Mark
6982bcf372
Some checks failed
Ansible Lint / Ansible Lint Check (push) Has been cancelled
Automated deployment of act_runner on Ubuntu 20.04+ servers: - Docker CE installation (DEB822 format) - Node.js 24.x via NodeSource - act_runner binary with SHA256 verification - systemd service with security hardening - CI: ansible-lint via Gitea Actions Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
76 lines
3.1 KiB
YAML
76 lines
3.1 KiB
YAML
---
|
|
# =============================================================================
|
|
# Gitea Act Runner - Main Task Orchestration
|
|
# =============================================================================
|
|
#
|
|
# This file orchestrates the act_runner installation in the correct order.
|
|
# Each include_tasks imports a focused task file for better maintainability.
|
|
#
|
|
# Execution order matters:
|
|
# 1. Validate inputs (fail fast on missing required values)
|
|
# 2. Install Docker (required for container operations in Actions)
|
|
# 3. Install Node.js (required for JavaScript-based GitHub Actions)
|
|
# 4. Download act_runner binary (the core component)
|
|
# 5. Create system user (security: run as unprivileged user)
|
|
# 6. Configure and register (connect to Gitea instance)
|
|
# 7. Setup systemd service (enable automatic startup)
|
|
# 8. Verify installation (ensure everything works)
|
|
#
|
|
# =============================================================================
|
|
|
|
# Fail early if required variables are not set.
|
|
# This prevents partial installations that would be harder to debug.
|
|
- name: Validate required variables are defined
|
|
ansible.builtin.assert:
|
|
that:
|
|
- gitea_instance_url is defined
|
|
- gitea_instance_url | length > 0
|
|
- act_runner_token is defined
|
|
- act_runner_token | length > 0
|
|
- gitea_packages_token is defined
|
|
- gitea_packages_token | length > 0
|
|
- gitea_registry is defined
|
|
- gitea_registry | length > 0
|
|
- gitea_actions_user is defined
|
|
- gitea_actions_user | length > 0
|
|
fail_msg: >-
|
|
Missing required variables. Ensure these are set in vault:
|
|
gitea_instance_url, act_runner_token, gitea_packages_token,
|
|
gitea_registry, gitea_actions_user.
|
|
See group_vars/vault.yml.example for details.
|
|
success_msg: "All required variables are defined"
|
|
|
|
# Docker is needed even for host execution because many GitHub Actions
|
|
# use Docker internally (e.g., actions/checkout uses node in container).
|
|
- name: Install and configure Docker
|
|
ansible.builtin.include_tasks: docker.yml
|
|
|
|
# Node.js is required for JavaScript-based GitHub Actions.
|
|
# Many popular actions (checkout, cache, upload-artifact) need Node.js.
|
|
- name: Install Node.js runtime
|
|
ansible.builtin.include_tasks: nodejs.yml
|
|
|
|
# Download and install the act_runner binary with checksum verification.
|
|
- name: Install act_runner binary
|
|
ansible.builtin.include_tasks: binary.yml
|
|
|
|
# Create dedicated system user for security isolation.
|
|
# The runner should not run as root.
|
|
- name: Create act_runner system user
|
|
ansible.builtin.include_tasks: user.yml
|
|
|
|
# Deploy configuration and register with Gitea instance.
|
|
# Registration only happens if .runner file doesn't exist (idempotent).
|
|
- name: Configure and register runner
|
|
ansible.builtin.include_tasks: config.yml
|
|
|
|
# Deploy systemd unit file for service management.
|
|
# Enables automatic startup on boot and easy service control.
|
|
- name: Setup systemd service
|
|
ansible.builtin.include_tasks: systemd.yml
|
|
|
|
# Run verification checks to ensure installation succeeded.
|
|
# Fails the playbook if any critical component is not working.
|
|
- name: Verify installation
|
|
ansible.builtin.include_tasks: verify.yml
|