mike/hello-agent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 7 Wiki Activity
Files
6807fe2bc0170118957236cbc1cca61aba1d784a
hello-agent/ci/runners/linux/provision-builder.sh
T

265 lines
10 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Provisions an Ubuntu 22.04 LTS or Debian 13 (Trixie) host as a Gitea Actions
# runner for RustDesk desktop (.deb) builds. Idempotent: safe to re-run.
#
# Versions are pinned to .gitea/workflows/build-linux.yml. Bump them there and
# here together.
#
# Build host vs. user host: the resulting .deb links against the host's glibc.
# Build on the OLDEST distro your users have, otherwise the .deb won't install
# on older systems.
# - Ubuntu 22.04 build -> runs on Ubuntu 22.04+, Debian 12+, derivatives
# - Debian 13 build -> runs on Debian 13+, Ubuntu 24.04+ only
#
# Usage:
# sudo ./provision.sh \
# --gitea-url https://gitea.example.com \
# --runner-token <token>
#
# All toolchains land in /opt and are readable by the gitea-runner user.
# Service is installed as a systemd unit running as that user.
set -euo pipefail
# ---- pinned versions (mirror .gitea/workflows/build-linux.yml env block) ----
RUST_VERSION="1.75.0"
FLUTTER_VERSION="3.24.5" # used for `flutter build linux`
FLUTTER_BRIDGE_VERSION="3.22.3" # used for `flutter pub get` + flutter_rust_bridge_codegen
LLVM_VERSION="15.0.6"
VCPKG_COMMIT="120deac3062162151622ca4860575a33844ba10b"
RUNNER_VERSION="0.2.11"
# ---- defaults ----
RUNNER_NAME="$(hostname)-rustdesk"
RUNNER_LABELS="" # auto-derived from /etc/os-release if empty
SERVICE_USER="gitea-runner"
GITEA_URL=""
RUNNER_TOKEN=""
# ---- arg parse ----
while [[ $# -gt 0 ]]; do
case "$1" in
--gitea-url) GITEA_URL="$2"; shift 2 ;;
--runner-token) RUNNER_TOKEN="$2"; shift 2 ;;
--runner-name) RUNNER_NAME="$2"; shift 2 ;;
--runner-labels) RUNNER_LABELS="$2"; shift 2 ;;
--service-user) SERVICE_USER="$2"; shift 2 ;;
-h|--help)
sed -n '2,18p' "$0"
exit 0 ;;
*) echo "Unknown arg: $1" >&2; exit 2 ;;
esac
done
[[ "$EUID" -eq 0 ]] || { echo "Run as root (use sudo)." >&2; exit 1; }
[[ -n "$GITEA_URL" && -n "$RUNNER_TOKEN" ]] \
|| { echo "Missing --gitea-url or --runner-token" >&2; exit 2; }
. /etc/os-release
case "${ID}-${VERSION_ID:-}" in
ubuntu-22.04) DISTRO_LABEL="ubuntu-22.04" ;;
debian-13|debian-trixie) DISTRO_LABEL="debian-13" ;;
*)
echo "WARNING: tested only on Ubuntu 22.04 and Debian 13. You're on $PRETTY_NAME."
echo "Package names may differ; build outputs may not run on user systems."
DISTRO_LABEL="${ID}-${VERSION_ID:-unknown}"
sleep 3 ;;
esac
# If --runner-labels wasn't passed, derive a sensible default that includes the
# detected distro so workflows can target a specific build host when needed.
if [[ -z "$RUNNER_LABELS" ]]; then
RUNNER_LABELS="${DISTRO_LABEL},self-hosted,X64,Linux"
fi
log() { printf '\n==> %s\n' "$*"; }
# ---- 1. apt packages ----
log "Installing apt packages"
export DEBIAN_FRONTEND=noninteractive
apt-get update -qq
apt-get install -y --no-install-recommends \
build-essential clang gcc g++ cmake ninja-build pkg-config nasm yasm \
autoconf automake libtool libtool-bin \
libclang-dev llvm-dev \
libgtk-3-dev libayatana-appindicator3-dev \
libasound2-dev libpulse-dev libpam0g-dev libssl-dev \
libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev \
libva-dev libxdo-dev libxfixes-dev \
libxcb-randr0-dev libxcb-shape0-dev libxcb-xfixes0-dev \
git curl wget zip unzip tar xz-utils ca-certificates \
python3 python3-pip \
rpm tree dpkg-dev sudo
# Node.js (act_runner spawns node for JS actions like actions/checkout)
if ! command -v node >/dev/null; then
log "Installing Node.js LTS"
curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
apt-get install -y --no-install-recommends nodejs
fi
# ---- 2. LLVM (binary tarball; libclang-15-dev was dropped from Debian 13) ----
LLVM_DIR="/opt/llvm-${LLVM_VERSION}"
if [[ ! -x "$LLVM_DIR/bin/clang" ]]; then
log "Installing LLVM $LLVM_VERSION (binary tarball)"
arch="$(uname -m)"
case "$arch" in
x86_64) llvm_arch="x86_64-linux-gnu-ubuntu-18.04" ;;
aarch64) llvm_arch="aarch64-linux-gnu" ;;
*) echo "Unsupported arch for LLVM tarball: $arch" >&2; exit 1 ;;
esac
tmp="$(mktemp -d)"
curl -fsSL -o "$tmp/llvm.tar.xz" \
"https://github.com/llvm/llvm-project/releases/download/llvmorg-${LLVM_VERSION}/clang+llvm-${LLVM_VERSION}-${llvm_arch}.tar.xz"
mkdir -p "$LLVM_DIR"
tar --strip-components=1 -xJf "$tmp/llvm.tar.xz" -C "$LLVM_DIR"
rm -rf "$tmp"
fi
# ---- 3. dedicated runner user ----
if ! id -u "$SERVICE_USER" >/dev/null 2>&1; then
log "Creating user $SERVICE_USER"
useradd --system --create-home --shell /bin/bash "$SERVICE_USER"
fi
RUNNER_HOME="$(getent passwd "$SERVICE_USER" | cut -d: -f6)"
# ---- 4. Rust (machine-wide) ----
export RUSTUP_HOME=/opt/rustup
export CARGO_HOME=/opt/cargo
mkdir -p "$RUSTUP_HOME" "$CARGO_HOME"
if [[ ! -x "$CARGO_HOME/bin/rustup" ]]; then
log "Installing rustup at $RUSTUP_HOME / $CARGO_HOME"
curl -fsSL https://sh.rustup.rs | RUSTUP_HOME="$RUSTUP_HOME" CARGO_HOME="$CARGO_HOME" \
sh -s -- -y --default-toolchain none --profile minimal --no-modify-path
fi
"$CARGO_HOME/bin/rustup" toolchain install "$RUST_VERSION" --profile minimal --component rustfmt
"$CARGO_HOME/bin/rustup" target add --toolchain "$RUST_VERSION" x86_64-unknown-linux-gnu
"$CARGO_HOME/bin/rustup" default "$RUST_VERSION"
# ---- 5. Flutter (two SDKs: 3.24.5 for build, 3.22.3 for bridge gen) ----
# Why two: the bridge codegen (flutter_rust_bridge_codegen 1.80.1 + freezed)
# produces broken Dart output when run under newer Flutter SDKs on Linux.
# Upstream's bridge.yml uses 3.22.3 specifically; we mirror that. The .deb
# build itself uses 3.24.5.
install_flutter() {
local ver="$1" dir="$2"
if [[ ! -x "$dir/bin/flutter" ]]; then
log "Installing Flutter $ver -> $dir"
local tmp; tmp="$(mktemp -d)"
local parent; parent="$(dirname "$dir")"
curl -fsSL -o "$tmp/flutter.tar.xz" \
"https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_${ver}-stable.tar.xz"
# Tarball extracts into a top-level `flutter/` dir; rename to target.
tar -xJf "$tmp/flutter.tar.xz" -C "$tmp"
mkdir -p "$parent"
mv "$tmp/flutter" "$dir"
rm -rf "$tmp"
fi
"$dir/bin/flutter" config --no-analytics >/dev/null
"$dir/bin/flutter" precache --linux >/dev/null
}
install_flutter "$FLUTTER_VERSION" /opt/flutter
install_flutter "$FLUTTER_BRIDGE_VERSION" /opt/flutter-bridge
FLUTTER_DIR=/opt/flutter
# ---- 6. vcpkg ----
VCPKG_DIR=/opt/vcpkg
if [[ ! -d "$VCPKG_DIR/.git" ]]; then
log "Cloning vcpkg"
git clone https://github.com/microsoft/vcpkg.git "$VCPKG_DIR"
fi
git -C "$VCPKG_DIR" fetch --tags origin
git -C "$VCPKG_DIR" -c advice.detachedHead=false checkout "$VCPKG_COMMIT"
[[ -x "$VCPKG_DIR/vcpkg" ]] || "$VCPKG_DIR/bootstrap-vcpkg.sh" -disableMetrics
# vcpkg binary cache (file-backed -- same scheme as build-windows.yml)
mkdir -p /var/cache/vcpkg
chown -R "$SERVICE_USER:$SERVICE_USER" /var/cache/vcpkg
# ---- 7. Permissions ----
log "Setting up permissions for $SERVICE_USER"
chown -R "$SERVICE_USER:$SERVICE_USER" "$CARGO_HOME"
