bastian/deploy_home
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

gitea-actions: run CI jobs in rootless-podman containers

Browse Source 
Switch the act_runners from :host execution to docker:// images backed by
a rootless podman socket under the gitea-runner user, so each job runs in
its own ephemeral container with per-job Go caches. This eliminates the
cross-repo GOMODCACHE/go-build poisoning that forced the debyl runner to
capacity:1.

- deps.yml: enable the rootless --user podman.socket, ensure subuid/subgid,
  register gitea_runner_uid; drop the rootful system socket override,
  podman-docker and host golang
- images.yml + Containerfile.ci/.espidf: build localhost/gitea-ci and
  localhost/gitea-ci-espidf into the runner's rootless image store
- config.yaml.j2: docker:// labels (per-runner overridable), docker_host
  -> rootless socket, force_pull false
- act_runner.service.j2: XDG_RUNTIME_DIR + DOCKER_HOST -> user socket
- defaults: uniform capacity:4 (drop the debyl capacity:1 workaround);
  esp_idf_version now tags the espressif/idf-based image
- main.yml: import images.yml, drop the host esp-idf install (firmware jobs
  use the espressif/idf job container instead)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Bastian de Byl
2026-06-06 00:16:54 -04:00
parent 72ecc63e17
commit 2640d09cb5
11 changed files with 179 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ansible/roles/gitea-actions/defaults/main.yml
+18 -6
View File
@@ -3,23 +3,35 @@ gitea_runner_user: gitea-runner
gitea_runner_home: /home/gitea-runner
gitea_runner_version: "0.2.13"
gitea_runner_arch: linux-amd64
# Max concurrent jobs per runner. Each job runs in its own ephemeral container
# (docker:// labels backed by rootless podman), so jobs no longer share the
# gitea-runner user's Go caches and can run fully in parallel without corruption.
gitea_runner_capacity: 4
# Multiple Gitea instances to run actions runners for
# Gitea instances to run actions runners for. Override `labels` or `capacity`
# per runner here if needed.
gitea_runners:
- name: debyl
instance_url: https://git.debyl.io
- name: skudak
instance_url: https://git.skudak.com
# Old single-instance format (replaced by gitea_runners list above):
# gitea_instance_url: https://git.debyl.io
# Paths
act_runner_bin: /usr/local/bin/act_runner
act_runner_config_dir: /etc/act_runner
act_runner_work_dir: /var/lib/act_runner
# ESP-IDF configuration
# Job container images (built locally into the gitea-runner rootless image
# store by tasks/images.yml; never pulled — force_pull is false).
gitea_ci_image: localhost/gitea-ci:latest
# ESP-IDF firmware image tag tracks the upstream espressif/idf release we build from.
esp_idf_version: v5.4.1
esp_idf_path: /opt/esp-idf
gitea_ci_espidf_image: "localhost/gitea-ci-espidf:{{ esp_idf_version }}"
# Default labels for every runner — map runs-on values to the local CI image.
# Firmware jobs opt into the ESP-IDF image per-job via `container:` in their workflow.
gitea_runner_labels:
- "fedora:docker://{{ gitea_ci_image }}"
- "ubuntu-latest:docker://{{ gitea_ci_image }}"
- "ubuntu-22.04:docker://{{ gitea_ci_image }}"