From c580c9f9b9b09fc9ad016094016a5dd4e57764db Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Tue, 17 Oct 2023 16:01:07 -0500 Subject: [PATCH 1/9] Add instructions for macOS. --- gitea/README.md | 5 +++ gitea/act-runner.md | 67 +++++++++++++++++++++++++++++++++++++++ gitea/initialize-gitea.sh | 3 +- 3 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 gitea/act-runner.md diff --git a/gitea/README.md b/gitea/README.md index 01424b8..c6ecfe9 100644 --- a/gitea/README.md +++ b/gitea/README.md @@ -25,3 +25,8 @@ GITEA__log__LEVEL=TRACE ``` to the `server` definition in `docker-compose.yml` and re-start. Details on how to setup remote debugging of the gitea server inside its container can be found [here](gitea-debugging.md). + +#### Action Runners + +A Dockerized action runner for the `ubuntu-latest` and `ubuntu-22.04` labels is deployed by default. Details on deploying native +action runners, eg, on macOS, can be found [here](act-runner.md). diff --git a/gitea/act-runner.md b/gitea/act-runner.md new file mode 100644 index 0000000..6b17d68 --- /dev/null +++ b/gitea/act-runner.md @@ -0,0 +1,67 @@ +## Deploying Action Runners + +### Releases +Gitea publishes binary releases of [gitea/act_runner](https://gitea.com/gitea/act_runner/releases) for many platform and architectures, which can be used to deploy new action runners simply. + +The following example uses `gitea/act_runner` 0.2.6 on macOS Ventura 13.3 x64. + +### Registration Token + +> Note: Runners can be registered globally for an entire Gitea instance, for a specific organization, or for a single repo. This example assumes registering the runner globally. + +Before executing the runner, first obtain a registration token by visiting http://gitea.local:3000/admin/actions/runners, clicking the 'Create new Runner' button, and copying the displayed +registration token, for example, `FTyMBkcK9ErmD0wm8LfBzfXOUUlQA7dBJF6BB64Z`. + +### Runner Registration and Startup + +After you have obtained a registration token, download the `gitea/act_runner` release matching your platform and architecture and run it as follows: + +``` +# Download latest gitea/act_runner release. +$ wget https://gitea.com/gitea/act_runner/releases/download/latest/act_runner-0.2.6-darwin-amd64 && chmod a+x act_runner-0.2.6-darwin-amd64 + +# Register the runner with the Gitea instance. +$ ./act_runner-0.2.6-darwin-amd64 register \ + --instance http://gitea.local:3000 \ + --labels 'darwin-latest-amd64:host,darwin-13-amd64:host' \ + --name 'darwin-amd64-001' \ + --token "FTyMBkcK9ErmD0wm8LfBzfXOUUlQA7dBJF6BB64Z" \ + --no-interactive + +# Launch it in daemon mode, waiting for jobs. +$ ./act_runner-0.2.6-darwin-amd64 daemon +``` + +### Labels + +The most important detail in this example is the label. For the Ubuntu runner which is deployed automatically with this project, the label `ubuntu-latest:docker://cerc/act-runner-task-executor:local` is +used, which instructs `gitea/act_runner` that tasks should be executed inside an instance of the `cerc/act-runner-task-executor:local` Docker container. In this example, the label is `darwin-latest-amd64:host`. +This means that tasks will be executed directly on the host. Since there are additional security implications when executing tasks on the host, only trusted repositories with strict access controls +should be allowed to schedule CI jobs on the runner. + +### Example Workflow + +This very simple workflow will schedule jobs on both macOS (`darwin-latest-amd64`) and Linux (`ubuntu-latest`) runners. + +``` +name: macOS test + +on: + push: + branches: + - main + +jobs: + test-macos: + name: "Run on macOS" + runs-on: darwin-latest-amd64 + steps: + - name: "uname" + run: uname -a + test-linux: + name: "Run on Ubuntu" + runs-on: ubuntu-latest + steps: + - name: "uname" + run: uname -a +``` diff --git a/gitea/initialize-gitea.sh b/gitea/initialize-gitea.sh index ab78aff..147e703 100755 --- a/gitea/initialize-gitea.sh +++ b/gitea/initialize-gitea.sh @@ -8,7 +8,8 @@ fi # See: https://stackoverflow.com/a/74449556 