feat(actions): bootstrap sol runner
All checks were successful
runner-smoke / smoke (push) Successful in 36s
All checks were successful
runner-smoke / smoke (push) Successful in 36s
This commit is contained in:
33
bootstrap/gitea-actions/README.md
Normal file
33
bootstrap/gitea-actions/README.md
Normal file
@@ -0,0 +1,33 @@
|
||||
# Gitea Actions Runner Bootstrap
|
||||
|
||||
This module bootstraps a single organization-scoped Gitea Actions runner for `trade-next` on the `sol` cluster.
|
||||
|
||||
## Design
|
||||
|
||||
- Runner scope: organization-level for `trade-next`
|
||||
- Runtime: `docker.io/gitea/act_runner:latest`
|
||||
- Job execution: `docker:27-dind` sidecar with a shared Unix socket
|
||||
- Cluster access for workflows: dedicated `trade-gitops-deployer` service account, exported as the `K3S_KUBECONFIG_B64` org secret
|
||||
- Storage model: small persistent `hostPath` only for runner registration state, ephemeral Docker layer cache
|
||||
- Runner labels: `ubuntu-latest` and `k3s-deploy`, both starting from the standard Gitea runner image so deployment jobs can install the exact `kubectl` version they need
|
||||
|
||||
## Operator Flow
|
||||
|
||||
1. Prepare the org registration token secret in `gitea-actions`.
|
||||
2. Apply the kustomize module on `sol`.
|
||||
3. Create or refresh the deployer kubeconfig and sync it to the `trade-next` org secrets.
|
||||
4. Push a workflow to `trade-gitops` and let the runner execute deployment jobs.
|
||||
|
||||
## Bootstrap Commands
|
||||
|
||||
From the repository root:
|
||||
|
||||
```bash
|
||||
./bootstrap/gitea-actions/scripts/bootstrap-sol.sh
|
||||
```
|
||||
|
||||
## Notes
|
||||
|
||||
- This runner is intentionally pinned to the `sol` node because the target cluster is currently single-node.
|
||||
- The deployer binding is `cluster-admin` for the first bootstrap pass and should be narrowed once the GitOps surface is fully reconstructed.
|
||||
- The runner exposes the labels `ubuntu-latest` and `k3s-deploy`.
|
||||
Reference in New Issue
Block a user