From ce26f9df928b3622c0ff39a7439f8da14afc87fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= Date: Sat, 22 Nov 2025 13:11:53 +0000 Subject: [PATCH] refactoring act-runner-network-stack, added action kubectl-setup --- ...ml => act-runner-network-stack-deploy.yml} | 4 +- README.md | 50 +++++++++---- actions/kubectl-setup/action.yaml | 75 +++++++++++++++++++ .../act-runner-network-stack/Dockerfile | 1 - 4 files changed, 113 insertions(+), 17 deletions(-) rename .gitea/workflows/{act-runner.docker.deploy.yml => act-runner-network-stack-deploy.yml} (84%) create mode 100644 actions/kubectl-setup/action.yaml rename {docker => runners}/act-runner-network-stack/Dockerfile (89%) diff --git a/.gitea/workflows/act-runner.docker.deploy.yml b/.gitea/workflows/act-runner-network-stack-deploy.yml similarity index 84% rename from .gitea/workflows/act-runner.docker.deploy.yml rename to .gitea/workflows/act-runner-network-stack-deploy.yml index 5ce717c..4bd9e06 100644 --- a/.gitea/workflows/act-runner.docker.deploy.yml +++ b/.gitea/workflows/act-runner-network-stack-deploy.yml @@ -25,7 +25,7 @@ jobs: id: push uses: docker/build-push-action@v6 with: - context: ${{gitea.workspace}}/docker/act-runner-network-stack - file: ${{gitea.workspace}}/docker/act-runner-network-stack/Dockerfile + context: ${{gitea.workspace}}/runners/act-runner-network-stack + file: ${{gitea.workspace}/runners/act-runner-network-stack/Dockerfile push: true tags: git.limbosolutions.com/kb/gitea/act_runner:0.2.13-network-stack \ No newline at end of file diff --git a/README.md b/README.md index eef98e7..967711c 100644 --- a/README.md +++ b/README.md @@ -5,9 +5,9 @@ - [Gitea dump from docker host](#gitea-dump-from-docker-host) - [nginx](#nginx) - [act runner](#act-runner) - - [custom image - with ansible](#custom-image---with-ansible) - - [Official Docker Image](#official-docker-image) - - [Docker compose](#docker-compose) + - [act runner (Official)](#act-runner-official) + - [Docker Compose](#docker-compose) + - [custom act runner - gitea/act\_runner:0.2.13-network-stack](#custom-act-runner---giteaact_runner0213-network-stack) - [Other References](#other-references) ## Links @@ -55,16 +55,9 @@ sudo docker exec -u git -it -w /tmp gitea bash -c '/app/gitea/gitea dump -d post ## act runner -### custom image - with ansible +### act runner (Official) -[Docker Image](/kb/-/packages/container/gitea%2Fact-runner_ansible/0.2.11) - -[Dockerfile](./docker/act-runner/ansible/Dockerfile) - -### Official Docker Image - - -#### Docker compose +#### Docker Compose ``` yaml ... @@ -89,9 +82,38 @@ sudo docker exec -u git -it -w /tmp gitea bash -c '/app/gitea/gitea dump -d post - GITEA_RUNNER_REGISTRATION_TOKEN= ``` -https://gitea.com/gitea/act_runner/src/branch/main/examples/docker-compose +### custom act runner - gitea/act_runner:0.2.13-network-stack + + + +**🚀 Purpose** + +This container equips the Gitea Actions runner with a network‑aware toolchain, making it suitable for continuous deployments in environments where Docker‑in‑Docker or elevated privileges are not available. + +- Kubernetes‑friendly: ships with kubectl and supporting utilities so it can interact directly with clusters. +- No privileged mode required: avoids the need for Docker socket mounts or root escalation. +- CI/CD ready: includes SSH, Ansible, Node.js, rsync, rclone, and envsubst for orchestration, templating, and asset transfer. + +**📦 Installed packages** + +- 🛡️ openssh-client, 🌐 curl, ⚙️ ansible, 🟦 nodejs, 🔄 rclone, 📤 rsync, and 🔧 envsubst via Alpine’s apk package manager +- 🔑 SSH and curl → remote