secure_password() { - cat /dev/urandom | tr -dc A-Za-z0-9~_- | head -c 10 && echo + # extra bytes so that even if we delete some chars we will still have plenty + openssl rand -base64 32 | tr -d '\/+=' | head -c10 && echo } GITEA_USER=${CERC_GITEA_NEW_ADMIN_USERNAME:-"gitea_admin"} -- 2.45.2 From 6a73a1c92f776523090682c26bf500b04cb84c05 Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Tue, 17 Oct 2023 16:04:06 -0500 Subject: [PATCH 2/9] Tweak README --- gitea/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gitea/README.md b/gitea/README.md index c6ecfe9..082ab12 100644 --- a/gitea/README.md +++ b/gitea/README.md @@ -28,5 +28,5 @@ Details on how to setup remote debugging of the gitea server inside its containe #### Action Runners -A Dockerized action runner for the `ubuntu-latest` and `ubuntu-22.04` labels is deployed by default. Details on deploying native -action runners, eg, on macOS, can be found [here](act-runner.md). +A Dockerized action runner is deployed by default for the labels `ubuntu-latest` and `ubuntu-22.04`. Details on deploying +additional runners can be found [here](act-runner.md). -- 2.45.2 From 7cac7a9583b1dedc60dd66cbe7f094ba77b05b45 Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Tue, 17 Oct 2023 21:04:45 +0000 Subject: [PATCH 3/9] Update gitea/act-runner.md --- gitea/act-runner.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitea/act-runner.md b/gitea/act-runner.md index 6b17d68..23b2224 100644 --- a/gitea/act-runner.md +++ b/gitea/act-runner.md @@ -3,7 +3,7 @@ ### Releases Gitea publishes binary releases of [gitea/act_runner](https://gitea.com/gitea/act_runner/releases) for many platform and architectures, which can be used to deploy new action runners simply. -The following example uses `gitea/act_runner` 0.2.6 on macOS Ventura 13.3 x64. +The following example uses `gitea/act_runner` 0.2.6 to deploy a runner on macOS Ventura 13.3 x64. ### Registration Token -- 2.45.2 From b55bdc2f292bcd8a82fdc5f0336265ac802a4b26 Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Tue, 17 Oct 2023 21:05:08 +0000 Subject: [PATCH 4/9] Update gitea/act-runner.md --- gitea/act-runner.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitea/act-runner.md b/gitea/act-runner.md index 23b2224..1653daf 100644 --- a/gitea/act-runner.md +++ b/gitea/act-runner.md @@ -7,7 +7,7 @@ The following example uses `gitea/act_runner` 0.2.6 to deploy a runner on macOS ### Registration Token -> Note: Runners can be registered globally for an entire Gitea instance, for a specific organization, or for a single repo. This example assumes registering the runner globally. +> Note: Runners can be registered globally for an entire Gitea instance, for a specific organization, or for a single repo. This example registers globally. Before executing the runner, first obtain a registration token by visiting http://gitea.local:3000/admin/actions/runners, clicking the 'Create new Runner' button, and copying the displayed registration token, for example, `FTyMBkcK9ErmD0wm8LfBzfXOUUlQA7dBJF6BB64Z`. -- 2.45.2 From b05106e44b4f6340678a003ca9da23bfc174b9a9 Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Tue, 17 Oct 2023 21:05:56 +0000 Subject: [PATCH 5/9] Update gitea/act-runner.md --- gitea/act-runner.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gitea/act-runner.md b/gitea/act-runner.md index 1653daf..4d4a84d 100644 --- a/gitea/act-runner.md +++ b/gitea/act-runner.md @@ -17,10 +17,10 @@ registration token, for example, `FTyMBkcK9ErmD0wm8LfBzfXOUUlQA7dBJF6BB64Z`. After you have obtained a registration token, download the `gitea/act_runner` release matching your platform and architecture and run it as follows: ``` -# Download latest gitea/act_runner release. +# Download latest gitea/act_runner release for your platform. $ wget https://gitea.com/gitea/act_runner/releases/download/latest/act_runner-0.2.6-darwin-amd64 && chmod a+x act_runner-0.2.6-darwin-amd64 -# Register the runner with the Gitea instance. +# Register the runner with the Gitea instance using the token obtained above. $ ./act_runner-0.2.6-darwin-amd64 register \ --instance http://gitea.local:3000 \ --labels 'darwin-latest-amd64:host,darwin-13-amd64:host' \ -- 2.45.2 From 4377d66990d073dffd5f5a6edf2d63e887a2aee1 Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Tue, 17 Oct 2023 21:10:52 +0000 Subject: [PATCH 6/9] Update gitea/act-runner.md --- gitea/act-runner.