take oput port 3000

.drone/build.sh

@@ -1,5 +1,6 @@
 sleep 10
 
 docker build gitea \
-  --build-arg REGISTRY=${REGISTRY_DOMAIN}:${REGISTRY_PORT}/${ROOT}/${NAME}/ \
   -t ${REGISTRY_DOMAIN}:${REGISTRY_PORT}/${ROOT}/${NAME}/gitea:$1
+docker build act_runner \
+  -t ${REGISTRY_DOMAIN}:${REGISTRY_PORT}/${ROOT}/${NAME}/act_runner:$1

.drone/deploy.sh

@@ -1,7 +1,4 @@
 export LOCAL_DOCKER_REGISTRY=${REGISTRY_DOMAIN}:${REGISTRY_PORT}/${ROOT}/${NAME}/ \
 && echo $1 \
 && export TAG=$1 \
-&& docker stack rm gitea \
-&& echo 'sleeping...zzz' \
-&& sleep 60 \
 && docker stack deploy -c docker-compose.yml gitea  --with-registry-auth

.drone/drone-home.yml

@@ -16,6 +16,9 @@ steps:
     - drone_build_number
     - drone_repo_name
     - drone_repo_namespace
+    - runner_registration_token
+    - user_runner_registration_token
+    - organisation_runner_registration_token
     - gitea_mailer_host
     - gitea_mailer_from
     - gitea_mailer_user
@@ -32,6 +35,9 @@ steps:
     - "echo \"export GITEA_MAILER_FROM='$${GITEA_MAILER_FROM}'\" >> env-gitea # \"gitea-mailer-from\""
     - "echo \"export GITEA_MAILER_USER='$${GITEA_MAILER_USER}'\" >> env-gitea # \"gitea-mailer-user\""
     - "echo \"export GITEA_APP_NAME='$${GITEA_APP_NAME}'\" >> env-gitea # \"gitea-app-name\""
+    - "echo \"export RUNNER_REGISTRATION_TOKEN='$${RUNNER_REGISTRATION_TOKEN}'\" >> env-gitea # \"runner_registration_token\""
+    - "echo \"export USER_RUNNER_REGISTRATION_TOKEN='$${USER_RUNNER_REGISTRATION_TOKEN}'\" >> env-gitea # \"user_runner_registration_token\""
+    - "echo \"export ORGANISATION_RUNNER_REGISTRATION_TOKEN='$${ORGANISATION_RUNNER_REGISTRATION_TOKEN}'\" >> env-gitea # \"organisation_runner_registration_token\""
     - "echo \"export GITEA_SERVER_LFS_JWT_SECRET='$${GITEA_SERVER_LFS_JWT_SECRET}'\" >> env-gitea # \"gitea-server-lfs-jwt-secret\""
     - "echo \"export GITEA_SECURITY_SECRET_KEY='$${GITEA_SECURITY_SECRET_KEY}'\" >> env-gitea # \"gitea-security-secret-key\""
     - "echo \"export GITEA_SECURITY_INTERNAL_TOKEN='$${GITEA_SECURITY_INTERNAL_TOKEN}'\" >> env-gitea # \"gitea-security-internal-token\""
@@ -59,6 +65,12 @@ steps:
       from_secret: gitea-security-secret-key
     GITEA_SERVER_LFS_JWT_SECRET:
       from_secret: gitea-server-lfs-jwt-secret
+    RUNNER_REGISTRATION_TOKEN:
+      from_secret: runner-registration-token
+    USER_RUNNER_REGISTRATION_TOKEN:
+      from_secret: user-runner-registration-token
+    ORGANISATION_RUNNER_REGISTRATION_TOKEN:
+      from_secret: organisation-runner-registration-token
 
 trigger:
   event:
@@ -76,7 +88,7 @@ platform:
   arch: amd64
 
 steps:
-- name: "build commit"
+- name: "build commit ${DRONE_COMMIT_SHA}"
   image: docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f
   commands:
   - set -e
@@ -90,8 +102,8 @@ steps:
     path: /var/run
   when:
     branch:
-    - action
-- name: "build tag"
+    - actions
+- name: "build tag ${DRONE_TAG}"
   image: docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f
   commands:
   - set -e
@@ -151,10 +163,10 @@ steps:
     - .
     target: /stack/gitea
 
-- name: deploy commit
+- name: deploy commit ${DRONE_COMMIT_SHA}
   when:
     branch:
-    - action
+    - actions
   image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea
   settings:
     envs:
@@ -179,7 +191,13 @@ steps:
     - gitea_oauth2_jwt_secret
     - gitea_mailer_passwd
     - gitea_mailer_protocol
+    - runner_registration_token
+    - user_runner_registration_token
+    - organisation_runner_registration_token
     script:
+    - export ORGANISATION_RUNNER_REGISTRATION_TOKEN=$${ORGANISATION_RUNNER_REGISTRATION_TOKEN}
+    - export USER_RUNNER_REGISTRATION_TOKEN=$${USER_RUNNER_REGISTRATION_TOKEN}
+    - export RUNNER_REGISTRATION_TOKEN=$${RUNNER_REGISTRATION_TOKEN}
     - export GITEA_SERVER_LFS_JWT_SECRET=$${GITEA_SERVER_LFS_JWT_SECRET}
     - export GITEA_SECURITY_SECRET_KEY=$${GITEA_SECURITY_SECRET_KEY}
     - export GITEA_SECURITY_INTERNAL_TOKEN=$${GITEA_SECURITY_INTERNAL_TOKEN}
@@ -200,8 +218,6 @@ steps:
     - export ROOT=stack
     - cd /stack/gitea
     - "n=0\nwhile :\ndo\n  docker login $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/ --username client --password \"$${REGISTRY_PASSWORD}\" \\\\\n    && break  # substitute your command here\n  n=$((n+1))\n      if [ $n -ge 10 ]; then\n      echo \"login failed\"\n      exit 1\n  fi\n  echo \"retrying login..$n\"\n  sleep 5\ndone\n"
-    - printenv
-    - sh .drone/pull.sh ${DRONE_COMMIT_SHA}
     - sh .drone/deploy.sh ${DRONE_COMMIT_SHA}
   environment:
     GITEA_APP_NAME:
@@ -224,7 +240,14 @@ steps:
       from_secret: gitea-security-secret-key
     GITEA_SERVER_LFS_JWT_SECRET:
       from_secret: gitea-server-lfs-jwt-secret
-- name: deploy tag
+    RUNNER_REGISTRATION_TOKEN:
+      from_secret: runner-registration-token
+    USER_RUNNER_REGISTRATION_TOKEN:
+      from_secret: user-runner-registration-token
+    ORGANISATION_RUNNER_REGISTRATION_TOKEN:
+      from_secret: organisation-runner-registration-token
+    
+- name: deploy tag ${DRONE_TAG}
   when:
     event:
     - tag
@@ -242,6 +265,9 @@ steps:
     - registry_domain
     - registry_port
     - registry_password
+    - runner_registration_token
+    - user_runner_registration_token
+    - organisation_runner_registration_token
     - gitea_mailer_host
     - gitea_mailer_from
     - gitea_mailer_user
@@ -253,6 +279,9 @@ steps:
     - gitea_mailer_passwd
     - gitea_mailer_protocol
     script:
+    - export RUNNER_REGISTRATION_TOKEN=$${RUNNER_REGISTRATION_TOKEN}
+    - export USER_RUNNER_REGISTRATION_TOKEN=$${USER_RUNNER_REGISTRATION_TOKEN}
+    - export ORGANISATION_RUNNER_REGISTRATION_TOKEN=$${ORGANISATION_RUNNER_REGISTRATION_TOKEN}
     - export GITEA_SERVER_LFS_JWT_SECRET=$${GITEA_SERVER_LFS_JWT_SECRET}
     - export GITEA_SECURITY_SECRET_KEY=$${GITEA_SECURITY_SECRET_KEY}
     - export GITEA_SECURITY_INTERNAL_TOKEN=$${GITEA_SECURITY_INTERNAL_TOKEN}
@@ -273,8 +302,6 @@ steps:
     - export ROOT=stack
     - cd /stack/gitea
     - "n=0\nwhile :\ndo\n  docker login $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/ --username client --password \"$${REGISTRY_PASSWORD}\" \\\\\n    && break  # substitute your command here\n  n=$((n+1))\n      if [ $n -ge 10 ]; then\n      echo \"login failed\"\n      exit 1\n  fi\n  echo \"retrying login..$n\"\n  sleep 5\ndone\n"
-    - printenv
-    - sh .drone/pull.sh ${DRONE_TAG}
     - sh .drone/deploy.sh ${DRONE_TAG}
   environment:
     GITEA_APP_NAME:
@@ -297,5 +324,12 @@ steps:
       from_secret: gitea-security-secret-key
     GITEA_SERVER_LFS_JWT_SECRET:
       from_secret: gitea-server-lfs-jwt-secret
+    RUNNER_REGISTRATION_TOKEN:
+      from_secret: runner-registration-token
+    USER_RUNNER_REGISTRATION_TOKEN:
+      from_secret: user-runner-registration-token
+    ORGANISATION_RUNNER_REGISTRATION_TOKEN:
+      from_secret: organisation-runner-registration-token
+
 
 ...