access and HTTP requests +- ⚙️ Ansible → configuration management and automation +- 🟦 Node.js → JavaScript runtime for workflows +- 🔄 Rclone and rsync → file synchronization and transfer +- 🔧 envsubst → environment variable substitution in templates +- ☸️ kubectl → fetches the latest stable Kubernetes CLI directly from Google Cloud Storage + +**Docker pull** + +``` bash +docker pull git.limbosolutions.com/kb/gitea/act_runner:0.2.13-network-stack +``` + +[Dockerfile source file.](./runners/act-runner-network-stack/Dockerfile) ## Other References -- [limbosolutions gitea hosting](https://git.limbosolutions.com) and [git repo](https://git.limbosolutions.com/limbosolutions.com/git.limbosolutions.com) +- [git.limbosolution.com](https://git.limbosolutions.com) +- [git.limbosolution.com - repo](https://git.limbosolutions.com/limbosolutions.com/git.limbosolutions.com) \ No newline at end of file diff --git a/actions/kubectl-setup/action.yaml b/actions/kubectl-setup/action.yaml new file mode 100644 index 0000000..2dfb18c --- /dev/null +++ b/actions/kubectl-setup/action.yaml @@ -0,0 +1,75 @@ +name: Setup kubectl +description: "Reads kube config from inputs and sets kube config" + +inputs: + kube_server: + description: "Kubernetes server address and port. Example (https://serverip:6443)" + required: true + kube_ca_base64: + description: "Base64-encoded Kubernetes cluster CA certificate" + required: true + kube_token: + description: "Kubernetes ServiceAccount token" + required: true + +runs: + using: "composite" + steps: + - name: Create kubeconfig + shell: bash + run: | + set -euo pipefail + + # check arguments + ERROR=0 + + if [ -z "${{ inputs.kube_server }}" ]; then + echo "❌ ERROR: kube_server input is empty or not set" + $ERROR=1 + fi + + if [ -z "${{ inputs.kube_ca_base64 }}" ]; then + echo "❌ ERROR: kube_ca_base64 input is empty or not set" + $ERROR=1 + fi + + if [ -z "${{ inputs.kube_server }}" ]; then + echo "❌ ERROR: kube_token input is empty or not set" + $ERROR=1 + fi + + if [ "$ERROR" != 0 ]; then + echo "❌ ERROR code $ERROR" + exit "$ERROR" + fi + # end check arguments + + # creates kube config + mkdir -p "${GITHUB_TEMP}/.kube" + cat < "${GITHUB_TEMP}/.kube/config" + apiVersion: v1 + kind: Config + clusters: + - cluster: + certificate-authority-data: ${{ inputs.kube_ca_base64 }} + server: ${{ inputs.kube_server }} + name: cluster + contexts: + - context: + cluster: cluster + namespace: default + user: user + name: context + current-context: context + users: + - name: user + user: + token: ${{ inputs.kube_token }} + EOF + + # sets KUBECONFIG environment variable + echo "KUBECONFIG=${GITHUB_TEMP}/.kube/config" >> "${GITHUB_ENV}" + + # tests communication to server (add v argument if debug is required) + curl -kv -cacert <(echo "${{ inputs.kube_ca_base64 }}" | base64 -d) -H "Authorization: Bearer ${{ inputs.kube_token }}" ${{ inputs.kube_server }}/version + diff --git a/docker/act-runner-network-stack/Dockerfile b/runners/act-runner-network-stack/Dockerfile similarity index 89% rename from docker/act-runner-network-stack/Dockerfile rename to runners/act-runner-network-stack/Dockerfile index 2297460..ef917c1 100644 --- a/docker/act-runner-network-stack/Dockerfile +++ b/runners/act-runner-network-stack/Dockerfile @@ -4,7 +4,6 @@ FROM gitea/act_runner:0.2.13 RUN echo "build started.." && \ apk add --no-cache openssh-client curl ansible nodejs rclone rsync nodejs envsubst -#download latest stable version of kubectl RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl RUN chmod +x ./kubectl RUN mv ./kubectl /usr/local/bin