Sam & Claude
3d21e5fa36
.forgejo/workflows/build.yml: - Forgejo Actions pipeline: push to main + weekly cron + manual dispatch - Two-stage: fetch-only (no root) → assemble ISO (root via sudo) - Publishes ISO to CMS nginx downloads; Codeberg release entry (metadata only) - Uploads packages/ as workflow artifact for pkg-cache seeding packages/: - pkg-list-host.txt — host baseline (mirrors clawdie-ai infra/packages/) - pkg-list-jails.txt — union of all jail package lists - pkg-list-desktop-base.txt — Xorg + drm base for all DEs - pkg-list-xfce.txt / kde.txt / mate.txt / nvidia.txt — per-DE packages build.sh: - --fetch-only flag: downloads packages + memstick, no root, CI step 1 - Real pkg fetch loop: reads all pkg-list-*.txt, deduplicates, runs pkg fetch - pkg repo step: generates offline repo metadata after fetch - Resolves "latest" Clawdie version via Codeberg API firstboot/firstboot.sh: - Seeds zroot/pkg-cache from USB packages/ after desktop install - npm run install-all runs fully offline — no internet needed for jails - Creates ZFS dataset if not present, falls back to plain directory runner/README.md: - forgejo-runner install + register on FreeBSD - Scoped sudoers entry (build.sh + publish.sh only) - rc.d service setup Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| README.md | ||
Forgejo Actions Runner — Self-Hosted FreeBSD Setup
The CI/CD pipeline (.forgejo/workflows/build.yml) requires a self-hosted
FreeBSD runner registered on Codeberg. The runner runs on the Clawdie
controlplane host — the same machine that hosts the Bastille jails.
Install
pkg install forgejo-runner
If not in ports yet, download the binary directly:
fetch https://codeberg.org/forgejo/runner/releases/download/v3.5.0/forgejo-runner-3.5.0-freebsd-amd64
install -m 0755 forgejo-runner-3.5.0-freebsd-amd64 /usr/local/bin/forgejo-runner
Register
- Go to
https://codeberg.org/Clawdie/Clawdie-ISO→ Settings → Actions → Runners - Click "Create Runner" → copy the registration token
- Run:
forgejo-runner register \
--url https://codeberg.org \
--token <REGISTRATION_TOKEN> \
--name clawdie-build \
--labels freebsd \
--no-interactive
Runner user and sudo
The runner needs sudo access for the ISO assembly steps (mdconfig, mount). Create a dedicated user and a scoped sudoers entry:
# Create runner user
pw useradd forgejo-runner -m -s /bin/sh -G clawdie
# Add sudoers entry (only allows the two build scripts, nothing else)
cat >> /usr/local/etc/sudoers.d/forgejo-runner <<EOF
forgejo-runner ALL=(root) NOPASSWD: /home/clawdie/clawdie-iso/build.sh
forgejo-runner ALL=(root) NOPASSWD: /home/clawdie/clawdie-iso/scripts/publish.sh
EOF
chmod 440 /usr/local/etc/sudoers.d/forgejo-runner
Enable as rc.d service
sysrc forgejo_runner_enable=YES
sysrc forgejo_runner_dir="/home/forgejo-runner"
service forgejo-runner start
rc.d service file
If not included in the pkg, create /usr/local/etc/rc.d/forgejo-runner:
#!/bin/sh
# PROVIDE: forgejo_runner
# REQUIRE: NETWORKING
# KEYWORD: shutdown
. /etc/rc.subr
name="forgejo_runner"
rcvar="${name}_enable"
: "${forgejo_runner_dir:=/home/forgejo-runner}"
: "${forgejo_runner_user:=forgejo-runner}"
command="/usr/local/bin/forgejo-runner"
command_args="daemon --config ${forgejo_runner_dir}/.runner"
procname="forgejo-runner"
start_precmd="forgejo_runner_precmd"
forgejo_runner_precmd() {
cd "${forgejo_runner_dir}" || exit 1
}
load_rc_config "$name"
run_rc_command "$1"
Verify
service forgejo-runner status
# Runner should appear as "online" in Codeberg → Settings → Actions → Runners
Notes
- The runner caches
packages/andcache/between runs for speed - The
--fetch-onlystep runs without root; only assembly needs sudo - Weekly scheduled builds re-fetch packages to pick up upstream updates
- Build artifacts (ISO) are NOT uploaded to Codeberg (too large) — published
directly to the CMS jail nginx downloads endpoint by
scripts/publish.sh