infra/ansible
4
5
Fork 5
Code Issues 6 Pull requests 1 Activity

forgejo_runner: migrate from act_runner

Browse source
This commit is contained in:
Markus 2026-05-14 23:52:09 +02:00
commit 613d90c260
14 changed files with 474 additions and 291 deletions
Download patch file Download diff file Expand all files Collapse all files

230
group_vars/all/vault.yml
View file

@ -1,114 +1,118 @@
$ANSIBLE_VAULT;1.1;AES256
66346263316361393930333038653136636132353330333832303230363539636134356539303961
6238623730383364373466643138386165356539356235350a643538306338613833653962616363
30333239623832326264396136333233303863353362663863313266636138333437646633643838
3831303638396561370a383062626236333436363563666235353664616634373530653435663461
66353261636130393637336133323034333536336266373963636332303439303933366564343831
35656533356337373666386363643339613639343735356432353238326334633739366262393635
34656664383961316264633033633061303434333362303731303231666332663933396565336662
35663037323865393636383764386665356538396334663561663761353331366234343564303934
61323062643732346533316339646366313434373365393230353761336430656332356636303461
38643934616661656462353762663333643731323530663364396639326133366561646662303333
39643839326530643336376362643064346535366664323936633534336437353430393533653830
30653831306261353562633838326334323765386634363330313963346637386463353134633639
39323864626334643737376631663563333064356439386131366132663331663337323665656633
63376330626462393537303330313961313364353663383566643630373466343036343735643338
33616462346632633665303661663434393232396231393934653038663034366138313534303934
65353637633130633162343564316633656461653933616230313166373961396339306238646533
66616661636163653235393264386332376439386661616435376361323361636438626631613261
63623861613534346563373761613932393366363935373363623365653634383439313434613461
36326536373166613835313236393864633361396537353363626337623530393763376537363139
37316666616264383838323064343338633265336136343865383537333333383839653734356130
61366537616236336639313634346530323466333832363161393566376436383562313632376432
34616330366631633933656431663562303334356464383133303162393463383031326461353734
61356461376435353164633235333862666533316639666263323132373737323266646636383838
32663163353361363339373163663536663763316362393931336363616230316435663734366363
35623532343830343139313931313962666363356132643261383866366438646534663239363534
66303632366565386338333037373635363036386261656633613835373165653736306434616163
39313364306666623064666335643735343030353631623530376634323463346431303962366366
61626562306664383638666261626236373066323763646330353038633330646165386434646239
62363132313837616230343431623863333262323735373636326431303331656134373132356666
64393433386637366534396638393166376261353666623937653166666165383330326539646661
66653439353530383133613231393062643962653536323163633663356439386162333365393664
31383965663166366466336261646661666330383739626534626466333166383261303861336230
63373261633962383934383166373833613438623861346638363330346631303137303237613063
31376162383963323438646566363838343932326662666335313038653663646664626131363434
35643932386431653130313562633337363664396337343163363330386362376239376338376535
61316637363866376464383236613862653438623836653938366466333736643266666665323731
62323231653030643765616236383662386166643331643931616639376466393138336331633066
31653736636633623665613665613839623330306636633465326433313835366563653637326432
66636236313235616638326134633037396537373965373039666366323965363964336434366461
35636339313465303532393435383164663633643932376263373962626338373239323336636261
35386162346361313565613266663330396435646638363431323230306266303030663935616162
35326363363465323630373632303435353866653031323036363265363338613737333638323135
65313139303336626262393131353138366364636531653137613039363661353964383537663930
33343931663966663363383933643166316639623837663934356662326430373632613364323133
31373336613363333931653237356438343264333531633062313666666438356531333165383266
33386664313862306232373062656533303135356562316137386363613230336635643862363036
65666139613963643935616164666561373833363931623962356635616334376262326131616136
32336435616632346430386462643931393432326232323739356461313564386166373232303432
34393337363661636561393665383636386661313563646338373362636262333166356633306532
63303163363161396661303234323731626165383534613663306133323463373564656464613461
39326339666437663130333532343934386366663538333337396235633963326239336337346630
38626438366538643037303436393837303433353565663134393231663838646565626532373333
63326631633937616164303738623365303736613864313564326537623233656665393761346264
37393163623635356662393135386264366539363232336636393731323835656636353065656137
