From 07ae21af81c062c331c0866b475ff5702c081c48 Mon Sep 17 00:00:00 2001 From: ZhenYi <434836402@qq.com> Date: Tue, 14 Apr 2026 19:04:49 +0800 Subject: [PATCH] commit: no msg --- .gitea/workflows/build.yaml | 159 ++++++++++++++++++++ deploy/templates/act-runner-deployment.yaml | 158 +++++++++++++++++++ 2 files changed, 317 insertions(+) create mode 100644 .gitea/workflows/build.yaml create mode 100644 deploy/templates/act-runner-deployment.yaml diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml new file mode 100644 index 0000000..53d086a --- /dev/null +++ b/.gitea/workflows/build.yaml @@ -0,0 +1,159 @@ +name: Build and Publish + +on: + push: + branches: + - main + pull_request: + branches: + - main + +env: + REGISTRY: harbor.gitdata.me/gta_team + CARGO_TERM_COLOR: always + +jobs: + # ---- Lint & Test ---- + ci: + runs-on: gitea + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Rust + uses: dtolnay/rust-action@stable + with: + toolchain: 1.94 + + - name: Cache Cargo + uses: actions/cache@v4 + with: + path: | + ~/.cargo/registry + ~/.cargo/git + target + key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} + + - name: Check formatting + run: cargo fmt --check + + - name: Clippy + run: cargo clippy --workspace --all-targets -- -D warnings + + - name: Test + run: cargo test --workspace -- --test-threads=4 + + # ---- Docker Build (x86_64) ---- + docker: + needs: ci + if: github.event_name == 'push' + runs-on: gitea + strategy: + matrix: + service: + - app + - gitserver + - email-worker + - git-hook + - migrate + - operator + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Harbor + uses: docker/login-action@v3 + with: + registry: harbor.gitdata.me + username: ${{ secrets.HARBOR_USERNAME }} + password: ${{ secrets.HARBOR_PASSWORD }} + + - name: Extract metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ matrix.service }} + tags: | + type=sha,prefix=,format={{sha}} + type=raw,value=latest + + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: . + file: docker/${{ matrix.service }}.Dockerfile + platforms: linux/amd64 + push: true + tags: ${{ steps.meta.outputs.tags }} + cache-from: type=gha + cache-to: type=gha,mode=max + build-args: | + BUILD_TARGET=x86_64-unknown-linux-gnu + + # ---- ARM64 Build ---- + docker-arm64: + needs: ci + if: github.event_name == 'push' + runs-on: gitea-arm64 + strategy: + matrix: + service: + - app + - gitserver + - email-worker + - git-hook + - migrate + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Harbor + uses: docker/login-action@v3 + with: + registry: harbor.gitdata.me + username: ${{ secrets.HARBOR_USERNAME }} + password: ${{ secrets.HARBOR_PASSWORD }} + + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: . + file: docker/${{ matrix.service }}.Dockerfile + platforms: linux/arm64 + push: true + tags: | + ${{ env.REGISTRY }}/${{ matrix.service }}:latest-arm64 + ${{ env.REGISTRY }}/${{ matrix.service }}:sha-${{ github.sha }} + build-args: | + BUILD_TARGET=aarch64-unknown-linux-gnu + + # ---- Publish Manifest (multi-arch) ---- + manifest: + needs: [docker, docker-arm64] + if: github.event_name == 'push' + runs-on: gitea + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Login to Harbor + uses: docker/login-action@v3 + with: + registry: harbor.gitdata.me + username: ${{ secrets.HARBOR_USERNAME }} + password: ${{ secrets.HARBOR_PASSWORD }} + + - name: Create and push manifest + run: | + for service in app gitserver email-worker git-hook migrate; do + docker manifest create ${{ env.REGISTRY }}/$service:latest \ + ${{ env.REGISTRY }}/$service:latest \ + ${{ env.REGISTRY }}/$service:latest-arm64 + docker manifest push ${{ env.REGISTRY }}/$service:latest + done diff --git a/deploy/templates/act-runner-deployment.yaml b/deploy/templates/act-runner-deployment.yaml new file mode 100644 index 0000000..783a068 --- /dev/null +++ b/deploy/templates/act-runner-deployment.yaml @@ -0,0 +1,158 @@ +{{- if .Values.actRunner.enabled -}} +{{- $fullName := include "c-----code.fullname" . -}} +{{- $ns := include "c-----code.namespace" . -}} +{{- $runner := .Values.actRunner -}} + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $fullName }}-act-runner + namespace: {{ $ns }} + labels: + app.kubernetes.io/name: {{ $fullName }}-act-runner + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +spec: + replicas: {{ $runner.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ $fullName }}-act-runner + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ $fullName }}-act-runner + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + serviceAccountName: {{ $fullName }}-act-runner + containers: + - name: runner + image: "{{ .Values.image.registry }}/act-runner:{{ $runner.image.tag }}" + imagePullPolicy: {{ $runner.image.pullPolicy | default .Values.image.pullPolicy }} + args: + - --config + - /runner/config.yaml + - --replaces-self + env: + - name: CONFIG_FILE + value: /runner/config.yaml + {{- if .Values.nats.enabled }} + - name: HOOK_POOL_REDIS_LIST_PREFIX + value: "{hook}" + - name: HOOK_POOL_REDIS_LOG_CHANNEL + value: "hook:logs" + {{- end }} + {{- range $runner.env }} + - name: {{ .name }} + value: {{ .value | quote }} + {{- end }} + volumeMounts: + - name: runner-config + mountPath: /runner + readOnly: true + - name: docker-socket + mountPath: /var/run/docker.sock + resources: + {{- toYaml $runner.resources | nindent 10 }} + volumes: + - name: runner-config + configMap: + name: {{ $fullName }}-act-runner-config + - name: docker-socket + hostPath: + path: /var/run/docker.sock + type: Socket + {{- with $runner.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $runner.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $runner.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $fullName }}-act-runner-config + namespace: {{ $ns }} + labels: + app.kubernetes.io/name: {{ $fullName }}-act-runner + app.kubernetes.io/instance: {{ .Release.Name }} +data: + config.yaml: | + # Act Runner Configuration + # Generated by Helm values + log: + level: {{ $runner.logLevel | default "info" }} + runner: + capacity: {{ $runner.capacity | default 2 }} + labels: + {{- range $runner.labels }} + - {{ . }} + {{- end }} + cache: + {{- if $runner.cache.enabled }} + enabled: true + dir: {{ $runner.cache.dir | default "/tmp/actions-cache" }} + {{- else }} + enabled: false + {{- end }} + docker: + host: unix:///var/run/docker.sock + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ $fullName }}-act-runner + namespace: {{ $ns }} + labels: + app.kubernetes.io/name: {{ $fullName }}-act-runner + app.kubernetes.io/instance: {{ .Release.Name }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ $fullName }}-act-runner + namespace: {{ $ns }} + labels: + app.kubernetes.io/name: {{ $fullName }}-act-runner + app.kubernetes.io/instance: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["pods", "pods/log"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "create", "update", "patch"] + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ $fullName }}-act-runner + namespace: {{ $ns }} + labels: + app.kubernetes.io/name: {{ $fullName }}-act-runner + app.kubernetes.io/instance: {{ .Release.Name }} +subjects: + - kind: ServiceAccount + name: {{ $fullName }}-act-runner + namespace: {{ $ns }} +roleRef: + kind: Role + name: {{ $fullName }}-act-runner + apiGroup: rbac.authorization.k8s.io + +{{- end }}