Files
trade-gitops/bootstrap/gitea-actions/scripts/create-runner-registration-secret.sh
mpabi b94cc46b78
All checks were successful
runner-smoke / smoke (push) Successful in 36s
feat(actions): bootstrap sol runner
2026-04-12 16:39:26 +02:00

45 lines
1.5 KiB
Bash
Executable File

#!/usr/bin/env bash
set -euo pipefail
ORG="${ORG:-trade-next}"
GITEA_URL="${GITEA_URL:-https://gitea.mpabi.pl}"
GITEA_TOKEN_FILE="${GITEA_TOKEN_FILE:-/home/user/dev/mcp/tools/tokens/gitea.token}"
SOL_HOST="${SOL_HOST:-149.50.96.162}"
SOL_USER="${SOL_USER:-user}"
SOL_SSH_KEY="${SOL_SSH_KEY:-/home/user/dev/mcp/keys/mpabi/mevnode_mcp}"
NAMESPACE="${NAMESPACE:-gitea-actions}"
SECRET_NAME="${SECRET_NAME:-act-runner-registration-token}"
gitea_token() {
cut -d: -f2- "$GITEA_TOKEN_FILE" | head -n1 | tr -d '[:space:]'
}
ssh_sol() {
ssh -i "$SOL_SSH_KEY" -o IdentitiesOnly=yes -o StrictHostKeyChecking=no "$SOL_USER@$SOL_HOST" "$@"
}
API_TOKEN="$(gitea_token)"
if [ -z "$API_TOKEN" ]; then
echo "Gitea API token is empty" >&2
exit 1
fi
REG_TOKEN="$(
curl -fsS \
-X POST \
-H "Authorization: token ${API_TOKEN}" \
"${GITEA_URL}/api/v1/orgs/${ORG}/actions/runners/registration-token" \
| jq -r '.token'
)"
if [ -z "$REG_TOKEN" ] || [ "$REG_TOKEN" = "null" ]; then
echo "Failed to obtain runner registration token" >&2
exit 1
fi
ssh_sol "sudo k3s kubectl get ns ${NAMESPACE} >/dev/null 2>&1 || sudo k3s kubectl create ns ${NAMESPACE} >/dev/null"
printf '%s' "$REG_TOKEN" | ssh_sol "tmp=\$(mktemp); cat >\"\$tmp\"; sudo k3s kubectl -n ${NAMESPACE} create secret generic ${SECRET_NAME} --from-file=token=\"\$tmp\" --dry-run=client -o yaml | sudo k3s kubectl apply -f - >/dev/null; rm -f \"\$tmp\""
echo "Runner registration secret synced to ${SOL_HOST}:${NAMESPACE}/${SECRET_NAME}"