39386431316633363730383738636362373561336432643838333236313732336431666366663431
62616465333736316635633664646633313964393166653637613739386566326462376333653739
38633263326265663738373562383335323237643863393738386466356664316466376539653531
37303233333665343562653737393339373236333930613661663265366134366365346166663939
39643536383939303635353231346534616462303132306266376638373461643563386131363866
64373662343633626461323733316535353639373935393862353264633833393563616136633032
31656530393538663839303532393734336631393466396537306130373030613739353836373735
31346633313731373631373565316630366334636162623866383133636638386635396533656666
61326136363238333763643636363730616533643231653364653866653930376266633232376333
37623062376537653931623065353833643665653033393463656366653830623964306161313132
31666336326536303765346537363433323032313535363238313065613733646231666332333066
33306336666365656435343965383866353931646263613563323931333130386332333439353233
66666166313432616334363135636563383139356637336261326665343664663838363637363037
39313132613963613831326636623332636364376337323637626534303164343233396438626464
62653132353637633264306437376536303430383739313364646534663530393839336161343666
34303535373930613530343031613864336630386432373564316264366431353232633831613439
65643539333930653938653162326239616230383639363465373735333566303532616631303238
30303535303162396265663564353433663637323363623462663038653665363061633535636265
37646337366631616437356530623730643263633265646562656262303033333561646633643431
39303639616164643962646338323835623465623232363632356335666138363431383465613032
36663237373934653930653830643963353462396636336530363064396164313932646462303138
63373261643232326363386165653864383932366239326337613262636535396664366366303363
35633832323738613864323062313165343430663766363061613133626161616462356466653462
30633838383865386530623566366664626139356161383761363836333937656462363236326333
31386331653563646335623663653130613962653530633535333838373265323134636262323630
64656465613264353435633939656330396237396237613065623732313339663264366665306664
33376638336338656164623335663033353365656131323264313037303331383763656633396235
38353839613035383866326564303864386461386337633936386333363664333330393731363664
34643234353963656138383736663234663837323835396235633766613464656232393433393530
64363765353439333766383833616466393936616361613239336364383131366130393336643638
61366134386462656361316634366633663366313735343166663137306537643639636366663365
37623563336438646637653534326536303965396266316563663036653663383064373862343239
38623262636636396661393366646338393036396230613937613238383838623432313339626634
30313166303335623535313662366434616463386163623861333839613830626433303561333039
32623562646430383162353138346634333633336235323131653966326637666562336631353336
31346566346465613831396630653834323363653736616666313438333832633430373162353338
61363737626139316163663739613035386230666632323166663933373433656332323264613137
66386532333061616164376266666538356231383639636663633138323736313432646262306434
64643833356636356535353838663136316233303563653935306165373962383532643536303237
62316531636235633662343965636134633135336562633439326632316538313037323737653366
63383639663763326634643035616261656665643733633164623538313435353532643465623531
32346631303664626562613730386631653630353262383561633730376461666333633536623738
66643565373133363432343866623832366265663962343033313865376336636336366632306163
61623232663963336138343964623930393730366438636630353837383939343766363135366237
38633564616237336634323666363864666632643532323866623631633438366535373031383239
62623166643264653432303534366533333239623864373430623337653137313539616439666638
63346166303332646638313363613363633031643962633738623762646430373461303231636335
64313630303131366238326139643231623531336239343061323939313761666231613838663864
61376232623966336365366538333632636262383937656465623738613236396237303439663962
36613836316265306535613930396630616630326263353732663964633735343035663439343262
36313861313635666339666530396162333938636463373866396634643266663061643533663365
36326338376335303031333061623635313035616638386135643962643632323133373430373265
38623135353330653964663037356633396331396638363331383437336636386536653361363037
33663331643964356266636161633364316133633338653166383633356665633562363866616337
33663962363761626561333166623433343031653962333732373763623262383537313338386665
61313233646131343432383366316235623166353030333730353634313733646261313265373833
36663239343834333031636263306565653837643330303763373539343739386431303362386662
66613733346262646430313933656234373862663938313535646463356432643136666634333132
62386334343833636635623562303438343332356133653336373735353261663231
32613164303130646632653438363431623034656333353963613731616537373638366137373339
6636663236653966376434373534326432643261343536350a363232633232653535353462666534
65323964333233356234633335643038336266366366653462633037393664303662303832636333
3936393837333663650a323435363138306237356363643932623466383064356134666265363534
65303165613565323966333736663735666632346366323737643465323932303964613732663762
34343639323064613535613131656161613534346162333631306637386633633733323738396332
36363134323439303733393065313138326132313732343065363565663362613462316661666662
33326264306363373934646436656238623961326161336130323036366264366163346336616363
35343933623335376237313932306230393238663764303632363263343664633537656666326461
62626461363364356539633239656632343836346136656138616339653734646461613065353039
36623063643064636362326465663339313536383432633332343233656362363936373566626130
31356238626633623362613265313631363331396536363334326632343864383332613462313362
63396365633866386562373565616337623138323761313963326539646231656563353466343136
35656633646462623638353039643730653030633036346537666238623738623939363763666332
30613035636535646436613433323739643238656334616432623461363361386139316562643063
36343063306638326330373134323430323430396439663339626639666134383039336466306434
30393839393261396631643737313836636265343661653534623364383636633533323138313763
66626363396237633262336161333662306431326465373736333330623438396431306132333964
63633863626134346165363830356231336365313237306333363962396635386230373635616233
37383064383136623437616139383737613235303765343638373238653731636436376362343863
39666235373663333538353938646139363963623063306133306536326463643337393432353233
64356533373063353931343761633436393630383066363965353039306238666337356363616534
30343261393661643233306538646235626662373438303631356262663262306631376632316631
36373337393932623532643164343136363861333462663865346233363136643334633336313330
66383239383332383538666530313762653434333636343939343531396638313236333961623764
37366661373538623033386637323066626537623933663463646630646632623834383035393738
64326631373933643762353238626565333132643931393432646335326433663932633435393263
39623336646162636561383839316362393831316463653336333037616265666531633534623064
37656639393732363864336530373065343737643939393364623730356466666337333534356463
63663632616162373136353632643135643161363335343565393534363065356461636461303938
62613632356539326634353836326137626636656234383561356166616464653534613166636261
38643839666531393331396430336233346538393463386438363536363466393735636561623331
35363732623538366564636534363130633634653632636265646232613131346534383631316336
38353236666363636233656164313861663233643261366536393733333633323365343762343135
66396433343632383538306566373934313630366439396631666437636235396561313837343863
35386434663931323737636662666332306336333238383630613061303364363834393861663232
63346230643237623863633038636236323535613562336564623265343666366439646263303232
34326166396237333436323331393237383531663034323966343562383034646366366364643261
65346535386234376631343162383064666165313738383962613031336638643735366639376266
33353338663361353330303164343730373639396561306530633939663264666266383737336138
66383432363631323136386466316364653935356435303464623332396362373433376538666339
62643237316439386261646564323939323266396561346565386533636332356131366637346339
33653862633165323633383661653431396232653338313138306236363430313234363832346537
32386639366233373836306337626462633136396634363836353139626136663233333437356133
61646133313935356262666362653139313430616132373239653039323734366334363137613531
30653331356533666464346665363136336530613438333133383663353663393830623837363538
34613164313435376266386136666635346236363033636161376436396462353430356561613030
66613733666665376139383736666234396232316162366235373363376535383337313462643636
35383739383438376137383234373837666339356630613862633536363739343763303562393161
30306664373830383866353362333333303434343039316665323065653939323063336261313263
64616438383661643037366536313834356334306365383833663562343338326163336630313764
38646465373466613263646434643365303661386631623663393064366236306662303030656138
61326331653432636437313836666135646566616136313262366531613563393165353632636139
34306237663463313433343062353565623039643766363935303036393738333132656361646163
32396539643430376264373164323664396533323864613436373830383764363437373237653230
66323961323964626534633138616533326663663761326162343932323131343236653430313332
35373237326336343539386138613639616138386531643638353666313232646137623362643734
65383537323838326661346139363838653461636466396233633532366266653532643034303664
65656535383934623632316336663734616462336666333937363766656633313131363532336134
61333837656236303531646566306462343065643834393637363065616130366132393937356339
31336364363136323333343035356332303330656435373465316462353336356436666231646466
37633731356131303139343530363038346666313339336635316262306536373236343431353965
66313037386437303238303537356132363135643461303935366262666534323338636662633238
61306662663863363664626135373161373333303534393763323935376161653864363534376438
39373035373536386461633032646135316461376363633532336432313434313465633434333062
36323161663638643939396137393966376461333362663662376635643731616236386166303565
39633236303537303336323335363634633562326164346136646537633238353564623538363533
61336332353238653463636438633830393939656431626364636333313865313536313936633837
38316438616335343361336164643262626238323634376366646233336461303966666664663265
39366338386135366563343939616364303932643637323066306337323262366135643430663666
30396263303337376464653435356535656533333132373636313364643434313532643333613265
34343639653162663461326434663237643761333439343034313333623966666564653339366330
30616262363865653933343631396636313365363761393530623330353566626639636535393834
35343833353636316339336231303134393763653865306531356633656163383761383333313233
32303137393435633836643531373139313263353366373564333132646438666336626531333565
39653463333562613731326333313439393865306461313563626139393463376333396431393039
33303064366465653830663838386362616337636130336632366331343036623437356463313063
64643761353337303239636134613534653234613232623738643134653139303266343937666261
66663531613064366566323037613134653934663037646463376336306438363065343736346430
33303836356632616139393637653332383763306136376535346338353832303130336637653839
30656466326238363838313366636636633934666235373331633961646565323438643366633534
64616133393030376265316531376536633433303936326438363732313066613062313865376331
32336363366262313934633536623038613035336532353862633265313034666339656233376132
66663364306663363130653137373063333366336238656233383733333331306433393938306662
66646330303038633637333061373561393263323933353363336139643335613434303735666564
37333537356230623061613030633235373639376338663438616431616562643236616231383630
36383736613230633366353362333937303137333130636562663061373132633638636561666430
65656664316538626662356561383337326463383833306335306166383433386439366564306430
62386234306565646161353764336466323539613234353837386639386662363535353461643432
63303032313561303438336534303163633232386432626563353032386131383939373462303034
65386335653662373461366535343732353337323232376264326565306237623733346462333332
62636436626331613761366166343866356164346232353365393737383962666437643831646161
36366530346137333631383132646137653762366435613439646466363439373462643138366533
33656235316664383166326332326436316334623565613137393539303235373037353561306161
32623838643831386139396163666466326466316336333839336536363964343233336139616666
61363434643438346464643532666663336466663531353064643062613639643236313633363666
34623031373464313634383963373833666538623638333535643236306230653863623636663039
31333063656265353638363537323061313666396264333830303639333634653533643230323237
39326366323537613634613362326138633832616461363533393964613966336335333635323137
61303461363738613763666266636164666163633936323665346530643435613165376132303833
35643165326161623765613231626536333933653162383963323235316135656535396331313562
63333139613934333262633637623631343164656336303262313262623761323236393566646131
37396461303438333466343164383666666562316364643533616131346661633034343334323062
34326132613139653835306132626438386632663839636565363363636334646635313161653663
64633863663034326133363235326432346533646132363430373665386634646131343565333739
63376663393637616137386238663337303531363534613961313134613735393035376231323735
39306139633536333566383034646431383466396539646538313730653635623038303431393939
61373031336132616130386530326462353438626532636538656266363336353538383036323237
31353961373462636231376631396534656337636266343264323565363533613132623237663762
39636539333637623738316265393363373461653237336634663162373466653665346236653237
34353830633030363633393031393537383333623563613837633432626437383066623138663165
39623461303836333137303838343639323736373831616266623564333030393039356361653630
64366433663836393338616339656539613965616164366632613066623334633166396463333130
33616631623931396234336639326334333566386239623163383433663561393338396435343231
35343164343363343361626265353031363831336262633866346530353737366333653262666330
61363365396566633033666235343637333034353364363635633931393966653962623039313432
39323563373535626563643633366637323263333037313632346534623466353631

