Run a GitLab Runner on your Swarm

swarm.yml

version: '3.4'

secrets:

  # Find your registration token at: "Your project" > "Settings" > "CI/CD" > "Runners settings" > "Specific Runners" (look for registration token)
  # Register it as `GITLAB_REGISTRATION_TOKEN`: `docker secret create GITLAB_REGISTRATION_TOKEN YOUR_REGISTRATION_TOKEN`
  GITLAB_REGISTRATION_TOKEN:
    external: true
  # Find your personal access token at: "Your user account" > "Settings" > "Access Tokens" > "Create personal access token" (for api)
  # Register it as `GITLAB_PERSONAL_ACCESS_TOKEN`: `docker secret create GITLAB_PERSONAL_ACCESS_TOKEN <YOUR ACCESS TOKEN>`
  GITLAB_PERSONAL_ACCESS_TOKEN:
    external: true

services:

  # Gitlab Runner - https://gitlab.com/gitlab-org/gitlab-runner
  runner:
    image: gitlab/gitlab-runner:latest
    environment:
      - CONCURRENT=8
      - REGISTER_LOCKED=1
      - REGISTER_NON_INTERACTIVE=1
      - RUNNER_EXECUTOR=docker
      - DOCKER_IMAGE=docker
      - DOCKER_VOLUMES=/var/run/docker.sock:/var/run/docker.sock
      - RUNNER_NAME=docker
      - API_URL=https://gitlab.com/api/v4
      - CI_SERVER_URL=https://gitlab.com/ci
    entrypoint: "bash"
    secrets:
      - GITLAB_REGISTRATION_TOKEN
    command: |
      -c '
        set -e

        printf "Setting configuration...\\n"
        export REGISTRATION_TOKEN="$$(cat /run/secrets/GITLAB_REGISTRATION_TOKEN)"
        sed -i "s/^concurrent = .*/concurrent = $${CONCURRENT}/" /etc/gitlab-runner/config.toml
        printf "\\n"

        printf "Registering runner...\\n"
        gitlab-runner register --non-interactive
        printf "\\n"

        printf "List runners...\\n"
        gitlab-runner list
        printf "\\n"

        printf "Running runner...\\n"
        gitlab-runner run --user=gitlab-runner --working-directory=/home/gitlab-runner --metrics-server=:9252
      '
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    deploy:
      mode: global
      placement:
        constraints:
          - node.role == manager
      labels:
        - "traefik.enable=false"
    healthcheck:
      test: ["CMD-SHELL", "gitlab-runner verify --name docker 2>&1 | grep --quiet \"is alive\""]
      start_period: 10s
      interval: 10s
      timeout: 10s
      retries: 10

  # Gitlab Manager to unregister GitLab Runners
  manager:
    image: alpine:latest
    environment:
      - API_URL=https://gitlab.com/api/v4
      - CI_SERVER_URL=https://gitlab.com/ci
    secrets:
      - GITLAB_PERSONAL_ACCESS_TOKEN
    entrypoint: sh
    command: |
      -c '
        set -e

        printf "Installing dependencies...\\n"
        apk --no-cache add curl jq
        printf "\\n"

        export PERSONAL_ACCESS_TOKEN="$$(cat /run/secrets/GITLAB_PERSONAL_ACCESS_TOKEN)"
        while true; do
          printf "Checking runners...\\n"
          curl -sS --header "PRIVATE-TOKEN: $${PERSONAL_ACCESS_TOKEN}" "$${API_URL}/runners?per_page=100" | \
          jq -c ".[] | select(false==.is_shared) | select(\"online\"==.status) | .id" | \
          while read RUNNER_ID; do
            printf "Runner $${RUNNER_ID} is online\\n"
          done
          curl -sS --header "PRIVATE-TOKEN: $${PERSONAL_ACCESS_TOKEN}" "$${API_URL}/runners?per_page=100" | \
          jq -c ".[] | select(false==.is_shared) | select(\"online\"!=.status) | .id" | \
          while read RUNNER_ID; do
            printf "Deleting runner $${RUNNER_ID}...\\n"
            curl -sS --request DELETE --header "PRIVATE-TOKEN: $${PERSONAL_ACCESS_TOKEN}" "$${API_URL}/runners/$${RUNNER_ID}"
          done
          printf "All offline runners deleted\\n"
          printf "Waiting for 24 hours...\\n"
          sleep 24h
        done
        printf "\\n"
      '
    deploy:
      labels:
        - "traefik.enable=false"
    healthcheck:
      test: ["CMD-SHELL", "command -v curl"]
      start_period: 10s
      interval: 10s
      timeout: 10s
      retries: 10

  # Gitlab Runner Docker Cleanup - https://gitlab.com/gitlab-org/gitlab-runner-docker-cleanup
  cleaner:
    image: quay.io/gitlab/gitlab-runner-docker-cleanup
    environment:
      - CHECK_PATH=/data
      - LOW_FREE_SPACE=10G
      - EXPECTED_FREE_SPACE=20G
      - LOW_FREE_FILES_COUNT=1048576
      - EXPECTED_FREE_FILES_COUNT=2097152
      - USE_DF=1
      - CHECK_INTERVAL=10s
      - RETRY_INTERVAL=30s
      - DEFAULT_TTL=60m
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /data:/data
    deploy:
      restart_policy:
        condition: any
      labels:
        - "traefik.enable=false"