From a55b81ceced927477730a0b3e8ee0b386ac4400b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?kleines=20Filmr=C3=B6llchen?= Date: Mon, 27 Jan 2025 11:56:52 +0100 Subject: [PATCH] some preliminary config --- Containerfile.alpine-latex | 2 + README.md | 11 +++++ build-containers.service | 7 +++ build-containers.sh | 9 ++++ build-containers.timer | 10 ++++ config.yml | 98 ++++++++++++++++++++++++++++++++++++++ 6 files changed, 137 insertions(+) create mode 100644 Containerfile.alpine-latex create mode 100644 README.md create mode 100644 build-containers.service create mode 100755 build-containers.sh create mode 100644 build-containers.timer create mode 100644 config.yml diff --git a/Containerfile.alpine-latex b/Containerfile.alpine-latex new file mode 100644 index 0000000..1e51b0d --- /dev/null +++ b/Containerfile.alpine-latex @@ -0,0 +1,2 @@ +FROM alpine:latest +RUN apk add --no-cache texlive texlive-xetex texmf-dist-full diff --git a/README.md b/README.md new file mode 100644 index 0000000..7c10ccc --- /dev/null +++ b/README.md @@ -0,0 +1,11 @@ +# forgejo-actions configuration + +This repository contains a few configuration files for the CTBK Forgejo Actions runner. This repository is checked out to the `/etc/forgejo-runner` directory. + +## Containers available in CTBK Forgejo Actions + +We provide a few containers for you to use: + +- `ubuntu-latest`: A container [provided by `catthehacker`](https://ghcr.io/catthehacker/ubuntu:act-22.04) that mostly mimics the GitHub `ubuntu-latest` runner. Use this if you simply want to run CI based on existing GitHub Actions configurations. While compatibility is not guaranteed (please read the [Forgejo Actions documentation](https://forgejo.org/docs/latest/user/actions/) either way), we’re certain it will just work in most cases. +- `alpine`: The `alpine:latest` (aka. `edge`) container, which is the official Alpine container. Use this container if you’re writing a new action. It is fast and small :) +- `alpine-latex`: An Alpine container with most TeX Live utilities preinstalled. This container is built from our [Containerfile](Containerfile.alpine-latex) once per week. Use this if you need to build LaTeX files (ideally with XeTeX) -- it saves a lot of CI time. diff --git a/build-containers.service b/build-containers.service new file mode 100644 index 0000000..b04579b --- /dev/null +++ b/build-containers.service @@ -0,0 +1,7 @@ +[Unit] +Description=Rebuild Forgejo Actions containers + +[Service] +Type=oneshot +ExecStart=/etc/forgejo-runner/build-containers.sh +Restart=no diff --git a/build-containers.sh b/build-containers.sh new file mode 100755 index 0000000..6c76778 --- /dev/null +++ b/build-containers.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash + +BASEDIR=/etc/forgejo-runner + +for container in "$BASEDIR"/Containerfile.*; do + base=$(basename "$container") + tag=${base#"Containerfile."} + podman build -t "$tag" --cpu-quota 50000 -f "$container" $BASEDIR +done diff --git a/build-containers.timer b/build-containers.timer new file mode 100644 index 0000000..6cd03aa --- /dev/null +++ b/build-containers.timer @@ -0,0 +1,10 @@ +[Unit] +Description=Rebuild Forgejo Actions containers + +[Timer] +OnCalendar=weekly +Persistent=true +RandomizedDelaySec=10 + +[Install] +WantedBy=timers.target diff --git a/config.yml b/config.yml new file mode 100644 index 0000000..83e1c78 --- /dev/null +++ b/config.yml @@ -0,0 +1,98 @@ +log: + # The level of logging, can be trace, debug, info, warn, error, fatal + level: info + # The level of logging for jobs, can be trace, debug, info, earn, error, fatal + job_level: info + +runner: + # Where to store the registration result. + file: /etc/forgejo-runner/.runner + # Execute how many tasks concurrently at the same time. + capacity: 1 + # Extra environment variables to run jobs. + # envs: + # A_TEST_ENV_NAME_1: a_test_env_value_1 + # A_TEST_ENV_NAME_2: a_test_env_value_2 + # Extra environment variables to run jobs from a file. + # It will be ignored if it's empty or the file doesn't exist. + # env_file: .env + # The timeout for a job to be finished. + # Please note that the Forgejo instance also has a timeout (3h by default) for the job. + # So the job could be stopped by the Forgejo instance if it's timeout is shorter than this. + timeout: 2h + # The timeout for the runner to wait for running jobs to finish when + # shutting down because a TERM or INT signal has been received. Any + # running jobs that haven't finished after this timeout will be + # cancelled. + # If unset or zero the jobs will be cancelled immediately. + shutdown_timeout: 1m + # Whether skip verifying the TLS certificate of the instance. + insecure: false + # The timeout for fetching the job from the Forgejo instance. + fetch_timeout: 5s + # The interval for fetching the job from the Forgejo instance. + fetch_interval: 1m + # The interval for reporting the job status and logs to the Forgejo instance. + report_interval: 1s + # The labels of a runner are used to determine which jobs the runner can run, and how to run them. + # If it's empty when registering, it will ask for inputting labels. + # Remember to delete .runner when you modify this, otherwise the new labels will not get applied! + labels: ["ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-22.04", "alpine:docker://data.forgejo.org/oci/alpine:latest", "alpine-latex:docker://localhost/alpine-latex:latest"] + +cache: + # Enable cache server to use actions/cache. + enabled: true + # The directory to store the cache data. + # If it's empty, the cache data will be stored in $HOME/.cache/actcache. + dir: "/var/cache/forgejo-actions" + # The host of the cache server. + # It's not for the address to listen, but the address to connect from job containers. + # So 0.0.0.0 is a bad choice, leave it empty to detect automatically. + host: "" + # The port of the cache server. + # 0 means to use a random available port. + port: 0 + # The external cache server URL. Valid only when enable is true. + # If it's specified, it will be used to set the ACTIONS_CACHE_URL environment variable. The URL should generally end with "/". + # Otherwise it will be set to the the URL of the internal cache server. + external_server: "" + +container: + # Specifies the network to which the container will connect. + # Could be host, bridge or the name of a custom network. + # If it's empty, create a network automatically. + network: "" + # Whether to create networks with IPv6 enabled. Requires the Docker daemon to be set up accordingly. + # Only takes effect if "network" is set to "". + enable_ipv6: true + # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker). + privileged: false + # And other options to be used when the container is started (eg, --add-host=my.forgejo.url:host-gateway). + options: "--cpus=1 --memory=1g" + # The parent directory of a job's working directory. + # If it's empty, /workspace will be used. + workdir_parent: + # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob + # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted. + # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to: + # valid_volumes: + # - data + # - /src/*.json + # If you want to allow any volume, please use the following configuration: + # valid_volumes: + # - '**' + valid_volumes: [] + # overrides the docker client host with the specified one. + # If "-" or "", an available docker host will automatically be found. + # If "automount", an available docker host will automatically be found and mounted in the job container (e.g. /var/run/docker.sock). + # Otherwise the specified docker host will be used and an error will be returned if it doesn't work. + docker_host: "/var/run/podman/podman.sock" + # Pull docker image(s) even if already present + force_pull: false + # Rebuild local docker image(s) even if already present + force_rebuild: false + +host: + # The parent directory of a job's working directory. + # If it's empty, $HOME/.cache/act/ will be used. + workdir_parent: