---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: gitea-act-runner
  name: gitea-act-runner
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: gitea-act-runner
  strategy: {}
  template:
    metadata:
      labels:
        app: gitea-act-runner
    spec:
      hostNetwork: true
      restartPolicy: Always
      volumes:
      - name: docker-certs
        emptyDir: {}
      - name: docker-socket
        emptyDir: {}
      - name: runner-data
        persistentVolumeClaim:
          claimName: gitea-act-runner-pvc
      initContainers:
      - name: wait-for-gitea
        image: busybox
        command:
        - sh
        - -c
        - |
          while ! nc -z gitea.akshun-lab.uk 443; do
            echo "Waiting for Gitea to be ready..."
            sleep 5
          done
          echo "Gitea is ready!"
      - name: docker
        image: docker:28.3.2-dind
        env:
        - name: DOCKER_TLS_CERTDIR
          value: "/certs"
        securityContext:
          privileged: true
        volumeMounts:
        - name: docker-socket
          mountPath: /var/run/
        - name: docker-certs
          mountPath: /certs
        startupProbe:
          tcpSocket:
            port: 2376
        livenessProbe:
          tcpSocket:
            port: 2376
        restartPolicy: Always
      containers:
      - name: runner
        image: gitea/act_runner:nightly
        env:
        - name: GITEA_INSTANCE_URL
          value: "https://gitea.akshun-lab.uk"
        - name: GITEA_RUNNER_REGISTRATION_TOKEN
          value: "NvAHP4f1in4Fpe6VFaiwiN98IR0poOQoDv4dDKcN"
        - name: DOCKER_TLS_VERIFY
          value: "0"
        - name: DOCKER_CERT_PATH
          value: "/certs/client"
        volumeMounts:
        - name: runner-data
          mountPath: /data
        - name: docker-socket
          mountPath: /var/run/docker.sock
          subPath: docker.sock
        - name: docker-certs
          mountPath: /certs