From 2a1ecbdb350494ee3018ec5e9e67bcc120324b97 Mon Sep 17 00:00:00 2001 From: fchinembiri Date: Fri, 8 May 2026 17:01:50 +0200 Subject: [PATCH] chore: restore DIND runner and fix CI workflow - Restore original DIND sidecar configuration for Gitea runner - Fix DNS issues in CI by using external Gitea URL for checkout - Implement Kaniko for image builds within the standard runner architecture - Automate Kustomize manifest updates with SHA-based tagging --- .gitea/workflows/build-push.yaml | 19 +++++++------- k8s/base/gitea-runner-config.yaml | 19 +++++++++----- k8s/base/gitea-runner.yaml | 43 ++++++++++++++++++++++++------- 3 files changed, 55 insertions(+), 26 deletions(-) diff --git a/.gitea/workflows/build-push.yaml b/.gitea/workflows/build-push.yaml index 473e3e4..10f5b64 100644 --- a/.gitea/workflows/build-push.yaml +++ b/.gitea/workflows/build-push.yaml @@ -20,7 +20,7 @@ jobs: uses: actions/checkout@v4 with: repository: fchinembiri/geocrop-platform - url: https://git.techarvest.co.zw/fchinembiri/geocrop-platform..git + url: https://git.techarvest.co.zw token: ${{ secrets.GITEA_TOKEN }} - name: Set up Docker config @@ -33,12 +33,12 @@ jobs: with: args: >- --dockerfile=apps/${{ matrix.component }}/Dockerfile - --context=dir://${{ github.workspace }} - --destination=frankchine/geocrop-${{ matrix.component }}:${{ github.sha }} + --context=dir://${{ gitea.workspace }} + --destination=frankchine/geocrop-${{ matrix.component }}:${{ gitea.sha }} --destination=frankchine/geocrop-${{ matrix.component }}:latest --cache=true env: - DOCKER_CONFIG: ${{ github.workspace }}/.docker + DOCKER_CONFIG: ${{ gitea.workspace }}/.docker deploy: runs-on: ubuntu-latest @@ -47,6 +47,8 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 with: + repository: fchinembiri/geocrop-platform + url: https://git.techarvest.co.zw token: ${{ secrets.GITEA_TOKEN }} - name: Update Manifests @@ -59,16 +61,15 @@ jobs: mv kustomize /usr/local/bin/ fi - kustomize edit set image frankchine/geocrop-api=frankchine/geocrop-api:${{ github.sha }} - kustomize edit set image frankchine/geocrop-worker=frankchine/geocrop-worker:${{ github.sha }} - kustomize edit set image frankchine/geocrop-web=frankchine/geocrop-web:${{ github.sha }} + kustomize edit set image frankchine/geocrop-api=frankchine/geocrop-api:${{ gitea.sha }} + kustomize edit set image frankchine/geocrop-worker=frankchine/geocrop-worker:${{ gitea.sha }} + kustomize edit set image frankchine/geocrop-web=frankchine/geocrop-web:${{ gitea.sha }} - name: Commit and Push run: | git config --global user.name "Gitea Action" git config --global user.email "action@gitea.com" - # Use external URL for reliability git remote set-url origin https://x-access-token:${{ secrets.GITEA_TOKEN }}@git.techarvest.co.zw/fchinembiri/geocrop-platform..git git add k8s/base/kustomization.yaml - git commit -m "ci: update image tags to ${{ github.sha }} [skip ci]" || echo "No changes to commit" + git commit -m "ci: update image tags to ${{ gitea.sha }} [skip ci]" || echo "No changes to commit" git push origin main diff --git a/k8s/base/gitea-runner-config.yaml b/k8s/base/gitea-runner-config.yaml index cab70f3..bf718c2 100644 --- a/k8s/base/gitea-runner-config.yaml +++ b/k8s/base/gitea-runner-config.yaml @@ -6,11 +6,10 @@ metadata: data: config.yaml: | log: - level: debug - + level: info runner: file: .runner - capacity: 4 + capacity: 2 timeout: 3h fetch_timeout: 5s fetch_interval: 2s @@ -18,14 +17,20 @@ data: - "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest" - "ubuntu-24.04:docker://docker.gitea.com/runner-images:ubuntu-24.04" - "ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04" + envs: + DOCKER_HOST: "tcp://localhost:2376" + DOCKER_CERT_PATH: "/certs/client" + DOCKER_TLS_VERIFY: "1" cache: enabled: true dir: "" host: "" port: 0 container: - type: docker - options: "--add-host gitea.geocrop.svc.cluster.local:10.43.224.21" + privileged: true + network: host + docker_host: "tcp://localhost:2376" force_pull: true - valid_volumes: - - "/certs/client" + options: "-v /certs/client:/certs/client" + valid_volumes: + - "/certs/client" diff --git a/k8s/base/gitea-runner.yaml b/k8s/base/gitea-runner.yaml index 04aaf00..f5da57c 100644 --- a/k8s/base/gitea-runner.yaml +++ b/k8s/base/gitea-runner.yaml @@ -15,7 +15,6 @@ spec: labels: app: gitea-runner spec: - serviceAccountName: gitea-runner-sa hostNetwork: true dnsPolicy: ClusterFirstWithHostNet containers: @@ -23,31 +22,55 @@ spec: image: gitea/act_runner:latest env: - name: GITEA_INSTANCE_URL - value: https://git.techarvest.co.zw + value: http://gitea.geocrop.svc.cluster.local:3000 - name: GITEA_RUNNER_REGISTRATION_TOKEN value: "3daF7zwBC94Q5YCb1mW1VnfPi4L7pgMxSHhKOBOn" - name: GITEA_RUNNER_NAME value: "k3s-runner" - name: CONFIG_FILE value: /config.yaml + - name: DOCKER_HOST + value: tcp://localhost:2376 + - name: DOCKER_TLS_CERTDIR + value: /certs/client + - name: DOCKER_CERT_PATH + value: /certs/client + - name: DOCKER_TLS_VERIFY + value: "1" securityContext: - privileged: false + privileged: true volumeMounts: - name: runner-data mountPath: /data + - name: docker-certs + mountPath: /certs/client + readOnly: true - name: config mountPath: /config.yaml subPath: config.yaml - - name: docker-sock - mountPath: /var/run/docker.sock - readOnly: true + - name: dind + image: docker:dind + securityContext: + privileged: true + env: + - name: DOCKER_TLS_CERTDIR + value: /certs/client + - name: DOCKER_DRIVER + value: overlay2 + volumeMounts: + - name: runner-data + mountPath: /data + - name: docker-graph-storage + mountPath: /var/lib/docker + - name: docker-certs + mountPath: /certs/client volumes: - name: runner-data emptyDir: {} + - name: docker-graph-storage + emptyDir: {} + - name: docker-certs + emptyDir: {} - name: config configMap: name: gitea-runner-config - - name: docker-sock - hostPath: - path: /var/run/docker.sock - type: Socket