From e55c642db271399a23c476752aceb57139e103f3 Mon Sep 17 00:00:00 2001 From: glenn schrooyen Date: Sat, 13 Sep 2025 01:16:32 +0200 Subject: [PATCH] Refactor CI workflows to reorder runner labels for improved clarity and consistency across API Docs, API Gateway, Service Adapters, Frontend, and Integration Tests; update documentation to include new runner labels and optimization recommendations. --- .gitea/workflows/api-docs.yml | 4 +- .gitea/workflows/api-gateway.yml | 6 +- .gitea/workflows/ci.yml | 12 +- .gitea/workflows/frontend.yml | 6 +- .gitea/workflows/integration-tests.yml | 2 +- .gitea/workflows/service-adapters.yml | 4 +- docs/OPTIMIZATION_RECOMMENDATIONS.md | 183 +++++++++++++++++++++++++ docs/RUNNER_LABELS.md | 180 ++++++++++++++++++++++++ docs/structure.txt | 6 +- runners/compose.yaml | 151 ++++++++++++++++++++ runners/config_docker.yaml | 113 +++++++++++++++ runners/config_heavy.yaml | 114 +++++++++++++++ runners/config_light.yaml | 114 +++++++++++++++ runners/config_security.yaml | 113 +++++++++++++++ 14 files changed, 989 insertions(+), 19 deletions(-) create mode 100644 docs/OPTIMIZATION_RECOMMENDATIONS.md create mode 100644 docs/RUNNER_LABELS.md create mode 100644 runners/compose.yaml create mode 100644 runners/config_docker.yaml create mode 100644 runners/config_heavy.yaml create mode 100644 runners/config_light.yaml create mode 100644 runners/config_security.yaml diff --git a/.gitea/workflows/api-docs.yml b/.gitea/workflows/api-docs.yml index 21d5842..1d3acdc 100644 --- a/.gitea/workflows/api-docs.yml +++ b/.gitea/workflows/api-docs.yml @@ -16,7 +16,7 @@ env: jobs: test: - runs-on: [self-hosted, light, nodejs] + runs-on: [nodejs, light, self-hosted] defaults: run: working-directory: ./services/api-docs @@ -113,7 +113,7 @@ jobs: echo "Jest test results: services/api-docs/test-results/" build: - runs-on: [self-hosted, light, nodejs] + runs-on: [nodejs, light, self-hosted] needs: test defaults: run: diff --git a/.gitea/workflows/api-gateway.yml b/.gitea/workflows/api-gateway.yml index 4f17f07..20ed331 100644 --- a/.gitea/workflows/api-gateway.yml +++ b/.gitea/workflows/api-gateway.yml @@ -16,7 +16,7 @@ env: jobs: test: - runs-on: [self-hosted, heavy, java] + runs-on: [java, heavy, self-hosted] defaults: run: working-directory: ./services/api-gateway @@ -82,7 +82,7 @@ jobs: name: api-gateway-coverage build: - runs-on: [self-hosted, heavy, java] + runs-on: [java, heavy, self-hosted] needs: test defaults: run: @@ -116,7 +116,7 @@ jobs: run: docker build -t api-gateway:test . security: - runs-on: [self-hosted, security, scan] + runs-on: [security, scan, self-hosted] needs: build steps: diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 44653bb..c14bfed 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -13,7 +13,7 @@ env: jobs: # Java Spring Boot API Gateway api-gateway: - runs-on: [self-hosted, heavy, java] + runs-on: [java, heavy, self-hosted] defaults: run: working-directory: ./services/api-gateway @@ -49,7 +49,7 @@ jobs: # Python FastAPI Service Adapters service-adapters: - runs-on: [self-hosted, heavy, python] + runs-on: [python, heavy, self-hosted] defaults: run: working-directory: ./services/service-adapters @@ -99,7 +99,7 @@ jobs: # Node.js API Documentation Service api-docs: - runs-on: [self-hosted, light, nodejs] + runs-on: [nodejs, light, self-hosted] defaults: run: working-directory: ./services/api-docs @@ -144,7 +144,7 @@ jobs: # React Frontend frontend: - runs-on: [self-hosted, light, frontend] + runs-on: [frontend, light, self-hosted] defaults: run: working-directory: ./frontend @@ -189,7 +189,7 @@ jobs: # Integration Tests integration-tests: - runs-on: [self-hosted, docker, integration] + runs-on: [docker, integration, self-hosted] needs: [api-gateway, service-adapters, api-docs, frontend] steps: @@ -224,7 +224,7 @@ jobs: # Security and Quality Gates security-scan: - runs-on: [self-hosted, security, scan] + runs-on: [security, scan, self-hosted] needs: [api-gateway, service-adapters, api-docs, frontend] steps: diff --git a/.gitea/workflows/frontend.yml b/.gitea/workflows/frontend.yml index ef582d1..cf324eb 100644 --- a/.gitea/workflows/frontend.yml +++ b/.gitea/workflows/frontend.yml @@ -16,7 +16,7 @@ env: jobs: test: - runs-on: [self-hosted, light, frontend] + runs-on: [frontend, light, self-hosted] defaults: run: working-directory: ./frontend @@ -85,7 +85,7 @@ jobs: echo "Jest test results: frontend/test-results/" build: - runs-on: [self-hosted, light, frontend] + runs-on: [frontend, light, self-hosted] needs: test defaults: run: @@ -131,7 +131,7 @@ jobs: run: docker build -t frontend:test . lighthouse: - runs-on: [self-hosted, light, frontend] + runs-on: [frontend, light, self-hosted] needs: build if: github.event_name == 'pull_request' diff --git a/.gitea/workflows/integration-tests.yml b/.gitea/workflows/integration-tests.yml index 1a92ba0..99af5d6 100644 --- a/.gitea/workflows/integration-tests.yml +++ b/.gitea/workflows/integration-tests.yml @@ -12,7 +12,7 @@ env: jobs: integration-tests: - runs-on: [self-hosted, docker, integration] + runs-on: [docker, integration, self-hosted] services: postgres: diff --git a/.gitea/workflows/service-adapters.yml b/.gitea/workflows/service-adapters.yml index ba86f74..fab952c 100644 --- a/.gitea/workflows/service-adapters.yml +++ b/.gitea/workflows/service-adapters.yml @@ -16,7 +16,7 @@ env: jobs: test: - runs-on: [self-hosted, heavy, python] + runs-on: [python, self-hosted] defaults: run: working-directory: ./services/service-adapters @@ -99,7 +99,7 @@ jobs: echo "Security reports: bandit-report.json, safety-report.json" build: - runs-on: [self-hosted, heavy, python] + runs-on: [python, heavy, self-hosted] needs: test defaults: run: diff --git a/docs/OPTIMIZATION_RECOMMENDATIONS.md b/docs/OPTIMIZATION_RECOMMENDATIONS.md new file mode 100644 index 0000000..1339639 --- /dev/null +++ b/docs/OPTIMIZATION_RECOMMENDATIONS.md @@ -0,0 +1,183 @@ +# LabFusion CI/CD Optimization Recommendations + +## Current State Analysis + +### What We're Currently Using: +- **Full Ubuntu Latest images** for all workloads (~2-3GB per container) +- **Setup actions** that install tools every time (Java, Python, Node.js) +- **Generic labels** that don't optimize for specific workloads + +### What Each Pipeline Actually Needs: + +#### Heavy Runner (Java + Python): +- **Java**: JDK 17, Maven (for API Gateway) +- **Python**: Python 3.11, pip, pytest, flake8, black, isort, bandit, safety, mypy (for Service Adapters) +- **Docker**: For building images + +#### Light Runner (Node.js + Frontend): +- **Node.js**: Node 16/18/20, npm (for API Docs and Frontend) +- **Docker**: For building images + +#### Docker Runner: +- **Docker**: Docker-in-Docker capabilities +- **Basic tools**: curl, git + +#### Security Runner: +- **Security tools**: Trivy, OWASP ZAP, etc. +- **Docker**: For scanning images + +## Optimization Strategy + +### 1. Use Specialized Images + +Instead of full Ubuntu latest, use optimized images from [Gitea's runner-images](https://gitea.com/docker.gitea.com/runner-images): + +```yaml +# Heavy Runner - Java workloads +- "java:docker://docker.gitea.com/runner-images:ubuntu-22.04-java17-maven" +- "heavy:docker://docker.gitea.com/runner-images:ubuntu-22.04-java17-maven" + +# Heavy Runner - Python workloads +- "python:docker://docker.gitea.com/runner-images:ubuntu-22.04-python3.11" + +# Light Runner - Node.js workloads +- "nodejs:docker://docker.gitea.com/runner-images:ubuntu-22.04-node20" +- "frontend:docker://docker.gitea.com/runner-images:ubuntu-22.04-node20" + +# Docker Runner - Docker-in-Docker +- "docker:docker://docker.gitea.com/runner-images:ubuntu-22.04-docker" + +# Security Runner - Security tools +- "security:docker://docker.gitea.com/runner-images:ubuntu-22.04-security" +``` + +### 2. Benefits of Specialized Images + +- **Faster startup**: Pre-installed tools mean no setup time +- **Smaller images**: Only includes what's needed (~500MB vs 2-3GB) +- **Better caching**: Tools are already in the image layer +- **More reliable**: No network dependency for tool installation + +### 3. Workflow Optimizations + +#### Remove Redundant Setup Steps + +**Before (current):** +```yaml +- name: Set up JDK 17 + uses: actions/setup-java@v4 + with: + java-version: '17' + distribution: 'temurin' +``` + +**After (optimized):** +```yaml +# Remove this step - Java 17 and Maven are pre-installed +# - name: Set up JDK 17 +# uses: actions/setup-java@v4 +``` + +#### Use Matrix Strategy for Node.js Versions + +**Current approach**: Multiple setup steps +**Optimized approach**: Use matrix with specialized images + +```yaml +strategy: + matrix: + node-version: [16, 18, 20] + image: + - "ubuntu-22.04-node16" + - "ubuntu-22.04-node18" + - "ubuntu-22.04-node20" +``` + +### 4. Fallback Strategy + +Keep `ubuntu-latest` as fallback for: +- Complex builds that need many tools +- Debugging when specialized images fail +- New workloads not yet optimized + +### 5. Performance Impact + +#### Expected Improvements: +- **Startup time**: 30-60 seconds faster per job +- **Image size**: 60-70% smaller +- **Cache efficiency**: Better layer reuse +- **Resource usage**: Lower memory footprint + +#### Example Timeline: +``` +Current: Checkout (10s) + Setup Java (30s) + Setup Maven (20s) + Run Tests (60s) = 120s +Optimized: Checkout (10s) + Run Tests (60s) = 70s +Savings: 50s per job (42% faster) +``` + +## Implementation Plan + +### Phase 1: Update Config Files ✅ +- [x] Update `config_heavy.yaml` with specialized images +- [x] Update `config_light.yaml` with Node.js images +- [x] Update `config_docker.yaml` with Docker-in-Docker image +- [x] Update `config_security.yaml` with security tools image + +### Phase 2: Test and Validate +- [ ] Test each runner with optimized images +- [ ] Verify all tools are available +- [ ] Check performance improvements +- [ ] Validate fallback works + +### Phase 3: Optimize Workflows +- [ ] Remove redundant setup steps +- [ ] Update matrix strategies +- [ ] Add performance monitoring +- [ ] Document changes + +### Phase 4: Monitor and Tune +- [ ] Monitor job execution times +- [ ] Track resource usage +- [ ] Fine-tune based on metrics +- [ ] Update documentation + +## Available Gitea Runner Images + +Check [Gitea's runner-images repository](https://gitea.com/docker.gitea.com/runner-images) for available images: + +### Java Images: +- `ubuntu-22.04-java17-maven` +- `ubuntu-22.04-java21-maven` +- `ubuntu-22.04-java17-gradle` + +### Python Images: +- `ubuntu-22.04-python3.11` +- `ubuntu-22.04-python3.12` +- `ubuntu-22.04-python3.11-pip` + +### Node.js Images: +- `ubuntu-22.04-node18` +- `ubuntu-22.04-node20` +- `ubuntu-22.04-node21` + +### Docker Images: +- `ubuntu-22.04-docker` +- `ubuntu-22.04-docker-compose` + +### Security Images: +- `ubuntu-22.04-security` +- `ubuntu-22.04-trivy` + +## Next Steps + +1. **Test the updated config files** with a simple job +2. **Verify image availability** on Gitea's registry +3. **Update workflows** to remove redundant setup steps +4. **Monitor performance** improvements +5. **Document the changes** for the team + +## References + +- [Gitea Runner Images](https://gitea.com/docker.gitea.com/runner-images) +- [Gitea Actions Design](https://docs.gitea.com/usage/actions/design#act-runner) +- [LabFusion Runner Labels](RUNNER_LABELS.md) diff --git a/docs/RUNNER_LABELS.md b/docs/RUNNER_LABELS.md new file mode 100644 index 0000000..8ea4295 --- /dev/null +++ b/docs/RUNNER_LABELS.md @@ -0,0 +1,180 @@ +# Gitea Actions Runner Labels - Technical Summary + +Based on the [Gitea Actions Design Documentation](https://docs.gitea.com/usage/actions/design#act-runner), this document summarizes how runner labels work in Gitea Actions. + +## Overview + +Gitea Actions uses a label-based system to match workflow jobs with appropriate runners. The `runs-on: ubuntu-latest` directive in workflow files means the job will run on a runner that has the `ubuntu-latest` label. + +## Label Format + +Runner labels follow the format: `label[:schema[:args]]` + +### Schema Types + +1. **`host` (default)**: Run jobs directly on the host machine + - `my_custom_label:host` - Run on host + - `my_custom_label` - Same as above (host is default) + +2. **`docker`**: Run jobs in Docker containers + - `my_custom_label:docker://node:18` - Run in Node.js 18 container + - `my_custom_label:docker://centos:7` - Run in CentOS 7 container + +3. **`vm` (example, not implemented)**: Run in virtual machines + - `my_custom_label:vm:ubuntu-latest` - Run in Ubuntu VM + +## Label Mapping + +When registering a runner, you specify which labels it can handle and how: + +```bash +# Example registration with custom labels +act_runner register \ + --labels "ubuntu-latest:docker://ubuntu:22.04,self-hosted:host,heavy:docker://ubuntu:22.04" +``` + +This means: +- Jobs with `runs-on: ubuntu-latest` → Run in Ubuntu 22.04 Docker container +- Jobs with `runs-on: self-hosted` → Run directly on host +- Jobs with `runs-on: heavy` → Run in Ubuntu 22.04 Docker container + +## LabFusion Implementation + +For the LabFusion project, our runners use these labels: + +### Heavy Runner +- **Labels**: `ubuntu-latest,self-hosted,heavy,java,python` +- **Purpose**: Java Spring Boot and Python FastAPI workloads +- **Configuration**: Uses Docker containers for isolation +- **Config File**: `config_heavy.yaml` + +### Light Runner +- **Labels**: `ubuntu-latest,self-hosted,light,nodejs,frontend` +- **Purpose**: Node.js and React frontend workloads +- **Configuration**: Uses Docker containers for isolation +- **Config File**: `config_light.yaml` + +### Docker Runner +- **Labels**: `ubuntu-latest,self-hosted,docker,integration` +- **Purpose**: Integration tests and Docker builds +- **Configuration**: Full Docker-in-Docker capabilities +- **Config File**: `config_docker.yaml` + +### Security Runner +- **Labels**: `ubuntu-latest,self-hosted,security,scan` +- **Purpose**: Security scans and vulnerability assessments +- **Configuration**: Specialized for security tools +- **Config File**: `config_security.yaml` + +## Label Mapping in Config Files + +Each runner configuration file maps labels to Docker images: + +### Heavy Runner (`config_heavy.yaml`) +```yaml +labels: + - "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest" + - "self-hosted:docker://docker.gitea.com/runner-images:ubuntu-latest" + - "heavy:docker://docker.gitea.com/runner-images:ubuntu-latest" + - "java:docker://docker.gitea.com/runner-images:ubuntu-latest" + - "python:docker://docker.gitea.com/runner-images:ubuntu-latest" +``` + +### Light Runner (`config_light.yaml`) +```yaml +labels: + - "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest" + - "self-hosted:docker://docker.gitea.com/runner-images:ubuntu-latest" + - "light:docker://docker.gitea.com/runner-images:ubuntu-latest" + - "nodejs:docker://docker.gitea.com/runner-images:ubuntu-latest" + - "frontend:docker://docker.gitea.com/runner-images:ubuntu-latest" +``` + +### Docker Runner (`config_docker.yaml`) +```yaml +labels: + - "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest" + - "self-hosted:docker://docker.gitea.com/runner-images:ubuntu-latest" + - "docker:docker://docker.gitea.com/runner-images:ubuntu-latest" + - "integration:docker://docker.gitea.com/runner-images:ubuntu-latest" +``` + +### Security Runner (`config_security.yaml`) +```yaml +labels: + - "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest" + - "self-hosted:docker://docker.gitea.com/runner-images:ubuntu-latest" + - "security:docker://docker.gitea.com/runner-images:ubuntu-latest" + - "scan:docker://docker.gitea.com/runner-images:ubuntu-latest" +``` + +## Label Priority and Matching + +**Important**: The order of labels in `runs-on` matters! Gitea checks labels in order and uses the first match. + +### Optimized Approach: +```yaml +# ✅ GOOD: Specific labels first, fallback last +runs-on: [java, heavy, self-hosted] +``` + +This will match: +1. `java:docker://...` (optimized Java image) ✅ +2. `heavy:docker://...` (if java not available) +3. `self-hosted:docker://...` (fallback to full Ubuntu) + +### Avoid This: +```yaml +# ❌ BAD: Generic labels first +runs-on: [self-hosted, heavy, java] +``` + +This will match: +1. `self-hosted:docker://...` (full Ubuntu image) ❌ +2. Never reaches the optimized `java` label + +## Workflow Usage + +In our CI/CD workflows, jobs specify which runner to use: + +```yaml +# API Gateway (Java) - uses optimized Java image +runs-on: [java, heavy, self-hosted] + +# Service Adapters (Python) - uses optimized Python image +runs-on: [python, heavy, self-hosted] + +# API Docs (Node.js) - uses optimized Node.js image +runs-on: [nodejs, light, self-hosted] + +# Frontend (React) - uses optimized Node.js image +runs-on: [frontend, light, self-hosted] + +# Integration Tests - uses optimized Docker image +runs-on: [docker, integration, self-hosted] + +# Security Scans - uses optimized security image +runs-on: [security, scan, self-hosted] +``` + +## Key Benefits + +1. **Flexibility**: Mix and match labels for different workload types +2. **Isolation**: Docker containers provide job isolation +3. **Resource Management**: Different runners can have different resource limits +4. **Specialization**: Dedicated runners for specific tasks (security, integration) +5. **Scalability**: Easy to add more runners with specific label combinations + +## Best Practices + +1. **Use descriptive labels** that clearly indicate the runner's purpose +2. **Combine multiple labels** to allow flexible job assignment +3. **Use Docker containers** for better isolation and consistency +4. **Match labels to workflow requirements** for optimal resource usage +5. **Consider resource limits** when assigning labels to runners + +## References + +- [Gitea Actions Design Documentation](https://docs.gitea.com/usage/actions/design#act-runner) +- [LabFusion Runners Setup](RUNNERS.md) +- [LabFusion CI/CD Pipelines](CI_CD.md) diff --git a/docs/structure.txt b/docs/structure.txt index aa223c8..59f3fac 100644 --- a/docs/structure.txt +++ b/docs/structure.txt @@ -115,5 +115,7 @@ runners/ ├── specs.md # Project specifications ├── structure.txt # Project structure ├── progress.md # Development progress tracking - ├── CI_CD.md # CI/CD pipeline documentation - └── RUNNERS.md # Gitea runners setup and management \ No newline at end of file + ├── RUNNERS.md # Gitea runners setup and management + ├── RUNNER_LABELS.md # Runner labels technical documentation + ├── OPTIMIZATION_RECOMMENDATIONS.md # CI/CD optimization recommendations + └── CI_CD.md # CI/CD pipeline documentation \ No newline at end of file diff --git a/runners/compose.yaml b/runners/compose.yaml new file mode 100644 index 0000000..220a6a5 --- /dev/null +++ b/runners/compose.yaml @@ -0,0 +1,151 @@ +version: '3.8' + +services: + # Runner 1: Heavy workloads (Java/Python) + gitea-runner-heavy: + image: docker.io/gitea/act_runner:nightly + environment: + CONFIG_FILE: /config.yaml + GITEA_INSTANCE_URL: ${GITEA_INSTANCE_URL} + GITEA_RUNNER_REGISTRATION_TOKEN: ${GITEA_RUNNER_REGISTRATION_TOKEN} + GITEA_RUNNER_NAME: labfusion-runner-heavy + GITEA_RUNNER_LABELS: ubuntu-latest,self-hosted,heavy,java,python + env_file: + - .env.runners + volumes: + - ./config_heavy.yaml:/config.yaml + - ./data:/data + - /var/run/docker.sock:/var/run/docker.sock + restart: unless-stopped + deploy: + resources: + limits: + cpus: '4.0' + memory: 8G + reservations: + cpus: '2.0' + memory: 4G + networks: + - gitea-runners + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8080/health"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 40s + + # Runner 2: Light workloads (Node.js/Frontend) + gitea-runner-light: + image: docker.io/gitea/act_runner:nightly + environment: + CONFIG_FILE: /config.yaml + GITEA_INSTANCE_URL: ${GITEA_INSTANCE_URL} + GITEA_RUNNER_REGISTRATION_TOKEN: ${GITEA_RUNNER_REGISTRATION_TOKEN} + GITEA_RUNNER_NAME: labfusion-runner-light + GITEA_RUNNER_LABELS: ubuntu-latest,self-hosted,light,nodejs,frontend + env_file: + - .env.runners + volumes: + - ./config_light.yaml:/config.yaml + - ./data_light:/data + - /var/run/docker.sock:/var/run/docker.sock + restart: unless-stopped + deploy: + resources: + limits: + cpus: '2.0' + memory: 4G + reservations: + cpus: '1.0' + memory: 2G + networks: + - gitea-runners + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8080/health"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 40s + + # Runner 3: Integration/Docker workloads + gitea-runner-docker: + image: docker.io/gitea/act_runner:nightly + environment: + CONFIG_FILE: /config.yaml + GITEA_INSTANCE_URL: ${GITEA_INSTANCE_URL} + GITEA_RUNNER_REGISTRATION_TOKEN: ${GITEA_RUNNER_REGISTRATION_TOKEN} + GITEA_RUNNER_NAME: labfusion-runner-docker + GITEA_RUNNER_LABELS: ubuntu-latest,self-hosted,docker,integration + env_file: + - .env.runners + volumes: + - ./config_docker.yaml:/config.yaml + - ./data_docker:/data + - /var/run/docker.sock:/var/run/docker.sock + restart: unless-stopped + deploy: + resources: + limits: + cpus: '6.0' + memory: 12G + reservations: + cpus: '3.0' + memory: 6G + networks: + - gitea-runners + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8080/health"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 40s + + # Optional: Runner for specific tasks (e.g., security scans) + gitea-runner-security: + image: docker.io/gitea/act_runner:nightly + environment: + CONFIG_FILE: /config.yaml + GITEA_INSTANCE_URL: ${GITEA_INSTANCE_URL} + GITEA_RUNNER_REGISTRATION_TOKEN: ${GITEA_RUNNER_REGISTRATION_TOKEN} + GITEA_RUNNER_NAME: labfusion-runner-security + GITEA_RUNNER_LABELS: ubuntu-latest,self-hosted,security,scan + env_file: + - .env.runners + volumes: + - ./config_security.yaml:/config.yaml + - ./data_security:/data + - /var/run/docker.sock:/var/run/docker.sock + restart: unless-stopped + deploy: + resources: + limits: + cpus: '2.0' + memory: 4G + reservations: + cpus: '1.0' + memory: 2G + networks: + - gitea-runners + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8080/health"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 40s + +volumes: + runner-data-heavy: + driver: local + runner-data-light: + driver: local + runner-data-docker: + driver: local + runner-data-security: + driver: local + shared-cache: + driver: local + +networks: + gitea-runners: + driver: bridge + diff --git a/runners/config_docker.yaml b/runners/config_docker.yaml new file mode 100644 index 0000000..219d586 --- /dev/null +++ b/runners/config_docker.yaml @@ -0,0 +1,113 @@ +# Example configuration file, it's safe to copy this as the default config file without any modification. + +# You don't have to copy this file to your instance, +# just run `./act_runner generate-config > config.yaml` to generate a config file. + +log: + # The level of logging, can be trace, debug, info, warn, error, fatal + level: info + +runner: + # Where to store the registration result. + file: .runner + # Execute how many tasks concurrently at the same time. + capacity: 1 + # Extra environment variables to run jobs. + envs: + A_TEST_ENV_NAME_1: a_test_env_value_1 + A_TEST_ENV_NAME_2: a_test_env_value_2 + # Extra environment variables to run jobs from a file. + # It will be ignored if it's empty or the file doesn't exist. + env_file: .env + # The timeout for a job to be finished. + # Please note that the Gitea instance also has a timeout (3h by default) for the job. + # So the job could be stopped by the Gitea instance if it's timeout is shorter than this. + timeout: 3h + # The timeout for the runner to wait for running jobs to finish when shutting down. + # Any running jobs that haven't finished after this timeout will be cancelled. + shutdown_timeout: 0s + # Whether skip verifying the TLS certificate of the Gitea instance. + insecure: false + # The timeout for fetching the job from the Gitea instance. + fetch_timeout: 5s + # The interval for fetching the job from the Gitea instance. + fetch_interval: 2s + # The github_mirror of a runner is used to specify the mirror address of the github that pulls the action repository. + # It works when something like `uses: actions/checkout@v4` is used and DEFAULT_ACTIONS_URL is set to github, + # and github_mirror is not empty. In this case, + # it replaces https://github.com with the value here, which is useful for some special network environments. + github_mirror: '' + # The labels of a runner are used to determine which jobs the runner can run, and how to run them. + # Like: "macos-arm64:host" or "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest" + # Find more images provided by Gitea at https://gitea.com/docker.gitea.com/runner-images . + # If it's empty when registering, it will ask for inputting labels. + # If it's empty when execute `daemon`, will use labels in `.runner` file. + labels: + # Primary optimized images (checked first) + - "docker:docker://docker.gitea.com/runner-images:ubuntu-22.04-docker" + - "integration:docker://docker.gitea.com/runner-images:ubuntu-22.04-docker" + # Fallback images (checked last) + - "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest" + - "self-hosted:docker://docker.gitea.com/runner-images:ubuntu-latest" + +cache: + # Enable cache server to use actions/cache. + enabled: true + # The directory to store the cache data. + # If it's empty, the cache data will be stored in $HOME/.cache/actcache. + dir: "" + # The host of the cache server. + # It's not for the address to listen, but the address to connect from job containers. + # So 0.0.0.0 is a bad choice, leave it empty to detect automatically. + host: "" + # The port of the cache server. + # 0 means to use a random available port. + port: 0 + # The external cache server URL. Valid only when enable is true. + # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself. + # The URL should generally end with "/". + external_server: "" + +container: + # Specifies the network to which the container will connect. + # Could be host, bridge or the name of a custom network. + # If it's empty, act_runner will create a network automatically. + network: "" + # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker). + privileged: false + # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway). + options: + # The parent directory of a job's working directory. + # NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically. + # If the path starts with '/', the '/' will be trimmed. + # For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir + # If it's empty, /workspace will be used. + workdir_parent: + # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob + # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted. + # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to: + # valid_volumes: + # - data + # - /src/*.json + # If you want to allow any volume, please use the following configuration: + # valid_volumes: + # - '**' + valid_volumes: [] + # overrides the docker client host with the specified one. + # If it's empty, act_runner will find an available docker host automatically. + # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers. + # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work. + docker_host: "" + # Pull docker image(s) even if already present + force_pull: true + # Rebuild docker image(s) even if already present + force_rebuild: false + # Always require a reachable docker daemon, even if not required by act_runner + require_docker: false + # Timeout