From 499410a160da58e18ec1925e11df552406e11864 Mon Sep 17 00:00:00 2001
From: Gabriel Radureau <arcodange@gmail.com>
Date: Wed, 6 May 2026 12:55:34 +0200
Subject: [PATCH] feat(cicd): persist gitea act-runner cache + isolate on
 dedicated docker network

Pins the actcache server to a fixed port (43707) and exposes it, then
mounts /mnt/arcodange/gitea-runner-cache and /mnt/arcodange/gitea-runner-act
into the runner so the actions/cache and act image layer cache survive
container restarts. Moves the runner onto a dedicated `gitea_action_network`
so CI job containers can reach the cache server by name without sharing the
host network.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 ansible/arcodange/factory/playbooks/03_cicd.yml | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/ansible/arcodange/factory/playbooks/03_cicd.yml b/ansible/arcodange/factory/playbooks/03_cicd.yml
index b765ac1..bca4a34 100644
--- a/ansible/arcodange/factory/playbooks/03_cicd.yml
+++ b/ansible/arcodange/factory/playbooks/03_cicd.yml
@@ -33,14 +33,23 @@
                 GITEA_RUNNER_REGISTRATION_TOKEN: "{{ gitea_runner_token_cmd.stdout }}"
                 GITEA_RUNNER_NAME: arcodange_global_runner_{{ inventory_hostname }}
                 GITEA_RUNNER_LABELS: ubuntu-latest:docker://gitea.arcodange.lab/arcodange-org/runner-images:ubuntu-latest-ca,ubuntu-latest-ca:docker://gitea.arcodange.lab/arcodange-org/runner-images:ubuntu-latest-ca
+              ports:
+                - "43707:43707"
+              networks:
+                - gitea_action_network
               volumes:
                 - /var/run/docker.sock:/var/run/docker.sock
                 - /etc/timezone:/etc/timezone:ro
                 - /etc/localtime:/etc/localtime:ro
                 - /etc/ssl/certs:/etc/ssl/certs:ro
                 - /usr/local/share/ca-certificates/:/usr/local/share/ca-certificates/:ro
+                - /mnt/arcodange/gitea-runner-cache:/home/git/.cache/actcache
+                - /mnt/arcodange/gitea-runner-act:/root/.cache/act
               configs:
                 - config.yaml
+          networks:
+            gitea_action_network:
+              name: gitea_action_network
           configs:
             config.yaml:
               content: |
@@ -87,14 +96,14 @@
                   enabled: true
                   # The directory to store the cache data.
                   # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
-                  dir: ""
+                  dir: "/home/git/.cache/actcache"
                   # The host of the cache server.
                   # It's not for the address to listen, but the address to connect from job containers.
                   # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
                   host: "{{ ansible_default_ipv4.address }}"
                   # The port of the cache server.
                   # 0 means to use a random available port.
-                  port: 0
+                  port: 43707
                   # The external cache server URL. Valid only when enable is true.
                   # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
                   # The URL should generally end with "/".