From 2e5b5b4773af238f640003254557179c48e26cc1 Mon Sep 17 00:00:00 2001
From: aggarwalakshun <aggarwalakshun@gmail.com>
Date: Wed, 15 Oct 2025 14:32:41 +0530
Subject: [PATCH] Add gitea act deployment, persistent volume claim, and sealed
 secret

---
 .../git-ops/gitea-act/gitea-act-pvc.yml       | 14 ++++
 .../git-ops/gitea-act/gitea-act-secrets.yml   | 15 ++++
 .../default/git-ops/gitea-act/gitea-act.yml   | 77 +++++++++++++++++++
 3 files changed, 106 insertions(+)
 create mode 100644 clusters/default/git-ops/gitea-act/gitea-act-pvc.yml
 create mode 100644 clusters/default/git-ops/gitea-act/gitea-act-secrets.yml
 create mode 100644 clusters/default/git-ops/gitea-act/gitea-act.yml

diff --git a/clusters/default/git-ops/gitea-act/gitea-act-pvc.yml b/clusters/default/git-ops/gitea-act/gitea-act-pvc.yml
new file mode 100644
index 0000000..bf84649
--- /dev/null
+++ b/clusters/default/git-ops/gitea-act/gitea-act-pvc.yml
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: gitea-act-runner-longhorn
+  namespace: git-ops
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 100Mi
+  storageClassName: longhorn
diff --git a/clusters/default/git-ops/gitea-act/gitea-act-secrets.yml b/clusters/default/git-ops/gitea-act/gitea-act-secrets.yml
new file mode 100644
index 0000000..42df8a9
--- /dev/null
+++ b/clusters/default/git-ops/gitea-act/gitea-act-secrets.yml
@@ -0,0 +1,15 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: gitea-act-runner-secret
+  namespace: git-ops
+spec:
+  encryptedData:
+    TOKEN: AgACJkhEafIeRdcLRHBiyjAXz8aK4m1w8238FhwhX8cKDMg3J2hD11CDI5K6R+idPxfIxJSry7yarr4j+3hB9JOfrVTGSMyt8zadIjeE6MZMQFrE+Ufbo+JRqz9lBjY2enmxfjvFS5LiZGogUaomuvmeFywWWmqLlLcyANNIHN/sw/JVIZc32oLsElSCQc8GgWoLDHPFbTkoeqqCFtWiEYDhZDf5BsGHxNh2MOI0N55TPL5izKrgSUTHvDiehYddeIYz85K3WCDTGXBztIteM7+DrHGdyuYOimP4J3w9CExnf3ObtqcfnOgv9a1wiXER484q5fpaidWIVZm/dZiTFuLwAWpPNRP/WcTkMXEJVSAEWkdYxb8fk6Zn6VifT1fTSzTUN90TP0IXlrjP55nvG7oHvkBNWydSRxc3d2wwXKhSnAOk94cWPxilOkqhsc/aqCQzkxgHZXNV94jb8KzV5r1XCCD/kYd+crbfNs4uEKXNSa9KZqE4Did8eelEfst+VGhUpWwMLn9QNNlMxKUhWuqjEM30QTO51p7cB12dqQxi1nuXB6NREW8LtOOJ5uRDnSTY0ZTwioNZ5OqgMVfAPAY6HBZrYOQFvG5/rDRkkWLWdDRLJfz1OZq+qwoXBfXhKCEQnK2J8zIxjVJKjdK4U7myWzB9peN5XQN29aisxCY7k0ikpD8Crog7jnxAXo2hmLNaCt2xVgKpHc8RnuC9dNIlJUXI0KhTT649s6Jja09ZfuTF/3oboHBH
+    URL: AgAF2MrmaYUOGlLqyMhJpLyTT/qZbvSHC787uLNKwjqTqRIhU34DoR4F0ZxcDfiUl7KQgZVL+ujOU1MdpBxsMtsvLRFoQl+bGm4G1miE7BUpsETp2ll3kVbLMTk8eNeFdRq1P4WEtF6vidwVfJ0ggwyISdMpLm7tS/oFg4l0FImmpqjsycCMuwheB4azcU/1sEy046NLFQUm+ErKN88qRvFQwMlKj2DHKrtBxGZfdo7xo8hcBdq5IWDfMs8yAvalafp+O922mzF7ADp2IMoTgipCGiGNo8dengg18mfjqI7sUJHZag1apGmJmUSBK8xxFv7Cc8iS8PPpBZIROe8/rEwpNYH/JTVbfNZvdu5qVzmXs7BUppGG6dg5ASUkYW7lVf1Bo1M/dFreuHOlr1UucwJoIXcMFu/eOLcNbAchH4I4K1LQFPNNDkViAKozP5E8k1fIcpGPRSPK9hRnr21w3+kJ8ruJl7TFWY0aqi0kemtXq2lZenFlaUEk2pilINGNZ16AZBAnuzafPRC76c4EVtEKlffKC+/4Oq3hXHneVoikJZYuJ0CP/mqKVzFf/HgfOxzDyGbtXsAZ1m+dcl25U81VzbEuvzGrgt3q7FNLwQ4heSeDNDkkSvotDWji8VT1W3IN6ShXZ+gHmL7UrY3HuG3BsuuekSHvmc1gXGOHOO/qKYkHeJ2NzZODhgh/xo/vbXiilQrNBnuoJ1cxPY8Xz0jAx6WfWqsTtahe2h4=
