From eaab8c061a5e2f7505598da18c851cd5559e841d Mon Sep 17 00:00:00 2001 From: Eric Gullickson <16152721+ericgullickson@users.noreply.github.com> Date: Mon, 29 Dec 2025 21:09:32 -0600 Subject: [PATCH] feat: Update to Gitea CI/CD --- .gitea/workflows/production.yaml | 2 +- .gitea/workflows/staging.yaml | 4 +- docs/BUILD-SERVER-SETUP.md | 2 +- docs/CICD-DEPLOY.md | 3 +- scripts/ci/ansible/config.yaml.j2 | 41 +++ .../ci/ansible/deploy-production-runner.yml | 338 ++++++++++++++++++ scripts/ci/ansible/deploy-staging-runner.yml | 319 +++++++++++++++++ scripts/ci/ansible/inventory.yml | 44 +++ scripts/ci/ansible/inventory.yml.example | 48 +++ 9 files changed, 795 insertions(+), 6 deletions(-) create mode 100644 scripts/ci/ansible/config.yaml.j2 create mode 100644 scripts/ci/ansible/deploy-production-runner.yml create mode 100644 scripts/ci/ansible/deploy-staging-runner.yml create mode 100644 scripts/ci/ansible/inventory.yml create mode 100644 scripts/ci/ansible/inventory.yml.example diff --git a/.gitea/workflows/production.yaml b/.gitea/workflows/production.yaml index 22f6679..1a4e6c5 100644 --- a/.gitea/workflows/production.yaml +++ b/.gitea/workflows/production.yaml @@ -26,7 +26,7 @@ jobs: # ============================================ validate: name: Validate Prerequisites - runs-on: mvp-prod + runs-on: prod outputs: target_stack: ${{ steps.determine-stack.outputs.target_stack }} backend_image: ${{ steps.set-images.outputs.backend_image }} diff --git a/.gitea/workflows/staging.yaml b/.gitea/workflows/staging.yaml index 8b628d7..4c975ee 100644 --- a/.gitea/workflows/staging.yaml +++ b/.gitea/workflows/staging.yaml @@ -83,7 +83,7 @@ jobs: # ============================================ deploy-staging: name: Deploy to Staging - runs-on: mvp-build + runs-on: stage needs: build env: BACKEND_IMAGE: ${{ needs.build.outputs.backend_image }} @@ -102,7 +102,7 @@ jobs: chmod +x scripts/inject-secrets.sh SECRETS_DIR="$DEPLOY_PATH/secrets/staging" ./scripts/inject-secrets.sh env: - POSTGRES_PASSWORD: ${{ secrets.STAGING_POSTGRES_PASSWORD }} + POSTGRES_PASSWORD: ${{ secrets.OSTGRES_PASSWORD }} AUTH0_CLIENT_SECRET: ${{ secrets.AUTH0_CLIENT_SECRET }} AUTH0_MANAGEMENT_CLIENT_ID: ${{ secrets.AUTH0_MANAGEMENT_CLIENT_ID }} AUTH0_MANAGEMENT_CLIENT_SECRET: ${{ secrets.AUTH0_MANAGEMENT_CLIENT_SECRET }} diff --git a/docs/BUILD-SERVER-SETUP.md b/docs/BUILD-SERVER-SETUP.md index 84362f0..c3e8bf2 100644 --- a/docs/BUILD-SERVER-SETUP.md +++ b/docs/BUILD-SERVER-SETUP.md @@ -81,7 +81,7 @@ docker compose version ```bash # Download act_runner binary -curl -L https://gitea.com/gitea/act_runner/releases/download/v0.2.12/act_runner-0.2.12-linux-amd64 -o /tmp/act_runner +curl -L https://gitea.com/gitea/act_runner/releases/download/v0.2.13/act_runner-0.2.13-linux-amd64 -o /tmp/act_runner sudo mv /tmp/act_runner /usr/local/bin/act_runner sudo chmod +x /usr/local/bin/act_runner diff --git a/docs/CICD-DEPLOY.md b/docs/CICD-DEPLOY.md index e046bd0..870c5e2 100644 --- a/docs/CICD-DEPLOY.md +++ b/docs/CICD-DEPLOY.md @@ -172,8 +172,7 @@ Navigate to: `git.motovaultpro.com/egullickson/motovaultpro/settings/actions/sec |--------|-------------| | `REGISTRY_USER` | Gitea username (egullickson) | | `REGISTRY_PASSWORD` | Gitea access token | -| `POSTGRES_PASSWORD` | Production PostgreSQL password | -| `STAGING_POSTGRES_PASSWORD` | Staging PostgreSQL password | +| `POSTGRES_PASSWORD` | PostgreSQL password | | `AUTH0_CLIENT_SECRET` | Auth0 secret | | `AUTH0_MANAGEMENT_CLIENT_ID` | Auth0 Management API ID | | `AUTH0_MANAGEMENT_CLIENT_SECRET` | Auth0 Management API secret | diff --git a/scripts/ci/ansible/config.yaml.j2 b/scripts/ci/ansible/config.yaml.j2 new file mode 100644 index 0000000..15752df --- /dev/null +++ b/scripts/ci/ansible/config.yaml.j2 @@ -0,0 +1,41 @@ +# act_runner configuration template +# Managed by Ansible - do not edit manually + +log: + level: info + +runner: + file: .runner + capacity: 1 + envs: {} + env_file: .env + timeout: 3h + shutdown_timeout: 0s + insecure: false + fetch_timeout: 5s + fetch_interval: 2s + github_mirror: '' + labels: + - "{{ runner_labels }}" + +cache: + enabled: true + dir: "" + host: "" + port: 0 + external_server: "" + +container: + network: "" + privileged: false + options: + workdir_parent: + valid_volumes: [] + docker_host: "" + force_pull: true + force_rebuild: false + require_docker: false + docker_timeout: 0s + +host: + workdir_parent: diff --git a/scripts/ci/ansible/deploy-production-runner.yml b/scripts/ci/ansible/deploy-production-runner.yml new file mode 100644 index 0000000..77125e3 --- /dev/null +++ b/scripts/ci/ansible/deploy-production-runner.yml @@ -0,0 +1,338 @@ +--- +# MotoVaultPro Production Runner Deployment Playbook +# Deploys act_runner for Gitea Actions on the production server +# +# Usage: +# ansible-playbook -i inventory.yml deploy-production-runner.yml --ask-become-pass +# +# Required variables (set in inventory or pass with -e): +# gitea_runner_token: Registration token from Gitea +# gitea_registry_token: Access token for package registry +# gitea_username: Username for registry login (default: egullickson) +# +# Optional variables: +# act_runner_version: Version of act_runner to install (default: 0.2.13) +# gitea_instance: Gitea server URL (default: https://git.motovaultpro.com) + +- name: Deploy MotoVaultPro Production Runner + hosts: production + become: true + vars: + act_runner_version: "0.2.13" + gitea_instance: "https://git.motovaultpro.com" + gitea_username: "egullickson" + runner_name: "Production Server" + runner_labels: "prod:host" + app_root: "/opt/motovaultpro" + repo_url: "https://git.motovaultpro.com/egullickson/motovaultpro.git" + + tasks: + # ============================================ + # System Update and Prerequisites + # ============================================ + - name: Update apt cache + apt: + update_cache: true + cache_valid_time: 3600 + + - name: Upgrade all packages + apt: + upgrade: dist + when: upgrade_packages | default(false) + + - name: Install required packages + apt: + name: + - curl + - git + - ca-certificates + - gnupg + - jq + state: present + + # ============================================ + # Docker Installation + # ============================================ + - name: Create keyrings directory + file: + path: /etc/apt/keyrings + state: directory + mode: '0755' + + - name: Add Docker GPG key + shell: | + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg + chmod a+r /etc/apt/keyrings/docker.gpg + args: + creates: /etc/apt/keyrings/docker.gpg + + - name: Get Ubuntu codename + command: lsb_release -cs + register: ubuntu_codename + changed_when: false + + - name: Get architecture + command: dpkg --print-architecture + register: system_arch + changed_when: false + + - name: Add Docker repository + apt_repository: + repo: "deb [arch={{ system_arch.stdout }} signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ubuntu_codename.stdout }} stable" + state: present + filename: docker + + - name: Install Docker packages + apt: + name: + - docker-ce + - docker-ce-cli + - containerd.io + - docker-buildx-plugin + - docker-compose-plugin + state: present + update_cache: true + + - name: Ensure Docker service is running + systemd: + name: docker + state: started + enabled: true + + # ============================================ + # act_runner Installation + # ============================================ + - name: Download act_runner binary + get_url: + url: "https://gitea.com/gitea/act_runner/releases/download/v{{ act_runner_version }}/act_runner-{{ act_runner_version }}-linux-amd64" + dest: /usr/local/bin/act_runner + mode: '0755' + + - name: Verify act_runner installation + command: act_runner --version + register: act_runner_check + changed_when: false + + - name: Display act_runner version + debug: + msg: "act_runner version: {{ act_runner_check.stdout }}" + + # ============================================ + # act_runner User Setup + # ============================================ + - name: Create act_runner user + user: + name: act_runner + system: true + shell: /bin/bash + create_home: true + + - name: Add act_runner to docker group + user: + name: act_runner + groups: docker + append: true + + - name: Create act_runner config directory + file: + path: /etc/act_runner + state: directory + owner: act_runner + group: act_runner + mode: '0755' + + # ============================================ + # Runner Registration + # ============================================ + - name: Check if runner is already registered + stat: + path: /etc/act_runner/.runner + register: runner_registered + + - name: Deploy act_runner config + template: + src: config.yaml.j2 + dest: /etc/act_runner/config.yaml + owner: act_runner + group: act_runner + mode: '0644' + notify: Restart act_runner + + - name: Register runner with Gitea + shell: | + su - act_runner -c "cd /etc/act_runner && act_runner register --no-interactive \ + --instance {{ gitea_instance }} \ + --token {{ gitea_runner_token }} \ + --name '{{ runner_name }}' \ + --labels '{{ runner_labels }}'" + when: not runner_registered.stat.exists + no_log: true + + # ============================================ + # Systemd Service + # ============================================ + - name: Create act_runner systemd service + copy: + dest: /etc/systemd/system/act_runner.service + content: | + [Unit] + Description=Gitea Actions Runner + After=docker.service network.target + + [Service] + ExecStart=/usr/local/bin/act_runner daemon --config /etc/act_runner/config.yaml + WorkingDirectory=/etc/act_runner + User=act_runner + Group=act_runner + Restart=always + RestartSec=10 + + [Install] + WantedBy=multi-user.target + mode: '0644' + notify: Restart act_runner + + - name: Enable and start act_runner service + systemd: + name: act_runner + state: started + enabled: true + daemon_reload: true + + # ============================================ + # Production Environment Setup + # ============================================ + - name: Create application directory + file: + path: "{{ app_root }}" + state: directory + owner: act_runner + group: act_runner + mode: '0755' + + - name: Clone repository + shell: | + if [ ! -d "{{ app_root }}/.git" ]; then + su - act_runner -c "git clone {{ repo_url }} {{ app_root }}" + fi + args: + creates: "{{ app_root }}/.git" + + - name: Create production secrets directory + file: + path: "{{ app_root }}/secrets/production" + state: directory + owner: act_runner + group: act_runner + mode: '0700' + + - name: Create data directories + file: + path: "{{ app_root }}/{{ item }}" + state: directory + owner: '1001' + group: '1001' + mode: '0755' + loop: + - data/backups + - data/documents + + # ============================================ + # Docker Registry Authentication + # ============================================ + - name: Create Docker config directory for act_runner + file: + path: /home/act_runner/.docker + state: directory + owner: act_runner + group: act_runner + mode: '0700' + + - name: Configure Docker registry authentication + copy: + dest: /home/act_runner/.docker/config.json + content: | + { + "auths": { + "git.motovaultpro.com": { + "auth": "{{ (gitea_username + ':' + gitea_registry_token) | b64encode }}" + } + } + } + owner: act_runner + group: act_runner + mode: '0600' + no_log: true + when: gitea_registry_token is defined + + # ============================================ + # Maintenance Scripts + # ============================================ + - name: Create Docker cleanup script + copy: + dest: /usr/local/bin/docker-cleanup.sh + content: | + #!/bin/bash + # Remove unused Docker resources older than 7 days + docker system prune -af --filter "until=168h" + docker volume prune -f + mode: '0755' + + - name: Schedule Docker cleanup cron job + cron: + name: "Docker cleanup" + minute: "0" + hour: "3" + job: "/usr/local/bin/docker-cleanup.sh >> /var/log/docker-cleanup.log 2>&1" + + # ============================================ + # Production-Specific Security Hardening + # ============================================ + - name: Set restrictive permissions on secrets + file: + path: "{{ app_root }}/secrets" + state: directory + owner: act_runner + group: act_runner + mode: '0700' + recurse: true + + - name: Ensure no world-readable files in secrets + shell: find {{ app_root }}/secrets -type f -exec chmod 600 {} \; + changed_when: false + + handlers: + - name: Restart act_runner + systemd: + name: act_runner + state: restarted + daemon_reload: true + + post_tasks: + - name: Display runner status + command: systemctl status act_runner + register: runner_status + changed_when: false + ignore_errors: true + + - name: Show deployment summary + debug: + msg: | + ================================================ + Production Runner Deployment Complete + ================================================ + Runner Name: {{ runner_name }} + Runner Labels: {{ runner_labels }} + Gitea Instance: {{ gitea_instance }} + Application Root: {{ app_root }} + + Verify at: {{ gitea_instance }}/egullickson/motovaultpro/settings/actions/runners + + Useful commands: + sudo systemctl status act_runner + sudo journalctl -u act_runner -f + docker ps + + IMPORTANT: Ensure production secrets are configured in: + {{ app_root }}/secrets/production/ + ================================================ diff --git a/scripts/ci/ansible/deploy-staging-runner.yml b/scripts/ci/ansible/deploy-staging-runner.yml new file mode 100644 index 0000000..440490b --- /dev/null +++ b/scripts/ci/ansible/deploy-staging-runner.yml @@ -0,0 +1,319 @@ +--- +# MotoVaultPro Staging/Build Runner Deployment Playbook +# Deploys act_runner for Gitea Actions on the build/staging server +# +# Usage: +# ansible-playbook -i inventory.yml deploy-staging-runner.yml --ask-become-pass +# +# Required variables (set in inventory or pass with -e): +# gitea_runner_token: Registration token from Gitea +# gitea_registry_token: Access token for package registry +# gitea_username: Username for registry login (default: egullickson) +# +# Optional variables: +# act_runner_version: Version of act_runner to install (default: 0.2.13) +# gitea_instance: Gitea server URL (default: https://git.motovaultpro.com) + +- name: Deploy MotoVaultPro Staging/Build Runner + hosts: staging + become: true + vars: + act_runner_version: "0.2.13" + gitea_instance: "https://git.motovaultpro.com" + gitea_username: "egullickson" + runner_name: "Build/Staging Server" + runner_labels: "stage:host" + app_root: "/opt/motovaultpro" + repo_url: "https://git.motovaultpro.com/egullickson/motovaultpro.git" + + tasks: + # ============================================ + # System Update and Prerequisites + # ============================================ + - name: Update apt cache + apt: + update_cache: true + cache_valid_time: 3600 + + - name: Upgrade all packages + apt: + upgrade: dist + when: upgrade_packages | default(false) + + - name: Install required packages + apt: + name: + - curl + - git + - ca-certificates + - gnupg + - jq + state: present + + # ============================================ + # Docker Installation + # ============================================ + - name: Create keyrings directory + file: + path: /etc/apt/keyrings + state: directory + mode: '0755' + + - name: Add Docker GPG key + shell: | + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg + chmod a+r /etc/apt/keyrings/docker.gpg + args: + creates: /etc/apt/keyrings/docker.gpg + + - name: Get Ubuntu codename + command: lsb_release -cs + register: ubuntu_codename + changed_when: false + + - name: Get architecture + command: dpkg --print-architecture + register: system_arch + changed_when: false + + - name: Add Docker repository + apt_repository: + repo: "deb [arch={{ system_arch.stdout }} signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ubuntu_codename.stdout }} stable" + state: present + filename: docker + + - name: Install Docker packages + apt: + name: + - docker-ce + - docker-ce-cli + - containerd.io + - docker-buildx-plugin + - docker-compose-plugin + state: present + update_cache: true + + - name: Ensure Docker service is running + systemd: + name: docker + state: started + enabled: true + + # ============================================ + # act_runner Installation + # ============================================ + - name: Download act_runner binary + get_url: + url: "https://gitea.com/gitea/act_runner/releases/download/v{{ act_runner_version }}/act_runner-{{ act_runner_version }}-linux-amd64" + dest: /usr/local/bin/act_runner + mode: '0755' + + - name: Verify act_runner installation + command: act_runner --version + register: act_runner_check + changed_when: false + + - name: Display act_runner version + debug: + msg: "act_runner version: {{ act_runner_check.stdout }}" + + # ============================================ + # act_runner User Setup + # ============================================ + - name: Create act_runner user + user: + name: act_runner + system: true + shell: /bin/bash + create_home: true + + - name: Add act_runner to docker group + user: + name: act_runner + groups: docker + append: true + + - name: Create act_runner config directory + file: + path: /etc/act_runner + state: directory + owner: act_runner + group: act_runner + mode: '0755' + + # ============================================ + # Runner Registration + # ============================================ + - name: Check if runner is already registered + stat: + path: /etc/act_runner/.runner + register: runner_registered + + - name: Deploy act_runner config + template: + src: config.yaml.j2 + dest: /etc/act_runner/config.yaml + owner: act_runner + group: act_runner + mode: '0644' + notify: Restart act_runner + + - name: Register runner with Gitea + shell: | + su - act_runner -c "cd /etc/act_runner && act_runner register --no-interactive \ + --instance {{ gitea_instance }} \ + --token {{ gitea_runner_token }} \ + --name '{{ runner_name }}' \ + --labels '{{ runner_labels }}'" + when: not runner_registered.stat.exists + no_log: true + + # ============================================ + # Systemd Service + # ============================================ + - name: Create act_runner systemd service + copy: + dest: /etc/systemd/system/act_runner.service + content: | + [Unit] + Description=Gitea Actions Runner + After=docker.service network.target + + [Service] + ExecStart=/usr/local/bin/act_runner daemon --config /etc/act_runner/config.yaml + WorkingDirectory=/etc/act_runner + User=act_runner + Group=act_runner + Restart=always + RestartSec=10 + + [Install] + WantedBy=multi-user.target + mode: '0644' + notify: Restart act_runner + + - name: Enable and start act_runner service + systemd: + name: act_runner + state: started + enabled: true + daemon_reload: true + + # ============================================ + # Staging Environment Setup + # ============================================ + - name: Create application directory + file: + path: "{{ app_root }}" + state: directory + owner: act_runner + group: act_runner + mode: '0755' + + - name: Clone repository + shell: | + if [ ! -d "{{ app_root }}/.git" ]; then + su - act_runner -c "git clone {{ repo_url }} {{ app_root }}" + fi + args: + creates: "{{ app_root }}/.git" + + - name: Create staging secrets directory + file: + path: "{{ app_root }}/secrets/staging" + state: directory + owner: act_runner + group: act_runner + mode: '0700' + + - name: Create data directories + file: + path: "{{ app_root }}/{{ item }}" + state: directory + owner: '1001' + group: '1001' + mode: '0755' + loop: + - data/backups + - data/documents + + # ============================================ + # Docker Registry Authentication + # ============================================ + - name: Create Docker config directory for act_runner + file: + path: /home/act_runner/.docker + state: directory + owner: act_runner + group: act_runner + mode: '0700' + + - name: Configure Docker registry authentication + copy: + dest: /home/act_runner/.docker/config.json + content: | + { + "auths": { + "git.motovaultpro.com": { + "auth": "{{ (gitea_username + ':' + gitea_registry_token) | b64encode }}" + } + } + } + owner: act_runner + group: act_runner + mode: '0600' + no_log: true + when: gitea_registry_token is defined + + # ============================================ + # Maintenance Scripts + # ============================================ + - name: Create Docker cleanup script + copy: + dest: /usr/local/bin/docker-cleanup.sh + content: | + #!