diff --git a/forgejo/config/runners/config-amd64.yaml b/forgejo/config/runners/config-amd64.yaml
deleted file mode 100644
index 753097f..0000000
--- a/forgejo/config/runners/config-amd64.yaml
+++ /dev/null
@@ -1,95 +0,0 @@
-# Example configuration file, it's safe to copy this as the default config file without any modification.
-
-# You don't have to copy this file to your instance,
-# just run `./act_runner generate-config > config.yaml` to generate a config file.
-
-log:
- # The level of logging, can be trace, debug, info, warn, error, fatal
- level: info
-
-runner:
- # Where to store the registration result.
- file: .runner
- # Execute how many tasks concurrently at the same time.
- capacity: 1
- # Extra environment variables to run jobs.
- envs:
- DOCKER_HOST: tcp://localhost:2376
- DOCKER_TLS_VERIFY: "1"
- DOCKER_CERT_PATH : /certs/client
- # Extra environment variables to run jobs from a file.
- # It will be ignored if it's empty or the file doesn't exist.
- env_file: .env
- # The timeout for a job to be finished.
- # Please note that the Gitea instance also has a timeout (3h by default) for the job.
- # So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
- timeout: 10m
- # Whether skip verifying the TLS certificate of the Gitea instance.
- insecure: false
- # The timeout for fetching the job from the Gitea instance.
- fetch_timeout: 5s
- # The interval for fetching the job from the Gitea instance.
- fetch_interval: 2s
- # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
- # Like: ["macos-arm64:host", "ubuntu-latest:docker://node:16-bullseye", "ubuntu-22.04:docker://node:16-bullseye"]
- # If it's empty when registering, it will ask for inputting labels.
- # If it's empty when execute `deamon`, will use labels in `.runner` file.
- labels:
- - "docker:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64"
- - "ubuntu-latest-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64"
- - "ubuntu-22.04-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64"
- - "ubuntu-20.04-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:20.04-amd64"
-
-cache:
- # Enable cache server to use actions/cache.
- enabled: true
- # The directory to store the cache data.
- # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
- dir: ""
- # The host of the cache server.
- # It's not for the address to listen, but the address to connect from job containers.
- # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
- host: ""
- # The port of the cache server.
- # 0 means to use a random available port.
- port: 0
- # The external cache server URL. Valid only when enable is true.
- # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
- # The URL should generally end with "/".
- external_server: "http://act-runner-cache.forgejo.svc:8080/"
-
-container:
- # Specifies the network to which the container will connect.
- # Could be host, bridge or the name of a custom network.
- # If it's empty, act_runner will create a network automatically.
- network: "host"
- # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
- privileged: true
- # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
- options: "--volume=/certs/client/:/certs/client/:ro"
- # The parent directory of a job's working directory.
- # If it's empty, /workspace will be used.
- workdir_parent:
- # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
- # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
- # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
- # valid_volumes:
- # - data
- # - /src/*.json
- # If you want to allow any volume, please use the following configuration:
- # valid_volumes:
- # - '**'
- valid_volumes:
- - /certs/client/
- # overrides the docker client host with the specified one.
- # If it's empty, act_runner will find an available docker host automatically.
- # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
- # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
- docker_host: ""
- # Pull docker image(s) even if already present
- force_pull: true
-
-host:
- # The parent directory of a job's working directory.
- # If it's empty, $HOME/.cache/act/ will be used.
- workdir_parent:
\ No newline at end of file
diff --git a/forgejo/config/runners/config-arm64.yaml b/forgejo/config/runners/config-arm64.yaml
deleted file mode 100644
index 0c003d5..0000000
--- a/forgejo/config/runners/config-arm64.yaml
+++ /dev/null
@@ -1,95 +0,0 @@
-# Example configuration file, it's safe to copy this as the default config file without any modification.
-
-# You don't have to copy this file to your instance,
-# just run `./act_runner generate-config > config.yaml` to generate a config file.
-
-log:
- # The level of logging, can be trace, debug, info, warn, error, fatal
- level: info
-
-runner:
- # Where to store the registration result.
- file: .runner
- # Execute how many tasks concurrently at the same time.
- capacity: 1
- # Extra environment variables to run jobs.