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/gitea/act-runner.md b/gitea/act-runner.md index 4d4a84d..8d086ab 100644 --- a/gitea/act-runner.md +++ b/gitea/act-runner.md @@ -35,9 +35,8 @@ $ ./act_runner-0.2.6-darwin-amd64 daemon ### Labels The most important detail in this example is the label. For the Ubuntu runner which is deployed automatically with this project, the label `ubuntu-latest:docker://cerc/act-runner-task-executor:local` is -used, which instructs `gitea/act_runner` that tasks should be executed inside an instance of the `cerc/act-runner-task-executor:local` Docker container. In this example, the label is `darwin-latest-amd64:host`. -This means that tasks will be executed directly on the host. Since there are additional security implications when executing tasks on the host, only trusted repositories with strict access controls -should be allowed to schedule CI jobs on the runner. +used, which instructs `gitea/act_runner` that a task which `runs-on: ubuntu-latest` should be executed inside an instance of the `cerc/act-runner-task-executor:local` Docker container. In this example, the label is `darwin-latest-amd64:host`. This means that a task which `runs-on: darwin-latest-amd64` will be executed natively on the host machine. Since there are additional security implications when executing tasks +on the host, only trusted repositories with strict access controls should be allowed to schedule CI jobs on the runner. ### Example Workflow -- 2.45.2 From 3690cab84cb00bec127b1999002add4e998153db Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Tue, 17 Oct 2023 16:13:14 -0500 Subject: [PATCH 7/9] space --- gitea/initialize-gitea.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitea/initialize-gitea.sh b/gitea/initialize-gitea.sh index 147e703..1747ea5 100755 --- a/gitea/initialize-gitea.sh +++ b/gitea/initialize-gitea.sh @@ -9,7 +9,7 @@ fi # See: https://stackoverflow.com/a/74449556 secure_password() { # extra bytes so that even if we delete some chars we will still have plenty - openssl rand -base64 32 | tr -d '\/+=' | head -c10 && echo + openssl rand -base64 32 | tr -d '\/+=' | head -c 10 && echo } GITEA_USER=${CERC_GITEA_NEW_ADMIN_USERNAME:-"gitea_admin"} -- 2.45.2 From 17fc85d820db3e7c718080d86583a2d93ddf699a Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Tue, 17 Oct 2023 22:16:02 -0500 Subject: [PATCH 8/9] Remove obsolete comment --- gitea/initialize-gitea.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/gitea/initialize-gitea.sh b/gitea/initialize-gitea.sh index 1747ea5..2204c36 100755 --- a/gitea/initialize-gitea.sh +++ b/gitea/initialize-gitea.sh @@ -6,7 +6,6 @@ if [[ -n "$CERC_SCRIPT_DEBUG" ]]; then set -x fi -# See: https://stackoverflow.com/a/74449556 secure_password() { # extra bytes so that even if we delete some chars we will still have plenty openssl rand -base64 32 | tr -d '\/+=' | head -c 10 && echo -- 2.45.2 From ade3e94f4abfeccbd857adc8b857dfd318c2c25a Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Tue, 17 Oct 2023 22:44:54 -0500 Subject: [PATCH 9/9] Add comment --- gitea/initialize-gitea.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/gitea/initialize-gitea.sh b/gitea/initialize-gitea.sh index 2204c36..a30d995 100755 --- a/gitea/initialize-gitea.sh +++ b/gitea/initialize-gitea.sh @@ -7,7 +7,8 @@ if [[ -n "$CERC_SCRIPT_DEBUG" ]]; then fi secure_password() { - # extra bytes so that even if we delete some chars we will still have plenty + # use openssl as the source, because it behaves similarly on both linux and macos + # we generate extra bytes so that even if tr deletes some chars we will still have plenty openssl rand -base64 32 | tr -d '\/+=' | head -c 10 && echo } -- 2.45.2