fchinembiri
/
geocrop-platform.
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: restore DIND runner and fix CI workflow 

- Restore original DIND sidecar configuration for Gitea runner
- Fix DNS issues in CI by using external Gitea URL for checkout
- Implement Kaniko for image builds within the standard runner architecture
- Automate Kustomize manifest updates with SHA-based tagging
This commit is contained in:
fchinembiri 2026-05-08 17:01:50 +02:00
parent 0c22bd0795
commit 2a1ecbdb35
3 changed files with 55 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
.gitea/workflows/build-push.yaml
View File

@ -20,7 +20,7 @@ jobs:
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
repository: fchinembiri/geocrop-platform repository: fchinembiri/geocrop-platform
url: https://git.techarvest.co.zw/fchinembiri/geocrop-platform..git url: https://git.techarvest.co.zw
token: ${{ secrets.GITEA_TOKEN }} token: ${{ secrets.GITEA_TOKEN }}
- name: Set up Docker config - name: Set up Docker config
@ -33,12 +33,12 @@ jobs:
with: with:
args: >- args: >-
--dockerfile=apps/${{ matrix.component }}/Dockerfile --dockerfile=apps/${{ matrix.component }}/Dockerfile
--context=dir://${{ github.workspace }} --context=dir://${{ gitea.workspace }}
--destination=frankchine/geocrop-${{ matrix.component }}:${{ github.sha }} --destination=frankchine/geocrop-${{ matrix.component }}:${{ gitea.sha }}
--destination=frankchine/geocrop-${{ matrix.component }}:latest --destination=frankchine/geocrop-${{ matrix.component }}:latest
--cache=true --cache=true
env: env:
DOCKER_CONFIG: ${{ github.workspace }}/.docker DOCKER_CONFIG: ${{ gitea.workspace }}/.docker
deploy: deploy:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -47,6 +47,8 @@ jobs:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
repository: fchinembiri/geocrop-platform
url: https://git.techarvest.co.zw
token: ${{ secrets.GITEA_TOKEN }} token: ${{ secrets.GITEA_TOKEN }}
- name: Update Manifests - name: Update Manifests
@ -59,16 +61,15 @@ jobs:
mv kustomize /usr/local/bin/ mv kustomize /usr/local/bin/
fi fi
kustomize edit set image frankchine/geocrop-api=frankchine/geocrop-api:${{ github.sha }} kustomize edit set image frankchine/geocrop-api=frankchine/geocrop-api:${{ gitea.sha }}
kustomize edit set image frankchine/geocrop-worker=frankchine/geocrop-worker:${{ github.sha }} kustomize edit set image frankchine/geocrop-worker=frankchine/geocrop-worker:${{ gitea.sha }}
kustomize edit set image frankchine/geocrop-web=frankchine/geocrop-web:${{ github.sha }} kustomize edit set image frankchine/geocrop-web=frankchine/geocrop-web:${{ gitea.sha }}
- name: Commit and Push - name: Commit and Push
run: | run: |
git config --global user.name "Gitea Action" git config --global user.name "Gitea Action"
git config --global user.email "action@gitea.com" git config --global user.email "action@gitea.com"
# Use external URL for reliability
git remote set-url origin https://x-access-token:${{ secrets.GITEA_TOKEN }}@git.techarvest.co.zw/fchinembiri/geocrop-platform..git git remote set-url origin https://x-access-token:${{ secrets.GITEA_TOKEN }}@git.techarvest.co.zw/fchinembiri/geocrop-platform..git
git add k8s/base/kustomization.yaml git add k8s/base/kustomization.yaml
git commit -m "ci: update image tags to ${{ github.sha }} [skip ci]" || echo "No changes to commit" git commit -m "ci: update image tags to ${{ gitea.sha }} [skip ci]" || echo "No changes to commit"
git push origin main git push origin main

