Erich Blume
8ca8798121
All checks were successful
Test CI / test (push) Successful in 4s
## Summary - Replace Docker with Buildah for container image builds - No Docker socket required - buildah is daemonless - Cleaner security model (no privileged containers or socket mounting) - Remove Docker-related security context from deployment ## Changes - Update Dockerfile to install buildah/podman instead of docker-cli - Configure buildah storage with overlay driver and fuse-overlayfs - Update composite action to use `buildah bud` and `buildah push` - Add `imagePullPolicy: Always` to ensure fresh image pulls - Update test workflow to verify buildah/podman ## Testing - [ ] Runner pod starts successfully - [ ] Buildah is available in runner - [ ] Test workflow verifies buildah/podman versions - [ ] Container build workflow builds and pushes to zot 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.tail8d86e.ts.net/eblume/blumeops/pulls/51
57 lines
1.8 KiB
YAML
57 lines
1.8 KiB
YAML
---
|
|
# Forgejo Runner - host execution mode
|
|
#
|
|
# The runner daemon runs directly on indri using a locally compiled binary.
|
|
# Jobs execute on the host, reaching Forgejo at localhost:3001.
|
|
|
|
- name: Ensure forgejo-runner directories exist
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
mode: '0755'
|
|
loop:
|
|
- "{{ forgejo_runner_data_dir }}"
|
|
- "{{ forgejo_runner_config_dir }}"
|
|
|
|
- name: Deploy forgejo-runner config
|
|
ansible.builtin.template:
|
|
src: config.yaml.j2
|
|
dest: "{{ forgejo_runner_config_dir }}/config.yaml"
|
|
mode: '0644'
|
|
notify: Restart forgejo-runner
|
|
|
|
- name: Check if runner is registered
|
|
ansible.builtin.stat:
|
|
path: "{{ forgejo_runner_data_dir }}/.runner"
|
|
register: forgejo_runner_registered
|
|
|
|
- name: Register runner with Forgejo
|
|
ansible.builtin.command:
|
|
cmd: >
|
|
{{ forgejo_runner_binary }} register
|
|
--instance "{{ forgejo_runner_instance_url }}"
|
|
--token "{{ forgejo_runner_token }}"
|
|
--name "{{ forgejo_runner_name }}"
|
|
--labels "{{ forgejo_runner_labels }}"
|
|
--no-interactive
|
|
chdir: "{{ forgejo_runner_data_dir }}"
|
|
when: not forgejo_runner_registered.stat.exists
|
|
changed_when: true
|
|
|
|
- name: Deploy forgejo-runner launchd plist
|
|
ansible.builtin.template:
|
|
src: forgejo-runner.plist.j2
|
|
dest: ~/Library/LaunchAgents/mcquack.forgejo-runner.plist
|
|
mode: '0644'
|
|
notify: Restart forgejo-runner
|
|
|
|
- name: Check if forgejo-runner is loaded
|
|
ansible.builtin.command: launchctl list mcquack.forgejo-runner
|
|
register: forgejo_runner_launchctl_check
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Load forgejo-runner if not loaded
|
|
ansible.builtin.command: launchctl load ~/Library/LaunchAgents/mcquack.forgejo-runner.plist
|
|
when: forgejo_runner_launchctl_check.rc != 0
|
|
changed_when: true
|