apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: gitea-runner-data
  namespace: gitea
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: longhorn
  resources:
    requests:
      storage: 5Gi

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: gitea-runner
  namespace: gitea
spec:
  replicas: 1
  selector:
    matchLabels:
      app: gitea-runner
  template:
    metadata:
      labels:
        app: gitea-runner
    spec:
      containers:
        - name: runner
          image: gitea/act_runner:latest
          imagePullPolicy: IfNotPresent
          env:
            - name: GITEA_INSTANCE_URL
              value: "http://gitea.gitea.svc.cluster.local"
            - name: GITEA_RUNNER_NAME
              value: "k3s-runner-1"
            - name: GITEA_RUNNER_LABELS
              value: "linux-x64:host,ubuntu-latest:docker://catthehacker/ubuntu:act-latest,ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04,alpine:docker://alpine:3.20"
            - name: GITEA_RUNNER_REGISTRATION_TOKEN
              valueFrom:
                secretKeyRef:
                  name: gitea-runner-secret
                  key: GITEA_RUNNER_REGISTRATION_TOKEN
            - name: DOCKER_HOST
              value: "unix:///var/run/docker.sock"
          command:
            - /bin/sh
            - -c
          args:
            - |
              set -e
              until [ -S /var/run/docker.sock ]; do
                echo "Waiting for Docker socket..."
                sleep 2
              done
              if [ -f /data/.runner_labels ] && [ "$(cat /data/.runner_labels)" != "${GITEA_RUNNER_LABELS}" ]; then
                rm -f /data/.runner
              fi
              printf '%s' "${GITEA_RUNNER_LABELS}" > /data/.runner_labels
              if [ ! -f /data/.runner ]; then
                act_runner register \
                  --no-interactive \
                  --instance "${GITEA_INSTANCE_URL}" \
                  --token "${GITEA_RUNNER_REGISTRATION_TOKEN}" \
                  --name "${GITEA_RUNNER_NAME}" \
                  --labels "${GITEA_RUNNER_LABELS}"
              fi
              exec act_runner daemon
          volumeMounts:
            - name: runner-data
              mountPath: /data
            - name: docker-run
              mountPath: /var/run
        - name: dind
          image: docker:27-dind
          imagePullPolicy: IfNotPresent
          securityContext:
            privileged: true
          args:
            - --insecure-registry=gitea.gitea.svc.cluster.local
          env:
            - name: DOCKER_TLS_CERTDIR
              value: ""
          volumeMounts:
            - name: docker-lib
              mountPath: /var/lib/docker
            - name: docker-run
              mountPath: /var/run
      volumes:
        - name: runner-data
          persistentVolumeClaim:
            claimName: gitea-runner-data
        - name: docker-lib
          emptyDir: {}
        - name: docker-run
          emptyDir: {}