diff --git a/docs/04-configuration/GITEA_ACT_RUNNER_SETUP.md b/docs/04-configuration/GITEA_ACT_RUNNER_SETUP.md index 0d385ad..1ccb81d 100644 --- a/docs/04-configuration/GITEA_ACT_RUNNER_SETUP.md +++ b/docs/04-configuration/GITEA_ACT_RUNNER_SETUP.md @@ -1,8 +1,18 @@ # Gitea act_runner Setup -**Last Updated:** 2026-02-10 +**Last Updated:** 2026-03-27 (bootstrap script + `ubuntu-latest` labels) **Gitea:** https://gitea.d-bis.org -**Runner host:** dev-vm (VMID 5700) at 192.168.11.59 +**Runner host:** dev-vm (VMID 5700) at 192.168.11.59 (Gitea HTTP on that host: port 3000) + +**Which Proxmox node?** VMID 5700 is not fixed to one server—confirm before `pct exec`: + +```bash +ssh root@192.168.11.10 'pct list | grep 5700' +ssh root@192.168.11.11 'pct list | grep 5700' +ssh root@192.168.11.12 'pct list | grep 5700' +``` + +Use the node where 5700 is **running** (often r630-02 / 192.168.11.12). --- @@ -18,48 +28,66 @@ ## Install act_runner +### Site-wide (admin API token, recommended) + +From the **proxmox** repo root, with **`GITEA_TOKEN`** (admin) in root `.env`: + ```bash -# From Proxmox host, run inside dev-vm: -GITEA_RUNNER_REGISTRATION_TOKEN= ssh root@192.168.11.11 "pct exec 5700 -- bash -s" < scripts/dev-vm/setup-act-runner.sh +bash scripts/dev-vm/bootstrap-gitea-act-runner-site-wide.sh +``` + +This calls `GET /api/v1/admin/runners/registration-token`, registers **act_runner** on CT **5700** with label **`ubuntu-latest`** (daemon shows `ubuntu-latest:host`, which matches workflow `runs-on: ubuntu-latest`), installs **systemd**, and starts the service. To re-register (e.g. change labels), run with `RUNNER_FORCE_REREGISTER=1`. + +### Manual registration token + +```bash +# From repo root; replace with the node that hosts 5700 (e.g. 192.168.11.12): +GITEA_RUNNER_REGISTRATION_TOKEN= ssh root@ "pct exec 5700 -- bash -s" < scripts/dev-vm/setup-act-runner.sh ``` Or SSH into dev-vm (192.168.11.59) and run manually: ```bash -cd /opt # or preferred dir +cd /opt/act_runner GITEA_RUNNER_REGISTRATION_TOKEN= bash /path/to/setup-act-runner.sh -cd /opt/act_runner && ./act_runner daemon +``` + +**Instance URL for `register`:** From inside dev-vm, Gitea is usually reachable as `http://127.0.0.1:3000` (same host). The setup script defaults to `http://192.168.11.59:3000`; override if needed: + +```bash +INSTANCE=http://127.0.0.1:3000 GITEA_RUNNER_REGISTRATION_TOKEN= bash setup-act-runner.sh ``` --- ## Run as systemd service -Create `/etc/systemd/system/act-runner.service`: - -```ini -[Unit] -Description=Gitea act_runner -After=network.target - -[Service] -Type=simple -User=root -WorkingDirectory=/opt/act_runner -ExecStart=/opt/act_runner/act_runner daemon -Restart=on-failure -RestartSec=10 -Environment=GITEA_ACTION_URL=http://192.168.11.59:3000 - -[Install] -WantedBy=multi-user.target -``` +Prefer the install script (writes the unit, enables and starts the service): ```bash -systemctl daemon-reload -systemctl enable --now act-runner +ssh root@ "pct exec 5700 -- bash -s" < scripts/dev-vm/install-act-runner-systemd.sh ``` +Optional: if Gitea is not on localhost from the runner’s view, set `GITEA_ACTION_URL` (must match a URL the runner can reach): + +```bash +ssh root@ "pct exec 5700 -- env GITEA_ACTION_URL=http://192.168.11.59:3000 bash -s" < scripts/dev-vm/install-act-runner-systemd.sh +``` + +Manual unit (equivalent): `/etc/systemd/system/act-runner.service` with `Environment=GITEA_ACTION_URL=http://127.0.0.1:3000`, then `systemctl daemon-reload && systemctl enable --now act-runner`. + +--- + +## Troubleshooting + +| Symptom | Check | +|--------|--------| +| Jobs queued, never start | Gitea **Admin → Actions → Runners**: at least one runner **online**. Repo **Settings → Enable Repository Actions**. | +| “No matching runner” / label errors | Workflow `runs-on:` must match runner labels (e.g. `ubuntu-latest`). In Gitea, open the runner details and compare labels. | +| Runner exits / register errors | Ensure `INSTANCE` URL is reachable from the container (`curl -sS -o /dev/null -w '%{http_code}\n' http://127.0.0.1:3000/`). Re-register with a **new** token if the old one was rotated (remove `.runner` first, then run `setup-act-runner.sh` again). | +| Docker steps fail | Install Docker on dev-vm and ensure the `act_runner` user (or root) can run `docker`. | +| Binary but no service | If `/opt/act_runner/act_runner` exists but there is **no** `/opt/act_runner/.runner`, registration never completed—run `setup-act-runner.sh` with a token. If `.runner` exists but no unit, run `install-act-runner-systemd.sh`. | + --- ## Enable Actions per repository diff --git a/scripts/dev-vm/bootstrap-gitea-act-runner-site-wide.sh b/scripts/dev-vm/bootstrap-gitea-act-runner-site-wide.sh new file mode 100755 index 0000000..46df366 --- /dev/null +++ b/scripts/dev-vm/bootstrap-gitea-act-runner-site-wide.sh @@ -0,0 +1,70 @@ +#!/usr/bin/env bash +# Site-wide Gitea Actions runner: use admin GITEA_TOKEN from root .env to fetch the +# instance registration token, then register act_runner on dev-vm (5700) with ubuntu-latest. +# +# Requires: SSH to Proxmox (BatchMode), CT 5700 running Gitea + act_runner under /opt/act_runner. +# Env (from .env via load-project-env): GITEA_TOKEN, optional GITEA_URL, RUNNER_LABELS, +# RUNNER_FORCE_REREGISTER=1 to drop .runner and re-register, DEV_VM_VMID (default 5700). +# +# Usage (repo root): +# bash scripts/dev-vm/bootstrap-gitea-act-runner-site-wide.sh +# RUNNER_FORCE_REREGISTER=1 bash scripts/dev-vm/bootstrap-gitea-act-runner-site-wide.sh + +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(cd "${SCRIPT_DIR}/../.." && pwd)" +# Load only root .env + IPs (avoid full load-project-env if another dotenv exits non-zero under set -e). +[[ -f "${PROJECT_ROOT}/.env" ]] && set -a && source "${PROJECT_ROOT}/.env" && set +a +[[ -f "${PROJECT_ROOT}/config/ip-addresses.conf" ]] && source "${PROJECT_ROOT}/config/ip-addresses.conf" +PROXMOX_HOST_R630_01="${PROXMOX_R630_01:-${PROXMOX_HOST_R630_01:-192.168.11.11}}" +PROXMOX_HOST_R630_02="${PROXMOX_R630_02:-${PROXMOX_HOST_R630_02:-192.168.11.12}}" +PROXMOX_HOST_ML110="${PROXMOX_ML110:-${PROXMOX_HOST_ML110:-192.168.11.10}}" +get_host_for_vmid() { + case "$1" in + 5000|5700|7810|2201|2303|2401|6200|6201|10234|10237|5800|5801) echo "${PROXMOX_HOST_R630_02}";; + 5400|5401|5402|5403|5410|5411|5412|5413|5414|5415|5416|5417|5418|5419|5420|5421|5422|5423|5424|5425|5440|5441|5442|5443|5444|5445|5446|5447|5448|5449|5450|5451|5452|5453|5454|5455|5470|5471|5472|5473|5474|5475|5476) echo "${PROXMOX_HOST_R630_02}";; + 2101|10130|10150|10151|106|107|108|10000|10001|10020|10100|10101|10120|10233|10235) echo "${PROXMOX_HOST_R630_01}";; + 2301|2400|1504|2503|2504|2505) echo "${PROXMOX_HOST_ML110}";; + *) echo "${PROXMOX_HOST_R630_01}";; + esac +} + +GITEA_URL="${GITEA_URL:-https://gitea.d-bis.org}" +GITEA_URL="${GITEA_URL%/}" +VMID="${DEV_VM_VMID:-5700}" +RUNNER_LABELS="${RUNNER_LABELS:-ubuntu-latest}" + +if [[ -z "${GITEA_TOKEN:-}" ]]; then + echo "ERROR: GITEA_TOKEN not set (root .env)." >&2 + exit 1 +fi + +REG_JSON="$(curl -sS -H "Authorization: token ${GITEA_TOKEN}" \ + "${GITEA_URL}/api/v1/admin/runners/registration-token")" +REG_TOKEN="$(printf '%s' "$REG_JSON" | sed -n 's/.*"token"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p')" +if [[ -z "$REG_TOKEN" || "$REG_TOKEN" == "null" ]]; then + echo "ERROR: Could not get admin registration token. Response:" >&2 + printf '%s\n' "$REG_JSON" >&2 + echo "Ensure GITEA_TOKEN is an admin token with access to GET /api/v1/admin/runners/registration-token" >&2 + exit 1 +fi + +PROXMOX_HOST="$(get_host_for_vmid "$VMID")" +echo "Using Proxmox host ${PROXMOX_HOST} for VMID ${VMID}." + +if [[ "${RUNNER_FORCE_REREGISTER:-0}" == "1" ]]; then + ssh -o BatchMode=yes -o StrictHostKeyChecking=accept-new "root@${PROXMOX_HOST}" \ + "pct exec ${VMID} -- bash -lc 'rm -f /opt/act_runner/.runner; systemctl stop act-runner 2>/dev/null || true'" +fi + +# Pass registration token into the container without embedding raw secret in ssh argv (still reversible from b64). +TB64="$(printf '%s' "$REG_TOKEN" | base64 | tr -d '\n')" +ssh -o BatchMode=yes -o StrictHostKeyChecking=accept-new "root@${PROXMOX_HOST}" \ + "pct exec ${VMID} -- bash -c 'export GITEA_RUNNER_REGISTRATION_TOKEN=\$(printf %s \"${TB64}\" | base64 -d); export RUNNER_LABELS=\"${RUNNER_LABELS}\"; bash -s'" \ + < "${SCRIPT_DIR}/setup-act-runner.sh" + +ssh -o BatchMode=yes -o StrictHostKeyChecking=accept-new "root@${PROXMOX_HOST}" \ + "pct exec ${VMID} -- bash -s" < "${SCRIPT_DIR}/install-act-runner-systemd.sh" + +echo "Done. Check Gitea Admin → Actions → Runners for an online runner with labels including: ${RUNNER_LABELS}" diff --git a/scripts/dev-vm/install-act-runner-systemd.sh b/scripts/dev-vm/install-act-runner-systemd.sh new file mode 100755 index 0000000..e3b6815 --- /dev/null +++ b/scripts/dev-vm/install-act-runner-systemd.sh @@ -0,0 +1,45 @@ +#!/usr/bin/env bash +# Install systemd unit for Gitea act_runner on the Gitea host (e.g. dev-vm 5700). +# Run inside the container, or: ssh root@ "pct exec 5700 -- bash -s" < scripts/dev-vm/install-act-runner-systemd.sh +# +# Optional env: +# WORK_DIR default /opt/act_runner +# GITEA_ACTION_URL default http://127.0.0.1:3000 (same host as Gitea) + +set -euo pipefail + +WORK_DIR="${WORK_DIR:-/opt/act_runner}" +GITEA_ACTION_URL="${GITEA_ACTION_URL:-http://127.0.0.1:3000}" + +if [ ! -x "${WORK_DIR}/act_runner" ]; then + echo "Missing ${WORK_DIR}/act_runner — run setup-act-runner.sh with GITEA_RUNNER_REGISTRATION_TOKEN first." + exit 1 +fi + +if [ ! -f "${WORK_DIR}/.runner" ]; then + echo "Missing ${WORK_DIR}/.runner — register first: GITEA_RUNNER_REGISTRATION_TOKEN=... bash setup-act-runner.sh" + exit 1 +fi + +cat > /etc/systemd/system/act-runner.service << EOF +[Unit] +Description=Gitea act_runner +After=network.target + +[Service] +Type=simple +User=root +WorkingDirectory=${WORK_DIR} +ExecStart=${WORK_DIR}/act_runner daemon +Restart=on-failure +RestartSec=10 +Environment=GITEA_ACTION_URL=${GITEA_ACTION_URL} + +[Install] +WantedBy=multi-user.target +EOF + +systemctl daemon-reload +systemctl enable act-runner +systemctl restart act-runner +systemctl --no-pager status act-runner diff --git a/scripts/dev-vm/setup-act-runner.sh b/scripts/dev-vm/setup-act-runner.sh index b68ee31..34a0b20 100644 --- a/scripts/dev-vm/setup-act-runner.sh +++ b/scripts/dev-vm/setup-act-runner.sh @@ -6,9 +6,12 @@ set -euo pipefail ACT_RUNNER_VERSION="${ACT_RUNNER_VERSION:-0.2.13}" -INSTANCE="${INSTANCE:-http://192.168.11.59:3000}" +# Gitea root URL as seen from this host (same LXC as Gitea → 127.0.0.1) +INSTANCE="${INSTANCE:-http://127.0.0.1:3000}" WORK_DIR="${WORK_DIR:-/opt/act_runner}" TOKEN="${GITEA_RUNNER_REGISTRATION_TOKEN:-}" +# Workflows commonly use runs-on: ubuntu-latest; labels must match. +RUNNER_LABELS="${RUNNER_LABELS:-ubuntu-latest}" if [ -z "$TOKEN" ]; then echo "Set GITEA_RUNNER_REGISTRATION_TOKEN" @@ -29,6 +32,6 @@ fi chmod +x ./act_runner if [ ! -f .runner ]; then - ./act_runner register --no-interactive --instance "$INSTANCE" --token "$TOKEN" + ./act_runner register --no-interactive --instance "$INSTANCE" --token "$TOKEN" --labels "$RUNNER_LABELS" fi echo "Ready. Run: ./act_runner daemon" diff --git a/scripts/lib/load-project-env.sh b/scripts/lib/load-project-env.sh index 7a80c53..e92ca4b 100644 --- a/scripts/lib/load-project-env.sh +++ b/scripts/lib/load-project-env.sh @@ -75,7 +75,7 @@ get_host_for_vmid() { case "$vmid" in 10130|10150|10151|106|107|108|10000|10001|10020|10100|10101|10120|10233|10235) echo "${PROXMOX_HOST_R630_01}";; 2101) echo "${PROXMOX_HOST_R630_01}";; - 5000|7810|2201|2303|2401|6200|6201|10234|10237|5800|5801) echo "${PROXMOX_HOST_R630_02}";; + 5000|5700|7810|2201|2303|2401|6200|6201|10234|10237|5800|5801) echo "${PROXMOX_HOST_R630_02}";; 2301|2400|1504|2503|2504|2505) echo "${PROXMOX_HOST_ML110}";; 5400|5401|5402|5403|5410|5411|5412|5413|5414|5415|5416|5417|5418|5419|5420|5421|5422|5423|5424|5425|5440|5441|5442|5443|5444|5445|5446|5447|5448|5449|5450|5451|5452|5453|5454|5455|5470|5471|5472|5473|5474|5475|5476) echo "${PROXMOX_HOST_R630_02}";; *) echo "${PROXMOX_HOST_R630_01:-${PROXMOX_R630_02}}";;