15
k8s/base/gitea-runner-config.yaml
View File

@ -6,11 +6,10 @@ metadata:
data: data:
config.yaml: | config.yaml: |
log: log:
level: debug level: info
runner: runner:
file: .runner file: .runner
capacity: 4 capacity: 2
timeout: 3h timeout: 3h
fetch_timeout: 5s fetch_timeout: 5s
fetch_interval: 2s fetch_interval: 2s
@ -18,14 +17,20 @@ data:
- "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest" - "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest"
- "ubuntu-24.04:docker://docker.gitea.com/runner-images:ubuntu-24.04" - "ubuntu-24.04:docker://docker.gitea.com/runner-images:ubuntu-24.04"
- "ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04" - "ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04"
envs:
DOCKER_HOST: "tcp://localhost:2376"
DOCKER_CERT_PATH: "/certs/client"
DOCKER_TLS_VERIFY: "1"
cache: cache:
enabled: true enabled: true
dir: "" dir: ""
host: "" host: ""
port: 0 port: 0
container: container:
type: docker privileged: true
options: "--add-host gitea.geocrop.svc.cluster.local:10.43.224.21" network: host
docker_host: "tcp://localhost:2376"
force_pull: true force_pull: true
options: "-v /certs/client:/certs/client"
valid_volumes: valid_volumes:
- "/certs/client" - "/certs/client"

43
k8s/base/gitea-runner.yaml
View File

@ -15,7 +15,6 @@ spec:
labels: labels:
app: gitea-runner app: gitea-runner
spec: spec:
serviceAccountName: gitea-runner-sa
hostNetwork: true hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet dnsPolicy: ClusterFirstWithHostNet
containers: containers:
@ -23,31 +22,55 @@ spec:
image: gitea/act_runner:latest image: gitea/act_runner:latest
env: env:
- name: GITEA_INSTANCE_URL - name: GITEA_INSTANCE_URL
value: https://git.techarvest.co.zw value: http://gitea.geocrop.svc.cluster.local:3000
- name: GITEA_RUNNER_REGISTRATION_TOKEN - name: GITEA_RUNNER_REGISTRATION_TOKEN
value: "3daF7zwBC94Q5YCb1mW1VnfPi4L7pgMxSHhKOBOn" value: "3daF7zwBC94Q5YCb1mW1VnfPi4L7pgMxSHhKOBOn"
- name: GITEA_RUNNER_NAME - name: GITEA_RUNNER_NAME
value: "k3s-runner" value: "k3s-runner"
- name: CONFIG_FILE - name: CONFIG_FILE
value: /config.yaml value: /config.yaml
- name: DOCKER_HOST
value: tcp://localhost:2376
- name: DOCKER_TLS_CERTDIR
value: /certs/client
- name: DOCKER_CERT_PATH
value: /certs/client
- name: DOCKER_TLS_VERIFY
value: "1"
securityContext: securityContext:
privileged: false privileged: true
volumeMounts: volumeMounts:
- name: runner-data - name: runner-data
mountPath: /data mountPath: /data
- name: docker-certs
mountPath: /certs/client
readOnly: true
- name: config - name: config
mountPath: /config.yaml mountPath: /config.yaml
subPath: config.yaml subPath: config.yaml
- name: docker-sock - name: dind
mountPath: /var/run/docker.sock image: docker:dind
readOnly: true securityContext:
privileged: true
env:
- name: DOCKER_TLS_CERTDIR
value: /certs/client
- name: DOCKER_DRIVER
value: overlay2
volumeMounts:
- name: runner-data
mountPath: /data
- name: docker-graph-storage
mountPath: /var/lib/docker
- name: docker-certs
mountPath: /certs/client
volumes: volumes:
- name: runner-data - name: runner-data
emptyDir: {} emptyDir: {}
- name: docker-graph-storage
emptyDir: {}
- name: docker-certs
emptyDir: {}
- name: config - name: config
configMap: configMap:
name: gitea-runner-config name: gitea-runner-config
- name: docker-sock
hostPath:
path: /var/run/docker.sock
type: Socket