Skip to content

Instantly share code, notes, and snippets.

@manhhailua
Forked from MetalArend/swarm.yml
Last active November 29, 2019 19:08
Show Gist options
  • Save manhhailua/99df6f718a3d9d479c20999dd7a41fd6 to your computer and use it in GitHub Desktop.
Save manhhailua/99df6f718a3d9d479c20999dd7a41fd6 to your computer and use it in GitHub Desktop.
Run a GitLab Runner on your Swarm
version: '3.7'
secrets:
# Find your registration token at: "Your project" > "Settings" > "CI/CD" > "Runners settings" > "Specific Runners" (look for registration token)
# Register it as `GITLAB_REGISTRATION_TOKEN`: `docker secret create GITLAB_REGISTRATION_TOKEN YOUR_REGISTRATION_TOKEN`
GITLAB_REGISTRATION_TOKEN:
external: true
# Find your personal access token at: "Your user account" > "Settings" > "Access Tokens" > "Create personal access token" (for api)
# Register it as `GITLAB_PERSONAL_ACCESS_TOKEN`: `docker secret create GITLAB_PERSONAL_ACCESS_TOKEN <YOUR ACCESS TOKEN>`
GITLAB_PERSONAL_ACCESS_TOKEN:
external: true
services:
# Gitlab Runner - https://gitlab.com/gitlab-org/gitlab-runner
runner:
image: gitlab/gitlab-runner:latest
environment:
- CONCURRENT=8
- REGISTER_LOCKED=1
- REGISTER_NON_INTERACTIVE=1
- RUNNER_EXECUTOR=docker
- DOCKER_IMAGE=docker
- DOCKER_VOLUMES=/var/run/docker.sock:/var/run/docker.sock
- RUNNER_NAME=docker
- API_URL=https://gitlab.com/api/v4
- CI_SERVER_URL=https://gitlab.com/ci
entrypoint: "bash"
secrets:
- GITLAB_REGISTRATION_TOKEN
command: |
-c '
set -e
printf "Setting configuration...\\n"
export REGISTRATION_TOKEN="$$(cat /run/secrets/GITLAB_REGISTRATION_TOKEN)"
sed -i "s/^concurrent = .*/concurrent = $${CONCURRENT}/" /etc/gitlab-runner/config.toml
printf "\\n"
printf "Registering runner...\\n"
gitlab-runner register --non-interactive
printf "\\n"
printf "List runners...\\n"
gitlab-runner list
printf "\\n"
printf "Running runner...\\n"
gitlab-runner run --user=gitlab-runner --working-directory=/home/gitlab-runner
'
volumes:
- /var/run/docker.sock:/var/run/docker.sock
deploy:
mode: global
placement:
constraints:
- node.role == manager
labels:
- "traefik.enable=false"
healthcheck:
test: ["CMD-SHELL", "gitlab-runner verify --name docker 2>&1 | grep --quiet \"is alive\""]
start_period: 10s
interval: 10s
timeout: 10s
retries: 10
# Gitlab Manager to unregister GitLab Runners
manager:
image: alpine:latest
environment:
- API_URL=https://gitlab.com/api/v4
- CI_SERVER_URL=https://gitlab.com/ci
secrets:
- GITLAB_PERSONAL_ACCESS_TOKEN
entrypoint: sh
command: |
-c '
set -e
printf "Installing dependencies...\\n"
apk --no-cache add curl jq
printf "\\n"
export PERSONAL_ACCESS_TOKEN="$$(cat /run/secrets/GITLAB_PERSONAL_ACCESS_TOKEN)"
while true; do
printf "Checking runners...\\n"
curl -sS --header "PRIVATE-TOKEN: $${PERSONAL_ACCESS_TOKEN}" "$${API_URL}/runners?per_page=100" | \
jq -c ".[] | select(false==.is_shared) | select(\"online\"==.status) | .id" | \
while read RUNNER_ID; do
printf "Runner $${RUNNER_ID} is online\\n"
done
curl -sS --header "PRIVATE-TOKEN: $${PERSONAL_ACCESS_TOKEN}" "$${API_URL}/runners?per_page=100" | \
jq -c ".[] | select(false==.is_shared) | select(\"online\"!=.status) | .id" | \
while read RUNNER_ID; do
printf "Deleting runner $${RUNNER_ID}...\\n"
curl -sS --request DELETE --header "PRIVATE-TOKEN: $${PERSONAL_ACCESS_TOKEN}" "$${API_URL}/runners/$${RUNNER_ID}"
done
printf "All offline runners deleted\\n"
printf "Waiting for 24 hours...\\n"
sleep 24h
done
printf "\\n"
'
deploy:
labels:
- "traefik.enable=false"
healthcheck:
test: ["CMD-SHELL", "command -v curl"]
start_period: 10s
interval: 10s
timeout: 10s
retries: 10
# Gitlab Runner Docker Cleanup - https://gitlab.com/gitlab-org/gitlab-runner-docker-cleanup
cleaner:
image: quay.io/gitlab/gitlab-runner-docker-cleanup
environment:
- CHECK_PATH=/data
- LOW_FREE_SPACE=10G
- EXPECTED_FREE_SPACE=20G
- LOW_FREE_FILES_COUNT=1048576
- EXPECTED_FREE_FILES_COUNT=2097152
- USE_DF=1
- CHECK_INTERVAL=10s
- RETRY_INTERVAL=30s
- DEFAULT_TTL=60m
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- cleaner_data:/data
deploy:
restart_policy:
condition: any
labels:
- "traefik.enable=false"
volumes:
cleaner_data:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment