SilverLABS/SilverMetal
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bf55a3f81c45a77e00716bfbf31e821b7bce60dc
SilverMetal/linux/build/runner/README.md
SysAdmin 7b99516232 feat(linux/build): silvermetal-builder Gitea Actions runner deployment 
act_runner-based deployment that handles `runs-on: silvermetal-builder` jobs.
Adapted from the stinky-roger-tv flutter-builder pattern with three changes:

- privileged: true (live-build needs loop devices + chroot)
- 4h job timeout (covers two reproducibility-gated ISO builds + diffoscope)
- silvermetal-builder label maps to catthehacker/ubuntu:act-latest, not the
  silvermetal-builder image — the builder image stays minimal (no docker-cli),
  and build.sh invokes it via `docker run` from the catthehacker job shell

Deployed at /opt/silvermetal-builder-runner/ on the SLAB docker host
(10.0.0.51); registered with git.silverlabs.uk and reporting healthy.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-26 11:59:44 +01:00

62 lines
2.3 KiB
Markdown
Raw Blame History

# silvermetal-builder runner deployment
The Gitea Actions runner that handles `runs-on: silvermetal-builder` jobs from `.gitea/workflows/build-iso-linux.yaml`.
## Layout
| File | Purpose |
|----------------------|------------------------------------------------------------------------|
| `docker-compose.yml` | act_runner service definition, deployed on SLAB docker host. |
| `Dockerfile.runner` | Adds `docker-cli` to the upstream `gitea/act_runner` image. |
| `config.yaml` | act_runner runtime config — privileged, 4h timeout, host network. |
| `.env.example` | Template for the registration-token env file (real `.env` not commit). |
## Why privileged
`live-build` needs loop devices and chroot inside the build container. Without `privileged: true`, `mksquashfs` and `debootstrap` fail. This is the only Gitea runner in the SilverLABS fleet that runs privileged — keep its scope narrow (one repo, one job class).
## Deploy
On the SLAB docker host (`10.0.0.51`):
```bash
sudo mkdir -p /opt/silvermetal-builder-runner
cd /opt/silvermetal-builder-runner
# Copy this directory's contents in (e.g. via scp or rsync from a checkout
# of SilverLABS/SilverMetal at linux/build/runner/).
# Then create the .env with a fresh registration token:
GITEA_TOKEN=<admin-token> \
curl -H "Authorization: token $GITEA_TOKEN" \
https://git.silverlabs.uk/api/v1/admin/runners/registration-token
cp .env.example .env
$EDITOR .env # paste the token
# Pre-pull the builder image so the first job isn't a cold start:
docker login docker-registry.silverlabs.uk
docker pull docker-registry.silverlabs.uk/silvermetal-builder:latest
docker compose up -d
docker compose logs -f --tail 50 # watch for "Runner registered"
```
Check the runner shows up under `git.silverlabs.uk/-/admin/actions/runners` with label `silvermetal-builder`.
## Bump the runner image / config
```bash
cd /opt/silvermetal-builder-runner
git pull # if you keep this dir as a checkout
docker compose up -d --build
```
## Tear down
```bash
docker compose down -v # -v drops runner-data volume; runner has to re-register
```
The runner-data volume holds the registered runner identity — keep it across image bumps so we don't pollute the Gitea runners list with dead entries.
Reference in New Issue View Git Blame Copy Permalink