.drone/push.sh

@@ -1 +1,2 @@
 docker push ${REGISTRY_DOMAIN}:${REGISTRY_PORT}/${ROOT}/${NAME}/gitea:$1
+docker push ${REGISTRY_DOMAIN}:${REGISTRY_PORT}/${ROOT}/${NAME}/act_runner:$1

.gitea/workflows/learn-github-actions.yml

@@ -0,0 +1,13 @@
+name: learn-github-actions
+run-name: ${{ github.actor }} is learning GitHub Actions
+on: [push]
+jobs:
+  check-bats-version:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: RouxAntoine/checkout@v3.5.4
+      - uses: actions/setup-node@v3
+        with:
+          node-version: '14'
+      - run: npm install -g bats
+      - run: bats -v

act_runner/Dockerfile

@@ -0,0 +1,4 @@
+FROM gitea/act_runner:latest
+COPY config.yaml /
+COPY run.sh /
+ENTRYPOINT ["sh", "/run.sh"]

act_runner/config.yaml

@@ -0,0 +1,90 @@
+# Example configuration file, it's safe to copy this as the default config file without any modification.
+
+# You don't have to copy this file to your instance,
+# just run `./act_runner generate-config > config.yaml` to generate a config file.
+
+log:
+  # The level of logging, can be trace, debug, info, warn, error, fatal
+  level: info
+
+runner:
+  # Where to store the registration result.
+  file: .runner
+  # Execute how many tasks concurrently at the same time.
+  capacity: 1
+  # Extra environment variables to run jobs.
+  envs:
+    A_TEST_ENV_NAME_1: a_test_env_value_1
+    A_TEST_ENV_NAME_2: a_test_env_value_2
+  # Extra environment variables to run jobs from a file.
+  # It will be ignored if it's empty or the file doesn't exist.
+  env_file: .env
+  # The timeout for a job to be finished.
+  # Please note that the Gitea instance also has a timeout (3h by default) for the job.
+  # So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
+  timeout: 3h
+  # Whether skip verifying the TLS certificate of the Gitea instance.
+  insecure: false
+  # The timeout for fetching the job from the Gitea instance.
+  fetch_timeout: 5s
+  # The interval for fetching the job from the Gitea instance.
+  fetch_interval: 2s
+  # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
+  # Like: ["macos-arm64:host", "ubuntu-latest:docker://node:16-bullseye", "ubuntu-22.04:docker://node:16-bullseye"]
+  # If it's empty when registering, it will ask for inputting labels.
+  # If it's empty when execute `deamon`, will use labels in `.runner` file.
+  labels: []
+
+cache:
+  # Enable cache server to use actions/cache.
+  enabled: true
+  # The directory to store the cache data.
+  # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
+  dir: ""
+  # The host of the cache server.
+  # It's not for the address to listen, but the address to connect from job containers.
+  # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
+  host: ""
+  # The port of the cache server.
+  # 0 means to use a random available port.
+  port: 0
+  # The external cache server URL. Valid only when enable is true.
+  # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
+  # The URL should generally end with "/".
+  external_server: ""
+
+container:
+  # Specifies the network to which the container will connect.
+  # Could be host, bridge or the name of a custom network.
+  # If it's empty, act_runner will create a network automatically.
+  network: ""
+  # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
+  privileged: false
+  # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
+  options:
+  # The parent directory of a job's working directory.
+  # If it's empty, /workspace will be used.
+  workdir_parent:
+  # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
+  # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
+  # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
+  # valid_volumes:
+  #   - data
+  #   - /src/*.json
+  # If you want to allow any volume, please use the following configuration:
+  # valid_volumes:
+  #   - '**'
+  valid_volumes: []
+  # overrides the docker client host with the specified one.
+  # If it's empty, act_runner will find an available docker host automatically.
+  # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
+  # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
+  docker_host: ""
+  # Pull docker image(s) even if already present
+  force_pull: false
+
+host:
+  # The parent directory of a job's working directory.
+  # If it's empty, $HOME/.cache/act/ will be used.
+  workdir_parent:
+  

act_runner/run.sh

@@ -0,0 +1,4 @@
+echo "💤410"
+sleep 10
+act_runner register --instance $GITEA_INSTANCE_URL --token $GITEA_RUNNER_REGISTRATION_TOKEN --name $GITEA_RUNNER_NAME --no-interactive
+act_runner daemon

