coulomb/railiance-forge
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
19ee47fe8268eed45e0ac1a387a2cfffca9a6358
railiance-forge/docs/gitea-actions-runner-evidence.md
tegwick 19ee47fe82
Some checks failed
Forge Runner Smoke / compatibility-smoke (push) Has been cancelled
Details
Implement Gitea Actions runner substrate
2026-06-08 00:31:06 +02:00

182 lines
6.4 KiB
Markdown
Raw Blame History

# Gitea Actions Runner Evidence
Last updated: 2026-06-07
Status: initial non-secret inventory for `FORGE-WP-0003`. Haskelseed now has a
running `act_runner` OpenRC service with labels matching the first compatibility
contract. Smoke proof is still pending.
## Workstream
- Workplan: `FORGE-WP-0003-actions-runner-substrate`
- State Hub workstream: `149a0316-64d1-4664-96d0-274577c32e63`
- Immediate consumer blocker: inter-hub `R7` waits on a runner matching
`self-hosted` and `haskelseed`.
## Local Probe Results
Collected from `/home/worsch/railiance-forge` on 2026-06-07.
| Probe | Result | Note |
| --- | --- | --- |
| `curl` | available at `/usr/bin/curl` | Used for public endpoint checks. |
| `ssh` | available at `/usr/bin/ssh` | Direct `haskelseed` alias timed out; ops-bridge path reaches `root@192.168.178.135`. |
| `docker` | available at `/usr/bin/docker` | Local presence only; runner host Docker still pending. |
| `skopeo` | not available | Registry tag inspection pending. |
| local `act_runner` | not available | Haskelseed has `/usr/local/bin/act_runner`; local workstation does not. |
| `kubectl`, `helm`, `sops` | not available in `make check-tools` | Separate operator-tool gap for deploy-capable targets. |
Public endpoint checks from this environment:
| Endpoint | Result | Interpretation |
| --- | --- | --- |
| `https://gitea.coulomb.social/` | HTTP `404` | Public root route is not a useful Gitea web health signal here. |
| `https://gitea.coulomb.social/api/v1/version` | HTTP `404` | Public API version route is not exposed through the current ingress path. |
| `https://gitea.coulomb.social/v2/` | HTTP `401` | OCI registry route responds with an auth challenge. |
| `https://gitea.coulomb.social/api/packages/coulomb/pypi/simple/` | HTTP `404` | Public package route reachable but package/simple root did not return an index. |
| `https://hub.coulomb.social/api/v2/hubs` | HTTP `404` | Confirms inter-hub production still lacks the expected API surface. |
Direct haskelseed alias probe:
```text
ssh -o BatchMode=yes -o ConnectTimeout=5 haskelseed hostname
```
Result:
```text
ssh: connect to host haskelseed port 22: Connection timed out
```
This does not prove the runner host is down; it proves this session does not
currently have the bare SSH alias path needed to inspect it.
Ops-bridge haskelseed path:
```bash
RUNNER_HOST=192.168.178.135 \
RUNNER_SSH_USER=root \
RUNNER_SSH_KEY=/home/worsch/.ssh/id_ops \
make runner-status
```
Observed on 2026-06-07:
| Field | Result |
| --- | --- |
| Hostname | `haskelseed.coulomb.social` |
| Kernel | `Linux 6.18.22-0-virt` on Alpine |
| `act_runner` | `/usr/local/bin/act_runner` |
| `act_runner --version` | `v0.6.1-1-g8e6b3be9` |
| `nix` | `/usr/local/bin/nix`, Determinate Nix `3.18.1`, Nix `2.33.4` |
| Init system | OpenRC (`/sbin/rc-service`) |
| `act_runner` OpenRC service | initially not present; installed and started on 2026-06-07 |
| `gitea-act-runner` OpenRC service | not present |
| live runner process | PID `5911` after activation |
| registration file | `/root/.runner`, mode `0644`, owner `root:root` |
| registration name | `haskelseed` |
| registration address | `http://92.205.130.254:32166` |
| registration labels before activation | `haskelseed:host`, `linux:host`, `x86_64:host` |
| registration labels after activation | `self-hosted:host`, `haskelseed:host`, `linux:host`, `linux_amd64:host`, `x86_64:host`, `container-build:host`, `registry-publish:host` |
| ephemeral | `false` |
| runner backup | `/root/.runner.bak-20260607225905` |
Activation evidence:
```text
rc-service act_runner restart
status: started
act_runner PID: 5911
runner declared successfully with labels:
self-hosted, haskelseed, linux, linux_amd64, x86_64, container-build, registry-publish
```
## Runner Inventory
Known from repo and State Hub:
- Before `FORGE-WP-0003`, this repo had runner ownership contracts but no
runner deployment files, status script, smoke workflow, or runner evidence
file.
- Inter-hub reported that commits intended to trigger deployment did not update
production and that its workflow targets `self-hosted` and `haskelseed`.
- A local registration file exists on haskelseed and `act_runner` is running as
an OpenRC service. Gitea runner admin access has not yet been used to confirm
the runner in the UI, but the daemon log reports successful declaration.
Pending attended checks:
```bash
make runner-status
RUNNER_HOST=192.168.178.135 \
RUNNER_SSH_USER=root \
RUNNER_SSH_KEY=/home/worsch/.ssh/id_ops \
make runner-status
ssh haskelseed 'hostname; command -v act_runner || true'
ssh haskelseed 'systemctl status act_runner --no-pager || systemctl status gitea-act-runner --no-pager || true'
ssh haskelseed 'journalctl -u act_runner -n 200 --no-pager || journalctl -u gitea-act-runner -n 200 --no-pager || true'
```
If Gitea runner admin access is available, verify the `coulomb` organization or
instance runner page for:
- runner name `railiance-haskelseed-build-01`;
- labels `self-hosted`, `haskelseed`, `linux`, `linux_amd64`,
`container-build`, and `registry-publish`;
- online status;
- last contact time;
- workflow ids for the smoke run and later inter-hub run.
## Registry Tag Evidence
Tag inspection remains pending because `skopeo` is unavailable in this
environment.
Run from an operator host with registry access:
```bash
for tag in 91037a4 ae9e497 fa96fb8 7cc3173 latest; do
skopeo inspect --tls-verify=false \
"docker://92.205.130.254:32166/coulomb/inter-hub:${tag}" \
--format "${tag} {{.Name}} {{.Digest}}"
done
```
Record only image names, tags, digests, and status. Do not record registry
tokens.
## Smoke Evidence Slot
No smoke job has passed yet. Current haskelseed registration labels now match
the proposed first compatibility contract.
Expected evidence after `.gitea/workflows/forge-runner-smoke.yaml` passes:
| Field | Value |
| --- | --- |
| Date | `TODO` |
| Runner name | `TODO` |
| Labels used | `TODO` |
| Workflow id/url | `TODO` |
| Repo commit | `TODO` |
| Docker availability | `TODO` |
| Cluster credential absent | `TODO` |
| Registry credential absent in smoke | `TODO` |
## Inter-Hub Unblock Slot
Do not rerun production push probes until the smoke workflow passes.
Expected evidence after inter-hub rerun:
| Field | Value |
| --- | --- |
| Inter-hub commit | `TODO` |
| Workflow id/url | `TODO` |
| Image tag/digest | `TODO` |
| Deployment result | `TODO` |
| `https://hub.coulomb.social/api/v2/hubs` | `TODO` |
| Remaining blocker | `TODO` |
Reference in New Issue View Git Blame Copy Permalink