developer/tf-services
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(tf-services): Forgejo Actions + co-located runners

Browse source 
Enable [actions] on all 3 forges (cloud-init). Add docker-compose.runners.yml:
3 act_runner containers (one per forge) co-located on com.uvlava.quinn.artifacts,
sharing the forges' docker net, executing repo .forgejo/workflows. Reg tokens are
runtime secrets (per-forge admin registration-token), never committed.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Natalie 2026-06-30 04:34:56 -04:00
parent 07626ceb47
commit 4e4d9e7427
2 changed files with 41 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
cloud-init.yaml
View file

@ -27,19 +27,19 @@ write_files:
forgejo-ct:
image: codeberg.org/forgejo/forgejo:10
restart: always
environment: { USER_UID: "1000", USER_GID: "1000", FORGEJO__server__HTTP_PORT: "3000", FORGEJO__server__DOMAIN: "forge.ct.uvlava.com", FORGEJO__server__ROOT_URL: "https://forge.ct.uvlava.com/", FORGEJO__server__DISABLE_SSH: "false", FORGEJO__server__START_SSH_SERVER: "true", FORGEJO__server__SSH_LISTEN_PORT: "2222", FORGEJO__server__SSH_PORT: "2222", FORGEJO__server__SSH_DOMAIN: "forge.ct.uvlava.com", FORGEJO__security__INSTALL_LOCK: "true", FORGEJO__service__DISABLE_REGISTRATION: "true" }
environment: { USER_UID: "1000", USER_GID: "1000", FORGEJO__server__HTTP_PORT: "3000", FORGEJO__server__DOMAIN: "forge.ct.uvlava.com", FORGEJO__server__ROOT_URL: "https://forge.ct.uvlava.com/", FORGEJO__server__DISABLE_SSH: "false", FORGEJO__server__START_SSH_SERVER: "true", FORGEJO__server__SSH_LISTEN_PORT: "2222", FORGEJO__server__SSH_PORT: "2222", FORGEJO__server__SSH_DOMAIN: "forge.ct.uvlava.com", FORGEJO__security__INSTALL_LOCK: "true", FORGEJO__service__DISABLE_REGISTRATION: "true", FORGEJO__actions__ENABLED: "true" }
volumes: [ /opt/services/ct:/data ]
ports: [ "3000:3000", "2222:2222" ]
forgejo-mc:
image: codeberg.org/forgejo/forgejo:10
restart: always
environment: { USER_UID: "1000", USER_GID: "1000", FORGEJO__server__HTTP_PORT: "3000", FORGEJO__server__DOMAIN: "forge.mc.uvlava.com", FORGEJO__server__ROOT_URL: "https://forge.mc.uvlava.com/", FORGEJO__server__DISABLE_SSH: "false", FORGEJO__server__START_SSH_SERVER: "true", FORGEJO__server__SSH_LISTEN_PORT: "2223", FORGEJO__server__SSH_PORT: "2223", FORGEJO__server__SSH_DOMAIN: "forge.mc.uvlava.com", FORGEJO__security__INSTALL_LOCK: "true", FORGEJO__service__DISABLE_REGISTRATION: "true" }
environment: { USER_UID: "1000", USER_GID: "1000", FORGEJO__server__HTTP_PORT: "3000", FORGEJO__server__DOMAIN: "forge.mc.uvlava.com", FORGEJO__server__ROOT_URL: "https://forge.mc.uvlava.com/", FORGEJO__server__DISABLE_SSH: "false", FORGEJO__server__START_SSH_SERVER: "true", FORGEJO__server__SSH_LISTEN_PORT: "2223", FORGEJO__server__SSH_PORT: "2223", FORGEJO__server__SSH_DOMAIN: "forge.mc.uvlava.com", FORGEJO__security__INSTALL_LOCK: "true", FORGEJO__service__DISABLE_REGISTRATION: "true", FORGEJO__actions__ENABLED: "true" }
volumes: [ /opt/services/mc:/data ]
ports: [ "3001:3000", "2223:2223" ]
forgejo-quinn:
image: codeberg.org/forgejo/forgejo:10
restart: always
environment: { USER_UID: "1000", USER_GID: "1000", FORGEJO__server__HTTP_PORT: "3000", FORGEJO__server__DOMAIN: "forge.quinn.uvlava.com", FORGEJO__server__ROOT_URL: "https://forge.quinn.uvlava.com/", FORGEJO__server__DISABLE_SSH: "false", FORGEJO__server__START_SSH_SERVER: "true", FORGEJO__server__SSH_LISTEN_PORT: "2224", FORGEJO__server__SSH_PORT: "2224", FORGEJO__server__SSH_DOMAIN: "forge.quinn.uvlava.com", FORGEJO__security__INSTALL_LOCK: "true", FORGEJO__service__DISABLE_REGISTRATION: "true" }
environment: { USER_UID: "1000", USER_GID: "1000", FORGEJO__server__HTTP_PORT: "3000", FORGEJO__server__DOMAIN: "forge.quinn.uvlava.com", FORGEJO__server__ROOT_URL: "https://forge.quinn.uvlava.com/", FORGEJO__server__DISABLE_SSH: "false", FORGEJO__server__START_SSH_SERVER: "true", FORGEJO__server__SSH_LISTEN_PORT: "2224", FORGEJO__server__SSH_PORT: "2224", FORGEJO__server__SSH_DOMAIN: "forge.quinn.uvlava.com", FORGEJO__security__INSTALL_LOCK: "true", FORGEJO__service__DISABLE_REGISTRATION: "true", FORGEJO__actions__ENABLED: "true" }
volumes: [ /opt/services/quinn:/data ]
ports: [ "3002:3000", "2224:2224" ]
verdaccio:

