Wire runner caches and forge secrets through agenix

2026-03-19 00:04:27 -07:00 · 2026-03-19 00:04:27 -07:00 · ed247b2f5e
commit ed247b2f5e
parent afc3e79eb0
20 changed files with 299 additions and 64 deletions
--- a/services/forgejo-nsc/internal/config/config.go
+++ b/services/forgejo-nsc/internal/config/config.go
@ -49,8 +49,14 @@ type Config struct {
 	Runner    RunnerConfig    `yaml:"runner"`
 }

+type CacheVolumeConfig struct {
+	Tag        string `yaml:"tag"`
+	MountPoint string `yaml:"mount_point"`
+	SizeGb     int64  `yaml:"size_gb"`
+}
+
 type ForgejoConfig struct {
-	BaseURL       string      `yaml:"base_url"`
+	BaseURL string `yaml:"base_url"`
 	// InstanceURL is the URL runners should use when registering with Forgejo.
 	// This must be reachable from the spawned runner (e.g. the public URL like
 	// https://git.burrow.net), and may differ from BaseURL (which can be a local
@ -80,15 +86,19 @@ type NamespaceConfig struct {
 	// MacosBaseImageID selects which macOS base image to use (e.g. "tahoe").
 	MacosBaseImageID string `yaml:"macos_base_image_id"`
 	// MacosMachineArch is the architecture used for macOS instances (typically "arm64").
-	MacosMachineArch string   `yaml:"macos_machine_arch"`
-	Duration         Duration `yaml:"duration"`
-	WorkDir          string   `yaml:"workdir"`
-	MaxParallel      int64    `yaml:"max_parallel"`
-	Environment      []string `yaml:"environment"`
-	AllowLabels      []string `yaml:"allow_labels"`
-	AllowScopes      []string `yaml:"allow_scopes"`
-	Network          string   `yaml:"network"`
-	InstanceTags     []string `yaml:"instance_tags"`
+	MacosMachineArch  string              `yaml:"macos_machine_arch"`
+	Duration          Duration            `yaml:"duration"`
+	WorkDir           string              `yaml:"workdir"`
+	MaxParallel       int64               `yaml:"max_parallel"`
+	Environment       []string            `yaml:"environment"`
+	AllowLabels       []string            `yaml:"allow_labels"`
+	AllowScopes       []string            `yaml:"allow_scopes"`
+	Network           string              `yaml:"network"`
+	InstanceTags      []string            `yaml:"instance_tags"`
+	LinuxCachePath    string              `yaml:"linux_cache_path"`
+	LinuxCacheVolumes []CacheVolumeConfig `yaml:"linux_cache_volumes"`
+	MacosCachePath    string              `yaml:"macos_cache_path"`
+	MacosCacheVolumes []CacheVolumeConfig `yaml:"macos_cache_volumes"`
 }

 type RunnerConfig struct {
@ -160,6 +170,46 @@ func (c *Config) Validate() error {
 	if c.Namespace.MaxParallel <= 0 {
 		c.Namespace.MaxParallel = 4
 	}
+	if c.Namespace.LinuxCachePath == "" {
+		c.Namespace.LinuxCachePath = "/var/cache/burrow"
+	}
+	if len(c.Namespace.LinuxCacheVolumes) == 0 {
+		c.Namespace.LinuxCacheVolumes = []CacheVolumeConfig{
+			{
+				Tag:        "burrow-forgejo-linux-nix",
+				MountPoint: "/nix",
+				SizeGb:     60,
+			},
+			{
+				Tag:        "burrow-forgejo-linux-cache",
+				MountPoint: c.Namespace.LinuxCachePath,
+				SizeGb:     40,
+			},
+		}
+	}
+	if c.Namespace.MacosCachePath == "" {
+		c.Namespace.MacosCachePath = "/Users/runner/.cache/burrow"
+	}
+	if len(c.Namespace.MacosCacheVolumes) == 0 {
+		c.Namespace.MacosCacheVolumes = []CacheVolumeConfig{
+			{
+				Tag:        "burrow-forgejo-macos-cache",
+				MountPoint: c.Namespace.MacosCachePath,
+				SizeGb:     60,
+			},
+		}
+	}
+	for _, volume := range append(append([]CacheVolumeConfig{}, c.Namespace.LinuxCacheVolumes...), c.Namespace.MacosCacheVolumes...) {
+		if strings.TrimSpace(volume.Tag) == "" {
+			return errors.New("namespace cache volume tag is required")
+		}
+		if strings.TrimSpace(volume.MountPoint) == "" {
+			return fmt.Errorf("namespace cache volume %q mount_point is required", volume.Tag)
+		}
+		if volume.SizeGb <= 0 {
+			return fmt.Errorf("namespace cache volume %q size_gb must be positive", volume.Tag)
+		}
+	}

 	return nil
 }