From 702449acc1b3faa12f812ff002f85d5142773abf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Tue, 28 Mar 2023 19:36:30 +0200 Subject: [PATCH 1/2] Upgrade Gitea to 1.19.0, enable Actions --- nodes/gitea-2.json | 12 +++++++----- roles/gitea.rb | 1 - site-cookbooks/kosmos_gitea/attributes/default.rb | 7 +++++-- .../kosmos_gitea/templates/default/app.ini.erb | 5 +++++ 4 files changed, 17 insertions(+), 8 deletions(-) diff --git a/nodes/gitea-2.json b/nodes/gitea-2.json index f386f88..de5e0c7 100644 --- a/nodes/gitea-2.json +++ b/nodes/gitea-2.json @@ -13,7 +13,9 @@ "hostname": "gitea-2", "ipaddress": "192.168.122.189", "roles": [ + "base", "kvm_guest", + "ldap_client", "garage_gateway", "gitea", "postgresql_client" @@ -22,12 +24,13 @@ "kosmos-base", "kosmos-base::default", "kosmos_kvm::guest", + "kosmos-dirsrv::hostsfile", "kosmos_garage", "kosmos_garage::default", + "kosmos_garage::firewall_rpc", "kosmos_postgresql::hostsfile", "kosmos_gitea", "kosmos_gitea::default", - "kosmos_gitea::backup", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -42,9 +45,8 @@ "postfix::_attributes", "postfix::sasl_auth", "hostname::default", - "kosmos-dirsrv::hostsfile", - "backup::default", - "logrotate::default" + "firewall::default", + "chef-sugar::default" ], "platform": "ubuntu", "platform_version": "20.04", @@ -68,4 +70,4 @@ "role[garage_gateway]", "role[gitea]" ] -} +} \ No newline at end of file diff --git a/roles/gitea.rb b/roles/gitea.rb index 5f7fd2a..a9f7208 100644 --- a/roles/gitea.rb +++ b/roles/gitea.rb @@ -3,5 +3,4 @@ name "gitea" run_list %w( role[postgresql_client] kosmos_gitea::default - kosmos_gitea::backup ) diff --git a/site-cookbooks/kosmos_gitea/attributes/default.rb b/site-cookbooks/kosmos_gitea/attributes/default.rb index bcede60..32f5918 100644 --- a/site-cookbooks/kosmos_gitea/attributes/default.rb +++ b/site-cookbooks/kosmos_gitea/attributes/default.rb @@ -1,13 +1,16 @@ -gitea_version = "1.18.0" +gitea_version = "1.19.0" node.default["gitea"]["version"] = gitea_version node.default["gitea"]["binary_url"] = "https://dl.gitea.io/gitea/#{gitea_version}/gitea-#{gitea_version}-linux-amd64" -node.default["gitea"]["binary_checksum"] = "b45b715d519a97086208c6b42528d291dd1c4dfdf40321dc940030e1cf3de6e6" +node.default["gitea"]["binary_checksum"] = "51e8d46a2634e5b5f4266eee8ca4689b5932caf692f23d06cbe5d2eaffe56079" node.default["gitea"]["working_directory"] = "/var/lib/gitea" node.default["gitea"]["port"] = 3000 node.default["gitea"]["postgresql_host"] = "localhost:5432" node.default["gitea"]["nginx"]["domain"] = "gitea.kosmos.org" node.default["gitea"]["config"] = { + "actions": { + "enabled": true + }, "webhook": { "allowed_host_list" => "external,127.0.1.1" } diff --git a/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb b/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb index 5740f57..e676409 100644 --- a/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb +++ b/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb @@ -107,3 +107,8 @@ MINIO_LOCATION=<%= c["location"] %> MINIO_USE_SSL=<%= c["use_ssl"] %> <% end %> <% end %> + +<% if @config["actions"]["enabled"] %> +[actions] +ENABLED = true +<% end %> From 059812524ed21be7de692d5c1d497b7695f953f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Sat, 1 Apr 2023 12:56:21 +0200 Subject: [PATCH 2/2] Set up Gitea Actions runners --- data_bags/credentials/gitea.json | 49 +++++----- nodes/gitea-2.json | 7 +- roles/gitea_actions_runner.rb | 5 ++ .../kosmos_gitea/attributes/default.rb | 3 + .../kosmos_gitea/recipes/act_runner.rb | 89 +++++++++++++++++++ 5 files changed, 130 insertions(+), 23 deletions(-) create mode 100644 roles/gitea_actions_runner.rb create mode 100644 site-cookbooks/kosmos_gitea/recipes/act_runner.rb diff --git a/data_bags/credentials/gitea.json b/data_bags/credentials/gitea.json index f976777..54d2324 100644 --- a/data_bags/credentials/gitea.json +++ b/data_bags/credentials/gitea.json @@ -1,51 +1,58 @@ { "id": "gitea", "jwt_secret": { - "encrypted_data": "suy7Vwlg7tyJFBSjlnNRv7qR4jp1o9F0TbwxGcwWqbCpQW2NHl9QS1SCXJml\n4UbKklppjp+7Axvvs7YiOX8=\n", - "iv": "ojZAtLDxV6569XHN\n", - "auth_tag": "j15eLXjGMIIsXh5dHET/lw==\n", + "encrypted_data": "HHKq1HcxV9uC0aBdkn2AAA9C3dn2o8DnL2uDtZBf+epGC8sOko6/BSvsm8wV\nuG7yVmeFajgyCePSv4M8Or8=\n", + "iv": "raypiojdRL+DkiDa\n", + "auth_tag": "JZmWJyLTHNHAHNufRizL+w==\n", "version": 3, "cipher": "aes-256-gcm" }, "internal_token": { - "encrypted_data": "y7VG9w8Gz/jxgz86p/OtpVvJBYjD6yGOPhCM3SEPlbQF/gqI8VuTkJlUQLFB\nrsPiCcjjynuTPJPLvdkVUu1XjOfp5dtbPDc0hqp8KhvBx4DhnH7Mspp/kWfb\n9DWzJ6zeGBB/nrNay0jTV1MoqzKc3Nl0GSkzBLMbr15vVw==\n", - "iv": "wcx+w1Ij5Dee/81s\n", - "auth_tag": "C7QMXezMU+jcYZAjlm86rg==\n", + "encrypted_data": "VFez8gOv5hnpBkURlufdPHvfQsL+lFlL8M9vywgKEi4XrXcNlDvoKKqdtSMv\nxGuoKqF/4NFcl2X3JRwp1j5iut+Jdg5CpnVVQLWKHc022LjD7K9nRsdmiD9Q\nLsLnU1Trzqg8VZS2ryqdjI4elkgoc15lmXwJvTNgRUzDqw==\n", + "iv": "q7H4q7kBfRt4floS\n", + "auth_tag": "vyd4ZwVxeFTTfvjI4k5irQ==\n", "version": 3, "cipher": "aes-256-gcm" }, "secret_key": { - "encrypted_data": "4DGRaIbqqa5oCzFwNUjRPcP+uauWidjWwmBZY0BNyI3c/XmQBEb8wGV9Leoc\n3avqM5jhS/Ov43SBMpCrR71x4eAPJ3vlSeQ3GnpkgFyWfolmbEg=\n", - "iv": "SOTJFH8JkBNtPKyF\n", - "auth_tag": "fYSfkMMvGnPdiBOP7NnP8Q==\n", + "encrypted_data": "7tD4E/5AuxxmNdu4arWj/BBNTUv6JX+m2ITbcLfE+VE2WacsCZUEyi1d1v0B\nyujQ9bljJn3z0zV4PxKFJILKjQb35PSiA8b86X/75Y1B9Gl64ds=\n", + "iv": "gE2O5aN+Nea6VXi7\n", + "auth_tag": "3+EmAUgBBDyChRBHsUtLig==\n", "version": 