Fluid/fluidpop-v1
1
0
Fork 0
Code Issues 17 Pull requests Projects Releases Packages Wiki Activity Actions

feat(ci): fluidpop-runner Docker compose + register script + inventory README #12

Merged
navigator merged 2 commits from feature/ci-runner-setup into main 2026-05-24 05:20:54 -03:00
Conversation 1 Commits 2 Files changed 6 +200 -15
navigator commented 2026-05-24 05:09:55 -03:00
Owner
Copy link

Deploys the 4th per-repo Forgejo Actions runner on git-runner host (root@2804:710:d0:5::10), following the established pattern used by the three pop-edge-* runners.

Without this runner, all workflow jobs on Fluid/fluidpop-v1 stay in waiting state because the only instance-wide runner (pop-runner-01) does not advertise the docker label our workflows require. See ADR-016 (PR #11) for the analysis.

What this PR adds:

  • infra/ci/fluidpop-runner-compose.yml — same image (forgejo/runner:4.0.0) + docker:dind sidecar pattern as the existing pop-edge runners, subnet 172.30.12.0/24, container_name fluidpop-runner.
  • infra/ci/register-fluidpop-runner.sh — idempotent SSH+SCP+register+up script. Fetches fresh per-repo registration token via admin API. Skip registration if .runner already references the runner name.
  • infra/ci/README.md — full inventory of all 5 runners on git-runner (3 pop-edge + 1 global + this one), common operations, troubleshooting, security note on the docker:dind sidecar pattern.

Already executed: the runner has been deployed and registered on git-runner; workflows on this PR should pick up and run (validate via PR status checks below).

Labels registered: docker, ubuntu-latest, self-hosted — all mapping to docker://node:20-bookworm image.

Tests: docs+shell+yaml only. CI runs shellcheck on the new script and validates the compose file. Per GitOps workflow, ready for fluidpop-bot approve+merge once CI green.

Deploys the 4th per-repo Forgejo Actions runner on git-runner host (root@2804:710:d0:5::10), following the established pattern used by the three pop-edge-* runners. Without this runner, all workflow jobs on Fluid/fluidpop-v1 stay in waiting state because the only instance-wide runner (pop-runner-01) does not advertise the docker label our workflows require. See ADR-016 (PR #11) for the analysis. What this PR adds: - infra/ci/fluidpop-runner-compose.yml — same image (forgejo/runner:4.0.0) + docker:dind sidecar pattern as the existing pop-edge runners, subnet 172.30.12.0/24, container_name fluidpop-runner. - infra/ci/register-fluidpop-runner.sh — idempotent SSH+SCP+register+up script. Fetches fresh per-repo registration token via admin API. Skip registration if .runner already references the runner name. - infra/ci/README.md — full inventory of all 5 runners on git-runner (3 pop-edge + 1 global + this one), common operations, troubleshooting, security note on the docker:dind sidecar pattern. Already executed: the runner has been deployed and registered on git-runner; workflows on this PR should pick up and run (validate via PR status checks below). Labels registered: docker, ubuntu-latest, self-hosted — all mapping to docker://node:20-bookworm image. Tests: docs+shell+yaml only. CI runs shellcheck on the new script and validates the compose file. Per GitOps workflow, ready for fluidpop-bot approve+merge once CI green.
feat(ci): fluidpop-runner Docker compose + register script + inventory README
Some checks failed
build / scalafmt-check (push) Failing after 2s
Details
build / sbt-compile (push) Failing after 3s
Details
build / shell-lint (push) Failing after 2s
Details
build / scalafmt-check (pull_request) Failing after 2s
Details
build / sbt-compile (pull_request) Failing after 2s
Details
build / shell-lint (pull_request) Failing after 2s
Details
2110b07826 
Deploys the 4th per-repo Forgejo runner on git-runner host
(root@2804:710:d0:5::10), following the established pattern of the
three pop-edge-*-runner deployments at /opt/forgejo-runners/<name>-runner/.

- infra/ci/fluidpop-runner-compose.yml: Docker Compose with the same
  image (data.forgejo.org/forgejo/runner:4.0.0) + docker:dind sidecar
  used by pop-edge runners. Subnet 172.30.12.0/24 (next free /24 after
  pop-edge-pr at .11). extra_hosts maps git.pop.coop to internal IP.
- infra/ci/register-fluidpop-runner.sh: idempotent installer. SSH +
  SCP compose to git-runner, fetch fresh per-repo registration token
  via admin API, register via 'docker compose run --rm runner', then
  'docker compose up -d'. Labels: docker, ubuntu-latest, self-hosted
  (all map to node:20-bookworm image). Skip register if .runner
  already contains the runner name.
- infra/ci/README.md: inventory of all 5 runners on git-runner
  (3 pop-edge + 1 global pop-runner-01 + new fluidpop-runner), common
  operations, troubleshooting, security note on docker:dind sidecar
  pattern.

The global pop-runner-01 does not advertise 'docker' label - explains
why workflows declaring runs-on: docker (ours included) were not
picked up before fluidpop-runner registration.
fix(ci): remove container.image overrides + IPv6/subnet/endpoint fixes
All checks were successful
build / scalafmt-check (push) Successful in 42s
Details
build / sbt-compile (push) Successful in 3s
Details
build / shell-lint (push) Successful in 8s
Details
build / scalafmt-check (pull_request) Successful in 3s
Details
build / sbt-compile (pull_request) Successful in 3s
Details
build / shell-lint (pull_request) Successful in 44s
Details
673a048947 
The runner fluidpop-ci-01 was up and pulling jobs, but failing because:

1. .forgejo/workflows/{build,nightly}.yml had per-job container.image
   pointing at hseeberger/scala-sbt and koalaman/shellcheck-alpine.
   Both lack node binary, which actions/checkout@v4 requires. Result:
   'OCI runtime exec failed: exec: node: executable file not found'.
   Fix: remove container.image; jobs run in runner default image
   (node:20-bookworm). The else-echo fallback branches succeed there.
   shell-lint now apt-get installs shellcheck in the default image.
   Per-job containers return when build.sbt + scala-sbt image with
   node land in Phase 1 RTL setup.

2. infra/ci/fluidpop-runner-compose.yml: subnet 172.30.12.0/24 conflicts
   with pop-edge-live-runner's existing network. Moved to 172.30.14.0/24
   (next free after .11 pop-edge-pr, .12 pop-edge-live, .13 pop-edge-apply).

3. infra/ci/register-fluidpop-runner.sh: two API fixes:
   - scp choked on IPv6 :: parsing; switched to ssh+cat redirect.
   - Repo runner endpoints in Forgejo 14.0 require /actions/ prefix:
     /repos/{o}/{r}/actions/runners/registration-token (was missing
     /actions/). Same for list endpoint /actions/runners with .entries[].
fluidpop-bot approved these changes 2026-05-24 05:20:39 -03:00
fluidpop-bot left a comment
Collaborator
Copy link

CI green on 673a048 (workflow runs 749-754 all success); approving per GitOps loop

CI green on 673a048 (workflow runs 749-754 all success); approving per GitOps loop
Sign in to join this conversation.
Reviewers
No reviewers
fluidpop-bot
Labels
Clear labels   
adr

Architecture Decision Record

  
agent:blocked-ci

CI failed on the PR

  
agent:blocked-human

Operator escalated; awaiting Marcos input

  
agent:blocked-resolver

Resolver crashed, returned empty, or timed out

  
agent:done

PR merged; issue auto-closed

  
agent:in-progress

Resolver claimed and running

  
agent:no-touch

Human-reserved; swarm Opener/Dispatcher skip

  
agent:pinged

Operator already escalated; suppress repeat pings

  
agent:pr-open

Resolver opened a PR; awaiting review/merge

  
agent:queued

Issue ready for swarm Resolver to claim

  
agent:wip

PR work-in-progress; Approver skips

  
area:board

PCB / mechanical / cooling

  
area:funding

PACID / grants / RFQs

  
area:infra

Dev env, CI, containers

  
area:phy

Physical layer / SerDes

  
area:poplink

PopLink protocol

  
area:rtl

Chisel/RTL work

  
area:software

Driver / runtime / frameworks

  
area:supply-chain

Foundry, OSAT, PCB, components

  
area:verification

Test, formal, coverage

  
ci-failed

auto-merge.sh detected CI failure

  
ci-timeout

auto-merge.sh hit CI timeout

  
docs

Documentation

  
do-not-merge

Hard hold; PR Approver skips

  
human-approved

Marcos approved via Telegram; release governance hold

  
needs-human-approval

Touches governance path; awaits Marcos label human-approved

  
needs-rebase

PR is not mergeable; rebase needed

  
needs-triage

Issue from untrusted author; Marcos triage needed

  
phase:1

Phase 1 (Section 6 of PLAN.md)

  
ready-for-review

Resolver done; PR Approver triages

  
review:findings

PR semantic review flagged blocking findings

  
review:pass

PR semantic review passed; safe for pr-approver

  
risk:tripwire

Section 0.5 tripwire fired

  
swarm:quarantined

Escalation tripwire fired; resolver tried off-limits paths

No labels
adr
agent:blocked-ci
agent:blocked-human
agent:blocked-resolver
agent:done
agent:in-progress
agent:no-touch
agent:pinged
agent:pr-open
agent:queued
agent:wip
area:board
area:funding
area:infra
area:phy
area:poplink
area:rtl
area:software
area:supply-chain
area:verification
ci-failed
ci-timeout
docs
do-not-merge
human-approved
needs-human-approval
needs-rebase
needs-triage
phase:1
ready-for-review
review:findings
review:pass
risk:tripwire
swarm:quarantined
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
Fluid/fluidpop-v1!12
No description provided.