refactoring act-runner-network-stack, added action kubectl-setup

.gitea/workflows/act-runner-network-stack-deploy.yml

@@ -25,7 +25,7 @@ jobs:
         id: push
         uses: docker/build-push-action@v6
         with:
-          context: ${{gitea.workspace}}/docker/act-runner-network-stack
-          file: ${{gitea.workspace}}/docker/act-runner-network-stack/Dockerfile
+          context: ${{gitea.workspace}}/runners/act-runner-network-stack
+          file: ${{gitea.workspace}/runners/act-runner-network-stack/Dockerfile
           push: true
           tags: git.limbosolutions.com/kb/gitea/act_runner:0.2.13-network-stack

README.md

@@ -5,9 +5,9 @@
   - [Gitea dump from docker host](#gitea-dump-from-docker-host)
 - [nginx](#nginx)
 - [act runner](#act-runner)
-  - [custom image - with ansible](#custom-image---with-ansible)
-  - [Official Docker Image](#official-docker-image)
-    - [Docker compose](#docker-compose)
+  - [act runner (Official)](#act-runner-official)
+    - [Docker Compose](#docker-compose)
+  - [custom act runner - gitea/act\_runner:0.2.13-network-stack](#custom-act-runner---giteaact_runner0213-network-stack)
 - [Other References](#other-references)
 
 ## Links
@@ -55,16 +55,9 @@ sudo docker exec -u git -it -w /tmp gitea bash -c '/app/gitea/gitea dump -d post
 
 ## act runner
 
-### custom image - with ansible
+### act runner (Official)
 
-[Docker Image](/kb/-/packages/container/gitea%2Fact-runner_ansible/0.2.11)
-
-[Dockerfile](./docker/act-runner/ansible/Dockerfile)
-
-### Official Docker Image
-
-
-#### Docker compose
+#### Docker Compose
 
 ``` yaml
 ...
@@ -89,9 +82,38 @@ sudo docker exec -u git -it -w /tmp gitea bash -c '/app/gitea/gitea dump -d post
       - GITEA_RUNNER_REGISTRATION_TOKEN=<registration token>
 ```
 
-https://gitea.com/gitea/act_runner/src/branch/main/examples/docker-compose
+### custom act runner - gitea/act_runner:0.2.13-network-stack
+
+
+
+**🚀 Purpose**  
+
+This container equips the Gitea Actions runner with a network‑aware toolchain, making it suitable for continuous deployments in environments where Docker‑in‑Docker or elevated privileges are not available.
+
+- Kubernetes‑friendly: ships with kubectl and supporting utilities so it can interact directly with clusters.
+- No privileged mode required: avoids the need for Docker socket mounts or root escalation.
+- CI/CD ready: includes SSH, Ansible, Node.js, rsync, rclone, and envsubst for orchestration, templating, and asset transfer.
+
+**📦 Installed packages**  
+
+- 🛡️ openssh-client, 🌐 curl, ⚙️ ansible, 🟦 nodejs, 🔄 rclone, 📤 rsync, and 🔧 envsubst via Alpine’s apk package manager
+- 🔑 SSH and curl → remote access and HTTP requests
+- ⚙️ Ansible → configuration management and automation
+- 🟦 Node.js → JavaScript runtime for workflows
+- 🔄 Rclone and rsync → file synchronization and transfer
+- 🔧 envsubst → environment variable substitution in templates
+- ☸️ kubectl → fetches the latest stable Kubernetes CLI directly from Google Cloud Storage
+
+**Docker pull**  
+
+``` bash
+docker pull git.limbosolutions.com/kb/gitea/act_runner:0.2.13-network-stack
+```
+
+[Dockerfile source file.](./runners/act-runner-network-stack/Dockerfile)
 
 ## Other References
 
-- [limbosolutions gitea hosting](https://git.limbosolutions.com) and [git repo](https://git.limbosolutions.com/limbosolutions.com/git.limbosolutions.com)
+- [git.limbosolution.com](https://git.limbosolutions.com)
+- [git.limbosolution.com - repo](https://git.limbosolutions.com/limbosolutions.com/git.limbosolutions.com)
   

actions/kubectl-setup/action.yaml

@@ -0,0 +1,75 @@
+name: Setup kubectl
+description: "Reads kube config from inputs and sets kube config"
+
+inputs:
+  kube_server:
+    description: "Kubernetes server address and port. Example (https://serverip:6443)"
+    required: true
+  kube_ca_base64:
+    description: "Base64-encoded Kubernetes cluster CA certificate"
+    required: true
+  kube_token:
+    description: "Kubernetes ServiceAccount token"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Create kubeconfig
+      shell: bash
+      run: |
+        set -euo pipefail
+
+        # check arguments
+        ERROR=0
+
+        if [ -z "${{ inputs.kube_server }}" ]; then
+          echo "❌ ERROR: kube_server input is empty or not set"
+          $ERROR=1
+        fi
+
+        if [ -z "${{ inputs.kube_ca_base64 }}" ]; then
+          echo "❌ ERROR: kube_ca_base64 input is empty or not set"
+           $ERROR=1
+        fi
+
+        if [ -z "${{ inputs.kube_server }}" ]; then
+          echo "❌ ERROR: kube_token input is empty or not set"
+          $ERROR=1
+        fi
+        
+        if [ "$ERROR" != 0 ]; then
+          echo "❌ ERROR code $ERROR"
+          exit "$ERROR"
+        fi
+        # end check arguments
+
+        # creates kube config
+        mkdir -p "${GITHUB_TEMP}/.kube"
+        cat <<EOF > "${GITHUB_TEMP}/.kube/config"
+        apiVersion: v1
+        kind: Config
+        clusters:
+        - cluster:
+            certificate-authority-data: ${{ inputs.kube_ca_base64 }}
+            server: ${{ inputs.kube_server }}
+          name: cluster
+        contexts:
+        - context:
+            cluster: cluster
+            namespace: default
+            user: user
+          name: context
+        current-context: context
+        users:
+        - name: user
+          user:
+            token: ${{ inputs.kube_token }}
+        EOF
+
+        # sets KUBECONFIG environment variable
+        echo "KUBECONFIG=${GITHUB_TEMP}/.kube/config" >> "${GITHUB_ENV}"
+
+        # tests communication to server (add v argument if debug is required)
+        curl -kv -cacert <(echo "${{ inputs.kube_ca_base64 }}" | base64 -d) -H "Authorization: Bearer ${{ inputs.kube_token }}" ${{ inputs.kube_server }}/version
+

runners/act-runner-network-stack/Dockerfile

@@ -4,7 +4,6 @@ FROM gitea/act_runner:0.2.13
 RUN echo "build started.." && \
 apk add --no-cache openssh-client curl ansible nodejs rclone rsync nodejs envsubst
 
-#download latest stable version of kubectl
 RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
 RUN chmod +x ./kubectl
 RUN mv ./kubectl /usr/local/bin