act runner

inventory.ini

@@ -0,0 +1,2 @@
+[main]
+server ansible_host=192.168.4.2 ansible_port=4707 ansible_user=root ansible_python_interpreter=/usr/bin/python3

playbooks/files/act_runner-updater.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+error () {
+  printf '%s\n' "=== Failed to update ==="
+  exit 1
+}
+
+echo "=== Updating Act Runner to v$1 ==="
+
+systemctl stop act_runner.service || error
+
+wget -nv -O /usr/local/bin/act_runner https://gitea.com/gitea/act_runner/releases/download/v$1/act_runner-$1-linux-amd64 || error
+
+systemctl start act_runner.service || error
+
+systemctl is-active act_runner.service || error
+
+systemctl status act_runner.service || error
+
+echo "=== Update finished ==="

playbooks/files/act_runner.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=Gitea Actions runner
+Documentation=https://docs.gitea.com/usage/actions/act-runner
+After=docker.service
+
+[Service]
+ExecStart=/usr/local/bin/act_runner daemon --config /opt/runner/config.yml
+ExecReload=/bin/kill -s HUP $MAINPID
+WorkingDirectory=/opt/runner
+TimeoutSec=0
+RestartSec=10
+Restart=always
+User=runner
+
+[Install]
+WantedBy=multi-user.target

playbooks/files/runner-config.yml

@@ -0,0 +1,36 @@
+log:
+  # The level of logging, can be trace, debug, info, warn, error, fatal
+  level: info
+
+runner:
+  file: .runner
+  capacity: 1
+  envs:
+  env_file: .env
+  timeout: 10m
+  insecure: false
+  fetch_timeout: 5s
+  fetch_interval: 2s
+
+cache:
+  enabled: true
+  # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
+  dir: ""
+  # The host of the cache server.
+  # It's not for the address to listen, but the address to connect from job containers.
+  # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
+  host: ""
+  # The port of the cache server.
+  # 0 means to use a random available port.
+  port: 0
+
+container:
+  # Which network to use for the job containers. Could be bridge, host, none, or the name of a custom network.
+  network: proxy-net
+  # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
+  privileged: false
+  # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
+  options:
+  # The parent directory of a job's working directory.
+  # If it's empty, /workspace will be used.
+  workdir_parent:

playbooks/gitea.yml

@@ -0,0 +1,109 @@
+# code language=ansible
+---
+
+- name: Install act_runner
+  hosts: main
+  vars:
+    gitea__tasks:
+      - all
+  vars_prompt:
+    - name: gitea__runner_token
+      prompt: Input your runner token obtained on https://git.cantorgymnasium.de/org/gcg/settings/actions/runners
+      private: false
+  tasks:
+    - name: Get latest act_runner version
+      ansible.builtin.uri:
+        url: https://gitea.com/api/v1/repos/gitea/act_runner/releases
+        method: GET
+        force: true
+        return_content: true
+      run_once: true
+      register: json_response
+
+    - name: Install act_runner {{ act_runner_version }}
+      vars:
+        act_runner_version: "{{ (json_response.content | from_json)[0].name | replace('v', '') }}"
+      ansible.builtin.get_url:
+        url: https://gitea.com/gitea/act_runner/releases/download/v{{ act_runner_version }}/act_runner-{{ act_runner_version }}-linux-amd64
+        dest: /usr/local/bin/act_runner
+        mode: 0755
+
+    - name: Create runner user
+      ansible.builtin.user:
+        name: runner
+        password: !
+        append: true
+        groups: docker
+        create_home: true
+        home: /opt/runner
+
+    - name: Set correct home directory permissions
+      ansible.builtin.file:
+        name: /opt/runner
+        state: directory
+        owner: runner
+        group: runner
+        recurse: true
+
+    - name: Copy config file
+      ansible.builtin.copy:
+        src: runner-config.yml
+        dest: /opt/runner/config.yml
+        owner: runner
+        group: runner
+
+    - name: Register runner
+      ansible.builtin.command:
+        chdir: /opt/runner
+        creates: /opt/runner/.runner
+        argv:
+          - /usr/local/bin/act_runner
+          - register
+          - --instance
+          - "https://git.cantorgymnasium.de/"
+          - --name
+          - "{{ gitea__runner_name }}"
+          - --labels
+          - "{{ gitea__runner_labels }}"
+          - --token
+          - "{{ gitea__runner_token }}"
+          - --no-interactive
+          - -c
+          - /opt/runner/config.yml
+
+    - name: Set correct .runner file permissions
+      ansible.builtin.file:
+        name: /opt/runner/.runner
+        state: file
+        owner: runner
+        group: runner
+
+    - name: Copy systemd service file
+      ansible.builtin.copy:
+        src: act_runner.service
+        dest: /etc/systemd/system/
+        owner: root
+        group: root
+
+    - name: Enable systemd service
+      ansible.builtin.systemd_service:
+        daemon_reload: true
+        name: act_runner.service
+        enabled: true
+        state: started
+
+    - name: Copy update script
+      ansible.builtin.copy:
+        src: "act_runner-updater.sh"
+        dest: /opt/act_runner-updater.sh
+        mode: 0755
+        owner: root
+        group: root
+
+    - name: Create working directory
+      ansible.builtin.file:
+        name: /opt/runner/workdir
+        state: directory
+        owner: runner
+        group: runner
+        recurse: true