Add forgejo-runner

2023-12-04 21:36:32 +01:00 · 2023-12-04 21:36:32 +01:00 · 565509a5a9
parent c0f57922be
commit 565509a5a9
12 changed files with 158 additions and 52 deletions
--- a/.gitignore
+++ b/.gitignore
@ -9,6 +9,7 @@ diagram_assets/
 /acme-dns/
 /coder/
 /forgejo/
+/forgejo-runner/
 /gitea/
 /gitea-runner/
 /homebox/
--- a/_ansible/inventory/group_vars/all/compose_defaults.yml
+++ b/_ansible/inventory/group_vars/all/compose_defaults.yml
@ -6,10 +6,12 @@ compose_file_main:
      labels:
        com.centurylinklabs.watchtower.enable: "{{ compose.watchtower | default(false) }}"
      networks:
+        local-net:
        apps:
          aliases:
            - "{{ svc.name }}"
  networks:
+    local-net:
    apps:
      external: true

--- a/_ansible/node002.yml
+++ b/_ansible/node002.yml
@ -5,8 +5,7 @@
    - acme-dns
    - coder
    - forgejo
-    #- gitea
-    #- gitea-runner
+    - forgejo-runner
    - homebox
    - influxdb
    - umami
--- a/_ansible/roles/forgejo-runner/files/config.yml
+++ b/_ansible/roles/forgejo-runner/files/config.yml
@ -0,0 +1,81 @@
+log:
+  # The level of logging, can be trace, debug, info, warn, error, fatal
+  level: info
+
+runner:
+  # Where to store the registration result.
+  file: /data/.runner
+  # Execute how many tasks concurrently at the same time.
+  capacity: 1
+  # Extra environment variables to run jobs.
+  #envs:
+  #  A_TEST_ENV_NAME_1: a_test_env_value_1
+  #  A_TEST_ENV_NAME_2: a_test_env_value_2
+  # Extra environment variables to run jobs from a file.
+  # It will be ignored if it's empty or the file doesn't exist.
+  #env_file: .env
+  # The timeout for a job to be finished.
+  # Please note that the Forgejo instance also has a timeout (3h by default) for the job.
+  # So the job could be stopped by the Forgejo instance if it's timeout is shorter than this.
+  timeout: 3h
+  # Whether skip verifying the TLS certificate of the Forgejo instance.
+  insecure: false
+  # The timeout for fetching the job from the Forgejo instance.
+  fetch_timeout: 5s
+  # The interval for fetching the job from the Forgejo instance.
+  fetch_interval: 2s
+  # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
+  # Like: ["macos-arm64:host", "ubuntu-latest:docker://node:16-bullseye", "ubuntu-22.04:docker://node:16-bullseye"]
+  # If it's empty when registering, it will ask for inputting labels.
+  # If it's empty when execute `deamon`, will use labels in `.runner` file.
+  labels: []
+
+cache:
+  # Enable cache server to use actions/cache.
+  enabled: true
+  # The directory to store the cache data.
+  # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
+  dir: ""
+  # The host of the cache server.
+  # It's not for the address to listen, but the address to connect from job containers.
+  # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
+  host: ""
+  # The port of the cache server.
+  # 0 means to use a random available port.
+  port: 0
+
+container:
+  # Specifies the network to which the container will connect.
+  # Could be host, bridge or the name of a custom network.
+  # If it's empty, create a network automatically.
+  network: ""
+  # Whether to create networks with IPv6 enabled. Requires the Docker daemon to be set up accordingly.
+  # Only takes effect if "network" is set to "".
+  enable_ipv6: false
+  # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
+  privileged: false
+  # And other options to be used when the container is started (eg, --add-host=my.forgejo.url:host-gateway).
+  options:
+  # The parent directory of a job's working directory.
+  # If it's empty, /workspace will be used.
+  workdir_parent:
+  # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
+  # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
+  # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
+  # valid_volumes:
+  #   - data
+  #   - /src/*.json
+  # If you want to allow any volume, please use the following configuration:
+  # valid_volumes:
+  #   - '**'
+  valid_volumes: []
+  # overrides the docker client host with the specified one.
+  # If it's empty, act_runner will find an available docker host automatically.
+  # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
+  # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
+  docker_host: ""
+
+host:
+  # The parent directory of a job's working directory.
+  # If it's empty, $HOME/.cache/act/ will be used.
+  workdir_parent:
--- a/_ansible/roles/forgejo-runner/tasks/main.yml
+++ b/_ansible/roles/forgejo-runner/tasks/main.yml
@ -0,0 +1,36 @@
+---
+- name: Deploy {{ svc.name }}
+  tags:
+    - git
+    - forgejo
+    - ci
+    - forgejo-runner
+  block:
+    - import_tasks: steps/create-service-directory.yml
+    - import_tasks: steps/template-docker-compose.yml
+
+    - name: Copy the config
+      ansible.builtin.copy:
+        src: config.yml
+        dest: "{{ (service_path, 'config.yml') | path_join }}"
+        mode: '0755'
+
+    - name: Check if service.env already exists
+      ansible.builtin.stat:
+        path: "{{ (service_path, 'service.env') | path_join }}"
+      register: svc_env_file
+
+    - import_tasks: prompt-registration-token.yml
+      when: not svc_env_file.stat.exists or
+        force_forgejo_runner_registration | default(False)
+
+    - import_tasks: steps/template-service-env.yml
+
+    - import_tasks: steps/start-service.yml
+
+    - name: Register runner
+      ansible.builtin.command:
+        cmd: docker compose run --rm -it app sh -c 'forgejo-runner register --no-interactive --token ${FORGEJO_RUNNER_REGISTRATION_TOKEN} --instance ${FORGEJO_INSTANCE_URL}'
+        chdir: "{{ service_path }}"
+      when: not svc_env_file.stat.exists or
+        force_forgejo_runner_registration | default(False)
--- a/_ansible/roles/forgejo-runner/tasks/prompt-registration-token.yml
+++ b/_ansible/roles/forgejo-runner/tasks/prompt-registration-token.yml
@ -1,4 +1,4 @@
- name: Input gitea-runner registration token
+- name: Input forgejo-runner registration token
  ansible.builtin.pause:
    prompt: "Enter a secret"
    echo: no
@ -7,5 +7,5 @@
 - name: Put registration token into env vars
  ansible.builtin.set_fact:
    svc_env: "{{ svc_env | combine({
-        'GITEA_RUNNER_REGISTRATION_TOKEN': promt_registration_token.user_input
+        'FORGEJO_RUNNER_REGISTRATION_TOKEN': promt_registration_token.user_input
      }, recursive=True) }}"
--- a/_ansible/roles/forgejo-runner/vars/main.yml
+++ b/_ansible/roles/forgejo-runner/vars/main.yml
@ -0,0 +1,32 @@
+svc:
+  name: forgejo-runner
+
+svc_env:
+  FORGEJO_INSTANCE_URL: "https://git.serguzim.me/"
+  FORGEJO_RUNNER_REGISTRATION_TOKEN:
+  DOCKER_HOST: tcp://docker-in-docker:2375
+
+compose:
+  watchtower: true
+  image: code.forgejo.org/forgejo/runner:3.3.0
+  env: true
+  volumes:
+    - ./config.yml:/config/config.yml
+    - data:/data
+  file:
+    services:
+      app:
+        hostname: "{{ ansible_facts.hostname }}"
+        command: "forgejo-runner --config /config/config.yml daemon"
+        depends_on:
+          - docker-in-docker
+        links:
+          - docker-in-docker
+      docker-in-docker:
+        image: docker:dind
+        privileged: true
+        command: "dockerd -H tcp://0.0.0.0:2375 --tls=false"
+        networks:
+          local-net:
+    volumes:
+      data:
--- a/_ansible/roles/forgejo/vars/main.yml
+++ b/_ansible/roles/forgejo/vars/main.yml
@ -79,7 +79,7 @@ svc_env:

