apiVersion: apps/v1
kind: Deployment
metadata:
  name: forgejo-runner
  namespace: forgejo
spec:
  replicas: 1
  selector:
    matchLabels:
      app: forgejo-runner
  template:
    metadata:
      labels:
        app: forgejo-runner
    spec:
      serviceAccountName: forgejo-runner
      restartPolicy: Always
      containers:
        - name: runner
          image: code.forgejo.org/forgejo/runner:6.3.1
          securityContext:
            runAsUser: 0
            runAsGroup: 0
          env:
            - name: FORGEJO_INSTANCE_URL
              valueFrom:
                secretKeyRef:
                  name: forgejo-secrets
                  key: root_url
            - name: FORGEJO_RUNNER_REGISTRATION_TOKEN
              valueFrom:
                secretKeyRef:
                  name: forgejo-secrets
                  key: runner_registration_token
          command: ["/bin/sh", "-lc"]
          args:
            - >-
              if [ ! -f /data/.runner ]; then
                forgejo-runner register --no-interactive --name k3s-runner --instance "$FORGEJO_INSTANCE_URL" --token "$FORGEJO_RUNNER_REGISTRATION_TOKEN" --labels "linux-amd64:host";
              fi &&
              forgejo-runner daemon --config /data/.runner
          volumeMounts:
            - name: runner-data
              mountPath: /data
      volumes:
        - name: runner-data
          emptyDir: {}