k3s-at-home/clusters/ipv6/git-ops/gitea-act/gitea-act.yml

---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: gitea-act-runner
  name: gitea-act-runner
  namespace: git-ops
spec:
  replicas: 1
  selector:
    matchLabels:
      app: gitea-act-runner
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: gitea-act-runner
    spec:
      restartPolicy: Always
      volumes:
      - name: docker-certs
        emptyDir: {}
      - name: runner-data
        persistentVolumeClaim:
          claimName: gitea-act-runner-longhorn
      containers:
      - name: runner
        image: gitea/act_runner@sha256:8477d5b61b655caad4449888bae39f1f34bebd27db56cb15a62dccb3dcf3a944
        command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- run.sh"]
        readinessProbe:
          exec:
            command:
            - sh
            - -c
            - |
              nc -z gitea-int-service.git-ops.svc.cluster.local 3000
          initialDelaySeconds: 5
          periodSeconds: 5
          failureThreshold: 3
        env:
        - name: DOCKER_HOST
          value: tcp://localhost:2376
        - name: DOCKER_CERT_PATH
          value: /certs/client
        - name: DOCKER_TLS_VERIFY
          value: "1"
        - name: GITEA_INSTANCE_URL
          valueFrom:
            secretKeyRef:
              key: URL
              name: gitea-act-runner-secret
        - name: GITEA_RUNNER_REGISTRATION_TOKEN
          valueFrom:
            secretKeyRef:
              key: TOKEN
              name: gitea-act-runner-secret
        - name: CONFIG_FILE
          value: "/data/config.yaml"
        volumeMounts:
        - name: docker-certs
          mountPath: /certs
        - name: runner-data
          mountPath: /data
      - name: daemon
        image: docker:29.2.0-dind
        env:
        - name: DOCKER_TLS_CERTDIR
          value: /certs
        securityContext:
          privileged: true
        volumeMounts:
        - name: docker-certs
          mountPath: /certs