 compose:
  watchtower: true
-  image: codeberg.org/forgejo/forgejo:1.20
+  image: codeberg.org/forgejo/forgejo:1.21
  env: true
  volumes:
    - data:/data
--- a/_ansible/roles/gitea-runner/tasks/main.yml
+++ b/_ansible/roles/gitea-runner/tasks/main.yml
@ -1,23 +0,0 @@
---
- name: Deploy {{ svc.name }}
-  tags:
-    - git
-    - gitea
-    - ci
-    - gitea-runner
-  block:
-    - import_tasks: steps/create-service-directory.yml
-    - import_tasks: steps/template-docker-compose.yml
-
-    - name: Check if service.env already exists
-      ansible.builtin.stat:
-        path: "{{ (service_path, 'service.env') | path_join }}"
-      register: svc_env_file
-
-    - import_tasks: prompt-registration-token.yml
-      when: not svc_env_file.stat.exists or
-        force_gitea_runner_registration | default(False)
-
-    - import_tasks: steps/template-service-env.yml
-
-    - import_tasks: steps/start-service.yml
--- a/_ansible/roles/gitea-runner/vars/main.yml
+++ b/_ansible/roles/gitea-runner/vars/main.yml
@ -1,21 +0,0 @@
-svc:
-  name: gitea-runner
-
-svc_env:
-  GITEA_INSTANCE_URL: "https://git.serguzim.me/"
-  GITEA_RUNNER_REGISTRATION_TOKEN:
-
-compose:
-  watchtower: true
-  image: gitea/act_runner
-  env: true
-  volumes:
-    - data:/data
-    - /var/run/docker.sock:/var/run/docker.sock
-  file:
-    services:
-      app:
-        hostname: "{{ ansible_facts.hostname }}"
-    volumes:
-      data:
-
--- a/_ansible/roles/webdis/vars/main.yml
+++ b/_ansible/roles/webdis/vars/main.yml
@ -21,5 +21,3 @@ compose:
          com.centurylinklabs.watchtower.enable: true
    networks:
      local-net:
-    networks:
-      local-net:
--- a/_ansible/tasks/steps/template-site-config.yml
+++ b/_ansible/tasks/steps/template-site-config.yml
@ -3,6 +3,7 @@
    src: caddy_site.conf.j2
    dest: "{{ (caddy_config_path, svc.domain + '.conf') | path_join }}"
    mode: "0644"
+  register: template_result

 - name: Register caddy site
  ansible.builtin.set_fact:
@ -12,4 +13,4 @@
  ansible.builtin.command:
    cmd: docker compose exec app sh -c "caddy validate --config /etc/caddy/Caddyfile && caddy reload --config /etc/caddy/Caddyfile"
    chdir: "{{ caddy_path }}"
-  changed_when: True
+  changed_when: template_result.changed