SysAdmin
f66585e0b1
The runner config.yaml on disk was decorative — never read. The upstream gitea/act_runner image's run.sh only adds `--config <file>` when the CONFIG_FILE env var is set, and our compose set neither CONFIG_FILE nor mounted config.yaml into the container. So `timeout: 240m`, `container.options`, `valid_volumes` etc. were silently ignored and the runner ran on built-in defaults. This is also why iter17's `-v /root/.docker:/root/.docker:ro` addition to config.yaml had no effect on run #4264: the runner never read it. The push still failed with "no basic auth credentials". Fix: bind-mount ./config.yaml into the runner container at /etc/act_runner/config.yaml and set CONFIG_FILE to that path. After a `docker compose up -d --force-recreate`, the runner picks up everything in config.yaml — including the per-job-container /root/.docker bind. Per-job timeouts in build-iso-linux.yaml are set via `timeout-minutes: 240` at the job level, which overrides the daemon default anyway, so nothing was visibly broken before. But silently-ignored config is a trap for the next thing we add to config.yaml, so wire it correctly now. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
55 lines
2.6 KiB
YAML
55 lines
2.6 KiB
YAML
# silvermetal-builder Gitea Actions runner.
|
|
#
|
|
# Deployment target: SLAB docker host (10.0.0.51) at /opt/silvermetal-builder-runner/
|
|
# Setup:
|
|
# 1. Ensure docker-registry.silverlabs.uk/silvermetal-builder:latest is pushed.
|
|
# 2. Get a registration token: Gitea Admin -> Actions -> Runners
|
|
# (or `curl -H "Authorization: token $GITEA_TOKEN" \
|
|
# https://git.silverlabs.uk/api/v1/admin/runners/registration-token`)
|
|
# 3. Set RUNNER_TOKEN in .env
|
|
# 4. docker compose up -d
|
|
#
|
|
# Why privileged: live-build mounts loop devices and chroots inside the build
|
|
# container. Without privileged, mksquashfs and debootstrap fail.
|
|
|
|
services:
|
|
silvermetal-runner:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile.runner
|
|
container_name: silvermetal-builder-runner
|
|
restart: unless-stopped
|
|
privileged: true
|
|
environment:
|
|
GITEA_INSTANCE_URL: https://git.silverlabs.uk
|
|
GITEA_RUNNER_REGISTRATION_TOKEN: ${RUNNER_TOKEN}
|
|
GITEA_RUNNER_NAME: silvermetal-builder
|
|
# Label routing. Both labels map to the standard catthehacker image
|
|
# (has bash + git + docker-cli, everything build.sh needs to run).
|
|
# The actual silvermetal-builder build environment (live-build, etc.)
|
|
# is invoked by build.sh via `docker run`, not as the job container —
|
|
# that keeps the silvermetal-builder image minimal and avoids nesting
|
|
# docker-cli inside our own pinned image.
|
|
GITEA_RUNNER_LABELS: "silvermetal-builder:docker://catthehacker/ubuntu:act-latest,ubuntu-latest:docker://catthehacker/ubuntu:act-latest"
|
|
# Tell run.sh to launch act_runner with `--config /etc/act_runner/config.yaml`.
|
|
# Without this env, run.sh skips --config entirely and act_runner falls
|
|
# back to compiled-in defaults — silently ignoring everything in
|
|
# config.yaml (timeout, container.options, valid_volumes…).
|
|
CONFIG_FILE: /etc/act_runner/config.yaml
|
|
volumes:
|
|
- runner-data:/data
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- /root/.docker:/root/.docker:ro
|
|
# Bind the runner config in. With CONFIG_FILE set above, run.sh hands
|
|
# this path to `act_runner daemon --config`. Both the host file and the
|
|
# mount path must match the env var exactly.
|
|
- ./config.yaml:/etc/act_runner/config.yaml:ro
|
|
# Cache for snapshot.debian.org and apt downloads — survives container
|
|
# recreate, avoids repeated mirror traffic and the rate-limit risk.
|
|
- /opt/silvermetal-builder-runner/cache:/cache
|
|
labels:
|
|
- "com.silverlabs.service=gitea-silvermetal-builder-runner"
|
|
|
|
volumes:
|
|
runner-data:
|