4
host_vars/bob.binary.kitchen Normal file
View file

@ -0,0 +1,4 @@
---
forgejo_runner_token: "{{ vault_forgejo_runner_token }}"
forgejo_runner_uuid: 11d90a62-950b-4c68-ae1c-3589eb99a1d6

7
roles/act_runner/defaults/main.yml
View file

@ -1,7 +0,0 @@
---
actrunner_user: act_runner
actrunner_group: act_runner
actrunner_version: 0.2.13
actrunner_url: https://gitea.com/gitea/act_runner/releases/download/v{{ actrunner_version }}/act_runner-{{ actrunner_version }}-linux-amd64

62
roles/act_runner/tasks/main.yml
View file

@ -1,62 +0,0 @@
---
- name: Create group
group:
name: "{{ actrunner_group }}"
- name: Create user
user:
name: "{{ actrunner_user }}"
home: /var/lib/act_runner
group: "{{ actrunner_group }}"
groups: docker
- name: Create directories
file:
path: "{{ item }}"
state: directory
owner: "{{ actrunner_user }}"
group: "{{ actrunner_group }}"
mode: "0755"
with_items:
- /etc/act_runner
- /var/lib/act_runner
- name: Download act_runner binary
get_url:
url: "{{ actrunner_url }}"
dest: /usr/local/bin/act_runner-{{ actrunner_version }}
mode: "0755"
register: runner_download
- name: Symlink act_runner binary
file:
src: /usr/local/bin/act_runner-{{ actrunner_version }}
dest: /usr/local/bin/act_runner
state: link
when: runner_download.changed
notify: Restart act_runner
- name: Configure act_runner
template:
src: config.yaml.j2
dest: /etc/act_runner/config.yaml
owner: "{{ actrunner_user }}"
group: "{{ actrunner_group }}"
mode: "0644"
notify: Restart act_runner
- name: Install systemd unit
template:
src: act_runner.service.j2
dest: /lib/systemd/system/act_runner.service
mode: "0644"
notify:
- Reload systemd
- Restart act_runner
- name: Enable act_runner
service:
name: act_runner
state: started
enabled: true

16
roles/act_runner/templates/act_runner.service.j2
View file

@ -1,16 +0,0 @@
[Unit]
Description=Gitea Actions runner
Documentation=https://gitea.com/gitea/act_runner
After=docker.service
[Service]
ExecStart=/usr/local/bin/act_runner daemon --config /etc/act_runner/config.yaml
ExecReload=/bin/kill -s HUP $MAINPID
WorkingDirectory=/var/lib/act_runner
TimeoutSec=0
RestartSec=10
Restart=always
User={{ actrunner_user }}
[Install]
WantedBy=multi-user.target

86
roles/act_runner/templates/config.yaml.j2
View file

@ -1,86 +0,0 @@
log:
# The level of logging, can be trace, debug, info, warn, error, fatal
level: warn
runner:
# Where to store the registration result.
file: .runner
# Execute how many tasks concurrently at the same time.
capacity: 4
# Extra environment variables to run jobs.
envs:
# Extra environment variables to run jobs from a file.
# It will be ignored if it's empty or the file doesn't exist.
env_file: .env
# The timeout for a job to be finished.
# Please note that the Gitea instance also has a timeout (3h by default) for the job.
# So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
timeout: 3h
# Whether skip verifying the TLS certificate of the Gitea instance.
insecure: false
# The timeout for fetching the job from the Gitea instance.
fetch_timeout: 5s
# The interval for fetching the job from the Gitea instance.
fetch_interval: 2s
# The labels of a runner are used to determine which jobs the runner can run, and how to run them.
# Like: ["macos-arm64:host", "ubuntu-latest:docker://node:16-bullseye", "ubuntu-22.04:docker://node:16-bullseye"]
# If it's empty when registering, it will ask for inputting labels.
# If it's empty when execute `deamon`, will use labels in `.runner` file.
labels: [
"ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest",
"ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04",
"ubuntu-20.04:docker://ghcr.io/catthehacker/ubuntu:act-20.04",
]
cache:
# Enable cache server to use actions/cache.
enabled: true
# The directory to store the cache data.
# If it's empty, the cache data will be stored in $HOME/.cache/actcache.
dir: ""
# The host of the cache server.
# It's not for the address to listen, but the address to connect from job containers.
# So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
host: ""
# The port of the cache server.
# 0 means to use a random available port.
port: 0
# The external cache server URL. Valid only when enable is true.
# If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
# The URL should generally end with "/".
external_server: ""
container:
# Specifies the network to which the container will connect.
# Could be host, bridge or the name of a custom network.
# If it's empty, act_runner will create a network automatically.
network: ""
# Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
privileged: false
# And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
options:
# The parent directory of a job's working directory.
# If it's empty, /workspace will be used.
workdir_parent:
# Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
# You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
# For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
# valid_volumes:
# - data
# - /src/*.json
# If you want to allow any volume, please use the following configuration:
# valid_volumes:
# - '**'
valid_volumes: []
# overrides the docker client host with the specified one.
# If it's empty, act_runner will find an available docker host automatically.
# If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
# If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
docker_host: ""
# Pull docker image(s) even if already present
force_pull: false
host:
# The parent directory of a job's working directory.
# If it's empty, $HOME/.cache/act/ will be used.
workdir_parent:

6
roles/forgejo/files/forgejo.botPolicies.yaml
View file

@ -81,9 +81,9 @@ bots:
weight:
adjust: 10
# Allow Gitea actions/runner
- name: gitea-act-runnter
user_agent_regex: connect-go
# Allow Forgejo Runner
- name: forgejo-runner
user_agent_regex: forgejo-runner
action: ALLOW
# Allow our own infra (e.g. matrix previews)

7
roles/forgejo_runner/defaults/main.yml Normal file
View file

@ -0,0 +1,7 @@
---
forgejo_runner_user: runner
forgejo_runner_group: runner
forgejo_runner_version: 12.10.1
forgejo_runner_url: https://code.forgejo.org/forgejo/runner/releases/download/v{{ forgejo_runner_version }}/forgejo-runner-{{ forgejo_runner_version }}-linux-amd64

4
roles/act_runner/handlers/main.yml → roles/forgejo_runner/handlers/main.yml
View file

@ -4,7 +4,7 @@
systemd:
daemon_reload: true
- name: Restart act_runner
- name: Restart forgejo_runner
service:
name: act_runner
name: forgejo_runner
state: restarted

0
roles/act_runner/meta/main.yml → roles/forgejo_runner/meta/main.yml
View file

62
roles/forgejo_runner/tasks/main.yml Normal file
View file

@ -0,0 +1,62 @@
---
- name: Create group
group:
name: "{{ forgejo_runner_group }}"
- name: Create user
user:
name: "{{ forgejo_runner_user }}"
home: /var/lib/forgejo_runner
group: "{{ forgejo_runner_group }}"
groups: docker
- name: Create directories
file:
path: "{{ item }}"
state: directory
owner: "{{ forgejo_runner_user }}"
group: "{{ forgejo_runner_group }}"
mode: "0755"
with_items:
- /etc/forgejo_runner
- /var/lib/forgejo_runner
- name: Download forgejo_runner binary
get_url:
url: "{{ forgejo_runner_url }}"
dest: /usr/local/bin/forgejo_runner-{{ forgejo_runner_version }}
mode: "0755"
register: runner_download
- name: Symlink forgejo_runner binary
file:
src: /usr/local/bin/forgejo_runner-{{ forgejo_runner_version }}
dest: /usr/local/bin/forgejo_runner
state: link
when: runner_download.changed
notify: Restart forgejo_runner
- name: Configure forgejo_runner
template:
src: config.yaml.j2
dest: /etc/forgejo_runner/config.yaml
owner: "{{ forgejo_runner_user }}"
group: "{{ forgejo_runner_group }}"
mode: "0644"
notify: Restart forgejo_runner
- name: Install systemd unit
template:
src: forgejo_runner.service.j2
dest: /lib/systemd/system/forgejo_runner.service
mode: "0644"
notify:
- Reload systemd
- Restart forgejo_runner
- name: Enable forgejo_runner
service:
name: forgejo_runner
state: started
enabled: true

