From 42d80470432e5dc3ecd7c4e8277f39da522f5337 Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Tue, 3 Sep 2024 22:34:48 +1000
Subject: [PATCH 1/2] fix: comments in gitea role

- was copy of puppetboard, missed updating the comment
---
 site/roles/manifests/infra/git/gitea.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/site/roles/manifests/infra/git/gitea.pp b/site/roles/manifests/infra/git/gitea.pp
index a11e842..5a867b2 100644
--- a/site/roles/manifests/infra/git/gitea.pp
+++ b/site/roles/manifests/infra/git/gitea.pp
@@ -1,4 +1,4 @@
-# a role to deploy the puppetboard
+# a role to deploy the gitea
 class roles::infra::git::gitea {
   if $facts['firstrun'] {
     include profiles::defaults

From 0210d849c7139544335f9157c33b9f64a5e37986 Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Sat, 7 Sep 2024 16:31:09 +1000
Subject: [PATCH 2/2] feat: add gitea runner role

- ensure docker is configured
- create runner user/group
- deploy config.yaml from hiera hash
- install runner from url
- register the runner with the gitea instance
- manage the act_runner service
---
 hieradata/roles/infra/git/runner.eyaml        |  1 +
 hieradata/roles/infra/git/runner.yaml         | 46 ++++++++++++
 site/profiles/manifests/gitea/runner.pp       | 73 +++++++++++++++++++
 .../templates/gitea/act_runner.service.erb    | 17 +++++
 site/roles/manifests/infra/git/runner.pp      | 11 +++
 5 files changed, 148 insertions(+)
 create mode 100644 hieradata/roles/infra/git/runner.eyaml
 create mode 100644 hieradata/roles/infra/git/runner.yaml
 create mode 100644 site/profiles/manifests/gitea/runner.pp
 create mode 100644 site/profiles/templates/gitea/act_runner.service.erb
 create mode 100644 site/roles/manifests/infra/git/runner.pp

