diff --git a/homelab/fighter/config/gitea-runner/config.yaml b/homelab/fighter/config/gitea-runner/config.yaml new file mode 100644 index 00000000..1c906c82 --- /dev/null +++ b/homelab/fighter/config/gitea-runner/config.yaml @@ -0,0 +1,98 @@ +# Example configuration file, it's safe to copy this as the default config file without any modification. + +# You don't have to copy this file to your instance, +# just run `./act_runner generate-config > config.yaml` to generate a config file. + +log: + # The level of logging, can be trace, debug, info, warn, error, fatal + level: info + +runner: + # Where to store the registration result. + file: .runner + # Execute how many tasks concurrently at the same time. + capacity: 1 + # Extra environment variables to run jobs. + envs: + A_TEST_ENV_NAME_1: a_test_env_value_1 + A_TEST_ENV_NAME_2: a_test_env_value_2 + # Extra environment variables to run jobs from a file. + # It will be ignored if it's empty or the file doesn't exist. + env_file: .env + # The timeout for a job to be finished. + # Please note that the Gitea instance also has a timeout (3h by default) for the job. + # So the job could be stopped by the Gitea instance if it's timeout is shorter than this. + timeout: 3h + # Whether skip verifying the TLS certificate of the Gitea instance. + insecure: false + # The timeout for fetching the job from the Gitea instance. + fetch_timeout: 5s + # The interval for fetching the job from the Gitea instance. + fetch_interval: 2s + # The labels of a runner are used to determine which jobs the runner can run, and how to run them. + # Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest" + # Find more images provided by Gitea at https://gitea.com/gitea/runner-images . + # If it's empty when registering, it will ask for inputting labels. + # If it's empty when execute `daemon`, will use labels in `.runner` file. + labels: + - "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest" + - "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04" + - "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04" + +cache: + # Enable cache server to use actions/cache. + enabled: true + # The directory to store the cache data. + # If it's empty, the cache data will be stored in $HOME/.cache/actcache. + dir: "" + # The host of the cache server. + # It's not for the address to listen, but the address to connect from job containers. + # So 0.0.0.0 is a bad choice, leave it empty to detect automatically. + host: "" + # The port of the cache server. + # 0 means to use a random available port. + port: 0 + # The external cache server URL. Valid only when enable is true. + # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself. + # The URL should generally end with "/". + external_server: "" + +container: + # Specifies the network to which the container will connect. + # Could be host, bridge or the name of a custom network. + # If it's empty, act_runner will create a network automatically. + network: "" + # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker). + privileged: false + # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway). + options: + # The parent directory of a job's working directory. + # NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically. + # If the path starts with '/', the '/' will be trimmed. + # For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir + # If it's empty, /workspace will be used. + workdir_parent: + # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob + # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted. + # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to: + # valid_volumes: + # - data + # - /src/*.json + # If you want to allow any volume, please use the following configuration: + # valid_volumes: + # - '**' + valid_volumes: [] + # overrides the docker client host with the specified one. + # If it's empty, act_runner will