Initial Gitea Runner Debian builder

.gitignore

@@ -0,0 +1,11 @@
+dist/
+*.deb
+build/
+tmp/
+amd64/opt/gitea-runner/bin/gitea-runner
+arm64/opt/gitea-runner/bin/gitea-runner
+.DS_Store
+*.swp
+.codex
+.codex/
+.idea/

CHANGELOG.md

@@ -0,0 +1,7 @@
+# Changelog
+
+## 2026-05-08
+
+- Created initial Gitea Runner Debian package builder based on the existing Gitea package flow.
+- Added latest-version detection via the Gitea API with explicit `GITEA_RUNNER_VERSION` and command-line overrides.
+- Added signed binary download, GPG verification, checksum verification, package staging, and APT repo update logic for `amd64` and `arm64`.

amd64/DEBIAN/control

@@ -0,0 +1,9 @@
+Package: gitea-runner
+Version: 1.0.0
+Architecture: amd64
+Maintainer: Micha Espey <tracer@24unix.net>
+Depends: adduser, ca-certificates, git, gpg, jq
+Replaces: act-runner, act_runner
+Conflicts: act-runner, act_runner
+Description: Gitea Runner - official runner for Gitea Actions
+ Official runner for Gitea Actions.

amd64/DEBIAN/postinst

@@ -0,0 +1,18 @@
+#!/bin/sh
+set -e
+
+if ! getent group gitea-runner >/dev/null; then
+    addgroup --system gitea-runner
+fi
+
+if ! id gitea-runner >/dev/null 2>&1; then
+    adduser --system --home /var/lib/gitea-runner --shell /usr/sbin/nologin --ingroup gitea-runner gitea-runner
+fi
+
+install -d -o gitea-runner -g gitea-runner -m 0750 /var/lib/gitea-runner
+install -d -o root -g root -m 0755 /etc/gitea-runner
+
+systemctl daemon-reload
+systemctl enable gitea-runner || true
+
+exit 0

amd64/DEBIAN/prerm

@@ -0,0 +1,6 @@
+#!/bin/sh
+set -e
+
+systemctl stop gitea-runner || true
+
+exit 0

amd64/etc/systemd/system/gitea-runner.service

@@ -0,0 +1,18 @@
+[Unit]
+Description=Gitea Actions runner
+Documentation=https://gitea.com/gitea/runner
+After=network.target docker.service
+
+[Service]
+Type=simple
+User=gitea-runner
+Group=gitea-runner
+WorkingDirectory=/var/lib/gitea-runner
+ExecStart=/opt/gitea-runner/bin/gitea-runner daemon --config /etc/gitea-runner/config.yaml
+ExecReload=/bin/kill -s HUP $MAINPID
+TimeoutSec=0
+RestartSec=10
+Restart=always
+
+[Install]
+WantedBy=multi-user.target

arm64/DEBIAN/control

@@ -0,0 +1,9 @@
+Package: gitea-runner
+Version: 1.0.0
+Architecture: arm64
+Maintainer: Micha Espey <tracer@24unix.net>
+Depends: adduser, ca-certificates, git, gpg, jq
+Replaces: act-runner, act_runner
+Conflicts: act-runner, act_runner
+Description: Gitea Runner - official runner for Gitea Actions
+ Official runner for Gitea Actions.

arm64/DEBIAN/postinst

@@ -0,0 +1,18 @@
+#!/bin/sh
+set -e
+
+if ! getent group gitea-runner >/dev/null; then
+    addgroup --system gitea-runner
+fi
+
+if ! id gitea-runner >/dev/null 2>&1; then
+    adduser --system --home /var/lib/gitea-runner --shell /usr/sbin/nologin --ingroup gitea-runner gitea-runner
+fi
+
+install -d -o gitea-runner -g gitea-runner -m 0750 /var/lib/gitea-runner
+install -d -o root -g root -m 0755 /etc/gitea-runner
+
+systemctl daemon-reload
+systemctl enable gitea-runner || true
+
+exit 0

arm64/DEBIAN/prerm

@@ -0,0 +1,6 @@
+#!/bin/sh
+set -e
+
+systemctl stop gitea-runner || true
+
+exit 0

arm64/etc/systemd/system/gitea-runner.service

@@ -0,0 +1,18 @@
+[Unit]
+Description=Gitea Actions runner
+Documentation=https://gitea.com/gitea/runner
+After=network.target docker.service
+
+[Service]
+Type=simple
+User=gitea-runner
+Group=gitea-runner
+WorkingDirectory=/var/lib/gitea-runner
+ExecStart=/opt/gitea-runner/bin/gitea-runner daemon --config /etc/gitea-runner/config.yaml
+ExecReload=/bin/kill -s HUP $MAINPID
+TimeoutSec=0
+RestartSec=10
+Restart=always
+
+[Install]
+WantedBy=multi-user.target

build.conf

@@ -0,0 +1,2 @@
+notify=success
+email=tracer@24unix.net

build.sh

@@ -0,0 +1,143 @@
+#!/bin/bash
+set -e
+
+PACKAGE_NAME="gitea-runner"
+BINARY_NAME="gitea-runner"
+DOWNLOAD_NAME="gitea-runner"
+RELEASE_REPO="../gitea-runner-deb"
+
+resolve_version() {
+    if [[ -n "${1:-}" ]]; then
+        VERSION_SOURCE="command line argument"
+        VERSION="$1"
+        return 0
+    fi
+
+    if [[ -n "${GITEA_RUNNER_VERSION:-}" ]]; then
+        VERSION_SOURCE="GITEA_RUNNER_VERSION environment variable"
+        VERSION="${GITEA_RUNNER_VERSION}"
+        return 0
+    fi
+
+    if VERSION=$(curl -fsSL https://gitea.com/api/v1/repos/gitea/runner/releases/latest 2>/dev/null | jq -r '.tag_name // empty' 2>/dev/null); then
+        VERSION="${VERSION#v}"
+        if [[ "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            VERSION_SOURCE="Gitea releases API"
+            return 0
+        fi
+    fi
+
+    if VERSION=$(curl -fsSL https://dl.gitea.com/gitea-runner/version.json 2>/dev/null | jq -r '.latest.version // empty' 2>/dev/null); then
+        VERSION="${VERSION#v}"
+        if [[ "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            VERSION_SOURCE="dl.gitea.com version.json fallback"
+            return 0
+        fi
+    fi
+
+    echo "Unable to determine the latest Gitea Runner version. Set GITEA_RUNNER_VERSION or pass a version as the first argument." >&2
+    exit 1
+}
+
+resolve_version "${1:-}"
+DOWNLOAD_BASE_URL="${GITEA_RUNNER_DOWNLOAD_BASE_URL:-https://dl.gitea.com/gitea-runner/${VERSION}}"
+BUILD_ROOT="build/${VERSION}"
+DIST_ROOT="dist"
+
+echo "Current version: ${VERSION}"
+echo "Version source: ${VERSION_SOURCE}"
+
+ARCHS=("amd64" "arm64")
+FILES=("xz" "xz.asc" "xz.sha256" "xz.sha256.asc")
+
+prune_dist_cache() {
+    local arch="$1"
+    local dist_dir="${DIST_ROOT}/${arch}"
+    local keep_prefix="${DOWNLOAD_NAME}-${VERSION}-linux-${arch}."
+
+    mkdir -p "${dist_dir}"
+    find "${dist_dir}" -maxdepth 1 -type f -name "${DOWNLOAD_NAME}-*" ! -name "${keep_prefix}*" -print -delete
+}
+
+for ARCH in "${ARCHS[@]}"; do
+    echo "Pruning old cache entries in ${DIST_ROOT}/${ARCH}"
+    prune_dist_cache "${ARCH}"
+done
+
+if [[ -f "${RELEASE_REPO}/${PACKAGE_NAME}_${VERSION}_amd64.deb" ]] && [[ -f "${RELEASE_REPO}/${PACKAGE_NAME}_${VERSION}_arm64.deb" ]]; then
+    echo "SKIP: Version ${VERSION} already built and present in release repo."
+    exit 0
+fi
+
+for ARCH in "${ARCHS[@]}"; do
+    echo "Downloading Gitea Runner ${VERSION} for ${ARCH} ..."
+    for FILE in "${FILES[@]}"; do
+        FILE_NAME="${DOWNLOAD_NAME}-${VERSION}-linux-${ARCH}.${FILE}"
+        FILE_URL="${DOWNLOAD_BASE_URL}/${FILE_NAME}"
+        TARGET_FILE="${DIST_ROOT}/${ARCH}/${FILE_NAME}"
+        if [[ -f "$TARGET_FILE" ]]; then
+            echo "File already exists: $TARGET_FILE (skipping)"
+        else
+            echo "Downloading: $FILE_URL"
+            wget -q "$FILE_URL" -O "$TARGET_FILE"
+        fi
+    done
+done
+
+for ARCH in "${ARCHS[@]}"; do
+    echo "Verifying GPG signature for ${ARCH} ..."
+    gpg --verify "${DIST_ROOT}/${ARCH}/${DOWNLOAD_NAME}-${VERSION}-linux-${ARCH}.xz.asc" "${DIST_ROOT}/${ARCH}/${DOWNLOAD_NAME}-${VERSION}-linux-${ARCH}.xz"
+    gpg --verify "${DIST_ROOT}/${ARCH}/${DOWNLOAD_NAME}-${VERSION}-linux-${ARCH}.xz.sha256.asc" "${DIST_ROOT}/${ARCH}/${DOWNLOAD_NAME}-${VERSION}-linux-${ARCH}.xz.sha256"
+done
+
+for ARCH in "${ARCHS[@]}"; do
+    echo "Verifying SHA256 checksum for ${ARCH} ..."
+    (cd "${DIST_ROOT}/${ARCH}" && sha256sum -c "${DOWNLOAD_NAME}-${VERSION}-linux-${ARCH}.xz.sha256")
+done
+
+for ARCH in "${ARCHS[@]}"; do
+    PACKAGE_DIR="${BUILD_ROOT}/${ARCH}"
+    mkdir -p "${PACKAGE_DIR}"
+    cp -a "${ARCH}/." "${PACKAGE_DIR}/"
+    mkdir -p "${PACKAGE_DIR}/opt/gitea-runner/bin"
+
+    xz -dc "${DIST_ROOT}/${ARCH}/${DOWNLOAD_NAME}-${VERSION}-linux-${ARCH}.xz" > "${PACKAGE_DIR}/opt/gitea-runner/bin/${BINARY_NAME}" || { echo "Extraction failed for ${ARCH}"; exit 1; }
+
+    if [[ ! -s "${PACKAGE_DIR}/opt/gitea-runner/bin/${BINARY_NAME}" ]]; then
+        echo "Extracted file is empty for ${ARCH}. Something went wrong."
+        exit 1
+    fi
+    chmod +x "${PACKAGE_DIR}/opt/gitea-runner/bin/${BINARY_NAME}"
+done
+
+for ARCH in "${ARCHS[@]}"; do
+    echo "Building package for ${ARCH} ..."
+    PACKAGE_DIR="${BUILD_ROOT}/${ARCH}"
+    sed -i "s/^Version: .*/Version: ${VERSION}/" "${PACKAGE_DIR}/DEBIAN/control"
+    dpkg-deb --build "${PACKAGE_DIR}" "${PACKAGE_NAME}_${VERSION}_${ARCH}.deb"
+done
+
+echo "All packages built successfully:"
+ls -lh "${PACKAGE_NAME}_${VERSION}_"*.deb
+
+echo "Moving .deb packages to release repo ..."
+mv "${PACKAGE_NAME}_${VERSION}_"*.deb "${RELEASE_REPO}/"
+
+(
+    cd "${RELEASE_REPO}"
+
+    echo "Updating APT package index ..."
+    dpkg-scanpackages --multiversion . override > Packages
+    dpkg-scanpackages --multiversion . override | gzip -9c > Packages.gz
+
+    echo "Generating Release file ..."
+    apt-ftparchive -c=apt-release.conf release . > Release
+
+    git add --all .
+    if ! git diff --cached --quiet; then
+        echo "Committing release ..."
+        git commit -m "Release Gitea Runner ${VERSION}"
+    else
+        echo "No changes to commit."
+    fi
+)

