I installed an action runner on my gitea with workflows in my repositories to automatically deploy when pushing to my main branch. Maybe someone else can benefit from it. If anything can be done better, I’m happy to learn.
Install Action Runner
Get a runner-token to register from:
https://<your.gitea.server>/admin/actions/runners
https://<your.gitea.server>/user/settings/actions/runners
https://<your.gitea.server>/<org>/settings/actions/runners
https://<your.gitea.server>/<owner>/<repo>/settings/actions/runners
On your gitea-server execute
#!/bin/bash
GITEA_HOST=your.gitea.server
RUNNER_TOKEN=token
RUNNER_NAME=name
RUNNER_LABEL=label
APP_NAME=appname
SHELL_USER=shelluser
mkdir -p ~/.local/bin && cd ~/.local/bin
wget -O act_runner https://dl.gitea.com/act_runner/0.2.6/act_runner-0.2.6-linux-amd64
chmod +x act_runner
$~/.local/bin/act_runner generate-config > ~/.local/etc/act_runner.yaml
~/.local/bin/act_runner --config ~/.local/etc/act_runner.yaml register --no-interactive --instance https://$GITEA_HOST --token $TOKEN --name $NAME --labels $LABEL
nohup ~/.local/bin/act_runner daemon --config ~/.local/etc/act_runner.yaml > ~/logs/apps/$APPNAME/act_runner.log 2>&1 &
(crontab -l 2>/dev/null; echo "@daily /home/$SHELL_USER/.local/bin/act_runner daemon --config /home/$SHELL_USER/.local/etc/act_runner.yaml > /home/$SHELL_USER/logs/apps/$APP_NAME/act_runner.log 2>&1") | crontab -
Run as Supervisor
pip install --user supervisor
nano $HOME/.local/etc/act_runner_supervisord.conf
[unix_http_server]
file=/home/shelluser/logs/apps/app/supervisor.sock
[supervisord]
logfile=/home/shelluser/logs/apps/app/supervisord.log
logfile_maxbytes=50MB
logfile_backups=10
loglevel=info
pidfile=/home/shelluser/logs/apps/app/supervisord.pid
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
serverurl=unix:///home/shelluser/logs/apps/app/supervisor.sock
[program:act_runner]
directory=/home/shelluser
command=/home/shelluser/.local/bin/act_runner daemon --config /home/shelluser/.local/etc/act_runner.yaml
stdout_logfile=/home/shelluser/logs/apps/app/act_runner.log
stderr_logfile=/home/shelluser/logs/apps/app/act_runner_error.log
autorestart=true
nano $HOME/.local/bin/cron_supervisord
#!/bin/bash
pgrep -f supervisord > /dev/null || ~/.local/bin/supervisord -c /home/shelluser/.local/etc/act_runner_supervisord.conf
chmod +x $HOME/.local/bin/cron_supervisor
(crontab -l 2>/dev/null; echo "* * * * * /home/shelluser/.local/bin/cron_supervisord") | crontab -
Deploy and Secrets
Enable actions for your repository on https://<your.gitea.server/<owner>/<repo>/settings
On the server where you want your code to be deployed to execute
#!/bin/bash
SSH_USER=shelluser
SSH_HOST=your server name
GIT_HOST=your.gitea.server
GIT_ORG=user or organisation with the repository
GIT_REPO=the repository
GIT_TOKEN=your application token for your server
GIT_USER=your gitea username
WORK_DIR=directory where you want to deploy
MAIN_BRANCH=branch to deploy
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -N '' -q
cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys
PUBLIC_KEY=cat ~/.ssh/id_ed25519.pub
PRIVATE_KEY=cat ~/.ssh/id_ed25519
curl -X 'POST' \
'https://'"$GIT_HOST"'/api/v1/repos/'"$GIT_ORG"'/'"$GIT_REPO"'/keys' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-u ''"$GIT_USER"':'"$GIT_TOKEN"'' \
-d '{
"key": "'"$PUBLIC_KEY"'",
"read_only": true,
"title": "'"$SSH_USER"'@'"$SSH_HOST"'"
}'
git clone $GIT_SSH_USER@$GIT_SSH_HOST:$GIT_ORG/$GIT_REPO $WORK_DIR
curl -X 'PUT' \
'https://'"$GIT_HOST"'/api/v1/repos/'"$GIT_ORG"'/'"$GIT_REPO"'/actions/secrets/SSH_PRIVATE_KEY' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-u ''"$GIT_USER"':'"$GIT_TOKEN"'' \
-d '{
"data": "'"$PRIVATE_KEY"'"
}'
curl -X 'PUT' \
'https://'"$GIT_HOST"'/api/v1/repos/'"$GIT_ORG"'/'"$GIT_REPO"'/actions/secrets/SSH_USER' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-u ''"$GIT_USER"':'"$GIT_TOKEN"'' \
-d '{
"data": "'"$SSH_USER"'"
}'
curl -X 'PUT' \
'https://'"$GIT_HOST"'/api/v1/repos/'"$GIT_ORG"'/'"$GIT_REPO"'/actions/secrets/SSH_HOST' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-u ''"$GIT_USER"':'"$GIT_TOKEN"'' \
-d '{
"data": "'"$SSH_HOST"'"
}'
curl -X 'PUT' \
'https://'"$GIT_HOST"'/api/v1/repos/'"$GIT_ORG"'/'"$GIT_REPO"'/actions/secrets/MAIN_BRANCH' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-u ''"$GIT_USER"':'"$GIT_TOKEN"'' \
-d '{
"data": "'"$MAIN_BRANCH"'"
}'
curl -X 'PUT' \
'https://'"$GIT_HOST"'/api/v1/repos/'"$GIT_ORG"'/'"$GIT_REPO"'/actions/secrets/WORK_DIR' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-u ''"$GIT_USER"':'"$GIT_TOKEN"'' \
-d '{
"data": '"$WORK_DIR"'"
}'
Workflow
Create a file .gitea/workflows/workflow.yaml in your repository (change RUNNER_LABEL to the label used for the runner), commit & push and see the magic happen.
on:
push:
branches:
- main
workflow_dispatch:
jobs:
run_pull:
name: run pull
runs-on: <RUNNER_LABEL>
steps:
- name: install ssh keys
run: |
install -m 600 -D /dev/null ~/.ssh/gitea
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/gitea
ssh-keyscan -H ${{ secrets.SSH_HOST }} > ~/.ssh/known_hosts
- name: connect and pull
run: ssh -o "IdentitiesOnly=yes" -i $HOME/.ssh/gitea ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} "cd ${{ secrets.WORK_DIR }} && git checkout ${{ secrets.MAIN_BRANCH }} && git pull && exit"
- name: cleanup
run: rm -f ~/.ssh/gitea