From 0af355843d0d8755569befe86d216d00ecaccc5d Mon Sep 17 00:00:00 2001
From: Paul Brinkmeier <hallo@pbrinkmeier.de>
Date: Fri, 1 Sep 2023 01:58:02 +0200
Subject: [PATCH] Add Gitea actions act_runner

---
 docker/docker/drone/docker-compose.yaml |  4 +-
 docker/docker/gitea/Dockerfile          |  3 +
 docker/docker/gitea/README.md           | 11 ++++
 docker/docker/gitea/docker-compose.yaml | 15 +++++
 docker/docker/gitea/runner-config.yaml  | 83 +++++++++++++++++++++++++
 docker/envs/gitea/.env                  | 23 ++++---
 6 files changed, 127 insertions(+), 12 deletions(-)
 create mode 100644 docker/docker/gitea/Dockerfile
 create mode 100644 docker/docker/gitea/runner-config.yaml

diff --git a/docker/docker/drone/docker-compose.yaml b/docker/docker/drone/docker-compose.yaml
index 397a6b8..c207c46 100644
--- a/docker/docker/drone/docker-compose.yaml
+++ b/docker/docker/drone/docker-compose.yaml
@@ -12,7 +12,7 @@ services:
       DRONE_SERVER_PROTO: https
     volumes:
       - /var/lib/pbri/docker/drone:/data
-    restart: always
+    restart: unless-stopped
 
   drone_runner:
     image: drone/drone-runner-docker:1
@@ -24,7 +24,7 @@ services:
       DRONE_RUNNER_NAME: shamash
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
-    restart: always
+    restart: unless-stopped
 
 networks:
   default:
diff --git a/docker/docker/gitea/Dockerfile b/docker/docker/gitea/Dockerfile
new file mode 100644
index 0000000..5a02d6b
--- /dev/null
+++ b/docker/docker/gitea/Dockerfile
@@ -0,0 +1,3 @@
+ FROM gitea/act_runner:0.2.5
+
+ COPY runner-config.yaml /opt/runner-config.yaml
diff --git a/docker/docker/gitea/README.md b/docker/docker/gitea/README.md
index 7700539..d82ebbd 100644
--- a/docker/docker/gitea/README.md
+++ b/docker/docker/gitea/README.md
@@ -1,6 +1,17 @@
+# gitea
+
 Add a `.env` file like this:
 
 ```
 GITEA_DB_PASSWORD=...
 GITEA_SMTP_PASSWORD=...
+GITEA_RUNNER_REGISTRATION_TOKEN=...
 ```
+
+You should keep an eye on `GITEA_RUNNER_REGISTRATION_TOKEN`. I suspect
+it might change over time, e.g. when restarting or updating Gitea.
+
+## Files
+
+- `runner-config.yaml`: Configuration for `gitea/act_runner`. Generated using `act_runner generate-config` then adjusted
+- `Dockerfile`: Creates an image based on `gitea/act_runner` that comes with `runner-config.yaml` in `/opt` (to avoid the extra mount)
diff --git a/docker/docker/gitea/docker-compose.yaml b/docker/docker/gitea/docker-compose.yaml
index dc8c5f0..7fc3677 100644
--- a/docker/docker/gitea/docker-compose.yaml
+++ b/docker/docker/gitea/docker-compose.yaml
@@ -65,6 +65,21 @@ services:
     volumes:
       - /var/lib/pbri/docker/gitea_db:/var/lib/postgresql/data
 
