Szwendacz/ContainersWorkspace
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add gitea-runner, rework ci workflow

Browse source
This commit is contained in:
Szwendacz 2023-11-15 15:54:00 +01:00 committed by Maciej Lebiest
parent 604e65d234
commit ced51b9d8e
4 changed files with 163 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
.gitea/workflows/amd64-image.yml
View file

@ -1,40 +0,0 @@
name: Build images
run-name: Build images
on:
push:
branches: [ "main" ]
schedule:
- cron: '30 5 */5 * *'
jobs:
build-images:
runs-on: [ linux_amd64, ubuntu-latest ]
steps:
- name: install actions deps
run: |
dnf install -y nodejs git
- name: Check out repository code
uses: actions/checkout@v3
- name: Build selected images
run: |
podman build ./system-toolbox --tag system-toolbox:latest
podman build ./cloud-toolbox --tag cloud-toolbox:latest
podman build ./tor --tag tor:latest
podman build ./wireguard --tag wireguard:latest
podman build ./zabbix-agent --tag zabbix-agent:latest
- name: login to registry
run: podman login -u "${{ secrets.PACKAGES_USERNAME }}" -p "${{ secrets.PACKAGES_PASSWD }}" gitea.maciej.cloud
- name: Push image
run: |
# tagging
podman tag system-toolbox:latest gitea.maciej.cloud/packages/system-toolbox:latest
podman tag cloud-toolbox:latest gitea.maciej.cloud/packages/cloud-toolbox:latest
podman tag tor:latest gitea.maciej.cloud/packages/tor:latest
podman tag wireguard:latest gitea.maciej.cloud/packages/wireguard:latest
podman tag zabbix-agent:latest gitea.maciej.cloud/packages/zabbix-agent:latest
# pushing
podman push gitea.maciej.cloud/packages/system-toolbox:latest
podman push gitea.maciej.cloud/packages/cloud-toolbox:latest
podman push gitea.maciej.cloud/packages/tor:latest
podman push gitea.maciej.cloud/packages/wireguard:latest
podman push gitea.maciej.cloud/packages/zabbix-agent:latest

66
.gitea/workflows/build-images.yml Normal file
View file

@ -0,0 +1,66 @@
name: Build images
run-name: Build images
on:
push:
branches: [ "main" ]
schedule:
- cron: '30 5 */5 * *'
jobs:
build-images-arm64:
runs-on: [ linux_arm64 ]
steps:
- name: install actions deps
run: |
dnf install -y nodejs git
- name: Check out repository code
uses: actions/checkout@v3
- name: login to registry
run: podman login -u "${{ secrets.PACKAGES_USERNAME }}" -p "${{ secrets.PACKAGES_PASSWD }}" gitea.maciej.cloud
- name: Build selected images
run: |
IMAGES=(system-toolbox cloud-toolbox tor wireguard zabbix-agent);
for image in "${IMAGES[@]}";
do
echo "building image $image";
podman build ./$image --tag gitea.maciej.cloud/packages/$image:arm64;
echo "pushing image $image";
podman push gitea.maciej.cloud/packages/$image:arm64;
done
build-images-amd64:
runs-on: [ linux_amd64 ]
steps:
- name: install actions deps
run: |
dnf install -y nodejs git
- name: Check out repository code
uses: actions/checkout@v3
- name: login to registry
run: podman login -u "${{ secrets.PACKAGES_USERNAME }}" -p "${{ secrets.PACKAGES_PASSWD }}" gitea.maciej.cloud
- name: Build selected images
run: |
IMAGES=(system-toolbox cloud-toolbox tor wireguard zabbix-agent);
for image in "${IMAGES[@]}";
do
echo "building image $image";
podman build ./$image --tag gitea.maciej.cloud/packages/$image:amd64;
echo "pushing image $image";
podman push gitea.maciej.cloud/packages/$image:amd64;
done
update-images-manifests:
runs-on: [ linux_amd64 ]
needs:
- build-images-amd64
- build-images-arm64
steps:
- name: login to registry
run: podman login -u "${{ secrets.PACKAGES_USERNAME }}" -p "${{ secrets.PACKAGES_PASSWD }}" gitea.maciej.cloud
- name: Create manifests and push
run: |
IMAGES=(system-toolbox cloud-toolbox tor wireguard zabbix-agent);
for image in "${IMAGES[@]}";
do
echo "Updating manifest for $image";
podman manifest create gitea.maciej.cloud/packages/$image:latest gitea.maciej.cloud/packages/$image:amd64 gitea.maciej.cloud/packages/$image:arm64;
podman manifest push gitea.maciej.cloud/packages/$image:latest gitea.maciej.cloud/packages/$image:latest;
done

