2026-02-13 10:29:23 -08:00
|
|
|
# ExternalSecret for Forgejo Runner token
|
2026-01-28 19:50:38 -08:00
|
|
|
#
|
|
|
|
|
# 1Password item: "Forgejo Secrets" in blumeops vault
|
2026-02-03 17:17:44 -08:00
|
|
|
# Field: runner_reg (runner registration token)
|
2026-01-28 19:50:38 -08:00
|
|
|
#
|
2026-02-13 10:29:23 -08:00
|
|
|
# Non-secret env vars (FORGEJO_URL, RUNNER_NAME, RUNNER_LABELS) live in the
|
|
|
|
|
# deployment spec so that changes (e.g. image version bumps) trigger a rollout
|
|
|
|
|
# automatically.
|
2026-01-28 19:50:38 -08:00
|
|
|
#
|
|
|
|
|
apiVersion: external-secrets.io/v1
|
|
|
|
|
kind: ExternalSecret
|
|
|
|
|
metadata:
|
|
|
|
|
name: forgejo-runner-env
|
|
|
|
|
namespace: forgejo-runner
|
|
|
|
|
spec:
|
|
|
|
|
refreshInterval: 1h
|
|
|
|
|
secretStoreRef:
|
|
|
|
|
kind: ClusterSecretStore
|
|
|
|
|
name: onepassword-blumeops
|
|
|
|
|
target:
|
|
|
|
|
name: forgejo-runner-env
|
2026-01-28 20:27:16 -08:00
|
|
|
creationPolicy: Owner
|
2026-01-28 19:50:38 -08:00
|
|
|
data:
|
2026-02-13 10:29:23 -08:00
|
|
|
- secretKey: RUNNER_TOKEN
|
2026-01-28 19:50:38 -08:00
|
|
|
remoteRef:
|
|
|
|
|
key: Forgejo Secrets
|
|
|
|
|
property: runner_reg
|
