ronnibaslund/dezky
1
0
Fork 0
Code Issues 37 Pull Requests Actions Packages Projects 1 Releases Wiki Activity
Files
1114be6c93a0bad95758ebe2caf9443df2762af7
dezky/infrastructure/production/fleet/ci/gitea-runner.yaml
T
Ronni Baslund 1114be6c93
ci / typecheck (map[dir:apps/booking name:booking]) (push) Successful in 45s
Details
ci / typecheck (map[dir:apps/operator name:operator]) (push) Successful in 50s
Details
ci / build (map[dir:apps/operator name:operator]) (push) Failing after 5s
Details
ci / deploy (push) Has been skipped
Details
ci / typecheck (map[dir:apps/portal name:portal]) (push) Successful in 27s
Details
ci / typecheck (map[dir:apps/website name:website]) (push) Successful in 23s
Details
ci / typecheck (map[dir:services/platform-api name:platform-api]) (push) Successful in 24s
Details
ci / test (push) Successful in 35s
Details
ci / build (map[dir:apps/booking name:booking]) (push) Failing after 7s
Details
ci / build (map[dir:apps/portal name:portal]) (push) Failing after 5s
Details
ci / build (map[dir:services/platform-api name:platform-api]) (push) Failing after 6s
Details
fix(ci): expose the dind docker host to job containers 
gitea/runner 1.x no longer auto-mounts the docker daemon into job
containers (act_runner 0.2.x did), so 'docker build' in the build jobs
failed with 'cannot connect to /var/run/docker.sock'. container.docker_host
"" restores find-and-mount.
2026-06-10 08:34:54 +02:00

141 lines
4.6 KiB
YAML
Raw Blame History

# Gitea Actions runner for the dezky monorepo, in-cluster on node1.
#
# Builds + pushes app images (platform-api / portal / booking) to the Gitea
# container registry on push. A privileged docker:dind sidecar provides the
# Docker daemon the runner's jobs use for `docker build`/`buildx` — k3s itself
# only has containerd, no Docker daemon.
#
# The registration token is NOT in git — create the 'gitea-runner-token' Secret
# out-of-band:
# kubectl -n gitea-runner create secret generic gitea-runner-token \
# --from-literal=token=<gitea registration token>
# act_runner auto-registers on first start (persisted on the runner-data PVC).
apiVersion: v1
kind: Namespace
metadata:
name: gitea-runner
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: runner-data
namespace: gitea-runner
spec:
accessModes: [ReadWriteOnce]
storageClassName: longhorn
resources:
requests:
storage: 2Gi
---
apiVersion: v1
kind: ConfigMap
metadata:
name: act-runner-config
namespace: gitea-runner
data:
config.yaml: |
log:
level: info
runner:
# Some parallelism without overloading the single shared dind daemon
# (concurrent container teardowns trigger moby's cgroup-v2 removal
# deadlock). 2 is a safe balance on this node.
capacity: 2
timeout: 3h
labels:
- "ubuntu-latest:docker://catthehacker/ubuntu:act-22.04"
- "docker:docker://docker:27-cli"
cache:
# We don't use the Actions cache (setup-node cache was removed); disabling
# avoids the cache server the DinD job containers can't reach anyway.
enabled: false
container:
# "" = find an available docker host automatically AND expose it to job
# containers (the dind daemon's socket gets bind-mounted into jobs, which
# is what `docker build` in the build jobs needs). gitea/runner 1.x no
# longer does this by default — act_runner 0.2.x did.
docker_host: ""
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: act-runner
namespace: gitea-runner
labels:
app: act-runner
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: act-runner
template:
metadata:
labels:
app: act-runner
spec:
containers:
- name: runner
# gitea/runner is the successor of the deprecated gitea/act_runner.
# act_runner 0.2.11 + Gitea 1.26 left finished jobs stuck "Running" —
# the runner completed and freed slots, but Gitea never registered the
# completion, so dependent jobs (build → deploy) were never dispatched.
# Same config format / env vars / .runner registration file.
image: gitea/runner:1.0.8
env:
- name: GITEA_INSTANCE_URL
value: https://git.lastcloud.io
- name: GITEA_RUNNER_REGISTRATION_TOKEN
valueFrom:
secretKeyRef:
name: gitea-runner-token
key: token
- name: GITEA_RUNNER_NAME
value: dezky-k3s
# Map ubuntu-latest (used by .gitea/workflows/ci.yml) to a Docker
# image with the usual build tooling; jobs run via the dind sidecar.
- name: GITEA_RUNNER_LABELS
value: "ubuntu-latest:docker://catthehacker/ubuntu:act-22.04,docker:docker://docker:27-cli"
- name: DOCKER_HOST
value: tcp://localhost:2376
- name: DOCKER_CERT_PATH
value: /certs/client
- name: DOCKER_TLS_VERIFY
value: "1"
- name: CONFIG_FILE
value: /config/config.yaml
volumeMounts:
- name: runner-data
mountPath: /data
- name: docker-certs
mountPath: /certs
- name: runner-config
mountPath: /config
- name: dind
# docker:24-dind — moby 24 avoids the cgroup-v2 container-removal
# deadlock seen on 27 ("removal of container … is already in
# progress" looping → "Complete job" hangs).
image: docker:24-dind
securityContext:
privileged: true
env:
- name: DOCKER_TLS_CERTDIR
value: /certs
volumeMounts:
- name: docker-certs
mountPath: /certs
- name: dind-storage
mountPath: /var/lib/docker
volumes:
- name: runner-data
persistentVolumeClaim:
claimName: runner-data
- name: docker-certs
emptyDir: {}
- name: dind-storage
emptyDir: {}
- name: runner-config
configMap:
name: act-runner-config
Reference in New Issue View Git Blame Copy Permalink