/bin/bash + # Remove unused Docker resources older than 7 days + docker system prune -af --filter "until=168h" + docker volume prune -f + mode: '0755' + + - name: Schedule Docker cleanup cron job + cron: + name: "Docker cleanup" + minute: "0" + hour: "3" + job: "/usr/local/bin/docker-cleanup.sh >> /var/log/docker-cleanup.log 2>&1" + + handlers: + - name: Restart act_runner + systemd: + name: act_runner + state: restarted + daemon_reload: true + + post_tasks: + - name: Display runner status + command: systemctl status act_runner + register: runner_status + changed_when: false + ignore_errors: true + + - name: Show deployment summary + debug: + msg: | + ================================================ + Staging/Build Runner Deployment Complete + ================================================ + Runner Name: {{ runner_name }} + Runner Labels: {{ runner_labels }} + Gitea Instance: {{ gitea_instance }} + Application Root: {{ app_root }} + + Verify at: {{ gitea_instance }}/egullickson/motovaultpro/settings/actions/runners + + Useful commands: + sudo systemctl status act_runner + sudo journalctl -u act_runner -f + docker ps + ================================================ diff --git a/scripts/ci/ansible/inventory.yml b/scripts/ci/ansible/inventory.yml new file mode 100644 index 0000000..dc1e91b --- /dev/null +++ b/scripts/ci/ansible/inventory.yml @@ -0,0 +1,44 @@ +--- +# MotoVaultPro Ansible Inventory Example +# Copy this file to inventory.yml and fill in your values +# +# Usage: +# cp inventory.yml.example inventory.yml +# # Edit inventory.yml with your server IPs and tokens +# ansible-playbook -i inventory.yml deploy-staging-runner.yml --ask-become-pass + +all: + children: + staging: + hosts: + staging.motovaultpro.com: + ansible_host: "172.30.1.37" + + # Required: Get from Gitea -> Settings -> Actions -> Runners + gitea_runner_token: "szyvEDd2rRh4BettOTKORD1n2Vh47P1RIH19wLYN" + + # Required: Get from Gitea -> Settings -> Applications + # Needs read:packages and write:packages scopes + gitea_registry_token: "0ca4ca2b6e84cf53df778ed7eed30d1e1900dcef" + + # Optional overrides + # gitea_username: "egullickson" + # act_runner_version: "0.2.13" + # upgrade_packages: false + + production: + hosts: + motovaultpro.com: + ansible_host: "172.30.1.36" + + # Required: Get from Gitea -> Settings -> Actions -> Runners + gitea_runner_token: "OTwUZsoEUBjomGUVrOU4NxpYiUf2yQcEfYprt6rU" + + # Required: Get from Gitea -> Settings -> Applications + # Needs read:packages and write:packages scopes + gitea_registry_token: "0ca4ca2b6e84cf53df778ed7eed30d1e1900dcef" + + # Optional overrides + # gitea_username: "egullickson" + # act_runner_version: "0.2.13" + # upgrade_packages: false diff --git a/scripts/ci/ansible/inventory.yml.example b/scripts/ci/ansible/inventory.yml.example new file mode 100644 index 0000000..cf6be7a --- /dev/null +++ b/scripts/ci/ansible/inventory.yml.example @@ -0,0 +1,48 @@ +--- +# MotoVaultPro Ansible Inventory Example +# Copy this file to inventory.yml and fill in your values +# +# Usage: +# cp inventory.yml.example inventory.yml +# # Edit inventory.yml with your server IPs and tokens +# ansible-playbook -i inventory.yml deploy-staging-runner.yml --ask-become-pass + +all: + children: + staging: + hosts: + staging.motovaultpro.com: + ansible_host: "YOUR_STAGING_SERVER_IP" + ansible_user: "root" # or your SSH user + ansible_ssh_private_key_file: "~/.ssh/id_rsa" + + # Required: Get from Gitea -> Settings -> Actions -> Runners + gitea_runner_token: "YOUR_RUNNER_REGISTRATION_TOKEN" + + # Required: Get from Gitea -> Settings -> Applications + # Needs read:packages and write:packages scopes + gitea_registry_token: "YOUR_REGISTRY_ACCESS_TOKEN" + + # Optional overrides + # gitea_username: "egullickson" + # act_runner_version: "0.2.13" + # upgrade_packages: false + + production: + hosts: + motovaultpro.com: + ansible_host: "YOUR_PRODUCTION_SERVER_IP" + ansible_user: "root" # or your SSH user + ansible_ssh_private_key_file: "~/.ssh/id_rsa" + + # Required: Get from Gitea -> Settings -> Actions -> Runners + gitea_runner_token: "YOUR_RUNNER_REGISTRATION_TOKEN" + + # Required: Get from Gitea -> Settings -> Applications + # Needs read:packages and write:packages scopes + gitea_registry_token: "YOUR_REGISTRY_ACCESS_TOKEN" + + # Optional overrides + # gitea_username: "egullickson" + # act_runner_version: "0.2.13" + # upgrade_packages: false