feat: migrate Forgejo runners

This commit is contained in:
Peter 2024-02-22 16:06:41 +01:00
parent 0754148bb1
commit cdf6f2f898
Signed by: prskr
GPG key ID: F56BED6903BC5E37
7 changed files with 99 additions and 52 deletions

View file

@ -35,6 +35,7 @@ runner:
# If it's empty when registering, it will ask for inputting labels. # If it's empty when registering, it will ask for inputting labels.
# If it's empty when execute `deamon`, will use labels in `.runner` file. # If it's empty when execute `deamon`, will use labels in `.runner` file.
labels: labels:
- "docker:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64"
- "ubuntu-latest-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64" - "ubuntu-latest-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64"
- "ubuntu-22.04-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64" - "ubuntu-22.04-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64"
- "ubuntu-20.04-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:20.04-amd64" - "ubuntu-20.04-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:20.04-amd64"

View file

@ -35,6 +35,7 @@ runner:
# If it's empty when registering, it will ask for inputting labels. # If it's empty when registering, it will ask for inputting labels.
# If it's empty when execute `deamon`, will use labels in `.runner` file. # If it's empty when execute `deamon`, will use labels in `.runner` file.
labels: labels:
- "docker:docker://code.icb4dc0.de/infrastructure/images/act_runtime:arm64"
- "ubuntu-latest:docker://code.icb4dc0.de/infrastructure/images/act_runtime:arm64" - "ubuntu-latest:docker://code.icb4dc0.de/infrastructure/images/act_runtime:arm64"
- "ubuntu-22.04:docker://code.icb4dc0.de/infrastructure/images/act_runtime:arm64" - "ubuntu-22.04:docker://code.icb4dc0.de/infrastructure/images/act_runtime:arm64"
- "ubuntu-20.04:docker://code.icb4dc0.de/infrastructure/images/act_runtime:20.04-arm64" - "ubuntu-20.04:docker://code.icb4dc0.de/infrastructure/images/act_runtime:20.04-arm64"

View file

@ -11,8 +11,8 @@ labels:
images: images:
- name: act_runner - name: act_runner
newName: docker.io/gitea/act_runner newName: code.forgejo.org/forgejo/runner
newTag: "nightly" newTag: "3.2.0"
resources: resources:
- resources/routes.yaml - resources/routes.yaml

View file

@ -19,7 +19,7 @@ spec:
- name: act-runner-cache - name: act-runner-cache
image: act_runner image: act_runner
command: command:
- /usr/local/bin/act_runner - /bin/forgejo-runner
args: args:
- cache-server - cache-server
- --port=8080 - --port=8080
@ -33,7 +33,13 @@ spec:
volumeMounts: volumeMounts:
- name: cache-data - name: cache-data
mountPath: /data mountPath: /data
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
volumes: volumes:
- name: cache-data - name: cache-data
persistentVolumeClaim: persistentVolumeClaim:
claimName: act-runner-cache claimName: act-runner-cache
securityContext:
runAsNonRoot: true
fsGroup: 1001

