Update ghcr.io/richardr1126/openreader Docker tag to v2.2.0

.gitea/workflows/ci.yml

@@ -29,3 +29,26 @@ jobs:
           terraform init -backend=false
           terraform validate
         working-directory: 2-nomad-config
+
+  nomad-validate:
+    name: Nomad job spec validate
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Nomad CLI
+        run: |
+          curl -fsSL https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp.gpg
+          . /etc/os-release
+          echo "deb [signed-by=/usr/share/keyrings/hashicorp.gpg] https://apt.releases.hashicorp.com ${VERSION_CODENAME} main" | tee /etc/apt/sources.list.d/hashicorp.list
+          apt-get update && apt-get install -y nomad
+
+      - name: Validate all job specs
+        env:
+          NOMAD_ADDR: http://jaglan-beta-m20.lan:4646
+        run: |
+          find 2-nomad-config -name '*.nomad.hcl' | while read f; do
+            echo "==> $f"
+            nomad job validate "$f"
+          done

2-nomad-config/act-runner.nomad.hcl

@@ -28,7 +28,7 @@ job "act-runner" {
       }
 
       env = {
-        GITEA_INSTANCE_URL = "http://localhost:3000"
+        GITEA_INSTANCE_URL = "https://gitea-1ef0bea6b75a4fd3e9393a9f7f7e4b02.othrayte.one"
         CONFIG_FILE        = "/secrets/runner-config.yml"
       }
 

2-nomad-config/gitea.nomad.hcl

@@ -27,6 +27,8 @@ job "gitea" {
       tags = [
         "traefik.enable=true",
         "traefik.http.routers.gitea.middlewares=auth@file",
+        # Token subdomain — no auth middleware — used by act_runner step containers for git checkout
+        "traefik.http.routers.gitea-token.rule=Host(`gitea-1ef0bea6b75a4fd3e9393a9f7f7e4b02.othrayte.one`)",
       ]
 
       check {

2-nomad-config/openreader.nomad.hcl

@@ -59,7 +59,7 @@ job "openreader" {
       driver = "docker"
 
       config {
-        image = "ghcr.io/richardr1126/openreader:v2.1.2"
+        image = "ghcr.io/richardr1126/openreader:v2.2.0"
         ports = ["http"]
       }
 

cicd-plan.md

@@ -293,9 +293,9 @@ exit 1
 
 ## Implementation Order
 
-- [ ] **Phase 1a**: Create `act-runner.nomad.hcl` + Terraform wrapper, register runner token in Gitea, get a hello-world workflow green
-- [ ] **Phase 1b**: Add `terraform fmt` + `terraform validate -backend=false` workflow — no secrets needed
-- [ ] **Phase 1c**: Add Nomad validate step — add `NOMAD_ADDR` + read-only `NOMAD_TOKEN` to Gitea secrets
+- [x] **Phase 1a**: Create `act-runner.nomad.hcl` + Terraform wrapper, register runner token in Gitea, get a hello-world workflow green
+- [x] **Phase 1b**: Add `terraform fmt` + `terraform validate -backend=false` workflow — no secrets needed
+- [x] **Phase 1c**: Add Nomad validate step — add `NOMAD_ADDR` + read-only `NOMAD_TOKEN` to Gitea secrets
 - [ ] **Phase 2**: Add image pull validation step to the workflow
 - [ ] **Phase 3a**: Add `update` stanzas to ntfy and glance (simplest, no volume conflict)
 - [ ] **Phase 3b**: Add rolling `update` stanzas to remaining service jobs (jellyfin, sonarr, etc.)