89
README.md
View file

@ -153,10 +153,6 @@ required for SMART monitoring.
Setting up such contenerized agent in systemd based system: Setting up such contenerized agent in systemd based system:
```bash ```bash
systemctl stop zabbix-agent.service;
podman rm -f zabbix-agent;
rm -f /etc/systemd/system/zabbix-agent.service;
podman run --restart no \ podman run --restart no \
--network host --pid host --ipc host --no-hosts --ulimit host --userns host \ --network host --pid host --ipc host --no-hosts --ulimit host --userns host \
--privileged \ --privileged \
@ -172,3 +168,88 @@ restorecon -v /etc/systemd/system/zabbix-agent.service;
systemctl daemon-reload; systemctl daemon-reload;
systemctl enable --now zabbix-agent.service; systemctl enable --now zabbix-agent.service;
``` ```
## gitea-runner
An image for running double-container setup - one with podman system service,
and the other with gitea act_runner which will use podman service as
docker runner.
Example uses root, but it should be very similar to setup under non-root user.
Build image setting proper platform architecture `amd64`, `arm64`, etc...
```bash
podman build --no-cache -t gitea-runner \
--build-arg ARCH="arm64" \
./ContainersWorkspace/gitea-runner/
```
Create dirs for runner config, and for podman socket shared between containers.
```bash
mkdir -p /root/act-runner/{runner,podman}
```
Generate example config
```bash
podman run --rm -it gitea-runner:latest generate-config > /root/act-runner/runner/config.yaml
```
Update registration file path in config and privileged mode.
```bash
sed -i 's`file: .runner`file: /etc/runner/registration.json`g' /root/act-runner/runner/config.yaml;
sed -i 's`privileged: false`privileged: true`g' act-runner/runner/config.yaml;
sed -i 's`docker_host: ""`docker_host: "-"`g' act-runner/runner/config.yaml;
```
Currently you **need** to set `docker_host: "-"` in "container" section
to make this setup with mounted docker.sock work.
Fix perms on those dirs:
```bash
podman run --rm -it \
-v /root/act-runner/:/data \
--privileged \
--entrypoint bash \
gitea-runner:latest \
-c "chown -R podman /data"
```
Register runner.
example value for labels can be `ubuntu-latest:docker://quay.io/podman/stable`.
```bash
podman run --rm -it \
-v /root/act-runner/runner/:/etc/runner \
--privileged \
gitea-runner:latest \
--config /etc/runner/config.yaml register
```
Start container acting as podman/docker (use `--init` to get rid of zombies):
```bash
podman run --rm -d --privileged --name gitea-podman \
--init \
--entrypoint podman \
-v /root/act-runner/podman:/podman \
gitea-runner:latest \
system service --time=0 unix:///podman/docker.sock
```
Now start container with runner (it will fail if docker.sock is missing)
```bash
podman run --rm -d --name gitea-runner \
-v /root/act-runner/runner/:/etc/runner:ro,Z \
-v /root/act-runner/podman/docker.sock:/var/run/docker.sock:rw,z \
gitea-runner:latest \
daemon -c /etc/runner/config.yaml
```
Now generate systemd services for these containers
```bash
podman generate systemd --new --name gitea-podman > /etc/systemd/system/gitea-podman.service;
podman generate systemd --new --name gitea-runner > /etc/systemd/system/gitea-runner.service;
restorecon -v /etc/systemd/system/gitea-podman.service;
restorecon -v /etc/systemd/system/gitea-runner.service;
systemctl daemon-reload;
systemctl enable --now gitea-podman.service;
systemctl enable --now gitea-runner.service;
````

12
gitea-runner/Dockerfile Normal file
View file

@ -0,0 +1,12 @@
FROM quay.io/podman/stable
ENV VERSION="0.2.6"
ARG ARCH="amd64"
RUN curl -o /act_runner https://gitea.com/gitea/act_runner/releases/download/v0.2.6/act_runner-${VERSION}-linux-${ARCH} && \
chmod +x /act_runner && \
chown podman /act_runner
USER podman
ENTRYPOINT [ "/act_runner" ]