apiVersion: apps/v1
kind: Deployment
metadata:
  name: gitea-runner
  namespace: platform
  labels:
    app: gitea-runner
spec:
  replicas: 1
  selector:
    matchLabels:
      app: gitea-runner
  template:
    metadata:
      labels:
        app: gitea-runner
    spec:
      containers:
        - name: runner
          image: gitea/act_runner:latest
          env:
            - name: GITEA_INSTANCE_URL
              value: http://gitea-helm-http.platform.svc:3000
            - name: GITEA_RUNNER_REGISTRATION_TOKEN
              valueFrom:
                secretKeyRef:
                  name: gitea-runner-token
                  key: token
            - name: GITEA_RUNNER_LABELS
              value: "ubuntu-latest:docker://node:20-bookworm,linux/amd64:docker://node:20-bookworm,cluster:docker://node:20-bookworm"
            - name: DOCKER_HOST
              value: tcp://localhost:2376
            - name: DOCKER_TLS_VERIFY
              value: "1"
            - name: DOCKER_CERT_PATH
              value: /certs/client
          volumeMounts:
            - name: docker-certs
              mountPath: /certs/client
              readOnly: true
            - name: runner-data
              mountPath: /data
          resources:
            requests:
              memory: 256Mi
              cpu: 200m
            limits:
              memory: 1Gi

        - name: dind
          image: docker:dind
          securityContext:
            privileged: true
          env:
            - name: DOCKER_TLS_CERTDIR
              value: /certs
          volumeMounts:
            - name: docker-certs
              mountPath: /certs
            - name: dind-storage
              mountPath: /var/lib/docker
          resources:
            requests:
              memory: 512Mi
              cpu: 500m
            limits:
              memory: 4Gi

      volumes:
        - name: docker-certs
          emptyDir: {}
        - name: runner-data
          emptyDir: {}
        - name: dind-storage
          emptyDir: {}