apiVersion: v1
kind: Namespace
metadata:
  name: gitea-runner
---
apiVersion: v1
kind: Secret
metadata:
  name: runner-secret
  namespace: gitea-runner
stringData:
  token: "m7uOZcE8st7MtvjI2YThQy6em5GoCs2TPMXSnvdV"
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: runner-config
  namespace: gitea-runner
data:
  config.yaml: |
    log:
      level: info
    runner:
      file: .runner
      capacity: 1
      timeout: 1h
      labels:
        - "ubuntu-latest:docker://docker:27"
        - "ubuntu-22.04:docker://docker:27"
    container:
      network: host
      privileged: true
      docker_host: unix:///var/run/docker.sock
      options: ""
      workdir_parent: /workspace
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: gitea-runner
  namespace: gitea-runner
spec:
  replicas: 1
  selector:
    matchLabels:
      app: gitea-runner
  template:
    metadata:
      labels:
        app: gitea-runner
    spec:
      containers:
        - name: runner
          image: gitea/act_runner:latest
          env:
            - name: DOCKER_HOST
              value: unix:///var/run/docker.sock
          command: ["sh", "-c"]
          args:
            - |
              apk add --no-cache docker-cli >/dev/null 2>&1
              while ! docker info >/dev/null 2>&1; do sleep 1; done
              act_runner register --no-interactive \
                --instance http://gitea-http.gitea.svc.cluster.local:3000 \
                --token "$(cat /secret/token)" \
                --name k3s-runner \
                --config /config/config.yaml \
                --labels "ubuntu-latest:docker://docker:27,ubuntu-22.04:docker://docker:27"
              act_runner daemon --config /config/config.yaml
          volumeMounts:
            - name: secret
              mountPath: /secret
              readOnly: true
            - name: config
              mountPath: /config
              readOnly: true
            - name: docker-sock
              mountPath: /var/run
            - name: data
              mountPath: /data
          resources:
            requests:
              cpu: 100m
              memory: 128Mi
            limits:
              cpu: 500m
              memory: 512Mi
        - name: dind
          image: docker:27-dind
          securityContext:
            privileged: true
          env:
            - name: DOCKER_TLS_CERTDIR
              value: ""
          volumeMounts:
            - name: docker-sock
              mountPath: /var/run
            - name: dind-storage
              mountPath: /var/lib/docker
          resources:
            requests:
              cpu: 100m
              memory: 256Mi
            limits:
              cpu: 2000m
              memory: 2Gi
      volumes:
        - name: secret
          secret:
            secretName: runner-secret
        - name: config
          configMap:
            name: runner-config
        - name: docker-sock
          emptyDir: {}
        - name: data
          emptyDir: {}
        - name: dind-storage
          emptyDir: {}