- envs:
- DOCKER_HOST: tcp://localhost:2376
- DOCKER_TLS_VERIFY: "1"
- DOCKER_CERT_PATH : /certs/client
- # Extra environment variables to run jobs from a file.
- # It will be ignored if it's empty or the file doesn't exist.
- env_file: .env
- # The timeout for a job to be finished.
- # Please note that the Gitea instance also has a timeout (3h by default) for the job.
- # So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
- timeout: 10m
- # Whether skip verifying the TLS certificate of the Gitea instance.
- insecure: false
- # The timeout for fetching the job from the Gitea instance.
- fetch_timeout: 5s
- # The interval for fetching the job from the Gitea instance.
- fetch_interval: 2s
- # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
- # Like: ["macos-arm64:host", "ubuntu-latest:docker://node:16-bullseye", "ubuntu-22.04:docker://node:16-bullseye"]
- # If it's empty when registering, it will ask for inputting labels.
- # If it's empty when execute `deamon`, will use labels in `.runner` file.
- labels:
- - "docker:docker://code.icb4dc0.de/infrastructure/images/act_runtime:arm64"
- - "ubuntu-latest:docker://code.icb4dc0.de/infrastructure/images/act_runtime:arm64"
- - "ubuntu-22.04:docker://code.icb4dc0.de/infrastructure/images/act_runtime:arm64"
- - "ubuntu-20.04:docker://code.icb4dc0.de/infrastructure/images/act_runtime:20.04-arm64"
-
-cache:
- # Enable cache server to use actions/cache.
- enabled: true
- # The directory to store the cache data.
- # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
- dir: ""
- # The host of the cache server.
- # It's not for the address to listen, but the address to connect from job containers.
- # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
- host: ""
- # The port of the cache server.
- # 0 means to use a random available port.
- port: 0
- # The external cache server URL. Valid only when enable is true.
- # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
- # The URL should generally end with "/".
- external_server: "http://act-runner-cache.forgejo.svc:8080/"
-
-container:
- # Specifies the network to which the container will connect.
- # Could be host, bridge or the name of a custom network.
- # If it's empty, act_runner will create a network automatically.
- network: "host"
- # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
- privileged: true
- # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
- options: "--volume=/certs/client/:/certs/client/:ro"
- # The parent directory of a job's working directory.
- # If it's empty, /workspace will be used.
- workdir_parent:
- # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
- # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
- # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
- # valid_volumes:
- # - data
- # - /src/*.json
- # If you want to allow any volume, please use the following configuration:
- # valid_volumes:
- # - '**'
- valid_volumes:
- - /certs/client/
- # overrides the docker client host with the specified one.
- # If it's empty, act_runner will find an available docker host automatically.
- # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
- # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
- docker_host: ""
- # Pull docker image(s) even if already present
- force_pull: true
-
-host:
- # The parent directory of a job's working directory.
- # If it's empty, $HOME/.cache/act/ will be used.
- workdir_parent:
\ No newline at end of file
diff --git a/forgejo/config/runners/daemon.amd64.json b/forgejo/config/runners/daemon.amd64.json
deleted file mode 100644
index 0dd0508..0000000
--- a/forgejo/config/runners/daemon.amd64.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- "max-concurrent-downloads": 1
-}
\ No newline at end of file
diff --git a/forgejo/config/runners/daemon.arm64.json b/forgejo/config/runners/daemon.arm64.json
