disable drone in favor of gitea-act

cluster/apps/drone/drone-rbac.yml

@@ -1,40 +0,0 @@
-kind: Role
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  namespace: default
-  name: drone
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - create
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  - pods/log
-  verbs:
-  - get
-  - create
-  - delete
-  - list
-  - watch
-  - update
-
----
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: drone
-  namespace: default
-subjects:
-- kind: ServiceAccount
-  name: default
-  namespace: default
-roleRef:
-  kind: Role
-  name: drone
-  apiGroup: rbac.authorization.k8s.io

cluster/apps/drone/drone-svc.yml

@@ -1,28 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: drone-server-service
-  namespace: default
-spec:
-  selector:
-    app.kubernetes.io/name: drone
-  type: LoadBalancer
-  ports:
-  - port: 4338
-    targetPort: 80
-    protocol: TCP
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: drone-server-int-service
-  namespace: default
-spec:
-  selector:
-    app.kubernetes.io/name: drone
-  type: ClusterIP
-  ports:
-  - port: 80
-    targetPort: 80

cluster/apps/drone/drone.yml

@@ -1,83 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: drone
-  labels:
-    app.kubernetes.io/name: drone
-  namespace: default
-spec:
-  strategy:
-    type: Recreate
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: drone
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: drone
-    spec:
-      initContainers:
-        - name: wait-for-gitea
-          image: busybox
-          command:
-          - sh
-          - -c
-          - |
-            while ! nc -z gitea-int-service 3000; do
-              echo "Waiting for Gitea to be ready..."
-              sleep 5
-            done
-            echo "Gitea is ready!"
-      containers:
-      - name: drone-server
-        image: drone/drone:2.26.0
-        env:
-        - name: DRONE_GITEA_SERVER
-          value: "https://gitea.akshun-lab.cc"
-        - name: DRONE_GITEA_CLIENT_ID
-          valueFrom:
-            secretKeyRef:
-              name: drone-gitea-secrets
-              key: client_id
-        - name: DRONE_GITEA_CLIENT_SECRET
-          valueFrom:
-            secretKeyRef:
-              name: drone-gitea-secrets
-              key: client_secret
-        - name: DRONE_RPC_SECRET
-          valueFrom:
-            secretKeyRef:
-              name: drone-gitea-secrets
-              key: rpc_secret
-        - name: DRONE_SERVER_HOST
-          value: "drone.akshun-lab.cc"
-        - name: DRONE_SERVER_PROTO
-          value: "https"
-        - name: DRONE_USER_CREATE
-          value: "username:aggarwalakshun,admin:true"
-        volumeMounts:
-        - name: drone-data
-          mountPath: /data
-      - name: drone-runner
-        image: drone/drone-runner-kube@sha256:a515ca817bb61be2801e5c70245ca7c2be0fce7b28b91bd7a6d0dd2f1d22eb23
-        env:
-        - name: DRONE_RPC_PROTO
-          value: "http"
-        - name: DRONE_RPC_HOST
-          value: "drone-server-int-service:80"
-        - name: DRONE_RPC_SECRET
-          valueFrom:
-            secretKeyRef:
-              name: drone-gitea-secrets
-              key: rpc_secret
-        - name: DRONE_NAMESPACE_DEFAULT
-          value: "default"
-        volumeMounts:
-        - name: drone-data
-          mountPath: /data
-      volumes:
-      - name: drone-data
-        persistentVolumeClaim:
-          claimName: drone-longhorn

cluster/apps/gitea-act/gitea-act-pvc.yml

@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: drone-longhorn
+  name: gitea-act-runner-longhorn
   namespace: default
 spec:
   accessModes:
@@ -10,5 +10,5 @@ spec:
   volumeMode: Filesystem
   resources:
     requests:
-      storage: 1Gi
+      storage: 100Mi
   storageClassName: longhorn

cluster/apps/gitea-act/gitea-act.yml

@@ -0,0 +1,72 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: gitea-act-runner
+  name: gitea-act-runner
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: gitea-act-runner
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: gitea-act-runner
+    spec:
+      hostNetwork: true
+      restartPolicy: Always
+      volumes:
+      - name: docker-certs
+        emptyDir: {}
+      - name: runner-data
+        persistentVolumeClaim:
+          claimName: gitea-act-runner-longhorn
+      initContainers:
+      - name: wait-for-gitea
+        image: busybox
+        command:
+        - sh
+        - -c
+        - |
+          while ! nc -z gitea.akshun-lab.cc 443; do
+            echo "Waiting for Gitea to be ready..."
+            sleep 5
+          done
+          echo "Gitea is ready!"
+      containers:
+      - name: runner
+        image: gitea/act_runner@sha256:8477d5b61b655caad4449888bae39f1f34bebd27db56cb15a62dccb3dcf3a944
+        command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- run.sh"]
+        env:
+        - name: DOCKER_HOST
+          value: tcp://localhost:2376
+        - name: DOCKER_CERT_PATH
+          value: /certs/client
+        - name: DOCKER_TLS_VERIFY
+          value: "1"
+        - name: GITEA_INSTANCE_URL
+          value: "https://gitea.akshun-lab.cc"
+        - name: GITEA_RUNNER_REGISTRATION_TOKEN
+          value: "uxvKmGvtraocJMCcfJ101XC9kUoY8OlCEN18CvgZ"
+        - name: CONFIG_FILE
+          value: "/data/config.yaml"
+        volumeMounts:
+        - name: docker-certs
+          mountPath: /certs
+        - name: runner-data
+          mountPath: /data
+      - name: daemon
+        image: docker:28.4.0-dind
+        env:
+        - name: DOCKER_TLS_CERTDIR
+          value: /certs
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - name: docker-certs
+          mountPath: /certs