38
docker-compose.runners.yml Normal file
View file

@ -0,0 +1,38 @@
# Forgejo Actions runners — co-located on com.uvlava.quinn.artifacts, one per forge.
# Standing runners (always-on) executing each repo's .forgejo/workflows (semver/build/publish).
# Registration tokens are RUNTIME secrets (per forge, from /api/v1/admin/runners/registration-token),
# injected at deploy — NEVER committed. Templated here; fill GITEA_RUNNER_REGISTRATION_TOKEN per runner.
# On-demand burst scaling (beyond these standing runners) is the separate ci-runners terraform.
# Deploy: docker compose -f docker-compose.runners.yml up -d (shares the forges' services_default net)
services:
runner-ct:
image: gitea/act_runner:latest
restart: always
environment:
GITEA_INSTANCE_URL: "http://forgejo-ct:3000"
GITEA_RUNNER_REGISTRATION_TOKEN: "__CT_REGTOKEN__"
GITEA_RUNNER_NAME: "artifacts-ct"
GITEA_RUNNER_LABELS: "ubuntu-latest:docker://node:20-bookworm,docker:docker://node:20-bookworm"
volumes: [ /var/run/docker.sock:/var/run/docker.sock, /opt/services/runner-ct:/data ]
runner-mc:
image: gitea/act_runner:latest
restart: always
environment:
GITEA_INSTANCE_URL: "http://forgejo-mc:3000"
GITEA_RUNNER_REGISTRATION_TOKEN: "__MC_REGTOKEN__"
GITEA_RUNNER_NAME: "artifacts-mc"
GITEA_RUNNER_LABELS: "ubuntu-latest:docker://node:20-bookworm"
volumes: [ /var/run/docker.sock:/var/run/docker.sock, /opt/services/runner-mc:/data ]
runner-quinn:
image: gitea/act_runner:latest
restart: always
environment:
GITEA_INSTANCE_URL: "http://forgejo-quinn:3000"
GITEA_RUNNER_REGISTRATION_TOKEN: "__QUINN_REGTOKEN__"
GITEA_RUNNER_NAME: "artifacts-quinn"
GITEA_RUNNER_LABELS: "ubuntu-latest:docker://node:20-bookworm"
volumes: [ /var/run/docker.sock:/var/run/docker.sock, /opt/services/runner-quinn:/data ]
networks:
default:
name: services_default
external: true