wrapper.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+CONFIG_FILE="/home/users/tracer/gitea-runner-deb-builder/build.conf"
+source "$CONFIG_FILE"
+
+OUTPUT=$(/bin/bash /home/users/tracer/gitea-runner-deb-builder/build.sh 2>&1)
+EXIT_CODE=$?
+
+if [[ "$notify" == "never" ]]; then
+    exit $EXIT_CODE
+fi
+
+if [[ "$notify" == "error" && $EXIT_CODE -ne 0 ]]; then
+    SUBJECT="[Gitea Runner Build] Failed"
+    echo "$OUTPUT" | mail -s "$SUBJECT" "$email"
+    exit $EXIT_CODE
+fi
+
+if echo "$OUTPUT" | grep -q '^SKIP:'; then
+    if [[ "$notify" == "error" || "$notify" == "success" ]]; then
+        exit 0
+    fi
+fi
+
+if [[ "$notify" == "success" && $EXIT_CODE -eq 0 ]]; then
+    SUBJECT="[Gitea Runner Build] Success"
+    echo "$OUTPUT" | mail -s "$SUBJECT" "$email"
+    exit 0
+fi
+
+SUBJECT="[Gitea Runner Build] Run result: $( [[ $EXIT_CODE -eq 0 ]] && echo Success || echo Failure )"
+echo "$OUTPUT" | mail -s "$SUBJECT" "$email"
+
+exit $EXIT_CODE