# rustup state needs to be writable too -- toolchain installs touch it.
chown -R "$SERVICE_USER:$SERVICE_USER" "$RUSTUP_HOME"
# Flutter SDK: r/x is enough for builds, but `flutter pub get` writes to its
# own cache subdir so we make it writable as well.
chown -R "$SERVICE_USER:$SERVICE_USER" "$FLUTTER_DIR"
chown -R "$SERVICE_USER:$SERVICE_USER" /opt/flutter-bridge
# vcpkg: builds write under installed/, buildtrees/, etc.
chown -R "$SERVICE_USER:$SERVICE_USER" "$VCPKG_DIR"
# LLVM: read+execute is enough; we never write here at build time.
chown -R "$SERVICE_USER:$SERVICE_USER" "$LLVM_DIR"
# /opt/cargo-tools: workflow installs cargo-expand and flutter_rust_bridge_codegen
# here via `cargo install --root`. Pre-create with the right owner so the first
# job doesn't try to mkdir under root-owned /opt.
mkdir -p /opt/cargo-tools
chown -R "$SERVICE_USER:$SERVICE_USER" /opt/cargo-tools
# git "dubious ownership": same fix as Windows. Trust system-wide.
git config --system --add safe.directory '*' || true
# ---- 8. act_runner ----
RUNNER_DIR=/var/lib/gitea-runner
mkdir -p "$RUNNER_DIR"
chown -R "$SERVICE_USER:$SERVICE_USER" "$RUNNER_DIR"
if [[ ! -x "$RUNNER_DIR/act_runner" ]]; then
log "Downloading act_runner $RUNNER_VERSION"
curl -fsSL -o "$RUNNER_DIR/act_runner" \
"https://gitea.com/gitea/act_runner/releases/download/v${RUNNER_VERSION}/act_runner-${RUNNER_VERSION}-linux-amd64"
chmod +x "$RUNNER_DIR/act_runner"
chown "$SERVICE_USER:$SERVICE_USER" "$RUNNER_DIR/act_runner"
fi
if [[ ! -f "$RUNNER_DIR/.runner" ]]; then
log "Registering runner with $GITEA_URL"
sudo -u "$SERVICE_USER" -H bash -c "
cd '$RUNNER_DIR' && \
./act_runner register --no-interactive \
--instance '$GITEA_URL' \
--token '$RUNNER_TOKEN' \
--name '$RUNNER_NAME' \
--labels '$RUNNER_LABELS'
"
fi
# ---- 9. systemd service ----
log "Installing systemd unit"
cat > /etc/systemd/system/gitea-act-runner.service <<EOF
[Unit]
Description=Gitea Actions runner (RustDesk)
After=network-online.target
Wants=network-online.target
[Service]
Type=simple
User=${SERVICE_USER}
WorkingDirectory=${RUNNER_DIR}
ExecStart=${RUNNER_DIR}/act_runner daemon
Restart=on-failure
RestartSec=5
# Toolchain locations -- needed because services don't inherit a login shell's PATH.
Environment=RUSTUP_HOME=${RUSTUP_HOME}
Environment=CARGO_HOME=${CARGO_HOME}
Environment=VCPKG_ROOT=${VCPKG_DIR}
Environment=LIBCLANG_PATH=${LLVM_DIR}/lib
Environment=PATH=${CARGO_HOME}/bin:${FLUTTER_DIR}/bin:${LLVM_DIR}/bin:${VCPKG_DIR}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
# Resource limits for builds
LimitNOFILE=65535
TasksMax=infinity
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable gitea-act-runner.service
systemctl restart gitea-act-runner.service
log "Done."
echo " Verify with: systemctl status gitea-act-runner"
echo " Tail logs with: journalctl -u gitea-act-runner -f"
echo " Runner should appear (online) at $GITEA_URL > Site Admin > Actions > Runners"
Reference in New Issue View Git Blame Copy Permalink