From 3452db86ee96a1122671c5e76dba1378427b92c3 Mon Sep 17 00:00:00 2001 From: hotwa Date: Thu, 2 Oct 2025 21:10:25 +0800 Subject: [PATCH] first add --- .gitignore | 4 + README.md | 3 + config.yaml | 111 ++++++++++++++++++++++ docker-compose.yml | 146 +++++++++++++++++++++++++++++ gitea/conf/app.ini | 90 ++++++++++++++++++ runners/runner-build-1/config.yaml | 22 +++++ runners/runner-build-2/config.yaml | 21 +++++ runners/runner-light-1/config.yaml | 21 +++++ runners/runner-light-2/config.yaml | 20 ++++ 9 files changed, 438 insertions(+) create mode 100644 .gitignore create mode 100644 README.md create mode 100644 config.yaml create mode 100644 docker-compose.yml create mode 100644 gitea/conf/app.ini create mode 100644 runners/runner-build-1/config.yaml create mode 100644 runners/runner-build-2/config.yaml create mode 100644 runners/runner-light-1/config.yaml create mode 100644 runners/runner-light-2/config.yaml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d92afca --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +backup +cache +data +gitea/data \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..5fe0b43 --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +## gitea + +gitea 部署内容 \ No newline at end of file diff --git a/config.yaml b/config.yaml new file mode 100644 index 0000000..b4aab24 --- /dev/null +++ b/config.yaml @@ -0,0 +1,111 @@ +# Example configuration file, it's safe to copy this as the default config file without any modification. + +# You don't have to copy this file to your instance, +# just run `./act_runner generate-config > config.yaml` to generate a config file. + +log: + # The level of logging, can be trace, debug, info, warn, error, fatal + level: info + +runner: + # Where to store the registration result. + file: .runner + # Execute how many tasks concurrently at the same time. + capacity: 4 + # Extra environment variables to run jobs. + envs: + A_TEST_ENV_NAME_1: a_test_env_value_1 + A_TEST_ENV_NAME_2: a_test_env_value_2 + # Extra environment variables to run jobs from a file. + # It will be ignored if it's empty or the file doesn't exist. + env_file: .env + # The timeout for a job to be finished. + # Please note that the Gitea instance also has a timeout (3h by default) for the job. + # So the job could be stopped by the Gitea instance if it's timeout is shorter than this. + timeout: 3h + # The timeout for the runner to wait for running jobs to finish when shutting down. + # Any running jobs that haven't finished after this timeout will be cancelled. + shutdown_timeout: 0s + # Whether skip verifying the TLS certificate of the Gitea instance. + insecure: false + # The timeout for fetching the job from the Gitea instance. + fetch_timeout: 5s + # The interval for fetching the job from the Gitea instance. + fetch_interval: 2s + # The github_mirror of a runner is used to specify the mirror address of the github that pulls the action repository. + # It works when something like `uses: actions/checkout@v4` is used and DEFAULT_ACTIONS_URL is set to github, + # and github_mirror is not empty. In this case, + # it replaces https://github.com with the value here, which is useful for some special network environments. + github_mirror: '' + # The labels of a runner are used to determine which jobs the runner can run, and how to run them. + # Like: "macos-arm64:host" or "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest" + # Find more images provided by Gitea at https://gitea.com/docker.gitea.com/runner-images . + # If it's empty when registering, it will ask for inputting labels. + # If it's empty when execute `daemon`, will use labels in `.runner` file. + labels: + - "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest" + - "ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04" + - "ubuntu-20.04:docker://docker.gitea.com/runner-images:ubuntu-20.04" + +cache: + # Enable cache server to use actions/cache. + enabled: true + # The directory to store the cache data. + # If it's empty, the cache data will be stored in $HOME/.cache/actcache. + dir: "" + # The host of the cache server. + # It's not for the address to listen, but the address to connect from job containers. + # So 0.0.0.0 is a bad choice, leave it empty to detect automatically. + host: "" + # The port of the cache server. + # 0 means to use a random available port. + port: 0 + # The external cache server URL. Valid only when enable is true. + # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself. + # The URL should generally end with "/". + external_server: "" + +container: + # Specifies the network to which the container will connect. + # Could be host, bridge or the name of a custom network. + # If it's empty, act_runner will create a network automatically. + network: "" + # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker). + privileged: false + # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway). + options: >- + --add-host=host.docker.internal:host-gateway + # The parent directory of a job's working directory. + # NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically. + # If the path starts with '/', the '/' will be trimmed. + # For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir + # If it's empty, /workspace will be used. + workdir_parent: + # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob + # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted. + # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to: + # valid_volumes: + # - data + # - /src/*.json + # If you want to allow any volume, please use the following configuration: + # valid_volumes: + # - '**' + valid_volumes: [] + # overrides the docker client host with the specified one. + # If it's empty, act_runner will find an available docker host automatically. + # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers. + # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work. + docker_host: "" + # Pull docker image(s) even if already present + force_pull: true + # Rebuild docker image(s) even if already present + force_rebuild: false + # Always require a reachable docker daemon, even if not required by act_runner + require_docker: false + # Timeout to wait for the docker daemon to be reachable, if docker is required by require_docker or act_runner + docker_timeout: 0s + +host: + # The parent directory of a job's working directory. + # If it's empty, $HOME/.cache/act/ will be used. + workdir_parent: diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..5d918f3 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,146 @@ +version: "3.8" + +services: + # ---------- PostgreSQL 数据库 ---------- + pg-gitea: + image: postgres:16 + container_name: pg-gitea + restart: always + ports: + - "127.0.0.1:5433:5432" + environment: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: change-me-strong + POSTGRES_INITDB_ARGS: "--encoding=UTF8 --locale=en_US.UTF-8" + volumes: + - ./data:/var/lib/postgresql/data + healthcheck: + test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d postgres"] + interval: 10s + timeout: 5s + retries: 5 + networks: [ proxy_net ] + + # ---------- Gitea ---------- + gitea: + image: gitea/gitea:1.24-rootless + container_name: gitea + restart: always + depends_on: + pg-gitea: + condition: service_healthy + environment: + # 下列 env 只是兜底;最终以挂载的 app.ini 为准 + GITEA__database__DB_TYPE: postgres + GITEA__database__HOST: pg-gitea:5432 + GITEA__database__NAME: gitea + GITEA__database__USER: postgres + GITEA__database__PASSWD: change-me-strong + volumes: + - ./gitea/conf/app.ini:/etc/gitea/app.ini + - ./gitea/data:/data + ports: + - "8418:3000" # 100.64.0.27:8418 + - "2222:2222" + networks: [ proxy_net ] + + # ---------- Runner 轻载 #1 ---------- + runner-light-1: + image: gitea/act_runner:latest + container_name: gitea-runner-light-1 + restart: always + depends_on: + gitea: + condition: service_started + environment: + - CONFIG_FILE=/config.yaml + - GITEA_INSTANCE_URL=http://100.64.0.27:8418 + - GITEA_RUNNER_REGISTRATION_TOKEN=dG0bchxPJSH5D0T74RYqf6CrL7HdngQy5gxYgjmV + - HTTP_PROXY=http://proxy:7890 + - HTTPS_PROXY=http://proxy:7890 + - NO_PROXY=localhost,127.0.0.1,pg-gitea,proxy,100.64.0.0/10,*.consul + volumes: + - ./runners/runner-light-1/config.yaml:/config.yaml:ro + - ./runners/runner-light-1/data:/data + - ./runners/runner-light-1/cache:/root + - /var/run/docker.sock:/var/run/docker.sock + networks: [ proxy_net ] + cpus: "6" + mem_limit: "12g" + + # ---------- Runner 轻载 #2 ---------- + runner-light-2: + image: gitea/act_runner:latest + container_name: gitea-runner-light-2 + restart: always + depends_on: + gitea: + condition: service_started + environment: + - CONFIG_FILE=/config.yaml + - GITEA_INSTANCE_URL=http://100.64.0.27:8418 + - GITEA_RUNNER_REGISTRATION_TOKEN=dG0bchxPJSH5D0T74RYqf6CrL7HdngQy5gxYgjmV + - HTTP_PROXY=http://proxy:7890 + - HTTPS_PROXY=http://proxy:7890 + - NO_PROXY=localhost,127.0.0.1,pg-gitea,proxy,100.64.0.0/10,*.consul + volumes: + - ./runners/runner-light-2/config.yaml:/config.yaml:ro + - ./runners/runner-light-2/data:/data + - ./runners/runner-light-2/cache:/root + - /var/run/docker.sock:/var/run/docker.sock + networks: [ proxy_net ] + cpus: "6" + mem_limit: "12g" + + # ---------- Runner 构建型 #1 ---------- + runner-build-1: + image: gitea/act_runner:latest + container_name: gitea-runner-build-1 + restart: always + depends_on: + gitea: + condition: service_started + environment: + - CONFIG_FILE=/config.yaml + - GITEA_INSTANCE_URL=http://100.64.0.27:8418 + - GITEA_RUNNER_REGISTRATION_TOKEN=dG0bchxPJSH5D0T74RYqf6CrL7HdngQy5gxYgjmV + - HTTP_PROXY=http://proxy:7890 + - HTTPS_PROXY=http://proxy:7890 + - NO_PROXY=localhost,127.0.0.1,pg-gitea,proxy,100.64.0.0/10,*.consul + volumes: + - ./runners/runner-build-1/config.yaml:/config.yaml:ro + - ./runners/runner-build-1/data:/data + - ./runners/runner-build-1/cache:/root + - /var/run/docker.sock:/var/run/docker.sock + networks: [ proxy_net ] + cpus: "10" + mem_limit: "32g" + + # ---------- Runner 构建型 #2 ---------- + runner-build-2: + image: gitea/act_runner:latest + container_name: gitea-runner-build-2 + restart: always + depends_on: + gitea: + condition: service_started + environment: + - CONFIG_FILE=/config.yaml + - GITEA_INSTANCE_URL=http://100.64.0.27:8418 + - GITEA_RUNNER_REGISTRATION_TOKEN=dG0bchxPJSH5D0T74RYqf6CrL7HdngQy5gxYgjmV + - HTTP_PROXY=http://proxy:7890 + - HTTPS_PROXY=http://proxy:7890 + - NO_PROXY=localhost,127.0.0.1,pg-gitea,proxy,100.64.0.0/10,*.consul + volumes: + - ./runners/runner-build-2/config.yaml:/config.yaml:ro + - ./runners/runner-build-2/data:/data + - ./runners/runner-build-2/cache:/root + - /var/run/docker.sock:/var/run/docker.sock + networks: [ proxy_net ] + cpus: "10" + mem_limit: "32g" + +networks: + proxy_net: + external: true + name: proxy_net diff --git a/gitea/conf/app.ini b/gitea/conf/app.ini new file mode 100644 index 0000000..6516313 --- /dev/null +++ b/gitea/conf/app.ini @@ -0,0 +1,90 @@ +WORK_PATH = /var/lib/gitea +APP_NAME = Gitea: Git with a cup of tea +RUN_USER = git +RUN_MODE = prod + +[server] +PROTOCOL = http +HTTP_PORT = 3000 +DOMAIN = gitea.jmsu.top +ROOT_URL = http://100.64.0.27:8418/ +CANONICAL_URLS = true +START_SSH_SERVER = true +SSH_DOMAIN = gitea.jmsu.top +APP_DATA_PATH = /var/lib/gitea/data +DISABLE_SSH = false +SSH_PORT = 2222 +SSH_LISTEN_HOST = 0.0.0.0 +SSH_LISTEN_PORT = 2222 +LFS_START_SERVER = true +LFS_JWT_SECRET = xtEve51rVt_MopZPJb94rbml0KcOA_Sg4_249urp1AI +OFFLINE_MODE = true +PROXY_TRUSTED_PROXIES = 100.64.0.0/16 + +[actions] +ENABLED = true +DEFAULT_ACTIONS_URL = https://gitea.com/actions + +[database] +DB_TYPE = postgres +HOST = pg-gitea:5432 +NAME = gitea +; 或你创建的 gitea 用户 +USER = postgres +; 或对应 gitea 用户密码 +PASSWD = change-me-strong +SCHEMA = +SSL_MODE = disable +PATH = /var/lib/gitea/data/gitea.db +LOG_SQL = false + +[repository] +ROOT = /data/git/repositories + +[lfs] +PATH = /data/git/lfs + +[mailer] +ENABLED = false + +[service] +REGISTER_EMAIL_CONFIRM = false +ENABLE_NOTIFY_MAIL = false +DISABLE_REGISTRATION = false +ALLOW_ONLY_EXTERNAL_REGISTRATION = false +ENABLE_CAPTCHA = false +REQUIRE_SIGNIN_VIEW = false +DEFAULT_KEEP_EMAIL_PRIVATE = false +DEFAULT_ALLOW_CREATE_ORGANIZATION = true +DEFAULT_ENABLE_TIMETRACKING = true +NO_REPLY_ADDRESS = noreply.gitea.jmsu.top + +[openid] +ENABLE_OPENID_SIGNIN = true +ENABLE_OPENID_SIGNUP = true + +[cron.update_checker] +ENABLED = false + +[session] +PROVIDER = file + +[log] +MODE = console +LEVEL = info +ROOT_PATH = /var/lib/gitea/log + +[repository.pull-request] +DEFAULT_MERGE_STYLE = merge + +[repository.signing] +DEFAULT_TRUST_MODEL = committer + +[security] +COOKIE_SECURE = true +INSTALL_LOCK = true +INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE3NTkxNTc0OTh9.ij8BEg_RzCbg_2JBGq1emfJ6k_8jFi5QNsqbGK-cZgo +PASSWORD_HASH_ALGO = pbkdf2 + +[oauth2] +JWT_SECRET = EfjjsuclzdV7J-GvGKuzvr93jzKlfHW4frPB8F2W4F8 diff --git a/runners/runner-build-1/config.yaml b/runners/runner-build-1/config.yaml new file mode 100644 index 0000000..80d85fd --- /dev/null +++ b/runners/runner-build-1/config.yaml @@ -0,0 +1,22 @@ +log: + level: info + +runner: + name: runner-build-1 + capacity: 1 + envs: + HTTP_PROXY: http://proxy:7890 + HTTPS_PROXY: http://proxy:7890 + NO_PROXY: localhost,127.0.0.1,pg-gitea,proxy,100.64.0.0/10,172.24.0.0/16 + DOCKER_HOST: unix:///var/run/docker.sock + labels: + - "buildx:docker://ghcr.io/catthehacker/ubuntu:act-22.04" + - "heavy:docker://ghcr.io/catthehacker/ubuntu:act-22.04" + +container: + network: proxy_net + privileged: true + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./buildkit-cache:/var/lib/buildkit + diff --git a/runners/runner-build-2/config.yaml b/runners/runner-build-2/config.yaml new file mode 100644 index 0000000..559b648 --- /dev/null +++ b/runners/runner-build-2/config.yaml @@ -0,0 +1,21 @@ +log: + level: info + +runner: + name: runner-build-2 + capacity: 1 + envs: + HTTP_PROXY: http://proxy:7890 + HTTPS_PROXY: http://proxy:7890 + NO_PROXY: localhost,127.0.0.1,pg-gitea,proxy,100.64.0.0/10,172.24.0.0/16 + DOCKER_HOST: unix:///var/run/docker.sock + labels: + - "buildx:docker://ghcr.io/catthehacker/ubuntu:act-22.04" + - "heavy:docker://ghcr.io/catthehacker/ubuntu:act-22.04" + +container: + network: proxy_net + privileged: true + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./buildkit-cache:/var/lib/buildkit diff --git a/runners/runner-light-1/config.yaml b/runners/runner-light-1/config.yaml new file mode 100644 index 0000000..9e9bf44 --- /dev/null +++ b/runners/runner-light-1/config.yaml @@ -0,0 +1,21 @@ +log: + level: info + +runner: + name: runner-light-1 + capacity: 2 + envs: + HTTP_PROXY: http://proxy:7890 + HTTPS_PROXY: http://proxy:7890 + NO_PROXY: localhost,127.0.0.1,pg-gitea,proxy,100.64.0.0/10,172.24.0.0/16 + DOCKER_HOST: unix:///var/run/docker.sock + labels: + - "docker:docker://ghcr.io/catthehacker/ubuntu:act-22.04" + - "light:docker://ghcr.io/catthehacker/ubuntu:act-22.04" + +container: + network: proxy_net + privileged: true + volumes: + - /var/run/docker.sock:/var/run/docker.sock + diff --git a/runners/runner-light-2/config.yaml b/runners/runner-light-2/config.yaml new file mode 100644 index 0000000..10e407f --- /dev/null +++ b/runners/runner-light-2/config.yaml @@ -0,0 +1,20 @@ +log: + level: info + +runner: + name: runner-light-2 + capacity: 2 + envs: + HTTP_PROXY: http://proxy:7890 + HTTPS_PROXY: http://proxy:7890 + NO_PROXY: localhost,127.0.0.1,pg-gitea,proxy,100.64.0.0/10,172.24.0.0/16 + DOCKER_HOST: unix:///var/run/docker.sock + labels: + - "docker:docker://ghcr.io/catthehacker/ubuntu:act-22.04" + - "light:docker://ghcr.io/catthehacker/ubuntu:act-22.04" + +container: + network: proxy_net + privileged: true + volumes: + - /var/run/docker.sock:/var/run/docker.sock