+  template:
+    metadata:
+      name: gitea-act-runner-secret
+      namespace: git-ops
+    type: Opaque
diff --git a/clusters/default/git-ops/gitea-act/gitea-act.yml b/clusters/default/git-ops/gitea-act/gitea-act.yml
new file mode 100644
index 0000000..589c45c
--- /dev/null
+++ b/clusters/default/git-ops/gitea-act/gitea-act.yml
@@ -0,0 +1,77 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: gitea-act-runner
+  name: gitea-act-runner
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: gitea-act-runner
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: gitea-act-runner
+    spec:
+      restartPolicy: Always
+      volumes:
+      - name: docker-certs
+        emptyDir: {}
+      - name: runner-data
+        persistentVolumeClaim:
+          claimName: gitea-act-runner-longhorn
+      initContainers:
+      - name: wait-for-gitea
+        image: busybox
+        command:
+        - sh
+        - -c
+        - |
+          while ! nc -z gitea-int-service 3000; do
+            echo "Waiting for Gitea to be ready..."
+            sleep 5
+          done
+          echo "Gitea is ready!"
+      containers:
+      - name: runner
+        image: gitea/act_runner@sha256:8477d5b61b655caad4449888bae39f1f34bebd27db56cb15a62dccb3dcf3a944
+        command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- run.sh"]
+        env:
+        - name: DOCKER_HOST
+          value: tcp://localhost:2376
+        - name: DOCKER_CERT_PATH
+          value: /certs/client
+        - name: DOCKER_TLS_VERIFY
+          value: "1"
+        - name: GITEA_INSTANCE_URL
+          valueFrom:
+            secretKeyRef:
+              key: URL
+              name: gitea-act-runner-secret
+        - name: GITEA_RUNNER_REGISTRATION_TOKEN
+          valueFrom:
+            secretKeyRef:
+              key: TOKEN
+              name: gitea-act-runner-secret
+        - name: CONFIG_FILE
+          value: "/data/config.yaml"
+        volumeMounts:
+        - name: docker-certs
+          mountPath: /certs
+        - name: runner-data
+          mountPath: /data
+      - name: daemon
+        image: docker:28.4.0-dind
+        env:
+        - name: DOCKER_TLS_CERTDIR
+          value: /certs
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - name: docker-certs
+          mountPath: /certs