commit: no msg

.gitea/workflows/build.yaml

@@ -0,0 +1,159 @@
+name: Build and Publish
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+env:
+  REGISTRY: harbor.gitdata.me/gta_team
+  CARGO_TERM_COLOR: always
+
+jobs:
+  # ---- Lint & Test ----
+  ci:
+    runs-on: gitea
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Rust
+        uses: dtolnay/rust-action@stable
+        with:
+          toolchain: 1.94
+
+      - name: Cache Cargo
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+            target
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+
+      - name: Check formatting
+        run: cargo fmt --check
+
+      - name: Clippy
+        run: cargo clippy --workspace --all-targets -- -D warnings
+
+      - name: Test
+        run: cargo test --workspace -- --test-threads=4
+
+  # ---- Docker Build (x86_64) ----
+  docker:
+    needs: ci
+    if: github.event_name == 'push'
+    runs-on: gitea
+    strategy:
+      matrix:
+        service:
+          - app
+          - gitserver
+          - email-worker
+          - git-hook
+          - migrate
+          - operator
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Harbor
+        uses: docker/login-action@v3
+        with:
+          registry: harbor.gitdata.me
+          username: ${{ secrets.HARBOR_USERNAME }}
+          password: ${{ secrets.HARBOR_PASSWORD }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ matrix.service }}
+          tags: |
+            type=sha,prefix=,format={{sha}}
+            type=raw,value=latest
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: docker/${{ matrix.service }}.Dockerfile
+          platforms: linux/amd64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          build-args: |
+            BUILD_TARGET=x86_64-unknown-linux-gnu
+
+  # ---- ARM64 Build ----
+  docker-arm64:
+    needs: ci
+    if: github.event_name == 'push'
+    runs-on: gitea-arm64
+    strategy:
+      matrix:
+        service:
+          - app
+          - gitserver
+          - email-worker
+          - git-hook
+          - migrate
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Harbor
+        uses: docker/login-action@v3
+        with:
+          registry: harbor.gitdata.me
+          username: ${{ secrets.HARBOR_USERNAME }}
+          password: ${{ secrets.HARBOR_PASSWORD }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: docker/${{ matrix.service }}.Dockerfile
+          platforms: linux/arm64
+          push: true
+          tags: |
+            ${{ env.REGISTRY }}/${{ matrix.service }}:latest-arm64
+            ${{ env.REGISTRY }}/${{ matrix.service }}:sha-${{ github.sha }}
+          build-args: |
+            BUILD_TARGET=aarch64-unknown-linux-gnu
+
+  # ---- Publish Manifest (multi-arch) ----
+  manifest:
+    needs: [docker, docker-arm64]
+    if: github.event_name == 'push'
+    runs-on: gitea
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Login to Harbor
+        uses: docker/login-action@v3
+        with:
+          registry: harbor.gitdata.me
+          username: ${{ secrets.HARBOR_USERNAME }}
+          password: ${{ secrets.HARBOR_PASSWORD }}
+
+      - name: Create and push manifest
+        run: |
+          for service in app gitserver email-worker git-hook migrate; do
+            docker manifest create ${{ env.REGISTRY }}/$service:latest \
+              ${{ env.REGISTRY }}/$service:latest \
+              ${{ env.REGISTRY }}/$service:latest-arm64
+            docker manifest push ${{ env.REGISTRY }}/$service:latest
+          done

deploy/templates/act-runner-deployment.yaml

@@ -0,0 +1,158 @@
+{{- if .Values.actRunner.enabled -}}
+{{- $fullName := include "c-----code.fullname" . -}}
+{{- $ns := include "c-----code.namespace" . -}}
+{{- $runner := .Values.actRunner -}}
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ $fullName }}-act-runner
+  namespace: {{ $ns }}
+  labels:
+    app.kubernetes.io/name: {{ $fullName }}-act-runner
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+spec:
+  replicas: {{ $runner.replicaCount }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ $fullName }}-act-runner
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ $fullName }}-act-runner
+        app.kubernetes.io/instance: {{ .Release.Name }}
+    spec:
+      serviceAccountName: {{ $fullName }}-act-runner
+      containers:
+        - name: runner
+          image: "{{ .Values.image.registry }}/act-runner:{{ $runner.image.tag }}"
+          imagePullPolicy: {{ $runner.image.pullPolicy | default .Values.image.pullPolicy }}
+          args:
+            - --config
+            - /runner/config.yaml
+            - --replaces-self
+          env:
+            - name: CONFIG_FILE
+              value: /runner/config.yaml
+            {{- if .Values.nats.enabled }}
+            - name: HOOK_POOL_REDIS_LIST_PREFIX
+              value: "{hook}"
+            - name: HOOK_POOL_REDIS_LOG_CHANNEL
+              value: "hook:logs"
+            {{- end }}
+            {{- range $runner.env }}
+            - name: {{ .name }}
+              value: {{ .value | quote }}
+            {{- end }}
+          volumeMounts:
+            - name: runner-config
+              mountPath: /runner
+              readOnly: true
+            - name: docker-socket
+              mountPath: /var/run/docker.sock
+          resources:
+            {{- toYaml $runner.resources | nindent 10 }}
+      volumes:
+        - name: runner-config
+          configMap:
+            name: {{ $fullName }}-act-runner-config
+        - name: docker-socket
+          hostPath:
+            path: /var/run/docker.sock
+            type: Socket
+      {{- with $runner.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with $runner.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with $runner.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ $fullName }}-act-runner-config
+  namespace: {{ $ns }}
+  labels:
+    app.kubernetes.io/name: {{ $fullName }}-act-runner
+    app.kubernetes.io/instance: {{ .Release.Name }}
+data:
+  config.yaml: |
+    # Act Runner Configuration
+    # Generated by Helm values
+    log:
+      level: {{ $runner.logLevel | default "info" }}
+    runner:
+      capacity: {{ $runner.capacity | default 2 }}
+      labels:
+        {{- range $runner.labels }}
+        - {{ . }}
+        {{- end }}
+    cache:
+      {{- if $runner.cache.enabled }}
+      enabled: true
+      dir: {{ $runner.cache.dir | default "/tmp/actions-cache" }}
+      {{- else }}
+      enabled: false
+      {{- end }}
+    docker:
+      host: unix:///var/run/docker.sock
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ $fullName }}-act-runner
+  namespace: {{ $ns }}
+  labels:
+    app.kubernetes.io/name: {{ $fullName }}-act-runner
+    app.kubernetes.io/instance: {{ .Release.Name }}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ $fullName }}-act-runner
+  namespace: {{ $ns }}
+  labels:
+    app.kubernetes.io/name: {{ $fullName }}-act-runner
+    app.kubernetes.io/instance: {{ .Release.Name }}
+rules:
+  - apiGroups: [""]
+    resources: ["pods", "pods/log"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list"]
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["get", "list", "create", "update", "patch"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ $fullName }}-act-runner
+  namespace: {{ $ns }}
+  labels:
+    app.kubernetes.io/name: {{ $fullName }}-act-runner
+    app.kubernetes.io/instance: {{ .Release.Name }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ $fullName }}-act-runner
+    namespace: {{ $ns }}
+roleRef:
+  kind: Role
+  name: {{ $fullName }}-act-runner
+  apiGroup: rbac.authorization.k8s.io
+
+{{- end }}