Fix issues with Gitea Actions/Podman integration
Socket access and permissions thereof have been made clearer by use of a specific group and mode.
This commit is contained in:
parent
c451a25d0c
commit
5433886e8d
|
@ -14,12 +14,8 @@ runner:
|
|||
fetch_interval: 2s
|
||||
# The labels of a runner are used to determine which jobs the runner can run, and how to run them.
|
||||
labels:
|
||||
- "debian-latest:docker://node:latest"
|
||||
- "debian-bookworm:docker://node:bookworm"
|
||||
- "ubuntu-latest:docker://node:latest"
|
||||
- "ubuntu-22.04:docker://node:bullseye"
|
||||
- "alpine-latest:docker://node:alpine"
|
||||
- "alpine-3.19:docker://node:alpine3.19"
|
||||
- "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
|
||||
- "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
|
||||
cache:
|
||||
# Enable cache server to use actions/cache.
|
||||
enabled: true
|
||||
|
@ -27,11 +23,11 @@ cache:
|
|||
dir: /var/lib/gitea-actions/cache
|
||||
container:
|
||||
# Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
|
||||
privileged: false
|
||||
privileged: true
|
||||
# Use default network in containers.
|
||||
network: bridge
|
||||
# Overrides the Docker client host with the specified one.
|
||||
docker_host: unix:///run/podman-gitea-actions.sock
|
||||
docker_host: unix:///run/gitea-actions/podman.sock
|
||||
host:
|
||||
# The parent directory of a job's working directory.
|
||||
workdir_parent: /var/lib/gitea-actions/jobs
|
||||
|
|
|
@ -7,7 +7,6 @@ envsubst < /etc/gitea/actions.yaml.template > /etc/gitea/actions.yaml
|
|||
|
||||
# Create data directories and correct permissions for data files.
|
||||
chown -R git:git /var/lib/gitea-actions
|
||||
chown root:git /run/podman-gitea-actions.sock
|
||||
|
||||
# Initialize token for Gitea Actions in shared volume.
|
||||
if ! test -f /var/lib/gitea-actions/runner-global; then
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
[Unit]
|
||||
Description=Gitea Actions CI/CD
|
||||
[email protected] gitea.service podman-gitea-actions.socket
|
||||
[email protected] gitea.service podman-gitea-actions.socket
|
||||
[email protected] gitea.service gitea-actions-podman.socket
|
||||
[email protected] gitea.service gitea-actions-podman.socket
|
||||
|
||||
[Container]
|
||||
AutoUpdate=local
|
||||
|
@ -11,7 +11,7 @@ Image=localhost/gitea:latest
|
|||
PodmanArgs=--security-opt label=disable --entrypoint /run-gitea-actions
|
||||
Volume=%N:/var/lib/%N:z
|
||||
Volume=/tmp/runner-token:/etc/gitea/runner-token
|
||||
Volume=%t/podman-gitea-actions.sock:/run/podman-gitea-actions.sock
|
||||
Volume=/run/gitea-actions/podman.sock:/run/gitea-actions/podman.sock
|
||||
|
||||
[Service]
|
||||
ExecStartPre=/bin/bash -c 'podman exec gitea gosu git /usr/bin/gitea -c /etc/gitea/config.ini actions generate-runner-token > /tmp/runner-token'
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
[Unit]
|
||||
Description=Podman API Service for Gitea Actions
|
||||
Requires=podman-gitea-actions.socket
|
||||
After=podman-gitea-actions.socket
|
||||
Requires=gitea-actions-podman.socket
|
||||
After=gitea-actions-podman.socket
|
||||
Documentation=man:podman-system-service(1)
|
||||
StartLimitIntervalSec=0
|
||||
|
||||
|
@ -11,6 +11,7 @@ Type=exec
|
|||
KillMode=process
|
||||
Environment=LOGGING="--log-level=info"
|
||||
User=gitea-actions
|
||||
ExecStartPre=!chown root:gitea-actions /run/gitea-actions
|
||||
ExecStart=/usr/bin/podman $LOGGING system service
|
||||
|
||||
[Install]
|
|
@ -3,8 +3,8 @@ Description=Podman API Socket for Gitea Actions
|
|||
Documentation=man:podman-system-service(1)
|
||||
|
||||
[Socket]
|
||||
ListenStream=%t/podman-gitea-actions.sock
|
||||
SocketMode=0660
|
||||
ListenStream=/run/gitea-actions/podman.sock
|
||||
DirectoryMode=0770
|
||||
|
||||
[Install]
|
||||
WantedBy=sockets.target
|
Loading…
Reference in New Issue