feat(actions): bootstrap sol runner
All checks were successful
runner-smoke / smoke (push) Successful in 36s
All checks were successful
runner-smoke / smoke (push) Successful in 36s
This commit is contained in:
44
bootstrap/gitea-actions/scripts/create-runner-registration-secret.sh
Executable file
44
bootstrap/gitea-actions/scripts/create-runner-registration-secret.sh
Executable file
@@ -0,0 +1,44 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
ORG="${ORG:-trade-next}"
|
||||
GITEA_URL="${GITEA_URL:-https://gitea.mpabi.pl}"
|
||||
GITEA_TOKEN_FILE="${GITEA_TOKEN_FILE:-/home/user/dev/mcp/tools/tokens/gitea.token}"
|
||||
SOL_HOST="${SOL_HOST:-149.50.96.162}"
|
||||
SOL_USER="${SOL_USER:-user}"
|
||||
SOL_SSH_KEY="${SOL_SSH_KEY:-/home/user/dev/mcp/keys/mpabi/mevnode_mcp}"
|
||||
NAMESPACE="${NAMESPACE:-gitea-actions}"
|
||||
SECRET_NAME="${SECRET_NAME:-act-runner-registration-token}"
|
||||
|
||||
gitea_token() {
|
||||
cut -d: -f2- "$GITEA_TOKEN_FILE" | head -n1 | tr -d '[:space:]'
|
||||
}
|
||||
|
||||
ssh_sol() {
|
||||
ssh -i "$SOL_SSH_KEY" -o IdentitiesOnly=yes -o StrictHostKeyChecking=no "$SOL_USER@$SOL_HOST" "$@"
|
||||
}
|
||||
|
||||
API_TOKEN="$(gitea_token)"
|
||||
if [ -z "$API_TOKEN" ]; then
|
||||
echo "Gitea API token is empty" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
REG_TOKEN="$(
|
||||
curl -fsS \
|
||||
-X POST \
|
||||
-H "Authorization: token ${API_TOKEN}" \
|
||||
"${GITEA_URL}/api/v1/orgs/${ORG}/actions/runners/registration-token" \
|
||||
| jq -r '.token'
|
||||
)"
|
||||
|
||||
if [ -z "$REG_TOKEN" ] || [ "$REG_TOKEN" = "null" ]; then
|
||||
echo "Failed to obtain runner registration token" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
ssh_sol "sudo k3s kubectl get ns ${NAMESPACE} >/dev/null 2>&1 || sudo k3s kubectl create ns ${NAMESPACE} >/dev/null"
|
||||
|
||||
printf '%s' "$REG_TOKEN" | ssh_sol "tmp=\$(mktemp); cat >\"\$tmp\"; sudo k3s kubectl -n ${NAMESPACE} create secret generic ${SECRET_NAME} --from-file=token=\"\$tmp\" --dry-run=client -o yaml | sudo k3s kubectl apply -f - >/dev/null; rm -f \"\$tmp\""
|
||||
|
||||
echo "Runner registration secret synced to ${SOL_HOST}:${NAMESPACE}/${SECRET_NAME}"
|
||||
Reference in New Issue
Block a user