find an available docker host automatically. + # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers. + # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work. + docker_host: "" + # Pull docker image(s) even if already present + force_pull: true + # Rebuild docker image(s) even if already present + force_rebuild: false + +host: + # The parent directory of a job's working directory. + # If it's empty, $HOME/.cache/act/ will be used. + workdir_parent: diff --git a/homelab/fighter/config/gitea-runner/docker-compose.yml b/homelab/fighter/config/gitea-runner/docker-compose.yml new file mode 100644 index 00000000..14e9e0be --- /dev/null +++ b/homelab/fighter/config/gitea-runner/docker-compose.yml @@ -0,0 +1,12 @@ +services: + runner-1: + image: gitea/act_runner:latest + container_name: gitea-runner_1 + volumes: + - ./config.yaml:/config.yaml + - ./token.secrets:/token.secrets + - /var/run/docker.sock:/var/run/docker.sock + environment: + CONFIG_FILE: /config.yaml + GITEA_INSTANCE_URL: + GITEA_RUNNER_REGISTRATION_TOKEN_FILE: token.secrets \ No newline at end of file diff --git a/homelab/fighter/config/gitea-runner/token.secrets b/homelab/fighter/config/gitea-runner/token.secrets new file mode 100644 index 00000000..2573a759 --- /dev/null +++ b/homelab/fighter/config/gitea-runner/token.secrets @@ -0,0 +1,49 @@ +{ + "data": "ENC[AES256_GCM,data:NyxNHsMfOqyoAOiRxXyv55csZB+Iph4p8iVoTS4ePOE+KfnkiyQGOQ==,iv:qJP8P+RhqcPkx6PMCLw9tTvum8Qb+AydGfAkiH+SvZQ=,tag:3ngdJlqyzgpKrWLPFRSEBw==,type:str]", + "sops": { + "shamir_threshold": 2, + "key_groups": [ + { + "hc_vault": null, + "age": [ + { + "recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBicVpJcTlXelk5QmdxZ3ZJ\nbWVoZ0Ezdld1cXVXdVJUS0M3SlR4bE04YVVzCmpaRVdhRFQ0WlFCL1BWVjd0aW52\nK1lKdmkrMExESnltM1VpdXhhOHVObncKLS0tIDVyZ3BuMjBiclFuaGNyZ2U4RE92\naDJnTmppcHk5VExtWVF3cnpLcHJPNGMKXBGDMPbiNIFqR2oZLR27+8dO65xe0SBk\nr6CVKuv+R2uYdN3rJYw34YkM2RNmlNDctw01LOkMgvhMBQyH8w78m8E=\n-----END AGE ENCRYPTED FILE-----\n" + } + ] + }, + { + "hc_vault": null, + "age": [ + { + "recipient": "age12xgfd2w8acy5c2mrg3xv7ndzx3zw2j4kxv2a6ull385vxe8lcq2qpkhnv5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBza0lGZ2RBRFBoSmg5Q1FK\nc3lNY0xGMDRsQUUydjlFVlBQT0lNcjhpUVQ4CnVoSWZjNGVuMmpzcThnNVNVaGVT\nM3k4aUovaUw4T3Y4L1BKRlBNcEJxY2cKLS0tIEhQU2x6Vlo1R1ZXR2JnMnNWV2x6\nSFV3RGVOR25DZnNadHVldEREMUFCbGcKMuNtNWkjBUwikKAmrDJ9lYOzrxFTpKg/\nu2v/BDo8/n/JrTCp8h9e4/vsnO13qO5dtHx7BdpF+FVBlVJB0orG0do=\n-----END AGE ENCRYPTED FILE-----\n" + } + ] + }, + { + "hc_vault": null, + "age": [ + { + "recipient": "age13prhyye2jy3ysa6ltnjgkrqtxrxgs0035d86jyn4ltgk3wxtqgrqgav855", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1bS9lakNKTmd0YkoxazZX\nQUZYT0M0dFo1TWMwdk1BazM3akZEMzNiNXc4CmZxb1Q3MVFSYkFsRVdLSFVVK3dt\nYmhRcE1MOGk1c1d4NjJIUDJHNFFSNE0KLS0tIElaeEhROCtIRTVCbWU0Z3U2eURx\nZHVIUEM1OGxSSVJVZTE3RmJ0ZExVZjAKag433TuR415y7cyHK+bLB1oIR5S5xwt0\nmrjtRLJLvPqmh+wjJGsoRE3GUaQrvqZKCU/pcPank7Oiay0CG1c9gaE=\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1n20krynrj75jqfy2muvhrygvzd4ee8ngamljqavsrk033zwx0ses2tdtfe", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsb01XRmNQZEd4VWwrVEh0\nRUhhN2JlVTltVXBqU1RicTVlWTcvb1g2MlZNCmF1dnNTczRkY00xQnJqd25GTlRk\nZEVPNHB6UzIxejExYnBzT253SEN2eVUKLS0tIEN0V043bXV4NDlWK09TYWFNYWtz\nUUlZQXNUK1R5UENsY0pkTFcvRHVURUkKJ36JRhvvrV+xTwiZWJgl4b3LOcuOLt2L\nLS5wKJIr7Ezoc1mGYbo09LXDqzfcR8FT56o0YPDBscOecouc1W9R5b8=\n-----END AGE ENCRYPTED FILE-----\n" + } + ] + } + ], + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2024-08-28T05:08:33Z", + "mac": "ENC[AES256_GCM,data:PjyemPdDsSK7sX6VuPPu+osUlIWI1FzrRdI5N/smiwq8cfWiqC5XHSn0TZ+pSi6Y3Ja3aug6WepLkXTX5snEc/vkB+hpOAjOckqp/8FV76NH/c1AX/Oj6wyAXywNJD7I7cNNyQ4fC1LN+qMMu3rWUDRNhU8hWrFGEfVjslU4sAY=,iv:KA2RwbcFguETSengxM2AyPSRGQ+AFQtYdPwPAjT9Sqk=,tag:rmldzl3NGeeAzZl6tPmueg==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.0" + } +} \ No newline at end of file