gitea_admin/qvest-task
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2e368a3a7c
qvest-task/ansible/setup-runner.yml
gitea_admin 685de1816d feat: implement update automation and backup system with CI tests (#1) 
- Diun monitors Docker images
- Automated updates for nginx, manual approval for gitea/postgres
- Weekly cert renewal automation via cron
- Health checks with automatic rollback on failure
- AWS SES email notifications on update failures
- Daily S3 backups + pre-update snapshots
- Integration tests with Gitea Actions quality gate
- Change domain from gitea.poll-streams.com to git.poll-streams.com
- Add diagrams
2026-06-11 15:51:48 +00:00

152 lines
5.1 KiB
YAML
Raw Blame History

---
- name: Setup Gitea Actions Runner
hosts: gitea
become: true
vars:
runner_version: "0.2.10"
runner_binary: "/usr/local/bin/act_runner"
runner_count: 2
gitea_instance: "https://git.poll-streams.com"
secret_name: "qvest-task-db-credentials"
aws_region: "eu-central-1"
# Registration token must be provided via command line or AWS Secrets Manager
# ansible-playbook setup-runner.yml -e "gitea_runner_token=YOUR_TOKEN"
tasks:
- name: Download act_runner binary
ansible.builtin.get_url:
url: "https://dl.gitea.com/act_runner/{{ runner_version }}/act_runner-{{ runner_version }}-linux-amd64"
dest: "{{ runner_binary }}"
mode: "0755"
- name: Create runner config directories
ansible.builtin.file:
path: "/etc/act_runner-{{ item }}"
state: directory
mode: "0755"
with_sequence: start=1 end={{ runner_count }}
- name: Create runner data directories
ansible.builtin.file:
path: "/var/lib/act_runner-{{ item }}"
state: directory
mode: "0755"
with_sequence: start=1 end={{ runner_count }}
- name: Check if runners are already registered
ansible.builtin.stat:
path: "/etc/act_runner-{{ item }}/.runner"
register: runner_configs
with_sequence: start=1 end={{ runner_count }}
- name: Fetch Gitea runner token from AWS Secrets Manager
ansible.builtin.shell: |
set -o pipefail
aws secretsmanager get-secret-value \
--secret-id "{{ secret_name }}" \
--region "{{ aws_region }}" \
--query SecretString \
--output text | jq -r '.gitea_runner_token // empty'
args:
executable: /bin/bash
register: secrets_output
when:
- gitea_runner_token is not defined
- runner_configs.results | selectattr('stat.exists', 'equalto', false) | list | length > 0
changed_when: false
failed_when: false
- name: Set runner token from Secrets Manager
ansible.builtin.set_fact:
gitea_runner_token: "{{ secrets_output.stdout }}"
when:
- gitea_runner_token is not defined
- secrets_output.stdout is defined
- secrets_output.stdout | length > 0
- name: Register runners with Gitea
ansible.builtin.shell: |
{{ runner_binary }} register \
--instance {{ gitea_instance }} \
--token {{ gitea_runner_token }} \
--name {{ ansible_hostname }}-runner-{{ item }} \
--no-interactive
args:
chdir: "/etc/act_runner-{{ item }}"
when:
- gitea_runner_token is defined
- gitea_runner_token | length > 0
- not runner_configs.results[item | int - 1].stat.exists
with_sequence: start=1 end={{ runner_count }}
register: runner_registrations
changed_when: runner_registrations.rc == 0
- name: Create runner config files
ansible.builtin.copy:
dest: "/etc/act_runner-{{ item }}/config.yaml"
content: |
log:
level: info
runner:
file: .runner
capacity: 1
timeout: 3h
container:
network: host
privileged: false
options:
workdir_parent:
mode: "0644"
with_sequence: start=1 end={{ runner_count }}
- name: Display registration warning if token not provided
ansible.builtin.debug:
msg: "Runner registration skipped - no token provided. Re-run with -e gitea_runner_token=TOKEN"
when:
- gitea_runner_token is not defined or gitea_runner_token | length == 0
- runner_configs.results | selectattr('stat.exists', 'equalto', false) | list | length > 0
- name: Create systemd services for runners
ansible.builtin.copy:
dest: "/etc/systemd/system/act_runner-{{ item }}.service"
content: |
[Unit]
Description=Gitea Actions Runner {{ item }}
After=network.target docker.service
Requires=docker.service
[Service]
Type=simple
ExecStart={{ runner_binary }} daemon --config config.yaml
WorkingDirectory=/etc/act_runner-{{ item }}
Restart=always
RestartSec=10
User=root
[Install]
WantedBy=multi-user.target
mode: "0644"
with_sequence: start=1 end={{ runner_count }}
register: runner_services
notify: Reload systemd daemon
- name: Enable and start runner services
ansible.builtin.systemd:
name: "act_runner-{{ item }}"
enabled: true
state: started
with_sequence: start=1 end={{ runner_count }}
when: >
runner_configs.results[item | int - 1].stat.exists or
(runner_registrations.results is defined and
runner_registrations.results[item | int - 1].changed | default(false))
- name: Display runner status
ansible.builtin.debug:
msg: "Deployed {{ runner_count }} runners. Services: act_runner-1 to act_runner-{{ runner_count }}"
handlers:
- name: Reload systemd daemon
ansible.builtin.systemd:
daemon_reload: true
Reference in New Issue View Git Blame Copy Permalink