Files
trade-gitops/bootstrap/gitea-actions/README.md
mpabi e22826e565
Some checks failed
deploy-sol-public-edge / apply (push) Has been cancelled
runner-smoke / smoke (push) Successful in 14s
feat(sol): add public edge ingress and tls
2026-04-12 20:07:29 +02:00

1.6 KiB

Gitea Actions Runner Bootstrap

This module bootstraps a single organization-scoped Gitea Actions runner for trade-next on the sol cluster.

Design

  • Runner scope: organization-level for trade-next
  • Runtime: docker.io/gitea/act_runner:latest
  • Job execution: docker:27-dind sidecar with a shared Unix socket
  • Cluster access for workflows: dedicated trade-gitops-deployer service account, exported as the K3S_KUBECONFIG_B64 org secret
  • Storage model: small persistent hostPath only for runner registration state, ephemeral Docker layer cache
  • Runner labels: ubuntu-latest and k3s-deploy, both starting from the standard Gitea runner image so deployment jobs can install the exact kubectl version they need

Operator Flow

  1. Prepare the org registration token secret in gitea-actions.
  2. Apply the kustomize module on sol.
  3. Create or refresh the deployer kubeconfig and sync it to the trade-next org secrets.
  4. Create or refresh the SSH key secret SOL_SSH_PRIVATE_KEY_B64 for host-side automation.
  5. Push workflows to trade-next repositories and let the runner execute deployment jobs.

Bootstrap Commands

From the repository root:

./bootstrap/gitea-actions/scripts/bootstrap-sol.sh
./bootstrap/gitea-actions/scripts/sync-sol-ssh-org-secret.sh

Notes

  • This runner is intentionally pinned to the sol node because the target cluster is currently single-node.
  • The deployer binding is cluster-admin for the first bootstrap pass and should be narrowed once the GitOps surface is fully reconstructed.
  • The runner exposes the labels ubuntu-latest and k3s-deploy.