feat(forgejo-runner): switch to a runner made for gitea for kubernetes support

cluster/apps/dev/forgejo-runner/deploy.yaml

@@ -1,82 +0,0 @@
-# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/deployment.json
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: forgejo-runner
-  namespace: dev
-  labels:
-    app: forgejo-runner
-spec:
-  replicas: 5
-  selector:
-    matchLabels:
-      app: forgejo-runner
-  template:
-    metadata:
-      labels:
-        app: forgejo-runner
-    spec:
-      restartPolicy: Always
-
-      volumes:
-        - name: docker-certs
-          emptyDir: {}
-        - name: runner-data
-          emptyDir: {}
-
-      initContainers:
-        - name: runner-config-generation
-          image: code.forgejo.org/forgejo/runner:3.3.0
-          command:
-            - sh
-            - -c
-            - forgejo-runner register --no-interactive --instance $FORGEJO_INSTANCE_URL --token $RUNNER_TOKEN
-          
-          env:
-            - name: RUNNER_TOKEN
-              valueFrom:
-                secretKeyRef:
-                  name: forgejo-runner-token
-                  key: token
-            - name: FORGEJO_INSTANCE_URL
-              value: https://${SECRET_NEW_DOMAIN}
-          
-          volumeMounts:
-            - name: runner-data
-              mountPath: /data
-      
-      containers:
-        - name: runner
-          image: code.forgejo.org/forgejo/runner:3.3.0
-          command:
-            - sh
-            - -c
-            - while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; forgejo-runner daemon
-
-          env:
-            - name: DOCKER_HOST
-              value: tcp://localhost:2376
-            - name: DOCKER_CERT_PATH
-              value: /certs/client
-            - name: DOCKER_TLS_VERIFY
-              value: '1'
-
-          volumeMounts:
-            - name: docker-certs
-              mountPath: /certs
-            - name: runner-data
-              mountPath: /data
-
-        - name: dind
-          image: docker:dind
-          
-          env:
-            - name: DOCKER_TLS_CERTDIR
-              value: /certs
-
-          securityContext:
-            privileged: true
-
-          volumeMounts:
-            - name: docker-certs
-              mountPath: /certs

cluster/apps/dev/forgejo-runner/kustomization.yaml

@@ -2,4 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - ./reg-token.sops.yaml
-- ./deploy.yaml
+- ./service-account.yaml
+- ./service.yaml
+- ./runner.yaml

cluster/apps/dev/forgejo-runner/runner.yaml

@@ -0,0 +1,77 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/statefulset.json
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: forgejo-runner
+  namespace: dev
+spec:
+  serviceName: forgejo-runner
+  replicas: 5
+  revisionHistoryLimit: 0
+
+  volumeClaimTemplates:
+    - metadata:
+        name: runner-work
+      spec:
+        storageClassName: openebs-hostpath
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 5Gi
+  
+  persistentVolumeClaimRetentionPolicy:
+    whenScaled: Delete
+    whenDeleted: Delete
+
+  selector:
+    matchLabels:
+      app: forgejo-runner
+
+  template:
+    metadata:
+      labels:
+        app: forgejo-runner
+
+    spec:
+      serviceAccountName: forgejo-runner
+
+      containers:
+        - name: runner
+          image: ghcr.io/christopherhx/gitea-actions-runner:v0.0.12
+          imagePullPolicy: Always
+          
+          env:
+            - name: ACTIONS_RUNNER_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: ACTIONS_RUNNER_CLAIM_NAME
+              value: runner-work-$(ACTIONS_RUNNER_POD_NAME)
+            - name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER
+              value: "true"
+            - name: ACTIONS_RUNNER_CONTAINER_HOOKS
+              value: /home/runner/k8s/index.js
+            - name: GITEA_INSTANCE_URL
+              value: https://${SECRET_NEW_DOMAIN}
+            - name: GITEA_RUNNER_REGISTRATION_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: forgejo-runner-token
+                  key: token
+            - name: GITEA_RUNNER_LABELS
+              value: docker
+            - name: GITEA_RUNNER_NAME
+              value: cluster-runner
+          
+          volumeMounts:
+            - mountPath: /home/runner/_work
+              name: runner-work
+
+          resources:
+            requests:
+              cpu: "10m"
+              memory: "500Mi"
+            limits:
+              cpu: "1"
+              memory: "1Gi"

cluster/apps/dev/forgejo-runner/service-account.yaml

@@ -0,0 +1,43 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/role.json
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: forgejo-runner
+  namespace: dev
+rules:
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "list", "create", "delete"]
+  - apiGroups: [""]
+    resources: ["pods/exec"]
+    verbs: ["get", "create"]
+  - apiGroups: [""]
+    resources: ["pods/log"]
+    verbs: ["get", "list", "watch",]
+  - apiGroups: ["batch"]
+    resources: ["jobs"]
+    verbs: ["get", "list", "create", "delete"]
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list", "create", "delete"]
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/rolebinding.json
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: forgejo-runner
+  namespace: dev
+subjects:
+  - kind: ServiceAccount
+    name: forgejo-runner
+roleRef:
+  kind: Role
+  name: forgejo-runner
+  apiGroup: rbac.authorization.k8s.io
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/serviceaccount.json
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: forgejo-runner
+  namespace: dev

cluster/apps/dev/forgejo-runner/service.yaml

@@ -0,0 +1,11 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/service.json
+kind: Service
+apiVersion: v1
+metadata:
+  name: forgejo-runner
+  namespace: dev
+spec:
+  type: ClusterIP
+  clusterIP: None
+  selector:
+    app: forgejo-runner