use docker.sock directly

cluster/apps/gitea-act/gitea-act.yml

@@ -20,7 +20,7 @@ spec:
       hostNetwork: true
       restartPolicy: Always
       volumes:
-      - name: docker-certs
+      - name: docker-socket
         emptyDir: {}
       - name: runner-data
         persistentVolumeClaim:
@@ -37,34 +37,31 @@ spec:
             sleep 5
           done
           echo "Gitea is ready!"
+      - name: docker
+        image: docker:28.3.2-dind
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - name: docker-socket
+          mountPath: /var/run/
+        startupProbe:
+          tcpSocket:
+            port: 2376
+        livenessProbe:
+          tcpSocket:
+            port: 2376
+        restartPolicy: Always
       containers:
       - name: runner
         image: gitea/act_runner:nightly
-        command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- run.sh"]
         env:
-        - name: DOCKER_HOST
-          value: tcp://localhost:2376
-        - name: DOCKER_CERT_PATH
-          value: /certs/client
-        - name: DOCKER_TLS_VERIFY
-          value: "1"
         - name: GITEA_INSTANCE_URL
           value: "https://gitea.akshun-lab.uk"
         - name: GITEA_RUNNER_REGISTRATION_TOKEN
           value: "NvAHP4f1in4Fpe6VFaiwiN98IR0poOQoDv4dDKcN"
         volumeMounts:
-        - name: docker-certs
-          mountPath: /certs
         - name: runner-data
           mountPath: /data
-      - name: daemon
+        - name: docker-socket
-        image: docker:28.2.2-dind
+          mountPath: /var/run/docker.sock
-        env:
+          subPath: docker.sock
-        - name: DOCKER_TLS_CERTDIR
-          value: /certs
-        securityContext:
-          privileged: true
-        volumeMounts:
-        - name: docker-certs
-          mountPath: /certs
-