3, "cipher": "aes-256-gcm" }, "postgresql_password": { - "encrypted_data": "tA/mMteX2aO7dozNe/YWB8S9sVDdUgzKDnAdgnsXF5qTVT0slHe3KRg7og==\n", - "iv": "3/rdo8uCdhrFOWOf\n", - "auth_tag": "uNl4R3T5ylEBgAM8P6fdYA==\n", + "encrypted_data": "mWN2sTOjZ1EPUH/KAJ8owoPM7v/+IfIHEPACN7gFDrqG8dWGjfiu+fvILw==\n", + "iv": "ldm57dVSdiPnk5l3\n", + "auth_tag": "D+r/0obCYWx53vIeUDPGMQ==\n", "version": 3, "cipher": "aes-256-gcm" }, "s3_key_id": { - "encrypted_data": "Pjaw1MM+GNZN68XDbM+PGJUwSSXwu1+ASgm4S0VZ3MvylVG3uBPdqdDUZ9g8\n", - "iv": "mPL4HvodGKMD+30N\n", - "auth_tag": "nrej5vDLEzAI9HkKJxa/mQ==\n", + "encrypted_data": "AvlsAInGyPMvHle5YZT3EHMTG89PggqmFaddvHSQLEkvI2EycktxJ/btjGOP\n", + "iv": "qGkILPp5EWc21wwa\n", + "auth_tag": "eIpCgZAnWZR7nlllj+IXMQ==\n", "version": 3, "cipher": "aes-256-gcm" }, "s3_secret_key": { - "encrypted_data": "yBWAUGyyoetZ8EDD+kVffGDQbFPVXxpiWCdWL5xn3ohlclrrcWBQP/cGj2Ts\nlSZ2l4ZIuHX6ZdAHe5O2C1h5nYVtWx+u5kVa9n6EoUbz/6iseHU=\n", - "iv": "jmIdQZVMCLLKs1pi\n", - "auth_tag": "0Jvgjuvhv11/QNV43zm1LQ==\n", + "encrypted_data": "TAo4ViF7cL+ibIuHM77irZW08ilD46S8N5BV91gc2wegvHpHqLHw5zrsDxfu\nDiJHGUfjge/NBOGN5VSKKC0nFfMJ4sLPxVSiKyON4RMBSuzSqmo=\n", + "iv": "tjK8XdaCZOdLUHyo\n", + "auth_tag": "Qu1z6e1/4gPIyaCwBjaWsw==\n", "version": 3, "cipher": "aes-256-gcm" }, "s3_bucket": { - "encrypted_data": "MyR5WhJMGfu+StFPVt3wSzVSNsHnEiLfzKXm2xJeb/cEQVw=\n", - "iv": "CHmMCjdVzw+qKHIV\n", - "auth_tag": "tiQegK0hQfCjcgRxg1G8Rg==\n", + "encrypted_data": "NTp9+KyzlblporEwM7SEwoClXu5cI10SfVrJ/uywcf/x2l8=\n", + "iv": "TFTeQ8yKUhblmrFK\n", + "auth_tag": "L9nrXEeJhxcLO4YgGk4zpg==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "runners": { + "encrypted_data": "yTCk4/hqw/4vEaXobdYU4vZRxErNp0GX4qDMuHwdr7UOQk2qQ8O8j44njPv2\ncKcIm6CQiip+GRuvl6+zETd8gctC0W14n5Rfep4zQbMp/BW3ypGambVk6z1m\nRnT4dMEl32rwcXG8c3w+vAFpx8smrK5iyy4ca0ZijC+eeysk4OAwn0XkvQuV\nB1Jy9CmVm9xiZ6sXaiU13tTry8A=\n", + "iv": "+biM/42g5doJNOax\n", + "auth_tag": "WwNgd6aqm26GcekYVOeBDQ==\n", "version": 3, "cipher": "aes-256-gcm" } diff --git a/nodes/gitea-2.json b/nodes/gitea-2.json index de5e0c7..c654795 100644 --- a/nodes/gitea-2.json +++ b/nodes/gitea-2.json @@ -18,7 +18,8 @@ "ldap_client", "garage_gateway", "gitea", - "postgresql_client" + "postgresql_client", + "gitea_actions_runner" ], "recipes": [ "kosmos-base", @@ -31,6 +32,7 @@ "kosmos_postgresql::hostsfile", "kosmos_gitea", "kosmos_gitea::default", + "kosmos_gitea::act_runner", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -68,6 +70,7 @@ "role[kvm_guest]", "role[ldap_client]", "role[garage_gateway]", - "role[gitea]" + "role[gitea]", + "role[gitea_actions_runner]" ] } \ No newline at end of file diff --git a/roles/gitea_actions_runner.rb b/roles/gitea_actions_runner.rb new file mode 100644 index 0000000..5a1f73f --- /dev/null +++ b/roles/gitea_actions_runner.rb @@ -0,0 +1,5 @@ +name "gitea_actions_runner" + +run_list %w( + kosmos_gitea::act_runner +) diff --git