modified: acts/network-stack/Dockerfile

new file:   cloud-scripts/setup-limbo-actions.sh

.gitea/actions/kubectl-setup/action.yaml

@@ -0,0 +1,78 @@
+name: Setup kubectl
+description: "Reads kube config from inputs and sets kube config"
+
+inputs:
+  kube_server:
+    description: "Kubernetes server address and port. Example (https://serverip:6443)"
+    required: true
+  kube_ca_base64:
+    description: "Base64-encoded Kubernetes cluster CA certificate"
+    required: true
+  kube_token:
+    description: "Kubernetes ServiceAccount token"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Create kubeconfig
+      shell: bash
+      run: |
+        set -euo pipefail
+
+        # check arguments
+        ERROR=0
+
+        if [ -z "${{ inputs.kube_server }}" ]; then
+          echo "❌ ERROR: kube_server input is empty or not set"
+          $ERROR=1
+        fi
+
+        if [ -z "${{ inputs.kube_ca_base64 }}" ]; then
+          echo "❌ ERROR: kube_ca_base64 input is empty or not set"
+           $ERROR=1
+        fi
+
+        if [ -z "${{ inputs.kube_server }}" ]; then
+          echo "❌ ERROR: kube_token input is empty or not set"
+          $ERROR=1
+        fi
+        
+        if [ "$ERROR" != 0 ]; then
+          exit "$ERROR"
+        fi
+        # end check arguments
+
+        # creates kube config
+        mkdir -p "${GITHUB_TEMP}/.kube"
+        cat <<EOF > "${GITHUB_TEMP}/.kube/config"
+        apiVersion: v1
+        kind: Config
+        clusters:
+        - cluster:
+            certificate-authority-data: ${{ inputs.kube_ca_base64 }}
+            server: ${{ inputs.kube_server }}
+          name: cluster
+        contexts:
+        - context:
+            cluster: cluster
+            namespace: default
+            user: user
+          name: context
+        current-context: context
+        users:
+        - name: user
+          user:
+            token: ${{ inputs.kube_token }}
+        EOF
+
+        # sets KUBECONFIG environment variable
+        echo "KUBECONFIG=${GITHUB_TEMP}/.kube/config" >> "${GITHUB_ENV}"
+
+        # tests communication to server (add v argument if debug is required)
+        # -k - allow insecure cert
+        # -s - silent
+        # -S - output errors
+        # -v - verbose
+        # curl -ksS -cacert <(echo "${{ inputs.kube_ca_base64 }}" | base64 -d) -H "Authorization: Bearer ${{ inputs.kube_token }}" ${{ inputs.kube_server }}/version
+

.gitea/workflows/act-network-stack-deploy.yml

@@ -0,0 +1,31 @@
+on: 
+  push:
+    branches:
+      - main
+  schedule:
+    - cron: '@weekly' # once per week
+
+jobs:
+  build-docker-image:
+    runs-on: ubuntu-latest
+ 
+    steps:
+ 
+      - name: Checkout code
+        uses: actions/checkout@v2
+   
+      - name: Log in to git.limbosolutions.com docker registry
+        uses: docker/login-action@v3
+        with:
+          registry: git.limbosolutions.com
+          username: ${{ secrets.GITLIMBO_DOCKER_REGISTRY_USERNAME }}
+          password: ${{ secrets.GITLIMBO_DOCKER_REGISTRY_PASSWORD }}
+
+      - name: Build and push Docker Image
+        id: push
+        uses: docker/build-push-action@v6
+        with:
+          context: ${{gitea.workspace}}/acts/network-stack
+          file: ${{gitea.workspace}}/acts/network-stack/Dockerfile
+          push: true
+          tags: git.limbosolutions.com/kb/gitea/act:latest-network-stack

.gitea/workflows/act-runner-network-stack-deploy.yml

@@ -25,7 +25,7 @@ jobs:
         id: push
         uses: docker/build-push-action@v6
         with:
-          context: ${{gitea.workspace}}/docker/act-runner_ansible
-          file: ${{gitea.workspace}}/docker/act-runner_ansible/Dockerfile
+          context: ${{gitea.workspace}}/act-runners/network-stack
+          file: ${{gitea.workspace}}/act-runners/network-stack/Dockerfile
           push: true
           tags: git.limbosolutions.com/kb/gitea/act_runner:0.2.13-network-stack

