From c6ab070c0960d1e74a07811c86754b5f859977e8 Mon Sep 17 00:00:00 2001 From: tracer Date: Fri, 8 May 2026 18:36:54 +0200 Subject: [PATCH] Initial Gitea Runner Debian builder --- .gitignore | 11 ++ CHANGELOG.md | 7 + amd64/DEBIAN/control | 9 ++ amd64/DEBIAN/postinst | 18 +++ amd64/DEBIAN/prerm | 6 + amd64/etc/systemd/system/gitea-runner.service | 18 +++ arm64/DEBIAN/control | 9 ++ arm64/DEBIAN/postinst | 18 +++ arm64/DEBIAN/prerm | 6 + arm64/etc/systemd/system/gitea-runner.service | 18 +++ build.conf | 2 + build.sh | 143 ++++++++++++++++++ wrapper.sh | 34 +++++ 13 files changed, 299 insertions(+) create mode 100644 .gitignore create mode 100644 CHANGELOG.md create mode 100644 amd64/DEBIAN/control create mode 100755 amd64/DEBIAN/postinst create mode 100755 amd64/DEBIAN/prerm create mode 100644 amd64/etc/systemd/system/gitea-runner.service create mode 100644 arm64/DEBIAN/control create mode 100755 arm64/DEBIAN/postinst create mode 100755 arm64/DEBIAN/prerm create mode 100644 arm64/etc/systemd/system/gitea-runner.service create mode 100644 build.conf create mode 100755 build.sh create mode 100755 wrapper.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..be059b3 --- /dev/null +++ b/.gitignore @@ -0,0 +1,11 @@ +dist/ +*.deb +build/ +tmp/ +amd64/opt/gitea-runner/bin/gitea-runner +arm64/opt/gitea-runner/bin/gitea-runner +.DS_Store +*.swp +.codex +.codex/ +.idea/ diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..4b3aa6e --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,7 @@ +# Changelog + +## 2026-05-08 + +- Created initial Gitea Runner Debian package builder based on the existing Gitea package flow. +- Added latest-version detection via the Gitea API with explicit `GITEA_RUNNER_VERSION` and command-line overrides. +- Added signed binary download, GPG verification, checksum verification, package staging, and APT repo update logic for `amd64` and `arm64`. diff --git a/amd64/DEBIAN/control b/amd64/DEBIAN/control new file mode 100644 index 0000000..176fe1e --- /dev/null +++ b/amd64/DEBIAN/control @@ -0,0 +1,9 @@ +Package: gitea-runner +Version: 1.0.0 +Architecture: amd64 +Maintainer: Micha Espey +Depends: adduser, ca-certificates, git, gpg, jq +Replaces: act-runner, act_runner +Conflicts: act-runner, act_runner +Description: Gitea Runner - official runner for Gitea Actions + Official runner for Gitea Actions. diff --git a/amd64/DEBIAN/postinst b/amd64/DEBIAN/postinst new file mode 100755 index 0000000..4b9aac8 --- /dev/null +++ b/amd64/DEBIAN/postinst @@ -0,0 +1,18 @@ +#!/bin/sh +set -e + +if ! getent group gitea-runner >/dev/null; then + addgroup --system gitea-runner +fi + +if ! id gitea-runner >/dev/null 2>&1; then + adduser --system --home /var/lib/gitea-runner --shell /usr/sbin/nologin --ingroup gitea-runner gitea-runner +fi + +install -d -o gitea-runner -g gitea-runner -m 0750 /var/lib/gitea-runner +install -d -o root -g root -m 0755 /etc/gitea-runner + +systemctl daemon-reload +systemctl enable gitea-runner || true + +exit 0 diff --git a/amd64/DEBIAN/prerm b/amd64/DEBIAN/prerm new file mode 100755 index 0000000..d7d9d70 --- /dev/null +++ b/amd64/DEBIAN/prerm @@ -0,0 +1,6 @@ +#!/bin/sh +set -e + +systemctl stop gitea-runner || true + +exit 0 diff --git a/amd64/etc/systemd/system/gitea-runner.service b/amd64/etc/systemd/system/gitea-runner.service new file mode 100644 index 0000000..dffb0e8 --- /dev/null +++ b/amd64/etc/systemd/system/gitea-runner.service @@ -0,0 +1,18 @@ +[Unit] +Description=Gitea Actions runner +Documentation=https://gitea.com/gitea/runner +After=network.target docker.service + +[Service] +Type=simple +User=gitea-runner +Group=gitea-runner +WorkingDirectory=/var/lib/gitea-runner +ExecStart=/opt/gitea-runner/bin/gitea-runner daemon --config /etc/gitea-runner/config.yaml +ExecReload=/bin/kill -s HUP $MAINPID +TimeoutSec=0 +RestartSec=10 +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/arm64/DEBIAN/control b/arm64/DEBIAN/control new file mode 100644 index 0000000..da900c9 --- /dev/null +++ b/arm64/DEBIAN/control @@ -0,0 +1,9 @@ +Package: gitea-runner +Version: 1.0.0 +Architecture: arm64 +Maintainer: Micha Espey +Depends: adduser, ca-certificates, git, gpg, jq +Replaces: act-runner, act_runner +Conflicts: act-runner, act_runner +Description: Gitea Runner - official runner for Gitea Actions + Official runner for Gitea Actions. diff --git a/arm64/DEBIAN/postinst b/arm64/DEBIAN/postinst new file mode 100755 index 0000000..4b9aac8 --- /dev/null +++ b/arm64/DEBIAN/postinst @@ -0,0 +1,18 @@ +#!/bin/sh +set -e + +if ! getent group gitea-runner >/dev/null; then + addgroup --system gitea-runner +fi + +if ! id gitea-runner >/dev/null 2>&1; then + adduser --system --home /var/lib/gitea-runner --shell /usr/sbin/nologin --ingroup gitea-runner gitea-runner +fi + +install -d -o gitea-runner -g gitea-runner -m 0750 /var/lib/gitea-runner +install -d -o root -g root -m 0755 /etc/gitea-runner + +systemctl daemon-reload +systemctl enable gitea-runner || true + +exit 0 diff --git a/arm64/DEBIAN/prerm b/arm64/DEBIAN/prerm new file mode 100755 index 0000000..d7d9d70 --- /dev/null +++ b/arm64/DEBIAN/prerm @@ -0,0 +1,6 @@ +#!/bin/sh +set -e + +systemctl stop gitea-runner || true + +exit 0 diff --git a/arm64/etc/systemd/system/gitea-runner.service b/arm64/etc/systemd/system/gitea-runner.service new file mode 100644 index 0000000..dffb0e8 --- /dev/null +++ b/arm64/etc/systemd/system/gitea-runner.service @@ -0,0 +1,18 @@ +[Unit] +Description=Gitea Actions runner +Documentation=https://gitea.com/gitea/runner +After=network.target docker.service + +[Service] +Type=simple +User=gitea-runner +Group=gitea-runner +WorkingDirectory=/var/lib/gitea-runner +ExecStart=/opt/gitea-runner/bin/gitea-runner daemon --config /etc/gitea-runner/config.yaml +ExecReload=/bin/kill -s HUP $MAINPID +TimeoutSec=0 +RestartSec=10 +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/build.conf b/build.conf new file mode 100644 index 0000000..ce87ec2 --- /dev/null +++ b/build.conf @@ -0,0 +1,2 @@ +notify=success +email=tracer@24unix.net diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..b5b11b9 --- /dev/null +++ b/build.sh @@ -0,0 +1,143 @@ +#!