Add support for Gitea Actions

host_config/nomad.hcl

@@ -67,6 +67,15 @@ client {
   }
 }
 
+plugin "docker" {
+  config {
+    allow_privileged = true
+    volumes {
+      enabled = true
+    }
+  }
+}
+
 ui {
   # Comment to disable UI, it listens on port 4646
     enabled = true

nomad_jobs/services/gitea/dockerfile_gitea-act-runner

@@ -0,0 +1,3 @@
+FROM gitea/act_runner:0.2.10-dind-rootless
+USER root
+

nomad_jobs/services/gitea/readme.md

@@ -25,3 +25,27 @@ If you want to deploy this, you will need to verify you have a valid host volume
 There is no need to embed secrets in the nomad job spec. When you first visit the domain name you configured, you will be prompted to configure Gitea. Postgres should be mounted to the container on the standard `5432` port so you can select postgres as the database type and use `127.0.0.1:5432` as the address and input the username, password, and database name you created for Gitea to use.
 
 If you need help making those credentials, take a look at the [postgres readme](../postgres/readme.md#make-a-new-database).
+
+# Adding CI/CD
+Gitea has a fork of act runner that can be used to run Github actions. In order to deploy this with Nomad, you will need to leverage Docker in Docker (DinD) with privileged mode enabled in Docker or pay for the bussiness plan of Docker to have better app isolation. The default runner image provided by Gitea was failing to start DinD Daemon so I included a dockerfile that you can use to specify that the container should be ran as the root user. 
+
+1. Build Image
+    ```bash
+    docker build --network host --platform linux/amd64 -t <your_gitea_domain>/caleb/nomad_act_runner:0.0.1 .
+    ```
+
+    [!NOTE] 
+    You may not need to specify the platform flag. If you use Apple Silicon but deploy to X86, you will need to include the flag.
+
+2. Push Image
+    ```bash
+    docker push <your_gitea_domain>/caleb/nomad_act_runner:0.0.1
+    ```
+
+4. Run the nomad job with the Gitea_Runner_Token
+    ```bash
+    nomad job run -var "grt=<your_token>" -var "domain=<gitea_domain>" runner.nomad.hcl
+    ```
+
+    [!NOTE] 
+    If you prefer to not use cli variables, you can update the top of the Nomad Job Spec and manually put in the env variables. 

nomad_jobs/services/gitea/runner.nomad.hcl

@@ -0,0 +1,71 @@
+variable "grt" {
+  type = string
+  description = "Gitea runner token"
+}
+
+variable "domain" {
+  type = string
+  description = "Gitea Domain Name"
+}
+
+locals {
+  GITEA_RUNNER_TOKEN = var.grt # Replace with raw token surrounded by quotes if you don't want to pass via cli or using web ui
+  GITEA_DOMAIN = var.domain # Replace with domain surrounded by quotes if you don't want to pass via cli or using web ui
+  GITEA_RUNNER_NAME = "${NOMAD_TASK_NAME}-${NOMAD_ALLOC_INDEX}"
+}
+
+job "gitea-runner" {
+  datacenters = ["dc1"]
+  type = "service"
+
+  group "application" {
+    count = 1
+
+    scaling {
+      enabled = true
+      min = 1
+      max = 5
+    }
+
+    network {
+      mode = "bridge"
+    }
+
+    service {
+      name = "gitea-runner"
+
+      connect {
+        sidecar_service {
+          proxy {
+            upstreams {
+              destination_name   = "gitea"
+              local_bind_address = "127.0.0.1"
+              local_bind_port    = 3000
+            }
+          } 
+          tags = ["traefik.enable=false"] # Hide envoy from traefik
+        }
+      }
+    }
+
+    task "gitea-runner" {
+      driver = "docker"
+
+      config {
+        image = "${local.GITEA_DOMAIN}/caleb/nomad_act_runner:0.0.1"
+        privileged = true
+      }
+
+      env = {
+        GITEA_INSTANCE_URL="http://${NOMAD_UPSTREAM_ADDR_gitea}"
+        GITEA_RUNNER_REGISTRATION_TOKEN="${local.GITEA_RUNNER_TOKEN}"
+        GITEA_RUNNER_NAME="${local.GITEA_RUNNER_NAME}"
+      }
+
+      resources {
+        cpu = 2000
+        memory = 2000
+      }
+    }
+  }
+}