SilverLABS/SilverMetal
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8a3cd0ba22175334fcdc9d251ab274dcdc229e00
SilverMetal/linux/build/runner/docker-compose.yml
SysAdmin 7b99516232 feat(linux/build): silvermetal-builder Gitea Actions runner deployment 
act_runner-based deployment that handles `runs-on: silvermetal-builder` jobs.
Adapted from the stinky-roger-tv flutter-builder pattern with three changes:

- privileged: true (live-build needs loop devices + chroot)
- 4h job timeout (covers two reproducibility-gated ISO builds + diffoscope)
- silvermetal-builder label maps to catthehacker/ubuntu:act-latest, not the
  silvermetal-builder image — the builder image stays minimal (no docker-cli),
  and build.sh invokes it via `docker run` from the catthehacker job shell

Deployed at /opt/silvermetal-builder-runner/ on the SLAB docker host
(10.0.0.51); registered with git.silverlabs.uk and reporting healthy.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-26 11:59:44 +01:00

46 lines
2.0 KiB
YAML
Raw Blame History

# silvermetal-builder Gitea Actions runner.
#
# Deployment target: SLAB docker host (10.0.0.51) at /opt/silvermetal-builder-runner/
# Setup:
# 1. Ensure docker-registry.silverlabs.uk/silvermetal-builder:latest is pushed.
# 2. Get a registration token: Gitea Admin -> Actions -> Runners
# (or `curl -H "Authorization: token $GITEA_TOKEN" \
# https://git.silverlabs.uk/api/v1/admin/runners/registration-token`)
# 3. Set RUNNER_TOKEN in .env
# 4. docker compose up -d
#
# Why privileged: live-build mounts loop devices and chroots inside the build
# container. Without privileged, mksquashfs and debootstrap fail.
services:
silvermetal-runner:
build:
context: .
dockerfile: Dockerfile.runner
container_name: silvermetal-builder-runner
restart: unless-stopped
privileged: true
environment:
GITEA_INSTANCE_URL: https://git.silverlabs.uk
GITEA_RUNNER_REGISTRATION_TOKEN: ${RUNNER_TOKEN}
GITEA_RUNNER_NAME: silvermetal-builder
# Label routing. Both labels map to the standard catthehacker image
# (has bash + git + docker-cli, everything build.sh needs to run).
# The actual silvermetal-builder build environment (live-build, etc.)
# is invoked by build.sh via `docker run`, not as the job container —
# that keeps the silvermetal-builder image minimal and avoids nesting
# docker-cli inside our own pinned image.
GITEA_RUNNER_LABELS: "silvermetal-builder:docker://catthehacker/ubuntu:act-latest,ubuntu-latest:docker://catthehacker/ubuntu:act-latest"
volumes:
- runner-data:/data
- /var/run/docker.sock:/var/run/docker.sock
- /root/.docker:/root/.docker:ro
# Cache for snapshot.debian.org and apt downloads — survives container
# recreate, avoids repeated mirror traffic and the rate-limit risk.
- /opt/silvermetal-builder-runner/cache:/cache
labels:
- "com.silverlabs.service=gitea-silvermetal-builder-runner"
volumes:
runner-data:
Reference in New Issue View Git Blame Copy Permalink