/bin/bash +set -e + +PACKAGE_NAME="gitea-runner" +BINARY_NAME="gitea-runner" +DOWNLOAD_NAME="gitea-runner" +RELEASE_REPO="../gitea-runner-deb" + +resolve_version() { + if [[ -n "${1:-}" ]]; then + VERSION_SOURCE="command line argument" + VERSION="$1" + return 0 + fi + + if [[ -n "${GITEA_RUNNER_VERSION:-}" ]]; then + VERSION_SOURCE="GITEA_RUNNER_VERSION environment variable" + VERSION="${GITEA_RUNNER_VERSION}" + return 0 + fi + + if VERSION=$(curl -fsSL https://gitea.com/api/v1/repos/gitea/runner/releases/latest 2>/dev/null | jq -r '.tag_name // empty' 2>/dev/null); then + VERSION="${VERSION#v}" + if [[ "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + VERSION_SOURCE="Gitea releases API" + return 0 + fi + fi + + if VERSION=$(curl -fsSL https://dl.gitea.com/gitea-runner/version.json 2>/dev/null | jq -r '.latest.version // empty' 2>/dev/null); then + VERSION="${VERSION#v}" + if [[ "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + VERSION_SOURCE="dl.gitea.com version.json fallback" + return 0 + fi + fi + + echo "Unable to determine the latest Gitea Runner version. Set GITEA_RUNNER_VERSION or pass a version as the first argument." >&2 + exit 1 +} + +resolve_version "${1:-}" +DOWNLOAD_BASE_URL="${GITEA_RUNNER_DOWNLOAD_BASE_URL:-https://dl.gitea.com/gitea-runner/${VERSION}}" +BUILD_ROOT="build/${VERSION}" +DIST_ROOT="dist" + +echo "Current version: ${VERSION}" +echo "Version source: ${VERSION_SOURCE}" + +ARCHS=("amd64" "arm64") +FILES=("xz" "xz.asc" "xz.sha256" "xz.sha256.asc") + +prune_dist_cache() { + local arch="$1" + local dist_dir="${DIST_ROOT}/${arch}" + local keep_prefix="${DOWNLOAD_NAME}-${VERSION}-linux-${arch}." + + mkdir -p "${dist_dir}" + find "${dist_dir}" -maxdepth 1 -type f -name "${DOWNLOAD_NAME}-*" ! -name "${keep_prefix}*" -print -delete +} + +for ARCH in "${ARCHS[@]}"; do + echo "Pruning old cache entries in ${DIST_ROOT}/${ARCH}" + prune_dist_cache "${ARCH}" +done + +if [[ -f "${RELEASE_REPO}/${PACKAGE_NAME}_${VERSION}_amd64.deb" ]] && [[ -f "${RELEASE_REPO}/${PACKAGE_NAME}_${VERSION}_arm64.deb" ]]; then + echo "SKIP: Version ${VERSION} already built and present in release repo." + exit 0 +fi + +for ARCH in "${ARCHS[@]}"; do + echo "Downloading Gitea Runner ${VERSION} for ${ARCH} ..." + for FILE in "${FILES[@]}"; do + FILE_NAME="${DOWNLOAD_NAME}-${VERSION}-linux-${ARCH}.${FILE}" + FILE_URL="${DOWNLOAD_BASE_URL}/${FILE_NAME}" + TARGET_FILE="${DIST_ROOT}/${ARCH}/${FILE_NAME}" + if [[ -f "$TARGET_FILE" ]]; then + echo "File already exists: $TARGET_FILE (skipping)" + else + echo "Downloading: $FILE_URL" + wget -q "$FILE_URL" -O "$TARGET_FILE" + fi + done +done + +for ARCH in "${ARCHS[@]}"; do + echo "Verifying GPG signature for ${ARCH} ..." + gpg --verify "${DIST_ROOT}/${ARCH}/${DOWNLOAD_NAME}-${VERSION}-linux-${ARCH}.xz.asc" "${DIST_ROOT}/${ARCH}/${DOWNLOAD_NAME}-${VERSION}-linux-${ARCH}.xz" + gpg --verify "${DIST_ROOT}/${ARCH}/${DOWNLOAD_NAME}-${VERSION}-linux-${ARCH}.xz.sha256.asc" "${DIST_ROOT}/${ARCH}/${DOWNLOAD_NAME}-${VERSION}-linux-${ARCH}.xz.sha256" +done + +for ARCH in "${ARCHS[@]}"; do + echo "Verifying SHA256 checksum for ${ARCH} ..." + (cd "${DIST_ROOT}/${ARCH}" && sha256sum -c "${DOWNLOAD_NAME}-${VERSION}-linux-${ARCH}.xz.sha256") +done + +for ARCH in "${ARCHS[@]}"; do + PACKAGE_DIR="${BUILD_ROOT}/${ARCH}" + mkdir -p "${PACKAGE_DIR}" + cp -a "${ARCH}/." "${PACKAGE_DIR}/" + mkdir -p "${PACKAGE_DIR}/opt/gitea-runner/bin" + + xz -dc "${DIST_ROOT}/${ARCH}/${DOWNLOAD_NAME}-${VERSION}-linux-${ARCH}.xz" > "${PACKAGE_DIR}/opt/gitea-runner/bin/${BINARY_NAME}" || { echo "Extraction failed for ${ARCH}"; exit 1; } + + if [[ ! -s "${PACKAGE_DIR}/opt/gitea-runner/bin/${BINARY_NAME}" ]]; then + echo "Extracted file is empty for ${ARCH}. Something went wrong." + exit 1 + fi + chmod +x "${PACKAGE_DIR}/opt/gitea-runner/bin/${BINARY_NAME}" +done + +for ARCH in "${ARCHS[@]}"; do + echo "Building package for ${ARCH} ..." + PACKAGE_DIR="${BUILD_ROOT}/${ARCH}" + sed -i "s/^Version: .*/Version: ${VERSION}/" "${PACKAGE_DIR}/DEBIAN/control" + dpkg-deb --build "${PACKAGE_DIR}" "${PACKAGE_NAME}_${VERSION}_${ARCH}.deb" +done + +echo "All packages built successfully:" +ls -lh "${PACKAGE_NAME}_${VERSION}_"*.deb + +echo "Moving .deb packages to release repo ..." +mv "${PACKAGE_NAME}_${VERSION}_"*.deb "${RELEASE_REPO}/" + +( + cd "${RELEASE_REPO}" + + echo "Updating APT package index ..." + dpkg-scanpackages --multiversion . override > Packages + dpkg-scanpackages --multiversion . override | gzip -9c > Packages.gz + + echo "Generating Release file ..." + apt-ftparchive -c=apt-release.conf release . > Release + + git add --all . + if ! git diff --cached --quiet; then + echo "Committing release ..." + git commit -m "Release Gitea Runner ${VERSION}" + else + echo "No changes to commit." + fi +) diff --git a/wrapper.sh b/wrapper.sh new file mode 100755 index 0000000..d2c0375 --- /dev/null +++ b/wrapper.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +CONFIG_FILE="/home/users/tracer/gitea-runner-deb-builder/build.conf" +source "$CONFIG_FILE" + +OUTPUT=$(/bin/bash /home/users/tracer/gitea-runner-deb-builder/build.sh 2>&1) +EXIT_CODE=$? + +if [[ "$notify" == "never" ]]; then + exit $EXIT_CODE +fi + +if [[ "$notify" == "error" && $EXIT_CODE -ne 0 ]]; then + SUBJECT="[Gitea Runner Build] Failed" + echo "$OUTPUT" | mail -s "$SUBJECT" "$email" + exit $EXIT_CODE +fi + +if echo "$OUTPUT" | grep -q '^SKIP:'; then + if [[ "$notify" == "error" || "$notify" == "success" ]]; then + exit 0 + fi +fi + +if [[ "$notify" == "success" && $EXIT_CODE -eq 0 ]]; then + SUBJECT="[Gitea Runner Build] Success" + echo "$OUTPUT" | mail -s "$SUBJECT" "$email" + exit 0 +fi + +SUBJECT="[Gitea Runner Build] Run result: $( [[ $EXIT_CODE -eq 0 ]] && echo Success || echo Failure )" +echo "$OUTPUT" | mail -s "$SUBJECT" "$email" + +exit $EXIT_CODE