diff --git a/hieradata/roles/infra/git/runner.eyaml b/hieradata/roles/infra/git/runner.eyaml
new file mode 100644
index 0000000..43af94b
--- /dev/null
+++ b/hieradata/roles/infra/git/runner.eyaml
@@ -0,0 +1 @@
+profiles::gitea::runner::registration_token: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAOL/ug4IPhEW1n+Lq+SsMSEJUYsDDK2s0+oNF3unxcbH3QDqWo7kuYKkDWQ+W3otcxvuRlbC8+0W2fO2udhF7sSGrF93INsTCDqWlLnaaAgxlgNSXthA4OCJlI8DCLeD/Sr0TTCchUdpQrIpDo6Gh0EUjgRv5574q26or7c/vvtQ4nfLVQOqEV9UpsCgEYiQvXVcf55LEpgaDp4mFL0qCnfzDnGNbZ0GUo6552ka19IocqOqILPnZO0qDcEoLbQ90sP197+5Jw611i1Akx1C4lFP81bazFMpbdiEP0V4Ax+33LfZEb0KnXuMbKOF23vIwwwfpFJaSOAjA5YehA3xM2zBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDPJHB2uL+VEyntgZocyoMXgDBJ1dnRWiJM77XomzbNdDUO+ktIHLOTL5do0m4CkXZ1s42KtaAwWL+/EGdxg80UMC8=]
diff --git a/hieradata/roles/infra/git/runner.yaml b/hieradata/roles/infra/git/runner.yaml
new file mode 100644
index 0000000..6e40d6a
--- /dev/null
+++ b/hieradata/roles/infra/git/runner.yaml
@@ -0,0 +1,46 @@
+---
+hiera_include:
+  - docker
+  - profiles::gitea::runner
+
+docker::version: latest
+docker::curl_ensure: false
+
+profiles::gitea::runner::home: /data/runner
+profiles::gitea::runner::version: '0.2.10'
+profiles::gitea::runner::source: "https://gitea.com/gitea/act_runner/releases/download/v%{hiera('profiles::gitea::runner::version')}/act_runner-%{hiera('profiles::gitea::runner::version')}-linux-amd64"
+profiles::gitea::runner::config:
+  log:
+    level: info
+  runner:
+    file: "%{hiera('profiles::gitea::runner::home')}/.runner"
+    capacity: 2
+    envs:
+      A_TEST_ENV_NAME_1: a_test_env_value_1
+      A_TEST_ENV_NAME_2: a_test_env_value_2
+    env_file: .env
+    timeout: 3h
+    insecure: false
+    fetch_timeout: 5s
+    fetch_interval: 2s
+    labels:
+      - "almalinux-latest"
+      - "almalinux-8:docker"
+      - "almalinux-8.10:docker"
+  cache:
+    enabled: true
+    dir: "%{hiera('profiles::gitea::runner::home')}/.cache/actcache"
+    host: ""
+    port: 0
+    external_server: ""
+  container:
+    network: ""
+    privileged: false
+    options:
+    workdir_parent: /workspace
+    valid_volumes: []
+    docker_host: ""
+    force_pull: true
+    force_rebuild: false
+  host:
+    workdir_parent: "%{hiera('profiles::gitea::runner::home')}/.cache/act"
diff --git a/site/profiles/manifests/gitea/runner.pp b/site/profiles/manifests/gitea/runner.pp
new file mode 100644
index 0000000..761a04d
--- /dev/null
+++ b/site/profiles/manifests/gitea/runner.pp
@@ -0,0 +1,73 @@
+# profiles::gitea::init
+class profiles::gitea::runner (
+  String $registration_token,
+  Stdlib::HTTPSUrl $source,
+  String $user = 'runner',
+  String $group = 'runner',
+  Stdlib::Absolutepath $home = '/data/runner',
+  Hash $config = {},
+  Stdlib::HTTPSUrl $instance = 'https://git.query.consul',
+  String $version = '0.2.10',
+) {
+
+  group { $group:
+    ensure => 'present',
+  }
+
+  user { $user:
+    ensure     => 'present',
+    home       => $home,
+    managehome => true,
+    forcelocal => true,
+    groups     => ['docker'],
+    gid        => $group,
+    require    => Group[$group],
+  }
+
+  file { "${home}/config.yaml":
+    ensure  => file,
+    content => to_yaml($config),
+    owner   => $user,
+    group   => $group,
+    require => User[$user],
+  }
+
+  archive { '/usr/local/bin/act_runner':
+    ensure  => present,
+    extract => false,
+    source  => $source,
+    creates => '/usr/local/bin/act_runner',
+    cleanup => true,
+  }
+
+  file { '/usr/local/bin/act_runner':
+    ensure  => 'file',
+    mode    => '0755',
+    owner   => 'root',
+    group   => 'root',
+    require => Archive['/usr/local/bin/act_runner'],
+  }
+
+  exec {'register_act_runner':
+    command => "/usr/local/bin/act_runner register \
+                --no-interactive \
+                --instance ${instance} \
+                --token ${registration_token} \
+                --name ${facts['networking']['hostname']} \
+                --config ${home}/config.yaml",
+    creates => "${home}/.runner",
+    cwd     => $home,
+    user    => $user,
+    group   => $group,
+    require => [
+      File['/usr/local/bin/act_runner'],
+      File["${home}/config.yaml"],
+    ],
+  }
+
+  systemd::unit_file {'act_runner.service':
+    enable  => true,
+    active  => true,
+    content => template('profiles/gitea/act_runner.service.erb'),
+  }
+}
diff --git a/site/profiles/templates/gitea/act_runner.service.erb b/site/profiles/templates/gitea/act_runner.service.erb
new file mode 100644
index 0000000..2bff552
--- /dev/null
+++ b/site/profiles/templates/gitea/act_runner.service.erb
@@ -0,0 +1,17 @@
+[Unit]
+Description=Gitea Actions runner
+Documentation=https://gitea.com/gitea/act_runner
+After=docker.service
+
+[Service]
+ExecStart=/usr/local/bin/act_runner daemon --config <%= @home %>/config.yaml
+ExecReload=/bin/kill -s HUP $MAINPID
+WorkingDirectory=<%= @home %>
+TimeoutSec=0
+RestartSec=10
+Restart=always
+User=<%= @user %>
+Group=<%= @group %>
+
+[Install]
+WantedBy=multi-user.target
diff --git a/site/roles/manifests/infra/git/runner.pp b/site/roles/manifests/infra/git/runner.pp
new file mode 100644
index 0000000..7e05a50
--- /dev/null
+++ b/site/roles/manifests/infra/git/runner.pp
@@ -0,0 +1,11 @@
+# a role to deploy the gitea runner
+class roles::infra::git::runner {
+  if $facts['firstrun'] {
+    include profiles::defaults
+    include profiles::firstrun::init
+  }else{
+    include profiles::defaults
+    include profiles::base
+    include profiles::base::datavol
+  }
+}