---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: act-runner-amd64
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: act-runner
      app.kubernetes.io/instance: amd64
  replicas: 1
  revisionHistoryLimit: 3
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app.kubernetes.io/name: act-runner
        app.kubernetes.io/instance: amd64
    spec:
      restartPolicy: Always
      # Initialise our configuration file using offline registration
      # https://forgejo.org/docs/v1.21/admin/actions/#offline-registration
      initContainers:
        - name: runner-register
          image: act_runner
          command: ["forgejo-runner"]
          args:
            - "register"
            - "--no-interactive"
            - "--token"
            - $(RUNNER_SECRET)
            - "--name"
            - $(RUNNER_NAME)
            - "--instance"
            - $(FORGEJO_INSTANCE_URL)
            - "--labels"
            - "docker:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64,ubuntu-latest-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64,ubuntu-22.04-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64,ubuntu-20.04-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:20.04-amd64"
          env:
            - name: RUNNER_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: RUNNER_SECRET
              valueFrom:
                secretKeyRef:
                  name: forgejo-runner-secret
                  key: token
            - name: FORGEJO_INSTANCE_URL
              value: http://forgejo-http.forgejo.svc.cluster.local:3000
          resources:
            limits:
              cpu: "0.50"
              memory: "64Mi"
          volumeMounts:
            - name: runner-data
              mountPath: /data
      containers:
        - name: runner
          image: act_runner
          imagePullPolicy: Always
          command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; forgejo-runner daemon --config /etc/act/config.yaml"]
          env:
          - name: DOCKER_HOST
            value: tcp://localhost:2376
          - name: DOCKER_CERT_PATH
            value: /certs/client
          - name: DOCKER_TLS_VERIFY
            value: "1"
          volumeMounts:
            - name: runner-data
              mountPath: /data
            - name: docker-certs
              mountPath: /certs
            - name: runner-config
              mountPath: /etc/act
          securityContext:
            privileged: true
          resources:
            requests:
              memory: "250Mi"
              cpu: "250m"
            limits:
              memory: "384Mi"
              cpu: "750m"
        - name: daemon
          image: dind
          env:
          - name: DOCKER_TLS_CERTDIR
            value: /certs
          securityContext:
            privileged: true
          volumeMounts:
          - name: docker-certs
            mountPath: /certs
          - name: runner-data
            mountPath: /data
          - name: docker-config
            mountPath: /etc/docker
          resources:
            requests:
              memory: "256Mi"
              cpu: "100m"
            limits:
              memory: "512Mi"
              cpu: "1200m"
      securityContext:
        fsGroup: 1000
      nodeSelector:
        kubernetes.io/arch: amd64
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - topologyKey: kubernetes.io/hostname
              labelSelector:
                matchExpressions:
                  - key: app.kubernetes.io/name
                    operator: In
                    values:
                      - act-runner
      volumes:
        - name: runner-data
          emptyDir:
            sizeLimit: 500Mi
        - name: docker-certs
          emptyDir:
            sizeLimit: 5Mi
        - name: runner-config
          configMap:
            name: act-runner-config-amd64
            items:
              - key: config.yaml
                path: config.yaml
        - name: docker-config
          configMap:
            name: act-runner-config-amd64
            items:
              - key: daemon.json
                path: daemon.json