From 16dec924c855f73ce39fc716e1ca5f1d0fc4bf58 Mon Sep 17 00:00:00 2001
From: Gabriel Simmer <g@gmem.ca>
Date: Thu, 17 Aug 2023 10:26:35 +0100
Subject: [PATCH] [FORGEJO] simplify Kubernetes examples with offline
 registration

---
 examples/kubernetes/dind-docker.yaml     | 48 ++++++++++++-----------
 examples/kubernetes/rootless-docker.yaml | 49 ++++++++++++------------
 2 files changed, 50 insertions(+), 47 deletions(-)

diff --git a/examples/kubernetes/dind-docker.yaml b/examples/kubernetes/dind-docker.yaml
index 98a139a..92e46e9 100644
--- a/examples/kubernetes/dind-docker.yaml
+++ b/examples/kubernetes/dind-docker.yaml
@@ -1,22 +1,12 @@
-kind: PersistentVolumeClaim
+# Secret data.
+# Alternatively, create this with
+# kubectl create secret generic runner-secret --from-literal=token=your_offline_token_here
 apiVersion: v1
-metadata:
-  name: act-runner-vol
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: standard
----
-apiVersion: v1
-data:
-  token: << base64 encoded registration token >>
+stringData:
+  token: your_offline_secret_here
 kind: Secret
 metadata:
   name: runner-secret
-type: Opaque
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -25,7 +15,8 @@ metadata:
     app: act-runner
   name: act-runner
 spec:
-  replicas: 1
+  # Two replicas means that if one is busy, the other can pick up jobs.
+  replicas: 2
   selector:
     matchLabels:
       app: act-runner
@@ -41,8 +32,24 @@ spec:
       - name: docker-certs
         emptyDir: {}
       - name: runner-data
-        persistentVolumeClaim:
-          claimName: act-runner-vol
+        emptyDir: {}
+      # Initialise our configuration file using offline registration
+      # https://forgejo.org/docs/v1.21/admin/actions/#offline-registration
+      initContainers:
+      - name: runner-config-generation
+        image: code.forgejo.org/forgejo/runner:2.4.0
+        command: [ "sh", "-c", "cd /data && forgejo-runner create-runner-file --instance $GITEA_INSTANCE_URL --secret $RUNNER_SECRET --connect" ]
+        env:
+        - name: RUNNER_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: runner-secret
+              key: token
+        - name: GITEA_INSTANCE_URL
+          value: http://gitea-http.gitea.svc.cluster.local:3000
+        volumeMounts:
+        - name: runner-data
+          mountPath: /data
       containers:
       - name: runner
         image: gitea/act_runner:nightly
@@ -56,11 +63,6 @@ spec:
           value: "1"
         - name: GITEA_INSTANCE_URL
           value: http://gitea-http.gitea.svc.cluster.local:3000
-        - name: GITEA_RUNNER_REGISTRATION_TOKEN
-          valueFrom:
-            secretKeyRef:
-              name: runner-secret
-              key: token
         volumeMounts:
         - name: docker-certs
           mountPath: /certs
diff --git a/examples/kubernetes/rootless-docker.yaml b/examples/kubernetes/rootless-docker.yaml
index 2848e75..cd003a8 100644
--- a/examples/kubernetes/rootless-docker.yaml
+++ b/examples/kubernetes/rootless-docker.yaml
@@ -1,22 +1,12 @@
-kind: PersistentVolumeClaim
+# Secret data.
+# Alternatively, create this with
+# kubectl create secret generic runner-secret --from-literal=token=your_offline_token_here
 apiVersion: v1
-metadata:
-  name: act-runner-vol
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: standard
----
-apiVersion: v1
-data:
-  token: << runner registration token goes here >>
+stringData:
+  token: your_offline_secret_here
 kind: Secret
 metadata:
   name: runner-secret
-type: Opaque
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -25,7 +15,8 @@ metadata:
     app: act-runner
   name: act-runner
 spec:
-  replicas: 1
+  # Two replicas means that if one is busy, the other can pick up jobs.
+  replicas: 2
   selector:
     matchLabels:
       app: act-runner
@@ -39,13 +30,28 @@ spec:
       restartPolicy: Always
       volumes:
       - name: runner-data
-        persistentVolumeClaim:
-          claimName: act-runner-vol
+        emptyDir: {}
+      # Initialise our configuration file using offline registration
+      # https://forgejo.org/docs/v1.21/admin/actions/#offline-registration
+      initContainers:
+      - name: runner-config-generation
+        image: code.forgejo.org/forgejo/runner:2.4.0
+        command: [ "sh", "-c", "cd /data && forgejo-runner create-runner-file --instance $GITEA_INSTANCE_URL --secret $RUNNER_SECRET --connect" ]
+        env:
+        - name: RUNNER_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: runner-secret
+              key: token
+        - name: GITEA_INSTANCE_URL
+          value: http://gitea-http.gitea.svc.cluster.local:3000
+        volumeMounts:
+        - name: runner-data
+          mountPath: /data
       containers:
       - name: runner
         image: gitea/act_runner:nightly-dind-rootless
         imagePullPolicy: Always
-        # command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- /opt/act/run.sh"]
         env:
         - name: DOCKER_HOST
           value: tcp://localhost:2376
@@ -55,11 +61,6 @@ spec:
           value: "1"
         - name: GITEA_INSTANCE_URL
           value: http://gitea-http.gitea.svc.cluster.local:3000
-        - name: GITEA_RUNNER_REGISTRATION_TOKEN
-          valueFrom:
-            secretKeyRef:
-              name: runner-secret
-              key: token
         securityContext:
           privileged: true
         volumeMounts: