From 3c31105fc68db3773a741ca414198b04890e0e9a Mon Sep 17 00:00:00 2001 From: Shahab Dogar Date: Sat, 22 Nov 2025 20:27:04 +0500 Subject: [PATCH] feat: Gitea | add runners to utility-services stack TBD if they will stay here --- gitea/actions/runner.yaml | 12 --- utility-services/gitea/index.ts | 1 + utility-services/gitea/runner.ts | 144 +++++++++++++++++++++++++++++++ utility-services/gitea/server.ts | 11 +-- utility-services/index.ts | 9 +- 5 files changed, 156 insertions(+), 21 deletions(-) create mode 100644 utility-services/gitea/runner.ts diff --git a/gitea/actions/runner.yaml b/gitea/actions/runner.yaml index 4065096..a5b34e8 100644 --- a/gitea/actions/runner.yaml +++ b/gitea/actions/runner.yaml @@ -1,15 +1,3 @@ -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: action-runner - namespace: homelab -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 10Gi - storageClassName: longhorn --- apiVersion: apps/v1 kind: Deployment diff --git a/utility-services/gitea/index.ts b/utility-services/gitea/index.ts index 3ccfa12..cff822e 100644 --- a/utility-services/gitea/index.ts +++ b/utility-services/gitea/index.ts @@ -1 +1,2 @@ export { GiteaServer } from "./server"; +export { GiteaRunner } from "./runner"; diff --git a/utility-services/gitea/runner.ts b/utility-services/gitea/runner.ts new file mode 100644 index 0000000..72766f3 --- /dev/null +++ b/utility-services/gitea/runner.ts @@ -0,0 +1,144 @@ +import { Construct } from "constructs"; +import { KubernetesProvider } from "@cdktf/provider-kubernetes/lib/provider"; + +import { OnePasswordSecret, LonghornPvc } from "../../utils"; +import { DeploymentV1 } from "@cdktf/provider-kubernetes/lib/deployment-v1"; +import { PodDisruptionBudgetV1 } from "@cdktf/provider-kubernetes/lib/pod-disruption-budget-v1"; + +type GiteaRunnerOptions = { + provider: KubernetesProvider; + name: string; + namespace: string; + replicas?: number; +}; + +export class GiteaRunner extends Construct { + constructor(scope: Construct, id: string, options: GiteaRunnerOptions) { + super(scope, id); + + const { provider, name, namespace } = options; + const replicas = options.replicas?.toString() ?? "1"; + + const pvc = new LonghornPvc(this, "data-pvc", { + provider, + name: `${name}-data`, + namespace: namespace, + size: "10Gi", + accessModes: ["ReadWriteMany"], + }); + + new OnePasswordSecret(this, "runner-secret", { + provider, + name: "runner-secret", + namespace: namespace, + itemPath: "vaults/Lab/items/Gitea", + }); + + new PodDisruptionBudgetV1(this, "pdb", { + provider, + metadata: { + name, + namespace, + }, + spec: { + minAvailable: replicas, + selector: { + matchLabels: { + app: name, + }, + }, + }, + }); + + new DeploymentV1(this, "gitea-runner", { + provider, + metadata: { + name: name, + namespace: namespace, + labels: { + app: name, + }, + }, + spec: { + replicas, + selector: { + matchLabels: { + app: name, + }, + }, + template: { + metadata: { + labels: { + app: name, + }, + }, + spec: { + nodeSelector: { + nodepool: "worker", + }, + topologySpreadConstraint: [ + { + maxSkew: 1, + topologyKey: "kubernetes.io/hostname", + whenUnsatisfiable: "DoNotSchedule", + labelSelector: [ + { + matchLabels: { + app: name, + }, + }, + ], + }, + ], + restartPolicy: "Always", + securityContext: { + fsGroup: "1000", + }, + container: [ + { + name: "gitea-runner", + image: "gitea/act_runner:nightly-dind-rootless", + env: [ + { + name: "DOCKER_HOST", + value: "unix:///run/user/1000/docker.sock", + }, + { + name: "GITEA_INSTANCE_URL", + value: "https://git.dogar.dev", + }, + { + name: "GITEA_RUNNER_REGISTRATION_TOKEN", + valueFrom: { + secretKeyRef: { + name: "runner-secret", + key: "runner-token", + }, + }, + }, + ], + securityContext: { + privileged: true, + }, + volumeMount: [ + { + name: "runner-data", + mountPath: "/data", + }, + ], + }, + ], + volume: [ + { + name: "runner-data", + persistentVolumeClaim: { + claimName: pvc.name, + }, + }, + ], + }, + }, + }, + }); + } +} diff --git a/utility-services/gitea/server.ts b/utility-services/gitea/server.ts index 12a78fd..214b5b0 100644 --- a/utility-services/gitea/server.ts +++ b/utility-services/gitea/server.ts @@ -1,18 +1,13 @@ import * as fs from "fs"; import * as path from "path"; -import { HelmProvider } from "@cdktf/provider-helm/lib/provider"; import { Release } from "@cdktf/provider-helm/lib/release"; import { Construct } from "constructs"; -import { KubernetesProvider } from "@cdktf/provider-kubernetes/lib/provider"; -import { OnePasswordSecret } from "../../utils"; -import { IngressRoute, IngressRouteTcp } from "../../utils/traefik"; +import { OnePasswordSecret, IngressRoute, IngressRouteTcp } from "../../utils"; +import type { Providers } from "../../types"; type GiteaServerOptions = { - providers: { - helm: HelmProvider; - kubernetes: KubernetesProvider; - }; + providers: Providers; name: string; namespace: string; r2Endpoint: string; diff --git a/utility-services/index.ts b/utility-services/index.ts index 3ace5fa..9f1db7d 100644 --- a/utility-services/index.ts +++ b/utility-services/index.ts @@ -5,7 +5,7 @@ import { DataTerraformRemoteStateS3, TerraformStack } from "cdktf"; import { Construct } from "constructs"; import { ValkeyCluster } from "./valkey"; -import { GiteaServer } from "./gitea"; +import { GiteaRunner, GiteaServer } from "./gitea"; import { AuthentikServer } from "./authentik"; import { PostgresCluster } from "./postgres"; import { DynamicDNS } from "./dynamic-dns"; @@ -110,5 +110,12 @@ export class UtilityServices extends TerraformStack { }); gitea.node.addDependency(authentik); + + new GiteaRunner(this, "gitea-runner", { + provider: kubernetes, + namespace, + name: "gitea-runner", + replicas: 3, + }); } }