deleted file mode 100644
index a4ae98c..0000000
--- a/forgejo/config/runners/daemon.arm64.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- "max-concurrent-downloads": 2
-}
\ No newline at end of file
diff --git a/forgejo/config/values.meilisearch.yaml b/forgejo/config/values.meilisearch.yaml
index 86a7b88..6608e34 100644
--- a/forgejo/config/values.meilisearch.yaml
+++ b/forgejo/config/values.meilisearch.yaml
@@ -1,5 +1,6 @@
environment:
MEILI_ENV: production
+ MEILI_DUMP_DIR: /var/lib/meili/dumps
auth:
existingMasterKeySecret: meili-credentials
@@ -19,4 +20,13 @@ resources:
serviceMonitor:
enabled: true
additionalLabels:
- prometheus: default
\ No newline at end of file
+ prometheus: default
+
+volumes:
+ - name: dumps
+ persistentVolumeClaim:
+ claimName: meilisearch-dumps
+
+volumeMounts:
+ - name: dumps
+ mountPath: /var/lib/meili/dumps
diff --git a/forgejo/kustomization.yaml b/forgejo/kustomization.yaml
index 943b877..34b9842 100644
--- a/forgejo/kustomization.yaml
+++ b/forgejo/kustomization.yaml
@@ -20,28 +20,12 @@ images:
resources:
- resources/db/db.yaml
- resources/db/user.yaml
+ - resources/meilisearch/pvc.yaml
- resources/secrets/admin-credentials.yaml
- resources/secrets/infra-credentials.yaml
- resources/secrets/meili-credentials.yaml
- resources/routes.yaml
- resources/dragonfly.yml
- # - resources/runners/secrets/runners.yaml
- # - resources/runners/act-runner-arm64.yaml
- # - resources/runners/act-runner-amd64.yaml
- # - resources/runners/cache-pvc.yaml
- # - resources/runners/act-cache.yaml
- # - resources/runners/act-cache-svc.yaml
-
-configMapGenerator:
- - name: act-runner-config-arm64
- files:
- - config.yaml=config/runners/config-arm64.yaml
- - daemon.json=config/runners/daemon.arm64.json
-
- - name: act-runner-config-amd64
- files:
- - config.yaml=config/runners/config-amd64.yaml
- - daemon.json=config/runners/daemon.amd64.json
helmCharts:
- name: forgejo
diff --git a/forgejo/resources/runners/cache-pvc.yaml b/forgejo/resources/meilisearch/pvc.yaml
similarity index 80%
rename from forgejo/resources/runners/cache-pvc.yaml
rename to forgejo/resources/meilisearch/pvc.yaml
index 927e9a0..6efe9d9 100644
--- a/forgejo/resources/runners/cache-pvc.yaml
+++ b/forgejo/resources/meilisearch/pvc.yaml
@@ -2,12 +2,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
- name: act-runner-cache
+ name: meilisearch-dumps
spec:
storageClassName: hcloud-blob
resources:
requests:
- storage: 50Gi
+ storage: 2Gi
volumeMode: Filesystem
accessModes:
- ReadWriteMany
diff --git a/forgejo/resources/runners/act-cache-svc.yaml b/forgejo/resources/runners/act-cache-svc.yaml
deleted file mode 100644
index 5b30d4f..0000000
--- a/forgejo/resources/runners/act-cache-svc.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: act-runner-cache
-spec:
- selector:
- app.kubernetes.io/name: act-runner-cache
- ports:
- - port: 8080
- targetPort: 8080
diff --git a/forgejo/resources/runners/act-cache.yaml b/forgejo/resources/runners/act-cache.yaml
deleted file mode 100644
index 7b4d134..0000000
--- a/forgejo/resources/runners/act-cache.yaml
+++ /dev/null
@@ -1,46 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: act-runner-cache
- labels:
- app.kubernetes.io/name: act-runner-cache
-spec:
- replicas: 2
- revisionHistoryLimit: 3
- selector:
- matchLabels:
- app.kubernetes.io/name: act-runner-cache
- template:
- metadata:
- labels:
- app.kubernetes.io/name: act-runner-cache
- spec:
- containers:
- - name: act-runner-cache
- image: act_runner
- command:
- - /bin/forgejo-runner
- args:
- - cache-server
- - --port=8080
- - --dir=/data
- resources:
- limits:
- memory: "384Mi"
- cpu: "250m"
- ports:
- - containerPort: 8080
- volumeMounts:
- - name: cache-data
- mountPath: /data
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- volumes:
- - name: cache-data
- persistentVolumeClaim:
- claimName: act-runner-cache
- securityContext:
- runAsNonRoot: true
- fsGroup: 1001
\ No newline at end of file
diff --git a/forgejo/resources/runners/act-runner-amd64.yaml b/forgejo/resources/runners/act-runner-amd64.yaml
deleted file mode 100644
index 81f7a2c..0000000
--- a/forgejo/resources/runners/act-runner-amd64.yaml
+++ /dev/null
@@ -1,139 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: act-runner-amd64
-spec:
- selector:
- matchLabels:
- app.kubernetes.io/name: act-runner
- app.kubernetes.io/instance: amd64
- replicas: 1
- revisionHistoryLimit: 3
- strategy:
- type: Recreate
- template:
- metadata:
- labels:
- app.kubernetes.io/name: act-runner
- app.kubernetes.io/instance: amd64
- spec:
- restartPolicy: Always
- # Initialise our configuration file using offline registration
- # https://forgejo.org/docs/v1.21/admin/actions/#offline-registration
- initContainers:
- - name: runner-register
- image: act_runner
- command: ["forgejo-runner"]
- args:
- - "register"
- - "--no-interactive"
- - "--token"
- - $(RUNNER_SECRET)
- - "--name"
- - $(RUNNER_NAME)
- - "--instance"
- - $(FORGEJO_INSTANCE_URL)
- - "--labels"
- - "docker:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64,ubuntu-latest-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64,ubuntu-22.04-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64,ubuntu-20.04-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:20.04-amd64"
- env:
- - name: RUNNER_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: RUNNER_SECRET
- valueFrom:
- secretKeyRef:
- name: forgejo-runner-secret
- key: token
- - name: FORGEJO_INSTANCE_URL
- value: http://forgejo-http.forgejo.svc.cluster.local:3000
- resources:
- limits:
- cpu: "0.50"
- memory: "64Mi"
- volumeMounts:
- - name: runner-data
- mountPath: /data
- containers:
- - name: runner
- image: act_runner
- imagePullPolicy: Always
- command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; forgejo-runner daemon --config /etc/act/config.yaml"]
- env:
- - name: DOCKER_HOST
- value: tcp://localhost:2376
- - name: DOCKER_CERT_PATH
- value: /certs/client
- - name: DOCKER_TLS_VERIFY
- value: "1"
- volumeMounts:
- - name: runner-data
- mountPath: /data
- - name: docker-certs
- mountPath: /certs
- - name: runner-config
- mountPath: /etc/act
- securityContext:
- privileged: true
- resources:
- requests:
- memory: "250Mi"
- cpu: "250m"
- limits:
- memory: "384Mi"
- cpu: "750m"
- - name: daemon
- image: dind
- env:
- - name: DOCKER_TLS_CERTDIR
- value: /certs
- securityContext:
- privileged: true
- volumeMounts:
- - name: docker-certs
- mountPath: /certs
- - name: runner-data
- mountPath: /data
- - name: docker-config
- mountPath: /etc/docker
- resources:
- requests:
- memory: "256Mi"
- cpu: "100m"
- limits:
- memory: "512Mi"
- cpu: "1200m"
- securityContext:
- fsGroup: 1000
- nodeSelector:
- kubernetes.io/arch: amd64
- affinity:
- podAntiAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- - topologyKey: kubernetes.io/hostname
- labelSelector:
- matchExpressions:
- - key: app.kubernetes.io/name
- operator: In
- values:
- - act-runner
- volumes:
- - name: runner-data
- emptyDir:
- sizeLimit: 500Mi
- - name: docker-certs
- emptyDir:
- sizeLimit: 5Mi
- - name: runner-config
- configMap:
- name: act-runner-config-amd64
- items:
- - key: config.yaml
- path: config.yaml
- - name: docker-config
- configMap:
- name: act-runner-config-amd64
- items:
- - key: daemon.json
- path: daemon.json
\ No newline at end of file
diff --git a/forgejo/resources/runners/act-runner-arm64.yaml b/forgejo/resources/runners/act-runner-arm64.yaml
deleted file mode 100644
index 7f616f8..0000000
--- a/forgejo/resources/runners/act-runner-arm64.yaml
+++ /dev/null
@@ -1,140 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: act-runner-arm64