View file

@ -1,6 +1,6 @@
--- ---
apiVersion: apps/v1 apiVersion: apps/v1
kind: StatefulSet kind: Deployment
metadata: metadata:
name: act-runner-amd64 name: act-runner-amd64
spec: spec:
@ -8,7 +8,6 @@ spec:
matchLabels: matchLabels:
app.kubernetes.io/name: act-runner app.kubernetes.io/name: act-runner
app.kubernetes.io/instance: amd64 app.kubernetes.io/instance: amd64
serviceName: act-runner
replicas: 1 replicas: 1
template: template:
metadata: metadata:
@ -17,23 +16,47 @@ spec:
app.kubernetes.io/instance: amd64 app.kubernetes.io/instance: amd64
spec: spec:
restartPolicy: Always restartPolicy: Always
# Initialise our configuration file using offline registration
# https://forgejo.org/docs/v1.21/admin/actions/#offline-registration
initContainers: initContainers:
- name: runner-registration - name: runner-register
image: docker.io/alpine:3.18 image: act_runner
command: command: ["forgejo-runner"]
- /bin/ash args:
- -c - "register"
- "cp /etc/act/`hostname` /data/.runner" - "--no-interactive"
- "--token"
- $(RUNNER_SECRET)
- "--name"
- $(RUNNER_NAME)
- "--instance"
- $(FORGEJO_INSTANCE_URL)
- "--labels"
- "docker:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64,ubuntu-latest-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64,ubuntu-22.04-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64,ubuntu-20.04-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:20.04-amd64"
env:
- name: RUNNER_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: RUNNER_SECRET
valueFrom:
secretKeyRef:
name: forgejo-runner-secret
key: token
- name: FORGEJO_INSTANCE_URL
value: http://forgejo-http.forgejo.svc.cluster.local:3000
resources:
limits:
cpu: "0.50"
memory: "64Mi"
volumeMounts: volumeMounts:
- name: runner-data - name: runner-data
mountPath: /data mountPath: /data
- name: runner-registrations
mountPath: /etc/act
containers: containers:
- name: runner - name: runner
image: act_runner image: act_runner
imagePullPolicy: Always imagePullPolicy: Always
command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- /opt/act/run.sh"] command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; forgejo-runner daemon --config /etc/act/config.yaml"]
env: env:
- name: DOCKER_HOST - name: DOCKER_HOST
value: tcp://localhost:2376 value: tcp://localhost:2376
@ -41,15 +64,13 @@ spec:
value: /certs/client value: /certs/client
- name: DOCKER_TLS_VERIFY - name: DOCKER_TLS_VERIFY
value: "1" value: "1"
- name: CONFIG_FILE
value: /etc/act/config.yaml
volumeMounts: volumeMounts:
- name: runner-data - name: runner-data
mountPath: /data mountPath: /data
- name: runner-config
mountPath: /etc/act
- name: docker-certs - name: docker-certs
mountPath: /certs mountPath: /certs
- name: runner-config
mountPath: /etc/act
securityContext: securityContext:
privileged: true privileged: true
- name: daemon - name: daemon
@ -62,6 +83,8 @@ spec:
volumeMounts: volumeMounts:
- name: docker-certs - name: docker-certs
mountPath: /certs mountPath: /certs
- name: runner-data
mountPath: /data
securityContext: securityContext:
fsGroup: 1000 fsGroup: 1000
affinity: affinity:
@ -82,7 +105,4 @@ spec:
sizeLimit: 5Mi sizeLimit: 5Mi
- name: runner-config - name: runner-config
configMap: configMap:
name: act-runner-config-amd64 name: act-runner-config-amd64
- name: runner-registrations
secret:
secretName: runner-registrations

View file

@ -1,6 +1,6 @@
--- ---
apiVersion: apps/v1 apiVersion: apps/v1
kind: StatefulSet kind: Deployment
metadata: metadata:
name: act-runner-arm64 name: act-runner-arm64
spec: spec:
@ -8,7 +8,6 @@ spec:
matchLabels: matchLabels:
app.kubernetes.io/name: act-runner app.kubernetes.io/name: act-runner
app.kubernetes.io/instance: arm64 app.kubernetes.io/instance: arm64
serviceName: act-runner
replicas: 2 replicas: 2
template: template:
metadata: metadata:
@ -17,23 +16,48 @@ spec:
app.kubernetes.io/instance: arm64 app.kubernetes.io/instance: arm64
spec: spec:
restartPolicy: Always restartPolicy: Always
# Initialise our configuration file using offline registration
# https://forgejo.org/docs/v1.21/admin/actions/#offline-registration
initContainers: initContainers:
- name: runner-registration - name: runner-register
image: docker.io/alpine:3.18 image: act_runner
command: command: ["forgejo-runner"]
- /bin/ash args:
- -c - "register"
- "cp /etc/act/`hostname` /data/.runner" - "--no-interactive"
- "--token"
- $(RUNNER_SECRET)
- "--name"
- $(RUNNER_NAME)
- "--instance"
- $(FORGEJO_INSTANCE_URL)
- "--labels"
- "docker:docker://code.icb4dc0.de/infrastructure/images/act_runtime:arm64,ubuntu-latest:docker://code.icb4dc0.de/infrastructure/images/act_runtime:arm64,ubuntu-22.04:docker://code.icb4dc0.de/infrastructure/images/act_runtime:arm64,ubuntu-20.04:docker://code.icb4dc0.de/infrastructure/images/act_runtime:20.04-arm64"
env:
- name: RUNNER_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: RUNNER_SECRET
valueFrom:
secretKeyRef:
name: forgejo-runner-secret
key: token
- name: FORGEJO_INSTANCE_URL
value: http://forgejo-http.forgejo.svc.cluster.local:3000
resources:
limits:
cpu: "0.50"
memory: "64Mi"
volumeMounts: volumeMounts:
- name: runner-data - name: runner-data
mountPath: /data mountPath: /data
- name: runner-registrations
mountPath: /etc/act
containers: containers:
- name: runner - name: runner
image: act_runner image: act_runner
imagePullPolicy: Always imagePullPolicy: Always
command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- /opt/act/run.sh"] command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; forgejo-runner daemon --config /etc/act/config.yaml"]
env: env:
- name: DOCKER_HOST - name: DOCKER_HOST
value: tcp://localhost:2376 value: tcp://localhost:2376
@ -41,15 +65,13 @@ spec:
value: /certs/client value: /certs/client
- name: DOCKER_TLS_VERIFY - name: DOCKER_TLS_VERIFY
value: "1" value: "1"
- name: CONFIG_FILE
value: /etc/act/config.yaml
volumeMounts: volumeMounts:
- name: runner-data - name: runner-data
mountPath: /data mountPath: /data
- name: runner-config
mountPath: /etc/act
- name: docker-certs - name: docker-certs
mountPath: /certs mountPath: /certs
- name: runner-config
mountPath: /etc/act
securityContext: securityContext:
privileged: true privileged: true
- name: daemon - name: daemon
@ -62,6 +84,8 @@ spec:
volumeMounts: volumeMounts:
- name: docker-certs - name: docker-certs
mountPath: /certs mountPath: /certs
- name: runner-data
mountPath: /data
securityContext: securityContext:
fsGroup: 1000 fsGroup: 1000
affinity: affinity:
@ -82,7 +106,4 @@ spec:
sizeLimit: 5Mi sizeLimit: 5Mi
- name: runner-config - name: runner-config
configMap: configMap:
name: act-runner-config-arm64 name: act-runner-config-arm64
- name: runner-registrations
secret:
secretName: runner-registrations

View file

@ -1,12 +1,10 @@
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: runner-registrations name: forgejo-runner-secret
type: Opaque type: Opaque
stringData: stringData:
act-runner-arm64-0: ENC[AES256_GCM,data:SSy6P7ilUc/6w9nszthqGjodzT1FgubxmbdCPC+Tsd/HN1KFZQdEKp2VntgaMpOAk1Z2G0kiIvt9Oku86oImQG1+Ixi4CVmppd4AyXQLLC3uDG32ViVLQn4hV1sbN1BCDZp9dEamgMLm+dzc6jax4jw/mJFAr+rCfA8TVJ9EmV0/DiZULa8ccwxgFFFXvz952z83qPpfGH1jsM+8QVb8yZ7tiMCtehKMRcSJAd4vah+72QNrvEfkbXmDf7N0toYvmiUKHceA4BlKe0b8QEKvASe01vFLn+HDlRmxGyYQP2+AkM1IbyvhlrOjUpMneJGp97P4/HCgl9z/JH8dgFpfzMMBUb0ONTeGNAqGNdKCkXUtskmX9fYLZlgzCSOuq1a09WIvX5vWap5osLJLl6yJfyV2IpWJCCT+pQ6pOHnfZAh8jERpFidpMf3mgPrJb04zhbTIrsha+cK/rr+V4YnuMJoPM1n1hvhwd14dd+x6h2v/pR1tNlzefAUCv482qvcESTjpLyjsaLpuxLVOAj26/dBBHlsAvpkGBQ/GdO93uvd+fzYjUEeWHfbFolMdg6h+xxsr6OhMv0UK5hfPawdp/9ChhvSl6AXnFAnXPpCjUplowDCFwx0=,iv:oPMOg4o0uOwy35adRwQX3ICGPktP6VkAhQFfcEHoGq0=,tag:kOV4081slPgnqqirSmtoxA==,type:str] token: ENC[AES256_GCM,data:WDGyB/Kix8psyBGIa4s+9d92efqe2U8X8cYfauL9aHu0JS6QDqnODQ==,iv:ENvqwwi6Wp6oyVWHBe31EPq+k/NPjyYcW8oKlVzrK70=,tag:azOqnPyUekay1PtFjbf3ZQ==,type:str]
act-runner-arm64-1: ENC[AES256_GCM,data:GZBdx/01TyA7VUSyyF8CH1wmdmRn5kljntpemDrHahvSDNiyhHXGS8pvhzCu+MYcSGobJfQmQKEHa5K6nbkHs1KraxSLWIMnL+fvgJm/cv7ZKtRrzEbe5Z0FJ7V5SLz83EAyDIE6or4wpFRixSQToJKlDA5vtTW+0pXAIeXdILoIiK8//Rkt+dejYAsAdc2XRITJJ6MwecwXUuBqwLpqnenHUOFk13nwKissnDv7PKI80DbArthVb1yNkirnamgjt51bixb5zENtOp2+AK6B7Mh2Oslhm3VdNEln0OYFrksxFmY7eDEK1Zf7TC9ijHYbFRbb9W2zOqEayAyozLQ/0DGVjxcYkA7WwUWMSJN4Wn9IbmrOxhEr82C05RypMbu87vd57AP5LQ0D+PClEwDwXNsnBShN8qXwYjrNc4FZCRCTjoladHAL1e1Bqk9a5VAwul9QiOC7n2Xh8urEkWo1ENSQVHOBkvuuDR073vmsP6Xw2BVUvKuxaCW3gLPug/LvIZhgawyugAVk+IdLZ5ICb43qyBMFtZD2U0/FFK3T+uhfGiYPCgY1JSQroy15qHA+lJ/qxoyz+yWUwdHddC2idydg0Qp3TF75nnvP+/C+S76oj1WcTTA=,iv:3scR7GjqjG0fr1GQ/PCzRH7lE5VvaSWy09BJsdeJ1KU=,tag:QzQ34IVVvtBJsrL68I3LcQ==,type:str]