+  gitea_runner:
+    image: pbrinkmeier/act_runner:0.2.5
+    build: .
+    restart: unless-stopped
+    environment:
+      CONFIG_FILE: /opt/runner-config.yaml
+      GITEA_INSTANCE_URL: "http://gitea:3000"
+      GITEA_RUNNER_REGISTRATION_TOKEN: "${GITEA_RUNNER_REGISTRATION_TOKEN}"
+      GITEA_RUNNER_NAME: "basic-bitchboy"
+    volumes:
+      - /var/lib/pbri/docker/gitea_runner_data:/data
+      - /var/run/docker.sock:/var/run/docker.sock
+    depends_on:
+      - gitea
+
 networks:
   default:
     name: caddy-network
diff --git a/docker/docker/gitea/runner-config.yaml b/docker/docker/gitea/runner-config.yaml
new file mode 100644
index 0000000..219ec34
--- /dev/null
+++ b/docker/docker/gitea/runner-config.yaml
@@ -0,0 +1,83 @@
+log:
+  # The level of logging, can be trace, debug, info, warn, error, fatal
+  level: info
+
+runner:
+  # Where to store the registration result.
+  file: .runner
+  # Execute how many tasks concurrently at the same time.
+  capacity: 1
+  # Extra environment variables to run jobs.
+  # envs:
+  #   A_TEST_ENV_NAME_1: a_test_env_value_1
+  #   A_TEST_ENV_NAME_2: a_test_env_value_2
+  # Extra environment variables to run jobs from a file.
+  # It will be ignored if it's empty or the file doesn't exist.
+  # env_file: .env
+  # The timeout for a job to be finished.
+  # Please note that the Gitea instance also has a timeout (3h by default) for the job.
+  # So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
+  timeout: 3h
+  # Whether skip verifying the TLS certificate of the Gitea instance.
+  insecure: false
+  # The timeout for fetching the job from the Gitea instance.
+  fetch_timeout: 5s
+  # The interval for fetching the job from the Gitea instance.
+  fetch_interval: 2s
+  # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
+  # Like: ["macos-arm64:host", "ubuntu-latest:docker://node:16-bullseye", "ubuntu-22.04:docker://node:16-bullseye"]
+  # If it's empty when registering, it will ask for inputting labels.
+  # If it's empty when execute `deamon`, will use labels in `.runner` file.
+  labels:
+    - "ubuntu-22.04:docker://node:16-bullseye"
+
+cache:
+  # Enable cache server to use actions/cache.
+  enabled: false
+  # The directory to store the cache data.
+  # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
+  dir: ""
+  # The host of the cache server.
+  # It's not for the address to listen, but the address to connect from job containers.
+  # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
+  host: ""
+  # The port of the cache server.
+  # 0 means to use a random available port.
+  port: 0
+  # The external cache server URL. Valid only when enable is true.
+  # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
+  # The URL should generally end with "/".
+  external_server: ""
+
+container:
+  # Specifies the network to which the container will connect.
+  # Could be host, bridge or the name of a custom network.
+  # If it's empty, act_runner will create a network automatically.
+  network: ""
+  # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
+  privileged: false
+  # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
+  options:
+  # The parent directory of a job's working directory.
+  # If it's empty, /workspace will be used.
+  workdir_parent:
+  # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
+  # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
+  # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
+  # valid_volumes:
+  #   - data
+  #   - /src/*.json
+  # If you want to allow any volume, please use the following configuration:
+  # valid_volumes:
+  #   - '**'
+  valid_volumes: []
+  # overrides the docker client host with the specified one.
+  # If it's empty, act_runner will find an available docker host automatically.
+  # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
+  # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
+  docker_host: ""
+
+host:
+  # The parent directory of a job's working directory.
+  # If it's empty, $HOME/.cache/act/ will be used.
+  workdir_parent:
diff --git a/docker/envs/gitea/.env b/docker/envs/gitea/.env
index c7b192c..c7a9735 100644
--- a/docker/envs/gitea/.env
+++ b/docker/envs/gitea/.env
@@ -1,11 +1,14 @@
 $ANSIBLE_VAULT;1.1;AES256
-32303131323835666635366533363238303766643063633934353139323837396336373734393263
-6334616639373630616437646437626666343161373338310a323234313330323839663165653038
-66386266373562363966643666653234656337373166626131383565313334333234373532633133
-6265656232613337380a393531323765373332613162346365373831373733623166363136326239
-66386262393836343634353061363131313936666665343634326430393939633336656666626530
-32633762306136356464386262633132646633373066316434343437356636313831313462366533
-37343864636265666166613761386639316534386365343439623634373039383237353839656130
-36353036623336653336663738636632326238326133663039633330656530376335343539646465
-61663436626235306462336636393332313562646633373637396664636661333131663864393138
-6161396237323233333961353231643236393232623635303465
+39336432643438646536386533653365653639396331653263366665643635653630306632313364
+6237616333336138336562383232323434613935396437390a623462386535363162333735626466
+34643232353537393931326661613665616265663866373662353364336533333862396564636133
+6265343031366661650a306335616563653065613061623264383565643031303262636162663135
+34616334336661613964373938666130363864613665356466313230646362633032333237346132
+34376265613866303565623461346136383638336364316639616535383432623938653464633538
+61366538636466363465353734653361396434626166643231383762313862653238393566643938
+65373063333934346239306534363135636237356637326638626536663934666239636138323235
+39613137653838333965613634373638346165333137626539653861323466313463353264363465
+35313739323833656539626333626432343733626639643064323237653032303165653963666138
+37633138616562623863333965613039613636643331626132386231386433363965666166336239
+37666565616366343062643838333434353266623362343636393365653461343366386133326232
+33373361396134343133303963363764323761633061376461383830633332353637