to wait for the docker daemon to be reachable, if docker is required by require_docker or act_runner + docker_timeout: 0s + +host: + # The parent directory of a job's working directory. + # If it's empty, $HOME/.cache/act/ will be used. + workdir_parent: diff --git a/runners/config_heavy.yaml b/runners/config_heavy.yaml new file mode 100644 index 0000000..ff3e4c3 --- /dev/null +++ b/runners/config_heavy.yaml @@ -0,0 +1,114 @@ +# Example configuration file, it's safe to copy this as the default config file without any modification. + +# You don't have to copy this file to your instance, +# just run `./act_runner generate-config > config.yaml` to generate a config file. + +log: + # The level of logging, can be trace, debug, info, warn, error, fatal + level: info + +runner: + # Where to store the registration result. + file: .runner + # Execute how many tasks concurrently at the same time. + capacity: 1 + # Extra environment variables to run jobs. + envs: + A_TEST_ENV_NAME_1: a_test_env_value_1 + A_TEST_ENV_NAME_2: a_test_env_value_2 + # Extra environment variables to run jobs from a file. + # It will be ignored if it's empty or the file doesn't exist. + env_file: .env + # The timeout for a job to be finished. + # Please note that the Gitea instance also has a timeout (3h by default) for the job. + # So the job could be stopped by the Gitea instance if it's timeout is shorter than this. + timeout: 3h + # The timeout for the runner to wait for running jobs to finish when shutting down. + # Any running jobs that haven't finished after this timeout will be cancelled. + shutdown_timeout: 0s + # Whether skip verifying the TLS certificate of the Gitea instance. + insecure: false + # The timeout for fetching the job from the Gitea instance. + fetch_timeout: 5s + # The interval for fetching the job from the Gitea instance. + fetch_interval: 2s + # The github_mirror of a runner is used to specify the mirror address of the github that pulls the action repository. + # It works when something like `uses: actions/checkout@v4` is used and DEFAULT_ACTIONS_URL is set to github, + # and github_mirror is not empty. In this case, + # it replaces https://github.com with the value here, which is useful for some special network environments. + github_mirror: '' + # The labels of a runner are used to determine which jobs the runner can run, and how to run them. + # Like: "macos-arm64:host" or "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest" + # Find more images provided by Gitea at https://gitea.com/docker.gitea.com/runner-images . + # If it's empty when registering, it will ask for inputting labels. + # If it's empty when execute `daemon`, will use labels in `.runner` file. + labels: + # Primary optimized images (checked first) + - "java:docker://docker.gitea.com/runner-images:ubuntu-22.04-java17-maven" + - "python:docker://docker.gitea.com/runner-images:ubuntu-22.04-python3.11" + - "heavy:docker://docker.gitea.com/runner-images:ubuntu-22.04-java17-maven" + # Fallback images (checked last) + - "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest" + - "self-hosted:docker://docker.gitea.com/runner-images:ubuntu-latest" + +cache: + # Enable cache server to use actions/cache. + enabled: true + # The directory to store the cache data. + # If it's empty, the cache data will be stored in $HOME/.cache/actcache. + dir: "" + # The host of the cache server. + # It's not for the address to listen, but the address to connect from job containers. + # So 0.0.0.0 is a bad choice, leave it empty to detect automatically. + host: "" + # The port of the cache server. + # 0 means to use a random available port. + port: 0 + # The external cache server URL. Valid only when enable is true. + # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself. + # The URL should generally end with "/". + external_server: "" + +container: + # Specifies the network to which the container will connect. + # Could be host, bridge or the name of a custom network. + # If it's empty, act_runner will create a network automatically. + network: "" + # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker). + privileged: false + # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway). + options: + # The parent directory of a job's working directory. + # NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically. + # If the path starts with '/', the '/' will be trimmed. + # For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir + # If it's empty, /workspace will be used. + workdir_parent: + # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob + # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted. + # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to: + # valid_volumes: + # - data + # - /src/*.json + # If you want to allow any volume, please use the following configuration: + # valid_volumes: + # - '**' + valid_volumes: [] + # overrides the docker client host with the specified one. + # If it's empty, act_runner will find an available docker host automatically. + # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers. + # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work. + docker_host: "" + # Pull docker image(s) even if already present + force_pull: true + # Rebuild docker image(s) even if already present + force_rebuild: false + # Always require a reachable docker daemon, even if not required by act_runner + require_docker: false + # Timeout to wait for the docker daemon to be reachable, if docker