README.md

@@ -5,9 +5,10 @@
   - [Gitea dump from docker host](#gitea-dump-from-docker-host)
 - [nginx](#nginx)
 - [act runner](#act-runner)
-  - [custom image - with ansible](#custom-image---with-ansible)
-  - [Official Docker Image](#official-docker-image)
-    - [Docker compose](#docker-compose)
+  - [act runner (Official)](#act-runner-official)
+    - [Docker Compose](#docker-compose)
+  - [custom act runner - network-stack](#custom-act-runner---network-stack)
+- [workflows - actions](#workflows---actions)
 - [Other References](#other-references)
 
 ## Links
@@ -55,16 +56,9 @@ sudo docker exec -u git -it -w /tmp gitea bash -c '/app/gitea/gitea dump -d post
 
 ## act runner
 
-### custom image - with ansible
+### act runner (Official)
 
-[Docker Image](/kb/-/packages/container/gitea%2Fact-runner_ansible/0.2.11)
-
-[Dockerfile](./docker/act-runner/ansible/Dockerfile)
-
-### Official Docker Image
-
-
-#### Docker compose
+#### Docker Compose
 
 ``` yaml
 ...
@@ -89,9 +83,89 @@ sudo docker exec -u git -it -w /tmp gitea bash -c '/app/gitea/gitea dump -d post
       - GITEA_RUNNER_REGISTRATION_TOKEN=<registration token>
 ```
 
-https://gitea.com/gitea/act_runner/src/branch/main/examples/docker-compose
+### custom act runner - network-stack
+
+**🚀 Purpose**  
+
+This container equips the Gitea Actions runner with a network‑aware toolchain, making it suitable for continuous deployments in environments where Docker‑in‑Docker or elevated privileges are not available.
+
+- Kubernetes‑friendly: ships with kubectl and supporting utilities so it can interact directly with clusters.
+- No privileged mode required: avoids the need for Docker socket mounts or root escalation.
+- CI/CD ready: includes SSH, Ansible, Node.js, rsync, rclone, and envsubst for orchestration, templating, and asset transfer.
+
+**📦 Installed packages**  
+
+- 🛡️ openssh-client, 🌐 curl, ⚙️ ansible, 🟦 nodejs, 🔄 rclone, 📤 rsync, and 🔧 envsubst via Alpine’s apk package manager
+- 🔑 SSH and curl → remote access and HTTP requests
+- ⚙️ Ansible → configuration management and automation
+- 🟦 Node.js → JavaScript runtime for workflows
+- 🔄 Rclone and rsync → file synchronization and transfer
+- 🔧 envsubst → environment variable substitution in templates
+- ☸️ kubectl → fetches the latest stable Kubernetes CLI directly from Google Cloud Storage
+
+**Docker pull**  
+
+``` bash
+docker pull git.limbosolutions.com/kb/gitea/act_runner:0.2.13-network-stack
+```
+
+[Dockerfile source file.](./runners/act-runner-network-stack/Dockerfile)
+
+## workflows - actions
+
+**limbo public actions:**
+
+- kubectl-setup - setups kube config
+
+This example is running custom act runner([custom act runner - network-stack](#custom-act-runner---network-stack)) to deploy to kubernetes cluster without using docker.
+
+```yaml
+name: Example of workflow using limbo public actions
+
+on:
+  push:
+    branches:
+
+      - main
+  pull_request:
+jobs:
+  deploy:
+    runs-on: runner-label
+    env:
+      GITHUB_TEMP: ${{ runner.temp }}
+      
+    steps:
+
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Fetch limbo public actions
+        env: 
+          RUNNER_TEMP: "${{ runner.temp }}"
+          WORKSPACE: "${{ gitea.workspace }}"
+        run: |
+          curl -fsSL https://git.limbosolutions.com/kb/gitea/raw/branch/main/cloud-scripts/setup-limbo-actions.sh | bash 2>&1
+
+      - name: Setup kubectl
+        uses: ./.gitea/limbo_actions/kubectl-setup
+        with:
+          kube_server: ${{ secrets.KUBE_SERVER }}
+          kube_ca_base64: ${{ secrets.KUBE_CA_BASE64 }}
+          kube_token: ${{ secrets.KUBE_TOKEN }}
+         
+      - name: Deploy Kubernetes
+        shell: bash
+        env:
+          secrets_example: "${{ secrets.secrets_example }}"
+          
+        run: |
+          kubectl apply -f ./deploy/deployment.yaml \
+          && envsubst < ./deploy/service.template.yaml | kubectl apply -f -
+```
+
 
