Add forgejo-runner

2023-12-04 21:36:32 +01:00 · 2023-12-04 21:36:32 +01:00 · 565509a5a9
commit 565509a5a9
parent c0f57922be
12 changed files with 158 additions and 52 deletions
--- a/.gitignore
+++ b/.gitignore
@ -9,6 +9,7 @@ diagram_assets/
 /acme-dns/
 /coder/
 /forgejo/
 /forgejo-runner/
 /gitea/
 /gitea-runner/
 /homebox/
--- a/_ansible/inventory/group_vars/all/compose_defaults.yml
+++ b/_ansible/inventory/group_vars/all/compose_defaults.yml
@ -6,10 +6,12 @@ compose_file_main:
      labels:
        com.centurylinklabs.watchtower.enable: "{{ compose.watchtower | default(false) }}"
      networks:
        local-net:
        apps:
          aliases:
            - "{{ svc.name }}"
  networks:
    local-net:
    apps:
      external: true
--- a/_ansible/node002.yml
+++ b/_ansible/node002.yml
@ -5,8 +5,7 @@
    - acme-dns
    - coder
    - forgejo
-    #- gitea
+    - forgejo-runner
    #- gitea-runner
    - homebox
    - influxdb
    - umami
--- a/_ansible/roles/forgejo-runner/files/config.yml
+++ b/_ansible/roles/forgejo-runner/files/config.yml
@ -0,0 +1,81 @@
 log:
  # The level of logging, can be trace, debug, info, warn, error, fatal
  level: info
 runner:
  # Where to store the registration result.
  file: /data/.runner
  # Execute how many tasks concurrently at the same time.
  capacity: 1
  # Extra environment variables to run jobs.
  #envs:
  #  A_TEST_ENV_NAME_1: a_test_env_value_1
  #  A_TEST_ENV_NAME_2: a_test_env_value_2
  # Extra environment variables to run jobs from a file.
  # It will be ignored if it's empty or the file doesn't exist.
  #env_file: .env
  # The timeout for a job to be finished.
  # Please note that the Forgejo instance also has a timeout (3h by default) for the job.
  # So the job could be stopped by the Forgejo instance if it's timeout is shorter than this.
  timeout: 3h
  # Whether skip verifying the TLS certificate of the Forgejo instance.
  insecure: false
  # The timeout for fetching the job from the Forgejo instance.
  fetch_timeout: 5s
  # The interval for fetching the job from the Forgejo instance.
  fetch_interval: 2s
  # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
  # Like: ["macos-arm64:host", "ubuntu-latest:docker://node:16-bullseye", "ubuntu-22.04:docker://node:16-bullseye"]
  # If it's empty when registering, it will ask for inputting labels.
  # If it's empty when execute `deamon`, will use labels in `.runner` file.
  labels: []
 cache:
  # Enable cache server to use actions/cache.
  enabled: true
  # The directory to store the cache data.
  # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
  dir: ""
  # The host of the cache server.
  # It's not for the address to listen, but the address to connect from job containers.
  # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
  host: ""
  # The port of the cache server.
  # 0 means to use a random available port.
  port: 0
 container:
  # Specifies the network to which the container will connect.
  # Could be host, bridge or the name of a custom network.
  # If it's empty, create a network automatically.
  network: ""
  # Whether to create networks with IPv6 enabled. Requires the Docker daemon to be set up accordingly.
  # Only takes effect if "network" is set to "".
  enable_ipv6: false
  # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
  privileged: false
  # And other options to be used when the container is started (eg, --add-host=my.forgejo.url:host-gateway).
  options:
  # The parent directory of a job's working directory.
  # If it's empty, /workspace will be used.
  workdir_parent:
  # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
  # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
  # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
  # valid_volumes:
  #   - data
  #   - /src/*.json
  # If you want to allow any volume, please use the following configuration:
  # valid_volumes:
  #   - '**'
  valid_volumes: []
  # overrides the docker client host with the specified one.
  # If it's empty, act_runner will find an available docker host automatically.
  # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
  # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
  docker_host: ""
 host:
