diff --git a/inventory.ini b/inventory.ini new file mode 100644 index 0000000..49f7e6e --- /dev/null +++ b/inventory.ini @@ -0,0 +1,2 @@ +[main] +server ansible_host=192.168.4.2 ansible_port=4707 ansible_user=root ansible_python_interpreter=/usr/bin/python3 diff --git a/playbooks/files/act_runner-updater.sh b/playbooks/files/act_runner-updater.sh new file mode 100644 index 0000000..b0eaaae --- /dev/null +++ b/playbooks/files/act_runner-updater.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +error () { + printf '%s\n' "=== Failed to update ===" + exit 1 +} + +echo "=== Updating Act Runner to v$1 ===" + +systemctl stop act_runner.service || error + +wget -nv -O /usr/local/bin/act_runner https://gitea.com/gitea/act_runner/releases/download/v$1/act_runner-$1-linux-amd64 || error + +systemctl start act_runner.service || error + +systemctl is-active act_runner.service || error + +systemctl status act_runner.service || error + +echo "=== Update finished ===" diff --git a/playbooks/files/act_runner.service b/playbooks/files/act_runner.service new file mode 100644 index 0000000..29f2062 --- /dev/null +++ b/playbooks/files/act_runner.service @@ -0,0 +1,16 @@ +[Unit] +Description=Gitea Actions runner +Documentation=https://docs.gitea.com/usage/actions/act-runner +After=docker.service + +[Service] +ExecStart=/usr/local/bin/act_runner daemon --config /opt/runner/config.yml +ExecReload=/bin/kill -s HUP $MAINPID +WorkingDirectory=/opt/runner +TimeoutSec=0 +RestartSec=10 +Restart=always +User=runner + +[Install] +WantedBy=multi-user.target diff --git a/playbooks/files/runner-config.yml b/playbooks/files/runner-config.yml new file mode 100644 index 0000000..62f0c66 --- /dev/null +++ b/playbooks/files/runner-config.yml @@ -0,0 +1,36 @@ +log: + # The level of logging, can be trace, debug, info, warn, error, fatal + level: info + +runner: + file: .runner + capacity: 1 + envs: + env_file: .env + timeout: 10m + insecure: false + fetch_timeout: 5s + fetch_interval: 2s + +cache: + enabled: true + # If it's empty, the cache data will be stored in $HOME/.cache/actcache. + dir: "" + # The host of the cache server. + # It's not for the address to listen, but the address to connect from job containers. + # So 0.0.0.0 is a bad choice, leave it empty to detect automatically. + host: "" + # The port of the cache server. + # 0 means to use a random available port. + port: 0 + +container: + # Which network to use for the job containers. Could be bridge, host, none, or the name of a custom network. + network: proxy-net + # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker). + privileged: false + # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway). + options: + # The parent directory of a job's working directory. + # If it's empty, /workspace will be used. + workdir_parent: diff --git a/playbooks/gitea.yml b/playbooks/gitea.yml new file mode 100644 index 0000000..85c7a39 --- /dev/null +++ b/playbooks/gitea.yml @@ -0,0 +1,109 @@ +# code language=ansible +--- + +- name: Install act_runner + hosts: main + vars: + gitea__tasks: + - all + vars_prompt: + - name: gitea__runner_token + prompt: Input your runner token obtained on https://git.cantorgymnasium.de/org/gcg/settings/actions/runners + private: false + tasks: + - name: Get latest act_runner version + ansible.builtin.uri: + url: https://gitea.com/api/v1/repos/gitea/act_runner/releases + method: GET + force: true + return_content: true + run_once: true + register: json_response + + - name: Install act_runner {{ act_runner_version }} + vars: + act_runner_version: "{{ (json_response.content | from_json)[0].name | replace('v', '') }}" + ansible.builtin.get_url: + url: https://gitea.com/gitea/act_runner/releases/download/v{{ act_runner_version }}/act_runner-{{ act_runner_version }}-linux-amd64 + dest: /usr/local/bin/act_runner + mode: 0755 + + - name: Create runner user + ansible.builtin.user: + name: runner + password: ! + append: true + groups: docker + create_home: true + home: /opt/runner + + - name: Set correct home directory permissions + ansible.builtin.file: + name: /opt/runner + state: directory + owner: runner + group: runner + recurse: true + + - name: Copy config file + ansible.builtin.copy: + src: runner-config.yml + dest: /opt/runner/config.yml + owner: runner + group: runner + + - name: Register runner + ansible.builtin.command: + chdir: /opt/runner + creates: /opt/runner/.runner + argv: + - /usr/local/bin/act_runner + - register + - --instance + - "https://git.cantorgymnasium.de/" + - --name + - "{{ gitea__runner_name }}" + - --labels + - "{{ gitea__runner_labels }}" + - --token + - "{{ gitea__runner_token }}" + - --no-interactive + - -c + - /opt/runner/config.yml + + - name: Set correct .runner file permissions + ansible.builtin.file: + name: /opt/runner/.runner + state: file + owner: runner + group: runner + + - name: Copy systemd service file + ansible.builtin.copy: + src: act_runner.service + dest: /etc/systemd/system/ + owner: root + group: root + + - name: Enable systemd service + ansible.builtin.systemd_service: + daemon_reload: true + name: act_runner.service + enabled: true + state: started + + - name: Copy update script + ansible.builtin.copy: + src: "act_runner-updater.sh" + dest: /opt/act_runner-updater.sh + mode: 0755 + owner: root + group: root + + - name: Create working directory + ansible.builtin.file: + name: /opt/runner/workdir + state: directory + owner: runner + group: runner + recurse: true