docker-compose.yml

@@ -24,15 +24,65 @@ services:
       - GITEA_MAILER_FROM=$GITEA_MAILER_FROM
       - GITEA_MAILER_PASSWD=$GITEA_MAILER_PASSWD
       - GITEA_MAILER_PROTOCOL=$GITEA_MAILER_PROTOCOL
-
     volumes:
       - gitea-app:/data
-    ports:
-      - 3000:3000
-      - 22:22
     networks:
       - appnet
       - externalnet
+  act-runner:
+    deploy:
+      placement:
+        constraints: [node.labels.com.sigyl.git-stack == yes]
+      replicas: 1
+      restart_policy:
+        condition: any
+    image: ${LOCAL_DOCKER_REGISTRY}act_runner:${TAG}
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    networks:
+      - appnet
+    environment:
+      - CONFIG_FILE=/config.yaml
+      - GITEA_INSTANCE_URL=https://sigyl.com/git/
+      - GITEA_RUNNER_REGISTRATION_TOKEN=$RUNNER_REGISTRATION_TOKEN
+      - GITEA_RUNNER_NAME="giles-test"
+      - GITEA_RUNNER_LABELS=""
+  user-act-runner:
+    deploy:
+      placement:
+        constraints: [node.labels.com.sigyl.git-stack == yes]
+      replicas: 5
+      restart_policy:
+        condition: any
+    image: ${LOCAL_DOCKER_REGISTRY}act_runner:${TAG}
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    networks:
+      - appnet
+    environment:
+      - CONFIG_FILE=/config.yaml
+      - GITEA_INSTANCE_URL=https://sigyl.com/git/
+      - GITEA_RUNNER_REGISTRATION_TOKEN=$USER_RUNNER_REGISTRATION_TOKEN
+      - GITEA_RUNNER_NAME="giles-test"
+      - GITEA_RUNNER_LABELS=""
+  organisation-act-runner:
+    deploy:
+      placement:
+        constraints: [node.labels.com.sigyl.git-stack == yes]
+      replicas: 5
+      restart_policy:
+        condition: any
+    image: ${LOCAL_DOCKER_REGISTRY}act_runner:${TAG}
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    networks:
+      - appnet
+    environment:
+      - CONFIG_FILE=/config.yaml
+      - GITEA_INSTANCE_URL=https://sigyl.com/git/
+      - GITEA_RUNNER_REGISTRATION_TOKEN=$ORGANISATION_RUNNER_REGISTRATION_TOKEN
+      - GITEA_RUNNER_NAME="giles-test"
+      - GITEA_RUNNER_LABELS=""
 volumes:
   gitea-app:
 

gitea/Dockerfile

@@ -1,5 +1,5 @@
 ARG REGISTRY
-FROM gitea/gitea:1.20.5-linux-amd64
+FROM gitea/gitea:1.21.0-rc2
 COPY app.ini /init/
 COPY ./templates /init/templates/
 COPY run.sh /

gitea/app.ini

@@ -2,6 +2,12 @@ APP_NAME = ${GITEA_APP_NAME}
 RUN_MODE = prod
 RUN_USER = git
 
+[actions]
+ENABLED=true
+
+[packages]
+ENABLED = true
+
 [repository]
 ROOT = /data/git/repositories
 ENABLE_PUSH_CREATE_USER = true
@@ -22,11 +28,13 @@ DISABLE_SSH      = false
 SSH_PORT         = 22
 SSH_LISTEN_PORT  = 22
 LFS_START_SERVER = true
-LFS_CONTENT_PATH = /data/git/lfs
 DOMAIN           = ${GITEA_DOMAIN}
 LFS_JWT_SECRET   = ${GITEA_SERVER_LFS_JWT_SECRET}
 OFFLINE_MODE     = false
 
+[lfs]
+PATH = /data/git/lfs
+
 [database]
 PATH     = /data/gitea/gitea.db
 DB_TYPE  = sqlite3
@@ -80,11 +88,11 @@ NO_REPLY_ADDRESS                  = noreply.${GITEA_DOMAIN}
 JWT_SECRET = ${GITEA_OAUTH2_JWT_SECRET}
 
 [mailer]
-ENABLED = true
-HOST    = ${GITEA_MAILER_HOST}
-FROM    = ${GITEA_MAILER_FROM}
-USER    = ${GITEA_MAILER_USER}
-PASSWD  = ${GITEA_MAILER_PASSWD}
+ENABLED   = true
+SMTP_ADDR = ${GITEA_MAILER_HOST}
+FROM      = ${GITEA_MAILER_FROM}
+USER      = ${GITEA_MAILER_USER}
+PASSWD    = ${GITEA_MAILER_PASSWD}
 
 [openid]
 ENABLE_OPENID_SIGNIN = true