feat: Add runners

Signed-off-by: Julien Riou <julien@riou.xyz>

defaults/main.yml

@@ -9,3 +9,8 @@ forgejo_db_password: CHANGEME
 forgejo_db_database: forgejo
 forgejo_manage_iptables: false
 forgejo_allowed_sources: []
+forgejo_runners_version: 9.1.1
+forgejo_runners_config_dir: /etc/forgejo-runners
+# forgejo_runners:
+#   repository: token
+forgejo_runners: {}

files/runners/config.yml

@@ -0,0 +1,47 @@
+# Example configuration file, it's safe to copy this as the default config file without any modification.
+
+# You don't have to copy this file to your instance,
+# just run `forgejo-runner generate-config > config.yaml` to generate a config file.
+
+log:
+  level: info
+  job_level: info
+
+runner:
+  file: .runner
+  capacity: 1
+  envs:
+    A_TEST_ENV_NAME_1: a_test_env_value_1
+    A_TEST_ENV_NAME_2: a_test_env_value_2
+  env_file: .env
+  timeout: 3h
+  shutdown_timeout: 3h
+  insecure: false
+  fetch_timeout: 5s
+  fetch_interval: 2s
+  report_interval: 1s
+  labels: []
+
+cache:
+  enabled: true
+  port: 0
+  dir: ""
+  external_server: ""
+  secret: ""
+  host: ""
+  proxy_port: 0
+  actions_cache_url_override: ""
+
+container:
+  network: ""
+  enable_ipv6: false
+  privileged: false
+  options:
+  workdir_parent:
+  valid_volumes: []
+  docker_host: "-"
+  force_pull: false
+  force_rebuild: false
+
+host:
+  workdir_parent:

handlers/main.yml

@@ -2,3 +2,9 @@
 - name: save iptables
   ansible.builtin.shell:
     cmd: netfilter-persistent save
+
+- name: start runners
+  community.docker.docker_compose_v2:
+    project_src: "{{ forgejo_runners_config_dir }}"
+    files:
+      - docker-compose.yml

tasks/deploy-runners.yml

@@ -0,0 +1,20 @@
+---
+- name: register runners
+  ansible.builtin.include_tasks: register-runner.yml
+  loop: "{{ forgejo_runners | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+
+- name: create runners configuration
+  ansible.builtin.template:
+    src: "runners/docker-compose.yml.j2"
+    dest: "{{ forgejo_runners_config_dir }}/docker-compose.yml"
+    owner: root
+    group: root
+    mode: "0644"
+
+- name: start runners service
+  community.docker.docker_compose_v2:
+    project_src: "{{ forgejo_runners_config_dir }}"
+    files:
+      - docker-compose.yml

tasks/main.yml

@@ -64,3 +64,7 @@
   loop: "{{ forgejo_allowed_sources }}"
   notify: save iptables
   when: forgejo_manage_iptables
+
+- name: deploy runners
+  ansible.builtin.include_tasks: deploy-runners.yml
+  when: forgejo_runners

tasks/register-runner.yml

@@ -0,0 +1,41 @@
+---
+- name: check variables
+  ansible.builtin.assert:
+    that:
+      - forgejo_web_port | mandatory
+      - forgejo_runners_version | mandatory
+      - forgejo_runners_config_dir | mandatory
+      - item.key | mandatory
+      - item.value | mandatory
+
+- name: create runner subdirectory
+  ansible.builtin.file:
+    path: "{{ forgejo_runners_config_dir }}/{{ item.key }}"
+    state: directory
+    mode: "0755"
+    owner: forgejo
+    group: forgejo
+
+- name: register runner
+  ansible.builtin.command:
+    cmd: >-
+      docker run
+        -v /var/run/docker.sock:/var/run/docker.sock
+        -v {{ forgejo_runners_config_dir }}/{{ item.key }}:/data
+        --rm
+        --network forgejo_forgejo
+        --user {{ ansible_facts.getent_passwd.forgejo[1] }}:{{ ansible_facts.getent_passwd.forgejo[2] }}
+        code.forgejo.org/forgejo/runner:{{ forgejo_runners_version }}
+        forgejo-runner register --no-interactive
+          --token {{ item.value }}
+          --name {{ item.key }}
+          --instance http://forgejo-server:{{ forgejo_web_port }}
+    creates: "{{ forgejo_runners_config_dir }}/{{ item.key }}/.runner"
+  notify: start runners
+
+- name: create runner configuration
+  ansible.builtin.copy:
+    src: runners/config.yml
+    dest: "{{ forgejo_runners_config_dir }}/{{ item.key }}/config.yml"
+    force: false
+  notify: start runners

templates/runners/docker-compose.yml.j2

@@ -0,0 +1,36 @@
+---
+{{ ansible_managed | comment }}
+services:
+  docker:
+    container_name: forgejo-docker
+    image: docker:dind
+    privileged: true
+    volumes:
+      - certs:/certs
+    networks:
+      - forgejo
+
+{% for runner in forgejo_runners %}
+  runner-{{ runner }}:
+    container_name: forgejo-runners-{{ runner }}
+    image: code.forgejo.org/forgejo/runner:{{ forgejo_runners_version }}
+    user: {{ ansible_facts.getent_passwd.forgejo[1] }}:{{ ansible_facts.getent_passwd.forgejo[2] }}
+    environment:
+      DOCKER_HOST: tcp://docker:2376
+      DOCKER_TLS_VERIFY: 1
+      DOCKER_CERT_PATH: /certs/client
+    volumes:
+      - {{ forgejo_runners_config_dir }}/{{ runner }}:/data
+      - certs:/certs
+    command: 'forgejo-runner --config config.yml daemon'
+    networks:
+      - forgejo
+{% endfor %}
+
+volumes:
+  certs:
+
+networks:
+  forgejo:
+    external: true
+    name: forgejo_forgejo