# silvermetal-builder Gitea Actions runner.
#
# Deployment target: SLAB docker host (10.0.0.51) at /opt/silvermetal-builder-runner/
# Setup:
#   1. Ensure docker-registry.silverlabs.uk/silvermetal-builder:latest is pushed.
#   2. Get a registration token: Gitea Admin -> Actions -> Runners
#      (or `curl -H "Authorization: token $GITEA_TOKEN" \
#            https://git.silverlabs.uk/api/v1/admin/runners/registration-token`)
#   3. Set RUNNER_TOKEN in .env
#   4. docker compose up -d
#
# Why privileged: live-build mounts loop devices and chroots inside the build
# container. Without privileged, mksquashfs and debootstrap fail.

services:
  silvermetal-runner:
    build:
      context: .
      dockerfile: Dockerfile.runner
    container_name: silvermetal-builder-runner
    restart: unless-stopped
    privileged: true
    environment:
      GITEA_INSTANCE_URL: https://git.silverlabs.uk
      GITEA_RUNNER_REGISTRATION_TOKEN: ${RUNNER_TOKEN}
      GITEA_RUNNER_NAME: silvermetal-builder
      # Label routing. Both labels map to the standard catthehacker image
      # (has bash + git + docker-cli, everything build.sh needs to run).
      # The actual silvermetal-builder build environment (live-build, etc.)
      # is invoked by build.sh via `docker run`, not as the job container —
      # that keeps the silvermetal-builder image minimal and avoids nesting
      # docker-cli inside our own pinned image.
      GITEA_RUNNER_LABELS: "silvermetal-builder:docker://catthehacker/ubuntu:act-latest,ubuntu-latest:docker://catthehacker/ubuntu:act-latest"
      # Tell run.sh to launch act_runner with `--config /etc/act_runner/config.yaml`.
      # Without this env, run.sh skips --config entirely and act_runner falls
      # back to compiled-in defaults — silently ignoring everything in
      # config.yaml (timeout, container.options, valid_volumes…).
      CONFIG_FILE: /etc/act_runner/config.yaml
    volumes:
      - runner-data:/data
      - /var/run/docker.sock:/var/run/docker.sock
      - /root/.docker:/root/.docker:ro
      # Bind the runner config in. With CONFIG_FILE set above, run.sh hands
      # this path to `act_runner daemon --config`. Both the host file and the
      # mount path must match the env var exactly.
      - ./config.yaml:/etc/act_runner/config.yaml:ro
      # Cache for snapshot.debian.org and apt downloads — survives container
      # recreate, avoids repeated mirror traffic and the rate-limit risk.
      - /opt/silvermetal-builder-runner/cache:/cache
    labels:
      - "com.silverlabs.service=gitea-silvermetal-builder-runner"

volumes:
  runner-data: