homelab/ansible/roles/gitea-runner/tasks/main.yaml

---
# Part of role: gitea-runner
# Called by: ansible/playbooks/setup-gitea-runner.yaml
# Description: Downloads, configures, and registers act_runner as a systemd service connected to the Gitea instance.

- name: Download act_runner binary
  ansible.builtin.get_url:
    url: https://gitea.com/gitea/act_runner/releases/download/v0.2.11/act_runner-0.2.11-linux-amd64
    dest: /usr/local/bin/act_runner
    mode: "0755"
  become: true

- name: Create act_runner config directory
  ansible.builtin.file:
    path: /etc/act_runner
    state: directory
    mode: "0755"
  become: true

- name: Write act_runner config
  ansible.builtin.copy:
    dest: /etc/act_runner/config.yaml
    content: |
      log:
        level: info
      runner:
        fetch_timeout: 5s
        fetch_interval: 2s
        labels:
          - "ubuntu-latest:host"
          - "ubuntu-22.04:host"
      container:
        network: host
        privileged: true
        valid_volumes:
          - "**"
      host:
        workdir_parent: /tmp/act-runner-work
    mode: "0644"
  become: true

- name: Install internal CA certificate
  ansible.builtin.copy:
    src: /etc/rancher/k3s/homelab-ca.crt
    dest: /usr/local/share/ca-certificates/homelab-ca.crt
    mode: "0644"
    remote_src: true
  become: true

- name: Update CA certificates
  ansible.builtin.command: update-ca-certificates
  become: true
  changed_when: false

- name: Create act_runner systemd service
  ansible.builtin.copy:
    dest: /etc/systemd/system/act_runner.service
    content: |
      [Unit]
      Description=Gitea Actions Runner
      After=network.target

      [Service]
      Environment=GITEA_INSTANCE_URL=https://gitea.home.arpa
      Environment=GITEA_RUNNER_REGISTRATION_TOKEN={{ gitea_runner_token }}
      Environment=GITEA_RUNNER_NAME=minisforum
      Environment=SSL_CERT_FILE=/etc/ssl/certs/homelab-ca.pem
      Environment=GIT_SSL_CAINFO=/etc/ssl/certs/homelab-ca.pem
      ExecStartPre=/bin/sh -c 'if [ ! -f /etc/act_runner/.runner ]; then cp ~/.runner /etc/act_runner/.runner 2>/dev/null || act_runner register --no-interactive --config /etc/act_runner/config.yaml --instance $GITEA_INSTANCE_URL --token $GITEA_RUNNER_REGISTRATION_TOKEN --name $GITEA_RUNNER_NAME; fi'
      ExecStart=/usr/local/bin/act_runner daemon --config /etc/act_runner/config.yaml
      WorkingDirectory=/etc/act_runner
      Restart=always
      RestartSec=5

      [Install]
      WantedBy=multi-user.target
    mode: "0644"
  become: true
  notify: Restart act_runner

- name: Copy runner registration file if exists
  ansible.builtin.shell: |
    if [ -f ~/.runner ] && [ ! -f /etc/act_runner/.runner ]; then
      cp ~/.runner /etc/act_runner/.runner
    fi
  become: false
  changed_when: false

- name: Remove docker.sock if it is a directory
  ansible.builtin.file:
    path: /run/docker.sock
    state: absent
  become: true

- name: Enable and start Docker
  ansible.builtin.systemd:
    name: docker
    enabled: true
    state: started
  become: true

- name: Enable and start act_runner
  ansible.builtin.systemd:
    name: act_runner
    enabled: true
    state: started
    daemon_reload: true
  become: true