From 5aa103a86bc6e37b5ea86308531fd7989ec52721 Mon Sep 17 00:00:00 2001
From: James Andariese <james@strudelline.net>
Date: Thu, 28 Mar 2024 21:24:03 -0500
Subject: [PATCH] auto-update manifests

---
 .github/workflows/build.yaml |  13 +++-
 README.md                    |   4 +-
 k/flux.yaml                  |  23 +++++++
 k/runner.yaml                | 113 +++++++++++++++++++++++++++++++++++
 4 files changed, 148 insertions(+), 5 deletions(-)
 create mode 100644 k/flux.yaml
 create mode 100644 k/runner.yaml

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index aad36d2..ee7ff4c 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -1,6 +1,9 @@
 name: Github Actions Demo
 run-name: ${{ github.actor }} is testing out GitHub Actions (on Gitea) 🚀
-on: [push]
+on:
+  push:
+    paths-ignore:
+    - k/**
 
 jobs:
   Explore-Gitea-Actions:
@@ -12,9 +15,13 @@ jobs:
           ls -la
           docker build --progress plain --iidfile iid.txt .
           stringprefix() { [ ${#1} -le $2 ] && echo $1 && return 0 || stringprefix "${1%?}" $2 ; }
+          STAG="$GITHUB_REF_NAME-$(date +%Y-%m-%d-%H.%M.%S)"
           SHORTSHA="$(stringprefix "$GITHUB_SHA" 8)"
-          for TAG in "$SHORTSHA" "$GITHUB_REF_NAME" "$GITHUB_REF_NAME-$(date +%Y-%m-%d-%H.%M.%S)";do
+          for TAG in "$SHORTSHA" "$GITHUB_REF_NAME" "$STAG";do
             docker tag "`cat iid.txt`" "$DOCKER_REGISTRY/$GITHUB_REPOSITORY:$TAG"
             docker push "$DOCKER_REGISTRY/$GITHUB_REPOSITORY:$TAG"
           done
-
+          sed -i -e 's/image: $DOCKER_REGISTRY/$GITHUB_REPOSITORY:$STAG' k/runner.yaml
+          git add k/runner.yaml
+          git commit -m "upgrade runner sts to $STAG"
+          git push
diff --git a/README.md b/README.md
index 743fde5..3d3f82f 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,3 @@
-# docker-aria2c
+# docker-act_runner
 
-Dockerfile for alpine/aria2c
\ No newline at end of file
+Dockerfile for act_runner customizations
diff --git a/k/flux.yaml b/k/flux.yaml
new file mode 100644
index 0000000..c142594
--- /dev/null
+++ b/k/flux.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: image.toolkit.fluxcd.io/v1beta2
+kind: ImageRepository
+metadata:
+  name: docker-act-runner
+  namespace: gitea
+spec:
+  image: git.strudelline.net/cascade/docker-act_runner
+  interval: 1m
+---
+apiVersion: image.toolkit.fluxcd.io/v1beta2
+kind: ImagePolicy
+metadata:
+  name: docker-act-runner-prod
+  namespace: gitea
+spec:
+  imageRepositoryRef:
+    name: docker-act-runner
+  filterTags:
+    pattern: '^main-.*'
+  policy:
+    alphabetical:
+      order: asc
diff --git a/k/runner.yaml b/k/runner.yaml
new file mode 100644
index 0000000..26ec24a
--- /dev/null
+++ b/k/runner.yaml
@@ -0,0 +1,113 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    app: gitea
+    gitea: runner
+  name: runner
+  namespace: gitea
+  annotations:
+    reloader.stakater.com/auto: "true"
+spec:
+  podManagementPolicy: OrderedReady
+  replicas: 1
+  selector:
+    matchLabels:
+      app: gitea
+      gitea: runner
+  serviceName: runner
+  updateStrategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: gitea
+        gitea: runner
+    spec:
+      securityContext:
+        fsGroup: 1000
+      volumes:
+      - name: gitea-package-registry-secret
+        secret:
+          secretName: gitea-package-registry-secret
+      - name: gitea-runner-config
+        configMap:
+          name: gitea-runner-config
+      - name: docker-certs
+        emptyDir: {}
+      initContainers:
+        - image: alpine:3.19
+          imagePullPolicy: IfNotPresent
+          name: chowner
+          volumeMounts:
+          - mountPath: /data
+            name: gitea-runner-data
+            subPath: data
+          - mountPath: /run
+            name: gitea-runner-data
+            subPath: run
+          - mountPath: /home
+            name: gitea-runner-data
+            subPath: home
+          securityContext:
+            privileged: true
+          command: [ sh, -c ]
+          args:
+          - |
+            mkdir -p /home/rootless
+            mkdir -p /home/dockremap
+            chown 1000:1000 /home/rootless
+            chown 100:101 /home/dockremap
+      containers:
+        - image: git.strudelline.net/cascade/docker-act_runner:main-2024-03-29-0147.55
+          imagePullPolicy: Always
+          name: runner
+          env:
+          - name: DOCKER_HOST
+            value: tcp://localhost:2376
+          - name: DOCKER_CERT_PATH
+            value: /certs/client
+          - name: DOCKER_TLS_VERIFY
+            value: "1"
+          - name: DOCKER_REGISTRY
+            value: git.strudelline.net
+          - name: CONFIG_FILE
+            value: /config/config.yaml
+          - name: GITEA_INSTANCE_URL
+            value: http://gitea.gitea.svc.cluster.local:3000
+          - name: GITEA_RUNNER_REGISTRATION_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: gitea-runner-token
+                key: token
+          volumeMounts:
+          - mountPath: /data
+            name: gitea-runner-data
+            subPath: data
+          - mountPath: /run
+            name: gitea-runner-data
+            subPath: run
+          - mountPath: /home
+            name: gitea-runner-data
+            subPath: home
+          - mountPath: /config
+            name: gitea-runner-config
+            readOnly: true
+          - mountPath: /home/rootless/.docker/config.json
+            subPath: .dockerconfigjson
+            name: gitea-package-registry-secret
+            readOnly: true
+          securityContext:
+            privileged: true
+      restartPolicy: Always
+      dnsPolicy: ClusterFirst
+  volumeClaimTemplates:
+  - metadata:
+      name: gitea-runner-data
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      storageClassName: nvme
+      resources:
+        requests:
+          storage: 200Gi
+