From 144f27a9e99c17353b54bb046866bb3d2191cdcc Mon Sep 17 00:00:00 2001
From: Peter Kurfer <peter@icb4dc0.de>
Date: Thu, 27 Mar 2025 18:14:18 +0100
Subject: [PATCH] feat(forgejo-runner): configure auth for Harbor registry
---
configs/ci-runner/docker-rootless-config.json | 8 ++++++++
forgejo-runner_machines.tf | 19 +++++++++++++++++++
2 files changed, 27 insertions(+)
create mode 100644 configs/ci-runner/docker-rootless-config.json
diff --git a/configs/ci-runner/docker-rootless-config.json b/configs/ci-runner/docker-rootless-config.json
new file mode 100644
index 0000000..6affb40
--- /dev/null
+++ b/configs/ci-runner/docker-rootless-config.json
@@ -0,0 +1,8 @@
+{
+ "auths": {
+ "registry.icb4dc0.de": {
+ "auth": "${registry_auth}"
+ }
+ },
+ "currentContext": "rootless"
+}
diff --git a/forgejo-runner_machines.tf b/forgejo-runner_machines.tf
index ce8c7c6..5cfc71d 100644
--- a/forgejo-runner_machines.tf
+++ b/forgejo-runner_machines.tf
@@ -73,6 +73,16 @@ data "azurerm_key_vault_secret" "runner_secret" {
key_vault_id = azurerm_key_vault.forgejo_runners.id
}
+data "azurerm_key_vault_secret" "harbor_minion_username" {
+ name = "harbor-minion-username"
+ key_vault_id = azurerm_key_vault.hetzner.id
+}
+
+data "azurerm_key_vault_secret" "harbor_minion_token" {
+ name = "harbor-minion-token"
+ key_vault_id = azurerm_key_vault.hetzner.id
+}
+
data "cloudinit_config" "runner_config" {
for_each = var.forgejo_runners
gzip = true
@@ -177,6 +187,15 @@ data "cloudinit_config" "runner_config" {
owner: runner:runner
permissions: "0640"
defer: true
+
+ - encoding: gzip+base64
+ content: ${base64gzip(templatefile("configs/ci-runner/docker-rootless-config.json", {
+ registry_auth: base64encode("${data.azurerm_key_vault_secret.harbor_minion_username.value}:${data.azurerm_key_vault_secret.harbor_minion_token.value}")
+}))}
+ path: /var/lib/runner/.docker/config.json
+ owner: runner:runner
+ permissions: "0640"
+ defer: true
EOF
}