delete custom config file for the entrypoint logic

block out files for using socket proxy instead of dind
init runner compose, add secret version to env file
2025-11-14 14:52:50 -05:00 · 2025-11-05 13:44:39 -05:00 · 2025-09-26 02:47:27 -04:00
4 changed files with 103 additions and 0 deletions
--- a/.env.sample
+++ b/.env.sample
@ -18,9 +18,11 @@ LETS_ENCRYPT_ENV=production
 GITLAB_ROOT_EMAIL="gitlab_admin@example.com"
 SECRET_INITIAL_ROOT_PASSWORD_VERSION=v1
 SECRET_RUNNER_TOKEN_VERSION=v1
+SECRET_REGISTRATION_TOKEN_VERSION=v1

 SSO=false
 ## Authentik Configuration
+
 # SSO=true
 # ORG_NAME="My Organization"
 # SSO_PROVIDER_URL="https://authentik.mydomain.com/application/o/gitlab/"
--- a/abra.sh
+++ b/abra.sh
@ -1,6 +1,8 @@
 #!/bin/bash
 GITLAB_CONF_VERSION=v1
 ENTRYPOINT_VERSION=v1
+RUNNER_ENTRYPOINT_VERSION=v1
+RUNNER_CONF_VERSION=v1

 run_rails_command() {
    su -p root -s /bin/sh -c "gitlab-rails runner '$@'"
@ -29,3 +31,9 @@ enable_signups () {
    run_rails_command 'Gitlab::CurrentSettings.update!(signup_enabled: true)'
    reconfigure
 }
+
+register_runner() {
+    RUNNER_TOKEN="$1"
+
+    gitlab-runner register --non-interactive --url "https://$CI_SERVER_URL" --token "$RUNNER_TOKEN" --executor "docker"
+}
--- a/compose.runner.yml
+++ b/compose.runner.yml
@ -0,0 +1,83 @@
+---
+version: "3.8"
+
+services:
+  runner:
+    image: registry.gitlab.com/gitlab-org/gitlab-runner:alpine
+    depends_on:
+      - dind
+    environment:
+      - CI_SERVER_URL=${DOMAIN}
+      - DOCKER_HOST=tcp://socket-proxy:2375
+      - RUNNER_TIMEOUT
+      - RUNNER_CONCURENCY
+    configs:
+      - source: runner_conf
+        target: /etc/gitlab-runner/config.toml
+      - source: entrypoint
+        target: /custom-entrypoint.sh
+        mode: 0555
+    volumes:
+      - "runnner_config:/etc/gitlab-runner"
+    networks:
+      - internal
+    deploy:
+      restart_policy:
+        condition: on-failure
+    entrypoint: /custom-entrypoint.sh
+
+  socket-proxy:
+    image: lscr.io/linuxserver/socket-proxy:3.2.6
+    environment:
+      - PROXY_READ_TIMEOUT=5000
+      - ALLOW_START=1
+      - ALLOW_STOP=1
+      - ALLOW_RESTARTS=1
+      - AUTH=1
+      - BUILD=1
+      - COMMIT=1
+      - CONFIGS=1
+      - CONTAINERS=1
+      - DISABLE_IPV6=0
+      - DISTRIBUTION=0
+      - EVENTS=1
+      - EXEC=1
+      - IMAGES=1
+      - INFO=1
+      - NETWORKS=1
+      - NODES=1
+      - PING=1
+      - POST=1
+      - PLUGINS=1
+      - SECRETS=1
+      - SERVICES=1
+      - SESSION=1
+      - SWARM=1
+      - SYSTEM=1
+      - TASKS=1
+      - VERSION=1
+      - VOLUMES=1
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    networks:
+      - internal
+    ports:
+      - "2375:2375"
+
+volumes:
+  runnner_config:
+
+secrets:
+  registration_token:
+    name: ${STACK_NAME}_registration_token_${SECRET_REGISTRATION_TOKEN_VERSION}
+    external: true
+
+configs:
+  runner_conf:
+    name: ${STACK_NAME}_runner_config_${RUNNER_CONF_VERSION}
+    file: runner-config.toml.tmpl
+    template_driver: golang
+  entrypoint:
+    name: ${STACK_NAME}_runner_entrypoint_${RUNNER_ENTRYPOINT_VERSION}
+    file: runner-entrypoint.sh.tmpl
+    template_driver: golang
--- a/runner-entrypoint.sh.tmpl
+++ b/runner-entrypoint.sh.tmpl
@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+
+while [ ! -s /etc/gitlab-runner/config.toml ]
+do
+  echo "The runner was not registered yet. Next try in 5 seconds."
+  sleep 5
+done
+
Author	SHA1	Message	Date
Brooke	d190828088	delete custom config file for the entrypoint logic	2025-11-14 14:52:50 -05:00
Brooke	0d4fccf5f8	block out files for using socket proxy instead of dind	2025-11-05 13:44:39 -05:00
brooke	4dfd52e234	init runner compose, add secret version to env file	2025-09-26 02:47:27 -04:00