deploy-app-kargo-private/ci/gitea-runner/manifests/runner.yaml

# Gitea Actions runner (act_runner)
# Requires registration token in gitea-runner-token secret
# Token is generated in Gitea admin → Actions → Runners → Create new runner
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: gitea-runner-config
  namespace: gitea-runner
data:
  config.yaml: |
    log:
      level: info
    runner:
      file: .runner
      capacity: 1
      timeout: 3h
      labels:
        - "ubuntu-latest:docker://node:20-bullseye"
        - "ubuntu-22.04:docker://node:20-bullseye"
    cache:
      enabled: true
      dir: ""
    container:
      network: ""
      privileged: false
      options:
      workdir_parent:
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: gitea-runner
  namespace: gitea-runner
  labels:
    app: gitea-runner
spec:
  replicas: 0  # Set to 1 after creating registration token
  selector:
    matchLabels:
      app: gitea-runner
  template:
    metadata:
      labels:
        app: gitea-runner
    spec:
      containers:
        - name: runner
          image: gitea/act_runner:0.2.11
          env:
            - name: GITEA_INSTANCE_URL
              value: "http://gitea-http.gitea.svc.cluster.local:3000"
            - name: GITEA_RUNNER_REGISTRATION_TOKEN
              valueFrom:
                secretKeyRef:
                  name: gitea-runner-token
                  key: token
                  optional: true
          volumeMounts:
            - name: config
              mountPath: /config
              readOnly: true
            - name: data
              mountPath: /data
          resources:
            requests:
              cpu: 100m
              memory: 128Mi
            limits:
              cpu: "2"
              memory: 2Gi
      volumes:
        - name: config
          configMap:
            name: gitea-runner-config
        - name: data
          emptyDir: {}
      nodeSelector:
        node-role.kubernetes.io/worker: ""