act-runner-amd64-0: ENC[AES256_GCM,data:jHBkmLfVh40zOmNFDkisQ82PJbcD9w1TbvD7AOI8Ed+I+E01vVbGSfbXVDrU/+fQc4rSiKEN3ZiGe9tYelFX9H8Aa23Oz3YVww1DAZrhcIjg2NVyqudTF2ISLFcHKqAQGgNCHICXezCodLEEbgNF4Tqg6c5d1CQH9gKzoAtUHxYv2wurpPCLnApM0cm5wBVc+Diy5hqPcBb1F9ZAmSN/y0gieqSPblRGI1Mgw70xaJBY9BNAn38oPUc1CWzFfrb4XintHp+kHnnX/87f1ihOztzxGW4dZp5D5NOwrJhMx0OF63uNi7J/89SudplwOIb18ILWQ9WIWC6DHCEkJchVKhs0+wLnN9juula4kZB+HD9P7CjpAib3kuHsxUkceR1P+ZnHf6hgbIugoCjkSYHumgDtG+LWInvVvvyObhKHXbfv0p4dLJClgV2BFN9oh51M5TKuHDxtk0a0RSy4YynFnEVXZZ2tq1h3Yi8U8c33xKdWhtkXrqd4tDQnVgTtubguHmZbOjj7mTVet8phoxbLuaZlCqBV0XRyyMiUKDUapN5nJa7ccSplwN7GKSz5ASnMZUSj2IlrCE03VyiWLfyUsHgxEBILRmr4FSNmN/apuVbt0Nz1VPyvFQGxnb6pjtQywC3zs9HfV3ll,iv:pxs7KicpMD04P+6KRMeYmyjjQ0isqyNtF0emySWM/JY=,tag:Sg6aShabTHrM6ANZLEiXiQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -31,8 +29,8 @@ sops:
VnExSnBIcEVCRVNjeFdDbGZNbURLUEkKTZLpcYtYWKgHWISrxkvVeU+x56QHf0lF VnExSnBIcEVCRVNjeFdDbGZNbURLUEkKTZLpcYtYWKgHWISrxkvVeU+x56QHf0lF
xxG8xPUiesGm/MBidk19TblX14oWy+VYA65KQrHBtgBIJUmohnNLvw== xxG8xPUiesGm/MBidk19TblX14oWy+VYA65KQrHBtgBIJUmohnNLvw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-29T18:55:41Z" lastmodified: "2024-02-21T20:31:49Z"
mac: ENC[AES256_GCM,data:EFZSzI0ssLp+m16X9JqtJKh+PdrbdtR50rmHQsWcX4Em6V6qTxwTYa3lyqIzMC/xa+hW7vOGoaXHoWqvxdDZDkh+f+ne2uv9+l3fMM3glE6Ih6ZM9/aFHIm1WJbw/r9iAHft1bo5Yt+R1ZLyGkRjtwaC6+/E0BZDv9kxvPMpq5I=,iv:yRauy1aeP7JT7VjLwrBjIUUiAh0ACXIU76vI3wKE2Ho=,tag:FPfcBLNqvOot4qGcT2pDUA==,type:str] mac: ENC[AES256_GCM,data:XyrEZRhWD6MW37MMpeVOS51wXjr5gtwU+sDXaRM4eETNUKmNniatblykZ8xE8Q1QPgUWnR6Styoexcvwhagljk7yUT1QaWKwLrPfvVdxtiMJe+bpvlhI1ab/lPDZZ0wOcm9VJOrUVu/t81DT2NmZdZ5NSPdOMS1IHi0cLzJbP/I=,iv:N0tsB0opPQ7xkw3nT0ka62wUs1mKcAV5MctsP5ovu/8=,tag:vUACVwv6RaSXN7yX7qh97Q==,type:str]
pgp: [] pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$ unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1 version: 3.8.1