Reduce secret syncing to just .env
All checks were successful
Deploy with Docker Compose / deploy (push) Successful in 7s
All checks were successful
Deploy with Docker Compose / deploy (push) Successful in 7s
Strip hardcoded secrets from gitea/config/app.ini (already injected via GITEA__ env vars) and commit it to git. Add download.sh to fetch the act_runner binary on demand instead of syncing it. Everything else (searxng settings, certbot certs, runner registration, Spotify tokens) is generated at runtime. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
24
gitea-runner/download.sh
Executable file
24
gitea-runner/download.sh
Executable file
@@ -0,0 +1,24 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
VERSION="0.2.11"
|
||||
BASE_URL="https://gitea.com/gitea/act_runner/releases/download/v${VERSION}"
|
||||
|
||||
ARCH=$(uname -m)
|
||||
case "$ARCH" in
|
||||
x86_64) ASSET="act_runner-${VERSION}-linux-amd64" ;;
|
||||
aarch64) ASSET="act_runner-${VERSION}-linux-arm64" ;;
|
||||
armv7l) ASSET="act_runner-${VERSION}-linux-armv7" ;;
|
||||
*)
|
||||
echo "Unsupported architecture: $ARCH" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
|
||||
DEST="${SCRIPT_DIR}/act_runner"
|
||||
|
||||
echo "Downloading act_runner v${VERSION} for ${ARCH}..."
|
||||
curl -fSL "${BASE_URL}/${ASSET}" -o "$DEST"
|
||||
chmod +x "$DEST"
|
||||
echo "Downloaded to $DEST"
|
||||
Reference in New Issue
Block a user