Add gitea-runner service

.gitignore

@@ -8,6 +8,7 @@ diagram_assets/
 # services already handled by ansible
 /acme-dns/
 /gitea/
+/gitea-runner/
 /influxdb/
 /umami/
 /watchtower/

_ansible/local-dev.yml

@@ -9,6 +9,7 @@
   roles:
     - acme-dns
     - gitea
+    - gitea-runner
     - influxdb
     - umami
     - watchtower

_ansible/node002.yml

@@ -4,6 +4,7 @@
   roles:
     - acme-dns
     - gitea
+    - gitea-runner
     - influxdb
     - umami
     - watchtower

_ansible/roles/gitea-runner/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+- name: Deploy {{ svc.name }}
+  tags:
+    - git
+    - gitea
+    - ci
+    - gitea-runner
+  block:
+    - import_tasks: steps/create-service-directory.yml
+    - import_tasks: steps/template-docker-compose.yml
+
+    - name: Check if service.env already exists
+      ansible.builtin.stat:
+        path: "{{ (service_path, 'service.env') | path_join }}"
+      register: svc_env_file
+
+    - import_tasks: prompt-registration-token.yml
+      when: not svc_env_file.stat.exists or
+        force_gitea_runner_registration | default(False)
+
+    - import_tasks: steps/template-service-env.yml
+
+    - import_tasks: steps/start-service.yml

_ansible/roles/gitea-runner/tasks/prompt-registration-token.yml

@@ -0,0 +1,11 @@
+- name: Input gitea-runner registration token
+  ansible.builtin.pause:
+    prompt: "Enter a secret"
+    echo: no
+  register: promt_registration_token
+
+- name: Put registration token into env vars
+  ansible.builtin.set_fact:
+    svc_env: "{{ svc_env | combine({
+        'GITEA_RUNNER_REGISTRATION_TOKEN': promt_registration_token.user_input
+      }, recursive=True) }}"

_ansible/roles/gitea-runner/vars/main.yml

@@ -0,0 +1,21 @@
+svc:
+  name: gitea-runner
+
+svc_env:
+  GITEA_INSTANCE_URL: "https://git.serguzim.me/"
+  GITEA_RUNNER_REGISTRATION_TOKEN:
+
+compose:
+  watchtower: true
+  image: gitea/act_runner
+  env: true
+  volumes:
+    - data:/data
+    - /var/run/docker.sock:/var/run/docker.sock
+  file:
+    services:
+      app:
+        hostname: "{{ ansible_facts.hostname }}"
+    volumes:
+      data:
+

_ansible/roles/gitea/vars/main.yml

@@ -17,11 +17,11 @@ svc_env:
   GITEA__database__PASSWD: "{{ vault_gitea.db.pass }}"
   GITEA__database__SSL_MODE: "verify-full"
 
-  GITEA__repository__ENABLE_PUSH_CREATE_USER: "true"
+  GITEA__repository__ENABLE_PUSH_CREATE_USER: true
-  GITEA__repository__ENABLE_PUSH_CREATE_ORG: "true"
+  GITEA__repository__ENABLE_PUSH_CREATE_ORG: true
   GITEA__repository__DEFAULT_BRANCH: "main"
 
-  GITEA__cors__ENABLED: "true"
+  GITEA__cors__ENABLED: true
   GITEA__cors__SCHEME: "https"
 
   GITEA__ui__DEFAULT_THEME: "arc-green"
@@ -30,49 +30,51 @@ svc_env:
   GITEA__server__SSH_DOMAIN: "{{ svc.domain }}"
   GITEA__server__SSH_PORT: "{{ svc.ssh_port }}"
   GITEA__server__ROOT_URL: "https://{{ svc.domain }}"
-  GITEA__server__OFFLINE_MODE: "true"
+  GITEA__server__OFFLINE_MODE: true
   GITEA__server__LFS_JWT_SECRET: "{{ vault_gitea.server_lfs_jwt_secret }}"
-  GITEA__server__LFS_START_SERVER: "true"
+  GITEA__server__LFS_START_SERVER: true
 
-  GITEA__security__INSTALL_LOCK: "true"
+  GITEA__security__INSTALL_LOCK: true
   GITEA__security__INTERNAL_TOKEN: "{{ vault_gitea.security_internal_token }}"
   GITEA__security__SECRET_KEY: "{{ vault_gitea.security_secret_key }}"
 
-  GITEA__openid__ENABLE_OPENID_SIGNUP: "true"
+  GITEA__openid__ENABLE_OPENID_SIGNUP: true
-  GITEA__openid__ENABLE_OPENID_SIGNIN: "false"
+  GITEA__openid__ENABLE_OPENID_SIGNIN: false
 
-  GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: "true"
+  GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: true
-  GITEA__service__ENABLE_BASIC_AUTHENTICATION: "false"
+  GITEA__service__ENABLE_BASIC_AUTHENTICATION: false
   GITEA__service__NO_REPLY_ADDRESS: "discard.msrg.cc"
 
-  GITEA__webhook__DELIVER_TIMEOUT: "60"
+  GITEA__webhook__DELIVER_TIMEOUT: 60
 
-  GITEA__mailer__ENABLED: "true"
+  GITEA__mailer__ENABLED: true
   GITEA__mailer__PROTOCOL: "smtp+starttls"
   GITEA__mailer__SMTP_ADDR: "mail.serguzim.me"
-  GITEA__mailer__SMTP_PORT: "587"
+  GITEA__mailer__SMTP_PORT: 587
   GITEA__mailer__FROM: "Gitea <git@serguzim.me>"
   GITEA__mailer__USER: "git@serguzim.me"
   GITEA__mailer__PASSWD: "{{ vault_gitea.mailer_passwd }}"
-  GITEA__mailer__SEND_AS_PLAIN_TEXT: "true"
+  GITEA__mailer__SEND_AS_PLAIN_TEXT: true
 
-  GITEA__picture__DISABLE_GRAVATAR: "true"
+  GITEA__picture__DISABLE_GRAVATAR: true
 
   GITEA__oauth2__JWT_SECRET: "{{ vault_gitea. oauth2_jwt_secret}}"
 
-  GITEA__metrics__ENABLED: "true"
+  GITEA__metrics__ENABLED: true
   GITEA__metrics__TOKEN: "{{ vault_gitea.metrics_token }}"
 
+  GITEA__actions__ENABLED: true
+
   GITEA__storage__STORAGE_TYPE: "minio"
   GITEA__storage__MINIO_ENDPOINT: "s3.serguzim.me"
   GITEA__storage__MINIO_ACCESS_KEY_ID: "{{ vault_gitea.minio.access_key_id }}"
   GITEA__storage__MINIO_SECRET_ACCESS_KEY: "{{ vault_gitea.minio.secret_access_key }}"
   GITEA__storage__MINIO_BUCKET: "git"
   GITEA__storage__MINIO_LOCATION: "de-contabo-1"
-  GITEA__storage__MINIO_USE_SSL: "true"
+  GITEA__storage__MINIO_USE_SSL: true
 
-  GITEA__OTHER__SHOW_FOOTER_BRANDING: "true"
+  GITEA__other__SHOW_FOOTER_BRANDING: true
-  GITEA__OTHER__SHOW_FOOTER_TEMPLATE_LOAD_TIME: "false"
+  GITEA__other__SHOW_FOOTER_TEMPLATE_LOAD_TIME: false
 
 compose:
   watchtower: true