a/site-cookbooks/kosmos_gitea/attributes/default.rb b/site-cookbooks/kosmos_gitea/attributes/default.rb index 32f5918..900ab52 100644 --- a/site-cookbooks/kosmos_gitea/attributes/default.rb +++ b/site-cookbooks/kosmos_gitea/attributes/default.rb @@ -15,3 +15,6 @@ node.default["gitea"]["config"] = { "allowed_host_list" => "external,127.0.1.1" } } + +node.default["gitea"]["act_runner"]["download_url"] = "https://dl.gitea.com/act_runner/main/act_runner-main-linux-amd64" +node.default["gitea"]["act_runner"]["checksum"] = "577ec7c64e7458b1e97cbe61d02da1ba1f4ddf24281b175f24f65101e72c000c" diff --git a/site-cookbooks/kosmos_gitea/recipes/act_runner.rb b/site-cookbooks/kosmos_gitea/recipes/act_runner.rb new file mode 100644 index 0000000..46c4158 --- /dev/null +++ b/site-cookbooks/kosmos_gitea/recipes/act_runner.rb @@ -0,0 +1,89 @@ +# +# Cookbook:: kosmos_gitea +# Recipe:: act_runner +# + +working_directory = node["gitea"]["working_directory"] +gitea_credentials = data_bag_item("credentials", "gitea") +runners = gitea_credentials["runners"] + +begin + gitea_host = search(:node, "role:gitea").first["knife_zero"]["host"] +rescue + Chef::Log.warn('No server with "gitea" role. Stopping here.') + return +end + +apt_repository 'docker' do + uri 'https://download.docker.com/linux/ubuntu' + key 'https://download.docker.com/linux/ubuntu/gpg' + components ['stable'] +end + +%w[ + docker-ce + docker-ce-cli + containerd.io + docker-buildx-plugin +].each do |apt_pkg| + package apt_pkg +end + +remote_file "/usr/local/bin/act_runner" do + source node["gitea"]["act_runner"]["download_url"] + checksum node["gitea"]["act_runner"]["checksum"] + mode "0750" +end + +directory "#{working_directory}/runners" do + mode "0700" +end + +runners.each do |runner| + runner_name = "gitea-runner-#{runner["org"]}" + runner_dir = "#{working_directory}/runners/#{runner["org"]}" + + directory runner_dir do + mode "0700" + end + + bash "register_#{runner["org"]}_runner" do + cwd runner_dir + code <<-EOF +act_runner register \ + --no-interactive \ + --instance http://#{gitea_host}:#{node["gitea"]["port"]} \ + --name #{runner_name} \ + --token #{runner["token"]} + EOF + not_if { File.exist?("#{runner_dir}/.runner") } + end + + systemd_unit "#{runner_name}.service" do + content({ + Unit: { + Description: "Gitea Actions Runner for '#{runner["org"]}' org", + Documentation: ["https://gitea.com/gitea/act_runner"], + Requires: "gitea.service", + After: "syslog.target network.target" + }, + Service: { + Type: "simple", + WorkingDirectory: runner_dir, + Environment: "HOME=/root", + ExecStart: "/usr/local/bin/act_runner daemon", + Restart: "always", + }, + Install: { + WantedBy: "multi-user.target" + } + }) + verify false + triggers_reload true + action [:create] + end + + service runner_name do + action [:enable, :start] + end +end