proxmox/scripts/dev-vm/bootstrap-gitea-act-runner-site-wide.sh

#!/usr/bin/env bash
# Site-wide Gitea Actions runner: use admin GITEA_TOKEN from root .env to fetch the
# instance registration token, then register act_runner on dev-vm (5700) with ubuntu-latest.
#
# Requires: SSH to Proxmox (BatchMode), CT 5700 running Gitea + act_runner under /opt/act_runner.
# Env (from .env via load-project-env): GITEA_TOKEN, optional GITEA_URL, RUNNER_LABELS,
#   RUNNER_FORCE_REREGISTER=1 to drop .runner and re-register, DEV_VM_VMID (default 5700).
#
# Usage (repo root):
#   bash scripts/dev-vm/bootstrap-gitea-act-runner-site-wide.sh
#   RUNNER_FORCE_REREGISTER=1 bash scripts/dev-vm/bootstrap-gitea-act-runner-site-wide.sh

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "${SCRIPT_DIR}/../.." && pwd)"
# Load only root .env + IPs (avoid full load-project-env if another dotenv exits non-zero under set -e).
[[ -f "${PROJECT_ROOT}/.env" ]] && set -a && source "${PROJECT_ROOT}/.env" && set +a
[[ -f "${PROJECT_ROOT}/config/ip-addresses.conf" ]] && source "${PROJECT_ROOT}/config/ip-addresses.conf"
PROXMOX_HOST_R630_01="${PROXMOX_R630_01:-${PROXMOX_HOST_R630_01:-192.168.11.11}}"
PROXMOX_HOST_R630_02="${PROXMOX_R630_02:-${PROXMOX_HOST_R630_02:-192.168.11.12}}"
PROXMOX_HOST_ML110="${PROXMOX_ML110:-${PROXMOX_HOST_ML110:-192.168.11.10}}"
get_host_for_vmid() {
  case "$1" in
    5000|5700|7810|2201|2303|2401|6200|6201|10234|10237|5800|5801) echo "${PROXMOX_HOST_R630_02}";;
    5400|5401|5402|5403|5410|5411|5412|5413|5414|5415|5416|5417|5418|5419|5420|5421|5422|5423|5424|5425|5440|5441|5442|5443|5444|5445|5446|5447|5448|5449|5450|5451|5452|5453|5454|5455|5470|5471|5472|5473|5474|5475|5476) echo "${PROXMOX_HOST_R630_02}";;
    2101|10130|10150|10151|106|107|108|10000|10001|10020|10100|10101|10120|10233|10235) echo "${PROXMOX_HOST_R630_01}";;
    2301|2400|1504|2503|2504|2505) echo "${PROXMOX_HOST_ML110}";;
    *) echo "${PROXMOX_HOST_R630_01}";;
  esac
}

GITEA_URL="${GITEA_URL:-https://gitea.d-bis.org}"
GITEA_URL="${GITEA_URL%/}"
VMID="${DEV_VM_VMID:-5700}"
RUNNER_LABELS="${RUNNER_LABELS:-ubuntu-latest}"

if [[ -z "${GITEA_TOKEN:-}" ]]; then
  echo "ERROR: GITEA_TOKEN not set (root .env)." >&2
  exit 1
fi

REG_JSON="$(curl -sS -H "Authorization: token ${GITEA_TOKEN}" \
  "${GITEA_URL}/api/v1/admin/runners/registration-token")"
REG_TOKEN="$(printf '%s' "$REG_JSON" | sed -n 's/.*"token"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p')"
if [[ -z "$REG_TOKEN" || "$REG_TOKEN" == "null" ]]; then
  echo "ERROR: Could not get admin registration token. Response:" >&2
  printf '%s\n' "$REG_JSON" >&2
  echo "Ensure GITEA_TOKEN is an admin token with access to GET /api/v1/admin/runners/registration-token" >&2
  exit 1
fi

PROXMOX_HOST="$(get_host_for_vmid "$VMID")"
echo "Using Proxmox host ${PROXMOX_HOST} for VMID ${VMID}."

if [[ "${RUNNER_FORCE_REREGISTER:-0}" == "1" ]]; then
  ssh -o BatchMode=yes -o StrictHostKeyChecking=accept-new "root@${PROXMOX_HOST}" \
    "pct exec ${VMID} -- bash -lc 'rm -f /opt/act_runner/.runner; systemctl stop act-runner 2>/dev/null || true'"
fi

# Pass registration token into the container without embedding raw secret in ssh argv (still reversible from b64).
TB64="$(printf '%s' "$REG_TOKEN" | base64 | tr -d '\n')"
ssh -o BatchMode=yes -o StrictHostKeyChecking=accept-new "root@${PROXMOX_HOST}" \
  "pct exec ${VMID} -- bash -c 'export GITEA_RUNNER_REGISTRATION_TOKEN=\$(printf %s \"${TB64}\" | base64 -d); export RUNNER_LABELS=\"${RUNNER_LABELS}\"; bash -s'" \
  < "${SCRIPT_DIR}/setup-act-runner.sh"

ssh -o BatchMode=yes -o StrictHostKeyChecking=accept-new "root@${PROXMOX_HOST}" \
  "pct exec ${VMID} -- bash -s" < "${SCRIPT_DIR}/install-act-runner-systemd.sh"

echo "Done. Check Gitea Admin → Actions → Runners for an online runner with labels including: ${RUNNER_LABELS}"