gitea: Add support for Gitea Actions CI/CD
This adds infrastructure and configuration required for running a host-local instance of Gitea Actions, with rootless Podman-in-Podman enabled for the dedicated `gitea-actions` user. By default, the rootless Podman instance is activated via systemd, and does not run when it is not used.
This commit is contained in:
parent
45ebcab62e
commit
4da644b634
|
@ -1,9 +1,15 @@
|
|||
FROM docker.io/debian:bookworm-slim@sha256:ccb33c3ac5b02588fc1d9e4fc09b952e433d0c54d8618d0ee1afadf1f3cf2455 AS builder
|
||||
FROM docker.io/debian:bookworm-slim@sha256:ccb33c3ac5b02588fc1d9e4fc09b952e433d0c54d8618d0ee1afadf1f3cf2455 AS builder-gitea
|
||||
ARG VERSION=1.21.10 # renovate: datasource=github-releases depName=go-gitea/gitea extractVersion=^v(?<version>.*)$
|
||||
|
||||
ADD https://dl.gitea.io/gitea/${VERSION}/gitea-${VERSION}-linux-amd64 /src/gitea
|
||||
RUN install -D --mode 0755 /src/gitea /build/usr/bin/gitea
|
||||
|
||||
FROM docker.io/golang:1.22-bookworm@sha256:d996c645c9934e770e64f05fc2bc103755197b43fd999b3aa5419142e1ee6d78 AS builder-act-runner
|
||||
ARG VERSION=0.2.9 # renovate: datasource=gitea-releases depName=gitea/act_runner extractVersion=^v(?<version>.*)$
|
||||
|
||||
ADD https://dl.gitea.com/act_runner/${VERSION}/act_runner-${VERSION}-linux-amd64 /src/act_runner
|
||||
RUN install -D --mode 0755 /src/act_runner /build/usr/bin/act_runner
|
||||
|
||||
FROM docker.io/debian:bookworm-slim@sha256:ccb33c3ac5b02588fc1d9e4fc09b952e433d0c54d8618d0ee1afadf1f3cf2455
|
||||
RUN apt-get update -y && apt-get upgrade -y && apt-get install -y --no-install-recommends \
|
||||
ca-certificates gettext gosu
|
||||
|
@ -13,9 +19,11 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \
|
|||
|
||||
RUN adduser --system --group --uid 10000 --home /var/lib/gitea git
|
||||
|
||||
COPY --from=builder /build /
|
||||
COPY --from=builder-gitea /build /
|
||||
COPY --from=builder-act-runner /build /
|
||||
COPY container/config /etc/gitea
|
||||
COPY container/run-gitea /run-gitea
|
||||
COPY container/run-gitea-actions /run-gitea-actions
|
||||
|
||||
EXPOSE 8080 7920
|
||||
ENTRYPOINT ["/run-gitea"]
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
log:
|
||||
# The level of logging, can be trace, debug, info, warn, error, fatal.
|
||||
level: info
|
||||
runner:
|
||||
# Where to store the registration result.
|
||||
file: /var/lib/gitea-actions/runner-global
|
||||
# Execute how many tasks concurrently at the same time.
|
||||
capacity: 3
|
||||
# The timeout for a job to be finished.
|
||||
timeout: 3h
|
||||
# The timeout for fetching the job from the Gitea instance.
|
||||
fetch_timeout: 5s
|
||||
# The interval for fetching the job from the Gitea instance.
|
||||
fetch_interval: 2s
|
||||
# The labels of a runner are used to determine which jobs the runner can run, and how to run them.
|
||||
labels:
|
||||
- "debian-latest:docker://node:latest"
|
||||
- "debian-bookworm:docker://node:bookworm"
|
||||
- "ubuntu-latest:docker://node:latest"
|
||||
- "ubuntu-22.04:docker://node:bullseye"
|
||||
- "alpine-latest:docker://node:alpine"
|
||||
- "alpine-3.19:docker://node:alpine3.19"
|
||||
cache:
|
||||
# Enable cache server to use actions/cache.
|
||||
enabled: true
|
||||
# The directory to store the cache data.
|
||||
dir: /var/lib/gitea-actions/cache
|
||||
container:
|
||||
# Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
|
||||
privileged: false
|
||||
# Use default network in containers.
|
||||
network: bridge
|
||||
# Overrides the Docker client host with the specified one.
|
||||
docker_host: unix:///run/podman-gitea-actions.sock
|
||||
host:
|
||||
# The parent directory of a job's working directory.
|
||||
workdir_parent: /var/lib/gitea-actions/jobs
|
|
@ -1,7 +1,7 @@
|
|||
APP_NAME = ${GITEA_APP_NAME}
|
||||
APP_NAME = ${GITEA_APP_NAME}
|
||||
WORK_PATH = /var/lib/gitea
|
||||
RUN_USER = git
|
||||
RUN_MODE = prod
|
||||
RUN_USER = git
|
||||
RUN_MODE = prod
|
||||
|
||||
[repository]
|
||||
ROOT = /var/lib/gitea/repositories
|
||||
|
@ -75,3 +75,6 @@ SMTP_ADDR = ${GITEA_MAILER_SMTP_ADDR}
|
|||
SMTP_PORT = ${GITEA_MAILER_SMTP_PORT}
|
||||
USER = ${GITEA_MAILER_USER}
|
||||
PASSWD = `${GITEA_MAILER_PASSWD}`
|
||||
|
||||
[actions]
|
||||
ENABLED = true
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -eu
|
||||
|
||||
# Initialize configuration for Gitea Actions.
|
||||
envsubst < /etc/gitea/actions.yaml.template > /etc/gitea/actions.yaml
|
||||
|
||||
# Initialize token for Gitea Actions in shared volume.
|
||||
if ! test -f /var/lib/gitea-actions/runner-global; then
|
||||
/usr/bin/act_runner --config /etc/gitea/actions.yaml register \
|
||||
--no-interactive \
|
||||
--name "actions-global" \
|
||||
--instance "https://${GITEA_DOMAIN}" \
|
||||
--token "$(cat /etc/gitea/runner-token)"
|
||||
fi
|
||||
|
||||
# Run entrypoint under specific user.
|
||||
exec /usr/bin/act_runner --config /etc/gitea/actions.yaml daemon "$@"
|
|
@ -0,0 +1,22 @@
|
|||
[Unit]
|
||||
Description=Gitea Actions CI/CD
|
||||
[email protected] gitea.service podman-gitea-actions.socket
|
||||
[email protected] gitea.service podman-gitea-actions.socket
|
||||
|
||||
[Container]
|
||||
AutoUpdate=local
|
||||
ContainerName=%N
|
||||
EnvironmentFile=%E/coreos-home-server/gitea/gitea.env
|
||||
Image=localhost/gitea:latest
|
||||
PodmanArgs=--security-opt label=disable --entrypoint /run-gitea-actions
|
||||
Volume=%N:/var/lib/%N:z
|
||||
Volume=/tmp/runner-token:/etc/gitea/runner-token
|
||||
Volume=%t/podman-gitea-actions.sock:/run/podman-gitea-actions.sock
|
||||
|
||||
[Service]
|
||||
ExecStartPre=/bin/bash -c 'podman exec gitea gosu git /usr/bin/gitea -c /etc/gitea/config.ini actions generate-runner-token > /tmp/runner-token'
|
||||
PrivateTmp=true
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -4,5 +4,21 @@ storage:
|
|||
trees:
|
||||
- path: /etc/coreos-home-server/gitea
|
||||
local: service/gitea/
|
||||
- path: /etc/systemd/system
|
||||
local: service/gitea/systemd/
|
||||
- path: /etc/containers/systemd
|
||||
local: service/gitea/quadlet/
|
||||
files:
|
||||
- path: /etc/subuid
|
||||
append:
|
||||
- inline: |
|
||||
gitea-actions:1000000:65536
|
||||
- path: /etc/subgid
|
||||
append:
|
||||
- inline: |
|
||||
gitea-actions:1000000:65536
|
||||
passwd:
|
||||
users:
|
||||
- name: gitea-actions
|
||||
shell: /usr/sbin/nologin
|
||||
system: true
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
[Unit]
|
||||
Description=Podman API Service for Gitea Actions
|
||||
Requires=podman-gitea-actions.socket
|
||||
After=podman-gitea-actions.socket
|
||||
Documentation=man:podman-system-service(1)
|
||||
StartLimitIntervalSec=0
|
||||
|
||||
[Service]
|
||||
Delegate=true
|
||||
Type=exec
|
||||
KillMode=process
|
||||
Environment=LOGGING="--log-level=info"
|
||||
User=gitea-actions
|
||||
ExecStart=/usr/bin/podman $LOGGING system service
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -0,0 +1,10 @@
|
|||
[Unit]
|
||||
Description=Podman API Socket for Gitea Actions
|
||||
Documentation=man:podman-system-service(1)
|
||||
|
||||
[Socket]
|
||||
ListenStream=%t/podman-gitea-actions.sock
|
||||
SocketMode=0660
|
||||
|
||||
[Install]
|
||||
WantedBy=sockets.target
|
Loading…
Reference in New Issue