259
roles/forgejo_runner/templates/config.yaml.j2 Normal file
View file

@ -0,0 +1,259 @@
#
# The value of level or job_level can be trace, debug, info, warn, error or fatal
#
log:
#
# What is displayed in the output of the runner process but not sent
# to the Forgejo instance.
#
level: info
#
# What is sent to the Forgejo instance and therefore
# visible in the web UI for a given job.
#
job_level: info
runner:
# Where to store the registration result.
file: .runner
# Execute how many tasks concurrently at the same time.
capacity: 4
# Extra environment variables to run jobs.
envs:
# Extra environment variables to run jobs from a file.
# It will be ignored if it's empty or the file doesn't exist.
env_file: .env
# The timeout for a job to be finished.
# Please note that the Forgejo instance also has a timeout (3h by default) for the job.
# So the job could be stopped by the Forgejo instance if its timeout is shorter than this.
timeout: 3h
# The timeout for the runner to wait for running jobs to finish when
# shutting down because a TERM or INT signal has been received. Any
# running jobs that haven't finished after this timeout will be
# canceled.
# If unset or zero, the jobs will be canceled immediately.
shutdown_timeout: 3h
# Whether skip verifying the TLS certificate of the instance.
insecure: false
# The timeout for fetching the job from the Forgejo instance.
fetch_timeout: 30s
# The interval for fetching the job from the Forgejo instance.
fetch_interval: 2s
# The interval for reporting the job status and logs to the Forgejo instance.
report_interval: 1s
# At the end of a job, retry configuration for sending logs to remote.
# report_retry:
# # Maximum number of retry attempts.
# max_retries: 10
# # Initial delay between retries. Delay between retries doubles up to `max_delay`.
# initial_delay: 100ms
# # Maximum delay between retries, defaults to 0, 0 is treated as no maximum.
# max_delay: 0
# The labels of a runner are used to determine which jobs the runner can run and how to run them.
# Like: ["macos-arm64:host", "ubuntu-latest:docker://node:20-bookworm", "ubuntu-22.04:docker://node:20-bookworm"]
# If it's empty when registering, it will ask for inputting labels.
# If it's empty when executing the `daemon`, it will use labels in the `.runner` file.
labels:
- debian-12:docker://debian:bookworm-slim
- debian-13:docker://debian:trixie-slim
- debian-latest:docker://debian:trixie-slim
- ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04
- ubuntu-24.04:docker://ghcr.io/catthehacker/ubuntu:act-24.04
- ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-24.04
cache:
#
# When enabled, workflows will be given the ACTIONS_CACHE_URL environment variable
# used by the https://code.forgejo.org/actions/cache action. The server at this
# URL must implement a compliant REST API, and it must also be reachable from
# the container or host running the workflows.
#
# See also https://forgejo.org/docs/next/user/actions/advanced-features/#cache
#
# When it is not enabled, none of the following options apply.
#
# It works as follows:
#
# - the workflow is given a one-time use ACTIONS_CACHE_URL
# - a cache proxy listens to ACTIONS_CACHE_URL
# - the cache proxy securely communicates with the cache server using
# a shared secret
#
enabled: true
#
#######################################################################
#
# Only used for the internal cache server.
#
# If external_server is not set, the Forgejo runner will spawn a
# cache server that will be used by the cache proxy.
#
#######################################################################
#
# The port being bound by the internal cache server.
# 0 means to use a random available port.
#
port: 0
#
# The directory to store the cache data.
#
# If empty, the cache data will be stored in $HOME/.cache/actcache.
#
dir: ""
#
#######################################################################
#
# Only used for the external cache server.
#
# If external_server is set, the internal cache server is not
# spawned.
#
#######################################################################
#
# The URL of the cache server. The URL should generally end with
# "/". The cache proxy will forward requests to the external
# server. The requests are authenticated with the "secret" that is
# shared with the external server.
#
external_server: ""
#
# The shared cache secret used to secure the communications between
# the cache proxy and the cache server.
#
# If empty, it will be generated to a new secret automatically when
# the server starts, and it will stay the same until it restarts.
#
# `secret` and `secret_url` are mutually exclusive.
#
secret: ""
#
# The secret for securing the cache can alternatively be loaded from a URL.
# Currently, only file URLs can be resolved. Example:
# `file:/path/to/secret.txt`.
#
# `secret_url` supports a single placeholder: `$CREDENTIALS_DIRECTORY`. If
# the environment variable `CREDENTIALS_DIRECTORY` exists, the placeholder is
# replaced with the value of `CREDENTIALS_DIRECTORY`. Otherwise, it is
# retained.
#
# Example: file:$CREDENTIALS_DIRECTORY/secret.txt
#
# `secret` and `secret_url` are mutually exclusive.
#
secret_url: ""
#
#######################################################################
#
# Common to the internal and external cache server
#
#######################################################################
#
# The IP or hostname (195.84.20.30 or example.com) to use when constructing
# ACTIONS_CACHE_URL which is the URL of the cache proxy.
#
# If empty, it will be detected automatically.
#
# It may be impossible to figure out the host automatically if the containers
# or host running the workflows reside on a different network than the Forgejo
# runner. For example, if the Docker server used to create containers is not
# running on the same host as the Forgejo runner.
# In that case you can specify which IP or hostname to use to reach the
# internal cache server created by the Forgejo runner.
#
host: ""
#
# The port bound by the internal cache proxy.
# 0 means to use a random available port.
#
proxy_port: 0
#
# Overrides the ACTIONS_CACHE_URL variable passed to workflow
# containers. The URL should generally not end with "/". This should only
# be used if the runner host is not reachable from the workflow containers
# and requires further setup.
#
actions_cache_url_override: ""
container:
# Specifies the network to which the container will connect.
# Could be `host`, `bridge` or the name of a custom network.
# If it's empty, create a network automatically.
network: ""
# Whether to create networks with IPv6 enabled. Requires the Docker daemon to be set up accordingly.
# Only takes effect if "network" is set to "".
enable_ipv6: false
# Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
privileged: false
# And other options to be used when the container is started (e.g., --volume /etc/ssl/certs:/etc/ssl/certs:ro).
options:
# The parent directory of a job's working directory.
# If it's empty, /workspace will be used.
workdir_parent:
# Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
# You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
# For example, if you only allow containers to mount the `data` volume and all the JSON files in `/src`, you should change the config to:
# valid_volumes:
# - data
# - /etc/ssl/certs
# If you want to allow any volume, please use the following configuration:
# valid_volumes:
# - '**'
valid_volumes: []
# Overrides the docker host set by the DOCKER_HOST environment variable, and mounts on the job container.
# If "-" or "", no docker host will be mounted in the job container
# If "automount", an available docker host will automatically be found and mounted in the job container (e.g., /var/run/docker.sock).
# If it's a url, the specified docker host will be mounted in the job container
# Example urls: unix:///run/docker.socket or ssh://user@host
# The specified socket is mounted within the job container at /var/run/docker.sock
docker_host: "-"
# Pull docker image(s) even if already present
force_pull: false
# Rebuild local docker image(s) even if already present
force_rebuild: false
host:
# The parent directory of a job's working directory.
# If it's empty, $HOME/.cache/act/ will be used.
workdir_parent:
server:
# A map of connections to one or more Forgejo instances. Example:
#
# ```
# connections:
# example:
# url: https://example.com/
# uuid: c9e50be9-a7c3-4aee-ba35-624c4ff8c519
# token: 6634bb58be0db23cc013a2e72dd1828ae0257cf
# fetch_interval: 30s
# codeberg:
# url: https://codeberg.org/
# uuid: f543b661-cb02-4ba2-9820-108df62808b5
# token_url: file:$CREDENTIALS_DIRECTORY/token.txt
# labels:
# - debian:docker://docker.io/library/node:lts-trixie
# ```
#
# The map's keys (`example`, and `codeberg` above) serve as the connections'
# names.
#
# The runner token can either be specified inline using `token` or be loaded
# from a file using `token_url`. The methods are mutually exclusive.
# `token_url` supports a single placeholder: `$CREDENTIALS_DIRECTORY`. If the
# environment variable `CREDENTIALS_DIRECTORY` exists, the placeholder is
# replaced with the value of `CREDENTIALS_DIRECTORY`. Otherwise, it is
# retained.
#
# Labels defined on a connection are limited to that particular connection.
# If a connection defines no labels, the labels declared by `runner.labels`
# are used instead.
#
# `fetch_interval` specifies how often Forgejo Runner should ask Forgejo for
# pending jobs. If `fetch_interval` is not defined on a connection,
# `runner.fetch_interval` is used. Note that Forgejo Runner might enforce a
# minimum value for certain instances like Codeberg.
connections:
forgejo:
url: https://{{ forgejo_domain }}/
uuid: {{ forgejo_runner_uuid }}
token: {{ forgejo_runner_token }}

18
roles/forgejo_runner/templates/forgejo_runner.service.j2 Normal file
View file

@ -0,0 +1,18 @@
[Unit]
Description=Forgejo Runner
Documentation=https://forgejo.org/docs/latest/admin/actions/
After=docker.service
[Service]
ExecStart=/usr/local/bin/forgejo_runner daemon -c /etc/forgejo_runner/config.yaml
ExecReload=/bin/kill -s HUP $MAINPID
# This user and working directory must already exist
User={{ forgejo_runner_user }}
WorkingDirectory=/var/lib/forgejo_runner
Restart=on-failure
TimeoutSec=0
RestartSec=10
[Install]
WantedBy=multi-user.target

4
site.yml
View file

@ -52,10 +52,10 @@
roles:
- freepbx
- name: Setup gitea runner server
- name: Setup Forgejo Runner server
hosts: bob.binary.kitchen
roles:
- act_runner
- forgejo_runner
- name: Setup strichliste server
hosts: tschunk.binary.kitchen