is required by require_docker or act_runner + docker_timeout: 0s + +host: + # The parent directory of a job's working directory. + # If it's empty, $HOME/.cache/act/ will be used. + workdir_parent: diff --git a/runners/config_light.yaml b/runners/config_light.yaml new file mode 100644 index 0000000..31c301e --- /dev/null +++ b/runners/config_light.yaml @@ -0,0 +1,114 @@ +# Example configuration file, it's safe to copy this as the default config file without any modification. + +# You don't have to copy this file to your instance, +# just run `./act_runner generate-config > config.yaml` to generate a config file. + +log: + # The level of logging, can be trace, debug, info, warn, error, fatal + level: info + +runner: + # Where to store the registration result. + file: .runner + # Execute how many tasks concurrently at the same time. + capacity: 1 + # Extra environment variables to run jobs. + envs: + A_TEST_ENV_NAME_1: a_test_env_value_1 + A_TEST_ENV_NAME_2: a_test_env_value_2 + # Extra environment variables to run jobs from a file. + # It will be ignored if it's empty or the file doesn't exist. + env_file: .env + # The timeout for a job to be finished. + # Please note that the Gitea instance also has a timeout (3h by default) for the job. + # So the job could be stopped by the Gitea instance if it's timeout is shorter than this. + timeout: 3h + # The timeout for the runner to wait for running jobs to finish when shutting down. + # Any running jobs that haven't finished after this timeout will be cancelled. + shutdown_timeout: 0s + # Whether skip verifying the TLS certificate of the Gitea instance. + insecure: false + # The timeout for fetching the job from the Gitea instance. + fetch_timeout: 5s + # The interval for fetching the job from the Gitea instance. + fetch_interval: 2s + # The github_mirror of a runner is used to specify the mirror address of the github that pulls the action repository. + # It works when something like `uses: actions/checkout@v4` is used and DEFAULT_ACTIONS_URL is set to github, + # and github_mirror is not empty. In this case, + # it replaces https://github.com with the value here, which is useful for some special network environments. + github_mirror: '' + # The labels of a runner are used to determine which jobs the runner can run, and how to run them. + # Like: "macos-arm64:host" or "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest" + # Find more images provided by Gitea at https://gitea.com/docker.gitea.com/runner-images . + # If it's empty when registering, it will ask for inputting labels. + # If it's empty when execute `daemon`, will use labels in `.runner` file. + labels: + # Primary optimized images (checked first) + - "nodejs:docker://docker.gitea.com/runner-images:ubuntu-22.04-node20" + - "frontend:docker://docker.gitea.com/runner-images:ubuntu-22.04-node20" + - "light:docker://docker.gitea.com/runner-images:ubuntu-22.04-node20" + # Fallback images (checked last) + - "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest" + - "self-hosted:docker://docker.gitea.com/runner-images:ubuntu-latest" + +cache: + # Enable cache server to use actions/cache. + enabled: true + # The directory to store the cache data. + # If it's empty, the cache data will be stored in $HOME/.cache/actcache. + dir: "" + # The host of the cache server. + # It's not for the address to listen, but the address to connect from job containers. + # So 0.0.0.0 is a bad choice, leave it empty to detect automatically. + host: "" + # The port of the cache server. + # 0 means to use a random available port. + port: 0 + # The external cache server URL. Valid only when enable is true. + # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself. + # The URL should generally end with "/". + external_server: "" + +container: + # Specifies the network to which the container will connect. + # Could be host, bridge or the name of a custom network. + # If it's empty, act_runner will create a network automatically. + network: "" + # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker). + privileged: false + # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway). + options: + # The parent directory of a job's working directory. + # NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically. + # If the path starts with '/', the '/' will be trimmed. + # For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir + # If it's empty, /workspace will be used. + workdir_parent: + # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob + # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted. + # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to: + # valid_volumes: + # - data + # - /src/*.json + # If you want to allow any volume, please use the following configuration: + # valid_volumes: + # - '**' + valid_volumes: [] + # overrides the docker client host with the specified one. + # If it's empty, act_runner will find an available docker host automatically. + # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers. + # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work. + docker_host: "" + # Pull docker image(s) even if already present + force_pull: true + # Rebuild docker image(s) even if already present + force_rebuild: false + # Always require a reachable docker daemon, even if not required by act_runner + require_docker: false + # Timeout to wait for the docker daemon to be reachable, if docker is required by require_docker or act_runner + docker_timeout: 0s + +host: + # The parent directory of a job's working directory. + # If it's empty, $HOME/.cache/act/ will be used. + workdir_parent: diff --git a/runners/config_security.yaml b/runners/config_security.yaml new file mode 100644 index 0000000..2ac2417 --- /dev/null +++ b/runners/config_security.yaml @@ -0,0 +1,113 @@ +# Example configuration file, it's safe to copy this as the default config file without any modification. + +# You don't have to copy this file to your instance, +# just run `./act_runner generate-config > config.yaml` to generate a config file. + +log: + # The level of logging, can be trace, debug, info, warn, error, fatal + level: info + +runner: + # Where to store the registration result. + file: .runner + # Execute how many tasks concurrently at the same time. + capacity: 1 + # Extra environment variables to run jobs. + envs: + A_TEST_ENV_NAME_1: a_test_env_value_1 + A_TEST_ENV_NAME_2: a_test_env_value_2 + # Extra environment variables to run jobs from a file. + # It will be ignored if it's empty or the file doesn't exist. + env_file: .env + # The timeout for a job to be finished. + # Please note that the Gitea instance also has a timeout (3h by default) for the job. + # So the job could be stopped by the Gitea instance if it's timeout is shorter than this. + timeout: 3h + # The timeout for the runner to wait for running jobs to finish when shutting down. + # Any running jobs that haven't finished after this timeout will be cancelled. + shutdown_timeout: 0s + # Whether skip verifying the TLS certificate of the Gitea instance. + insecure: false + # The timeout for fetching the job from the Gitea instance. + fetch_timeout: 5s + # The interval for fetching the job from the Gitea instance. + fetch_interval: 2s + # The github_mirror of a runner is used to specify the mirror address of the github that pulls the action repository. + # It works when something like `uses: actions/checkout@v4` is used and DEFAULT_ACTIONS_URL is set to github, + # and github_mirror is not empty. In this case, + # it replaces https://github.com with the value here, which is useful for some special network environments. + github_mirror: '' + # The labels of a runner are used to determine which jobs the runner can run, and how to run them. + # Like: "macos-arm64:host" or "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest" + # Find more images provided by Gitea at https://gitea.com/docker.gitea.com/runner-images . + # If it's empty when registering, it will ask for inputting labels. + # If it's empty when execute `daemon`, will use labels in `.runner` file. + labels: + # Primary optimized images (checked first) + - "security:docker://docker.gitea.com/runner-images:ubuntu-22.04-security" + - "scan:docker://docker.gitea.com/runner-images:ubuntu-22.04-security" + # Fallback images (checked last) + - "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest" + - "self-hosted:docker://docker.gitea.com/runner-images:ubuntu-latest" + +cache: + # Enable cache server to use actions/cache. + enabled: true + # The directory to store the cache data. + # If it's empty, the cache data will be stored in $HOME/.cache/actcache. + dir: "" + # The host of the cache server. + # It's not for the address to listen, but the address to connect from job containers. + # So 0.0.0.0 is a bad choice, leave it empty to detect automatically. + host: "" + # The port of the cache server. + # 0 means to use a random available port. + port: 0 + # The external cache server URL. Valid only when enable is true. + # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself. + # The URL should generally end with "/". + external_server: "" + +container: + # Specifies the network to which the container will connect. + # Could be host, bridge or the name of a custom network. + # If it's empty, act_runner will create a network automatically. + network: "" + # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker). + privileged: false + # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway). + options: + # The parent directory of a job's working directory. + # NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically. + # If the path starts with '/', the '/' will be trimmed. + # For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir + # If it's empty, /workspace will be used. + workdir_parent: + # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob + # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted. + # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to: + # valid_volumes: + # - data + # - /src/*.json + # If you want to allow any volume, please use the following configuration: + # valid_volumes: + # - '**' + valid_volumes: [] + # overrides the docker client host with the specified one. + # If it's empty, act_runner will find an available docker host automatically. + # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers. + # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work. + docker_host: "" + # Pull docker image(s) even if already present + force_pull: true + # Rebuild docker image(s) even if already present + force_rebuild: false + # Always require a reachable docker daemon, even if not required by act_runner + require_docker: false + # Timeout to wait for the docker daemon to be reachable, if docker is required by require_docker or act_runner + docker_timeout: 0s + +host: + # The parent directory of a job's working directory. + # If it's empty, $HOME/.cache/act/ will be used. + workdir_parent: