Startup
After you have obtained a registration token, download the `gitea/act_runner` release matching your platform and architecture and run it as follows:
The most important detail in this example is the label. For the Ubuntu runner which is deployed automatically with this project, the label `ubuntu-latest:docker://cerc/act-runner-task-executor:local` is
used, which instructs `gitea/act_runner` that a task which `runs-on: ubuntu-latest` should be executed inside an instance of the `cerc/act-runner-task-executor:local` Docker container. In this example, the label is `darwin-latest-amd64:host`. This means that a task which `runs-on: darwin-latest-amd64` will be executed natively on the host machine. Since there are additional security implications when executing tasks
on the host, only trusted repositories with strict access controls should be allowed to schedule CI jobs on the runner.