feat: migrate Forgejo runners
This commit is contained in:
parent
0754148bb1
commit
cdf6f2f898
7 changed files with 99 additions and 52 deletions
|
@ -35,6 +35,7 @@ runner:
|
|||
# If it's empty when registering, it will ask for inputting labels.
|
||||
# If it's empty when execute `deamon`, will use labels in `.runner` file.
|
||||
labels:
|
||||
- "docker:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64"
|
||||
- "ubuntu-latest-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64"
|
||||
- "ubuntu-22.04-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64"
|
||||
- "ubuntu-20.04-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:20.04-amd64"
|
||||
|
|
|
@ -35,6 +35,7 @@ runner:
|
|||
# If it's empty when registering, it will ask for inputting labels.
|
||||
# If it's empty when execute `deamon`, will use labels in `.runner` file.
|
||||
labels:
|
||||
- "docker:docker://code.icb4dc0.de/infrastructure/images/act_runtime:arm64"
|
||||
- "ubuntu-latest:docker://code.icb4dc0.de/infrastructure/images/act_runtime:arm64"
|
||||
- "ubuntu-22.04:docker://code.icb4dc0.de/infrastructure/images/act_runtime:arm64"
|
||||
- "ubuntu-20.04:docker://code.icb4dc0.de/infrastructure/images/act_runtime:20.04-arm64"
|
||||
|
|
|
@ -11,8 +11,8 @@ labels:
|
|||
|
||||
images:
|
||||
- name: act_runner
|
||||
newName: docker.io/gitea/act_runner
|
||||
newTag: "nightly"
|
||||
newName: code.forgejo.org/forgejo/runner
|
||||
newTag: "3.2.0"
|
||||
|
||||
resources:
|
||||
- resources/routes.yaml
|
||||
|
|
|
@ -19,7 +19,7 @@ spec:
|
|||
- name: act-runner-cache
|
||||
image: act_runner
|
||||
command:
|
||||
- /usr/local/bin/act_runner
|
||||
- /bin/forgejo-runner
|
||||
args:
|
||||
- cache-server
|
||||
- --port=8080
|
||||
|
@ -33,7 +33,13 @@ spec:
|
|||
volumeMounts:
|
||||
- name: cache-data
|
||||
mountPath: /data
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
volumes:
|
||||
- name: cache-data
|
||||
persistentVolumeClaim:
|
||||
claimName: act-runner-cache
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
fsGroup: 1001
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: act-runner-amd64
|
||||
spec:
|
||||
|
@ -8,7 +8,6 @@ spec:
|
|||
matchLabels:
|
||||
app.kubernetes.io/name: act-runner
|
||||
app.kubernetes.io/instance: amd64
|
||||
serviceName: act-runner
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
|
@ -17,23 +16,47 @@ spec:
|
|||
app.kubernetes.io/instance: amd64
|
||||
spec:
|
||||
restartPolicy: Always
|
||||
# Initialise our configuration file using offline registration
|
||||
# https://forgejo.org/docs/v1.21/admin/actions/#offline-registration
|
||||
initContainers:
|
||||
- name: runner-registration
|
||||
image: docker.io/alpine:3.18
|
||||
command:
|
||||
- /bin/ash
|
||||
- -c
|
||||
- "cp /etc/act/`hostname` /data/.runner"
|
||||
- name: runner-register
|
||||
image: act_runner
|
||||
command: ["forgejo-runner"]
|
||||
args:
|
||||
- "register"
|
||||
- "--no-interactive"
|
||||
- "--token"
|
||||
- $(RUNNER_SECRET)
|
||||
