gitea-actions: run CI jobs in rootless-podman containers

Switch the act_runners from :host execution to docker:// images backed by a rootless podman socket under the gitea-runner user, so each job runs in its own ephemeral container with per-job Go caches. This eliminates the cross-repo GOMODCACHE/go-build poisoning that forced the debyl runner to capacity:1. - deps.yml: enable the rootless --user podman.socket, ensure subuid/subgid, register gitea_runner_uid; drop the rootful system socket override, podman-docker and host golang - images.yml + Containerfile.ci/.espidf: build localhost/gitea-ci and localhost/gitea-ci-espidf into the runner's rootless image store - config.yaml.j2: docker:// labels (per-runner overridable), docker_host -> rootless socket, force_pull false - act_runner.service.j2: XDG_RUNTIME_DIR + DOCKER_HOST -> user socket - defaults: uniform capacity:4 (drop the debyl capacity:1 workaround); esp_idf_version now tags the espressif/idf-based image - main.yml: import images.yml, drop the host esp-idf install (firmware jobs use the espressif/idf job container instead) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-06 00:16:54 -04:00
parent 72ecc63e17
commit 2640d09cb5
11 changed files with 179 additions and 48 deletions
@@ -0,0 +1,55 @@
+---
+- name: create CI image build directory
+  become: true
+  become_user: "{{ gitea_runner_user }}"
+  ansible.builtin.file:
+    path: "{{ gitea_runner_home }}/ci-images"
+    state: directory
+    mode: "0755"
+  tags: gitea-actions
+
+- name: stage default CI Containerfile
+  become: true
+  become_user: "{{ gitea_runner_user }}"
+  ansible.builtin.template:
+    src: Containerfile.ci
+    dest: "{{ gitea_runner_home }}/ci-images/Containerfile.ci"
+    mode: "0644"
+  register: ci_containerfile
+  tags: gitea-actions
+
+- name: stage ESP-IDF CI Containerfile
+  become: true
+  become_user: "{{ gitea_runner_user }}"
+  ansible.builtin.template:
+    src: Containerfile.espidf.j2
+    dest: "{{ gitea_runner_home }}/ci-images/Containerfile.espidf"
+    mode: "0644"
+  register: espidf_containerfile
+  tags: gitea-actions
+
+- name: build default CI image ({{ gitea_ci_image }})
+  become: true
+  become_user: "{{ gitea_runner_user }}"
+  containers.podman.podman_image:
+    name: "{{ gitea_ci_image }}"
+    path: "{{ gitea_runner_home }}/ci-images"
+    build:
+      file: "{{ gitea_runner_home }}/ci-images/Containerfile.ci"
+    force: "{{ ci_containerfile is changed }}"
+  environment:
+    XDG_RUNTIME_DIR: "/run/user/{{ gitea_runner_uid }}"
+  tags: gitea-actions
+
+- name: build ESP-IDF CI image ({{ gitea_ci_espidf_image }})
+  become: true
+  become_user: "{{ gitea_runner_user }}"
+  containers.podman.podman_image:
+    name: "{{ gitea_ci_espidf_image }}"
+    path: "{{ gitea_runner_home }}/ci-images"
+    build:
+      file: "{{ gitea_runner_home }}/ci-images/Containerfile.espidf"
+    force: "{{ espidf_containerfile is changed }}"
+  environment:
+    XDG_RUNTIME_DIR: "/run/user/{{ gitea_runner_uid }}"
+  tags: gitea-actions