ChrisChen/ROLAC
1
0
Fork 0
Code Issues 66 Pull Requests Actions Packages Projects Releases Wiki Activity

Update runner

Browse Source
This commit is contained in:
Chris Chen
2026-06-22 15:53:51 -07:00
parent ef3731ba48
commit a537974edf
10 changed files with 278 additions and 221 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deploy/vm/runner/Dockerfile
+34
View File
@@ -0,0 +1,34 @@
# Custom Gitea act_runner image for the ROLAC pipeline.
#
# The workflow needs BOTH the .NET SDK (dotnet test) and the Docker CLI
# (docker build / push / compose) in the same execution environment. The stock
# gitea/act_runner image has neither, so we bake them on top of the .NET 8 SDK
# image and copy the act_runner binary in. Registered as label `ubuntu:host`,
# every step runs inside THIS container, which talks to the host Docker daemon
# via the mounted socket.
FROM mcr.microsoft.com/dotnet/sdk:8.0
# Docker CLI + compose plugin, Node.js (JS-based actions like checkout need it),
# git, curl, bash.
RUN apt-get update \
&& apt-get install -y --no-install-recommends ca-certificates curl gnupg git bash \
&& install -m 0755 -d /etc/apt/keyrings \
&& curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc \
&& chmod a+r /etc/apt/keyrings/docker.asc \
&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo $VERSION_CODENAME) stable" \
> /etc/apt/sources.list.d/docker.list \
&& apt-get update \
&& apt-get install -y --no-install-recommends docker-ce-cli docker-compose-plugin \
&& curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
&& apt-get install -y --no-install-recommends nodejs \
&& rm -rf /var/lib/apt/lists/*
# act_runner binary from the official image.
COPY --from=gitea/act_runner:latest /usr/local/bin/act_runner /usr/local/bin/act_runner
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
# .runner registration state persists here (mount a volume).
WORKDIR /data
ENTRYPOINT ["/entrypoint.sh"]
deploy/vm/runner/README.md
+45
View File
@@ -0,0 +1,45 @@
# Gitea act_runner on the VM (Docker Compose)
Runs the CI/CD runner as a container, but with a **custom image** that bundles the
.NET 8 SDK + Docker CLI + Node, because the ROLAC workflow does both `dotnet test`
and `docker build`/`compose`. The stock `gitea/act_runner` image has neither.
It registers with the label **`ubuntu:host`**:
- `ubuntu` = the label name the workflow targets (`runs-on: ubuntu`).
- `:host` = run each step **inside this runner container** (which has the tools),
instead of spawning a separate job container that wouldn't have dotnet/docker.
The container mounts the **host Docker socket** (so build/push/compose act on the
host daemon) and **`/opt/rolac`** at the same path (so compose's relative volumes
resolve), and uses **host networking** (so the deploy step's
`curl http://localhost:8080/api/health` works).
## Setup
1. **Get a runner registration token** in Gitea:
Settings → Actions → Runners → **Create new runner** → copy the token.
(This is the *registration* token — different from the `REGISTRY_TOKEN` repo
secret used for `docker login`.)
2. **Configure + start** (on the VM, from this directory):
```bash
cd deploy/vm/runner
cp .env.example .env
nano .env # paste GITEA_RUNNER_REGISTRATION_TOKEN
docker compose up -d --build
```
3. **Verify** it shows up online in Gitea → Settings → Actions → Runners, with the
`ubuntu` label.
## Notes
- Registration state is stored in `./runner-data/.runner` (a bind mount), so the
runner does **not** re-register on restart. To re-register from scratch, stop the
container and delete `runner-data/`.
- `docker login git.golife.love` for the registry is done by the **workflow** using
the repo secrets `REGISTRY_USER` / `REGISTRY_TOKEN` — you do not need to log in
inside the runner manually.
- Logs: `docker compose logs -f runner`.
- The runner can build/run containers on the host because it shares the host Docker
socket. Treat this runner as privileged — only run trusted workflows on it.
deploy/vm/runner/docker-compose.yml
+17
View File
@@ -0,0 +1,17 @@
services:
runner:
build: .
image: rolac-act-runner:latest
restart: unless-stopped
# host networking so the deploy step's `curl http://localhost:8080/api/health`
# reaches the published edge port on the host.
network_mode: host
env_file: .env
volumes:
# talk to the host Docker daemon (build/push/compose all run on the host)
- /var/run/docker.sock:/var/run/docker.sock
# deploy target — must be the SAME path so compose's relative ./data and
# ./nginx volumes resolve to real host paths
- /opt/rolac:/opt/rolac
# persist runner registration so it doesn't re-register on restart
- ./runner-data:/data
deploy/vm/runner/entrypoint.sh
+15
View File
@@ -0,0 +1,15 @@
#!/bin/sh
set -e
# Register once (state stored in /data/.runner, which is a mounted volume so it
# survives restarts). On later starts it just runs the daemon.
if [ ! -f /data/.runner ]; then
echo "Registering runner with ${GITEA_INSTANCE_URL} ..."
act_runner register --no-interactive \
--instance "${GITEA_INSTANCE_URL}" \
--token "${GITEA_RUNNER_REGISTRATION_TOKEN}" \
--name "${GITEA_RUNNER_NAME:-vm-runner}" \
--labels "${GITEA_RUNNER_LABELS:-ubuntu:host}"
fi
exec act_runner daemon