- "--name"
|
||||
- $(RUNNER_NAME)
|
||||
- "--instance"
|
||||
- $(FORGEJO_INSTANCE_URL)
|
||||
- "--labels"
|
||||
- "docker:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64,ubuntu-latest-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64,ubuntu-22.04-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64,ubuntu-20.04-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:20.04-amd64"
|
||||
env:
|
||||
- name: RUNNER_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: RUNNER_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: forgejo-runner-secret
|
||||
key: token
|
||||
- name: FORGEJO_INSTANCE_URL
|
||||
value: http://forgejo-http.forgejo.svc.cluster.local:3000
|
||||
resources:
|
||||
limits:
|
||||
cpu: "0.50"
|
||||
memory: "64Mi"
|
||||
volumeMounts:
|
||||
- name: runner-data
|
||||
mountPath: /data
|
||||
- name: runner-registrations
|
||||
mountPath: /etc/act
|
||||
containers:
|
||||
- name: runner
|
||||
image: act_runner
|
||||
imagePullPolicy: Always
|
||||
command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- /opt/act/run.sh"]
|
||||
command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; forgejo-runner daemon --config /etc/act/config.yaml"]
|
||||
env:
|
||||
- name: DOCKER_HOST
|
||||
value: tcp://localhost:2376
|
||||
|
@ -41,15 +64,13 @@ spec:
|
|||
value: /certs/client
|
||||
- name: DOCKER_TLS_VERIFY
|
||||
value: "1"
|
||||
- name: CONFIG_FILE
|
||||
value: /etc/act/config.yaml
|
||||
volumeMounts:
|
||||
- name: runner-data
|
||||
mountPath: /data
|
||||
- name: runner-config
|
||||
mountPath: /etc/act
|
||||
- name: docker-certs
|
||||
mountPath: /certs
|
||||
- name: runner-config
|
||||
mountPath: /etc/act
|
||||
securityContext:
|
||||
privileged: true
|
||||
- name: daemon
|
||||
|
@ -62,6 +83,8 @@ spec:
|
|||
volumeMounts:
|
||||
- name: docker-certs
|
||||
mountPath: /certs
|
||||
- name: runner-data
|
||||
mountPath: /data
|
||||
securityContext:
|
||||
fsGroup: 1000
|
||||
affinity:
|
||||
|
@ -83,6 +106,3 @@ spec:
|
|||
- name: runner-config
|
||||
configMap:
|
||||
name: act-runner-config-amd64
|
||||
- name: runner-registrations
|
||||
secret:
|
||||
secretName: runner-registrations
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: act-runner-arm64
|
||||
spec:
|
||||
|
@ -8,7 +8,6 @@ spec:
|
|||
matchLabels:
|
||||
app.kubernetes.io/name: act-runner
|
||||
app.kubernetes.io/instance: arm64
|
||||
serviceName: act-runner
|
||||
replicas: 2
|
||||
template:
|
||||
metadata:
|
||||
|
@ -17,23 +16,48 @@ spec:
|
|||
app.kubernetes.io/instance: arm64
|
||||
spec:
|
||||
restartPolicy: Always
|
||||
# Initialise our configuration file using offline registration
|
||||
# https://forgejo.org/docs/v1.21/admin/actions/#offline-registration
|
||||
initContainers:
|
||||
- name: runner-registration
|
||||
image: docker.io/alpine:3.18
|
||||
command:
|
||||
- /bin/ash
|
||||
- -c
|
||||
- "cp /etc/act/`hostname` /data/.runner"
|
||||
- name: runner-register
|
||||
image: act_runner
|
||||
command: ["forgejo-runner"]
|
||||
args:
|
||||
- "register"
|
||||
- "--no-interactive"
|
||||
- "--token"
|
||||
- $(RUNNER_SECRET)
|
||||
- "--name"
|
||||
- $(RUNNER_NAME)
|
||||
- "--instance"
|
||||
- $(FORGEJO_INSTANCE_URL)
|
||||
- "--labels"
|
||||
- "docker:docker://code.icb4dc0.de/infrastructure/images/act_runtime:arm64,ubuntu-latest:docker://code.icb4dc0.de/infrastructure/images/act_runtime:arm64,ubuntu-22.04:docker://code.icb4dc0.de/infrastructure/images/act_runtime:arm64,ubuntu-20.04:docker://code.icb4dc0.de/infrastructure/images/act_runtime:20.04-arm64"
|
||||
|
||||
env:
|
||||
- name: RUNNER_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: RUNNER_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: forgejo-runner-secret
|
||||
key: token
|
||||
- name: FORGEJO_INSTANCE_URL
|
||||
value: http://forgejo-http.forgejo.svc.cluster.local:3000
|
||||
resources:
|
||||
limits:
|
||||
cpu: "0.50"
|
||||
memory: "64Mi"
|
||||
volumeMounts:
|
||||
- name: runner-data
|
||||
mountPath: /data
|
||||
- name: runner-registrations
|
||||
mountPath: /etc/act
|
||||
containers:
|
||||
- name: runner
|
||||
image: act_runner
|
||||
imagePullPolicy: Always
|
||||
command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- /opt/act/run.sh"]
|
||||
command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; forgejo-runner daemon --config /etc/act/config.yaml"]
|
||||
env:
|
||||
- name: DOCKER_HOST
|
||||
value: tcp://localhost:2376
|
||||
|
@ -41,15 +65,13 @@ spec:
|
|||
value: /certs/client
|
||||
- name: DOCKER_TLS_VERIFY
|
||||
value: "1"
|
||||
- name: CONFIG_FILE
|
||||
value: /etc/act/config.yaml
|
||||
volumeMounts:
|
||||
- name: runner-data
|
||||
mountPath: /data
|
||||
- name: runner-config
|
||||
mountPath: /etc/act
|
||||
- name: docker-certs
|
||||
mountPath: /certs
|
||||
- name: runner-config
|
||||
mountPath: /etc/act
|
||||
securityContext:
|
||||
privileged: true
|
||||
- name: daemon
|
||||
|
@ -62,6 +84,8 @@ spec:
|
|||
volumeMounts:
|
||||
- name: docker-certs
|
||||
mountPath: /certs
|
||||
- name: runner-data
|
||||
mountPath: /data
|
||||
securityContext:
|
||||
fsGroup: 1000
|
||||
affinity:
|
||||
|
@ -83,6 +107,3 @@ spec:
|
|||
- name: runner-config
|
||||
configMap:
|
||||
name: act-runner-config-arm64
|
||||
- name: runner-registrations
|
||||
secret:
|
||||
secretName: runner-registrations
|
|
@ -1,12 +1,10 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: runner-registrations
|
||||
name: forgejo-runner-secret
|
||||
type: Opaque
|
||||
stringData:
|
||||
act-runner-arm64-0: ENC[AES256_GCM,data:SSy6P7ilUc/6w9nszthqGjodzT1FgubxmbdCPC+Tsd/HN1KFZQdEKp2VntgaMpOAk1Z2G0kiIvt9Oku86oImQG1+Ixi4CVmppd4AyXQLLC3uDG32ViVLQn4hV1sbN1BCDZp9dEamgMLm+dzc6jax4jw/mJFAr+rCfA8TVJ9EmV0/DiZULa8ccwxgFFFXvz952z83qPpfGH1jsM+8QVb8yZ7tiMCtehKMRcSJAd4vah+72QNrvEfkbXmDf7N0toYvmiUKHceA4BlKe0b8QEKvASe01vFLn+HDlRmxGyYQP2+AkM1IbyvhlrOjUpMneJGp97P4/HCgl9z/JH8dgFpfzMMBUb0ONTeGNAqGNdKCkXUtskmX9fYLZlgzCSOuq1a09WIvX5vWap5osLJLl6yJfyV2IpWJCCT+pQ6pOHnfZAh8jERpFidpMf3mgPrJb04zhbTIrsha+cK/rr+V4YnuMJoPM1n1hvhwd14dd+x6h2v/pR1tNlzefAUCv482qvcESTjpLyjsaLpuxLVOAj26/dBBHlsAvpkGBQ/GdO93uvd+fzYjUEeWHfbFolMdg6h+xxsr6OhMv0UK5hfPawdp/9ChhvSl6AXnFAnXPpCjUplowDCFwx0=,iv:oPMOg4o0uOwy35adRwQX3ICGPktP6VkAhQFfcEHoGq0=,tag:kOV4081slPgnqqirSmtoxA==,type:str]
|
||||
act-runner-arm64-1: ENC[AES256_GCM,data:GZBdx/01TyA7VUSyyF8CH1wmdmRn5kljntpemDrHahvSDNiyhHXGS8pvhzCu+MYcSGobJfQmQKEHa5K6nbkHs1KraxSLWIMnL+fvgJm/cv7ZKtRrzEbe5Z0FJ7V5SLz83EAyDIE6or4wpFRixSQToJKlDA5vtTW+0pXAIeXdILoIiK8//Rkt+dejYAsAdc2XRITJJ6MwecwXUuBqwLpqnenHUOFk13nwKissnDv7PKI80DbArthVb1yNkirnamgjt51bixb5zENtOp2+AK6B7Mh2Oslhm3VdNEln0OYFrksxFmY7eDEK1Zf7TC9ijHYbFRbb9W2zOqEayAyozLQ/0DGVjxcYkA7WwUWMSJN4Wn9IbmrOxhEr82C05RypMbu87vd57AP5LQ0D+PClEwDwXNsnBShN8qXwYjrNc4FZCRCTjoladHAL1e1Bqk9a5VAwul9QiOC7n2Xh8urEkWo1ENSQVHOBkvuuDR073vmsP6Xw2BVUvKuxaCW3gLPug/LvIZhgawyugAVk+IdLZ5ICb43qyBMFtZD2U0/FFK3T+uhfGiYPCgY1JSQroy15qHA+lJ/qxoyz+yWUwdHddC2idydg0Qp3TF75nnvP+/C+S76oj1WcTTA=,iv:3scR7GjqjG0fr1GQ/PCzRH7lE5VvaSWy09BJsdeJ1KU=,tag:QzQ34IVVvtBJsrL68I3LcQ==,type:str]
|
||||
act-runner-amd64-0: ENC[AES256_GCM,data:jHBkmLfVh40zOmNFDkisQ82PJbcD9w1TbvD7AOI8Ed+I+E01vVbGSfbXVDrU/+fQc4rSiKEN3ZiGe9tYelFX9H8Aa23Oz3YVww1DAZrhcIjg2NVyqudTF2ISLFcHKqAQGgNCHICXezCodLEEbgNF4Tqg6c5d1CQH9gKzoAtUHxYv2wurpPCLnApM0cm5wBVc+Diy5hqPcBb1F9ZAmSN/y0gieqSPblRGI1Mgw70xaJBY9BNAn38oPUc1CWzFfrb4XintHp+kHnnX/87f1ihOztzxGW4dZp5D5NOwrJhMx0OF63uNi7J/89SudplwOIb18ILWQ9WIWC6DHCEkJchVKhs0+wLnN9juula4kZB+HD9P7CjpAib3kuHsxUkceR1P+ZnHf6hgbIugoCjkSYHumgDtG+LWInvVvvyObhKHXbfv0p4dLJClgV2BFN9oh51M5TKuHDxtk0a0RSy4YynFnEVXZZ2tq1h3Yi8U8c33xKdWhtkXrqd4tDQnVgTtubguHmZbOjj7mTVet8phoxbLuaZlCqBV0XRyyMiUKDUapN5nJa7ccSplwN7GKSz5ASnMZUSj2IlrCE03VyiWLfyUsHgxEBILRmr4FSNmN/apuVbt0Nz1VPyvFQGxnb6pjtQywC3zs9HfV3ll,iv:pxs7KicpMD04P+6KRMeYmyjjQ0isqyNtF0emySWM/JY=,tag:Sg6aShabTHrM6ANZLEiXiQ==,type:str]
|
||||
token: ENC[AES256_GCM,data:WDGyB/Kix8psyBGIa4s+9d92efqe2U8X8cYfauL9aHu0JS6QDqnODQ==,iv:ENvqwwi6Wp6oyVWHBe31EPq+k/NPjyYcW8oKlVzrK70=,tag:azOqnPyUekay1PtFjbf3ZQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -31,8 +29,8 @@ sops:
|
|||
VnExSnBIcEVCRVNjeFdDbGZNbURLUEkKTZLpcYtYWKgHWISrxkvVeU+x56QHf0lF
|
||||
xxG8xPUiesGm/MBidk19TblX14oWy+VYA65KQrHBtgBIJUmohnNLvw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-11-29T18:55:41Z"
|
||||
mac: ENC[AES256_GCM,data:EFZSzI0ssLp+m16X9JqtJKh+PdrbdtR50rmHQsWcX4Em6V6qTxwTYa3lyqIzMC/xa+hW7vOGoaXHoWqvxdDZDkh+f+ne2uv9+l3fMM3glE6Ih6ZM9/aFHIm1WJbw/r9iAHft1bo5Yt+R1ZLyGkRjtwaC6+/E0BZDv9kxvPMpq5I=,iv:yRauy1aeP7JT7VjLwrBjIUUiAh0ACXIU76vI3wKE2Ho=,tag:FPfcBLNqvOot4qGcT2pDUA==,type:str]
|
||||
lastmodified: "2024-02-21T20:31:49Z"
|
||||
mac: ENC[AES256_GCM,data:XyrEZRhWD6MW37MMpeVOS51wXjr5gtwU+sDXaRM4eETNUKmNniatblykZ8xE8Q1QPgUWnR6Styoexcvwhagljk7yUT1QaWKwLrPfvVdxtiMJe+bpvlhI1ab/lPDZZ0wOcm9VJOrUVu/t81DT2NmZdZ5NSPdOMS1IHi0cLzJbP/I=,iv:N0tsB0opPQ7xkw3nT0ka62wUs1mKcAV5MctsP5ovu/8=,tag:vUACVwv6RaSXN7yX7qh97Q==,type:str]
|
||||
pgp: []
|
||||
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
|
||||
version: 3.8.1
|
||||
|
|
Loading…
Reference in a new issue