  # The parent directory of a job's working directory.
  # If it's empty, $HOME/.cache/act/ will be used.
  workdir_parent:
--- a/_ansible/roles/forgejo-runner/tasks/main.yml
+++ b/_ansible/roles/forgejo-runner/tasks/main.yml
@ -0,0 +1,36 @@
 ---
 - name: Deploy {{ svc.name }}
  tags:
    - git
    - forgejo
    - ci
    - forgejo-runner
  block:
    - import_tasks: steps/create-service-directory.yml
    - import_tasks: steps/template-docker-compose.yml
    - name: Copy the config
      ansible.builtin.copy:
        src: config.yml
        dest: "{{ (service_path, 'config.yml') | path_join }}"
        mode: '0755'
    - name: Check if service.env already exists
      ansible.builtin.stat:
        path: "{{ (service_path, 'service.env') | path_join }}"
      register: svc_env_file
    - import_tasks: prompt-registration-token.yml
      when: not svc_env_file.stat.exists or
        force_forgejo_runner_registration | default(False)
    - import_tasks: steps/template-service-env.yml
    - import_tasks: steps/start-service.yml
    - name: Register runner
      ansible.builtin.command:
        cmd: docker compose run --rm -it app sh -c 'forgejo-runner register --no-interactive --token ${FORGEJO_RUNNER_REGISTRATION_TOKEN} --instance ${FORGEJO_INSTANCE_URL}'
        chdir: "{{ service_path }}"
      when: not svc_env_file.stat.exists or
        force_forgejo_runner_registration | default(False)
--- a/_ansible/roles/forgejo-runner/tasks/prompt-registration-token.yml
+++ b/_ansible/roles/forgejo-runner/tasks/prompt-registration-token.yml
@ -1,4 +1,4 @@
- name: Input gitea-runner registration token
+- name: Input forgejo-runner registration token
  ansible.builtin.pause:
    prompt: "Enter a secret"
    echo: no
@ -7,5 +7,5 @@
 - name: Put registration token into env vars
  ansible.builtin.set_fact:
    svc_env: "{{ svc_env | combine({
-        'GITEA_RUNNER_REGISTRATION_TOKEN': promt_registration_token.user_input
+        'FORGEJO_RUNNER_REGISTRATION_TOKEN': promt_registration_token.user_input
      }, recursive=True) }}"
--- a/_ansible/roles/forgejo-runner/vars/main.yml
+++ b/_ansible/roles/forgejo-runner/vars/main.yml
@ -0,0 +1,32 @@
 svc:
  name: forgejo-runner
 svc_env:
  FORGEJO_INSTANCE_URL: "https://git.serguzim.me/"
  FORGEJO_RUNNER_REGISTRATION_TOKEN:
  DOCKER_HOST: tcp://docker-in-docker:2375
 compose:
  watchtower: true
  image: code.forgejo.org/forgejo/runner:3.3.0
  env: true
  volumes:
    - ./config.yml:/config/config.yml
    - data:/data
  file:
    services:
      app:
        hostname: "{{ ansible_facts.hostname }}"
        command: "forgejo-runner --config /config/config.yml daemon"
        depends_on:
          - docker-in-docker
        links:
          - docker-in-docker
      docker-in-docker:
        image: docker:dind
        privileged: true
        command: "dockerd -H tcp://0.0.0.0:2375 --tls=false"
        networks:
          local-net:
    volumes:
      data:
--- a/_ansible/roles/forgejo/vars/main.yml
+++ b/_ansible/roles/forgejo/vars/main.yml
@ -79,7 +79,7 @@ svc_env:
 compose:
  watchtower: true
-  image: codeberg.org/forgejo/forgejo:1.20
+  image: codeberg.org/forgejo/forgejo:1.21
  env: true
  volumes:
    - data:/data
--- a/_ansible/roles/gitea-runner/tasks/main.yml
+++ b/_ansible/roles/gitea-runner/tasks/main.yml
@ -1,23 +0,0 @@
 ---
 - name: Deploy {{ svc.name }}
  tags:
    - git
    - gitea
    - ci
    - gitea-runner
  block:
    - import_tasks: steps/create-service-directory.yml
    - import_tasks: steps/template-docker-compose.yml
    - name: Check if service.env already exists
      ansible.builtin.stat:
        path: "{{ (service_path, 'service.env') | path_join }}"
      register: svc_env_file
    - import_tasks: prompt-registration-token.yml
      when: not svc_env_file.stat.exists or
        force_gitea_runner_registration | default(False)
    - import_tasks: steps/template-service-env.yml
    - import_tasks: steps/start-service.yml
--- a/_ansible/roles/gitea-runner/vars/main.yml
+++ b/_ansible/roles/gitea-runner/vars/main.yml
@ -1,21 +0,0 @@
 svc:
  name: gitea-runner
 svc_env:
  GITEA_INSTANCE_URL: "https://git.serguzim.me/"
  GITEA_RUNNER_REGISTRATION_TOKEN:
 compose:
  watchtower: true
  image: gitea/act_runner
  env: true
  volumes:
    - data:/data
    - /var/run/docker.sock:/var/run/docker.sock
  file:
    services:
      app:
        hostname: "{{ ansible_facts.hostname }}"
    volumes:
      data:
--- a/_ansible/roles/webdis/vars/main.yml
+++ b/_ansible/roles/webdis/vars/main.yml
@ -19,7 +19,5 @@ compose:
        restart: always
        labels:
          com.centurylinklabs.watchtower.enable: true
        networks:
          local-net:
    networks:
      local-net:
--- a/_ansible/tasks/steps/template-site-config.yml
+++ b/_ansible/tasks/steps/template-site-config.yml
@ -3,6 +3,7 @@
    src: caddy_site.conf.j2
    dest: "{{ (caddy_config_path, svc.domain + '.conf') | path_join }}"
    mode: "0644"
  register: template_result
 - name: Register caddy site
  ansible.builtin.set_fact:
@ -12,4 +13,4 @@
  ansible.builtin.command:
    cmd: docker compose exec app sh -c "caddy validate --config /etc/caddy/Caddyfile && caddy reload --config /etc/caddy/Caddyfile"
    chdir: "{{ caddy_path }}"
-  changed_when: True
+  changed_when: template_result.changed