tasks: Create job-runner.toml in run-local.sh

This still needs to happen for production, but allows us to start
testing cockpit-project/bots#6017.

We can drop the CONTAINER_HOST environment variable we added in the last
commit — we can provide that information via job-runner.toml instead.

tasks/run-local.sh

@@ -107,6 +107,32 @@ EOF
         # for the same reason, make podman socket accessible to that container user
         # the directory is only accessible for the user, so 666 permissions don't hurt
         chmod o+rw ${XDG_RUNTIME_DIR:-/run}/podman/podman.sock
+
+        # job-runner config
+        cat <<EOF > $SECRETS/tasks/job-runner.toml
+[logs]
+driver='s3'
+
+[forge.github]
+token = "$(cat $SECRETS/webhook/.config--github-token)"
+$([ -n "$TOKEN" ] || echo "api-url = 'http://127.0.0.7:8443'")
+
+[logs.s3]
+url = '$S3_URL_POD/logs'
+ca = [{file='/run/secrets/webhook/ca.pem'}]
+# ~/.config/cockpit-dev/s3-keys/localhost.localdomain
+key = {access='cockpituous', secret='foobarfoo'}
+
+[container]
+command = 'podman-remote'
+args = ['--url='unix:///podman.sock']
+run-args = []
+
+[container.secrets]
+# these are *host* paths, this is podman-remote
+image-upload='--volume=$SECRETS/tasks/s3-keys:/run/secrets/tasks/s3-keys:ro'
+github-token='--volume=$SECRETS/webhook/.config--github-token:/run/secrets/webhook/.config--github-token:ro'
+EOF
     fi
 }
 
@@ -178,9 +204,9 @@ EOF
     # use bash as pid 1 to mop up zombies
     podman run -d -it --name cockpituous-tasks --pod=cockpituous \
         -v "$SECRETS"/tasks:/run/secrets/tasks:ro,z \
+        -v "$SECRETS"/tasks/job-runner.toml:/work/.config/cockpit-dev/job-runner.toml:ro,z \
         -v "$SECRETS"/webhook:/run/secrets/webhook:ro,z \
         -v "${XDG_RUNTIME_DIR:-/run}/podman/podman.sock:/podman.sock" \
-        --env=CONTAINER_HOST=unix:///podman.sock \
         --env=COCKPIT_GITHUB_TOKEN_FILE=/run/secrets/webhook/.config--github-token \
         --env=COCKPIT_CA_PEM=/run/secrets/webhook/ca.pem \
         --env=COCKPIT_BOTS_REPO=${COCKPIT_BOTS_REPO:-} \