From ec2f23757bb388a72afc20413fe0b8d51f6df70a Mon Sep 17 00:00:00 2001 From: Harivansh Rathi Date: Sat, 18 Apr 2026 22:19:25 -0400 Subject: [PATCH] ci: run quality on forgejo native runner, fix runner user - switch all jobs to runs-on: native so the netty forgejo runner picks them up - deploy-netty now runs locally on netty via `just switch-netty` (no SSH) - fix tmpfiles owner: gitea-actions-runner creates user `gitea-runner`, not `forgejo-runner` Made-with: Cursor --- .github/workflows/quality.yml | 34 +++++----------------------------- hosts/netty/forgejo-runner.nix | 16 ++++++++-------- 2 files changed, 13 insertions(+), 37 deletions(-) diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml index 706e799..ddd3042 100644 --- a/.github/workflows/quality.yml +++ b/.github/workflows/quality.yml @@ -11,7 +11,7 @@ permissions: jobs: changes: - runs-on: [self-hosted, netty] + runs-on: native outputs: quality: ${{ steps.filter.outputs.quality }} steps: @@ -32,7 +32,7 @@ jobs: flake-check: name: Flake Check - runs-on: [self-hosted, netty] + runs-on: native needs: changes if: ${{ needs.changes.outputs.quality == 'true' }} steps: @@ -46,7 +46,7 @@ jobs: nix-format: name: Nix Format Check - runs-on: [self-hosted, netty] + runs-on: native needs: changes if: ${{ needs.changes.outputs.quality == 'true' }} steps: @@ -60,39 +60,15 @@ jobs: deploy-netty: name: Deploy netty - runs-on: ubuntu-latest + runs-on: native needs: [changes, flake-check, nix-format] if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && needs.changes.outputs.quality == 'true' }} concurrency: group: deploy-netty steps: - uses: actions/checkout@v4 - - uses: DeterminateSystems/nix-installer-action@main - - uses: DeterminateSystems/magic-nix-cache-action@main - - name: Configure SSH - shell: bash - env: - NETTY_SSH_PRIVATE_KEY: ${{ secrets.NETTY_SSH_PRIVATE_KEY }} - NETTY_SSH_KNOWN_HOSTS: ${{ secrets.NETTY_SSH_KNOWN_HOSTS }} - run: | - set -euo pipefail - test -n "$NETTY_SSH_PRIVATE_KEY" - test -n "$NETTY_SSH_KNOWN_HOSTS" - install -d -m 700 "$HOME/.ssh" - printf '%s\n' "$NETTY_SSH_PRIVATE_KEY" > "$HOME/.ssh/netty" - chmod 600 "$HOME/.ssh/netty" - printf '%s\n' "$NETTY_SSH_KNOWN_HOSTS" > "$HOME/.ssh/known_hosts" - chmod 600 "$HOME/.ssh/known_hosts" - cat > "$HOME/.ssh/config" <<'EOF' - Host netty - HostName 152.53.195.59 - User root - IdentityFile ~/.ssh/netty - IdentitiesOnly yes - EOF - chmod 600 "$HOME/.ssh/config" - name: Deploy netty shell: bash run: | set -euo pipefail - nix shell nixpkgs#just --command just switch-netty + just switch-netty diff --git a/hosts/netty/forgejo-runner.nix b/hosts/netty/forgejo-runner.nix index 1dc6f68..61298aa 100644 --- a/hosts/netty/forgejo-runner.nix +++ b/hosts/netty/forgejo-runner.nix @@ -9,14 +9,14 @@ let in { systemd.tmpfiles.rules = [ - "d ${cacheRoot} 0750 forgejo-runner forgejo-runner -" - "d ${cacheRoot}/cargo 0750 forgejo-runner forgejo-runner -" - "d ${cacheRoot}/npm 0750 forgejo-runner forgejo-runner -" - "d ${cacheRoot}/pip 0750 forgejo-runner forgejo-runner -" - "d ${cacheRoot}/pre-commit 0750 forgejo-runner forgejo-runner -" - "d ${cacheRoot}/rustup 0750 forgejo-runner forgejo-runner -" - "d ${cacheRoot}/uv 0750 forgejo-runner forgejo-runner -" - "d ${cacheRoot}/actcache 0750 forgejo-runner forgejo-runner -" + "d ${cacheRoot} 0750 gitea-runner gitea-runner -" + "d ${cacheRoot}/cargo 0750 gitea-runner gitea-runner -" + "d ${cacheRoot}/npm 0750 gitea-runner gitea-runner -" + "d ${cacheRoot}/pip 0750 gitea-runner gitea-runner -" + "d ${cacheRoot}/pre-commit 0750 gitea-runner gitea-runner -" + "d ${cacheRoot}/rustup 0750 gitea-runner gitea-runner -" + "d ${cacheRoot}/uv 0750 gitea-runner gitea-runner -" + "d ${cacheRoot}/actcache 0750 gitea-runner gitea-runner -" ]; services.gitea-actions-runner = {