 ## Other References
 
-- [limbosolutions gitea hosting](https://git.limbosolutions.com) and [git repo](https://git.limbosolutions.com/limbosolutions.com/git.limbosolutions.com)
+- [git.limbosolution.com](https://git.limbosolutions.com)
+- [git.limbosolution.com - repo](https://git.limbosolutions.com/limbosolutions.com/git.limbosolutions.com)
   

act-runners/network-stack/Dockerfile

@@ -0,0 +1,23 @@
+
+FROM gitea/act_runner:0.2.13
+
+RUN echo "build started.." && \
+apk add --no-cache openssh-client curl ansible nodejs rclone rsync nodejs envsubst bash tar jq
+
+RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
+RUN chmod +x ./kubectl
+RUN mv ./kubectl /usr/local/bin
+
+
+RUN curl -fsSL https://get.helm.sh/helm-v3.14.4-linux-amd64.tar.gz \
+    -o helm.tar.gz && \
+    tar -zxvf helm.tar.gz && \
+    mv linux-amd64/helm /usr/local/bin/helm && \
+    rm -rf linux-amd64 helm.tar.gz
+
+
+RUN HELM_VERSION=$(curl -s https://api.github.com/repos/helm/helm/releases/latest | jq -r .tag_name) && \
+    curl -fsSL https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz -o helm.tar.gz && \
+    tar -zxvf helm.tar.gz && \
+    mv linux-amd64/helm /usr/local/bin/helm && \
+    rm -rf linux-amd64 helm.tar.gz

acts/network-stack/Dockerfile

@@ -0,0 +1,37 @@
+
+FROM catthehacker/ubuntu:act-latest
+
+RUN echo "build started.." && \
+    apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+      openssh-client \
+      curl \
+      ansible \
+      nodejs \
+      rclone \
+      rsync \
+      gettext-base \
+      bash \
+      tar \
+      jq && \
+    rm -rf /var/lib/apt/lists/*
+
+# Install kubectl (latest stable)
+RUN curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl" && \
+    chmod +x ./kubectl && \
+    mv ./kubectl /usr/local/bin/kubectl
+
+# Install Helm pinned version
+RUN curl -fsSL https://get.helm.sh/helm-v3.14.4-linux-amd64.tar.gz -o helm.tar.gz && \
+    tar -zxvf helm.tar.gz && \
+    mv linux-amd64/helm /usr/local/bin/helm && \
+    rm -rf linux-amd64 helm.tar.gz
+
+# Install Helm latest release dynamically
+RUN HELM_VERSION=$(curl -s https://api.github.com/repos/helm/helm/releases/latest | jq -r .tag_name) && \
+    curl -fsSL https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz -o helm.tar.gz && \
+    tar -zxvf helm.tar.gz && \
+    mv linux-amd64/helm /usr/local/bin/helm && \
+    rm -rf linux-amd64 helm.tar.gz
+
+    

cloud-scripts/setup-limbo-actions.sh

@@ -0,0 +1,28 @@
+set -euo pipefail
+
+echo "fetching actions."
+
+# check arguments
+ERROR=0
+
+if [ -z "${RUNNER_TEMP}" ]; then
+    echo "❌ ERROR: missing env RUNNER_TEMP"
+    $ERROR=1
+fi
+
+if [ -z "${WORKSPACE}" ]; then
+    echo "❌ ERROR: missing env WORKSPACE"
+    $ERROR=1
+fi
+
+if [ "$ERROR" != 0 ]; then
+    exit "$ERROR"
+fi
+# end check arguments
+mkdir -p ${RUNNER_TEMP}/gitea_src
+mkdir -p ${WORKSPACE}/.gitea/limbo_actions
+git clone -b main --depth=1 https://git.limbosolutions.com/kb/gitea ${RUNNER_TEMP}/gitea_src
+
+for dir in ${RUNNER_TEMP}/gitea_src/.gitea/actions/*; do
+    ln -s "$dir" "${WORKSPACE}/.gitea/limbo_actions/$(basename "$dir")"
+done

docker/act-runner_ansible/Dockerfile

@@ -1,22 +0,0 @@
-
-FROM gitea/act_runner:0.2.13
-
-RUN echo "build started.."
-
-RUN apk update && \
-apk add --no-cache openssh-client && \
-apk add --no-cache curl && \
-apk add --no-cache ansible && \
-apk add --no-cache nodejs && \
-apk add --no-cache rclone && \
-apk add --no-cache rsync && \
-apk add --no-cache nodejs && \
-rm -rf /tmp/* && \
-rm -rf /var/cache/apk/*
-
-#download latest stable version of kubectl
-RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
-RUN chmod +x ./kubectl
-RUN mv ./kubectl /usr/local/bin
-
-

docker/act-runner_ansible/docker-compose.yml

@@ -1,5 +0,0 @@
-services:
-  runner:
-    build:
-      dockerfile: ./Dockerfile
-