-spec:
- selector:
- matchLabels:
- app.kubernetes.io/name: act-runner
- app.kubernetes.io/instance: arm64
- replicas: 2
- revisionHistoryLimit: 3
- strategy:
- type: Recreate
- template:
- metadata:
- labels:
- app.kubernetes.io/name: act-runner
- app.kubernetes.io/instance: arm64
- spec:
- restartPolicy: Always
- # Initialise our configuration file using offline registration
- # https://forgejo.org/docs/v1.21/admin/actions/#offline-registration
- initContainers:
- - name: runner-register
- image: act_runner
- command: ["forgejo-runner"]
- args:
- - "register"
- - "--no-interactive"
- - "--token"
- - $(RUNNER_SECRET)
- - "--name"
- - $(RUNNER_NAME)
- - "--instance"
- - $(FORGEJO_INSTANCE_URL)
- - "--labels"
- - "docker:docker://code.icb4dc0.de/infrastructure/images/act_runtime:arm64,ubuntu-latest:docker://code.icb4dc0.de/infrastructure/images/act_runtime:arm64,ubuntu-22.04:docker://code.icb4dc0.de/infrastructure/images/act_runtime:arm64,ubuntu-20.04:docker://code.icb4dc0.de/infrastructure/images/act_runtime:20.04-arm64"
-
- env:
- - name: RUNNER_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: RUNNER_SECRET
- valueFrom:
- secretKeyRef:
- name: forgejo-runner-secret
- key: token
- - name: FORGEJO_INSTANCE_URL
- value: http://forgejo-http.forgejo.svc.cluster.local:3000
- resources:
- limits:
- cpu: "0.50"
- memory: "64Mi"
- volumeMounts:
- - name: runner-data
- mountPath: /data
- containers:
- - name: runner
- image: act_runner
- imagePullPolicy: Always
- command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; forgejo-runner daemon --config /etc/act/config.yaml"]
- env:
- - name: DOCKER_HOST
- value: tcp://localhost:2376
- - name: DOCKER_CERT_PATH
- value: /certs/client
- - name: DOCKER_TLS_VERIFY
- value: "1"
- volumeMounts:
- - name: runner-data
- mountPath: /data
- - name: docker-certs
- mountPath: /certs
- - name: runner-config
- mountPath: /etc/act
- securityContext:
- privileged: true
- resources:
- requests:
- memory: "384Mi"
- cpu: "500m"
- limits:
- memory: "768Mi"
- cpu: "1500m"
- - name: daemon
- image: dind
- env:
- - name: DOCKER_TLS_CERTDIR
- value: /certs
- securityContext:
- privileged: true
- volumeMounts:
- - name: docker-certs
- mountPath: /certs
- - name: runner-data
- mountPath: /data
- - name: docker-config
- mountPath: /etc/docker
- resources:
- requests:
- memory: "256Mi"
- cpu: "150m"
- limits:
- memory: "512Mi"
- cpu: "1200m"
- securityContext:
- fsGroup: 1000
- nodeSelector:
- kubernetes.io/arch: arm64
- affinity:
- podAntiAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- - topologyKey: kubernetes.io/hostname
- labelSelector:
- matchExpressions:
- - key: app.kubernetes.io/name
- operator: In
- values:
- - act-runner
- volumes:
- - name: runner-data
- emptyDir:
- sizeLimit: 500Mi
- - name: docker-certs
- emptyDir:
- sizeLimit: 5Mi
- - name: runner-config
- configMap:
- name: act-runner-config-arm64
- items:
- - key: config.yaml
- path: config.yaml
- - name: docker-config
- configMap:
- name: act-runner-config-arm64
- items:
- - key: daemon.json
- path: daemon.json
\ No newline at end of file
diff --git a/forgejo/resources/runners/secrets/runners.yaml b/forgejo/resources/runners/secrets/runners.yaml
deleted file mode 100644
index 4ee2fd6..0000000
--- a/forgejo/resources/runners/secrets/runners.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> X25519 NWwk4o0AbqWd29Hg0lVXJ8B8BO+K/mnFRbfn80uCuEY
-UUtPUdrE3Hxq7nDFVxCFyLDJX5OnQLLPep5P/V/msAc
--> X25519 GfdqgXpxpQM1cM+m7PeShOxcE6cxZNR110W6+gBqn2s
-dTF7vtE+XUPF9bhuJwScX+kDm+hzkZpQ8eKrkSpOmJI
---- ecfszFc+10GM6HW+5vLaw9S33NRZEzChqBRvDlI3Ojo
-g�:��&I��s��]�˴E_�XHA����ߌ����K8���?�������[��j�'?l�h��w��wmwӐ���s��������$��)�$ѳ�FS@ŧl���E��D@�gC��f�lR����)A�\s�?t��,�7�����8{���9�̊;�a�jv�]�G�ĭ9����?���C\�M{r�ѩ���Oc�p
\ No newline at end of file