From 6c7280b2133bb34ab1591ea20e67651d34c65479 Mon Sep 17 00:00:00 2001 From: Julien Riou Date: Mon, 25 Aug 2025 15:21:07 +0200 Subject: [PATCH] feat: Add runners Signed-off-by: Julien Riou --- defaults/main.yml | 5 +++ files/runners/config.yml | 47 +++++++++++++++++++++++++ handlers/main.yml | 6 ++++ tasks/deploy-runners.yml | 20 +++++++++++ tasks/main.yml | 4 +++ tasks/register-runner.yml | 41 +++++++++++++++++++++ templates/runners/docker-compose.yml.j2 | 36 +++++++++++++++++++ 7 files changed, 159 insertions(+) create mode 100644 files/runners/config.yml create mode 100644 tasks/deploy-runners.yml create mode 100644 tasks/register-runner.yml create mode 100644 templates/runners/docker-compose.yml.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 5fa525c..0a68f23 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -9,3 +9,8 @@ forgejo_db_password: CHANGEME forgejo_db_database: forgejo forgejo_manage_iptables: false forgejo_allowed_sources: [] +forgejo_runners_version: 9.1.1 +forgejo_runners_config_dir: /etc/forgejo-runners +# forgejo_runners: +# repository: token +forgejo_runners: {} diff --git a/files/runners/config.yml b/files/runners/config.yml new file mode 100644 index 0000000..297734e --- /dev/null +++ b/files/runners/config.yml @@ -0,0 +1,47 @@ +# Example configuration file, it's safe to copy this as the default config file without any modification. + +# You don't have to copy this file to your instance, +# just run `forgejo-runner generate-config > config.yaml` to generate a config file. + +log: + level: info + job_level: info + +runner: + file: .runner + capacity: 1 + envs: + A_TEST_ENV_NAME_1: a_test_env_value_1 + A_TEST_ENV_NAME_2: a_test_env_value_2 + env_file: .env + timeout: 3h + shutdown_timeout: 3h + insecure: false + fetch_timeout: 5s + fetch_interval: 2s + report_interval: 1s + labels: [] + +cache: + enabled: true + port: 0 + dir: "" + external_server: "" + secret: "" + host: "" + proxy_port: 0 + actions_cache_url_override: "" + +container: + network: "" + enable_ipv6: false + privileged: false + options: + workdir_parent: + valid_volumes: [] + docker_host: "-" + force_pull: false + force_rebuild: false + +host: + workdir_parent: diff --git a/handlers/main.yml b/handlers/main.yml index aa0f296..330c1b2 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -2,3 +2,9 @@ - name: save iptables ansible.builtin.shell: cmd: netfilter-persistent save + +- name: start runners + community.docker.docker_compose_v2: + project_src: "{{ forgejo_runners_config_dir }}" + files: + - docker-compose.yml diff --git a/tasks/deploy-runners.yml b/tasks/deploy-runners.yml new file mode 100644 index 0000000..6dc8e02 --- /dev/null +++ b/tasks/deploy-runners.yml @@ -0,0 +1,20 @@ +--- +- name: register runners + ansible.builtin.include_tasks: register-runner.yml + loop: "{{ forgejo_runners | dict2items }}" + loop_control: + label: "{{ item.key }}" + +- name: create runners configuration + ansible.builtin.template: + src: "runners/docker-compose.yml.j2" + dest: "{{ forgejo_runners_config_dir }}/docker-compose.yml" + owner: root + group: root + mode: "0644" + +- name: start runners service + community.docker.docker_compose_v2: + project_src: "{{ forgejo_runners_config_dir }}" + files: + - docker-compose.yml diff --git a/tasks/main.yml b/tasks/main.yml index 87363e4..d6680c2 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -64,3 +64,7 @@ loop: "{{ forgejo_allowed_sources }}" notify: save iptables when: forgejo_manage_iptables + +- name: deploy runners + ansible.builtin.include_tasks: deploy-runners.yml + when: forgejo_runners diff --git a/tasks/register-runner.yml b/tasks/register-runner.yml new file mode 100644 index 0000000..8630841 --- /dev/null +++ b/tasks/register-runner.yml @@ -0,0 +1,41 @@ +--- +- name: check variables + ansible.builtin.assert: + that: + - forgejo_web_port | mandatory + - forgejo_runners_version | mandatory + - forgejo_runners_config_dir | mandatory + - item.key | mandatory + - item.value | mandatory + +- name: create runner subdirectory + ansible.builtin.file: + path: "{{ forgejo_runners_config_dir }}/{{ item.key }}" + state: directory + mode: "0755" + owner: forgejo + group: forgejo + +- name: register runner + ansible.builtin.command: + cmd: >- + docker run + -v /var/run/docker.sock:/var/run/docker.sock + -v {{ forgejo_runners_config_dir }}/{{ item.key }}:/data + --rm + --network forgejo_forgejo + --user {{ ansible_facts.getent_passwd.forgejo[1] }}:{{ ansible_facts.getent_passwd.forgejo[2] }} + code.forgejo.org/forgejo/runner:{{ forgejo_runners_version }} + forgejo-runner register --no-interactive + --token {{ item.value }} + --name {{ item.key }} + --instance http://forgejo-server:{{ forgejo_web_port }} + creates: "{{ forgejo_runners_config_dir }}/{{ item.key }}/.runner" + notify: start runners + +- name: create runner configuration + ansible.builtin.copy: + src: runners/config.yml + dest: "{{ forgejo_runners_config_dir }}/{{ item.key }}/config.yml" + force: false + notify: start runners diff --git a/templates/runners/docker-compose.yml.j2 b/templates/runners/docker-compose.yml.j2 new file mode 100644 index 0000000..17b95ce --- /dev/null +++ b/templates/runners/docker-compose.yml.j2 @@ -0,0 +1,36 @@ +--- +{{ ansible_managed | comment }} +services: + docker: + container_name: forgejo-docker + image: docker:dind + privileged: true + volumes: + - certs:/certs + networks: + - forgejo + +{% for runner in forgejo_runners %} + runner-{{ runner }}: + container_name: forgejo-runners-{{ runner }} + image: code.forgejo.org/forgejo/runner:{{ forgejo_runners_version }} + user: {{ ansible_facts.getent_passwd.forgejo[1] }}:{{ ansible_facts.getent_passwd.forgejo[2] }} + environment: + DOCKER_HOST: tcp://docker:2376 + DOCKER_TLS_VERIFY: 1 + DOCKER_CERT_PATH: /certs/client + volumes: + - {{ forgejo_runners_config_dir }}/{{ runner }}:/data + - certs:/certs + command: 'forgejo-runner --config config.yml daemon' + networks: + - forgejo +{% endfor %} + +volumes: + certs: + +networks: + forgejo: + external: true + name: forgejo_forgejo