Add Gitea act-runner and test actions for the repo

.gitea/workflows/ci.yml

@@ -29,26 +29,3 @@ jobs:
           terraform init -backend=false
           terraform validate
         working-directory: 2-nomad-config
-
-  nomad-validate:
-    name: Nomad job spec validate
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Install Nomad CLI
-        run: |
-          curl -fsSL https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp.gpg
-          . /etc/os-release
-          echo "deb [signed-by=/usr/share/keyrings/hashicorp.gpg] https://apt.releases.hashicorp.com ${VERSION_CODENAME} main" | tee /etc/apt/sources.list.d/hashicorp.list
-          apt-get update && apt-get install -y nomad
-
-      - name: Validate all job specs
-        env:
-          NOMAD_ADDR: http://jaglan-beta-m20.lan:4646
-        run: |
-          find 2-nomad-config -name '*.nomad.hcl' | while read f; do
-            echo "==> $f"
-            nomad job validate "$f"
-          done

2-nomad-config/1-data/csi-smb.nomad.hcl

@@ -6,7 +6,7 @@ job "csi-smb" {
       driver = "docker"
 
       config {
-        image = "mcr.microsoft.com/k8s/csi/smb-csi:v1.17.0"
+        image = "mcr.microsoft.com/k8s/csi/smb-csi:v1.7.0"
         args = [
           "--v=5",
           "--nodeid=${attr.unique.hostname}",

2-nomad-config/act-runner.nomad.hcl

@@ -28,7 +28,7 @@ job "act-runner" {
       }
 
       env = {
-        GITEA_INSTANCE_URL = "https://gitea-1ef0bea6b75a4fd3e9393a9f7f7e4b02.othrayte.one"
+        GITEA_INSTANCE_URL = "http://localhost:3000"
         CONFIG_FILE        = "/secrets/runner-config.yml"
       }
 

2-nomad-config/gitea.nomad.hcl

@@ -27,8 +27,6 @@ job "gitea" {
       tags = [
         "traefik.enable=true",
         "traefik.http.routers.gitea.middlewares=auth@file",
-        # Token subdomain — no auth middleware — used by act_runner step containers for git checkout
-        "traefik.http.routers.gitea-token.rule=Host(`gitea-1ef0bea6b75a4fd3e9393a9f7f7e4b02.othrayte.one`)",
       ]
 
       check {

cicd-plan.md

@@ -293,9 +293,9 @@ exit 1
 
 ## Implementation Order
 
-- [x] **Phase 1a**: Create `act-runner.nomad.hcl` + Terraform wrapper, register runner token in Gitea, get a hello-world workflow green
+- [ ] **Phase 1a**: Create `act-runner.nomad.hcl` + Terraform wrapper, register runner token in Gitea, get a hello-world workflow green
-- [x] **Phase 1b**: Add `terraform fmt` + `terraform validate -backend=false` workflow — no secrets needed
+- [ ] **Phase 1b**: Add `terraform fmt` + `terraform validate -backend=false` workflow — no secrets needed
-- [x] **Phase 1c**: Add Nomad validate step — add `NOMAD_ADDR` + read-only `NOMAD_TOKEN` to Gitea secrets
+- [ ] **Phase 1c**: Add Nomad validate step — add `NOMAD_ADDR` + read-only `NOMAD_TOKEN` to Gitea secrets
 - [ ] **Phase 2**: Add image pull validation step to the workflow
 - [ ] **Phase 3a**: Add `update` stanzas to ntfy and glance (simplest, no volume conflict)
 - [ ] **Phase 3b**: Add rolling `update` stanzas to remaining service jobs (jellyfin, sonarr, etc.)