feat(cicd): persist gitea act-runner cache + isolate on dedicated docker network

Pins the actcache server to a fixed port (43707) and exposes it, then mounts /mnt/arcodange/gitea-runner-cache and /mnt/arcodange/gitea-runner-act into the runner so the actions/cache and act image layer cache survive container restarts. Moves the runner onto a dedicated `gitea_action_network` so CI job containers can reach the cache server by name without sharing the host network. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 12:55:34 +02:00
parent e3e0decd98
commit 499410a160
1 changed files with 11 additions and 2 deletions
--- a/ansible/arcodange/factory/playbooks/03_cicd.yml
+++ b/ansible/arcodange/factory/playbooks/03_cicd.yml
@@ -33,14 +33,23 @@
                GITEA_RUNNER_REGISTRATION_TOKEN: "{{ gitea_runner_token_cmd.stdout }}"
                GITEA_RUNNER_NAME: arcodange_global_runner_{{ inventory_hostname }}
                GITEA_RUNNER_LABELS: ubuntu-latest:docker://gitea.arcodange.lab/arcodange-org/runner-images:ubuntu-latest-ca,ubuntu-latest-ca:docker://gitea.arcodange.lab/arcodange-org/runner-images:ubuntu-latest-ca
+              ports:
+                - "43707:43707"
+              networks:
+                - gitea_action_network
              volumes:
                - /var/run/docker.sock:/var/run/docker.sock
                - /etc/timezone:/etc/timezone:ro
                - /etc/localtime:/etc/localtime:ro
                - /etc/ssl/certs:/etc/ssl/certs:ro
                - /usr/local/share/ca-certificates/:/usr/local/share/ca-certificates/:ro
+                - /mnt/arcodange/gitea-runner-cache:/home/git/.cache/actcache
+                - /mnt/arcodange/gitea-runner-act:/root/.cache/act
              configs:
                - config.yaml
+          networks:
+            gitea_action_network:
+              name: gitea_action_network
          configs:
            config.yaml:
              content: |
@@ -87,14 +96,14 @@
                  enabled: true
                  # The directory to store the cache data.
                  # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
-                  dir: ""
+                  dir: "/home/git/.cache/actcache"
                  # The host of the cache server.
                  # It's not for the address to listen, but the address to connect from job containers.
                  # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
                  host: "{{ ansible_default_ipv4.address }}"
                  # The port of the cache server.
                  # 0 means to use a random available port.
-                  port: 0
+                  port: 43707
                  # The external cache server URL. Valid only when enable is true.
                  # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
                  # The URL should generally end with "/".